Effective date: July 22, 2025
Click here for information regarding California's CCPA privacy regulation.
Access VG LLC ("us", "we", or "our") operates discount travel e-commerce platforms embedded via iframes in client websites (the "Service"). We act primarily as a data processor under GDPR/UK GDPR, handling personal data on behalf of EU/UK-based controllers (our clients). In certain cases, such as coordinating with third-party suppliers for fulfillment, we may act as a data controller.
This page informs you of our policies regarding the collection, use, and disclosure of personal data when you use our Service and the choices you have associated with that data.
We use your data to provide and improve the Service. By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our Services. Unless otherwise defined in this Privacy Policy, terms used in this Privacy Policy have the same meanings as in our Terms and Conditions.
Service is the discount travel platforms operated by Access VG LLC.
Personal Data means data about a living individual who can be identified from those data (or from those and other information either in our possession or likely to come into our possession).
Usage Data is data collected automatically either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
Cookies are small pieces of data stored on your device (computer or mobile device). Cookies are widely used by website owners in order to make their websites work, or to work more efficiently, as well as to provide reporting information.
Data Controller means the natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal information are, or are to be, processed. In certain circumstances, such as supplier fulfillment, we may act as a Data Controller of your Personal Data.
Data Processor (or Service Provider) means any natural or legal person who processes the data on behalf of the Data Controller. We primarily act as a Data Processor for our clients (Controllers). We may use the services of various Service Providers in order to process your data more effectively.
Data Subject is any living individual who is using our Service and is the subject of Personal Data.
We collect several different types of information for various purposes to provide and improve our Service to you.
While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you ("Personal Data"). Personally identifiable information may include, but is not limited to:
We may use your Personal Data to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe link or instructions provided in any email or SMS Message we send or by contacting us.
We do not process sensitive information.
We may also collect information how the Service is accessed and used ("Usage Data"). This Usage Data may include information such as your computer's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
We may use and store information about your location if you give us permission to do so ("Location Data"). We use this data to provide features of our Service, to improve and customize our Service. For example, we use geolocation data to center your position on a map or notify you if your device is close to a participating merchant.
You can enable or disable location services when you use our Service at any time, through your device settings.
We use cookies and similar tracking technologies to track the activity on our Service and hold certain information.
Cookies are files with small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Tracking technologies also used are beacons, tags, and scripts to collect and track information and to improve and analyze our Service.
You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.
Examples of Cookies we use:
Access VG LLC uses the collected data for various purposes:
By providing your mobile number and opting into our Short Message Service (SMS) program, you consent to the collection, use, and processing of your personal information as described in this Privacy Policy. Before receiving SMS messages, you will be asked to provide explicit consent. We do not share information collected such as your mobile number with any other companies for marketing or promotional purposes, but we may use third-party service providers to facilitate the delivery of SMS messages. These providers are contractually obligated to comply with applicable data protection laws and regulations. If you agree to receive text messages, message and data rates will apply. Message frequency may vary, and carriers are not liable for delayed or undelivered messages. You can opt-out of our SMS program at any time by replying with the keyword "STOP" or contacting our customer support. Once you opt-out, you will no longer receive SMS messages from us.
If you are from the European Economic Area (EEA) or the United Kingdom (UK), Access VG LLC's legal basis for collecting and using the personal information described in this Privacy Policy depends on the Personal Data we collect and the specific context in which we collect it.
Access VG LLC may process your Personal Data because:
Access VG LLC will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.
Access VG LLC will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this data for longer time periods. Specific retention periods include: 365 days for inactive members/accounts, then archived for 2 years with PII purged; 180 days for inactive programs; shorter for logs (e.g., days for web events).
Your information, including Personal Data, may be transferred to - and maintained on - computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.
If you are located outside the United States and choose to provide information to us, please note that we transfer the data, including Personal Data, to the United States and process it there.
Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.
Access VG LLC will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information. All data is hosted on AWS in Oregon (US), with transfers from EU/UK safeguarded by EU-U.S. Data Privacy Framework (DPF) certification and UK Extension. Onward transfers to sub-processors (e.g., US-based suppliers, hotels in various countries) use Standard Contractual Clauses (SCCs), Binding Corporate Rules (BCRs) where applicable, or Article 49(1)(b) derogations for contract performance.
Access VG LLC complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF as set forth by the U.S. Department of Commerce. Access VG LLC has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
As a data processor, we process personal data on behalf of our clients (data controllers) to provide discount travel services, such as hotel bookings, car rentals, and theme park tickets. We do not collect or use data for our own purposes beyond what's necessary to fulfill contracts.
For DSARs (e.g., access/erasure): Submit to [DSAR Placeholder]; we'll respond within 1 month (assist controllers). Complaints to supervisory authorities: UK's ICO (ico.org.uk), Spain's AEPD (aepd.es), Italy's Garante (gpdp.it).
Retention: Per policy (e.g., 365 days inactive, then purged). Security: Encryption, access controls, cleanups.
This supplements client (controller) policies.
Version: 1.0, Effective: July 22, 2025.
Under certain circumstances, Access VG LLC may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).
Access VG LLC may disclose your Personal Data in the good faith belief that such action is necessary to:
The security of your data is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security. Measures include encryption (AWS standards), token-based authentication, access controls, pseudonymization for analytics, and planned cleanups for databases like Reservation-db and Heap (no PII sent pending fixes).
We do not support Do Not Track ("DNT"). Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked.
If you are a resident of the European Economic Area (EEA) or the United Kingdom (UK), you have certain data protection rights. Access VG LLC aims to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Data.
If you wish to be informed what Personal Data we hold about you and if you want it to be removed from our systems, please contact us.
In certain circumstances, you have the following data protection rights:
Please note that we may ask you to verify your identity before responding to such requests.
You have the right to complain to a Data Protection Authority about our collection and use of your Personal Data. For more information, please contact your local data protection authority in the European Economic Area (EEA) or the UK Information Commissioner's Office (ICO).
We may employ third party companies and individuals to facilitate our Service ("Service Providers"), to provide the Service on our behalf, to perform Service-related services or to assist us in analyzing how our Service is used.
These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
We may use third-party Service Providers to monitor and analyze the use of our Service.
Heap Analytics is an analytics service offered by Heap that tracks and reports website traffic. Heap uses the data collected to track and monitor the use of our Service. For more information on the privacy practices of Heap, please visit the Heap Privacy web page:
We may provide paid products and/or services within the Service. In that case, we use third-party services for payment processing (e.g. payment processors).
We will not store or collect your payment card details. That information is provided directly to our third-party payment processors whose use of your personal information is governed by their Privacy Policy. These payment processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of payment information.
The payment processors we work with are:
Their Privacy Policy can be viewed at https://stripe.com/us/privacy
Their Privacy Policy can be viewed at
Their Privacy Policy can be viewed at https://www.checkout.com/legal/privacy-policy
When you use our Service to purchase tickets, reserve hotel rooms, book rental cars, or similar travel and event services, we work with third-party providers to fulfill these reservations. In order to process and secure your reservations, it is necessary to share relevant reservation and passenger (PAX) data with these third parties. This information may include your name, contact details, and other reservation-specific data required by the provider.
These third parties require this information to confirm, manage, and deliver the reservation or service to you or your designated parties. We only share the minimum necessary information to facilitate your reservation, and these providers are contractually obligated to use your data solely for the purpose of fulfilling your reservation and in accordance with applicable data protection laws.
Our Service may contain links to other sites that are not operated by us. If you click on a third party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit.
We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.
FTC Disclaimer: This site contains links to affiliate partners. These partners may pay us commissions based on sales/actions that users take after clicking these links.
Our Service does not address anyone under the age of 18 ("Children").
We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that Children have provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from Children without verification of parental consent, we take steps to remove that information from our servers.
We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and update the "effective date" at the top of this Privacy Policy.
You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.
If you have any questions about this Privacy Policy or elect to request to have your data removed, please contact us
We value your privacy and your rights as a data subject and have therefore appointed Prighter Group with its local partners as our privacy representative and your point of contact for the following regions:
Prighter gives you an easy way to exercise your privacy-related rights (e.g. requests to access or erase personal data). If you want to contact us via our representative, Prighter or make use of your data subject rights, please visit the following website: https://app.prighter.com/portal/18076404898