1. Who We Are
The data controller is IMC Group, trading as IMC Tourism Club, registered and operating in London, United Kingdom. We operate the IMC Tourism Club membership network, the B2B partner directory at imctourism.com, and related events and technology services.
You can contact us at: membership@imctourism.com | +44 7397 125 827
2. Data We Collect
We collect the following categories of personal and business data:
a) Membership Application Data
- Full name, job title, and business email address
- Company name, country of operation, and business category
- Company website, phone number, and WhatsApp number
- Brief company description and services offered
b) Member Profile Data
- Company logo and background image (uploaded voluntarily)
- Social media profile links
- Member since year and verification status
- Membership package tier and expiry date
c) Account & Usage Data
- Login credentials (password stored as a salted hash — never in plain text)
- IP address and browser type at login
- Pages visited and contacts viewed within the member portal
- Event registration and attendance records
d) Contact Form Data
- Name, email, phone number, and message content submitted via the Contact page
3. How We Use Your Data
We use your data for the following purposes:
- Processing membership applications — reviewing, approving, and onboarding new members
- Maintaining your directory listing — displaying your profile to other verified members
- Sending communications — event invitations, membership renewal reminders, industry news, and platform updates
- Managing your member portal account — authentication, contact view quotas, and package access
- Providing technology services — facilitating access to IMC Travel Technologies tools via OpsMind Technologies Ltd
- Responding to enquiries — handling messages submitted via the contact form
- Fraud prevention and security — detecting misuse of the directory or member portal
- Statistical analysis — anonymous aggregate reporting on network activity (no individual profiling)
4. Legal Basis for Processing
Under UK GDPR, we rely on the following lawful bases:
| Processing Activity |
Legal Basis |
| Processing membership applications | Contract (Art. 6(1)(b)) |
| Maintaining member directory listings | Contract (Art. 6(1)(b)) |
| Sending event invitations and renewal notices | Legitimate interests (Art. 6(1)(f)) |
| Marketing communications and newsletters | Consent (Art. 6(1)(a)) |
| Fraud prevention and security monitoring | Legitimate interests (Art. 6(1)(f)) |
| Responding to contact form enquiries | Legitimate interests (Art. 6(1)(f)) |
5. Directory & Profile Visibility
When you become a member, your company profile — including name, country, business category, description, logo, and website — is listed in our B2B partner directory. This profile is visible to:
- The public: company name, category, country, and a brief description
- Verified logged-in members only: direct contact details (phone, WhatsApp, email)
By accepting membership, you consent to your company profile being included in the directory on these terms. You may request amendments to your profile at any time by contacting us.
6. Who We Share Data With
We do not sell your personal data. We share data only in the following limited circumstances:
- Other verified members — your contact details are visible to logged-in members as part of the directory service
- OpsMind Technologies Ltd — our technology partner that provides the platform infrastructure and member portal; they process data on our behalf under a data processing agreement
- Event organisers — your name and company may be shared with exhibition organisers (WTM, ITB, ATM) when you register for pavilion participation
- Payment processors — billing data is handled by our payment provider and is not stored on our servers
- Legal authorities — if required by law, court order, or to protect the rights and safety of our members
7. How Long We Keep Your Data
- Active member data: retained for the duration of your membership
- After membership ends: core profile data retained for up to 3 years for legal and accounting purposes, then deleted or anonymised
- Rejected applications: deleted after 12 months
- Contact form messages: retained for 24 months then deleted
- Activity logs (contact views, logins): retained for 12 months, then anonymised
8. Your Rights
Under UK GDPR you have the following rights. To exercise any of them, email us at membership@imctourism.com. We will respond within 30 days.
- Right of access — request a copy of all personal data we hold about you
- Right to rectification — ask us to correct inaccurate or incomplete data
- Right to erasure — ask us to delete your data ("right to be forgotten"), subject to legal retention obligations
- Right to restrict processing — ask us to pause processing your data in certain circumstances
- Right to data portability — receive your data in a structured, machine-readable format
- Right to object — object to processing based on legitimate interests, including direct marketing
- Right to withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting prior processing
9. Cookies
We use the following cookies on our website:
| Cookie |
Purpose |
Duration |
PHPSESSID | Member session authentication | Session |
imc_admin | Admin panel session | Session |
We do not currently use tracking or advertising cookies. We do not share cookie data with third-party advertising platforms.
10. Data Security
We apply the following technical and organisational measures to protect your data:
- HTTPS encryption across all pages
- Passwords stored as salted bcrypt hashes — never in plain text
- Contact details restricted to verified logged-in members only
- Admin access protected by separate authenticated session
- Regular database backups with restricted access
In the event of a data breach that is likely to result in a risk to your rights, we will notify the ICO within 72 hours and affected individuals without undue delay.
11. International Transfers
Our servers are hosted within the UK or the European Economic Area (EEA). Where data is processed outside the UK/EEA (for example, by international exhibition organisers), we ensure appropriate safeguards are in place, such as standard contractual clauses approved by the UK Information Commissioner's Office (ICO).
For any privacy-related enquiries or to exercise your rights, contact us:
If you are unsatisfied with our response, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):