Privacy Policy

Last updated: April 12, 2026

Introduction

Welcome to Beyond Baggage. This Privacy Policy explains how we collect, use, store, and protect your personal information when you visit beyondbaggage.com (referred to throughout this document as "the Site"). We take your privacy seriously and are committed to handling your data responsibly and transparently.

Beyond Baggage is a travel blog that shares destination guides, packing tips, gear reviews, and travel stories with readers around the world. Because we welcome visitors from the European Union, the United Kingdom, the United States, Australia, and beyond, this policy is written to comply with the General Data Protection Regulation (GDPR), the UK GDPR, and other applicable privacy laws.

By using the Site, you agree to the practices described in this policy. If you do not agree with any part of it, please stop using the Site.

Who We Are

For the purposes of data protection law, Beyond Baggage is the "data controller" of any personal information you provide through the Site. If you have any questions about how we handle your data, you can contact us using the details provided at the end of this policy.

What Data We Collect

We collect two broad categories of information:

1. Personal information you provide directly

  • Your name and email address when you subscribe to our newsletter, leave a comment, or contact us through a form
  • Any content you voluntarily share, such as comments, feedback, or messages
  • If you choose to work with us (for example, as a contributor or partner), any additional information you send for that purpose

2. Information we collect automatically

  • Your IP address (anonymized where required)
  • Browser type and version
  • Device type and operating system
  • Referring website and the pages you view on the Site
  • Time, date, and duration of your visit
  • Approximate geographic location (country or city level)
  • Cookie identifiers and similar tracking data

We do not knowingly collect sensitive personal data (such as health, religion, or political opinions), and we do not collect payment card information because the Site does not directly sell products.

How We Collect Your Data

We collect information in the following ways:

  • Forms on the Site — newsletter signups, contact forms, and comment boxes
  • Cookies and similar technologies — small files stored in your browser that help the Site function and allow us to analyze traffic
  • Analytics tools — primarily Google Analytics, which measures how visitors use the Site
  • Server logs — standard web server records kept for security and troubleshooting
  • Advertising and affiliate networks — third-party scripts that may drop cookies or pixels when you view ads or click affiliate links

Why We Collect Your Data

We only process your data for clearly defined purposes. The legal bases under GDPR that we rely on are your consent, our legitimate interests, and, where relevant, compliance with legal obligations. Specifically, we use data to:

  • Operate, maintain, and secure the Site
  • Deliver the content you requested, including newsletters and replies to your messages
  • Understand how readers use the Site so we can improve our articles, navigation, and page speed
  • Measure the performance of advertising and affiliate campaigns
  • Personalize the ads you see so they are more relevant (through third-party ad networks)
  • Detect, prevent, and respond to fraud, abuse, or technical issues
  • Comply with applicable laws and respond to lawful requests

You can withdraw your consent at any time where consent is the legal basis (for example, by unsubscribing from the newsletter or changing your cookie preferences).

Third-Party Services

Running a travel blog involves working with a number of trusted third-party providers. These services may process your data on our behalf or as independent controllers. The main categories include:

  • Analytics — Google Analytics (Google LLC) to measure traffic and reader behavior. Google Analytics uses cookies and processes data such as your IP address and pages viewed. You can opt out using the Google Analytics Opt-out Browser Add-on.
  • Advertising networks — display ad partners (such as Google AdSense, Mediavine, Ezoic, or similar networks) which may show personalized or non-personalized ads based on your cookie preferences.
  • Affiliate programs — we participate in affiliate programs including Amazon Associates, booking platforms (such as Booking.com, Agoda, GetYourGuide), and travel gear retailers. When you click an affiliate link and make a purchase, the retailer may share limited transaction data with us for commission tracking.
  • Email service providers — we use an email marketing platform (such as Mailchimp, ConvertKit, or Beehiiv) to manage newsletter subscriptions and send emails.
  • Hosting and security — our web host and content delivery network (such as Cloudflare) process requests to keep the Site online and protected.
  • Social media plugins and embeds — embedded content from YouTube, Instagram, Pinterest, or X (Twitter) may set their own cookies.

Each of these providers has its own privacy policy, and we encourage you to review them. We only share the minimum data necessary for each service to function.

Data Sharing

We do not sell your personal information. We only share data with:

  • Third-party service providers listed above, strictly for the purposes described
  • Legal authorities, when required by law, court order, or to protect our legal rights
  • A successor entity in the event of a merger, acquisition, or sale of the Site

Some of these providers are based outside the European Economic Area (for example, in the United States). When data is transferred internationally, we rely on appropriate safeguards such as the EU-US Data Privacy Framework or Standard Contractual Clauses.

Data Retention

We keep your personal data only as long as necessary for the purposes it was collected:

  • Newsletter subscribers — until you unsubscribe, after which your email is removed from active lists within 30 days
  • Comments — retained as long as the related blog post is published, so conversations remain readable
  • Contact form messages — typically deleted within 12 months of resolution
  • Analytics data — retained for up to 14 months in Google Analytics, then automatically deleted
  • Server logs — usually kept for 30 to 90 days for security purposes

If you ask us to delete your data earlier, we will do so unless we are legally required to keep it.

Your Rights Under GDPR

If you are located in the European Union, the United Kingdom, or another jurisdiction with similar laws, you have the following rights regarding your personal data:

  • Right of access — you can ask for a copy of the personal data we hold about you
  • Right to rectification — you can ask us to correct inaccurate or incomplete data
  • Right to erasure — you can ask us to delete your personal data ("right to be forgotten")
  • Right to restrict processing — you can ask us to pause how we use your data
  • Right to data portability — you can ask for your data in a structured, machine-readable format
  • Right to object — you can object to processing based on legitimate interests or direct marketing
  • Right to withdraw consent — where we rely on consent, you can withdraw it at any time
  • Right to lodge a complaint — you can file a complaint with your local data protection authority if you believe we have not handled your data properly

To exercise any of these rights, contact us using the details below. We will respond within 30 days, as required by GDPR.

Cookie Policy

The Site uses cookies and similar technologies to function properly, remember your preferences, measure traffic, and support advertising. Cookies fall into four broad categories: strictly necessary, functional, analytics, and advertising.

When you first visit the Site, you will see a cookie consent banner that lets you accept or reject non-essential cookies. You can change your choices at any time through the cookie settings link in the footer. For a detailed list of the cookies we use, please see our separate Cookie Policy page.

You can also manage cookies directly in your browser settings. Note that disabling certain cookies may affect how the Site works for you.

Children's Privacy

Beyond Baggage is a general travel blog and is not directed at children. We do not knowingly collect personal data from anyone under the age of 16. If you are under 16, please do not submit any information through the Site without the involvement of a parent or guardian. If we learn that we have unintentionally collected data from a child under 16, we will delete it promptly. Parents and guardians who believe their child has provided data to us can contact us to request removal.

Security

We take reasonable technical and organizational measures to protect your data from loss, misuse, unauthorized access, disclosure, alteration, and destruction. This includes HTTPS encryption, secure hosting, limited staff access, and regular software updates. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or the services we use. When we make significant changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you through the Site or by email. We encourage you to review this page periodically so you stay informed about how we protect your data.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

Beyond Baggage
Email: privacy@beyondbaggage.com
Website: https://beyondbaggage.com/contact

We will do our best to respond to your inquiry promptly and, in any case, within the time frames required by applicable law.