Privacy policy

Privacy Policy

Introduction

Wenrix (“we,” “us,” or “our”) is committed to protecting the privacy and personal data of our partners such (contractors, service providers, consultants, and client representatives/employees) in the context of a business relationship (“Business Partners”), as well as the data we process on behalf of our clients.

This Privacy Policy explains how we collect, use, and protect personal data when you visit our website (https://www.wenrix.com/), or use our business platform, and how we safeguard personal data in connection with our services. By using our services you acknowledge that you have read and understood this Privacy Policy.

Important Note on Our Role

  • As a Data Controller: We are responsible for the personal data of our website visitors and Business Partners who interact with our business platform or otherwise use our services.
  • As a Data Processor: Wenrix provides technology services to the travel industry. In this capacity, we act as a Data Processor on behalf of our clients, who are the Data Controllers. We process personal data solely in accordance with our clients’ instructions and only to the extent necessary to provide the contracted services. We do not use personal data for any purposes beyond the scope of the services we deliver to our clients. If you are an end-customer (client’s customer, e.g. passenger/traveler, herein “End-Customer”) whose data might be processed through our platform or by providing our services, any questions regarding how your data is used should be directed to your business entity with which you share your personal data, which is the Data Controller of your data. While this policy sets forth our general privacy and security practices, our detailed obligations and commitments to our clients are set forth in the contractual arrangements (service agreements) with them. In the event of a conflict between this Policy and a client service agreement, the service agreement we have with the client prevails.

Information We Collect

a) Wenrix As a Data Controller

We collect information that identifies, relates to, or could reasonably be linked to you (“Personal Data”) as follows:

  • Contact Information: Name, email address, phone number, company name, job title, and industrial sector when you fill out a contact form or support request, as well as any other information collected, used or disclosed in connection with the past, existing, or potential relationship between us and the Business Partner.
  • Account Credentials: Usernames and passwords used by authorized personnel of our clients to access the Wenrix platform.
  • Information collected automatically: using cookies and other tracking technologies, such as browser information (e.g., IP address, browser type, device type, details of the web pages you have visited on our website, and the content that you access). More information can be found through the Cookie Policy.
  • Other identifying information: such as images only in case of attendance to an event (conferences, seminars, webinars etc) organized by us, if applicable.
  • Third-Party Analytics: We use one or more third-party analytics services (such as Google Analytics) to evaluate your use of the website, and the services, compile reports on activity (based on collection of IP addresses, Internet service provider, browser type, operating system and language, referring and exit pages and URLs, data and time, amount of time spent on particular pages, what sections of the website you visit, number of links clicked while on the website, search terms and other similar usage data), and analyze performance metrics. Please be advised that providing this information is voluntary and not required by law, though it is necessary for us to analyze and improve our services. By using our website, you acknowledge that this data may be transferred to and processed in the United States or other jurisdictions outside of Israel in line with applicable data protection laws and regulations. You may manage your consent or opt-out at any time via our Cookie Settings or at https://www.google.com/analytics, though opting out may limit certain website functionalities.

If you have provided personal data of any third party individual to us, you confirm that (i) such third party individual is notified of the information in this Privacy Policy, including how we may process their personal data; (ii) you have obtained any required consent from such third party individual or other legal basis is relied on; and (iii) you have the permission to provide such personal data which allows us to lawfully process such personal data in accordance with this Privacy Policy.

b) Wenrix as a Data Processor (End-Customer Data Disclaimer)

Wenrix in order to provide its online travel products and services (as described in Terms and Conditions, 1.1 Wenrix Offering), processes strictly necessary travel data to benefit the travel ecosystem.

In terms of personal data, Wenrix accesses Passenger Name Record (PNRs) that includes: ticket information, name and contact details like address and phone number.

How We Use Your Data

a) Wenrix as a Data Controller

To be allowed to handle your personal data, the applicable data protection legislation obligates us to have a so-called “legal basis” for each of our purposes to process your personal data. For this reason, we have drafted the below table to show our legal basis for each of our purposes.

What we do (our purposes with handling your personal data) Our Legal basis
To provide and maintain our website and services. Our legitimate interest.
Consider the possibility of engaging in a business/contractual relationship with you (e.g. when concluding NDAs, pre-contractual agreements, the evaluation of partnerships), as well as answering your questions and fulfilling your information requests. Processing is necessary in order to take steps prior to entering into a contract with you and for our legitimate interest in communicating with you.
Establish and manage the business/contractual relationship with you, including (i) setting up your account, (ii) providing access to the Wenrix platform (iii) delivering customer support (iv) the invitation to attend surveys on your degree of satisfaction in your relationship with us, after a certain degree of business interactions with us. Processing is necessary for the performance of a contract to which you are a party and for our legitimate interest in fulfilling purposes including communicating and improving the relationship with you and/or your employer (if you are a representative, employee, collaborator and/or contact person of the business entity having an agreement with us).
Comply with applicable government regulations and other legal requirements, obligations and/or orders. Processing is necessary to comply with legal obligations (e.g., for accounting and tax purposes) legal proceedings, or government authorities’ orders, as well as to cooperate with courts and law enforcement bodies when required.
Protect our assets and employees/contractors and comply with anti-money laundering and/or anti-bribery and corruption laws and other regulatory requirements, we may as necessary, carry out screening (pre-contract and on a periodic basis post-contract) on owners, shareholders and directors of our Business Partners. This screening process is performed against publicly available or government issued sanctions lists and media sources, but does not involve profiling or automated decision making in relation to the counter-parties or potential counter-parties. Processing is necessary to comply with legal obligations.
Contact you in response to Contact Page forms, in order to conduct activities in the area of public relations and associated external communications, or to provide you information about our services. Processing is based on our legitimate interest in responding to your specific inquiry. The personal data is acquired by submitting the form available through the Contact Page. Providing your details is voluntary and not required by law, but is necessary for us in responding to your specific inquiry.
Contact you via email to provide you with marketing or promotional materials in relation to our services and solutions that may be of interest to you. Legitimate Interest: If you are a representative of an existing client, we may send you offers about similar services that we believe are relevant to your business needs, unless you have opted out.

In all other cases (such as if you signed up for our newsletter or are a new prospect), we will only contact you if you have given us your explicit consent, as lawfully acquired to use your data for marketing purposes.

You may withdraw your consent at any time by contacting us as described in the section “How to Contact Us”.
Organize and manage events (conferences, seminars, webinars etc). We may process your personal data for processing your registration, confirming your attendance and sending registration confirmation to you. Processing is based on your voluntary participation in the event and thus, for the performance of a contract to which you are a party. Further the processing is based on our legitimate interest in fulfilling purposes related to organizing and managing the event.
Send you via email information on future events similar to the ones you have registered, that might be of interest to you. Processing is based on your consent that may be collected through the event registration.

You may withdraw your consent at any time by contacting us as described in the section “How to Contact Us”.

b) Wenrix as a Data Processor

Our processing of PNRs is transient in nature; Wenrix accesses the PNR data solely to perform the requested services and does not store or persist this data in our own systems once the task is complete. Wenrix does not have a direct relationship with End-Customers. Our clients are the Data Controllers of the End-Customer personal data.

When Wenrix processes End-Customer data on behalf of our clients, the legal basis is determined and established by our clients. Our processing is governed by the required safeguards, including a Data Processing Agreement (DPA) in place, which ensures that we only handle this data to perform the specific services contracted by the client.

We process this data solely to provide our services to our clients. We do not use End-Customer personal data for our own independent purposes.

Data Sharing and Disclosure

We may share personal data with the following categories of recipients in connection with providing our services:

  • Service Providers: We may engage trusted third-party service providers who assist us in delivering our services, such as cloud hosting providers, payment processors, and IT support services. These providers are contractually obligated to protect personal data and may only process it in accordance with our instructions.
  • Legal and Regulatory Authorities: We may disclose personal data to government authorities, law enforcement agencies, or other parties where required by law or to protect our legal rights.
  • Potential partners involved in business transactions: Personal data might be shared in the event of a sale or transfer of ownership or control of any or all of our business, operations or services to a third party, as part of any corporate reorganization process including, but not limited to, mergers, acquisitions, and sales of all or substantially all of our assets.

We do not sell personal data to third parties for marketing purposes.

International Data Transfers

Wenrix is headquartered in Israel and operates globally. In the course of providing our services, personal data may be processed in countries outside of your country of residence. Where such transfers occur, we implement appropriate safeguards to ensure that personal data remains protected in accordance with applicable data protection laws, including the use of standard contractual clauses, adequacy decisions, or other approved transfer mechanisms.

Data Security

We implement industry-standard technical and organizational measures to protect data against unauthorized access, loss, or alteration. Our security framework includes:

  • Encryption: We use enterprise-grade encryption for data both in transit and at rest.
  • Access Controls: Access to data, including PNR information, is strictly limited to authorized personnel on a “need-to-know” basis. All employees are subject to rigorous confidentiality obligations.
  • System Integrity: We perform regular security audits and vulnerability assessments to ensure the resilience of our platform.
  • Data Minimization, Storage Limitation & Transient Processing: We maintain internal policies to ensure that personal data is only processed when necessary for service delivery and for the time period needed after which it is securely deleted. Personal data contained within a PNR is accessed on a read-only basis. This data is processed in real-time to execute optimization instructions and is not stored, retained, or archived within Wenrix’s permanent databases.

Artificial Intelligence use

Wenrix utilizes Artificial Intelligence (AI) to render its Services, ensuring full alignment with applicable AI laws and regulations including but not limited to the EU AI Act. To maintain privacy, no personal data is ever used to train our AI models. All machine learning is performed exclusively on anonymized metadata, ensuring our automated processes remain high-performance while ensuring that individual identities are strictly excluded from the development of our automated processes.

Your Privacy Rights

Depending on your jurisdiction and applicable data protection laws, you may have certain rights regarding your personal data. These rights may include:

  • Right of Access (review). You have the right to access the personal data we process. You also have the right to receive certain information about what we do with your personal data. This information is provided in this document.
  • Right to Rectification. You have the right to request correction of inaccurate or incomplete personal data.
  • Right to Erasure. You have the right to have your personal data erased. This is the so-called “right to be forgotten.” Please note that this is not an absolute right and that we may retain personal data under certain circumstances.
  • Right to Restriction of Processing. You have the right to restrict how we use your personal data. Please note that this is not an absolute right and that we may continue to process personal data under certain circumstances.
  • Right to Data Portability. You have the right to receive your personal data in a structured, commonly used and machine-readable format from us.
  • Right to Object. You have the right to object to the processing of your personal data in certain circumstances, including processing based on legitimate interests or for direct marketing purposes.
  • Right to Withdraw Consent. Where processing is based on your consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.

If you are a resident of a state with active privacy laws (including California, Colorado, Connecticut, Oregon, and Texas), you may designate an authorized agent to submit requests to know, delete, or correct your information on your behalf.

  • Opt-Out Requests: For residents of all applicable states (including Virginia and Utah), we will honor requests from authorized agents specifically to opt-out of the “sale” or “sharing” of personal data and targeted advertising.
  • Verification: To protect your privacy, we require the authorized agent to provide written permission from you. Unless the agent holds a valid Power of Attorney pursuant to your state’s law (e.g., California Probate Code sections 4000 to 4465), we may still require you to verify your identity directly with us before we fulfill the request.
  • Non-Discrimination: Wenrix will not discriminate against you for exercising your privacy rights. We will not deny you services, charge different prices, or provide a lower quality of service if you choose to exercise any of the rights described in this Policy.
  • Sale and Sharing of Data: Wenrix does not “sell” your personal information for money. However, we may share identifiers and internet activity with third-party advertising partners for targeted advertising purposes. Remember that you can block non-strictly necessary Cookies (including ads and analytics cookies), as described in our Cookie Policy. You can opt-out of this sharing by enabling Global Privacy Control (GPC) in your browser.

In the event that Wenrix acts as a Data Processor, requests to exercise these rights should generally be directed to the business entity that acts as the Data Controller that collected your personal data. However, if you wish to contact us directly, we will assist you or direct your request to the appropriate party.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us at:

Email: security@wenrix.com
Website: www.wenrix.com

If you believe that your data protection rights have been violated, you have the right to lodge a complaint with the relevant supervisory authority in your jurisdiction.

Changes to the Privacy Policy

We reserve the right to change this Privacy Policy from time to time in our sole discretion. When we do, we will also revise the “Last Updated” date at the bottom of this Privacy Policy. Please check back frequently to see any updates or changes to our Privacy Policy.

Last updated: April 2026