Get in Touch info@dmc.travel +31 20 700 8868
Connect me with a DMC
Searching...
No results found for ""
View all results

Privacy Policy

Last updated: April 26, 2026

1. About this Privacy Policy

DMC.travel (the “website,” “platform,” “we,” “our,” or “us”) is a directory of Destination Management Companies and related travel-services businesses operating in Europe and other regions. The platform is owned and operated by GMS LTD, a company registered in the Republic of Cyprus, with registered office at Lykavitou 25, Egkomi 2401, Cyprus (“GMS LTD”).

This Privacy Policy explains how we process personal data of two distinct groups of people: (i) visitors and users of the website, and (ii) the natural persons whose business contact details appear in the directory listings. The two groups are governed by different legal bases and different rights, and we describe each separately below.

This Policy also covers our use of cookies and similar technologies (Section 9).

If you have any questions about this Privacy Policy or wish to exercise any of the rights described in it, please contact us at privacy@dmc.travel.

2. Who is the controller of your personal data

GMS LTD is the data controller for all personal data processed in connection with DMC.travel. You can contact us at:

3. Personal data we process — visitors and users of the website

This Section 3 applies if you actively interact with the website, for example by submitting a contact form, requesting a free DMC match, subscribing to the newsletter, listing your company, or simply browsing the site.

3.1 Categories of data we collect from you

  • Identification and contact data: full name, business email address, business phone number, company name, country and city of operation, position or job title.
  • Inquiry data: the information you provide when you submit a request for a DMC match or any other contact form, including event type, dates, group size, destination preferences, budget indication and free-text notes.
  • Account data (only if you list a company): username, password (stored hashed), account preferences.
  • Communication data: the content of emails or messages you exchange with us.
  • Technical data collected automatically: IP address, browser type and version, operating system, referring URL, pages visited, time spent on each page, approximate geographic location derived from IP, and device and screen identifiers necessary for responsive display.
  • Cookies and similar technologies: see Section 9 below.

3.2 Why we process this data and the legal basis

  • To respond to your request and connect you with one or more DMCs (legal basis: performance of a contract or pre-contractual measures at your request, GDPR Art. 6(1)(b)).
  • To send you the newsletter, but only if you have subscribed (legal basis: your consent, GDPR Art. 6(1)(a); withdrawable at any time).
  • To operate the website, prevent abuse and fraud, and improve our services (legal basis: our legitimate interest in running a stable and useful platform, GDPR Art. 6(1)(f)).
  • To comply with legal obligations, including bookkeeping, tax and responses to lawful requests by authorities (legal basis: GDPR Art. 6(1)(c)).

3.3 How long we keep this data

  • Inquiry data: up to 24 months from the date of the last interaction, after which it is deleted or anonymized.
  • Account data: while the account is active, plus 12 months after closure to handle disputes.
  • Newsletter subscription: until you unsubscribe.
  • Technical and analytics data: up to 14 months in identifiable form, then aggregated.
  • Bookkeeping records: as required by Cyprus tax law (currently 6 years).

4. Personal data we process — directory listings

This Section 4 applies to natural persons whose contact details appear in a directory listing on DMC.travel, regardless of whether they actively submitted the listing themselves.

4.1 What data appears in a listing

A listing typically contains the following information about a business: company name, registered or trading address, country and city of operation, public business phone numbers and emails, public-facing website URL, social-media handles, services offered, languages spoken, and similar commercial information. Where a single named individual is publicly identifiable as the founder, manager or sales contact of the business, that person’s name and business contact details may also appear.

4.2 Source of the data

In line with our transparency obligations under GDPR Article 14 (information to be provided where personal data have not been obtained from the data subject), we explicitly disclose the sources from which listing data is compiled:

  • Publicly accessible sections of the listed company’s own website.
  • Publicly accessible business registers, chambers of commerce, and tourism-board listings.
  • Publicly accessible professional networks where business profiles are made available without authentication.
  • Publicly accessible mapping services, where the business has chosen to publish its information.
  • Information voluntarily submitted by the company itself through our “List your company” form.
  • Information provided to us by partners and clients, where they have warranted that they have the right to share it.

4.3 Why we process listing data and the legal basis

We process directory listing data on the basis of our legitimate interest under GDPR Article 6(1)(f), namely:

  • Operating a B2B aggregator that helps event organizers, tour operators, and corporate buyers identify and compare DMCs across Europe and other regions.
  • Providing transparency and discoverability to the travel industry.
  • Supporting the listed companies’ own commercial interest in being found by potential business partners.

We have conducted a documented Legitimate Interest Assessment (LIA) which weighs these interests against the rights and freedoms of the natural persons concerned. The processing is limited to professional contact data made publicly available in a business context. We do not process special categories of data. The data subjects, as professionals offering services to the public, have a reasonable expectation of being listed in industry directories.

4.4 Article 14 information

Where we process personal data that we did not obtain directly from you, we provide this Privacy Policy (and the per-listing disclaimer on the listing page itself) as the means of informing you. If you would like a personal notification, or if you would like the listing changed or removed, please use the procedure on the Listing Removal page or write to privacy@dmc.travel. We will respond within thirty (30) days.

4.5 How long we keep listing data

We keep listing data for as long as the listed business appears to be operating. We carry out periodic verification (typically annually). Listings of businesses that have ceased operations are removed within a reasonable period of becoming aware of the closure. Listings can be removed at any time on request, see Section 8.

5. Sharing your personal data

We share personal data only as described below.

  • With service providers acting as our processors: hosting, email delivery, content delivery network, analytics, customer support tooling, and similar. Each processor is bound by a data processing agreement that requires GDPR-equivalent safeguards.
  • With listed DMCs, but only when you actively request to be connected with them through a contact form or matching request, and only the data you have chosen to share in that request.
  • With professional advisors (lawyers, accountants, auditors) under confidentiality.
  • With public authorities, courts and regulators where this is required by law or by a binding order.
  • With a successor in case of a merger, acquisition or asset sale, in which case the successor will be required to honor this Privacy Policy.

We do not sell personal data. We do not share personal data with advertising networks for cross-context behavioral advertising. To the extent that any analytics or marketing cookies set on the site could be considered “sale” or “sharing” under U.S. state laws (see Section 11), users can opt out via the cookie banner or via the link described in Section 11.

6. International data transfers

DMC.travel operates internationally. Personal data may be transferred to or accessed from countries outside the European Economic Area, including the United Kingdom, the United States, and other jurisdictions where our service providers are located. Where the destination country is not covered by a European Commission adequacy decision, we rely on appropriate safeguards, in particular the Standard Contractual Clauses adopted by the European Commission (Decision 2021/914) and supplementary technical and organizational measures where required by the EDPB recommendations.

A copy of the safeguards used is available on request from privacy@dmc.travel.

7. Your rights

Subject to the conditions and limitations of applicable data protection law, you have the following rights:

  • Right of access (GDPR Art. 15) — obtain confirmation of whether we process your personal data and a copy of it.
  • Right to rectification (Art. 16) — ask us to correct inaccurate or incomplete data.
  • Right to erasure (Art. 17) — ask us to delete your data, including removal of a directory listing.
  • Right to restriction (Art. 18) — ask us to suspend processing in defined circumstances.
  • Right to portability (Art. 20) — receive certain data in a structured, commonly used format.
  • Right to object (Art. 21) — object to processing carried out on the basis of legitimate interest, including direct marketing. Where the objection concerns a directory listing, we will remove the listing unless we can demonstrate compelling legitimate grounds that override your interests.
  • Right to withdraw consent (Art. 7(3)) — withdraw consent for any processing that relies on it (such as the newsletter).
  • Right not to be subject to automated decision-making (Art. 22) — we do not currently take decisions about you that produce legal or similarly significant effects on the basis of automated processing alone.

To exercise any of these rights, write to privacy@dmc.travel. We aim to respond within thirty (30) days. The right to lodge a complaint with a supervisory authority is described in Section 12.

8. How to remove a directory listing

If you are the owner, manager or authorized representative of a business that appears in our directory and you would like the listing changed or removed, please use the form on our Listing Removal page, or send an email to privacy@dmc.travel from a business email address associated with the company.

To process the request as quickly as possible, please include: (i) the URL of the listing, (ii) confirmation that you are authorized to act on behalf of the company, and (iii) whether you are asking for correction or for full removal.

We will acknowledge receipt within five (5) business days and complete the requested action within thirty (30) days. There is no fee for this service.

9. Cookies and similar technologies

9.1 What cookies are

Cookies are small text files placed on your device when you visit a website. They are widely used to make websites work more efficiently and to provide reporting information to the website operator. Similar technologies, such as local storage, web beacons, and pixels, are referred to in this Section collectively as “cookies.”

9.2 Why we use cookies

DMC.travel uses cookies to (i) make the website work, (ii) remember your preferences, (iii) analyze how the website is used, and (iv) where you have given consent, to deliver relevant marketing communications and to support our advertising on third-party platforms.

9.3 Categories of cookies we use

  • Strictly necessary cookies. Essential for the website to function. They allow you to navigate, use the search and filtering tools, submit a contact form, and maintain a session. The website cannot operate properly without these cookies, and they do not require your consent under EU and UK ePrivacy rules.
  • Functional cookies. Remember choices you make, such as preferred country, and provide enhanced features. They do not track you across other websites.
  • Analytics cookies. Help us understand how the website is used, in aggregate, so that we can improve it. They count visitors, identify popular pages, and measure the performance of our content. We use Google Analytics 4 with IP anonymization where available.
  • Marketing cookies. Used to deliver relevant advertising on third-party platforms, to measure the effectiveness of our campaigns, and to limit how often you see the same advertisement. They are only set if you have given consent through the cookie banner.

9.4 Managing cookies

On your first visit, you will see a cookie banner that lets you accept all cookies, reject non-essential cookies, or set granular preferences. You can change your choices at any time by clicking “Cookie settings” in the website footer. Most browsers also allow you to block or delete cookies through their settings; please note that disabling cookies may affect the functionality of the website.

Where you are based in California or another U.S. state recognizing the Global Privacy Control signal, we treat that signal as a valid request to opt out of “sharing” personal information for cross-context behavioral advertising.

9.5 Third-party cookies

Some cookies are set by third parties whose services we use, including analytics providers, content delivery networks, embedded video players, and social-media plug-ins. The third party is responsible for its own use of these cookies, and you should consult the third party’s own privacy and cookie policies.

9.6 Cookie retention

Strictly necessary cookies typically last only for the duration of your session or for a few days. Functional and analytics cookies generally last between thirty (30) days and twenty-four (24) months. Marketing cookies generally last between thirty (30) days and thirteen (13) months. Specific durations are documented in the cookie banner and are reviewed periodically.

10. Security

We implement technical and organizational measures appropriate to the risk, including transport encryption (HTTPS/TLS), access controls, segregated environments for development and production, regular backups, and logging of administrative actions. No system can be guaranteed to be perfectly secure, and we encourage users to use strong, unique passwords and to report any suspected security incident to privacy@dmc.travel.

11. U.S. state privacy rights (CCPA/CPRA, VCDPA, CPA, CTDPA, UCPA and similar)

If you are a resident of California, Virginia, Colorado, Connecticut, Utah, or another U.S. state with a comprehensive privacy law, you may have the following additional rights:

  • Right to know what personal information we have collected about you and the categories of sources, purposes, and recipients.
  • Right to delete personal information, subject to certain exceptions.
  • Right to correct inaccurate personal information.
  • Right to opt out of the “sale” or “sharing” of personal information for cross-context behavioral advertising. We do not knowingly sell or share personal information for monetary consideration. To opt out of any tracking that may be considered “sharing” under California law, click “Do Not Sell or Share My Personal Information” in the website footer or set the Global Privacy Control signal in your browser.
  • Right to limit use and disclosure of sensitive personal information. We do not collect sensitive personal information as defined under California law.
  • Right to non-discrimination for exercising your rights.

To exercise these rights, send an email to privacy@dmc.travel with the subject line “U.S. State Privacy Request”. We will verify your identity using reasonable measures (typically by confirming the email address or business association) and respond within forty-five (45) days, with a possible extension of an additional forty-five (45) days where reasonably necessary.

12. Right to lodge a complaint

If you are based in the European Economic Area or the United Kingdom, you have the right to lodge a complaint with the data protection supervisory authority of the country where you live or work, or where the alleged infringement occurred. The lead supervisory authority for GMS LTD is the Office of the Commissioner for Personal Data Protection of the Republic of Cyprus (https://www.dataprotection.gov.cy).

13. Children

DMC.travel is a B2B platform and is not directed at children. We do not knowingly collect personal data of children under sixteen (16) years of age. If you become aware that a child has provided us with personal data, please contact privacy@dmc.travel and we will take steps to delete it.

14. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top reflects the latest version. Material changes will be communicated through a banner on the website and, where you have a relationship with us, by email. Continued use of the website after the effective date of an update constitutes acknowledgment of the updated Policy, but does not constitute acceptance of any new processing that requires consent.

Contact

DMC.travel (GMS LTD)
Lykavitou 25
Egkomi 2401, Cyprus
Email (privacy): privacy@dmc.travel
Email (general): info@dmc.travel