Travelport Privacy Notice for the GDS | Privacy notice for California residents | Privacy Policy for Travel School Students |
We at Travelport (Travelport, LP and its group companies) recognize the importance of protecting the privacy of personal data or personally identifiable information (“Personal Data”) that our customers, travel providers, website and product users and other business partners provide to us (“you”). The following Privacy Notice discloses what information we gather, how and why we use it, our legal bases for doing so and how you can exercise any rights you have. Please note, however, that we may update and amend this Privacy Notice from time to time.
This Privacy Notice applies globally except where a more specific notice is also required by national requirements, such as in Russia (click here to view our privacy notice for Russia) in California (click here to view our privacy notice for Californian residents) and in China (click here for the Chinese version and here for the English version of our China Addendum for the People’s Republic of China).
This Privacy Notice does not cover how we process Personal Data about travelers in our Travel Commerce Platform and other Travelport products like Trip Manager, which is covered in our Travel Commerce Platform Privacy Notice for the GDS which can be found here and does not cover Personal Data of job applicants (click here to view our Careers Privacy Notice).
Website Users and Business Partners
This Privacy Notice describes how we collect, use, store and process Personal Data about:
- users of our websites, including websites used to access our products and services, such as Trip Manager and MyTravelport; and
- business contacts at (1) our travel agency customers; (2) our travel providers (such as airlines, car rental companies, hotels and cruise and tour providers); (3) our vendors who provide us with services; (4) other companies that use our products and services; and (5) other companies which we have a commercial relationship with.
This Privacy Notice applies to Personal Data only. Other non-personal information about our business partners is handled in accordance with the contracts between us.
The Personal Data we process about you may include without limitation:
- Identity and Contact Data such as name, date of birth, address, gender, personal description, image and passport / driving license information (where identity documents are required for background checks), employment details (employer, job title), e-mail address, telephone number and other contact details
- Customer Ordering & Support Data such as details of enquiries raised, call recordings of helpdesk enquiries and related call metrics (such as call duration times), and transaction details (such as details of services ordered);
- Marketing and Communications Data including your marketing and communication preferences, responses to surveys and feedback on our product and services
- Financial Data including credit card and payment information, and billing address
- Technical Data such as username and other log-in information, IP address and other online identifiers, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our websites, applications and products,
- Usage Data such as information about how you use our websites, products, applications and services, log data.
Special Categories of Personal Data
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). In very limited cases travel bookings may contain Special Categories of Personal Data about travelers if this information is inputted into a booking by a user of our products, for further details please see our Travel Commerce Platform Privacy Notice for the GDS which can be found here. We also do not collect information about criminal convictions and offences about you.
Aggregated Data
We also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data could be derived from your Personal Data but is not considered Personal Data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific website or product feature or use de-personalized (anonymized) data to identify trends and other activities in the travel industry.
Cookies
Travelport uses cookies and similar technologies within its websites and products to carry out user analytics which we use to improve the user experience of those who use our products and services. We also use cookies to record user sessions in our products and services to assist with trouble shooting and improve our customer’s experiences in using our products. For more information about the cookies we use please see our Cookie Policy.
We may collect your Personal Data from the following sources:
- directly from you. For example, when you request information or a service from us, register for a Travelport product or provide your Personal Data to us by using one of our products or applications.
- indirectly from you. For example, when we automatically collect usage details during your interaction with our products or our websites.
- from third parties. For example, from our business partners or service providers that provide services on our behalf (such as sub-contractors in technical, payment and delivery services, analytics providers, search information providers, credit reference agencies, providers of background information and sanction checking tools), which may provide some of your Personal Data to us.
We may use your Personal Data in a variety of ways including the following:
Communication and customer support: to communicate with you to carry out our contractual obligations; provide you with product updates, product patches and fixes, provide you with product customizations and other similar operational communications; to send notices about changes to our terms, conditions and policies; to provide you with helpdesk and other customer support services, including monitoring and recording calls for quality, training and audit purposes.
Marketing: to communicate with you about new products and services, events, promotional and advertising materials that may be useful, relevant, or otherwise of interest to you (including with your consent to provide you with targeted advertisements or offerings within our products); to carry out market research and administer surveys and questionnaires, or new competitions or sales promotions that you may enter.
Perform internal business processes: to conduct billing and accounting functions; quality assurance, for analytics and statistical purposes (for example, using aggregated data to analyze travel trends); for product development and enhancement and for other internal business processes; to conduct scientific, statistical, and research activities regarding travel trends.
Operation of our websites and products: to operate, manage and improve our websites and products; providing content to you; displaying advertising and other information to you; and communicating and interacting with you via our websites and products.
IT security: for the management of our systems (including login records and access details, where you access our systems, troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data); to conduct IT security audits; to detect and manage vulnerabilities and security incidents.
Risk management and fraud prevention: for audit, compliance vendor management and other risk management purposes; for loss prevention and anti-fraud activities.
Legal compliance and investigations: to detect, investigate and prevent breaches of internal policies or illegal or fraudulent activity in accordance with applicable law; to ensure compliance with our legal and regulatory obligations under applicable law; to establish, exercise and defend our legal rights; to comply with lawful requests received from law enforcement agencies, public and regulatory authorities or other organizations.
Corporate transactions: to carry out re-organizations, mergers, joint ventures, acquisitions, and other similar business operations.
Change of Purpose
We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
We process your Personal Data based on:
- the performance of a contract that we have entered into or are about to enter into with the Business Partner or with you when you are a sole trader.
- our legitimate business interests (for example, when we send you market research surveys to analyse how our products and services are used to enable us to improve them in the future).
- your consent to send you marketing communications about our products and services where you have requested to receive them.
- for compliance with a legal obligation which we are subject to (for example, when we use a third-party provider to carry out background and sanction checks as required under international laws).
We may process your Personal Data without your consent, where this is required or permitted by law.
If you fail to provide Personal Data
Where we need to collect Personal Data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter with you (for example, to provide you with services). In this case, we may have to cancel a product or service you have with us, but we will notify you if this is the case at the time.
We may disclose your Personal Data to the following categories of third parties:
- to our Travelport group companies, as required for business administration purposes.
- to our selected business partners and sponsors and to vendors that perform functions on our behalf, including suppliers of software development services, software providers, business processing service providers, contact center service providers, training service providers, market research companies, marketing and branding agencies who help us with our website maintenance and marketing campaigns, computer maintenance providers, credit reference checking agencies and providers of sanction checking tools.
- in limited cases, to governmental authorities or other organizations to answer their lawful requests, including requests based on national security or law enforcement requirements; for credit card processing, authentication, and fraud prevention; or as otherwise required or permitted by law, subpoena, or regulation.
- to other third parties (for example, we may share your Personal Data with third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them)
We do not sell Personal Data for the purpose of allowing third parties to conduct direct marketing for their own products or services.
Travelport retains Personal Data no longer than is necessary for the purpose for which it is collected, to comply with legal obligations and to fulfill legitimate business and compliance purposes.
To determine the appropriate retention period for Personal Data, we consider the amount, nature and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure, the purposes for which we process the Personal Data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
In some circumstances we will anonymise your Personal Data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
Personal Data we collect from you may be transferred to, and stored at, a destination outside the country where you are located which may be outside the European Economic Area (“EEA”) or the UK. It may also be processed by staff operating in other countries outside the EEA or the UK who work for us or for one of our vendors. Such staff may be engaged in, among other things, the fulfilment of the services you receive from us, the processing of your payment details and the provision of support services. By submitting your Personal Data, you agree to this transfer, storing or processing.
Depending on your country of residence, certain data protection rules may apply for the cross-border transfer of your Personal Data. Travelport will implement appropriate safeguards for the transfer of your Personal Data to the US and to other countries outside of the EEA/UK which do not have an adequacy decision.
Data Privacy Framework
Travelport, LP (“Travelport”) complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Travelport has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal information received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Travelport has also certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal information received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this Privacy Notice and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
Individuals have the right to access their personal information. If you would like to limit the use and disclosure of your personal information, you can email privacy@travelport.com, at any time. If you have any inquiries or complaints about the handling of your personal information under the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and/or the Swiss-U.S. DPF, please contact the Travelport Privacy Officer at:
privacy@travelport.com
Travelport
One Axis Park, 10 Hurricane Way
Langley, Berkshire SL3 8AG
United Kingdom
Attention: Privacy Officer / Legal Department
T: +44 (0) 1753 288000
F: +44 (0) 1753 288001
OR
privacy@travelport.com
Travelport
300 Galleria Parkway
Atlanta, Georgia 30039
United States of America
Attention: Privacy Officer / Legal Department
T: +1 770 563 7400
F: +1 770 563 7878
In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and/or the Swiss-U.S. DPF, Travelport commits to refer unresolved complaints concerning our handling of personal information received in reliance on EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and/or the Swiss-U.S. DPF to JAMS, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://www.jamsadr.com/DPF-Dispute-Resolution for more information or to file a complaint. JAMS dispute resolution services are provided at no cost to you.
If your complaint is not resolved through the channels described above, under certain conditions a binding arbitration option may be available before a Data Privacy Framework Panel. For additional information, please visit: https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2
The Department of Transportation has jurisdiction over the Travelport’s compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and/or the Swiss-U.S. DPF. Travelport complies with the DPF Principles for all onward transfers of personal information from the EU, UK, and Switzerland, including the onward transfer liability provisions.
Data privacy laws in the EU, UK and some other countries grant individuals the following rights regarding their Personal Data:
- Right to request access to your personal data – you have the right to request access to the Personal Data we hold about you.
- Right of Rectification – you have the right to request correction of the Personal Data that we hold about you where it is incomplete or inaccurate.
- Right of Erasure – under data protection laws you may have the right to ask us to erase or remove your Personal Data where there is no good reason for us to continue to process it. You also have the right to ask us to delete or remove your Personal Data where you have successfully exercised your Right to Object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your Personal Data to comply with local law. Please note that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
- Right of Portability – you have the right to obtain and reuse the Personal Data that you have provided to us.
- Right to Restrict – you may have the right to ‘block’ or suppress the processing by us of your Personal Data in certain circumstances.
- Right to Object – you may have the right to object to the processing of your own Personal Data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your Personal Data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
- Right to withdraw consent – you have the right to withdraw consent at any time where we are relying on consent to process your Personal Data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
These rights only apply in certain circumstances. Any requests to exercise these rights, questions or complaints relating to your Personal Data should be directed to Travelport at privacy@travelport.com or to the Data Protection Officer at the addresses specified below. Travelport retains the right to use reasonable measures to authenticate the identity of any person who makes a request in respect of their Personal Data or otherwise raises any questions.
Privacy-related communications may be directed to:
Travelport
One Axis Park, 10 Hurricane Way
Langley, Berkshire SL3 8AG
Attention: Data Protection Officer / Legal Dept.
T: +44 (0) 1753 288000
F: +44 (0) 1753 288001
OR
Travelport
300 Galleria Parkway
Atlanta, Georgia 30339
USA
Attention: Data Protection Officer / Legal Dept.
T: +1 770 563 7400
F: +1 770 563 7878
Once we receive your inquiry we will investigate the matter and respond to you promptly. We will endeavor to do this within 30 days. If this is not possible, we will endeavor to contact you and let you know about a revised timeframe.
Opting-out
You can ask us to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by going to https://marketing.travelport.com/hs/manage-preferences/unsubscribe-simple?via_redirect=true
Where you opt out of receiving these marketing messages, this will not apply to Personal Data provided to us as a result of a product/service purchases, product/service experience or market research or other transactions and you will continue to receive service updates and market research surveys from us.
If you experience an issue regarding your Personal Data that you cannot resolve directly with Travelport, you may have the right to lodge a complaint with your local Data Protection Authority depending on where you live. We would, however, appreciate the chance to deal with your concerns before you contact your local Data Protection Authority so please contact us in the first instance.
This Privacy Notice is published by Travelport, LP on behalf of the Travelport group companies. Travelport, LP is a Delaware USA limited partnership with its principal place of business located at 300 Galleria Parkway, Atlanta, Georgia 30339, USA, T: +1 770-563-7400, F: +1 770-563-7878.
Effective Date: This Privacy Notice was last updated 28th November 2024.
Notice Owner: Data Protection Officer