This GDPR privacy notice (“Notice”)—is part of Red Umbrella Holidays’ Privacy Policy and applies specifically to the processing of ‘personal data,’ as defined in the General Data Protection Regulation (“GDPR”), of individuals located in the European Economic Area (“EEA”) or the United Kingdom (“UK”) by Red Umbrella Holidays LLC (referred to herein as “EEA Individuals,” “you,” or “your”). Any capitalized terms not defined in this Notice shall have the meanings ascribed to them in the Privacy Policy or, if not defined there, the GDPR. In case of any conflict between this Notice and other sections of our Privacy Policy, this Notice will govern for EEA Individuals and their personal data. If you are located outside of the EEA or UK, please refer to our general Privacy Policy.
Controller Details
Red Umbrella Holidays LLC is the controller of personal data collected from EEA Individuals via its websites, mobile applications, customer service centers, and other related travel services (collectively, the “Services”).
Data Storage
Red Umbrella Holidays stores EEA Individuals’ personal data on servers located in the United States.
Data Transfers
Red Umbrella Holidays is self-certified under:
The EU-U.S. Data Privacy Framework (EU-U.S. DPF),
• The UK Extension to the EU-U.S. DPF, and
• The Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF).
Should these frameworks become invalid, Red Umbrella Holidays will rely on the European Commission’s Standard Contractual Clauses (SCCs) for cross-border data transfers.
Transfers to non-EEA/UK travel partners (e.g., airlines, hotels) may rely on GDPR Article 49(1)(b) and/or 49(1)(c) as necessary for contractual performance or at your request.
Retention
We retain your personal data for as long as necessary, considering:
• Frequency of transactions, account activity, and reward usage;
• The need to analyze travel behavior for service improvements;
• Your marketing preferences;
• Fraud detection and legal compliance;
• Customer service and dispute resolution needs;
• Statutory retention periods and potential claims.
Information Security
Red Umbrella Holidays implements technical and organizational safeguards in line with industry standards such as ISO 27001 and PCI-DSS. Sensitive data like credit card numbers are encrypted via SSL.
We also monitor IP addresses, browser metadata, timestamps, and referrer information for cybersecurity purposes.
Government Access Requests
We may disclose your data when legally required to comply with national security, law enforcement, or regulatory requests.
Corporate Restructuring
In cases of mergers, acquisitions, or asset sales, personal data may be transferred to the acquiring entity under existing privacy protections.
Your GDPR Rights
If you are an EEA Individual, you may:
1. Access, correct, or delete your data;
2. Restrict or object to processing;
3. Request data portability;
4. Withdraw consent where applicable.
To exercise your rights, contact: support@redumbrellaholidays.com with the subject line “GDPR Notice.”
Objections to Legitimate Interest / Direct Marketing
You may object to processing based on our legitimate interests. We will stop unless we can demonstrate compelling legitimate grounds.
You may also object to direct marketing at any time by clicking unsubscribe links or emailing support@redumbrellaholidays.com. Administrative communications (e.g., booking emails) are not subject to opt-out.
Right to Lodge a Complaint
You may file a complaint with your local data protection authority. A full list is available here:
https://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm
You may also assert rights under applicable SCCs executed by Red Umbrella Holidays.
Minors
Our Services are not intended for individuals under 18. We do not knowingly collect personal data from minors.
Updates to This Notice
If our data usage practices change, we will update this Notice and notify you accordingly. The “Effective Date” will reflect the most recent update.
Data Privacy Framework
Red Umbrella Holidays complies with the DPF as administered by the U.S. Department of Commerce. We are certified to:
EU-U.S. DPF Principles (EU data);
• UK Extension to the EU-U.S. DPF (UK data);
• Swiss-U.S. DPF Principles (Swiss data).
In case of conflict, DPF Principles override. View our certification at: https://www.dataprivacyframework.gov/
We are subject to U.S. Federal Trade Commission enforcement.
DPF Complaints
Unresolved complaints may be submitted to BBB National Programs Data Privacy Framework Services:
https://bbbprograms.org/programs/all-programs/dpf-consumers/ProcessForConsumers
Binding arbitration may be available under certain circumstances.
Onward Transfers to Third Parties
Red Umbrella Holidays may share personal data with service providers (e.g., hosting, analytics) that must uphold equivalent data protections and notify us of non-compliance. We may also share data with our affiliates for operational support.
Opt-In/Opt-Out for Onward Transfers
You may opt-out of sharing personal data with third parties (not acting as agents) by contacting support@redumbrellaholidays.com. We will only share sensitive data with your explicit opt-in consent.
Your DPF Rights
You may request access to, correction of, or deletion of your DPF-covered data by emailing support@redumbrellaholidays.com. Please allow reasonable processing time.
Retention under DPF
We retain DPF-relevant personal data as long as necessary for business or legal needs, after which it may be anonymized or deleted.
Security of Your Data
We apply appropriate administrative, physical, and technical safeguards to prevent loss, misuse, and unauthorized access to your personal data.
Contacting Us
If you have questions or wish to exercise your GDPR rights, please contact us at:
Email: support@redumbrellaholidays.com (Subject: “GDPR Notice”)
Or you can write to us at:
Red Umbrella Holidays
448 Prairie Knoll Dr Naperville IL 60565
Note: Do not include sensitive personal data (e.g., payment details) in emails.