Home
About Us
Contact UsHYDRA TRAVELS INC.
1. ABOUT THIS POLICY & COMPANY IDENTITY
This Privacy Policy applies to all personal information collected by Hydra Travels Inc. through: (a) the website www.hydratravels.us and all associated pages; (b) email, telephone, and in-person consultations; (c) booking forms, quote requests, and client intake documents; and (d) any other means by which a client or website visitor provides personal information to the Agency.
1.1 Identity of the Data Controller
| Detail | Information |
|---|---|
| Agency Name | Hydra Travels |
| Website | www.hydratravels.us |
| ARC Accreditation No. | 45572424 |
| Agency Type | Independent Travel Agency — Not affiliated with any airline |
| Policy Version | 2.0 — Effective May 1, 2026 |
| Applicable Jurisdiction | United States of America (federal and applicable state law) |
1.2 Scope
This Policy covers personal information collected from: prospective clients who submit inquiries; active clients who book travel services; website visitors who browse www.hydratravels.us without making a booking; group organizers and travel coordinators who engage the Agency on behalf of multiple travelers; and third parties whose information is provided to us by a client in connection with a booking (e.g., fellow travelers on a shared itinerary).
This Policy does NOT apply to the privacy practices of third-party travel Suppliers (airlines, hotels, cruise lines, car rental companies, tour operators, etc.) with whom bookings are made on your behalf. Each Supplier maintains its own privacy policy governing the information you provide to them directly or that we transmit on your behalf in connection with a booking.
2. INFORMATION WE COLLECT
Hydra Travels Inc. collects personal information through multiple channels and in several categories. We collect only the information that is necessary and proportionate to the services we provide.
2.1 Information You Provide Directly
| Category | Examples | Purpose |
|---|---|---|
| Identity Information | Full legal name, date of birth, gender | Booking accuracy; airline and Supplier requirements |
| Contact Information | Email address, phone number, mailing/billing address | Communication, booking confirmations, invoicing |
| Travel Document Information | Passport number, expiry date, nationality, country of issuance, visa information | International booking and check-in requirements |
| Payment Information | Credit/debit card number, billing address, bank transfer details | Processing payment for travel services and fees |
| Travel Preferences | Seat preferences, meal requirements, room type preferences, loyalty program numbers | Personalizing travel arrangements |
| Health & Dietary Information | Dietary restrictions, mobility limitations, medical requirements relevant to travel | Communicating special needs to Suppliers |
| Emergency Contact Information | Name and contact details of a designated emergency contact | Emergency communication during travel |
| Group/Third-Party Traveler Information | Names, dates of birth, passport details of other travelers in your party | Completing group bookings on your behalf |
2.2 Information We Collect Automatically
When you visit www.hydratravels.us, certain technical information is collected automatically through standard web technologies, including:
- IP address and approximate geographic location (city/region level).
- Browser type, version, and operating system.
- Pages visited, time spent on each page, and navigation paths.
- Referring URL (the website that directed you to ours).
- Device type (desktop, mobile, tablet) and screen resolution.
- Cookie identifiers and session data
This technical data is collected using cookies, web beacons, pixel tags, and similar technologies. It is used for website analytics, performance improvement, and to understand how visitors use our site. It is not used to identify you personally without your consent.
2.3 Information We Receive from Third Parties
In limited circumstances, we may receive personal information about you from third parties, including:
- Travel Suppliers who provide booking confirmations, updates, or amendments relating to your reservation.
- Global Distribution Systems (GDS) that facilitate airline and accommodation inventory searches.
- Payment processors who confirm or flag payment transactions.
- Travel insurance providers when you elect to purchase travel protection through us.
- Other travelers in your party who provide your details when making a group booking.
3. HOW WE USE YOUR INFORMATION
Hydra Travels Inc. uses personal information collected for specific, legitimate, and disclosed purposes. We do not use your personal information for any purpose incompatible with the purpose for which it was originally collected without your prior consent.
| Purpose of Use | Legal/Operational Basis |
|---|---|
| Processing and managing travel bookings on your behalf | Contract performance — necessary to provide services you have requested |
| Issuing airline tickets via ARC settlement systems | Contract performance and ARC accreditation obligations |
| Communicating booking confirmations, itineraries, and updates | Contract performance and legitimate business interest |
| Transmitting necessary data to travel Suppliers to fulfill reservations | Contract performance — Supplier requirements for booking completion |
| Processing payments and issuing invoices | Contract performance and legal obligation |
| Communicating relevant travel advisories, alerts, or documentation requirements | Legitimate interest in client safety and service quality |
| Responding to inquiries, complaints, and service requests | Legitimate interest and contract performance |
| Sending Agency newsletters, promotions, and travel recommendations (opt-in only) | Consent — you may withdraw at any time |
| Improving our website and service offerings | Legitimate interest in business improvement |
| Complying with legal obligations, regulatory requirements, and ARC reporting | Legal obligation |
| Fraud detection, prevention, and chargeback defense | Legitimate interest and legal obligation |
| Maintaining records of transactions as required by law or ARC | Legal obligation and legitimate interest |
3.1 Sensitive Personal Data
Certain categories of information — including health and dietary data, disability and mobility information, and information about minors — are treated as sensitive personal data. We collect and use such data only to the extent necessary to fulfill specific Supplier requirements for your booking (such as requesting wheelchair assistance or a dietary meal option) and do not use sensitive data for any marketing, profiling, or analytical purpose.
4. SHARING YOUR PERSONAL INFORMATION
Hydra Travels Inc. does not sell, rent, or trade your personal information to third parties for their own marketing purposes. We share your personal information only as described in this Section and only to the extent necessary for the specified purpose.
4.1 Travel Suppliers
To fulfill your travel booking, we must transmit your personal information — including identity, passport, and contact details — to the relevant Suppliers, which may include airlines, hotels, resorts, cruise lines, car rental companies, tour operators, transfer providers, and travel insurance companies. This sharing is a necessary condition of booking travel services. Each Supplier will handle your data pursuant to its own privacy policy, which we encourage you to review.
4.2 Global Distribution Systems (GDS)
Airline and accommodation searches and bookings are processed through GDS platforms (such as Amadeus, Sabre, or Travelport), which are third-party technology systems used to access airline inventory and complete ticket issuance. These platforms receive booking-related personal data as part of the transaction process. GDS providers operate under their own data handling agreements and are obligated to maintain appropriate data security standards.
4.3 Airlines Reporting Corporation (ARC)
As an ARC-accredited agency (No. 45572424), Hydra Travels Inc. participates in ARC's financial settlement system for airline ticket transactions. Transaction data, including booking reference information, is submitted to ARC as part of the standard settlement process. ARC is a third-party entity subject to its own privacy and data governance policies.
4.4 Payment Processors
Payment card transactions are processed through PCI-DSS compliant third-party payment processors. We do not store full payment card numbers on our systems following the completion of a transaction. Payment processors receive only the information necessary to authorize and complete your payment.
4.5 Travel Insurance Providers
If you elect to purchase travel insurance through the Agency, we will transmit your name, travel dates, destination, trip cost, and contact details to the selected insurance provider. Travel insurance is underwritten by independent insurance companies; their privacy policies govern the use of your data once transmitted.
4.6 Legal and Regulatory Disclosure
We may disclose personal information when required by law, regulation, or valid legal process, including: court orders, subpoenas, and legal proceedings; requests from law enforcement agencies with proper legal authority; and regulatory compliance requirements under applicable U.S. federal or state law. We will notify you of any such disclosure where legally permissible to do so
4.7 Business Transfers
In the event of a merger, acquisition, restructuring, or sale of all or part of the Agency's business, personal information held by the Agency may be transferred to the acquiring or successor entity. You will be notified of any such transfer and any material changes to privacy practices that may result.
5. DATA RETENTION
Hydra Travels Inc. retains personal information only for as long as is necessary to fulfill the purposes for which it was collected, comply with applicable legal obligations, resolve disputes, and enforce agreements. The following retention schedule provides general guidance:
| Data Category | Retention Period |
|---|---|
| Active booking records (itineraries, confirmations, correspondence) | Duration of travel + 7 years (legal and ARC compliance) |
| Airline ticket transaction records | 7 years from date of issuance (ARC and tax compliance) |
| Payment and invoicing records | 7 years from transaction date (federal tax law) |
| Client communication records (email, written correspondence) | 5 years from last client interaction |
| Passport and travel document data | Duration of booking + 3 years |
| Health and dietary special request data | Deleted within 30 days of return travel date unless longer retention is legally required |
| Website analytics and technical data (cookies) | Session data: deleted at session end; aggregate analytics: up to 2 years |
| Marketing preferences and consent records | Until consent is withdrawn + 3 years |
| Dispute and chargeback records | Duration of dispute + 5 years |
| Fraud prevention records | Up to 10 years where fraud has been confirmed or suspected |
Upon expiry of the applicable retention period, personal information is securely deleted or anonymized in a manner that makes it impossible to identify any individual. Anonymized or aggregated data (from which no individual can be identified) may be retained indefinitely for statistical or analytical purposes.
6. DATA SECURITY
Hydra Travels Inc. implements a layered, industry-standard information security program designed to protect personal information against unauthorized access, alteration, disclosure, or destruction. Our security measures include the following:
6.1 Technical Safeguards
- SSL/TLS encryption for all data transmitted between your browser and our Website.
- Encrypted storage of sensitive personal data (passport details, payment card tokens) within secured systems.
- PCI-DSS compliant payment processing — full card numbers are never stored by the Agency.
- Access controls limiting personal data access to authorized Agency personnel on a need-to-know basis.
- Multi-factor authentication (MFA) for Agency systems that contain personal data, in alignment with ARC cybersecurity requirements.
- Regular software updates and security patch management.
6.2 Organizational Safeguards
- Staff training on data privacy obligations and handling procedures.
- Confidentiality obligations for all personnel and contractors who handle personal data.
- Vendor due diligence to confirm that key Suppliers and technology partners maintain appropriate data security standards.
- Documented incident response procedures in the event of a data breach.
6.3 Limitations
No data transmission over the internet or electronic storage system is completely secure. While Hydra Travels Inc. takes the protection of your personal information seriously and employs the safeguards described above, we cannot guarantee absolute security. In the event of a data breach that materially affects your personal information, we will notify you as required by applicable law, including applicable state data breach notification statutes.
7. YOUR PRIVACY RIGHTS
Depending on your state of residence, you may have certain rights with respect to your personal information. Hydra Travels Inc. respects and honors these rights to the extent required by applicable law. The following table summarizes available rights:
| Right | Description | Applicable Under |
|---|---|---|
| Right of Access | Request a copy of the personal information we hold about you. | All U.S. residents; enhanced under CCPA (CA) |
| Right to Correction | Request correction of inaccurate or incomplete personal information. | All U.S. residents |
| Right to Deletion | Request deletion of your personal information, subject to legal retention requirements. | CCPA (CA), and similar state laws |
| Right to Opt Out of Sale | Opt out of the sale of personal information. Note: We do not sell personal data. | CCPA (CA) |
| Right to Non-Discrimination | Exercise any privacy right without being discriminated against in pricing or service level. | CCPA (CA) |
| Right to Data Portability | Request your personal data in a portable, machine-readable format. | CCPA (CA) and applicable state laws |
| Right to Limit Sensitive Data Use | Limit use of sensitive personal information to the purpose for which it was collected. | CCPA (CA) |
| Right to Opt Out of Marketing | Withdraw consent for marketing communications at any time without penalty. | All U.S. residents (CAN-SPAM Act) |
| Right to Lodge a Complaint | File a complaint with applicable state privacy regulators. | All U.S. residents |
7.1 California Residents — CCPA Rights
If you are a California resident, you have the following additional rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA):
- The right to know what personal information we collect, use, share, or sell.
- The right to delete personal information we have collected, subject to exceptions.
- The right to correct inaccurate personal information.
- The right to opt out of the sale or sharing of personal information (note: we do not sell personal data).
- The right to limit the use and disclosure of sensitive personal information.
- The right to non-discrimination for exercising your CCPA rights.
To exercise your California privacy rights, submit a verifiable consumer request to the Agency using the contact information in Section 14. We will respond within 45 days, with one 45-day extension where reasonably necessary.
7.2 Virginia, Colorado, Connecticut, and Other State Residents
Residents of states with enacted comprehensive privacy laws — including Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Texas (TDPSA), and other states with similar legislation — may have similar rights to access, correct, delete, and port their personal information, and to appeal denials of privacy rights requests. Contact us to exercise any applicable state privacy rights.
7.3 How to Exercise Your Rights
To submit a privacy rights request, contact the Agency in writing via the Website or by email (see Section 14). Please include: your full name, email address on file, a description of the right you wish to exercise, and sufficient information to allow us to verify your identity. We will not fulfill a privacy rights request unless we can reasonably verify the requestor's identity to protect against fraudulent requests.
8. COOKIES & TRACKING TECHNOLOGIES
The Hydra Travels Inc. website uses cookies and similar tracking technologies to enhance your browsing experience, analyze website performance, and support certain website functions. This section explains how we use these technologies and your choices regarding them.
8.1 What Are Cookies?
Cookies are small text files placed on your device by a website when you visit it. They allow the website to recognize your device on subsequent visits and can store information about your preferences or browsing behavior. Cookies do not give us access to your computer or any information other than the data you choose to share.
8.2 Types of Cookies We Use
| Cookie Type | Description & Purpose |
|---|---|
| Strictly Necessary Cookies | Essential for the website to function. These cookies enable basic functions such as page navigation, session management, and security. They cannot be disabled without impairing website functionality. |
| Performance & Analytics Cookies | Collect anonymous data about how visitors use the website (pages visited, time spent, error messages). Used to improve website performance. Typically provided by third-party analytics services. |
| Functional Cookies | Remember your preferences and settings (e.g., language, currency preferences) to provide a more personalized experience. Disabling may reduce website functionality. |
| Marketing & Targeting Cookies | Used to deliver relevant advertising and track marketing campaign performance. We use these cookies only with your explicit consent. You may opt out at any time. |
| Third-Party Cookies | Certain pages may embed content or tools from third parties (e.g., maps, social share buttons) that place their own cookies. We do not control third-party cookies. |
8.3 Managing Cookies
You can control cookies through your browser settings. Most browsers allow you to: view and delete existing cookies; block all or specific cookies; and receive a notification before a cookie is placed. Please note that blocking certain cookies may impair the functionality of our Website. To opt out of analytics tracking, many analytics providers offer browser-based opt-out mechanisms.
9. CHILDREN'S PRIVACY
Hydra Travels' Website and services are not directed to children under the age of thirteen (13), and we do not knowingly collect personal information from children under 13 without verified parental or guardian consent. In compliance with the Children's Online Privacy Protection Act (COPPA):
- We do not knowingly collect personal information directly from children under 13.
- Bookings for minors are made by and through the parent or legal guardian, who is responsible for providing all required information on the minor's behalf.
- If we become aware that we have inadvertently collected personal information from a child under 13, we will promptly delete such information from our records.
- Parents or guardians who believe we have collected personal information from a minor under 13 should contact us immediately using the information in Section 14.
10. MARKETING COMMUNICATIONS
10.1 Opt-In Marketing
Hydra Travels Inc. may send you newsletters, promotional offers, travel inspiration content, and service announcements by email or other channels. We will only send marketing communications if you have provided your prior express consent (opt-in). Marketing consent is typically requested at the time you submit an inquiry or create a client profile.
10.2 Opting Out
You may withdraw your consent to receive marketing communications at any time, at no cost, by: (a) clicking the "Unsubscribe" link in any marketing email; (b) contacting the Agency directly with a written opt-out request; or (c) adjusting your communication preferences on the Website. Withdrawal of marketing consent does not affect the Agency's ability to send you service-related communications necessary to fulfill an active booking (e.g., booking confirmations, itinerary updates, or pre-departure reminders).
10.3 CAN-SPAM Compliance
All marketing email communications from Hydra Travels Inc. comply with the requirements of the CAN-SPAM Act of 2003, including: accurate sender identification; a clear and honest subject line; inclusion of our physical mailing address; and a functioning unsubscribe mechanism. Every commercial email includes a clear opt-out mechanism and we honor opt-out requests within ten (10) business days.
11. INTERNATIONAL DATA TRANSFERS
In the course of processing travel bookings — particularly international travel — personal information collected by Hydra Travels Inc. may be transferred to and processed by Suppliers, GDS systems, and technology partners located outside the United States. These transfers are necessary to fulfill your booking and are made in the following circumstances:
- Transmission of passenger name record (PNR) data to international airlines and hotel groups for international bookings.
- Processing of bookings through GDS systems with data centers located in multiple countries.
- Communication with international tour operators, ground handlers, and hospitality providers.
While the United States does not currently have a comprehensive federal data privacy law equivalent to the European Union's GDPR, Hydra Travels Inc. applies reasonable data protection standards to all transfers. When transmitting data to international Suppliers, we rely on the necessity of such transfer to perform the contract for travel services requested by you. We encourage you to review the privacy policies of international Suppliers involved in your itinerary.
12. THIRD-PARTY WEBSITES & LINKS
The Hydra Travels Inc. website may contain hyperlinks to third-party websites, including but not limited to: airline booking portals, hotel websites, government immigration and visa portals, travel insurance provider websites, and destination tourism boards. These links are provided for your convenience and informational purposes only.
Hydra Travels Inc. does not control the content, privacy practices, or data handling of any third-party website. This Privacy Policy applies exclusively to www.hydratravels.us and the Agency's own data processing activities. We strongly recommend that you review the privacy policy of any third-party website you visit. The Agency bears no responsibility for the privacy practices or content of linked third-party sites.
13. CHANGES TO THIS PRIVACY POLICY
Hydra Travels Inc. reserves the right to update, modify, or revise this Privacy Policy at any time to reflect changes in: our data practices; applicable laws and regulations; Supplier relationships; or Website functionality. When we make material changes to this Policy, we will:
- Update the "Effective Date" and "Version" at the top of this document.
- Post the revised Policy to www.hydratravels.us with a clear notice of the change.
- Where feasible and required by law, notify affected clients directly by email.
Your continued use of the Website or Agency services following the posting of a revised Privacy Policy constitutes your acceptance of the updated terms. If you do not agree to the revised Policy, you should discontinue use of the Website and services and contact the Agency to discuss any active bookings.
We recommend reviewing this Privacy Policy periodically. A record of prior versions is available upon request from the Agency.
14. CONTACT US — PRIVACY INQUIRIES
For all privacy-related inquiries, requests to exercise your data rights, concerns about this Policy, or to report a potential privacy issue, please contact Hydra Travels Inc. using the following information:
| Contact Method | Details |
| Website | www.hydratravels.us |
| ARC Accreditation No. | 45572424 |
| For | Privacy rights requests, data access/deletion, opt-out of marketing, cookie complaints, data breach reports |
| Response Time | Standard inquiries: within 2 business days. Formal privacy rights requests: within 45 days as required by law. |
| Identity Verification | We may require verification of your identity before processing data subject requests to protect against fraudulent claims. |
15. STATE-SPECIFIC PRIVACY DISCLOSURES
In addition to the rights described in Section 7, the following state-specific disclosures apply where mandated:
15.1 California
Under the California Consumer Privacy Act (as amended by the CPRA), California residents have the right to know about the categories of personal information we collect and our purposes for collecting it. We do not sell personal information as defined under California law. The categories of personal information we collect are listed in Section 2. For a full list of your California rights, see Section 7.1.
15.2 Nevada
Nevada Revised Statutes Chapter 603A requires covered businesses to provide consumers a right to opt out of the sale of covered information. Hydra Travels Inc. does not sell personal information as defined under Nevada law. Nevada residents may submit opt-out requests to the Agency, which will be honored even though no sale is occurring.
15.3 Texas
Texas residents have rights under the Texas Data Privacy and Security Act (TDPSA), including rights to access, correct, delete, and port their personal data, and to opt out of targeted advertising. Hydra Travels Inc. does not engage in targeted advertising based on sensitive personal data.
15.4 Virginia, Colorado, and Connecticut
Residents of Virginia (VCDPA), Colorado (CPA), and Connecticut (CTDPA) have rights to access, correct, delete, obtain a copy, and opt out of the processing of personal data for targeted advertising or the sale of personal data. Contact us to exercise any of these rights. We will not discriminate against you for exercising your privacy rights.
15.5 Sellers of Travel — State Disclosure
Hydra Travels Inc. complies with Seller of Travel registration and disclosure requirements where applicable in states including California, Florida, Hawaii, and Washington. Registration as a Seller of Travel does not constitute state endorsement or approval of the Agency's services.
16. GLOSSARY OF KEY PRIVACY TERMS
| Term | Definition |
|---|---|
| Personal Information | Any information that identifies, relates to, describes, or could reasonably be linked to a particular individual. |
| Sensitive Personal Information | Special categories of data including health information, financial data, passport/ID details, and information about minors. |
| Data Controller | The entity that determines the purposes and means of processing personal information — in this context, Hydra Travels. |
| Data Processor | An entity that processes personal data on behalf of the Data Controller — e.g., payment processors, GDS systems. |
| Cookies | Small files stored on a user's device that allow websites to recognize the device on future visits. |
| GDS (Global Distribution System) | Technology platforms (e.g., Amadeus, Sabre, Travelport) used by travel agencies to search and book airline, hotel, and other travel inventory. |
| ARC | Airlines Reporting Corporation — the body that accredits U.S. travel agencies and manages financial settlement for airline ticket transactions. |
| CCPA | California Consumer Privacy Act — California's primary consumer privacy law, as amended by CPRA. |
| CAN-SPAM | Controlling the Assault of Non-Solicited Pornography And Marketing Act — U.S. federal law governing commercial email. |
| PCI-DSS | Payment Card Industry Data Security Standard — security standards for organizations handling credit card data. |
| PNR | Passenger Name Record — a record in a GDS that contains booking information for a passenger. |