Road.Travel Privacy and Cookie Policy

This is our CURRENT Privacy Policy and was Last Revised on 22.02.2024.

Road.Travel respects your privacy and is committed to protecting your personal data. Please read this privacy and cookie policy carefully as it contains important information on who we are and how and why we collect, store, use and share your personal data and cookie data. It also explains your rights in relation to your personal data and how to contact us or supervisory authorities should you need to. Please retain a copy for your records. This policy and any applicable supplemental privacy notice forms part of our Terms and Conditions. 

We collect, use and are responsible for certain personal data about you. When we do so we are subject to and comply with the UK General Data Protection Regulation (UK GDPR), the UK Data Protection Act 2018, General Data Protection Regulation, Regulation (EU) 2016/679 (EU GDPR), any laws which implement, replace, extend, re-enact, consolidate or amend such laws, and any other applicable laws depending your country of residence.

This policy aims to provide you with information on how we collect and process your personal data through this website, https://road.travel, when we interact with you to provide you with our products and services or otherwise throughout the course of our dealings with you.

In addition to the provisions in this Policy, which are generally applicable across all jurisdictions, if you are resident in the U.S.A., please review the applicable supplemental privacy notice.

The English version of this Privacy and Cookie Policy shall always prevail in case of any discrepancy or inconsistency between the English version and any translated version.

Who we are

This website/platform is operated by Timescenery Ltd, with registered address 7 Henrietta Street, London, WC2E 8PS, United Kingdom, a company registered in England and Wales under company number 10783487, (referred to as “Road.Travel”, “we”, “us” or “our” in this privacy policy). We are the data controller responsible for your personal data and the company responsible for this website.

If you have any questions about this privacy and cookie policy, including any requests to exercise your legal rights, please contact us using the details set out below (see ‘How to contact us’ below).

Personal data we collect about you

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). A data subject is the individual who the personal data relates to.

We may collect and use the following kinds of personal data about you (some of which is subject to you choosing to provide us with it):

We collect and use this personal data to provide products and services to you. If you do not provide personal data we ask for, it may delay or prevent us from providing such products and services to you.

This website is not intended for children, and we do not knowingly collect data relating to children.

How your personal data is collected

We use different methods to collect data from and about you including through:

We may monitor how many times you visit the website and use our Android Automotive app, which pages you visit and how often, which actions you perform (including, but not limited to product views, product searches, creation of travel guides, etc.) traffic data, location data, browser data and the originating domain name of your internet service provider. This information helps us to build a profile of our users and provide all the features of our website. Some of this data will be aggregated or statistical, which means that we will not be able to identify you individually.

How and why we use your personal data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

The table below explains what we use your personal data for and why.

What we use your personal data for

Our reasons

Providing products and services to you and to send you essential information about the Services

To perform our contract with you or to take steps at your request before entering into a contract

To identify and authenticate you during the registration process to our platform and to protect access to our systems that process personal data  by sending a one-time passwords 

To take steps at your request before entering into a contract

For our legitimate interest to prevent unlawful access to our systems

To comply with our legal and regulatory obligations in terms of security 

To register you and set you up as a new member/user and to allow you to then interact with our website for the provision of our services to you by us or by our distributors and/or collaborative partners

To perform our contract with you

For our legitimate interest to enable us to better match you with the appropriate services that we may be able to offer to send to you

To register you and set you up as a creator and to allow you to provide services by creating itineraries and road trip routes and to be able to make payment to you in return for the services

To perform our contract with you

Validating your account and/or to reset your username and password if required and management of your account with us

To perform our contract with you

Operating and improvement of the website and to ensuring that content from the website is presented in the most effective manner for you and your computer or device

To effectively perform our contract with you

For our legitimate interests i.e. to make sure we can deliver the best service to you and respond to you when you need us

Preventing and detecting fraud against you or us

For our legitimate interests or those of a third party, i.e. to minimise fraud that could be damaging for you and/or us

Conducting checks to identify our customers and verify their identity

Other activities necessary to comply with professional, legal and regulatory obligations that apply to our business, e.g. under health and safety law or rules issued by our professional regulator

To comply with our legal and regulatory obligations

For our legitimate interests or those of a third party, i.e. to minimise fraud and to prevent consumers registering more than one membership in order to exploit our services.

Gathering and providing information required by or relating to audits, enquiries or investigations by regulatory bodies

To comply with our legal and regulatory obligations

Management of your accounts with us

To perform our contract with you

Customer service and responding to any queries you raise with us and to provide customer support

To effectively perform our contract with you

For our legitimate interests i.e. to make sure we can deliver the best service to you and respond to you when you need us

Management of promotions or competitions that you choose to enter

To perform our contract with you

For our legitimate interests or those of a third party, i.e. to study how customers use our products/services, to develop them and grow our business

Ensuring business policies are adhered to, e.g. policies covering security and internet use

For our legitimate interests or those of a third party, i.e. to make sure we are following our own internal procedures so we can deliver the best service to you

Operational reasons, such as improving efficiency, training and quality control

For our legitimate interests or those of a third party, i.e. to be as efficient as we can so we can deliver the best service to you at the best price

Ensuring the confidentiality of commercially sensitive information

For our legitimate interests or those of a third party, i.e. to protect trade secrets and other commercially valuable information

To comply with our legal and regulatory obligations

Statistical analysis to help us manage our business, e.g. in relation to our financial performance, customer base, product range or other efficiency measures

For our legitimate interests or those of a third party, i.e. to be as efficient as we can so we can deliver the best service to you at the best price

To use data analytics to improve our website, products/services, marketing, customer relationships and experiences

For our legitimate interests i.e. to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy

In certain circumstances where you have given your consent

Preventing unauthorised access and modifications to systems

For our legitimate interests or those of a third party, i.e. to prevent and detect criminal activity that could be damaging for you and/or us

To comply with our legal and regulatory obligations

Updating and enhancing customer records and our service provided to you

To perform our contract with you or to take steps at your request before entering into a contract

To comply with our legal and regulatory obligations

For our legitimate interests or those of a third party, e.g. making sure that we can keep in touch with our customers about existing orders and new products or services

To enable us to share trip plans with our selected third-party partners (except where your personal data is anonymised) to inform others about recommended trips designed by you.

Where your personal data is included, this will be due to the settings of your membership profile and these settings can be amended at any time.

To effectively perform our contract with you

For our legitimate interests or those of a third party, i.e. to share planned trips where our members have chosen to do so

In certain circumstances and for certain types of data, where you have given your consent

Marketing our services and those of selected third parties to:

—existing and former customers (both individuals and businesses as applicable); 

—third parties who have previously expressed an interest in our services by registering on the mailing list or for the newsletter;

—third parties with whom we have had no previous dealings.

For our legitimate interests or those of a third party, i.e. to promote our business and services to existing and former customers

In certain circumstances where you have given your consent

We may use location data that is collected when you use our website/platform or Android Automotive infotainment system App in order to help us to provide recommendations to you based on your location, show travel guides close to you, or direct you to a product or service that we believe may be of interest to you. We also use your location data to make the website/platform and the app work properly.

Where you have given your consent

Special Category Personal Data

Special category person data includes personal data revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs or trade union membership; genetic and biometric data (when processed to uniquely identify an individual); and data concerning health, sex life or sexual orientation.

We do not anticipate that we will collect any such data. However, if we do process special category personal data, we will also ensure we are permitted to do so under data protection laws, for example only where:

Marketing

You may receive marketing communications from us if you have requested information from us or purchased goods or services from us and you have not opted out of receiving that marketing.

We may use your personal data to send you updates (by email, text message, telephone or post) about our products and services, including exclusive offers, promotions or new products and services.

We have a legitimate interest in using your personal data for marketing purposes (see above ‘How and why we use your personal data’). This means we do not usually need your consent to send you marketing information. However, where consent is needed, we will ask for this separately and clearly.

You have the right to opt out of receiving marketing communications at any time by:

We may ask you to confirm or update your marketing preferences if you ask us to provide further products and services in the future, or if there are changes in the law, regulation, or the structure of our business.

We will always treat your personal data with the utmost respect and will obtain your express opt-in consent before we share your personal data with any third party for marketing purposes.

We only collect location data if you grant us access to your location. You can always choose whether or not to allow our website/platform or Android Automotive infotainment system app to collect and use real-time information about your location through the device’s privacy settings or by disabling the location permission from account settings. If you block the use of location data, the Android Automotive infotainment system app may then be inaccessible or not function properly.

Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Who we share your personal data with

We routinely share personal data with:

We only allow our service providers to handle your personal data if we are satisfied they take appropriate measures to protect your personal data. We also impose contractual obligations on service providers to ensure they can only use your personal data to provide services to us and to you.

We may also need to:

We do not share your location data with third parties.

If you would like more information about who we share our data with and why, please contact us (see ‘How to contact us’ below). We can send you a list of our third party processors.

Where your personal data is held and transfers abroad

Personal data may be held at our offices and/or by our data server provider located in the Netherlands, third party agencies, service providers, distributors, representatives and agents as described above (see above: ‘Who we share your personal data with’).

If you are based outside the UK, your personal data may be transferred to the UK as this is where we are based. For our customers based in the UK or European Economic Area (EEA), please be advised that some of that these third parties may be based outside the UK or EEA. Under UK and European data protection laws, we can only transfer your personal data to a country or international organisation abroad in certain circumstances. We will ensure that where your personal data is transferred abroad, it does so in accordance with applicable laws. 

This may include an adequacy decision being in place in relation to the country that is in receipt of your personal data or we may make an impact assessment and then have in place appropriate safeguards to protect your personal data, including the use of approved Standard Contractual Clauses, UK addendum and/or International Data Transfer Agreements, where deemed safe. Alternatively, a specified transfer exception may apply.

How long your personal data will be kept

We will keep your personal data while you have an account with us or we are providing services to you. Thereafter, we will keep your personal data for as long as is necessary:

We will not keep your personal data for longer than necessary. Different retention periods apply for different types of personal data. When it is no longer necessary to keep your personal data, we will delete or anonymise it.

Third-party links

This website may include links to third-party websites, plug-ins, applications, or other technologies. Clicking on those links or enabling those connections via selecting a third-party service may allow third parties to collect or share data about you. 

After purchasing our services and products, if you want, you may select to book travel or other services from our third-party supplier partners via our website. In such a case, you will see the name of the supplier who provides the supplemental services to you directly, and their terms and conditions and privacy policies will apply to your interactions with them. We do not control these third-party service providers or their websites, and we are not responsible for their collection and use of your personal data or privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.

Third-Party Integrations

Our products and services may integrate with, or contain links to other platforms, applications, websites or services, including those operated by our third-party business partners (each, an “Integrated Service”). Integrated Services may be subject to additional privacy policies that may be presented in connection with their use, and by using an Integrated Service, you agree to the applicable privacy policies. 

These additional privacy policies may include the: 

Although we or our related entities may operate some Integrated Services, others are not owned or controlled by us (each, a “Third-Party Service”). We have no control over and, to the fullest extent permitted by applicable law, assume no responsibility for, the content, privacy policies, or practices of any Third-Party Service. By using these Third-Party Services, you waive any and all liability of us arising from such use, or from the content of any Third-Party Service. When using a Third-Party Service, you should be aware of when you leave our products and services and read the terms and conditions and privacy policy of each Third-Party Service that you visit. We may use data from third-party sources to provide services. This data and other information may not always be accurate or available. We are not responsible for any data provided by third parties or your reliance thereof.

Cookieless Tracking

Cookieless tracking refers to the collection of data about a user's activity on our site without the use of cookies. This method may include techniques like fingerprinting or utilizing server-side data storage. Our cookieless tracking is designed to respect user privacy and adheres strictly to data protection regulations.

This method may involve techniques like: 

Browser Fingerprinting: Identifying users based on unique configurations and settings of their device and browser. 

ETags: Utilizing entity tags for web cache validation, which can track user activity without relying on cookies. 

HTML5 Local Storage: Storing data in the user's browser using Web storage technology. We never store any personally-identifiable information in your browser in non-encrypted form. 

Server-Side Tracking: Storing user session information on the server. 

Advantages of Cookieless Tracking

Enhanced Privacy: This method respects user privacy more effectively than traditional cookies by not storing data on the user’s device. 

Persistence: Unlike cookies, cookieless tracking is not susceptible to being cleared by browser cookie management, providing more reliable data. 

Cross-Device Tracking: Allows tracking user activity across different devices more accurately. 

Our Commitment to Privacy with Cookieless Tracking 

We ensure that all cookieless tracking technologies adhere to the highest standards of data privacy and are in compliance with data protection regulations. We are transparent about the data we collect and its use. 

We provide users with options to manage their data and respect their choices regarding data collection.

YOUR RIGHTS

You have the following rights in relation to your personal data, which you can exercise at any time:

Access

The right to be provided with a copy of your personal data

Rectification

The right to require us to correct any mistakes in your personal data

Erasure (also known as the right to be forgotten)

The right to require us to delete your personal data—in certain situations. 

Restriction of processing

The right to require us to restrict processing of your personal data in certain circumstances, e.g. if you contest the accuracy of the data

Data portability

The right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party—in certain situations

To object

The right to object:

—at any time to your personal data being processed for direct marketing (including profiling);

—in certain other situations to our continued processing of your personal data, e.g. processing carried out for the purpose of our legitimate interests.

Not to be subject to automated individual decision making

The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you

For further information on each of those rights, including the circumstances in which they apply, please contact us (see ‘How to contact us’ below) or see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights.

If you would like to exercise any of those rights, please:

We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Please refer to the appropriate supplemental privacy notice that is applicable to you for rights specific to your location.

Keeping your personal data secure

We have appropriate security measures to prevent personal data from being accidentally lost, used or accessed unlawfully. We limit access to your personal data to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality. We also have security procedures in place as well as technical and physical restrictions to access to ensure that your personal data is safeguarded at all times.

We have procedures in place to deal with any data security breach. We will notify you and any applicable regulator of a data security breach where we are legally required to do so.

How to make a complaint

Please contact us if you have any query or concern about our use of your information (see below ‘How to contact us’). We hope we will be able to resolve any issues you may have.

You also have the right to make a complaint at any time to your local data privacy supervisory authority. Information Commissioner's Office (ICO), is the UK supervisory authority for data protection issues (www.ico.org.uk). If you are based outside the UK, you may also have the right to submit a complaint to the relevant supervisory authority in your jurisdiction. A list of EU supervisory authorities is available here: https://edpb.europa.eu/about-edpb/about-edpb/members_en.

We would, however, appreciate the chance to deal with your concerns in the first instance.

Changes to this privacy policy

We may change this privacy notice from time to time. Please ensure that you regularly check this privacy policy for any changes that may affect you. The Last Revised date is written on the top.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

How to contact us

You can contact us and our data protection manager by post, email or telephone if you have any questions about this privacy policy or the information we hold about you, to exercise a right under data protection law or to make a complaint.

Our contact details are shown below:

Address: Timescenery Ltd, C/O Redfern Legal LLP, 7 Henrietta Street, Covent Garden, London, WC2E 8PS, United Kingdom.

Email address: privacy@road.travel

Telephone number: +44 (0) 800 041 8483

Our Voluntary Data Protection Officer is Nikita Dedik. You can contact him at dpo@road.travel or via our postal address. Please mark the envelope ‘Data Protection Officer’.

EU-GDPR representative

Rickert Rechtsanwaltsgesellschaft mbH

Address: Rickert Rechtsanwaltsgesellschaft mbH, Timescenery Ltd, Colmantstraße 15, 53115 Bonn, Germany

Email address: art-27-rep-timescenery@rickert.law