CORPORATE TRAVEL MANAGEMENT Privacy Policy

Last Updated: December 15th, 2020

Corporate Travel Management North America Inc. and its subsidiaries and affiliated companies (collectively, “CTM“, “we“, “our“, or “us“) know that you care how information about you is used and shared, and we are committed to protecting your privacy through our compliance with this policy. This policy describes our practices in connection with personal information we collect through our domestic and international websites (collectively, our “Sites“) and through our web-based and mobile software applications and services (collectively, our “Applications”).

 

Please review this policy carefully and in its entirety to understand our policies and practices regarding the collection of personal information about you, whether via our Sites, our Applications or from other sources, and how we will treat such personal information. 

INFORMATION WE COLLECT

In order to provide our services, CTM may collect, use and disclose your information, including your personal data.  Personal data is any information that can be used to identify you or that we can link to you. You may be asked to provide certain information when you use our services; however, you do have choices about the data we collect.  When you are asked to provide personal data, you may decline, but if you choose not to provide data that is necessary to provide the services or a particular product or feature, you may not be able to receive the services or use that product or feature.  The data we collect can include the following:

 

  • Names and contact information (e.g., telephone number, fax number, e-mail address);
  • Travel information (e.g., passport number, visa, driver’s license number, TSA number, citizenship, date of birth, gender);
  • Travel preferences and trip/meeting preferences and other information (e.g., seat preferences, meal preferences, frequent flyer miles, other personal data provided by you via your profile or other requests);
  • Payment and bank information (e.g., credit card data); and
  • Credentials, such as logins, employee IDs, passwords and user IDs.


Unless you provide consent, CTM will not collect or share your information for direct marketing purposes. 

HOW WE COLLECT YOUR INFORMATION

CTM may collect your information, including personal data:

  • Directly from you when you access certain of our services, including when you communicate with us via e-mail or other channels;
  • From other third party sources, including the company you are employed by or are otherwise traveling or attending a meeting on behalf of; and
  • From the Sites and Applications used by CTM or accessible through our services.

Each CTM Site or Application will contain a notice that describes the data collection practices applicable to the use of that particular Site or Application. 

HOW WE USE YOUR INFORMATION

CTM may use the information concerning you that we collect or that is provided to us, including personal data, for any of the following purposes:

 

  • To provide our services and fulfill our obligations to you and/or your employer or the company you are otherwise traveling or attending a meeting on behalf of;
  • To fulfill a request made by you, your employer or the company you are otherwise traveling or attending a meeting on behalf of;
  • To communicate with you via e-mail, postal mail, telephone/mobile devices or our Sites or Applications;
  • To provide customer care and support services;
  • To process payments for purchases made by you, your employer or the company you are otherwise traveling or attending a meeting on behalf of;
  • To send you information or materials about products or services that may be of interest to you. Where required, we will obtain your consent before sending such marketing messages.
  • To generate pseudonymized or aggregated profiles and use such data for reporting and analytic purposes;
  • As we believe to be reasonably necessary or appropriate: (a) under applicable law, including laws outside your country of residence; (b) to comply with legal process; (c) to respond to requests from public and government authorities; (d) to carry out our obligations and enforce our terms and conditions applicable to our products and services, including for billing and collection purposes; (e) to protect our operations or those of any of our affiliates; (f) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others; (g) to allow us to pursue available remedies or limit the damages that we may sustain; and (h) to protect against or identify fraudulent transactions;
  • To fulfill any other purpose for which you provide it or with your consent.

HOW WE SHARE YOUR INFORMATION

Your information, including personal data, collected by CTM may be shared with or disclosed to:

 

  • CTM affiliates, joint ventures, partners, subcontractors and agents as necessary to provide our products and services;
  • CTM contractors, service providers and other third parties providing ancillary services to support our business (e.g., payment processors, data analytics providers, technology development);
  • Third party service providers to fulfill travel arrangements and reservations (e.g., Global Distribution Systems (GDSs), airlines, trains, rental car and other ground transportation companies, hotels, cruise lines and other related travel vendors for booking/ticketing purposes, industry reporting authorities, technology vendors, including, without limitation, online booking tool providers, meeting registration software providers and audio visual companies, and visa and passport providers and/or verification services);
  • Your employer or the company you are otherwise traveling or attending a meeting on behalf of for reporting, auditing, tracking and other purposes as necessary;
  • Third party service providers you, your employer, or the company you are otherwise traveling or attending a meeting on behalf of request we send personal data to (e.g., safety and tracking information providers, companies providing weather information or travel alerts, successor organizations and other travel management companies);
  • A third party in the event of a merger, divestiture, restructuring, reorganization, dissolution or other sale or transfer of some or all of CTM’s assets, whether as a going concern or as part of bankruptcy, liquidation or similar proceeding, in which personal data held by CTM is among the assets transferred;
  • As we believe to be reasonably necessary or appropriate: (a) under applicable law, including laws outside your country of residence; (b) to comply with legal process; (c) to respond to requests from public and government authorities; (d) to carry out our obligations and enforce our terms and conditions applicable to our products and services, including for billing and collection purposes; (e) to protect our operations or those of any of our affiliates; (f) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others; (g) to allow us to pursue available remedies or limit the damages that we may sustain (e.g., exchanging information with other companies and organizations for the purposes of fraud protection and risk reduction); and
  • For any other purpose with your consent.

LINKS TO THIRD PARTY WEBSITES

When sharing with or disclosing your personal data to other parties, including CTM’s related companies, affiliates, subsidiaries, joint ventures, partners, subcontractors and agents who provide products or services, your personal data may be transferred to countries with data protection laws providing a lower standard of protection for your personal data than your country of residence. 

 

CTM will transfer your personal data in compliance with applicable data protection laws, including having adequate mechanisms in place to protect your personal data when it is transferred internationally (e.g., complying with the EU-U.S. Privacy Shield Framework, Standard Contractual Clauses).  Additional information about CTM’s compliance with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use and retention of personal data transferred from the European Union to the United States can be found here.

CROSS-BORDER TRANSFERS OF YOUR INFORMATION

When sharing with or disclosing your personal data to other parties, including Travel and Transport’s related companies, affiliates, subsidiaries, joint ventures, partners, subcontractors and agents who provide products or services, your personal data may be transferred to countries with data protection laws providing a lower standard of protection for your personal data than your country of residence.

Travel and Transport will transfer your personal data in compliance with applicable data protection laws, including having adequate mechanisms in place to protect your personal data when it is transferred internationally (e.g., complying with the EU-U.S. Privacy Shield Framework, Standard Contractual Clauses). Additional information about Travel and Transport’s compliance with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use and retention of personal data transferred from the European Union to the United States can be found here.

HOW WE PROTECT YOUR INFORMATION

CTM uses appropriate technical and organizational security measures to protect the personal data CTM holds on its network and systems from unauthorized access, disclosure, destruction, and alteration.  We conduct periodic reviews of our data collection, storage, processing, and security measures to verify we are only collecting, storing and processing personal data that is required for our products and services and to fulfill our contractual obligations.  While we make every effort to protect the integrity and security of our network and systems, we cannot guarantee, ensure, or warrant that our security measures will prevent illegal or unauthorized activity related to your personal data.  When using our services, you should be aware that no data transmission over the Internet or storage system can be guaranteed as totally secure.  Although we strive to protect your personal data, we do not warrant the security of any data and information that you transmit to us over the Internet and you do so at your own risk.  Please notify us immediately if you believe your password or any of your personal data has been misused. 

HOW LONG WE KEEP YOUR INFORMATION

CTM retains personal data for the period necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required or permitted by applicable law. When determining how long to retain personal data, we take into account our need to collect personal information for the provision of our products and services, applicable laws and regulations (including data protection laws) and our contractual and legal obligations.  We may retain records to investigate or defend against potential legal claims.

COOKIES

WHAT ARE COOKIES?

Cookies are small pieces of information created by a website that is stored in your computer either temporarily for that session only (session cookie) or permanently on the hard drive (persistent cookie).  Cookies provide a way for the website to recognize you and keep track of your preferences.  The use of cookies is an industry standard and, as such, you will find that most major websites use them. 

 

Session cookies, also called transient cookies, are stored in temporary memory and do not collect information from your computer.  This type of cookie is tied to your web browser and is typically utilized for website administration, such as keeping your website login (or session) active for a period of time.  They will expire if you reach a default time-out limit, if you clear your browser cache, or when you completely close down your web browser. 

 

Persistent cookies are not deleted when you close your browser but are stored on your computer’s hard drive.  These types of cookies can be used to track your browsing across different sites in order to show you targeted advertisements when you visit.  Other uses of persistent cookies may be stored when that site requires information, such as your preferences, for the next time you visit that site. 

 

Most web browsers are initially set up to accept cookies.  You can reset your web browser to refuse cookies or to indicate when a cookie is being sent.  However, please note that some parts of a website, including this Site, may not function properly if you refuse cookies.  For example, without cookies, the website will not be able to keep you logged in.

OUR USE OF COOKIES

CTM utilizes session cookies in order to keep your website login active for a period of time and to track your preferences selected for that session.  Additionally, we utilize a persistent cookie in order to track that you have accepted our use of cookies so that we do not prompt you again the next time you visit our Site.  CTM does NOT utilize any cookies to track information about your computer or browsing activity from other websites.   

COLLECTION OF INFORMATION FROM CHILDREN UNDER THE AGE OF 13

CTM will never knowingly request personal data from anyone under the age of 13 without first requesting consent from a parent or legal guardian.  Once parental consent is granted, the child’s personal data is treated much like anyone else’s personal data.  Parents or legal guardians can change or revoke the consent choices previously made, and review, edit or request the deletion of their minor children’s personal data by contacting us as set forth below. 

 

YOUR RIGHTS WITH RESPECT TO YOUR PERSONAL DATA

You may choose what personal data (if any) you wish to provide to us.  However, if you choose not to provide certain details, your experience with some or all of our services or products may be affected. 

 

Some data privacy or protection laws may require us to obtain a separate express consent for the processing of your personal data.  Your consent may also be implied in some circumstances, as permitted by applicable law, such as when communications are required to fulfill your requests. 

 

To the extent required by applicable law, you have the right to access your personal data and confirm the processing of your personal data.  Also, where applicable, you have the right to rectify inaccuracies or errors, erase, restrict the processing, object to processing, withdraw consent to the processing of your personal data (or opt-out where applicable), and where applicable, the right to data portability of your personal data.  CTM will handle those requests in the time specified by applicable law. 

 

Please note that oftentimes CTM collects personal data under the direction of its customers, including the company you are employed by or are otherwise traveling or attending a meeting on behalf of.  Your use of our products and services may be subject to such company’s policies, if any.  If such company is administering your use of our products or services, please direct your privacy inquiries to the administrator of such company. 

YOUR CALIFORNIA PRIVACY RIGHTS (for California residents only)

California law requires us to provide California residents with additional information regarding how we collect, use, and share your “personal information” as defined in the California Consumer Privacy Act (“CCPA”)). 

 

We discuss in detail above the specific pieces of information we collect from and about you.  For purposes of the CCPA, below are the categories of personal information we collect:

        

  • Identifiers (e.g., a real name, alias, postal address, unique personal identifier, online identifier Internet Protocol address, email address, passport number, or other similar identifiers);
  • Personal information categories listed in the California Customer Records statute (e.g., a name, address, passport number, credit card number, debit card number, or other financial information); some personal information included in this category may overlap with other categories;
  • Protected classification characteristics under California or federal law (e.g., national origin, sex, etc.);
  • Commercial information (e.g., records of products or services purchased or obtained);
  • Audio, electronic, visual, thermal, olfactory, or similar information

 

As detailed above, we may collect such personal information from a variety of sources (such as directly through you, through our Sites or Applications, and from third parties).  Please see above for further details regarding how we use and with whom we share such personal information. 

 

In the preceding 12 months, we have not sold your personal information and will not do so in the future without providing you with notice and an opportunity to opt-out of such sale as required by law. 

 

California law may provide you with certain rights and permit you to: (1) request that we disclose certain information to you about our collection and use of your personal information over the past 12 months and (2) request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions.  If you would like to exercise any of these rights, please contact us at the address and/or email address listed below in the Section titled “How To Contact Us”.  You will be required to verify your identity before we fulfill your request.  We will respond to your requests to the email address or phone number that you have registered with us or we otherwise have on file for you or any other suitable method.  We will not discriminate against you for exercising any of your CCPA rights.  Unless permitted by the CCPA, we will not (i) deny you goods or services, (ii) charge you different prices for goods or services, (iii) provide you with a different level or quality of goods or services, or (iv) suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services. 

 

California’s “Shine the Light” law permits users of our Site or Applications that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes.  To make such a request, please contact us at the address and/or email address listed below in the Section titled “How to Contact Us”. 

HOW TO CONTACT US

If you have any questions about this privacy policy or wish to exercise any of your rights as described in this privacy policy, please contact us as follows: 

 

Corporate Travel Management

 

Attn: Office of the Data Protection Officer

Address: 2120 South 72nd Street

City/State/Zip: Omaha, Nebraska 68124

Email: PrivacyOffice@travelctm.com

 

Except as is otherwise stated or determined by CTM, CTM is a data controller for personal data we collect through the services and products subject to this policy.  Our address is Office of the Data Protection Officer, Corporate Travel Management, 2120 South 72nd Street, Omaha, Nebraska 68124. 

 

Our data protection representative for the European Economic Area can be reached at:

 

Corporate Travel Management

 

The Data Protection Officer

One Carter Lane

London EC4V 5ER

Email: GDPR@travelctm.com

 

CTM will respond to your requests to the email address or phone number that you have registered with us or we otherwise have on file for you or any other suitable method.  Depending on your request, we may review the request with you or the company you are employed by or are otherwise traveling or attending a meeting on behalf of to assist in resolving and responding to the request. 

 

If you feel we have not been able to assist you with your complaint or concern, you may have the right to make a complaint to the data protection authority in your country (if one exists).

CHANGES TO THIS PRIVACY POLICY

CTM reserves the right to revise, amend or modify this privacy policy at any time and in any manner.  When we post changes to this privacy policy, we will revise the “last updated” date at the top of this privacy policy.  We encourage you to periodically review this privacy policy to learn how CTM is protecting your information.