Privacy Policy

Culture Discovery Vacations LLC (“CDV”, “we”, “us”, or “our”) is a boutique corporate travel operator. Our principal office is located in Tampa, Florida, USA, with operational offices in Italy and Portugal.

We operate the website at mice.culturediscovery.com(the “Site”) to promote and facilitate corporate meetings, incentive travel, conferences, and events.

For the purposes of the General Data Protection Regulation (GDPR) and applicable EU data protection law, CDV acts as the data controller for personal data collected through this Site.

We collect the following categories of personal data:

We do not collect sensitive categories of data (health, financial, or biometric data) through this Site.

We use your personal data for the following purposes:

• Responding to enquiries — to review and reply to contact form submissions, including requests for programme proposals.
• Service delivery — to plan, quote, and deliver corporate travel experiences you have requested.
• Marketing communications — where you have opted in, to send updates about CDV corporate travel programmes (you may opt out at any time).
• Website improvement — to understand how visitors use the Site so we can improve content and navigation (analytics cookies only with your consent).
• Security and legal compliance — to maintain the security of the Site and comply with applicable law.

We rely on the following legal bases under GDPR Article 6:

• Consent (Art. 6(1)(a)) — for analytics and marketing cookies (granted via our cookie banner), and for marketing email opt-in (granted via the contact form checkbox). You may withdraw consent at any time.
• Legitimate interests (Art. 6(1)(f)) — for processing enquiry data to respond to your request, and for essential website security. We have conducted a Legitimate Interests Assessment and determined that our interests are not overridden by your rights and freedoms.
• Legal obligation (Art. 6(1)(c)) — where we are required by law to retain or disclose certain records.

• Contact form submissions — retained for up to 2 years from the date of submission, unless the enquiry leads to an active client relationship (in which case normal client record retention applies).
• Marketing opt-in records — retained until you withdraw consent or we cease the relevant communications programme.
• Analytics data— subject to Google Analytics' data retention settings (default 14 months). We do not export or retain copies beyond the Analytics platform.
• Essential cookie data — session cookies are deleted when you close your browser. Preference cookies (your consent choice) are retained for 12 months.

We do not sell your personal data to any third party, ever.

We may share your data only with:

• Form processing services — your form submissions may be processed by a third-party form handler (such as Formspree or Netlify Forms) acting as a data processor under a data processing agreement with CDV.
• Google Analytics — if you consent to analytics cookies, anonymised usage data is shared with Google LLC under our Analytics account.
• CDV operational staff — your enquiry data is shared with CDV team members in our US, Italian, and Portuguese offices who are responsible for responding to your request.
• Professional advisors — our lawyers, accountants, or auditors, where required and under appropriate confidentiality obligations.
• Legal authorities — where required by law, court order, or to protect the rights and safety of CDV or others.

If you are located in the European Economic Area (EEA) or United Kingdom, you have the following rights regarding your personal data:

• Right of access (Art. 15) — request a copy of the personal data we hold about you.
• Right to rectification (Art. 16) — ask us to correct inaccurate or incomplete data.
• Right to erasure (Art. 17)— ask us to delete your data where there is no lawful basis for continued processing (“right to be forgotten”).
• Right to restriction (Art. 18) — ask us to restrict processing of your data in certain circumstances (e.g. while you contest accuracy).
• Right to data portability (Art. 20) — receive a structured, machine-readable copy of data you provided to us under consent or contract.
• Right to object (Art. 21) — object to processing based on legitimate interests, including direct marketing.
• Rights related to automated decision-making (Art. 22) — we do not use automated decision-making or profiling that produces legal or similarly significant effects.

You also have the right to lodge a complaint with your local data protection authority. In the EU, a list of authorities is available at edpb.europa.eu. In the UK, the relevant authority is the ICO.

To exercise any of the rights above, please contact us at:

We will respond to all legitimate requests within 30 days. Where a request is complex or numerous, we may extend this by a further two months and will notify you. We will not charge a fee unless a request is manifestly unfounded or excessive.

We may need to verify your identity before acting on a request. We will ask for sufficient information to confirm who you are.

Cookies are small text files stored on your device when you visit our Site. We use the following categories of cookies:

Managing cookies:You can change your cookie preferences at any time using the “Cookie Settings” link in the footer. You can also control cookies through your browser settings. Note that disabling certain cookies may affect the functionality of the Site.

For more information about Google Analytics cookies, see Google's Privacy Policy and the Google Analytics Opt-out Browser Add-on.

CDV is headquartered in the United States, which is outside the European Economic Area (EEA). When we transfer personal data from the EEA or UK to the USA, we rely on the following safeguards:

• Standard Contractual Clauses (SCCs)— we use the EU Commission's approved SCCs (2021 version) with our US-based processors and sub-processors, ensuring an equivalent level of protection.
• Adequacy decisions — where available for the relevant country or sector.

Our operational offices in Italy and Portugal are located within the EEA and are subject to full GDPR obligations.

To obtain a copy of the relevant safeguards, contact us at privacy@culturediscovery.com.

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. These include encrypted transmission (HTTPS/TLS), access controls, and regular review of our data handling practices.

Despite our measures, no internet transmission is completely secure. If you believe your data has been compromised, please contact us immediately at privacy@culturediscovery.com.

We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date at the top of the page. Material changes will be communicated via a notice on the Site or, where we hold your email address and consent allows, by email.

We encourage you to review this policy periodically to stay informed about how we protect your data.

If you have any questions, concerns, or requests regarding this Privacy Policy or the way we handle your personal data, please contact: