How destinationlab protects your data.
We take data protection seriously. This page outlines how we collect, process, and safeguard personal data in compliance with GDPR and international privacy standards.
1. Data Controller
destinationlab (operated by destinationlab GmbH) is the data controller for personal data processed through the platform. We determine the purposes and means of processing your data in accordance with the EU General Data Protection Regulation (GDPR) and applicable national data protection laws.
2. Data We Collect
We collect and process the following categories of personal data: account information (name, email, company), usage data (feature usage, login activity), billing data (payment method, invoicing details), traveler data (processed on behalf of our customers as a data processor), and technical data (IP address, browser type, device information).
3. Legal Basis for Processing
We process personal data based on: contractual necessity (to provide our SaaS services), legitimate interests (to improve our platform, prevent fraud, and ensure security), legal obligations (tax, accounting, and regulatory requirements), and consent (for marketing communications and optional analytics).
4. Your Rights Under GDPR
As a data subject, you have the right to: access your personal data, rectify inaccurate data, erase your data (right to be forgotten), restrict processing, data portability, object to processing, and withdraw consent at any time. To exercise these rights, contact our Data Protection Officer at privacy@destinationlab.io.
5. Data Storage & Security
All data is stored in EU-based data centers (Frankfurt, Germany) operated by our infrastructure provider. We implement industry-standard security measures including: encryption at rest (AES-256) and in transit (TLS 1.3), role-based access controls, regular security audits, automated backup and disaster recovery, and SOC 2 Type II compliance.
6. International Data Transfers
When data is transferred outside the European Economic Area, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission and adequacy decisions where applicable.
7. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected. Account data is retained for the duration of the customer relationship plus 30 days. Billing records are retained for 10 years as required by law. Usage logs are anonymized after 90 days.
8. Cookies & Tracking
We use strictly necessary cookies for platform functionality and optional analytics cookies (only with your consent). You can manage cookie preferences at any time through the cookie banner or your account settings. We do not sell personal data to third parties.
Data Protection Officer
For questions about data protection, contact our DPO at privacy@destinationlab.io
Last updated: March 2026
Ready to streamline your travel operations?
Start your 14-day free trial today. No credit card required. Full access to all features.