JRV TRAVEL GDPR COMPLIANT PRIVACY POLICY
JRV Travel Management LTD Privacy Policy
Last Updated: May 17, 2019
This Privacy Policy describes how JRV Travel Management LTD (“JRV”, “we”, “our”, or “us”) collects and uses the personal data you provide to us. This Privacy Policy describes what personal data we collect about you, how we collect it, how we use it, with whom we may share it, and what choices you have regarding our use of your personal data. We also describe the measures we take to protect the security of your personal data and how to contact us.
This Privacy Policy applies to the following services we provide to our clients: Corporate travel (online and human interfacing), meetings and events, and leisure travel planning services, including via JRV websites and applications that display or link to this Privacy Policy (hereinafter collectively, the “Services”). Once you leave such websites and applications for others, the privacy policies of the other websites or applications apply.
We encourage you to read this Privacy Policy carefully as it relates to your rights regarding the processing of your personal data. As a user of our Services, you understand and agree that we collect, use, and disclose your personal data in accordance with this Privacy Policy.
JRV materially complies with applicable laws in the jurisdictions in which it operates, including the Regulation (EU) 2016/679 General Data Protection Regulation (GDPR) by May 25, 2018 in its handling of personal data of persons in the European Economic Area. It is in our legitimate business interests to provide you with the Services which use the personal data provided to us for the purposes described herein. Your agreement to the terms of this Privacy Policy is not intended to and does not constitute a “consent” to such terms for purposes of the GDPR.
What personal data does JRV collect?
In the course of providing Services, JRV collects, uses, and discloses personal data. Personal data is any information that can be used to identify you or that we can link to you. You, as traveler, meeting attendee, or user of the Services, may be asked to provide certain personal data when you use our Services, such as:
· Names and contact information (work and home/mobile phone, fax, email, address);
· Traveler and emergency contact names and information;
· Traveler preferences and trip details (e.g. routings, class of service, seat preferences, frequent flyer data, meal preferences, hotel/rail/car and other ground transportation membership data and preferences, special accommodation requests, other personal data supplied by you via your profiles, surveys, or other requests);
· Travel documentation (e.g. passport/visa/driver’s license number, TSA number, citizenship, date of birth, gender);
· Payment data (corporate/personal credit cards) and bank information; and
· Logins, user IDs, passwords, IP addresses, and browsing information.
If you submit any personal data relating to other people in connection with the Services (such as if you make a reservation for another individual), you represent that you have the authority to do so and we will collect, use, and disclose such personal data in accordance with this Privacy Policy.
How does JRV collect personal data?
JRV collects personal data:
· Directly from you when you access various parts of our Services, including when you communicate with us via email or other channels;
· From other sources, for instance the company by which you are employed or on which behalf you are otherwise traveling or for which you are attending a meeting (your “Company” or your “employer”), including such Company’s third parties who may send us your personal data on your or your Company’s behalf; and
· From the network of websites and applications accessible through or utilized by our Services and our company, including third party suppliers (e.g. airlines, hotels, payment card providers) and our JRV related companies, affiliates, subsidiaries, joint ventures, partners, subcontractors, and agents. This includes personal data we collect automatically through our websites and applications, for instance by using cookies and similar technologies.
How does JRV use personal data?
JRV Travel collects and uses your personal data for specified, explicit, and legitimate purposes as described in this Privacy Policy and does not process your personal data further in a manner that is incompatible with those purposes.
JRV uses personal data to:
· Provide its Services and fulfill its obligations to you, your company (if, for example, we have a contract to arrange travel for the employees of your employer) and travelers. These things can include, for example, administering travel/meeting reservations, assisting in managing the travel, provide reporting, provide notices about your account and the Services, informing you of updates to our websites and applications and other changes to our products or Services).
· Communicate with you, for instance by email, postal mail, and phone or via JRV’s websites or applications and to provide you with customer service.
· Understand how our websites and applications are used and provide a customized experience as you use our Services, such as by providing interactive or personalized elements on our Services and providing you with content based on your interests.
· Fulfill a request made by you or your employer for things such as reporting, responding to questions, or other such requests involving your personal data.
· Send you newsletters, marketing emails, and other information or materials that may interest you, as well as showing personalized advertisements. Where required, we will obtain your consent before sending such marketing messages or showing personalized advertisements.
· Generate pseudonymized or aggregated profiles and use such data for reporting and analytic purposes.
· Carry out our obligations and enforce your, our, or other’s rights as we believe reasonably necessary (e.g. billing and collection, fraud prevention, comply with legal obligations, and respond to legal proceedings or requests from legal authorities and law enforcement or other third parties).
To whom does JRV disclose personal data and why?
Personal data collected is shared with or disclosed to:
· JRV and its affiliates, partners, subcontractors, and agents as necessary to fulfill and support the Services, including emergency bookings and assistance, ticket issuance, responding to requests, and assessing or offering promotions.
· Companies we work with to support our business to provide us with ancillary services such as fulfillment, data storage, statistical analysis, technology, development, duty of care, and credit checks.
· Your company for reporting, auditing, tracking and other purposes as necessary under a contract or arrangement we may have with your company, including those of its personnel to whom we are requested to send or provide such personal data.
· Third party service providers to which you or your company request we send personal data. These providers may be companies that secure compensation for delayed, canceled, or overbooked flights on behalf of travelers; provide safety and tracking information; companies that provide weather information, travel alerts, and destination content through applications and tools; successor organizations and other travel management companies, among others.
· Third party service providers to complete travel and related arrangements and reservations and fulfill the Services. These businesses typically include Global Distribution Systems (GDSs); airlines, trains, rental car and other ground transportation companies, hotels, cruise lines, tour providers, destination management companies, and other related travel suppliers for booking/ticketing purposes; industry reporting authorities; equipment and technology vendors, including, without limitation, online booking tool providers, software providers (including onsite and mobile event management solution providers), and audio visual companies; visa and passport providers; credit card companies and payment collection and processing companies.
· Other third parties as we believe reasonably necessary in accordance with applicable laws, including laws outside your country of residence to: (i) satisfy laws, regulations, or governmental or legal requests and processes; (ii) identify, contact, or bring legal action against someone who may be violating our terms of use or policies or otherwise enforce our terms and policies; (iii) operate the Services properly; or (iv) protect JRV and those it serves, including pursuing available remedies or to limit damages that may be sustained (such as exchanging information with other companies, authorities and organizations for the purposes of fraud protection and risk reduction).
We also may use data consolidation companies for the purpose of creating reports and related statistics for benchmarking or other related purposes, including, without limitation, utilizing cumulative statistical data, which may incorporate data acquired from you or your employer for ordinary business purposes customary in our industry and the Services we provide, but without identifying, directly or indirectly, you or your employer.
JRV may be acquired, merge with another business, sell, or liquidate its assets, acquire, or buy other businesses or assets. In such transactions, personal data is generally one of the transferred business assets. In the event of an acquisition, sale, liquidation, or merger, your personal data and non-personal identifying information may be automatically assigned by us in our sole discretion to a third party.
Does JRV disclose personal data across borders?
When sharing with or disclosing personal data to other parties, including to JRV’s affiliates, joint ventures, partners, subcontractors, and agents who provide Services and maintain facilities, your personal data may be transferred to countries with data protection laws that provide a lower standard of protection for your personal data than your country.
We will transfer your personal data in compliance with applicable data protection laws, including having adequate mechanisms in place to protect your personal data when it is transferred internationally, such as Model Clauses or data protection agreements. If you have questions or wish to obtain more information about the international transfer of your personal data or the implemented safeguards, please contact us as provided in this Privacy Policy.
How does JRV store and protect personal data?
Typically, JRV stores personal data on its servers managed internally and with third party providers.
JRV uses appropriate technical and organizational security measures to protect the personal data we hold on our network and systems from unauthorized access, disclosure, destruction, and alteration. We conduct periodic reviews of our data collection, storage, processing, and security measures to verify we are only collecting, storing, and processing personal data that is required for our Services and to fulfill our contractual obligations. While we make every effort to protect the integrity and security of our network and systems, we cannot guarantee, ensure, or warrant that our security measures will prevent illegal or unauthorized activity related to your personal data. When using our Services, you should be aware that no data transmission over the Internet can be guaranteed as totally secure. Although we strive to protect your personal data, we do not warrant the security of any data and information that you transmit to us over the Internet and you do so at your own risk.
In order to protect your personal data, we kindly ask you to not send us credit card information or other similar personal data to us via email. We also encourage you to keep your password confidential and not disclose it to any other person. If you are sharing a computer with anyone you should log out before leaving a site or service to protect access to your password and personal data from subsequent users. Please alert us immediately if you believe your password or any of your personal data has been misused. Please note, we will never ask you to disclose your password or credit card information in an unsolicited phone call or email.
How long does JRV keep my personal data?
JRV retains personal data for the period necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by applicable law. When determining how long to retain personal data, we consider the necessity of the personal data for the provision of our Services, applicable laws and regulations, including data protection laws, and our legal obligations. We may retain records to investigate or defend against potential legal claims. When retention of the personal data is no longer necessary, the data will be deleted or aggregated for analytic purposes.
What about JRV applications?
JRV makes available its online applications (mobile and web based) for download from various application marketplaces. JRV collects usage information for us to improve the application and to deliver a better and more personalized experience. JRV may follow information on your use of our applications (e.g. anonymized statistics on the daily number of visitors, the daily requests for specific usage elements, the countries from which applications and Services are accessed). We use these statistics exclusively for measuring activities and for improvement or adaptation of Services for your benefit. We may also use Google Analytics or other analytics tools and methods to develop anonymized user statistics. JRV uses such statistics for the analysis of activities, the improvement of Services, and for communicating findings and product improvements to your Company and other JRV clients and prospective clients. Such statistics do not contain personal data and cannot be used for the collection of personal data. In accordance with the applications’ terms of use, certain information about you (which may include your email address, itinerary data, and other information you provide voluntarily) may be shared with third parties as stated in this Privacy Policy.
What about links to third party websites and services?
Our Services contain links to third party websites. Some of these websites may allow you to purchase products and services, register to receive materials, or receive new product and service updates. In many cases, you may be asked to provide contact information such as your name, address, email address, phone number, and credit/debit card information. If you use these third-party websites and/or provide your personal data and information, the privacy policy and terms of service on those websites are applicable. We encourage you to carefully read such policies on third party websites before submitting your personal data. JRV is not responsible for and expressly disclaims any and all liability related to the actions of such third-party websites, their privacy policies, or the terms and content of such websites.
How does JRV handle “do not track” requests and use “Cookies” and other similar technologies?
We do not honour web browsers’ Do-Not-Track signals. We process your personal data through our websites and applications in accordance with this Privacy Policy, irrespective of your tracking settings.
We may automatically collect information using “cookies”. You may choose to refuse cookies in your browser, however, that may limit your ability to receive some or all of our Services, and/or some features may not be available to you or may not function properly as a result.
Does JRV collect personal data of children?
Due to the nature of our Services, we may collect travel information, which may include personal information, about children when it is required to comply with the law, including federal aviation or security regulations, or as otherwise required to provide transportation needs and services. We may retain personal information when required to provide transportation and related services to a child. We do not knowingly collect personal information directly from children – persons under the age of 13, or another age if required by applicable law – other than when required to comply with the law or for safety and security reasons.
If you are a parent or guardian of a child who has provided personal information without your knowledge and consent, you may request we remove this child’s information by emailing us at travel@jrv-travel.com.
What are my rights with respect to my personal data?
You may choose what personal data (if any) you wish to provide to us. However, if you choose not to provide certain details, your experience with some or all of our Services may be affected.
To the extent required by applicable law, you have the right to access your personal data and confirm the processing of your personal data. Also, where applicable, you have the right to rectify inaccuracies or errors, erase, restrict the processing, object to processing, and withdraw consent to processing of your personal data, and where applicable, the right to data portability of your personal data. JRV will handle such requests in the time specified by applicable law and where permitted by applicable law, may charge a reasonable administrative fee to cover the costs of responding to any such request.
In some jurisdictions, in addition to you agreeing to this Privacy Policy, data privacy or protection laws may require us to obtain a separate express consent for processing of your personal data. Your consent may also be implied in some circumstances, as permitted by applicable law, such as when communications are required to fulfill your requests.
How can I exercise my rights or make complaints?
If you have any questions about this Privacy Policy or wish to exercise any of your rights as described in this Privacy Policy, please contact us as follows.
JRV will respond to your requests to the email address or phone number that you have registered with us or we otherwise have on file for you or any other suitable method. Depending on your request, we may review the request with you and/or your Company to assist in resolving and responding to the request.
We are committed to working with you to obtain a fair resolution of any complaint or concern you may have about our use of your personal data. If, however, you believe that we have not been able to assist with your complaint or concern, you may have the right to make a complaint to the data protection authority in your country (if one exists in your country).
How are changes to this Privacy Policy handled?
JRV reserves the right to revise, amend, or modify this Privacy Policy at any time and in any manner. When we post changes to this Privacy Policy, we will update the “last updated” date at the top of this Privacy Policy and we encourage you to regularly check this Privacy Policy for changes.