Last updated: March 2026
destinationlab (operated by destinationlab GmbH) is the data controller for personal data processed through the platform. We determine the purposes and means of processing your data in accordance with the EU General Data Protection Regulation (GDPR) and applicable national data protection laws. As a data controller, we are responsible for ensuring that your personal data is processed lawfully, fairly, and transparently.
We collect and process the following categories of personal data: β’ Account Information: Name, email, company name β’ Usage Data: Feature usage, login activity β’ Billing Data: Payment method, invoicing details β’ Traveler Data: Processed on behalf of our customers as a data processor β’ Technical Data: IP address, browser type, device information
We process personal data based on: β’ Contractual Necessity (Art. 6(1)(b) GDPR): To provide our SaaS services β’ Legitimate Interests (Art. 6(1)(f) GDPR): To improve our platform, prevent fraud, and ensure security β’ Legal Obligations (Art. 6(1)(c) GDPR): Tax, accounting, and regulatory requirements β’ Consent (Art. 6(1)(a) GDPR): For marketing communications and optional analytics β you can withdraw consent at any time
As a data subject, you have the right to: β’ Access your personal data (Art. 15) β’ Rectify inaccurate data (Art. 16) β’ Erase your data β right to be forgotten (Art. 17) β’ Restrict processing (Art. 18) β’ Data portability (Art. 20) β’ Object to processing (Art. 21) β’ Withdraw consent at any time (Art. 7) To exercise these rights, contact our Data Protection Officer at privacy@destinationlab.io.
All data is stored in EU-based data centers (Frankfurt, Germany) operated by our infrastructure provider. We implement industry-standard security measures: β’ Encryption at rest (AES-256) and in transit (TLS 1.3) β’ Role-based access controls β’ Regular security audits β’ Automated backup and disaster recovery β’ SOC 2 Type II compliance
When data is transferred outside the European Economic Area, we ensure appropriate safeguards are in place: β’ Standard Contractual Clauses (SCCs) approved by the European Commission β’ Adequacy decisions where applicable β’ Supplementary security measures as needed
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected: β’ Account data: Duration of the customer relationship plus 30 days β’ Billing records: 10 years (as required by law) β’ Usage logs: Anonymized after 90 days β’ Support correspondence: 2 years after resolution After the retention period, data is securely deleted or anonymized.
We use strictly necessary cookies for platform functionality and optional analytics cookies (only with your consent). You can manage cookie preferences at any time through the cookie banner or your account settings. We do not sell personal data to third parties or use your data for automated decision-making or profiling.
For data protection inquiries or to exercise your rights, contact our DPO: Email: privacy@destinationlab.io Address: destinationlab GmbH, Attn: Data Protection Officer, Berlin, Germany You also have the right to lodge a complaint with your local data protection supervisory authority.
Start your 14-day free trial today. No credit card required. Full access to all features.