At Travelport, we want to give you an understanding about how we collect your information and the use we make of it in the course of our business.
Travelport's Travel Commerce Platform
As illustrated in the graphic below, our Travel Commerce Platform is a technology infrastructure used for the distribution of travel services. Many travelers engage traditional or online travel agencies, known in our industry as Subscribers, for assistance in managing their travel. Subscribers use the GDS component of our Travel Commerce Platform to identify and price travel alternatives and to purchase the traveler's selection. We then advise the relevant Travel Providers about the sale of their services.
International transfers of GDS personal information
Travelport does most of its processing of GDS Personal Information in Travelport data centers located in the United States of America, a country whose legal system has not received an adequacy decision from the European Commission. We recognize that the European Economic Area and Switzerland have data protection laws that restrict the transfer to the United States of Personal Information about European Travelers, unless there is "adequate protection" for such information when it is received in the United States.
To address this restriction as applied to GDS Personal Information about European Travelers, Travelport has implemented the European Commission's model contracts within the Travelport group. A copy of these model contracts can be requested using the contact details set out in the section on “Data access and correction requests and other questions” below. For these purposes, a "European Traveler" is a traveler whose personal data is entered by a Travelport GDS Subscriber located in the EEA or Switzerland, regardless of the traveler's nationality, residence, or location.
Although we take seriously the personal data of all travelers, our model contract implementation benefits European Travelers and does not cover travelers using a Subscriber located outside of the EEA and Switzerland, nor does it cover travelers who select Travel Providers located outside of the EEA and Switzerland. In each situation, any transfer of GDS Personal Information will rely on safeguards put into place by the Travel Provider and Subscriber, each of whom can provide more information on their respective safeguards.
To learn more about model contracts, please visit http://ec.europa.eu/justice/data-protection/international-transfers/transfer/index_en.htm.
Collection, use and disclosure
Travelport obtains GDS Personal Information when a Travel Provider or a Subscriber submits such data to a Travelport GDS. We also receive GDS Personal Information when an individual traveler submits data to us directly; however, this occurs only in limited circumstances. The types of GDS Personal Information that we obtain is the typical information that you provide when you travel.
This information includes:
- date of birth;
- postal address;
- e-mail address;
- telephone number;
- credit card and payment information;
- travel and accommodation details;
- passport information; and
- special travel requests, such as a request for a wheelchair or a special meal.
To the extent sensitive personal data (e.g. health or religious data) are processed, the explicit consent of the traveler or its equivalent will be obtained from the traveler by the Subscriber or Travel Provider. Such consent can be withdrawn by the traveler at any time, without affecting the lawfulness of processing based on such consent before its withdrawal.
We use GDS Personal Information to help create and perform the underlying contracts between travelers and Travel Providers and Subscribers. We consequently disclose GDS Personal Information to those entities, as well as to the processors that act on their behalf. We also process GDS Personal Information for our legitimate business interests. More specifically, we use GDS Personal Information to:
- process travel bookings;
- provide Subscribers and Travel Providers with access to travel information;
- make and change travel reservations;
- perform billing and accounting functions related to the travel;
- perform internal business processes (such as testing, quality assurance, and product development and enhancement);
- conduct scientific, statistical, and research activities regarding travel trends;
- conduct loss prevention and anti-fraud activities;
- provide help desk services; and
- issue tickets and other travel-related documents on behalf of travelers.
We also disclose GDS Personal Information to vendors that perform functions on our behalf, including suppliers of software development services, business processing service providers, contact center service providers, and computer maintenance providers. We contractually require these vendors to maintain appropriate protections for GDS Personal Information and to only process such data in accordance with our instructions.
We may also process and disclose GDS Personal Information when lawfully requested by public authorities, including requests based on national security or law enforcement requirements; for credit card processing, authentication, and fraud prevention; or as otherwise required or permitted by law, subpoena, or regulation. We do not sell GDS Personal Information for purposes of allowing third parties to conduct direct marketing for their own products or services.
If you do not provide the data as described in this policy, such action may disrupt, delay, cancel or increase the cost of your travel.
Data security and integrity
Travelport maintains reasonable measures to protect GDS Personal Information from loss, misuse, and unauthorized access, disclosure, alteration and destruction. Travelport also takes reasonable steps – to the extent reasonably possible in the context of our role as an intermediary between Travel Providers and Subscribers – to keep GDS Personal Information accurate, current, complete, and reliable for its intended use.
Travelport retains GDS Personal Information no longer than is necessary to comply with legal obligations and to fulfil legitimate business and compliance purposes. Apollo and Galileo GDS Personal Information is destroyed no more than 13 months after the completion of the last travel transaction in the reservation. Worldspan GDS Personal Information is destroyed no more than 36 months after the completion of the last travel transaction in the reservation.
Travelport analyzes, uses, discloses, and processes statistical and other data in de-personalized (anonymized) form that Travelport obtains or generates in connection with its Travelport GDS business. This data is used to identify trends and other activities in the travel industry.
Information from minors
Travelport GDS services are not intended for use by minors. We do not knowingly collect GDS Personal Information from any minor child.
Data access and correction requests and other questions
European data privacy laws grant European Travelers certain rights with respect to the:
- portability; and
- restriction or objection to processing of their own GDS Personal Information.
As a practical matter, travelers may first wish to contact their Travel Providers or Subscriber as the most efficient means of addressing any issues in these areas. Travelers may direct any other requests (including requests for applicable model clauses), questions or complaints relating to their own GDS Personal Information to Travelport at firstname.lastname@example.org or to the Data Protection Officer at the addresses specified below. Travelport retains the right to use reasonable measures to authenticate the identity of any traveler who makes a request in respect of their GDS Personal Information or otherwise raises any questions.
Privacy-related communications may be directed to:
One Axis Park, 10 Hurricane Way
Langley, Berkshire SL3 8AG
Attention: Data Protection Officer / Legal Dept.
T: +44 (0) 1753 288000
F: +44 (0) 1753 288001
300 Galleria Parkway
Atlanta, Georgia 30339
Attention: Data Protection Officer / Legal Dept.
T: +1 770-563-7400
F: +1 770-563-7878
Once we receive your inquiry we will investigate the matter and respond to you promptly. We will endeavor to do this within 30 days. If this is not possible, we will endeavor to contact you and let you know about a revised timeframe.
If any European Traveler experiences an issue regarding GDS Personal Information that the European Traveler cannot resolve directly with Travelport, such traveler has a right to lodge a complaint with their local Data Protection Authority.
Publication and effective date
This policy is published by Travelport, LP on behalf of the Travelport group companies. Travelport, LP is a Delaware USA limited partnership with its principal place of business located at 300 Galleria Parkway, Atlanta, Georgia 30339, USA, T: +1 770-563-7400, F: +1 770-563-7878. We may update this policy from time to time and will post a prominent notice to inform users about significant changes.
Effective Date: This policy was last updated on 30APRIL2018. Click here to view prior versions.