At The Solo Travel List, accessible from https://www.thesolotravellist.co.uk, the privacy and security of our visitors is a top priority. This Privacy Policy describes what personal data we collect, why we collect it, how we use and protect it, and what rights and choices you have.
This policy applies to information collected through our website only. It does not cover data collected offline or via third-party services that link to or from our site.
By accessing or using The Solo Travel List, you acknowledge that you have read and agree to this Privacy Policy. Questions or requests may be sent to [email protected].
Definitions
Personal Data: Any information relating to an identified or identifiable person, including name, email, IP address, and online identifiers.
Processing: Any operation on personal data, including collection, storage, use, transfer, and deletion.
Data Controller: The Solo Travel List, determining the purposes and means of processing personal data on The Solo Travel List.
You / User: Any individual accessing or using The Solo Travel List.
Information We Collect
1. Information You Provide Directly
Contact form submissions: name, email address, and message content
Email address and preferences for newsletter or mailing list subscriptions
2. Automatically Collected Data
IP address, browser type and version, operating system, and device type
Pages visited, time and date of visit, duration, and referring URL
HTTP request headers and server log data
Cookie identifiers, session tokens, and similar tracking data (see Cookies section)
Aggregated usage analytics via Google Analytics 4 or similar services
Interaction data from embedded third-party content (e.g. videos, social widgets, maps)
How We Use Your Information
We process personal data for the following purposes:
Purpose | Examples | Legal Basis (GDPR) |
|---|---|---|
Service Delivery | Operating the website; responding to support requests | Contract / Legitimate Interests |
Analytics & Improvement | Understanding usage patterns; improving features | Legitimate Interests |
Email Marketing | Newsletters, updates, and promotional content | Consent |
Security & Fraud Prevention | Detecting malicious activity; protecting user accounts | Legitimate Interests |
Legal Compliance | Meeting tax, regulatory, and court-ordered obligations | Legal Obligation |
The Solo Travel List uses cookies, web beacons, and similar technologies. Cookies are small text files placed on your browser to help us deliver and improve our services. We use the following categories:
Category | Purpose | Examples | Duration |
|---|---|---|---|
Strictly Necessary | Core functionality, security, session management. Cannot be disabled. | Session cookies, CSRF tokens, auth tokens | Session |
Analytics / Performance | Anonymised visitor behaviour data; site performance improvement. | Google Analytics 4 (_ga, gid, gat) | Up to 2 years |
Functional / Preference | Remembering your settings: language, dark mode, layout. | Theme preference, locale cookies | Up to 1 year |
Embedded Content | Set by third-party content embedded in our pages. | YouTube, Google Maps, social media widgets | Varies by provider |
Managing Cookies: You can control or delete cookies through your browser settings. Opt-out tools: DAA Opt-Out, Your Online Choices (EU), Google Analytics Opt-Out. Disabling strictly necessary cookies may impair website functionality.
Cookie Consent: Where required by law (e.g. GDPR, ePrivacy Directive), you will be presented with a cookie consent banner on your first visit. Your preference is stored and honoured on subsequent visits.
Analytics
We use Google Analytics 4 (GA4) to measure traffic and usage patterns. GA4 uses first-party cookies and does not use third-party cookies for cross-site tracking. Our privacy configuration includes:
IP anonymisation enabled; your full IP address is never stored by Google
Data retention configured to a maximum of 14 months
We have signed a Data Processing Amendment with Google in accordance with GDPR
GA4 data is not shared with Google for its own advertising purposes
You may opt out of Google Analytics tracking at any time via the Google Analytics Opt-Out Browser Add-on.
With your explicit consent, we may send newsletters, product updates, or promotional emails. Every commercial email includes a working one-click unsubscribe link in compliance with the CAN-SPAM Act and, where applicable, CASL. You may also unsubscribe by emailing [email protected]. Requests are processed within 10 business days. We may retain your address on a suppression list to honour your opt-out preference.
Embedded Third-Party Content
Our pages may include embedded content from YouTube, Twitter/X, Spotify, Google Maps, or social media platforms. Embedded content behaves as if you visited the originating website directly and may collect data, set cookies, and track your interaction independently. We encourage you to review each provider's privacy policy before interacting with embedded content.
We do not sell your personal information. Data is shared only in these limited circumstances:
Service Providers: Trusted processors under contract who help operate our website; they may only process data as instructed by us.
Legal Requirements: Where required by law, regulation, subpoena, or court order. We notify you where legally permitted before disclosing.
Safety: To protect the rights, property, or safety of The Solo Travel List, our users, or the public.
Business Transfers: In a merger, acquisition, or asset sale, your data may transfer. You will be notified via a prominent website notice and, where feasible, by email.
With Your Consent: For any other purpose with your explicit prior consent.
Data Security
We implement appropriate technical and organisational measures to protect your personal data:
HTTPS/TLS 1.2+ encryption for all data in transit
Role-based access controls limiting data access to authorised personnel
Regular security assessments, penetration testing, and vulnerability scanning
Real-time monitoring systems for detecting suspicious activity
In the event of a personal data breach likely to result in risk to your rights, we will notify affected individuals and relevant supervisory authorities within the legally mandated timeframe (e.g. 72 hours under GDPR).
Data Retention
We retain personal data only as long as necessary to fulfil stated purposes or as required by law:
Data Type | Retention Period | Reason |
|---|---|---|
Server access logs | 90 days | Security monitoring and abuse prevention |
Analytics data | Up to 14 months | Trend analysis (auto-deleted by GA4) |
Newsletter subscriptions | Until unsubscribed + 30 days | Suppression list maintenance |
Contact form submissions | 3 years | Correspondence records and dispute resolution |
Your Privacy Rights
Depending on your location, you may have rights to access, correct, delete, restrict, or transfer your personal data. You may exercise these rights by contacting us at [email protected]. We will respond within the timeframe required by applicable law. You will never be penalised or discriminated against for exercising your privacy rights.
GDPR - European Union Data Protection Rights
If you are in the EU or EEA, the General Data Protection Regulation (EU) 2016/679 grants you these rights:
Right of Access (Art. 15): Request a copy of personal data we hold and how it is processed.
Right to Rectification (Art. 16): Request correction of inaccurate or incomplete data without undue delay.
Right to Erasure / "Right to be Forgotten" (Art. 17): Request deletion of your data where no longer necessary, consent is withdrawn, or processing is unlawful, subject to legal retention obligations.
Right to Restriction of Processing (Art. 18): Request we temporarily halt processing in certain circumstances.
Right to Data Portability (Art. 20): Receive your data in a structured, machine-readable format (e.g. CSV/JSON) and transfer it to another controller where technically feasible.
Right to Object (Art. 21): Object to processing based on legitimate interests or for direct marketing; we will cease unless we demonstrate compelling grounds.
Rights re: Automated Decisions (Art. 22): Not be subject to solely automated decisions, including profiling, that produce significant legal or similarly significant effects, without human review.
Right to Withdraw Consent (Art. 7(3)): Withdraw consent at any time where processing relies on it, without affecting the lawfulness of prior processing.
Legal Bases for Processing: Art. 6(1)(a) Consent; Art. 6(1)(b) Contract; Art. 6(1)(c) Legal obligation; Art. 6(1)(f) Legitimate interests. For special category data, we rely on Art. 9(2)(a) explicit consent or other applicable bases.
International Transfers: Transfers outside the EEA are protected by EU Standard Contractual Clauses (SCCs, Commission Decision 2021/914), adequacy decisions, or other lawful Chapter V GDPR mechanisms.
Data Protection Officer: Where legally required, a DPO has been appointed. Contact: [email protected].
We will respond to GDPR requests within 30 days (extendable by 2 months for complex cases). You may also lodge a complaint with your EU Member State's supervisory authority (DPA).
UK GDPR - United Kingdom Rights
If you are in the UK, your rights under the UK GDPR and Data Protection Act 2018 mirror those under EU GDPR listed above. The Information Commissioner's Office (ICO) is the UK supervisory authority: ico.org.uk. International transfers from the UK are governed by UK International Data Transfer Agreements (IDTAs) or UK addendums to EU SCCs as approved by the UK Secretary of State.
Links to External Websites
The Solo Travel List may contain links to third-party websites. Once you leave our site, this Privacy Policy no longer applies. We have no control over and accept no responsibility for external sites' content, privacy policies, or practices. We recommend reviewing the privacy policy of any third-party site you visit.
Do Not Track (DNT) Signals
Some browsers transmit "Do Not Track" signals to websites. There is currently no universally accepted standard for how websites must respond to DNT signals. At this time, The Solo Travel List does not alter its data collection practices in response to DNT browser signals. We will review this position as industry standards evolve.
Changes to This Privacy Policy
We may update this Privacy Policy periodically. When material changes are made, we will update the "Last Updated" date at the top and post a prominent notice on our website, and where feasible notify subscribers via email. Your continued use of The Solo Travel List after any modification constitutes acceptance of the revised policy. We encourage you to review this page periodically.
Contact Us
For questions, datfa subject requests, or privacy complaints, please contact us:
Website: https://www.thesolotravellist.co.uk
Email: [email protected]
We aim to respond to all enquiries within 5 business days, and within applicable legal deadlines for formal data subject requests.