Extranet Privacy Notice

Version: 1.0 | Updated: March 30, 2026

This Privacy Notice explains how Emerging Travel Group ("ETG", or "we") collects, uses, and protects your personal data. It applies to your use of the Extranet at extranet.emergingtravel.com, our mobile applications, and any related digital tools ("Extranet"). Below, we describe what information we gather, why we need it, how we keep it safe, and what rights you have regarding your personal data. All our activities are guided by the national or international data protection legislation that governs your specific relationship with us ("Applicable Law").

1. Who Is Responsible for Your Data

The processing of your personal data is carried out by Leaside Services Limited (located at 17 Karaiskaki Street, Office 22, Agaia Triada, Limassol, 3032, Cyprus), acting as the operator of Extranet, together with the specific legal entity within the ETG that determines the purposes and means of processing your personal data ("Controller"), as identified for your location in the table below. Where these entities jointly determine the purposes and means of processing your personal data, they act as joint controllers and have entered into an arrangement governing their respective responsibilities for compliance with Applicable Law.

Under this arrangement, Leaside Services Limited is responsible for the overall technical infrastructure of the Website, general security measures, and providing the platform for data collection. The entity identified for your location below serves as your primary point of contact for exercising your privacy rights and handling inquiries. Other group entities participate in the processing to provide unified management, consolidated internal reporting, and centralized technical support across our global infrastructure. Regardless of this internal allocation, you may exercise your rights in respect of and against each of these entities.

The designated member of ETG acting alongside Leaside Services Limited is determined by the location where you provide your services:

Country	Company	Business Address
Kazakhstan	Emerging Travel Kazakhstan LLP	Office SP2-18, 280 Baizakova Street, Bostandykskiy District, 050040, Almaty, Republic of Kazakhstan
UAE*	Smart Middle East Travel Agency L.L.C	Office P2A-J08, WHP2 Block A, Dubai Industrial City, Saih Shuaib 3, Dubai, UAE
UAE*	Emerging Travel Inc.	1000 N West Street, Suite 1200, Wilmington, DE 19801, USA
Other countries	Emerging Travel Inc.	1000 N West Street, Suite 1200, Wilmington, DE 19801, USA

* For the UAE, the specific Data Controller is designated in accordance with the terms of the Distribution Agreement, Collaboration Agreement, or other written contract concluded between you and ETG. If no such specific written agreement has been executed, the Data Controller is determined in accordance with the Terms of Use, under which Leaside Services Limited shall act as the Controller.

2. What We Collect & How We Use It

We process your personal data only to the extent necessary to achieve the specific purposes outlined below.

Please note that the Extranet is not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If we learn that personal data has been collected from a person under 18 without verifiable parental consent, we will take appropriate steps to delete such information.

The following table details the categories of data we collect and our legal basis for processing under Applicable Law:

Purpose of Processing	Categories of Personal Data	Legal Basis for Processing
Account Creation	Full name Phone number Email address	Contract
Contract Conclusion	Full name Phone number Email address Residential address Tax ID Bank details Property data	Contract
Payment processing	Bank details Tax identifiers Billing addresses Mutual settlement status	Contract
Accounting and invoicing	Invoices Reconciliation acts Tax ID numbers Settlement acts Taxation system details	Legal Obligation
General Customer Support	Full name Phone number Email address Booking information Contract information Inquiry details Correspondence history Call recordings	Contract
Complaints and dispute resolution	Full name Date of birth Phone number Email address Residential address ID details Bank details Employment info	Legitimate Interest (to establish, exercise, or defend legal claims and protect the company's rights and assets)
Manage quality of customer support interactions	Full name Phone number Audio recordings Data provided during the call	Legitimate Interest (to monitor service standards and train support personnel)
Email marketing and newsletters	Full name Phone number Email address Language preferences Promo participation data	Consent
Cookie tracking, web & app analytics	Cookie identifiers IP address Site behavior Device data	Consent
Personalization	Full name Email address Behavioral and browsing data Transaction data Cookie and tracking data Loyalty program data Travel and booking preferences Account/user ID User geolocation data Connection and session data Consent and subscription status Account authentication data	Legitimate interest (to provide personalized travel recommendations, and enhance user experience through behavioral modeling and content tailoring)
Corporate website management	Email engagement data Connection and session data Customer support inquiry content IP address and session data	Legitimate interest (maintaining a secure and reliable service for all users)
Track product performance	Behavioral and browsing data Transaction data Connection and session data	Legitimate interest (to analyze service usage, identify technical issues, and improve overall product functionality)
Use consumer insights in product design (UX)	Full name Phone number Email address Audio/video recordings Research data	Consent
Antifraud screening	Full name User ID IP address Cookies Entry dates Property data Phone number Email address Technical logs	Legitimate Interest (to maintain platform security and prevent financial loss)
Event Organization	Full name Phone number Email address Job title	Consent

To use the Extranet, providing certain information is a contractual requirement. To access and use the Extranet, you must provide the data categorized in the table above as Account Creation & Management, and Contract Conclusion. While you are not legally required to provide your personal data, failure to provide this mandatory information will result in the inability to register your account. Furthermore, we will be unable to conclude or execute the agreement with you, and you will be unable to use the functionality of the Extranet platform.

We may engage in interest-based advertising, which involves collecting information across websites, applications, and devices to infer user interests and deliver more relevant advertisements. We work with advertising networks, attribution providers, and business partners to promote our products and services through emails and ads on third-party platforms. These activities may involve the use of cookies, pixels, mobile advertising identifiers, and similar technologies. Aside from these advertising activities, we do not use AI or automated systems to make decisions that produce legal or similarly significant effects on you, such as automated profiling or account termination without human review.

3. How We Share Your Data

To support the operation of the Extranet and fulfill our obligations to you, we may share your personal data with the following categories of third parties:

Affiliated Entities: we share data within the Emerging Travel Group for unified management, consolidated internal reporting, and centralized technical support.
Government Authorities and Courts: we may disclose information to competent regulatory, tax, or law enforcement authorities and courts where disclosure is required by applicable law or necessary for the protection of our legal rights and defense against claims.
Data Centers and Cloud Service Providers: we use third-party infrastructure and hosting services to ensure the availability, security, and performance of Extranet.
Financial Institutions and Payment Systems: information is shared with banks and payment processors to facilitate payments, process settlements, and manage financial transactions related to your property.
Research and Analytics Providers: we engage partners who provide platforms for surveys and feedback collection to help us improve our products and services.
Security and Verification Services: data is shared with specialized providers for fraud prevention.
Communication Service Providers: we use third-party telecommunication operators, IP-telephony, IVR services, and AI-driven tools (including speech recognition and quality control assistants) to manage our communications with you.
Web Analytics Services: we use providers that collect statistical information about website visitor behavior to optimize the user experience.
Business and Marketing Partners: we work with partners around the world who distribute or advertise our services (this may involve integrating our booking services into their platforms or displaying customized advertisements to you based on your interests).
Event Partners and Organizers: we share contact details with organizers and platforms that help us manage webinars, conferences, and partner events you've signed up for.
Guests: we provide necessary information to guests to facilitate bookings, ensure effective communication regarding their stay, and allow you to fulfill your obligations as an accommodation provider.

We ensure that all third parties handle your personal data in compliance with Applicable Law and are bound by appropriate confidentiality and data protection obligations.

4. How We Transfer and Protect Your Data Internationally

As a global group of companies, we may transfer and process your personal data in various locations worldwide to provide you with the Extranet services. These transfers occur when necessary to fulfill our contract with you, such as facilitating guest bookings or processing international payments, as well as for other purposes, including providing customer support from our global offices.

Since these countries may have different data protection standards than your location, we implement the following safeguards in accordance with Applicable Law to ensure your information remains secure:

When we share data with third-party service providers or partners, we include specific data protection clauses in our agreements, including Standard Contractual Clauses where applicable. These terms require all recipients to maintain a level of security and confidentiality that is substantially equivalent to the requirements of the Applicable Law governing our processing activities.
We apply consistent technical and organizational measures across ETG globally. These standards are designed to meet the requirements of the Applicable Law and ensure a high level of data protection.
We monitor and comply with specific legal conditions for cross-border data flows in each jurisdiction, including performing data transfer impact assessments or obtaining necessary authorizations where required by Applicable Law.

5. How Long We Keep Your Data

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, in accordance with Applicable Law. The specific retention period is determined based on the nature of the personal data, the purposes of processing, and applicable legal or regulatory requirements.

When the relevant processing purpose has been fulfilled and the applicable retention period has expired, personal data will be securely deleted or irreversibly anonymised.

If you request the deletion of your personal data or withdraw your consent, we will delete your information without undue delay. Please note that in certain cases our ability to delete personal data may be limited, for example, by statutory retention obligations, reasons of public interest, laws relating to freedom of expression and information, or where processing is necessary for the establishment, exercise or defence of legal claims.

6. What Are Your Rights

Under Applicable Law, you have certain rights that allow you to control how your personal data is used. The availability and exercise of these rights may vary depending on your location and the specific legal grounds for processing.

You may exercise the following rights by contacting us or using the automated tools available within the Extranet:

Right of Access: you have the right to request confirmation as to whether your personal data is being processed and, where that is the case, access to the personal data and information regarding the processing (such as the purposes, categories of data, and recipients).
Right to Rectification: you have the right to obtain the rectification of inaccurate or incomplete personal data concerning you without undue delay.
Right to Erasure: you have the right to request the deletion of your personal data where the data is no longer necessary for the original purposes, or if you withdraw your consent. Please note that this right might be the subject to exceptions under Applicable Law (e.g., for compliance with a legal obligation).
Right to Restriction of Processing: you have the right to request that we suspend the processing of your data, other than for storage purposes, in specific cases established by Applicable Law, such as when you contest the accuracy of the data, the processing is unlawful, the data is required for legal claims, or you have exercised your right to object and are awaiting verification of overriding legitimate grounds.
Right to Data Portability: where processing is based on consent or a contract and carried out by automated means, you have the right to receive your data in a structured, commonly used, and machine-readable format.
Right to Object: you have the right to object to the processing of your personal data based on our legitimate interests, or where processing is necessary for the performance of a task carried out in the public interest.
Right to Withdraw Consent: where processing is based on your consent, you have the right to withdraw it at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.
Right to Lodge a Complaint: you have the right to lodge a complaint with a competent data protection supervisory authority in your jurisdiction if you believe our processing violates Applicable Law.

To exercise these rights, please refer to the How to Contact Us section. We will respond to your request within the timeframe mandated by Applicable Law.

7. How We Keep Your Data Safe

We implement a comprehensive system of administrative, technical, and physical safeguards to protect your personal data against unauthorized access, disclosure, or destruction in accordance with Applicable Law.

Our security framework includes:

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including encryption for data in transit and at rest. Our infrastructure is protected by advanced network security controls, including firewalls, intrusion prevention capabilities, and continuous threat monitoring. We also maintain application-level security controls designed to protect against common digital vulnerabilities and unauthorized access.
Access to personal data is strictly limited to authorized personnel on a "need-to-know" basis. We enforce multi-factor authentication and role-based access controls across our systems.
We maintain internal data protection policies, conduct regular security audits, and provide ongoing data security training for our employees. We also maintain third-party security certifications to verify our compliance with global standards.
Your data is stored in secure data centers featuring 24/7 monitoring, restricted physical access, environmental controls, and robust disaster recovery and backup systems.
We have established procedures for rapid incident response and breach notification to ensure that any potential threats are mitigated and reported as required by Applicable Law.

8. Use of Cookies and Similar Technologies

We use cookies and similar tracking technologies to collect information about your interactions with the Extranet, analyze trends, and provide a secure and personalized experience.

Detailed information about the types of cookies we use, their purposes, and how you can manage your preferences is available in our separate Cookie Policy.

9. Updates to This Privacy Notice

We may update this Notice from time to time to reflect changes in our practices or legal requirements under Applicable Law. In the event of significant changes, we will provide you with appropriate notice. The "Updated" date at the beginning of this document indicates when the latest changes were made.

10. How to Contact Us

If you have any questions, concerns, or requests regarding your personal data, please contact our Data Protection Officer at [email protected].