Sign in

Supertripper Privacy Policy

  1. Generalities

    This Privacy Policy is published by SMART CITYVEST for its SUPERTRIPPER service (hereinafter referred to as "Supertripper"), a simplified joint stock company with a share capital of 313.124.00 Euros, registered in the Paris Trade and Companies Register under number 810 491 019, whose registered office is located at 8 rue de Chatillon, 92170 Vanves, reachable by telephone at[014289999054], or by email at[], and duly represented by its Chairman, Mr Maxime PIALAT.

    Supertripper pays particular attention to the processing of its Users' personal data and complies with the law of 6 January 1978 known as "Informatique et Libertés" as well as the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter, the "RGPD").

    This privacy policy (hereinafter, the "Privacy policy") is intended to inform the User of our practices regarding the collection, use and sharing of information that he or she will provide on our platform accessible from the address (hereinafter, the "Platform") and hosted by the Google Cloud platform (hereinafter, the "Hosting").

    The Privacy Policy sets out how we collect and process the personal data provided by the User.

    The User is reminded that this Privacy Policy applies in addition to the General Terms and Conditions of Sale available at the following link:

    By accessing the Platform and subscribing to the Supertripper Services, the User consents to the collection and processing of his or her Personal Data in accordance with the terms and conditions set out herein.

  2. Definitions

    • Administrator

      refers to the User with administrative rights on the Platform's back office.

    • Collaborator

      refers to the persons for whom the Administrator makes Reservations through his "multiple" account.

    • Cookies

      refers to a text file that may be saved in a terminal when viewing the Sites or subscribing to a Service with browser software.

    • Data

      means "any information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"); an "identifiable natural person" is defined as a natural person who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, identification number, location data, online identifier, or to one or more elements specific to his physical, physiological, genetic, psychological, economic, cultural or social identity" (Article 4 DGPS).

    • Sensitive Data

      refers to any information concerning the racial or ethnic origin, political, philosophical or religious opinions, trade union membership, health or sex life of the User. This Sensitive Data is only collected with the express consent of the User.

    • Travel supplier

      refers to the airlines, hotels, private individuals, cars and other service providers that Supertripper uses to provide the best services for travel booking.

    • Hébergeur

      désigne l’entité proposant l’hébergement des Données collectées via la Plateforme.

    • Platform

      refers to the platform owned and operated by the Supplier in its own name allowing access to the Services and accessible at

    • User

      refers to any natural person having access to the Site and using the services offered by Supertripper.

  3. The processing of your personal data

    We collect your Data on the basis of your explicit consent. You have the opportunity to express your consent when you register on our Platform, by checking the appropriate box and validating this Privacy Policy.

    We may collect and process the following Data:

    1. Information directly transmitted by the User

      By using our Platform, the User is required to provide us with information, some of which may identify him/her. This is particularly the case when creating a User account, requesting a quote or establishing a contact, whether by telephone, email or any other means of communication.

      This information includes, among other things, the Data necessary to register for the service we provide on our Platform or to access any other of our services. This is particularly the case when the User enters the elements of his passport in the "My Account" area. This data includes first and last name, e-mail address, date of birth, gender, telephone number and password. This information is mandatory. Otherwise, Supertripper will not be able to provide the services offered by the Platform.

      In addition, the Administrator may insert Data relating to his Employees into the Platform. The Administrator is duly informed that, for the Data he enters directly through the Platform for the management of his Employees' Reservations, he is the controller.

    2. The Data we automatically collect

      During each of the User's visits, we may collect, in accordance with applicable legislation and with his or her consent, where applicable, information relating to the devices on which our services are used or the networks from which the User accesses our services, such as (but not limited to) IP addresses, connection data, types and versions of Internet browsers used, types and versions of browser plugins, systems and operating platforms, and the content accessed. Among the technologies used to collect this information, we use cookies, whose management and configuration methods are defined in Article 10 hereof.

    3. Why collect your Data? What are the purposes of the processing?

      Supertripper collects User Data for the sole purpose of managing their travel reservations to ensure that they receive the best possible service.

      In particular, we use the Data to contact the User via the customer information provided when registering on the Platform and to inform them of any changes in the booking or to inform them of our special offers.

      In addition, we use the Data for analytical purposes to improve our online travel booking services. Supetripper's main objective is to make the Platform as accessible and customizable as possible so that it best meets the needs of each of its Users.

      Finally, we collect the Data for legal and regulatory purposes, to process and resolve legal disputes, for regulatory investigations or in compliance with applicable legislation.

    4. The special case of Data of the minor person

      Supertripper will verify, taking into account the technological means at its disposal, that consent is given by the holder of parental responsibility for the child, but this verification does not amount to an obligation of result.

    5. The special case of Sensitive Data

      "Sensitive Data" refers to all personal data including certain identification numbers issued by the government, religion, health status or sexual orientation of the User. As this Data requires special protection in accordance with applicable law, we limit its collection to certain circumstances such as:

      • Data concerning your health that may be essential to us to provide you with appropriate travel accommodation in particular and for example requests for access facilities;
      • Government issued identification numbers, such as passport numbers to be provided in the "My Account" area.

      You expressly consent to the collection and processing of such Sensitive Data. It is in fact in Supertripper's legitimate interest to carry out such collection for the strict purposes referred to herein.

  4. Who is responsible for the processing?

    ProcessingData controller
    When the User registers on the Platform and fills in the above-mentioned Data:The controller is Supertripper.
    When Supertripper collects information via cookies and other technologies:The controller is Supertripper.
    When the Administrator manages reservations on behalf of his Employees via the Platform:The controller is the Administrator; Supertripper is the processor.
  5. Sharing your Personal Data with third parties

    In some cases, we may share Users' personal data with third parties in the strict context of the performance of service contracts, in particular with:

    Recipient of the DataPurpose
    Travel Suppliers

    Hotels, airlines, car rental agencies, owners, railway companies with whom Supertripper deals to manage your travel reservations.

    In the event of a dispute, certain information such as your travel booking confirmation may be provided as proof to the Travel Supplier.

    The Hosting Company

    The data collected by Supertripper is hosted on the Google Cloud platform.

    For more information about Google Cloud Platform's data privacy policy, you can visit the following link:

    To contact the Host:

    Payment service provider STRIPE

    To make online payments for travel reservations.

    To make online payments for travel reservations.

    To consult STRIPE's privacy policy:

    To contact STRIPE :

    Competent authoritiesWe transmit personal data to law enforcement authorities as far as required by law or when we consider it strictly necessary for the prevention, detection or prosecution of criminal acts and/or fraud.

    The transfer of personal data as set out herein may include transfers abroad to countries whose data protection laws do not provide an equivalent level of protection to those of European Union countries. Therefore, where applicable, we only transfer your Personal Data to recipients who offer an equivalent level of data protection.

  6. Supertripper obligations

    1. As controller of the processing operation

      As soon as we collect your Data under the conditions defined in Article 3 hereof, we shall act as data controller.

      In accordance with this quality, we are committed to:

      • Maintain a register of the processing operations carried out via the Platform;
      • Implement all appropriate technical and organisational measures to ensure the security of the processing operations carried out, guarantee the protection of your rights and comply with the requirements of the Regulation;
      • Restrict access to your Data to persons duly authorized for this purpose;
      • To have made our staff aware and trained in data processing, the provisions of the regulations in force, and its consequences;
      • Never transfer your Data in any way to a third party without having been duly informed;
      • Guarantee all your rights of access, portability, deletion, rectification and opposition, limitation to your Data collected during the use of the Platform under the conditions defined in Article [!] of these Terms and Conditions;
      • Notify the competent supervisory authority of any security breach that poses a high risk to your rights and freedoms within 72 hours of the discovery of the violation;
      • After termination of the Agreement with the Company, and if storage is no longer necessary, destroy your Data within a period of time in accordance with applicable regulations.
    2. As a subcontractor

      As soon as the Administrator collects the Data of his Employees for the strict use of the Platform, he is duly informed that he is the controller, Supertripper being the subcontractor.

      As a subcontractor, we are committed to:

      • Actively cooperate with the Administrator in the event of the exercise of Employees' rights under the conditions defined in Article 9; to do so, it is expressly agreed that the Administrator must necessarily forward any request for the exercise of Employees' rights to Supertripper, which undertakes to process them within two (2) months of receipt;
      • It is agreed that Supertripper will be responsible for the register of processing operations carried out by the Administrator when collecting Data from its Employees;
      • Never transfer Users' data to a third party other than the above-mentioned recipients;
      • Allow the controller any possibility of carrying out an audit of the processing operations carried out by Supertripper and of all appropriate technical and organisational measures guaranteeing the security of the processing operations, respect for the rights of the data subjects and the requirements of the Regulation, it being specified that the Administrator must have notified Supertripper in writing with a minimum of thirty (30) calendar days' notice. The audit will be carried out at the Administrator's expense and may only cover appropriate technical and organisational measures guaranteeing the security of the processing operations, respect for the rights of the data subjects and the requirements of the Regulations. The Director undertakes to appoint an independent auditor who is not a competitor of the Company on the SaaS market, validated by Supertripper, and subject to the signature of a confidentiality agreement. Supertripper undertakes to collaborate with the auditor in the performance of the assignment, providing him with the necessary information and responding to his related requests. A copy of the audit report prepared by the auditor will be provided to each party, and will be jointly reviewed by them, who undertake to meet for this purpose;
      • Restrict access to the Data to personnel strictly authorized for this purpose;
      • Collaborate with the controller in the event of a security breach, in particular as regards the need to notify the competent supervisory authority, and put in place all technical measures to detect violations of Users' and Administrators' Data that may pose a high risk to their rights and freedoms and to inform the controller within a reasonable time.
  7. Obligations of the Administrator

    As soon as the Administrator assumes the status of controller as defined in Article [!] hereof, he undertakes to :

    • To have collected or to have collected the User's consent to the collection and processing of his Data before any collection, hosting or processing of his Data via the Platform; to this end, the Administrator is encouraged to transfer this document in advance to his Employees;
    • Collect Employees' Data via the Platform for the use and management of their travel reservations; in the event of a purpose other than Supertripper and the Platform, the Administrator undertakes to duly inform the User in advance;
    • It is hereby agreed that the responsibility for the processing register rests with Supertripper;
    • Implement all appropriate technical and organisational measures to ensure the security of the processing operations carried out, guarantee the protection of the rights of Employees through the processing operations, and comply with the requirements of the Regulation;
    • Restrict access to the Data of both Directors and Employees to persons duly authorized for this purpose;
    • Sensitize and train its personnel in Data processing, the provisions of the current Regulations, and their consequences;
    • Never transfer in any way whatsoever the Data of Employees and Administrators to a third party without having duly informed the User;
    • Never transfer Employee Data in any way whatsoever outside the European Union without having duly informed them;
    • Guarantee all rights of access, portability, deletion, rectification and opposition, limitation of Directors and Employees to their Data collected when using the Application Service; to this end, the Director undertakes to notify Supertripper without delay of any request to exercise them;
    • Notify Supertripper of any security breach that poses a high risk to the rights and freedoms of both Directors and Employees within 72 hours of the discovery of the breach;
    • After termination of the Agreement with Supertripper, and if storage is no longer necessary, destroy the Data of Employees and Directors within a period of time in accordance with the regulations in force.
  8. Conservation period of the collected data


    Data collectedConservation data
    Retention for the entire duration of the contractual relationship, and 3 years from the end of the relationship.Accounting data and supporting documents (travel reservations)
    For proof purposes, 10 years from the date of booking.User's identity document
    Duration of the contractual relationship, and immediate termination at the end of the relationship. If the purpose of collecting the User's identity document is to exercise his rights under the conditions defined if after:In case of exercise of the right of access or rectification: 1 year;
    In case of exercise of the right of access or rectification: 1 year;

    In case of exercise of the right of opposition: 3 years.

    • Sensitive data relating to the User's state of health
    • Immediate deletion after transmission to the Travel Supplier if necessary.
    Bank details of the User5 years
    Cookies13 months after their placement.
  9. The rights you enjoy and their exercise

    The User is informed that he/she has access to the Data collected and processed by Supertripper pursuant to Act No. 78-17 of 6 January 1978 known as the "Data Protection Act" and the RGPD:

    • a right to forget;
    • a right of access;
    • a right of rectification;
    • a right to erase;
    • a right to limitation of processing;
    • a right of opposition;
    • a right to the portability of your data.

    To exercise his rights, the User is invited to write to the following address:, accompanied by proof of identity. Supertripper will have a maximum of two (2) months to respond to the User's request.

    In addition, the User is informed that if he considers that his rights have not been respected, he may file a complaint with the CNIL by going to the following link: direct/question/844.

    It is also specified to the User his possibility to organize the fate of his Personal Data after his death in accordance with Article 40-1 of the Data Protection Act.

  10. Cookies Information

    A Cookie is a text file that can be saved in a terminal (computer, tablet or smartphone) when viewing the Platform, as well as when registering with it from a browser. A cookie allows the sender to recognize the relevant device each time the device accesses particular content containing cookies from the same sender.

    Each time you use the Online Platform, cookies and other tracking technologies are used in a number of ways. They enable the Platform to operate, analyze traffic or are used for advertising purposes. These technologies are used by us directly or by our business partners, including third-party service providers and advertisers with whom we work.

    Supertripper informs the User to use the following Cookies and for the following purposes:

    Cookie typePurposes

    Website analysis tools:

    • Google Analytics ;
    • Mixpanel ;
    • Hotjar ;
    • LinkedIn Analytics.

    These Cookies are installed for the purpose of analysing traffic on the Platform, as well as the User's behaviour. In addition, these cookies make it possible to improve the Platform's performance by adapting its presentation to the display preferences of each User.
    These cookies also make it possible to identify which content of the Platform is of most interest to the User, by retracing their journey.

    Finally, LinkedIn Analytics Cookies allow to determine the precise events of the User who has arrived on the Platform via LinkedIn.

    Sharing cookie on social networks

    • Facebook Connect.

    These cookies make it possible to monitor the User's behaviour during campaigns launched by Supertripper on Facebook.

    Advertising cookie

    • LinkedIn Ads ;
    • Facebook Custom Audience.

    These cookies allow you to:

    1. To launch advertising via LinkedIn, and follow the User path, especially on the click rate ;
    2. To identify Users on the Platform in order to offer them content appropriate to their taste on the Facebook social network.

    BrowserParameter setting
    Internet Explorer
    • In Internet Explorer, click on the "Tools" button, then on "Internet Options";
    • General tab, under "Navigation history", click on "Settings";
    • Click on "View files";
    • Click on "Name" to sort all files in alphabetical order, and browse the list until you see files starting with the prefix "Cookie". (All Cookies have this prefix and usually the name of the website that created the Cookie);
    • Select the Cookies that concern you and delete them;
    • Finally, close the window that contains the list of files, then double-click the "OK" button to return to Internet Explorer.
    • Browser "Tools" tab then "Options" menu;
    • In the window that appears, choose "Privacy";
    • Click on "Display Cookies";
    • Locate the files concerned, select them and delete them;
    • Finally, you can specifically choose which Cookies you want to delete or keep.
    • In the browser, choose the "Edit" menu, then "Preferences";
    • Click on the "Security" button;
    • Click on "View Cookies";
    • Select the Cookies concerned and click on "Delete";
    • You can also click on "Delete All";
    • Finally, after deleting the cookies, click on "Done".
    Google Chrome
    • Click on the "Tools" menu icon;
    • Select "Options";
    • Click on "Advanced options" then on "Privacy";
    • Click "View Cookies";
    • Select or delete the files concerned;
    • Finally, click on "Close" to return to your browser.

  11. Deleting the User account

    The User may delete the account he/she has created at any time. However, it is agreed that outstanding invoices are due to the Company.

    In the event of account deletion, the User will no longer have access to the Data previously processed via the Platform.

    In order to unsubscribe, the User will inform the Company at the following email address:

  12. Changes to the Privacy Policy

    Supertripper reserves the right to modify this Agreement when such modification appears necessary in response to local, technical or commercial developments. The User will be informed of the modification of this agreement.

  13. How to contact us?

    In case of necessity or questions regarding the protection of his personal data, the User is invited to contact us at or can visit the CNIL website at the following address

Last version of the Privacy Policy: July 16, 2018.