Travelport Privacy Notice for the GDS

Welcome to this Travelport website. We at Travelport recognize the importance of protecting the privacy of personal data or personally identifiable information (“Personal Information”) about the individual travelers that we process in the global distribution systems of our Travel retail platform. The following Privacy Notice discloses what information we gather, how we use it, and how to correct or change it. Please note, however, that we may update and amend this Privacy Notice from time to time.

At Travelport, we want to give you an understanding about how we collect your information and the use we make of it in the course of our business.

Travelport’s Global Travel Retail Platform

Travelport recognizes that many countries have adopted laws that apply to Personal Data about individual travelers that we process in the global distribution systems (“GDS Personal Data”) , including our Travelport+™ Apollo™, Galileo™, and Worldspan™ global distribution systems. We refer to each of these systems as a “Travelport GDS”.

This Privacy Notice describes how we collect, use, store and process GDS Personal Data and it applies globally except where a more specific notice is required by national requirements, such as in Russia (click here to view our privacy notice for Russian points of sale), and California (click here to view our privacy notice for Californian residents).

This Privacy Notice does not cover how travel providers, such as an airline, car rental company, or a hotel (a “Travel Provider”), handle Personal Data. It also does not cover the Personal Data of a travel agency or other company that subscribes to a Travelport GDS (a “Subscriber”) and also does not include Personal Data about users obtained through our public websites (click here to view our Business Partners and Website Privacy Notice). We recommend that travelers should also carefully review the privacy notices of their Travel Providers and Subscribers.

As illustrated in the graphic below, our travel retail platform is a technology infrastructure used for the distribution of travel services. Many travelers engage traditional or online travel agencies, known in our industry as Subscribers, for assistance in managing their travel. Subscribers use the GDS component of our travel retail platform to identify and price travel alternatives and to purchase the traveler’s selection. We then advise the relevant Travel Providers about the sale of their services.

International transfers of GDS Personal Data

We may transfer, process and store GDS Personal Data at a destination outside the country where you the traveler are located which may be outside the European Economic Area (“EEA”) or the UK. It may also be processed by staff operating in other countries outside the EEA or the UK who work for us or for one of our vendors.

Depending on the traveler’s country of residence, certain data protection rules may apply for the cross-border transfer of GDS Personal Data. Travelport will implement appropriate safeguards for the transfer of GDS Personal Data to the US and to other countries outside of the EEA or the UK which do not have an adequacy decision from the EEA/UK.

Further, any transfer of GDS Personal Data will also rely on safeguards put into place by the Travel Provider and/or Subscriber, each of whom can provide more information on their respective safeguards.

Data Privacy Framework

Travelport, LP (“Travelport”) complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Travelport has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal information received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Travelport has also certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal information received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this Privacy Notice and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

Individuals have the right to access their personal information. If you would like to limit the use and disclosure of your personal information, you can email privacy@travelport.com, at any time. If you have any inquiries or complaints about the handling of your personal information under the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and/or the Swiss-U.S. DPF, please contact the Travelport Privacy Officer at:

privacy@travelport.com
Travelport
One Axis Park, 10 Hurricane Way
Langley, Berkshire SL3 8AG
United Kingdom
Attention: Privacy Officer / Legal Department
T: +44 (0) 1753 288000
F: +44 (0) 1753 288001

OR

privacy@travelport.com
Travelport
Suite 1400
300 Galleria Parkway
Atlanta, Georgia 30039
United States of America
Attention: Privacy Officer / Legal Department
T: +1 770 563 7468

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and/or the Swiss-U.S. DPF, Travelport commits to refer unresolved complaints concerning our handling of personal information received in reliance on EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and/or the Swiss-U.S. DPF to JAMS, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://www.jamsadr.com/DPF-Dispute-Resolution for more information or to file a complaint. JAMS dispute resolution services are provided at no cost to you.
If your complaint is not resolved through the channels described above, under certain conditions a binding arbitration option may be available before a Data Privacy Framework Panel. For additional information, please visit: https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2

The Department of Transportation has jurisdiction over the Travelport’s compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and/or the Swiss-U.S. DPF. Travelport complies with the DPF Principles for all onward transfers of personal information from the EU, UK, and Switzerland, including the onward transfer liability provisions.

Collection, use and disclosure of GDS Personal Data

Travelport obtains GDS Personal Data when a Travel Provider or a Subscriber submits such data to a Travelport GDS. We also receive GDS Personal Data when an individual traveler submits data to us directly; however, this occurs only in limited circumstances, such as when the traveler uses our TripManager product. The types of GDS Personal Data that we obtain is the typical information that you provide when you travel.

This information includes:

• Name
• Date of birth
• Gender
• Postal address
• e-mail address
• Telephone number
• Credit card and payment information
• Travel and accommodation details
• Passport information
• Special travel requests, such as a request for a wheelchair or a special meal

We do not actively collect and process sensitive personal data. To the extent sensitive personal data (e.g. health or religious data) are processed, the consent of the traveler or its equivalent will be obtained from the traveler by the Subscriber or Travel Provider. Such consent can be withdrawn by the traveler at any time, without affecting the lawfulness of processing based on such consent before its withdrawal.

We use GDS Personal Data to help create and perform the underlying contracts between travelers and Travel Providers and Subscribers. We consequently disclose GDS Personal Data to those entities, as well as to the processors that act on their behalf. We also process GDS Personal Data for our legitimate business interests. More specifically, we use GDS Personal Data to:

• Process travel bookings
• Provide Subscribers and Travel Providers with access to travel information
• Make and change travel reservations
• Perform billing and accounting functions related to the travel
• Perform internal business processes (such as testing, quality assurance, and product development and enhancement)
• Conduct scientific, statistical, and research activities regarding travel trends
• Conduct loss prevention and anti-fraud activities
• Provide help desk services
• Issue tickets and other travel-related documents on behalf of travelers

We also disclose GDS Personal Data to vendors that perform functions on our behalf, including suppliers of software development services, business processing service providers, contact center service providers, and computer maintenance providers. We contractually require these vendors to maintain appropriate protections for GDS Personal Data and to only process such data in accordance with our instructions.

We may also process and disclose GDS Personal Data when lawfully requested by public authorities, including requests based on national security or law enforcement requirements; for credit card processing, authentication, and fraud prevention; or as otherwise required or permitted by law, subpoena, or regulation. We do not sell GDS Personal Data for the purpose of allowing third parties to conduct direct marketing for their own products or services.

If you do not provide certain data which is mandatory this may disrupt, delay, cancel or increase the cost of your travel.

Data security and integrity

The security of GDS Personal Data is very important to us. Travelport maintains appropriate technical and organisational measures to protect GDS Personal Data from loss, misuse, and unauthorized access, disclosure, alteration and destruction.

To the extent reasonably possible in the context of our role as an intermediary between Travel Providers and Subscribers, Travelport will take steps to keep GDS Personal Data accurate, current, complete, and reliable for its intended use.

Data retention

Travelport retains GDS Personal Data no longer than is necessary to comply with legal obligations and to fulfil legitimate business and compliance purposes. GDS Personal Data is destroyed from the Travelport GDS no more than 36 months after the completion of the last travel transaction in the reservation.

De-personalized data

Travelport analyzes, uses, discloses, and processes statistical and other data in de-personalized (anonymized) form that Travelport obtains or generates in connection with its Travelport GDS business. This data is used to identify trends and other activities in the travel industry.

Information from minors

Travelport GDS services are not intended for use by minors. We do not knowingly collect GDS Personal Data from any minor child.

Privacy rights

Data privacy laws in the EU, the UK and some other countries grant individuals certain rights with respect to the:

• Right to request access to your personal data – you have the right to request access to the GDS Personal Data we hold about you.
• Right of Rectification – you have the right to request correction of the GDS Personal Data that we hold about you where it is incomplete or inaccurate.
• Right of Erasure – under data protection laws you may have the right to ask us to erase or remove your GDS Personal Data where there is no good reason for us to continue to process it. You also have the right to ask us to delete or remove your GDS Personal Data where you have successfully exercised your Right to Object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your GDS Personal Data to comply with local law. Please note that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
• Right of Portability – you have the right to obtain and reuse GDS Personal Data that you have provided to us.
• Right to Restrict – you may have the right to ‘block’ or suppress the processing by us of your GDS Personal Data in certain circumstances.
• Right to Object – you may have the right to object to the processing of your own GDS Personal Data in certain situations, for example where we are relying on a legitimate interest.
• Right to withdraw consent – you have the right to withdraw consent at any time where we are relying on consent to process your GDS Personal Data. However, this will not affect the lawfulness of any processing activity carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

As a practical matter, travelers may first wish to contact their Travel Providers or Subscriber as the most efficient means of addressing any issues in these areas. Travelers may direct any other requests (including requests for applicable model clauses), questions or complaints relating to their own GDS Personal Information to Travelport at  privacy@travelport.com or to the Data Protection Officer at the addresses specified below. Travelport retains the right to use reasonable measures to authenticate the identity of any traveler who makes a request in respect of their GDS Personal Information or otherwise raises any questions.

These rights only apply in certain circumstances.

As a practical matter, travelers may first wish to contact their Travel Providers or Subscriber as the most efficient means of addressing any issues in these areas.
Travelers may direct any other requests to exercise these rights, questions or complaints relating to their GDS Personal Data to Travelport at privacy@travelport.com or to the Data Protection Officer at the addresses specified below. Travelport retains the right to use reasonable measures to authenticate the identity of any person who makes a request in respect of their GDS Personal Data or otherwise raises any questions.

Travelport
One Axis Park, 10 Hurricane Way
Langley, Berkshire SL3 8AG
United Kingdom
Attention: Data Protection Officer / Legal Dept.
T: +44 (0) 1753 288000
F: +44 (0) 1753 288001

OR

Travelport
300 Galleria Parkway
Atlanta, Georgia 30339
USA
Attention: Data Protection Officer / Legal Dept.
T: +1 770-563-7400

Once we receive your inquiry we will investigate the matter and respond to you promptly. We will endeavor to do this within 30 days. If this is not possible, we will endeavor to contact you and let you know about a revised timeframe.

Dispute resolution

If any traveler experiences an issue regarding GDS Personal Data that the traveler cannot resolve directly with Travelport, such traveler may have a right to lodge a complaint with their local Data Protection Authority depending on where they live. We would, however, appreciate the chance to deal with your concerns before you contact your local Data Protection Authority, so please contact us in the first instance.

Publication and effective date

This notice is published by Travelport, LP on behalf of the Travelport group companies. Travelport, LP is a Delaware USA limited partnership with its principal place of business located at Suite 1400, 300 Galleria Parkway, Atlanta, Georgia 30339, USA, T: +1 770-563-7468. We may update this notice from time to time and will post a prominent notice to inform users about significant changes.

Effective Date

Effective Date: This notice was last updated on 1st July 2024.

Notice Owner: Data Protection Officer