WNTTWhy Not Travel Trips WhatsApp Ricardo
Legal

Privacy Policy

Last updated: 12 May 2026 · Version 1.0
In short. We collect what we need to plan trips with you, never sell your data, store it only as long as we have to, and you can ask us to delete it at any time. This page explains it in detail.

1. Who we are

Why Not Travel Trips ("WNTT", "we", "us") is operated by Ricardo Maciel, based in the United Kingdom, with operations in Portugal, Brazil and Egypt. We run small-group paramotor expeditions.

For the purposes of the UK General Data Protection Regulation (UK GDPR), the EU GDPR and Brazil's Lei Geral de Proteção de Dados (LGPD), Ricardo Maciel is the data controller for personal data processed through this website and our booking activities.

Contact for privacy matters: hello@wntraveltrips.com

2. What personal data we collect

2.1 Information you give us directly

  • Contact / enquiry forms: your name, email address, phone (WhatsApp) number, the trip you are interested in, and any message you send.
  • Booking and trip portal: full legal name, passport / identity document details (only where required by airlines or destination authorities), emergency contact, dietary or medical information you choose to share, flying licence and experience details (for pilot travellers).
  • Payments: payments are processed by Stripe. WNTT does not store full card numbers. We retain transaction references, amounts, and the last four digits of the card.
  • Communications: emails, WhatsApp messages, and notes from calls when relevant to your trip.

2.2 Information collected automatically

  • Analytics: via Google Analytics 4 (GA4) — anonymised page views, country, device, referral, time on page. Only after you grant analytics consent.
  • Marketing pixels: via the Meta Pixel — page views, clicks, and conversion events. Only after you grant marketing consent.
  • Server logs: IP address, browser type, requested URL, response status, timestamp. Held for up to 30 days for security and debugging.
  • Cookies: see our Cookie Policy for the full list.

3. Why we use your data and the legal basis

PurposeData usedLegal basis (GDPR Art. 6)
Reply to your enquiry and plan a trip with youContact form fields, communicationsPre-contractual measures (Art. 6(1)(b)) / legitimate interest
Manage your booking, accept payments, deliver the tripBooking and identity data, payment referencesPerformance of contract (Art. 6(1)(b))
Keep financial and tax recordsInvoices, payment references, identityLegal obligation (Art. 6(1)(c)) — Portuguese tax law
Site analytics and product improvementGA4 analytics dataConsent (Art. 6(1)(a)) — granted via cookie banner
Personalised advertising and remarketingMeta Pixel dataConsent (Art. 6(1)(a)) — granted via cookie banner
Site security and fraud preventionServer logs, IP addressesLegitimate interest (Art. 6(1)(f))
Reach out about future trips or offers (only if you opt in)Email address, trip interestConsent (Art. 6(1)(a))

Under LGPD, the equivalent legal bases apply (Art. 7).

4. Who we share your data with

We do not sell your data. We share data only with the processors and partners who help us run WNTT:

  • Google LLC — Google Analytics 4 and related services (when consent given).
  • Meta Platforms Ireland Ltd. / Meta Platforms Inc. — Meta Pixel and Facebook / Instagram advertising (when consent given).
  • Stripe Payments Europe Ltd. — payment processing.
  • Hostinger International Ltd. — server hosting (server based in Germany (EU)).
  • Telegram Messenger LLP — operational notifications to Ricardo.
  • Google LLC (Gmail / Workspace) — outbound transactional emails.
  • Trip-specific partners — hotels, airlines, local guides, flight authorities at destination, only the data they need (typically full name and identity numbers).
  • Insurers, lawyers, accountants — strictly when needed.
  • Authorities — when required by law, court order or to protect rights and safety.

5. International transfers

Some of our processors (Google, Meta, Stripe) operate in the United States. Where data leaves the European Economic Area or Brazil, we rely on the European Commission's Standard Contractual Clauses and the EU-US Data Privacy Framework as transfer mechanisms.

For Egypt and Brazil expeditions, your name and travel document data may be shared with local authorities and trip operators in those countries to obtain permits and accommodation.

6. How long we keep your data

Type of dataRetention period
Contact form enquiries that don't lead to a booking3 years from last contact
Bookings, invoices, payment records7 years (UK tax law — HMRC retention requirement)
Identity documents (passport copies, etc.)Deleted within 90 days after the trip ends, unless legal retention applies
Marketing list (newsletter, future trips)Until you withdraw consent
Google Analytics events14 months (GA4 default)
Meta Pixel events180 days (Meta default)
Server logs30 days
BackupsUp to 90 days

7. Your rights

Under GDPR (EU/UK) and LGPD (Brazil) you have the following rights regarding your personal data:

  • Access — get a copy of the data we hold about you.
  • Rectification — correct anything that is wrong or incomplete.
  • Erasure — ask us to delete your data ("right to be forgotten"). Some data we may have to keep for legal reasons.
  • Restriction — limit how we use your data while we sort something out.
  • Portability — receive your data in a portable format, or have it sent to another provider.
  • Object — object to processing based on legitimate interest, or to marketing.
  • Withdraw consent — at any time, for anything that relies on your consent (analytics, marketing, newsletter). You can update cookie consent by clearing the wntt_consent_v1 entry in your browser storage and reloading the site.
  • Not be subject to automated decision-making — we don't do this; all booking decisions are made by Ricardo personally.

To exercise any of these rights, email hello@wntraveltrips.com. We respond within 30 days (GDPR) / 15 days (LGPD).

8. Cookies and tracking

We use cookies and similar technologies for essential site function, analytics and marketing. Analytics and marketing cookies only fire after you give consent via the banner. See the full breakdown in our Cookie Policy.

9. How we protect your data

  • All traffic to wntraveltrips.com is encrypted with TLS 1.3 (HTTPS).
  • Passwords for the booking portal are hashed with bcrypt (never stored in plain text).
  • Database access is restricted to authenticated administrators on a private server.
  • Payments are tokenised — we never see or store full card numbers.
  • Identity documents are stored only as long as needed for trip logistics, then deleted.
  • Access to systems is protected by SSH keys and two-factor authentication.

No system is 100% secure. If we ever experience a breach that affects your personal data, we will notify you and the relevant supervisory authority within 72 hours of becoming aware, as required by GDPR Art. 33–34.

10. Children

WNTT services are not directed at children under 16. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us with personal data, please contact us and we will delete it.

11. Changes to this policy

We may update this policy from time to time. The "Last updated" date at the top of the page reflects the current version. Material changes will be notified by email to active customers and via a notice on this page.

12. Contact and complaints

If you have any questions, requests or concerns about how we handle your data:

If you are not satisfied with our response you have the right to lodge a complaint with the data protection authority in your country, including:

  • United Kingdom: ICO — Information Commissioner's Office (ico.org.uk) — primary authority for WNTT.
  • Portugal: CNPD — Comissão Nacional de Proteção de Dados (cnpd.pt)
  • Brazil: ANPD — Autoridade Nacional de Proteção de Dados (gov.br/anpd)
  • Other EU countries: your national data protection authority.