Last Updated: December 15th, 2020
Corporate Travel Management North America Inc. and its subsidiaries and affiliated companies (collectively, “CTM“, “we“, “our“, or “us“) know that you care how information about you is used and shared, and we are committed to protecting your privacy through our compliance with this policy. This policy describes our practices in connection with personal information we collect through our domestic and international websites (collectively, our “Sites“) and through our web-based and mobile software applications and services (collectively, our “Applications”).
Please review this policy carefully and in its entirety to understand our policies and practices regarding the collection of personal information about you, whether via our Sites, our Applications or from other sources, and how we will treat such personal information.
INFORMATION WE COLLECT
In order to provide our services, CTM may collect, use and disclose your information, including your personal data. Personal data is any information that can be used to identify you or that we can link to you. You may be asked to provide certain information when you use our services; however, you do have choices about the data we collect. When you are asked to provide personal data, you may decline, but if you choose not to provide data that is necessary to provide the services or a particular product or feature, you may not be able to receive the services or use that product or feature. The data we collect can include the following:
- Names and contact information (e.g., telephone number, fax number, e-mail address);
- Travel information (e.g., passport number, visa, driver’s license number, TSA number, citizenship, date of birth, gender);
- Travel preferences and trip/meeting preferences and other information (e.g., seat preferences, meal preferences, frequent flyer miles, other personal data provided by you via your profile or other requests);
- Payment and bank information (e.g., credit card data); and
- Credentials, such as logins, employee IDs, passwords and user IDs.
Unless you provide consent, CTM will not collect or share your information for direct marketing purposes.
HOW WE COLLECT YOUR INFORMATION
CTM may collect your information, including personal data:
- Directly from you when you access certain of our services, including when you communicate with us via e-mail or other channels;
- From other third party sources, including the company you are employed by or are otherwise traveling or attending a meeting on behalf of; and
- From the Sites and Applications used by CTM or accessible through our services.
Each CTM Site or Application will contain a notice that describes the data collection practices applicable to the use of that particular Site or Application.
HOW WE USE YOUR INFORMATION
CTM may use the information concerning you that we collect or that is provided to us, including personal data, for any of the following purposes:
- To provide our services and fulfill our obligations to you and/or your employer or the company you are otherwise traveling or attending a meeting on behalf of;
- To fulfill a request made by you, your employer or the company you are otherwise traveling or attending a meeting on behalf of;
- To communicate with you via e-mail, postal mail, telephone/mobile devices or our Sites or Applications;
- To provide customer care and support services;
- To process payments for purchases made by you, your employer or the company you are otherwise traveling or attending a meeting on behalf of;
- To send you information or materials about products or services that may be of interest to you. Where required, we will obtain your consent before sending such marketing messages.
- To generate pseudonymized or aggregated profiles and use such data for reporting and analytic purposes;
- As we believe to be reasonably necessary or appropriate: (a) under applicable law, including laws outside your country of residence; (b) to comply with legal process; (c) to respond to requests from public and government authorities; (d) to carry out our obligations and enforce our terms and conditions applicable to our products and services, including for billing and collection purposes; (e) to protect our operations or those of any of our affiliates; (f) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others; (g) to allow us to pursue available remedies or limit the damages that we may sustain; and (h) to protect against or identify fraudulent transactions;
- To fulfill any other purpose for which you provide it or with your consent.
HOW WE SHARE YOUR INFORMATION
Your information, including personal data, collected by CTM may be shared with or disclosed to:
- CTM affiliates, joint ventures, partners, subcontractors and agents as necessary to provide our products and services;
- CTM contractors, service providers and other third parties providing ancillary services to support our business (e.g., payment processors, data analytics providers, technology development);
- Third party service providers to fulfill travel arrangements and reservations (e.g., Global Distribution Systems (GDSs), airlines, trains, rental car and other ground transportation companies, hotels, cruise lines and other related travel vendors for booking/ticketing purposes, industry reporting authorities, technology vendors, including, without limitation, online booking tool providers, meeting registration software providers and audio visual companies, and visa and passport providers and/or verification services);
- Your employer or the company you are otherwise traveling or attending a meeting on behalf of for reporting, auditing, tracking and other purposes as necessary;
- Third party service providers you, your employer, or the company you are otherwise traveling or attending a meeting on behalf of request we send personal data to (e.g., safety and tracking information providers, companies providing weather information or travel alerts, successor organizations and other travel management companies);
- A third party in the event of a merger, divestiture, restructuring, reorganization, dissolution or other sale or transfer of some or all of CTM’s assets, whether as a going concern or as part of bankruptcy, liquidation or similar proceeding, in which personal data held by CTM is among the assets transferred;
- As we believe to be reasonably necessary or appropriate: (a) under applicable law, including laws outside your country of residence; (b) to comply with legal process; (c) to respond to requests from public and government authorities; (d) to carry out our obligations and enforce our terms and conditions applicable to our products and services, including for billing and collection purposes; (e) to protect our operations or those of any of our affiliates; (f) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others; (g) to allow us to pursue available remedies or limit the damages that we may sustain (e.g., exchanging information with other companies and organizations for the purposes of fraud protection and risk reduction); and
- For any other purpose with your consent.
LINKS TO THIRD PARTY WEBSITES
When sharing with or disclosing your personal data to other parties, including CTM’s related companies, affiliates, subsidiaries, joint ventures, partners, subcontractors and agents who provide products or services, your personal data may be transferred to countries with data protection laws providing a lower standard of protection for your personal data than your country of residence.
CTM will transfer your personal data in compliance with applicable data protection laws, including having adequate mechanisms in place to protect your personal data when it is transferred internationally (e.g., complying with the EU-U.S. Privacy Shield Framework, Standard Contractual Clauses). Additional information about CTM’s compliance with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use and retention of personal data transferred from the European Union to the United States can be found here.
CROSS-BORDER TRANSFERS OF YOUR INFORMATION
When sharing with or disclosing your personal data to other parties, including Travel and Transport’s related companies, affiliates, subsidiaries, joint ventures, partners, subcontractors and agents who provide products or services, your personal data may be transferred to countries with data protection laws providing a lower standard of protection for your personal data than your country of residence.
Travel and Transport will transfer your personal data in compliance with applicable data protection laws, including having adequate mechanisms in place to protect your personal data when it is transferred internationally (e.g., complying with the EU-U.S. Privacy Shield Framework, Standard Contractual Clauses). Additional information about Travel and Transport’s compliance with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use and retention of personal data transferred from the European Union to the United States can be found here.
HOW WE PROTECT YOUR INFORMATION
CTM uses appropriate technical and organizational security measures to protect the personal data CTM holds on its network and systems from unauthorized access, disclosure, destruction, and alteration. We conduct periodic reviews of our data collection, storage, processing, and security measures to verify we are only collecting, storing and processing personal data that is required for our products and services and to fulfill our contractual obligations. While we make every effort to protect the integrity and security of our network and systems, we cannot guarantee, ensure, or warrant that our security measures will prevent illegal or unauthorized activity related to your personal data. When using our services, you should be aware that no data transmission over the Internet or storage system can be guaranteed as totally secure. Although we strive to protect your personal data, we do not warrant the security of any data and information that you transmit to us over the Internet and you do so at your own risk. Please notify us immediately if you believe your password or any of your personal data has been misused.
HOW LONG WE KEEP YOUR INFORMATION
CTM retains personal data for the period necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required or permitted by applicable law. When determining how long to retain personal data, we take into account our need to collect personal information for the provision of our products and services, applicable laws and regulations (including data protection laws) and our contractual and legal obligations. We may retain records to investigate or defend against potential legal claims.
WHAT ARE COOKIES?
Session cookies, also called transient cookies, are stored in temporary memory and do not collect information from your computer. This type of cookie is tied to your web browser and is typically utilized for website administration, such as keeping your website login (or session) active for a period of time. They will expire if you reach a default time-out limit, if you clear your browser cache, or when you completely close down your web browser.
Persistent cookies are not deleted when you close your browser but are stored on your computer’s hard drive. These types of cookies can be used to track your browsing across different sites in order to show you targeted advertisements when you visit. Other uses of persistent cookies may be stored when that site requires information, such as your preferences, for the next time you visit that site.
COLLECTION OF INFORMATION FROM CHILDREN UNDER THE AGE OF 13
CTM will never knowingly request personal data from anyone under the age of 13 without first requesting consent from a parent or legal guardian. Once parental consent is granted, the child’s personal data is treated much like anyone else’s personal data. Parents or legal guardians can change or revoke the consent choices previously made, and review, edit or request the deletion of their minor children’s personal data by contacting us as set forth below.
YOUR RIGHTS WITH RESPECT TO YOUR PERSONAL DATA
You may choose what personal data (if any) you wish to provide to us. However, if you choose not to provide certain details, your experience with some or all of our services or products may be affected.
Some data privacy or protection laws may require us to obtain a separate express consent for the processing of your personal data. Your consent may also be implied in some circumstances, as permitted by applicable law, such as when communications are required to fulfill your requests.
To the extent required by applicable law, you have the right to access your personal data and confirm the processing of your personal data. Also, where applicable, you have the right to rectify inaccuracies or errors, erase, restrict the processing, object to processing, withdraw consent to the processing of your personal data (or opt-out where applicable), and where applicable, the right to data portability of your personal data. CTM will handle those requests in the time specified by applicable law.
Please note that oftentimes CTM collects personal data under the direction of its customers, including the company you are employed by or are otherwise traveling or attending a meeting on behalf of. Your use of our products and services may be subject to such company’s policies, if any. If such company is administering your use of our products or services, please direct your privacy inquiries to the administrator of such company.
YOUR CALIFORNIA PRIVACY RIGHTS (for California residents only)
California law requires us to provide California residents with additional information regarding how we collect, use, and share your “personal information” as defined in the California Consumer Privacy Act (“CCPA”)).
We discuss in detail above the specific pieces of information we collect from and about you. For purposes of the CCPA, below are the categories of personal information we collect:
- Identifiers (e.g., a real name, alias, postal address, unique personal identifier, online identifier Internet Protocol address, email address, passport number, or other similar identifiers);
- Personal information categories listed in the California Customer Records statute (e.g., a name, address, passport number, credit card number, debit card number, or other financial information); some personal information included in this category may overlap with other categories;
- Protected classification characteristics under California or federal law (e.g., national origin, sex, etc.);
- Commercial information (e.g., records of products or services purchased or obtained);
- Audio, electronic, visual, thermal, olfactory, or similar information
As detailed above, we may collect such personal information from a variety of sources (such as directly through you, through our Sites or Applications, and from third parties). Please see above for further details regarding how we use and with whom we share such personal information.
In the preceding 12 months, we have not sold your personal information and will not do so in the future without providing you with notice and an opportunity to opt-out of such sale as required by law.
California law may provide you with certain rights and permit you to: (1) request that we disclose certain information to you about our collection and use of your personal information over the past 12 months and (2) request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. If you would like to exercise any of these rights, please contact us at the address and/or email address listed below in the Section titled “How To Contact Us”. You will be required to verify your identity before we fulfill your request. We will respond to your requests to the email address or phone number that you have registered with us or we otherwise have on file for you or any other suitable method. We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not (i) deny you goods or services, (ii) charge you different prices for goods or services, (iii) provide you with a different level or quality of goods or services, or (iv) suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
California’s “Shine the Light” law permits users of our Site or Applications that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please contact us at the address and/or email address listed below in the Section titled “How to Contact Us”.
HOW TO CONTACT US
Corporate Travel Management
Attn: Office of the Data Protection Officer
Address: 2120 South 72nd Street
City/State/Zip: Omaha, Nebraska 68124
Except as is otherwise stated or determined by CTM, CTM is a data controller for personal data we collect through the services and products subject to this policy. Our address is Office of the Data Protection Officer, Corporate Travel Management, 2120 South 72nd Street, Omaha, Nebraska 68124.
Our data protection representative for the European Economic Area can be reached at:
Corporate Travel Management
The Data Protection Officer
One Carter Lane
London EC4V 5ER
CTM will respond to your requests to the email address or phone number that you have registered with us or we otherwise have on file for you or any other suitable method. Depending on your request, we may review the request with you or the company you are employed by or are otherwise traveling or attending a meeting on behalf of to assist in resolving and responding to the request.
If you feel we have not been able to assist you with your complaint or concern, you may have the right to make a complaint to the data protection authority in your country (if one exists).