News

News
Passport & Visa - Updates

Pakistan, India & New Passport Renewal Rules

Read More +
 
GDPR

Reminder of the information Corporate Travel Plus hold

Read More +
 

Privacy Policy

We are committed to protecting and respecting your privacy and take this very seriously.

This document has been designed using the guidance procedures and provided by the Information Commissioners Office (ICO) and in relation to the statutory requirements with regards to our obligations to the General Data Protection Regulation (GDPR).

Our principal for the business is business travel management alongside meetings and events management.  We also offer VIP Leisure services for private individuals and their families.

How our Privacy Policy Statement applies to you
By visiting our Platforms or using any of our products or services, you agree and consent to your personal information being used and disclosed in the manner set out in this Privacy Statement. We will not collect personal information from you unless you have specifically agreed or consented to us doing so.

You do not have to provide your personal information, but if you do not provide certain information we may be limited to provide some products and services to you. Where you refuse to provide mandatory travel information or allow us to disclose it to our suppliers as required to fulfil your request our travel partners will not be able to transport you or fulfil your travel booking. This Privacy Statement forms part of your contract with us for the travel and/or those products or services provided.

The Personal Information we collect 

We may collect personal data directly from you when using our Platforms, contacting us by email, by phone, mobile device or in person. The data collected will be for the purpose of processing the booking request and fulfilling the contract which has been entered into. The data will be shared with suppliers of the travel services required in order for the request to be fulfilled. 

  1. When you register with us for email newsletters, competitions, corporate accounts, loyalty programs, marketing lists or similar services we may collect – title, first name, other names, surname, date of birth, phone number, email address, organisation name and contact details and other information relevant to the service you are signing up for.
  2. When you book a product or service with us we will collect personal information from you which may include – title, first name, other names, surname, date of birth, username and password (if applicable), passport details, phone number, email address, country of residence, emergency contact, destination address where required (e.g. the US) and details of next of kin. If you book a chauffeur or other transport services we will use the information you provide to collect you at your pick up and drop off address (as applicable).
  3. When you are making payment we will collect different information depending on the payment method. For example for credit card payments we will collect – credit cardholder name, address, card number, expiry date and CVC code. 

What we do with your personal information
We use the information provided in the following ways:

  • To fulfil our agreement with you and/or dealing with your booking or intended booking, including processing your booking, sending you your itinerary and tickets or other details relating to your booking and contacting you in regards to your booking. 
  • Managing your wider travel and products or services requirements, for example liaising with and transferring your data to other travel providers, airlines, service providers and/or travel facilitators so that they can facilitate your travel arrangements. 
  • Personalisation of the service you receive, for example being aware of previous travel experiences or preferences, and tailoring the way we provide our products or services to you based on your preferences and profile. 
  • Providing Advanced Passenger Information for passengers landing in certain countries. If you do not provide this information our travel providers may not be able to provide travel and may not be able to provide a refund or re-booking. 
  • Facial recognition and other biometric technologies for identification purposes may be used by ourselves, our travel providers, immigration authorities and airports.
  • Sharing data with loyalty schemes and operators, where you have those accounts. 
  • The provision of access to lounges, and other airport products or services. 
  • Interaction with you at different touch points throughout your journey (for example we may inform you that your trip departure has changed). 
  • To register you with our Platforms and administer our Platforms’ products or services where you have registered to receive these. You can unsubscribe from these Platform products or services at any time
  • To administer any contest, competition, prize draw or your acceptance of any other promotional offer you may enter and notify winners as set out in the applicable terms and conditions.
  • To answer any queries which you may send to us by email or other forms of communication. We may keep a record of these contacts including call recordings (to the extent permitted by applicable law).
  • In order to conduct customer satisfaction surveys and improve the products and services we offer or create new products and services. 
  • To meet our legal compliance obligations or for accounting or audit purposes, including the prevention of fraud for online payments and use of loyalty schemes. 
  • To protect our property, rights and interests as well as the property, rights and interests of other persons. 
  • For legal purposes, such as to respond to a valid legal subpoena or regulatory order. 
  • For credit checking and credit scoring purposes. 
  • For crime prevention and detection.
  • For direct marketing purposes as set out in detail below in the section “How do we use your personal information for marketing purposes? 

What sensitive personal data might we require or hold?
Sensitive personal data includes data about an individual’s health and religion and other categories of personal data which are closely protected. We do not generally collect this information from you (or those you are booking for) but where we do we seek to minimise the collection and use of it.

Where you have notified us of a health issue that you or someone in your booking:

  • May require medical permission to fly, or special conditions or assistance whilst travelling (for example stretcher or oxygen) 
  • Is pregnant
  • Requires special assistance at destinations, during activities or at airports/aircraft

You agree that you have voluntarily provided the information to us and that you consent (and those you are booking for consent) for us to use that information to provide you with these products or services and supply this information to our suppliers (for example airlines) in order to determine your fitness to avail yourself of our products or services. 

Where your religion or health status could be inferred from meal preferences, we will not link this information or use it in any other way other than to fulfil your meal request.

In each case, you specifically consent (on your behalf and on behalf of those you are booking for) that we can use and transfer outside your local country to anywhere in the world where you are travelling. 

Who we might share your personal information with

We may disclose information about you as follows:

  • To governments, border control agencies, regulators and others as permitted or required by law, in relation to Advance Passenger Information or such other legal requirements as apply from time to time when travelling to or from a particular country 
  • To third parties whose products or services you are purchasing such as airlines, tour operators, hotel and car hire 
  • To our third party service providers and processors, as set out below
  • To third party social media platforms to provide social media platforms to deliver the user’s requested functionality 
  • In referrals to airline/hotel/car rental loyalty schemes as set out in their terms 
  • We may also disclose your personal information as permitted or required by law. For example we will disclose personal information to those governmental bodies who have authority to obtain it, in order to comply with a warrant or subpoena issued by a court of competent jurisdiction, and to comply with record production requirements
  • To anyone to whom we transfer or may transfer our rights and duties under our agreement with you
  • Where you have authorised someone else to manage your booking 
  • To customs and/or immigration departments or other regulatory authorities in your country of departure and/or destination (or countries you transit through or overfly during your journey) in order to comply with the law in those countries 
  • If we have a duty to do so or if the law allows us to do so 
  • To our employees and agents to do any of the above on our behalf, now or in the future. 

How do we use your personal information for marketing purposes?
By becoming a subscriber or by making a booking on our websites, booking tools or directly with a sales consultant you consent to receive from us our e-newsletters/marketing and details of special offers or products which we think may be of interest to you. Your information will be held for our internal use to allow us to improve the services and products we offer, your customer experience and to enable us to comply with our contractual obligations.

Information you provide may also be used for statistical purposes. We do not share your information with any third party marketing agencies.

How we work with other service providers
For operational reasons we transfer personal information to service providers who help us manage our systems and processes and to deliver our products or services. These may include: banks and payment card verification providers, marketing organisations (who may provide support for marketing and promotional communications). Internet service providers who administer our Platforms and provide internet services and host our systems. Airlines, tour operator and hotels booking platforms, chauffeurs, airport ground handling and assistance teams, car services agencies. IT service providers and consumer research companies that assist us with understanding consumer interests by conducting surveys. We have implemented safeguards to ensure that our service providers treat personal information in a way that is consistent with the terms of this Privacy Statement and applicable laws, and that it is not used except to fulfil products or services to us or where we believe it is necessary for a legitimate reason connected with the products or services we offer. 

How long do we retain your data for?
We keep records for as long as required to manage bookings and provide the other relevant products or services anticipated by this Privacy Policy, including keeping you up-to-date with our marketing and where we are required to by law or for records purposes. We also retain your information to make your future interactions with us convenient and to personalise the products, services and communications with you.

Consent
By choosing to disclose your personal information to us on our website(s), booking tools, by email or over the telephone you consent to the collection, storage, processing and other use of your personal information by us in the manner set out in this Privacy Policy. Some information and emails sent to us may be used as testimonials or case studies but no email address or contact details will be displayed.

Withdrawing your consent
You do not have to provide us with your personal information. However, if you choose not to provide certain personal information we request and/or require or consent to its use and disclosure we may not be able to fulfil your booking.

If you no longer wish to receive promotional materials you may opt-out of receiving these by contacting us.

By unsubscribing from marketing communications you will still receive operational and service messages from us regarding your booking and responses to your enquiries made to us.

How we protect your information
By submitting your personal data you agree to the storing and processing of this data. We will take all reasonable steps to ensure that your data is treated securely and in accordance with this privacy policy.

If you are making a booking online from our website(s) or booking tools the system is protected by our firewalls and all customer data is stored behind these firewalls in the database servers. We never store full credit card information, the details are sent to the bank to complete the transaction and then discarded. We store certain credit card information (last four digits of credit card number, name on card, start date and expiry date) to help with booking management only. For reasons of security we do not store the full card number or the CVV number (the last 3 digits on the reverse of the card).

We may send your details outside the European Economic Area (EEA), e.g. if your travel is outside the EEA and the hotel needs to be advised of your details. Due to the global nature of the infrastructure of the internet please be aware that controls on data protection outside the EEA may not be as strict as in the UK.

Links to third party sites
Our quotes, confirmations, website and newsletters may contain hyperlinks to websites operated by parties other than us. Such hyperlinks are provided for your reference only. We do not control websites which we do not operate and are not responsible for their contents or your use of them. Inclusion of these links to such websites does not imply any endorsement of the material on such websites or any association with their operators.

Access to information
You have the right to ask us in writing for a copy of the information which we hold about you. This request is known as a Subject Access Request (SAR) Any request should be sent to our email address; res@ctplus.co.uk or by telephone 01283 792979. If you believe that any of your personal information that is held or being processed is incorrect then please contact us immediately. This will be dealt within 30 days of receipt in a meaningful format dictated by Corporate Travel Plus.

Data Breaches

Corporate Travel Plus is ISO 27001 & PCI-DSS Compliant and has a documented incident management process.  Guidance on when and how to report a data breach are documented by the Information Commissioners Office (ICO)

Policy Amendments

We reserve the right to update this privacy policy from time-to-time and will post the most up to date version on our website at any given time without announcement.

The GDPR (General Data Protection Regulation) goes to extra lengths over the current Data Protection Act to protect individual’s privacy, it states individuals have the following rights:

Individual Rights

The right to be informed
All information about the processing of data is provided as per the Privacy Policy.  Additionally, the basis of processing and all details are provided on the ICO (Information Commissioner’s Office) website.

The right of access and rectification
Corporate Travel Plus is a Data Controller / Processor for the purposes of providing its services.   The data is controlled by the customer. The customer is responsible for advising Corporate Travel Plus of any changes to the data held.  Changes should be sent by email or via an updated client profile form.  Our principal form of business is business travel management alongside meetings and events.  We also offer VIP, Leisure and Concierge services for private individuals and their families.

The right to erasure
A request for data to be erased can be made at any time and should be sent by email to Corporate Travel Plus, deletion of the data will be made with immediate effect.

The right to restrict processing
You have the right to ‘block’ or suppress the processing of your personal data.  Any objection of processing data needs to be raised directly to Corporate Travel Plus.   The right to restriction does need to meet the GDPR requirements and this will be assessed as part of the companies plan to comply with the regulation. 

The right to data portability
This allows for personal data to be transferred, moved or copied from IT environment to another in a safe and secure way, without hindrance to usability.  For example a traveler may transfer departments within the same company but data has to be transferred to a new BAR (Business Account Record)

The right not to be subject to automated decision making
At the time of creating this document Corporate Travel Plus does not utilize automated decision making in any of its processes. 

The right to object
As the individual you have the right to object to processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling), direct marketing (including profiling), and processing for the purpose of scientific/historical research and statistics.

Our Contact details
Corporate Travel Plus Ltd, 26 Granary Wharf Business Park, Wetmore Road, Burton on Trent, Staffordshire DE14 1DU

Email – res@ctplus.co.uk

You can also contact our Data Protection Representative, David Slack on 01283 792979

Policy updated 21/05/18