Privacy Policy
Who We Are — Data Controller
This Privacy Policy explains how Travel Detail collects, uses, stores, and protects your personal data when you visit our website or place an order. Travel Detail is operated by Arizona Legacy Group, which is the data controller for all personal data processed in connection with orders placed on travel-details.com.
Data controller
Arizona Legacy Group — trading as Travel Detail
As the data controller, Arizona Legacy Group determines the purposes and means of processing your personal data in connection with the travel-details.com online store. We process your data in accordance with the EU General Data Protection Regulation (GDPR) and, where applicable, the Belgian and Dutch national data protection laws implementing it.
Controller details
Arizona Legacy Group
68 West Cypress Street
Phoenix, Arizona 85003
United States of America
Privacy contact
For all privacy-related requests:
support@travel-detail.com
+1 740 272 5703
GDPR applicability
The EU General Data Protection Regulation (GDPR) (Regulation 2016/679) applies to the processing of personal data of individuals in the EU, including Belgium and the Netherlands, regardless of where the controller is established. Because we sell to consumers in Belgium and the Netherlands, the GDPR applies to our processing of your personal data. We are committed to full GDPR compliance in our processing of data relating to EU residents.
Data We Collect
We collect only the personal data that is necessary for the purposes set out in this Policy. We do not collect data we do not need and we do not retain data for longer than necessary.
What we do not collect
We do not collect sensitive personal data (also known as special category data under GDPR) such as health data, racial or ethnic origin, religious beliefs, or biometric data. We do not knowingly collect data from children under 16. If you believe a minor has provided us with personal data, contact us and we will delete it promptly.
How We Use Your Data
We use your personal data only for the purposes listed below. We do not use your data for automated decision-making or profiling that produces significant legal effects on you.
Order fulfilment
Processing and confirming your order
Arranging dispatch via FedEx and providing tracking information
Managing returns, refunds, and exchanges
Complying with EU customs and import documentation requirements
Customer support
Responding to your enquiries, complaints, and support requests
Managing warranty and guarantee claims under the 2-year legal guarantee
Providing after-sales service and follow-up
Legal & compliance
Complying with tax and accounting obligations
Detecting and preventing fraud and payment abuse
Responding to legal requests from courts or regulatory authorities
Defending legal claims and disputes
Marketing (with consent)
Sending promotional emails, newsletters, and product updates — only where you have opted in
You may unsubscribe at any time using the link in any marketing email or by contacting us
We do not send marketing without your prior consent
Legal Basis for Processing
Under the GDPR, every processing activity must have a lawful basis. The table below sets out the legal basis we rely on for each category of processing.
Legitimate interests assessment
Where we rely on legitimate interests as our legal basis, we have assessed that our interests do not override your fundamental rights and freedoms as a data subject. For fraud prevention, the processing is proportionate and necessary. For website analytics, the data is aggregated and does not individually profile you in a way that would be unduly privacy-invasive. You may object to processing based on legitimate interests at any time — see section 07.
Data Sharing & Third Parties
We do not sell your personal data to third parties. We share data only with the service providers that are essential to fulfilling your order and operating our store. All third parties are bound by confidentiality and data processing agreements.
Essential service providers
Shopify Inc. — our e-commerce platform. Processes order, customer, and payment data on our behalf. Shopify is a certified data processor under GDPR. Servers may be located in the US and EU.
FedEx — our delivery carrier. Receives your name and delivery address to fulfil shipment and provide tracking.
Payment processors (Stripe, Mollie, or equivalent) — process your payment securely. We share only what is necessary to authorise and complete your transaction.
We do not share with
Data brokers or data aggregators
Social media platforms for advertising targeting without your consent
Any third party for their own marketing purposes
Any party outside the scope of order fulfilment and support without your explicit consent or a legal obligation
International data transfers
Your data may be transferred outside the EEA. We ensure appropriate safeguards are in place.
Arizona Legacy Group is based in the United States. Shopify also processes data in the US. The US does not have an EU adequacy decision for all data transfers; however, transfers to Shopify are covered by Standard Contractual Clauses (SCCs) approved by the European Commission, providing equivalent protections to those available within the EEA.
Safeguards in place
Standard Contractual Clauses (SCCs) with Shopify and our payment processor. FedEx GDPR-compliant data processing under their privacy programme. All providers assessed for GDPR adequacy before use.
Your right to object
You may request information about international transfers and the safeguards in place by contacting us at support@travel-detail.com. We will provide this information free of charge within one month of your request.
Data Retention
We retain personal data only for as long as necessary for the purposes for which it was collected, or as required by applicable law. When data is no longer needed, we securely delete or anonymise it.
Order & transaction data
Retained for 7 years from the date of the transaction to comply with Belgian and Dutch accounting and tax obligations (which generally require records to be kept for 7 years). After this period, data is securely deleted.
Customer support communications
Retained for 3 years from the date of the last communication. This allows us to handle any follow-up to a complaint, warranty claim, or dispute within the limitation periods under Belgian and Dutch law.
Marketing data
Email marketing records (your opt-in consent and preference) are retained for as long as you remain subscribed. If you unsubscribe, we retain a record of your opt-out to ensure we do not email you again. If no email is sent for 3 years, we delete the marketing record unless you are also a customer.
Website analytics
Aggregated analytics data is retained for 26 months in line with standard Shopify/Google Analytics retention policies. IP addresses used for fraud prevention are retained for 12 months from the date of the relevant transaction.
Deletion requests
You may request deletion of your personal data at any time (see section 07 — your right to erasure). We will delete your data promptly unless we are required by law to retain it (e.g., for tax records), in which case we will explain the basis for retention and delete the data as soon as the legal obligation expires.
Your GDPR Rights
As a data subject in Belgium or the Netherlands, you have the following rights under the GDPR. All requests are free of charge and will be responded to within one month (extendable by a further two months in complex cases, with notice).
How to exercise your rights
Send your request to support@travel-detail.com with subject “GDPR Request — [Right you wish to exercise]”. Include your full name, email address, and a brief description of your request. We may ask you to verify your identity before processing the request. We will acknowledge within 3 business days and respond in full within one month.
Cookies & Tracking
We use cookies and similar technologies on travel-details.com. Under the EU ePrivacy Directive (implemented in Belgian and Dutch law) and the GDPR, we obtain your consent before placing non-essential cookies.
Essential cookies (no consent required)
Session cookies: Maintain your shopping cart and login state during your visit
Security cookies: Prevent cross-site request forgery (CSRF) and detect fraud
Preference cookies: Remember your cookie consent choice and currency preference
Non-essential cookies (consent required)
Analytics cookies: Shopify Analytics to understand how visitors use our site (page views, referral sources, device types). Data is aggregated.
Marketing cookies: Only set where you have explicitly consented to receive targeted advertising.
We do not place marketing cookies without explicit opt-in consent.
Managing your cookie preferences
You can manage your cookie preferences at any time using the cookie consent banner displayed on your first visit to our Website, or by adjusting your browser settings to block or delete cookies. Note that disabling essential cookies may affect the functionality of the Website (e.g., your shopping cart may not work). You can also opt out of analytics tracking by enabling the “Do Not Track” signal in your browser where supported.
Data Security
We implement appropriate technical and organisational security measures to protect your personal data against accidental loss, unauthorised access, alteration, disclosure, or destruction.
Security measures in place
Your data is protected by industry-standard technical and organisational controls.
We work with Shopify, a leading e-commerce platform with robust security infrastructure, to store and process your data. Payment data is handled exclusively by PCI-DSS Level 1 certified processors — we never see or store your full card details.
Technical measures
HTTPS / TLS 1.2+ encryption on all pages. PCI-DSS Level 1 payment processing. Access controls and authentication for internal systems. Regular security monitoring via Shopify’s platform.
Organisational measures
Access to personal data restricted to staff who need it to fulfil orders or provide support. Data processing agreements with all third-party processors. Incident response procedures in place.
Data breach notification
In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay, as required by GDPR Article 34. We will also notify the relevant supervisory authority (see section 10) within 72 hours of becoming aware of a breach, in accordance with GDPR Article 33. Notifications will include details of the breach, the data involved, the likely consequences, and the measures we have taken or propose to take.
Contact & Supervisory Authorities
For all privacy-related enquiries, requests, or complaints, please contact us first. You also have the right to lodge a complaint directly with your national data protection authority at any time.
Contact us for privacy matters
Email: support@travel-detail.com
Subject line: “Privacy Request” or “GDPR Request”
We respond to all privacy requests within one month (GDPR Article 12). For complex requests, this may be extended by up to two further months with notice to you.
Policy updates
We review and update this Privacy Policy periodically. Where changes are material, we will notify you by email (if you are a customer) or by posting a prominent notice on the Website before the changes take effect. The effective date at the top of this page always reflects the current version. We encourage you to review this Policy periodically.
Belgium — GBA / APD
Gegevensbeschermingsautoriteit (GBA)
Autorité de protection des données (APD)
Rue de la Presse 35 / Drukpersstraat 35
B-1000 Brussels, Belgium
Netherlands — AP
Autoriteit Persoonsgegevens (AP)
PO Box 93374
2509 AJ The Hague, Netherlands
We would prefer to resolve directly
We take all privacy concerns seriously and will do our best to address your query promptly and fairly. While you have the right to contact your national DPA at any time, we ask that you contact us first at support@travel-detail.com so we have the opportunity to resolve your concern directly before escalation.
Privacy questions?
We respond to all GDPR requests within one month.
support@travel-detail.comThis Privacy Policy applies to the processing of personal data of individuals in Belgium and the Netherlands by Travel Detail (Arizona Legacy Group) via travel-details.com. It is effective from 25 June 2026. Processing is conducted in accordance with EU Regulation 2016/679 (GDPR), the Belgian Act of 30 July 2018 on the Protection of Natural Persons with regard to the Processing of Personal Data, and the Dutch Uitvoeringswet Algemene Verordening Gegevensbescherming (UAVG). Arizona Legacy Group, 68 West Cypress Street, Phoenix, Arizona 85003, United States of America.
