Last updated: 13 March 2026
1. Introduction
WiseTravel Technology Limited ("WiseTravel", "we", "us", or "our") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal data when you use our website at wise-travel.com and related services (the "Service").
WiseTravel Technology Limited is incorporated in Hong Kong SAR (Company No. 79125922). For users in the European Economic Area (EEA) and the United Kingdom, our UK entity WiseTravel Technology Limited (Company No. 17053275) acts as the data controller for the purposes of the UK General Data Protection Regulation (UK GDPR) and the EU General Data Protection Regulation (EU GDPR).
By using the Service, you acknowledge that you have read and understood this Privacy Policy.
2. Data Controller
The data controller responsible for your personal data is:
- Entity: WiseTravel Technology Limited
- Address: Room A, 7/F, 721 Star House, 3 Salisbury Road, Tsim Sha Tsui, Hong Kong
- UK Address: Unit A, 82 James Carter Road, Mildenhall, IP28 7DE, United Kingdom
- Email: support@wise-travel.com
3. Personal Data We Collect
We collect the following categories of personal data:
3.1 Information You Provide
- Account information: name, email address, password (hashed), phone number.
- Booking information: passenger names, dates of birth, gender, nationality, passport/identity document numbers, passport expiry dates.
- Contact information: email address and phone number provided at checkout for order communications.
- Payment information: payment is processed by our third-party payment provider. We do not store your full credit card number or CVV.
- Communications: messages you send via our contact form or customer support.
3.2 Information Collected Automatically
- Usage data: pages visited, search queries, browser type, operating system, device type, IP address, referring URL.
- Cookies and similar technologies: see Section 9 below.
4. Lawful Basis for Processing (GDPR)
For users in the EEA and UK, we process your personal data on the following lawful bases under the GDPR:
| Purpose | Lawful Basis |
|---|---|
| Processing and fulfilling bookings | Performance of a contract (Art. 6(1)(b) GDPR) |
| Sending booking confirmations and order updates | Performance of a contract (Art. 6(1)(b) GDPR) |
| Processing payments | Performance of a contract (Art. 6(1)(b) GDPR) |
| Responding to customer support inquiries | Legitimate interest (Art. 6(1)(f) GDPR) |
| Preventing fraud and ensuring security | Legitimate interest (Art. 6(1)(f) GDPR) |
| Complying with legal obligations (tax records, etc.) | Legal obligation (Art. 6(1)(c) GDPR) |
| Sending marketing communications (if opted in) | Consent (Art. 6(1)(a) GDPR) |
| Improving our Service and analytics | Legitimate interest (Art. 6(1)(f) GDPR) |
5. How We Use Your Data
We use your personal data for the following purposes:
- To search, book, and manage flight reservations and ancillary services on your behalf.
- To communicate with you regarding your bookings (confirmations, updates, cancellations, ticketing notifications).
- To process payments and issue refunds.
- To provide customer support and respond to your inquiries.
- To detect, prevent, and investigate fraud or security incidents.
- To comply with applicable laws, regulations, and legal processes.
- To improve and personalise the Service.
6. Data Sharing and Disclosure
We share your personal data only when necessary and with appropriate safeguards:
6.1 Travel Suppliers
We share passenger details (names, dates of birth, passport information) with airlines and other travel suppliers to fulfil your booking. Suppliers process this data according to their own privacy policies.
6.2 Payment Processors
We share necessary transaction data with our payment processor to process your payment securely. Our payment provider is PCI DSS compliant.
6.3 Service Providers
We use third-party service providers for hosting, email delivery, and analytics. These providers process data on our behalf under data processing agreements and are required to protect your data.
6.4 Legal Requirements
We may disclose your data if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of WiseTravel, our users, or others.
6.5 Business Transfers
In the event of a merger, acquisition, or sale of assets, your personal data may be transferred as part of the transaction. We will notify you of any such change.
We do not sell your personal data to third parties.
7. International Data Transfers
Your personal data may be transferred to and processed in countries outside your country of residence, including Hong Kong, the United Kingdom, and China, where our offices and technology infrastructure are located.
For transfers of personal data from the EEA or UK to countries that do not have an adequacy decision from the European Commission or the UK Government, we implement appropriate safeguards, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission.
- UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU SCCs, as applicable.
You may request a copy of the safeguards we use by contacting us at support@wise-travel.com.
8. Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.
| Data Category | Retention Period |
|---|---|
| Account information | Duration of your account plus 2 years after deletion |
| Booking and transaction records | 7 years (for legal and tax compliance) |
| Passenger identity documents | Duration of the trip plus 1 year |
| Contact form submissions | 2 years |
| Usage and analytics data | 26 months |
When data is no longer needed, it is securely deleted or anonymised.
9. Cookies and Tracking Technologies
We use cookies and similar technologies to operate the Service and enhance your experience. The types of cookies we use include:
- Essential cookies: required for the Service to function (e.g., session management, authentication). These cannot be disabled.
- Functional cookies: remember your preferences such as language and currency selection.
- Analytics cookies: help us understand how visitors use the Service so we can improve it.
You can manage cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of the Service.
10. Your Rights (GDPR and UK GDPR)
If you are located in the EEA or UK, you have the following rights under the GDPR:
- Right of access (Art. 15): request a copy of the personal data we hold about you.
- Right to rectification (Art. 16): request correction of inaccurate or incomplete data.
- Right to erasure (Art. 17): request deletion of your personal data ("right to be forgotten"), subject to legal retention obligations.
- Right to restrict processing (Art. 18): request that we limit how we use your data in certain circumstances.
- Right to data portability (Art. 20): receive your data in a structured, commonly used, machine-readable format.
- Right to object (Art. 21): object to processing based on legitimate interests, including profiling.
- Right to withdraw consent (Art. 7(3)): where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
- Right to lodge a complaint: you have the right to file a complaint with your local data protection authority. In the UK, this is the Information Commissioner's Office (ICO) at ico.org.uk.
To exercise any of these rights, please contact us at support@wise-travel.com. We will respond to your request within 30 days.
11. Data Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:
- Encryption of data in transit (TLS/SSL).
- Secure password hashing (PBKDF2).
- Access controls limiting data access to authorised personnel only.
- Regular security assessments and monitoring.
While we take reasonable steps to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.
12. Children's Privacy
The Service is not directed at children under 16. We do not knowingly collect personal data from children under 16 without parental consent. Booking a flight for a child passenger requires an adult to provide the child's information. If we learn that we have collected data from a child under 16 without appropriate consent, we will delete it promptly.
13. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. For material changes, we will make reasonable efforts to notify you (e.g., by email or a notice on the Service). Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.
14. Contact Us
If you have questions about this Privacy Policy or wish to exercise your data protection rights, please contact us:
- Data Protection Inquiries: support@wise-travel.com
- General Support: support@wise-travel.com
- Company: WiseTravel Technology Limited
- Hong Kong Office: Room A, 7/F, 721 Star House, 3 Salisbury Road, Tsim Sha Tsui, Hong Kong
- UK Office: Unit A, 82 James Carter Road, Mildenhall, IP28 7DE, United Kingdom