DIRECT TRAVEL PRIVACY NOTICE
Direct Travel Privacy Notice last updated on December 4, 2019
Direct Travel, Inc. d/b/a Direct ATPI Global Travel and its worldwide subsidiaries are committed to protecting your privacy. This Privacy Notice (“Notice”), (collectively “Direct Travel”, “us”, “we”, “our”) explains our privacy practices and provides information on how and why we collect, use and share your personal information through our interaction with you and through our products and services and when you visit our subsidiary websites and sub-domains (“Website”), our mobile applications (“Apps”) or use our communications platforms (“Services”). The policy also describes your choices regarding use, access, deletion and correction of your personal information.
Direct Travel’s Privacy Notice applies to Clients (including Client’s End Users) and Users (all other individuals who use the Direct Travel products, services, apps or website) provide directly to us when they use our Website, Apps, or Services. You may choose not to provide certain information to us but doing so may restrict your ability to use our Services. If you have any questions or concerns about our use of your personal information, please contact us using the contact details provided at the bottom of this Notice.
We recommend that you read this Notice in full to ensure you are fully informed. However, if you only want to access a particular section of this Notice, then you can click on the relevant link below to jump to that section.
- Information we collect
- Information we use
- Sharing and disclosure of information to third parties
- Your privacy rights
- Third-party sites
- Data Protection Principles
- Data Retention
- International data transfers
- Children’s privacy
- Updates to this Notice
- Contact Us
INFORMATION WE COLLECT
The personal information that we may collect about you broadly falls into the following categories:
Information which you provide to us
Certain parts of our Website and Services may ask you to provide certain personal information. The personal information that you are asked to provide, and the reasons you are asked to provide it, will be made clear to you at the point we ask you to provide your personal information.
We collect information which you provide directly to us when you use our Website, Apps or Services. The types of personal information we may collect directly from you include email addresses, postal addresses, phone numbers, employee names, government ID, gender, information about the type of service required, marketing preferences, job titles, credit card payment information, transactional information, as well as any communications, inquiries, contact or other information you choose to provide during your use of the Services.
When you provide this personal information, we will only use this information for the specific reason for which it is provided. If you believe that one of your contacts has provided us with your personal information and you would like to request that it be removed from our database, please contact us at firstname.lastname@example.org
Information we collect automatically when you visit our Website or Apps or use our Services
We may collect certain information about your use of the Site through the use of tracking technologies or by other passive means. This “passively collected” information includes, but is not limited to, the domain name of the website that allowed you to navigate to the Site, search engines used, the internet protocol (IP) address used, the length of time spent on the Site, the pages you looked at on the Site, other websites you visited before and after visiting the Site, the type of internet browser you have, the frequency of your visits to the Site, and other relevant statistics, including the following:
Log Information. When you access the Site, our servers automatically record information that your browser sends whenever you visit a website. These server logs may include information such as your web request, IP address, browser type, browser language, the date and time of your request, and one or more cookies (small text files containing a string of characters) that may uniquely identify your browser.
Links. The Site may include links in a format that enables us to keep track of whether these links have been followed by IP addresses. We use this information to improve the quality of our products and design.
Web Beacons. Web beacons (also known as “pixel tags” or “clear GIFs”) are 1×1 single-pixel graphics that allow us to count the number of users who have visited or accessed the Site and to recognize users by accessing our cookies. We may employ web beacons to facilitate Site administration and navigation, to track the actions of users of the Site, to compile aggregate statistics about Site usage and response rates, and to provide an enhanced online experience for visitors to the Site. We may also include web beacons in HTML-formatted e-mail messages that we send to determine which e-mail messages were opened.
Do Not Track. We do not respond to web browser “do not track” signals or other mechanisms that provide consumers the ability to exercise choice regarding the collection of personal information about an individual consumer’s online activities over time and across third-party web sites or online services.
Third Party Tracking. We do not allow third parties to collect personal information about your online activities over time and across different websites when you use the Site.
When you visit our Website, or use our Apps or Services, we may collect certain information automatically from your device. In some countries, including in the European Economic Area, this information may be considered personal data under applicable data protection laws:
Usage information – We keep track of your activity in relation to the Website, Apps or Services, the configuration of their computers, and performance metrics related to their use of the Website, Apps or Services. For example, when you use our Services, we may collect:
- 1. Traffic data about the communications that take place through our platform (such as calls, team chat, video conferencing, SMS,) to enable us to transmit those communications effectively and efficiently;
- 2. Network Monitoring data to enable us to maintain the security and agility of our internal networks;
- 3. Log data about you when they use the Services, Website or Apps including Internet Protocol (“IP”) address, Internet Service Provider (“ISP”), browser type, referring/exit pages, the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system, date/time stamp, and/or clickstream data to analyze trends in the aggregate and administer the site;
- 4. Device data about any device including mobile phone number and other information related to mobile devices like operating system and model if you use our Services via our Apps. For other devices information collected by cookies and other similar technologies. We use various technologies to collect information which may include saving cookies to your computers;
- 5. Call Detail Records of data record produced by a telephone call or other telecommunications transactions. The record contains various attributes of the call, such as time, duration, completion status, source number and destination number;
- 6. Meta data, which is data created about other data which can include size, formatting, other characteristics of a data item;
- 7. Emails/Communications with us; and
- 8. Billing data, which includes any payment data.
Cookies and other similar technologies – We use various technologies to collect information which may include cookies when you visit our Website or use our Apps or Services. Please see the Direct Travel Cookies Notice for further information.
Information we collect from third parties
We learn information about you when businesses interact with us and use our services, including when someone else provides us information about you (e.g., when our Client or a third party (such as an employer, travel agency, global distribution system, travel supplier, etc.) provides us your information in order for us to perform Services for them.
We may collect the names and e-mail addresses of individuals from third parties to market our products/services to these individuals. This collection of information and marketing is always carried out in compliance with applicable law. We only receive this information where we have checked that these third parties either have your consent or these third parties are otherwise legally permitted or required to disclose your personal information to us.
We may receive personal information about you from other sources, including publicly available databases or third parties from whom we have purchased data, and combine this data with information we already have about you, in accordance with applicable laws. This helps us to update, expand and analyze our records, identify new Clients, and provide products and services that may be of interest to you.
We may collect personal information about you from other applications you may use if you choose to integrate Direct Travel Apps or Services with other Apps or Services.
INFORMATION WE USE
We may use the information we collect from you for a range of purposes, including to:
- Administer, operate, protect and maintain the Website, Apps or Services;
- Process and complete transactions, and send related information, including transaction confirmations and invoices;
- Manage and improve your use of the Website, Apps or Services;
- Prepare and provide you testimonials regarding the Website, Apps and/or Services;
- To help deliver our Website, Apps, or Services to Clients for service and support;
- Investigate and prevent fraudulent activities, unauthorized access to the Website, Apps or Services, and other illegal activities; and
- For any other purposes about which we notify and receive your consent from you;
- To help personalize your experience and retarget you for advertising purposes;
- Respond to inquiries and requests and to provide you with information and access to resources that you have requested;
- Aggregate and analyze your and use of the Website, Apps or Services for trend monitoring, marketing advertising purposes; and
- Send you technical alerts, updates, security notifications, and administrative communications.
We and our third-party marketing service providers may also use the information Clients send to us for our marketing purposes, if this is in accordance with your marketing preferences and applicable law. However, you may opt out of our marketing efforts. For further information, see the “Unsubscribe from our Mailing List” and “Do Not Sell My Personal Information” sections below.
Legal basis for processing personal information (EEA only)
Definitions of certain terms (including but not limited to Data Subject, Personal Data, Processing, Legal Basis, Data Processor, Data Controller) within this notice are defined under Article 4 of the European General Data Protection Regulation 2016/679 (GDPR) found here: GDPR Definitions.
If you are from the European Economic Area (EEA), our legal basis for collecting and using your personal data described above will depend on the personal data concerned and the specific context in which we collect it. This notice provides mandatory information as required under Articles 13 and 14 of the GDPR regarding the transparency of data processing of your personal data as the Data Subject.
Direct Travel will act as a Data Processor where your employer is our Client acting as Data Controller. Under written contract, the Data Controller will pass personal data of their employees to Direct Travel to manage and process employee travel arrangements in connection with their business. It is this contract which forms the ‘Legal Basis’ for the processing of personal data carried out by Direct Travel in these circumstances.
Direct Travel will become a Data Controller if it collects additional personal data directly from you only where we have your consent to do so, and where we need the personal data to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect the personal data in question.
If we ask you to provide personal data to comply with a legal requirement or enter into a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal data is mandatory or not (as well as of the possible consequences if you do not provide your personal data).
Similarly, if we collect and use your personal data in reliance on our or a third party’s legitimate interests and those interests are not already listed above (see “Information We Use” section), we will make clear to you at the relevant time what those legitimate interests are.
Direct Travel acts as a Data Controller for any personal data held regarding its own employees, and legally processes this data under its Contract of Employment with those Data Subjects.
If you have questions about or need further information concerning the legal basis on which we collect and use your personal data, please contact us using the contact details provided under the “Contact Us” section below.
SHARING AND DISCLOSURE OF INFORMATION TO THIRD PARTIES
To fulfill the travel arrangements on your behalf, it will in most cases be necessary to process personal information via a third party (these will include but are not limited to airlines, hotels, car hire companies, and Visa or Passport companies). Personal information shall only be transferred to, or processed by, third party companies where such companies are necessary for the fulfillment of the travel arrangements.
We may share and disclose your information that we collect with the following third parties for the purposes of providing you travel management services:
- Direct Travel or any of its affiliates consistent with this Notice for data processing;
- Business partners, contractors, vendors, and authorized third party agents, to:
- Operate, deliver, improve and customize our Services
- Provide support and technical services;
- Send marketing and other operational communications related to our Services;
- Enforce our acceptable use policy;
- Law enforcement agencies, regulatory or governmental bodies, or other third parties in order to respond to legal process, comply with any legal obligation; protect or defend our rights, interests or property or that of third parties; prevent or investigate wrongdoing in connection with the Website, Apps or our Services;
- Any third parties in connection with prospective or actual, sale, merger, acquisition, financing or reorganization of our business.
For EEA persons only:
Personal Data shall not be transferred to a country or territory outside the EEA unless the transfer is made to a country or territory recognized by the EEA as having an adequate level of data security, or is made with the consent of the Data Subject, or is made to satisfy the Legitimate Interest of Direct Travel in regard to its contractual arrangements with its Clients.
All internal group transfers of Personal Data shall be subject to written agreements under the Company’s Intra Group Data Transfer Agreement (IGDTA) for internal data transfers which are based on Standard Contractual Clauses recognized by the European Data Protection Authority.
YOUR PRIVACY RIGHTS
Update and access to your information
Where we process personal information collected via our Website or Apps or via our Services for our own account management, billing or marketing purposes, we provide individuals with the opportunity to access, review, modify, and delete any such personal information that we process as required by the applicable law of your residence.
Unsubscribe from our mailing list
You may at any time ask us to remove you from our mailing list by clicking “Unsubscribe” in any e-mail communications or push notification we send you, or by going to our unsubscribe webpage to submit a request. We will remove you from our mailing list in accordance with applicable laws.
Your Privacy Rights as an EEA Person
In addition, if you are from the EEA, you may have broader rights to access and delete your personal data, to object to or restrict processing of your personal data, or request portability of your personal information.
To make such requests, you can send an email to GDPRinquiries@dt.com or write to us at the mailing address in the “Contact Us” section below. We will consider and handle all requests in accordance with applicable laws.
If we have collected and processed your personal data with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal data conducted in reliance on lawful processing grounds other than consent.
You also have the right to complain to your local data protection authority at any time. In general, when processing personal data to provide our Services, we do so only on behalf of our EEA Clients and in accordance with their instructions. This means that if you wish to access, review, modify or delete any personal data we process on behalf of a Direct Travel Client, under applicable EEA law or otherwise, you should contact that Client with your request. We will then help them to fulfill that request in accordance with their instructions.
Your Privacy Rights as a California Resident
Beginning January 1, 2020, if you are a California resident, you may have certain rights under the California Consumer Privacy Act of 2018 (CCPA). You need not be physically present in the state of California to exercise these rights, provided that you have a current California residence.
Rights to Access and Data Portability:
You have the right to request that we disclose certain information to you about the collection and use of your personal information over the preceding twelve (12) months. Once we receive and confirm your verifiable consumer request, we will disclose to you:
(1) information identifying each third-party company to whom we may have disclosed, within the past year, personal information pertaining to you for our direct marketing purposes;
(2) a description of the categories of personal information disclosed with third parties;
(3) our business or commercial purposes for collecting or selling that personal information;
(4) the specific pieces of personal information we collected about you (also known as a data portability request);
(5) if we sold or disclosed your personal information for a business or commercial purpose, two separate lists disclosing (a) sales, identifying the categories that each category of recipient purchased; (b) disclosures for a business purpose, identifying the categories that each category of recipient obtained.
Right to Request Deletion:
You have the right to request that we delete any of the personal information we collected from you and retained, subject to certain exceptions.
We may deny your deletion request if retaining the information is necessary for us or our service providers to:
- Complete transaction for which we collected the personal information, provide the service you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise reasonably perform our contract with you or on behalf of you for our Clients;
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.);
- Comply with a legal or regulatory obligation;
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such acts;
- Debug products and software to identify and repair errors that impair existing intended functionality;
- Enable solely internal uses that are reasonably aligned with consumer expectations based on our dealings and your relationship with us;
- Make other internal and lawful uses of that information which are compatible with the context that you provided said information.
If you are a California resident who qualifies to receive such an accounting or would like to exercise a deletion or data portability request, please email CCPAinquiries@dt.com, or contact us at (888) 546-1504, and we will contact you within 10 days of such request and will be required verify your identity.
Please note that, in order to better safeguard your privacy and the privacy of others, we may (to the extent permitted — and/or required — by applicable law/regulation) ask you to provide additional information to verify your identity and/or residency before processing any data-related requests. We strive to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require additional time, we will inform you of the reason and extension period in writing. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests and for CCPA compliance, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance, specifically by electronic mail communication.
There is no charge for making privacy-related requests or responding to your verifiable consumer requests unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will inform you of our decision and why, and provide you with a cost estimate for you to consent to before completing your request.
Click the above to submit a request as a California resident under CCPA.
This Notice does not apply to, nor are we responsible for, the privacy, information or other practices of any third parties, including any third party operating any site or service to which the Website links including but not limited to social media sites. The inclusion of a link on the Website does not imply our endorsement of the linked site or service. You should check the privacy notices of those sites before providing your personal information to them.
Keeping your information secure is important to us. We maintain a variety of appropriate technical and organizational safeguards to protect your personal information both during transmission and once it is received. Direct Travel has no control over or responsibility for the security or privacy policies or practices of other sites on the Internet you might visit, interact with, or from which you might buy products or Services, even if you visit them using links from our Website.
Please note that no website, mobile app or service is completely secure and so, while we endeavor to protect our Clients’ information using the measures described above, we cannot guarantee that unauthorized access, hacking, data loss or a data breach will not occur.
DATA PROTECTION PRINCIPLES
For EEA Data Subjects, Direct Travel has adopted the following principles to govern its collection and processing of Personal Data:
- Personal Data shall be processed lawfully, fairly, and in a transparent manner.
- The Personal Data collected will only be those specifically required to fulfill travel, accommodation, or other travel-related requirements. Such data may be collected directly from the Data Subject or provided to Direct Travel via his /her employer. Such data will only be processed for that purpose.
- Personal Data shall only be retained for as long as it is required to fulfill contractual requirements, or to provide statistics to our Client Company.
- Personal Data shall be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are collected and/or processed. Personal Data shall be accurate and, where necessary, kept up to date.
- The Data Subject has the right to request from Direct Travel access to and rectification or erasure of their personal data, to object to or request restriction of processing concerning the data, or to the right to data portability. In each case such a request must be put in writing and sent to GDPRInquiries@dt.com.
- Personal Data shall only be processed based on the legal basis as explained above, except where such interests are overridden by the fundamental rights and freedoms of the Data Subject which will always take precedent. If the Data Subject has provided specific additional Consent to the processing, then such consent may be withdrawn at any time (but may then result in an inability to fulfil travel requirements).
- Direct Travel will not use personal data for any monitoring or profiling activity or process, and will not adopt any automated decision making processes.
- The Data Subject has the right to make a complaint directly to a supervisory authority within their own country. Direct Travel’s Data Protection compliance is supervised by:
Darryl Hoover, CTO
7430 East Caley Avenue
Centennial CO 80111
We will retain your personal information for no longer than is necessary to fulfill the purposes for which the information was originally collected unless a longer retention period is required or permitted by law, for legal, tax or regulatory reasons, or other legitimate and lawful business purposes.
Where we have no ongoing legitimate business need to process your personal information, we will either delete, aggregate or otherwise anonymize it.
INTERNATIONAL DATA TRANSFERS
Your personal information may be transferred to, and processed in, countries other than the country in which you are resident. Specifically, information collected outside the United States, including in the EEA, may be transferred to and stored on our servers in the United States, Canada, and potentially in other countries where our group of companies and third-party service providers and partners operate. These countries may have data protection laws that are different to the laws in your country (and in some cases, may not be as protective).
However, we have taken appropriate safeguards to ensure that your personal information will remain protected in accordance with this Notice and applicable laws. For example, in respect of personal information originating from the EU and Switzerland, Direct Travel has self-certified to the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks, which can be verified here. Please click here to view our Privacy Shield Notice.
Under certain conditions, more fully described on the Privacy Shield website, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
Children are not eligible to use our Websites, Apps or Services, and we ask that minors (children under the age of 18) not submit any personal information to us. If you are a minor, you can use the Site only in conjunction with your parents or guardians.
UPDATES TO THIS NOTICE
We may update this Notice from time to time in response to changing legal, technical, or business developments. If we change our Notice, we will post those changes on this page in addition to updating the “Last Updated” date at the top of this webpage. If we make changes, we will notify you more directly, for example by posting a notification or message on the Website or by emailing you prior to such changes taking effect. We encourage you to review this Notice regularly to stay informed of the latest modifications.
If you have any questions, comments or concerns about this Notice, please e-mail us at email@example.com. Or, you can write to us at:
Attn: Legal Team
7430 E. Caley Avenue, Suite 320
Centennial, CO 80111