Article 1 — Identity of the Data Controller

The data controller for personal data collected through the TripnBusiness platform is:

• TripnBusiness
• General email: privacy@tripnbusiness.com
• Data Protection Officer (DPO): dpo@tripnbusiness.com

Article 2 — Personal Data Collected

2.1 Identification and Contact Data

• Last name, first name, email address, phone number
• Professional title, role, industry, company name
• Country and city of residence or business activity
• Profile photo (optional)

2.2 Account and Authentication Data

• Login credentials (email, encrypted password)
• OTP (One-Time Password) codes used for verification and password reset
• Login history, session timestamps
• Language preferences (FR/EN)

2.3 Event and Registration Data

• Events browsed, registered for, or saved as favourites
• Participation type (attendee, exhibitor, VIP, VVIP)
• Registration status and history
• Programme sessions added to the personal agenda
• Personal notes on appointments and activities

2.4 Financial and Payment Data

• Electronic wallet balance and transaction history (EUR and XOF)
• Transaction references (top-ups, payments, transfers, refunds)
• Partial card details (last 4 digits, expiry date, card type) — full card data is processed by our secure payment providers
• PayPal transaction identifiers

2.5 Networking and B2B Meeting Data

• List of contacts and participants met at events
• Scheduled B2B meetings, details and history
• Documents shared during meetings
• Exported contacts or scanned badges

2.6 Location and Browsing Data

• IP address and device information (browser, operating system, app version)
• Browsing data on the website and mobile application
• Approximate location data (city, country), with your consent for mapping features (City Guide, navigation)

2.7 E-SIM Data

• Information required to activate the E-SIM (network identifier, data consumption)
• This data is processed under joint responsibility with the partner E-SIM operator

2.8 Notification Data

• Push notification token associated with the mobile device
• History of notifications sent and read status
• Notification preferences selected by the User

Article 3 — Processing Purposes and Legal Bases

In accordance with the GDPR, each processing activity relies on a legal basis.

Article 4 — Data Sharing and Recipients

4.1 General Principle

TripnBusiness never sells, rents or transfers your personal data to third parties for commercial purposes. Data sharing is limited to situations strictly necessary for the provision of the service.

4.2 Technical Sub-processors

We engage technical service providers who process data on our behalf, strictly under our instructions and bound by confidentiality agreements. These include:

• Cloud infrastructure and database hosting provider
• Secure payment processors (card payments)
• PayPal for PayPal payment processing
• Partner E-SIM operators for electronic SIM card provisioning
• Transactional email service (notifications, OTP, confirmations)
• Mobile push notification service

4.3 Visibility Between Participants

Within networking features, certain profile information (name, professional title, company, photo) may be visible to other attendees registered for the same event. You can manage your profile visibility in the application settings. Scanning a badge via QR Code implies sharing your contact information with the participant who scans it.

4.4 Legal Obligations

TripnBusiness may be required to disclose personal data to competent authorities upon judicial request or legal obligation, strictly limited to what is required by law.

4.5 Transfers Outside the European Union

Where data is transferred to countries outside the European Economic Area (EEA), TripnBusiness ensures such transfers are governed by appropriate safeguards under the GDPR, including: European Commission adequacy decisions, Standard Contractual Clauses (SCCs), or Binding Corporate Rules (BCRs).

Article 5 — Cookies and Tracking Technologies

5.1 Strictly Necessary Cookies

These cookies are essential to the operation of the platform and cannot be disabled. They include session, authentication and security cookies (CSRF token). Legal basis: legitimate interest.

5.2 Functional Cookies

These cookies remember your preferences (language, display settings) and improve your experience but are not essential. Legal basis: consent.

5.3 Analytical Cookies

These cookies collect anonymised information about platform usage (pages visited, session duration) to help us improve our services. Legal basis: consent or legitimate interest depending on the nature of the data.

5.4 Cookie Management

On your first visit to the website, a consent banner allows you to configure your preferences. You may update these at any time via your browser settings or through the platform’s cookie management centre. On the mobile app, analytical data is collected only with your consent at installation or via app settings.

Article 6 — Your Data Protection Rights

In accordance with the GDPR (Articles 15 to 22), you have the following rights regarding your personal data:

To exercise any of these rights, contact our DPO at dpo@tripnbusiness.com, enclosing a copy of a valid identity document. We will respond within 1 month of receiving your request (extendable by 2 months for complex requests).

If you believe your rights are not being respected, you may lodge a complaint with the competent supervisory authority: in France, the CNIL (www.cnil.fr), or the data protection authority in your country of residence.

Article 7 — Data Security

7.1 Technical Measures

• Encryption of data in transit (HTTPS/TLS) and at rest
• Secure password hashing (with salt)
• OTP authentication for sensitive operations
• Automatic expiry of inactive sessions
• Strict access control with role management (administrator, super_admin, user)
• Logging of access and administrative actions
• Infrastructure hosted with certified providers (ISO 27001 or equivalent)
• Regular encrypted database backups

7.2 Organisational Measures

• Data access limited to authorised personnel on a least-privilege basis
• Regular staff training and awareness on data protection
• Documented security incident management procedure
• Regular security audits

7.3 Data Breach Notification

In the event of a personal data breach likely to result in a risk to your rights and freedoms, TripnBusiness will notify the competent supervisory authority within 72 hours of becoming aware of the incident (Art. 33 GDPR). Where the breach is likely to result in a high risk, you will be informed without undue delay (Art. 34 GDPR).

Article 8 — Data Retention Periods

• Active account data: for the duration of account activity, then 3 years after the last login or account closure
• Event registration and attendance data: 5 years from the event date
• Financial data and transactions: 10 years (accounting and tax obligations)
• Electronic wallet data: 10 years from the last transaction
• Browsing data and connection logs: rolling 12 months
• OTP codes: deleted immediately after use or expiry
• E-SIM data: E-SIM contract duration + 1 year
• Fraud prevention data: 5 years after detection of the incident
• Archived data for legal obligations: duration imposed by applicable regulations

Article 9 — Protection of Minors’ Data

The TripnBusiness platform is exclusively intended for professionals and adults aged 18 or over. TripnBusiness does not knowingly collect personal data from minors. If you become aware that a minor has provided us with personal data without the consent of their legal guardian, please contact us so that we may delete it.

Article 10 — Third-Party Integrations and Services

The TripnBusiness platform integrates or provides access to third-party services whose data processing is governed by their own privacy policies, independent of this policy:

• LinkedIn: the LinkedIn profile link is provided by the participant themselves. TripnBusiness does not collect or process LinkedIn data beyond the profile URL entered.
• PayPal: payments via PayPal are processed directly by PayPal Inc., in accordance with PayPal’s privacy policy.
• Google Maps / Waze / Yango: opening a location in these navigation apps is subject to their respective publishers’ privacy policies.
• E-SIM operators: purchasing and managing an E-SIM involves sharing data with the partner operator, subject to their own terms.
• WordPress / Laravel API: the technical integration between the website and the backend is strictly internal to TripnBusiness infrastructure.

We encourage you to review the privacy policies of these third-party services before using them.

Article 11 — Statistics and Service Improvement

TripnBusiness collects and analyses aggregated, anonymised usage data (event registrations, feature usage rates, website and app traffic, system performance) to continuously improve its services. These analyses do not allow individual Users to be identified and are never shared with third parties for commercial purposes.

Article 12 — Changes to This Privacy Policy

TripnBusiness reserves the right to update this privacy policy to reflect legal, regulatory or technical developments. In the event of a material change, you will be notified by email and/or in-app notification at least 30 days before the changes take effect.

Last updated: April 15, 2026  |  TripnBusiness  |  privacy@tripnbusiness.com