Business Partners Privacy Notice
Last updated: February 2020
|BASIC INFORMATION ABOUT THE PROCESSING OF PERSONAL DATA |
|Data controller||TravelClick, Inc.|
|Purpose of processing personal data||TravelClick customers: To provide TravelClick products and services, manage accounts, and manage TravelClick’s relationship with TravelClick customers.|
TravelClick service providers: To manage accounts and manage TravelClick’s relationship with service providers.
|Legal grounds for processing||Performance of a contract|
|Recipients of the personal data||TravelClick affiliates, third party service providers who may include professional advisers, regulators, and authorities where disclosure is required by law.|
|Legal rights||You have a right to access, review, and restrict processing of personal data, and the right to lodge a complaint with a supervisory authority.|
TravelClick Customers – Business Partners Privacy Notice
This TravelClick Business Partners Privacy Notice (“Privacy Notice”) describes how TravelClick, Inc. (“TravelClick”) collects and processes personal data provided by TravelClick Business Partners. Personal data provided by TravelClick Business Partners includes the personal data of employees, contractors, and other points of contact from companies or organizations with which TravelClick has a commercial relationship; this includes personal data (not including personal data of travelers) provided by companies and organizations that TravelClick services; and third party service providers (collectively referred to in this Privacy Notice as “TravelClick Business Partners”).
This Privacy Notice does not apply to personal data that may be collected or processed by TravelClick for other purposes, such as through TravelClick websites, TravelClick HR or recruitment services. Where personal data is collected for other purposes, the relevant privacy notice will be provided explaining the purpose the personal data is being processed for.
This Privacy Notice applies to personal data TravelClick processes provided by, or on behalf of, TravelClick Business Partners, globally. Processing of TravelClick Business Partner personal data may be subject to agreements between TravelClick and TravelClick Business Partners. Other information that is not personal data will be processed in accordance with the contractual agreements with TravelClick Business Partners. This Privacy Notice should be read together with other privacy notices that may be provided on specific occasions when personal data is collected or processed. This Privacy Notice supplements other privacy notices and is not intended to override them.
Who is processing the personal data?
TravelClick, Inc. is made up of different legal entities under the control of TravelClick, Inc. This Privacy Notice is issued on behalf of TravelClick, Inc. When a reference is made to TravelClick, Inc. it refers to the relevant company in TravelClick, Inc. responsible for processing personal data. Where a specific privacy notice has been provided, the details of the TravelClick entity which is data controller will be provided in the specific privacy notice, in the absence of a specific privacy notice, TravelClick, Inc. is the data controller of the personal data.
If you have any questions about this Privacy Notice, including any requests to exercise your legal rights as described below, please contact TravelClick, Inc. using the details set out in the “Legal rights” section of this Privacy Notice.
What personal data is processed and how is this personal data collected?
Personal data means information about an identified or identifiable individual. It does not include information where an individual cannot be identified e.g. non-personal or aggregated data. TravelClick, Inc. process personal data that is collected from individuals and personal data that is provided by TravelClick Business Partners and from third parties.
TravelClick process different kinds of personal data that can be grouped together as follows:
- Identity data – includes name, user name, or other identifier
- Contact data – includes address, email address, and telephone number
- Technical data – includes IP address, login data, browsing actions, and patterns
- Commercial/Usage data – includes information about how TravelClick products and services are used
- Profile data – includes information about interests, preferences, feedback, and survey responses
- Marketing and communications data – includes preferences for receiving marketing from TravelClick and communication preferences.
What is the personal data used for and what is the legal basis for processing?
TravelClick uses personal data to provide services that a TravelClick Business Partner has requested; provide support services; for fraud prevention purposes; protect the security of TravelClick products and services and TravelClick Business Partners; to perform internal business processes (such as testing and quality assurance); and other uses compatible with providing the services. For marketing and communication personal data is used to personalize the content of communications.
The legal basis for processing personal data is:
- The processing is necessary for the performance of a contract that TravelClick has or is about to enter into with a TravelClick Business Partner; or
- Where the processing of personal data is necessary for TravelClick’s legitimate business interests. Where personal data is processed for legitimate interests, the privacy impact on the individual whose data is being processed will be considered.
Who is the personal data shared with?
TravelClick may share personal data with its affiliates, agents, and third party service providers such as suppliers of information technology services, security services, and legal, financial/accounting service providers, and other similar professional advisers.
TravelClick may also share personal data with third parties, if TravelClick choose to sell, transfer, or merge parts of the business or assets. If there is a change of control of the business those who purchase the business or part of may use personal data in the same way as set out under this Privacy Notice.
Where such disclosure takes place, TravelClick requires the appropriate technical and organizational security measures to be in place to protect personal data, and for personal data to be processed lawfully.
TravelClick only allows affiliates and third party service providers to process personal data on behalf of TravelClick for specified purposes and in accordance with TravelClick’s instructions.
Further information on the affiliates and third party service providers that TravelClick uses to process personal data on their behalf can be requested through using the contact details found in the “Legal rights” section of this Privacy Notice. When requesting this information please make reference to information about affiliates and third party service providers so that the relevant information can be provided.
TravelClick may also disclose personal data as required by law, subpoena, or regulation, or when requested by a government, law enforcement authority, or as otherwise required or permitted by law.
International transfers of traveler personal data
When TravelClick shares personal data with its affiliates and third party service providers who process personal data on behalf of TravelClick, this will involve transferring personal data outside the European Economic Area (“EEA”). When personal data is transferred to another country it will continue to receive adequate protection through contractual or other arrangements put in place with affiliates and third party service providers. For these transfers at least one of the following appropriate safeguards will be implemented:
- Personal data will be transferred to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission;
- Standard data protection clauses approved by the European Commission which give personal data transferred the same protection it has in EEA; or
- With affiliates and third party service providers based in the US, Privacy Shield which gives personal data similar protection it has in EEA.
Further information on the appropriate safeguards used when transferring personal data outside the EEA can be requested through using the contact details found in the “Legal rights” section of this Privacy Notice. When requesting this information please make a reference to the transfer of personal data outside the EEA.
Data security and integrity
TravelClick has taken the appropriate technical and organizational security measures to protect personal data from loss or unlawful processing. When personal data is processed on behalf of TravelClick, access is limited to those who have a business need to know, and personal data will be processed in accordance with the instructions of TravelClick and those who have access are subject to a duty of confidentiality.
TravelClick has in place procedures to deal with any suspected personal data breach and will notify individuals and any applicable regulator of a breach where legally required to do so.
TravelClick retains personal data for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.
Details of retention periods for different types of personal data can be found in specific privacy notices or can be made available upon request through using the contact details set out in the “Legal rights” section of this Privacy Notice.
When requesting this information please make a reference to data retention periods.
Under certain circumstances individuals can exercise rights under data protection laws. Individuals may exercise these rights relating to their own personal data or contact TravelClick for other data protection related questions by emailing firstname.lastname@example.org.
TravelClick will require authentication of the identity of the individual wishing to exercise their rights under data protection laws, and may require additional information to assist in responding to requests.
For the following rights please make a reference to the following in the request:
Right to access (TravelClick Business Partners): “Request for access to personal data”
Right to information (TravelClick Business Partners):
- “TravelClick affiliates and third party service providers who process personal data on behalf of TravelClick”
- “Transfers to third countries – information about data transfers outside EEA”
Right to information (TravelClick Business Partners) about: “Retention periods of personal data”
TravelClick intends to carefully address any request and/or claim from you, as well as carefully process personal data. You are entitled to file any claim or complaint before the relevant data protection authorities if the answer provided by TravelClick does not meet your expectations.
This Privacy Notice is published by TravelClick, Inc. and may be changed at any time. The date it was last updated is shown here 10th February 2020.
Additional Privacy Disclosures for the United States California and Nevada
If you are a California or Nevada (United States) resident, please see our Additional Privacy Disclosures for the United States California and Nevada here , which is incorporated by reference into this policy.