Privacy Policy

Purpose

Trust My Travel Limited trading as Repayd(“Repayd”, “we”, “us” or “our”) respects your privacy and is committed toprotecting your personal data. Repayd operates a payment protection platform designed to provide financial protection to travellers when making payments to travel companies. Our platform enables travel providers to process customer payments through Repayd and provides travellers with protection against the insolvency of the travel provider. Where applicable, this protection may involve arranging a replacement trip or issuing a refund.

This privacy notice also explains your privacy rights pursuant to applicable data protection laws including: the UK Data Protection Act 2018, the UK General Data Protection Regulation (UK GDPR) and the EU General Data Protection Regulation (EU GDPR).

Repayd operates globally and this notice applies to personal data processed in connection with our website www.repayd.com and our platform services.

Scope

This privacy notice applies to the processing of personal data by Repayd in connection with the following categories of individuals.

Travellers (customers of travel providers): Individuals who purchase travel services from a travel provider and/or make payments through a checkout or payment flow powered by the Repayd platform.
Travel providers (business customers): Businesses that use Repayd’s platform to process payments and offer their customers Repayd’s financial protection guarantee.
Suppliers: Individuals working for organisations that provide services or products to Repayd, including technology providers, consultants and professional advisers.
Website visitors: Individuals who browse or interact with our website regardless of whether they use our services.

Controller for Personal Data

A “controller” is a person or organisation who alone or jointly determines the purposes for which and the way any personal data is or is likely to be processed. Unless we notify you otherwise, Repayd is the controller of your personal data for the purposes of this website and certain aspects of our platform services.

Processor

Depending on the circumstances in which personal data is processed, Repayd may act as a processor, where we process personal data on behalf of and in accordance with the instructions of a travel provider using our services. Where Repayd acts as a processor, the relevant travel provider will be the data controller responsible for determining the purposes and lawful basis for processing personal data.

Types of Personal Data

Personal data means any information about an individual from which that person can be identified. It does not include anonymised data where the identity has been removed.

Repayd may collect, use, store and transfer different kinds of personal data about you.

Identity Data includes first name, last name, username or similar identifier and title.
Contact Data includes billing address, email address and telephone numbers.
Financial Data includes bank account and payment card details or other payment method information used to process transactions.
Transaction Data includes details about payments to and from you and other transaction details relating to travel bookings processed through the Repayd platform.
Technical Data includes internet protocol (IP) address, login data, browser type and version, time zone setting, operating system and platform and other technology on the devices you use to access our website.
Profile Data includes your username and password, preferences, feedback and survey responses.
Usage Data includes information about how you use ourwebsite and services.
Marketing and Communications Data includesyour preferences in receiving marketing from us and your communicationpreferences.
Company Data may include company registration details,corporate structure and business information where you act on behalf of anorganisation.

Lawful Bases: How We Use Your Personal Data

Repayd will only use your personal data when the law allows us to. We will use your personal data in the following circumstances:

Consent: We do not generally rely on consent as a legal basis for processing your personal data. Where we do rely on consent you have the right to withdraw consent at any time.
Performance of a contract: Where we need to perform the contract, we are about to enter into or have entered into with you.
Legal obligation: Where we need to comply with a legal obligation including financial services regulation, anti money laundering obligations and fraud prevention requirements.
Legitimate interests: Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
Vital interests: Where it is necessary to protect your vital interests.
Public obligation: Where we need to comply with obligations relating to public interest matters.

Depending on your relationship with us we may process the categories of data above and categories of specific personal data that is specific to you. Please see below in the Processing Table on how we may process your personal data depending on our relationship with you and our lawful basis for doing so.

How We Collect Your Personal Data

Direct interactions: You may give us your personal data when you:

Create a Repayd account
Make a payment through a Travel Provider using Repayd
Fill in forms on our Website
Correspond with us by email, telephone or post

Third‑party sources: We may receive personal data from:

Travel Providers using the Repayd platform
Payment processors or financial institutions
Fraud prevention and identity verification providers
Publicly avaliable business registers

Automated technologies: When you visit our website we may automatically collect certain information using technologies such as cookies, analytics tools and similar tracking technologies.

Processing Tables

The processing tables explain why we process personal data and the lawful basis for doing so. Depending on your relationship with us, you may need to refer to different tables relevant to your specific interactions or services.

Traveler: Processing Information

This table applies where you are a traveler (a customer of a travel provider) and you make a payment through a travel provider's website or booking system using the Repayd platform.

Legal Obligation

Identity Data, Financial Data, Transaction Data

Communicate regarding payments, refunds or disputes

Identity Data, Contact Data

Detect, investigate and prevent fraud or financial crime

Provide Repayd financial protection guarantee

Identity Data, Contact Data, Transaction Data

Identity Data, Financial Data, Transaction Data, Technical Data

Process payments made through the Repayd platform

Identity Data, Contact Data, Financial Data, Transaction Data

Meet financial reporting and regulatory obligations

Performance of a contract

Legal obligation; Legitimate interests (prevent fraud and protect travellers, travel providers and our platform)

Performance of a contract

Processing Activities

Categories of Personal Data

Lawful Basis

Note where Repayd processes traveller personal data on behalf of a travel provider, Repayd acts as a data processor.

Travel Provider: Processing Information

This table applies where you are a travel provider (a business customer) using the Repayd platform to process payments from travellers and provide Repayd’s financial protection guarantee to your customers.

Identity Data, Contact Data

Performance of a contract

Administer and protect our platform and IT systems

Legitimate interests (maintain platform security, reliability and operational performance)

Identity Data, Technical Data

Provide support and respond to enquiries

Conduct fraud monitoring and financial risk analysis

Identity Data, Transaction Data, Technical Data

Process payments and administer transactions through the platform

Create and administer platform accounts and dashboards

Identity Data, Contact Data, Profile Data

Identity Data, Contact Data, Financial Data, Transaction Data

Assess and onboard travel providers onto the Repayd platform

Identity Data, Contact Data, Company Data

Performance of a contract

Legitimate interests (protect platform integrity and prevent fraudulent or suspicious transactions)

Performance of a contract

Processing Activities

Categories of Personal Data

Lawful Basis

Supplier: Processing Information

This table applies where you area supplier or service provider or an individual working for a supplier,providing goods or services to Repayd.

Communicate regarding services or contractual matters

Administer and protect business systems and infrastructure

Manage supplier payments, fees and invoices

Identity Data, Contact Data, Financial Data

Identity Data, Contact Data

Identity Data, Technical Data

Legitimate Iinterests (maintain IT security and safeguard our systems and infrastructure)

Engage suppliers and manage supplier relationships

Identity Data, Contact Data, Company Data

Performance of a contract; Legal obligation

Legitimate interests (manage supplier relationships and ensure effective delivery of services)

Performance of a contract

Processing Activities

Categories of Personal Data

Lawful Basis

Repayd as a Data Processor

We may collect, use and disclose certain Personal Data about Customers when acting as the Travel Provider's Service Provider. Our travel provider's are responsible for making sure that the Customer's privacy rights are respected, including ensuring appropriate disclosures about third party data collection and use. To the extent that we are acting as a User's data processor, we will process Personal Data in accordance with the terms of our agreement with the User and the User's lawful instructions.