UNIGLOBE CARTER TRAVEL WEBSITE PRIVACY NOTICE
Last updated: 26 April 2023
This privacy notice (notice) explains how we, Carter Goodson Travel Ltd trading as Uniglobe Carter Travel, Cranfield Innovation Centre University Way, Cranfield, Bedford, England, MK43 0BT (we, us, our) process your personal data if you use our services, content or features or otherwise engage with us online or offline.
If you have any question about your data protection rights or if you do not understand anything explained in this notice, please contact us by email at GDPR@uniglobecarter.co.uk.
WHO DOES THIS PRIVACY NOTICE APPLY TO?
This notice applies to:
- our corporate customers and their employees and contractors who use our services
- our suppliers and business partners including our travel suppliers
- job applicants
- users of our website, online content and features
- anyone else who interacts with us, if you call, email or visit us or otherwise engage with us online or offline.
WHAT TYPES OF PERSONAL DATA DO WE PROCESS?
“Personal data” means any information that identifies you or relates to you.
Depending on your interaction with us and your use of our services, content and features, this will include your general and contact information, travel information, information about your engagement with us, your profile and other information. For more information, please see the “categories of personal data” section below.
If we make a travel or hospitality booking for you we may need special categories of your personal data in order to complete the booking, such as any special assistance services you require, meal and dietary requirements which may reveal religious beliefs and other sensitive information. We will obtain your consent to process this information for the sole purpose of booking your requested travel and to disclose it to travel suppliers where necessary.
- DATA ACCURACY
We will trust that your personal data is accurate, complete and up to date. We ask that you keep us informed of any changes.
- HOW IS YOUR PERSONAL DATA COLLECTED?
We collect your personal data as follows:
- From you, when you contact us, complete a contact form on our website, subscribe to our newsletter, during your engagement with us for example when you provide your details for us to complete a travel booking for you, when you visit our offices and otherwise.
- From third parties, such as our customer (who will give us your details so we can provide you with travel booking information), recruitment agencies, your referees, social media platforms and other third parties.
- From your user interactions with our website, newsletters, online content and features, for example when you receive and open one of our newsletters].
- From the public domain, such as information on social media, the internet, Companies House or other public records.
If you provide information about others, please ensure you have their consent to do so or let us know if you do not.
- WHY DO WE PROCESS YOUR PERSONAL DATA?
This section explains what personal data is necessary for each purpose. We believe you would not find it helpful to see descriptions of all processing activities that fall under each purpose but please contact us if you have any questions. We keep our processes and data collection under review and will update this notice should any personal data no longer be necessary for the given purpose.
The “lawful basis” column explains how we comply with a technical legal justification for data processing under data protection laws. Please contact us if you have any questions.
|Purpose||Personal data||Lawful basis of processing|
|To assist with your enquiry.||General information.|
|Necessary for our legitimate interest in responding to enquiries and complying with best practice or, as the case may be, necessary for taking steps prior to entering into a contract or the performance of our contract with you.|
|To onboard our corporate customers.||Contact information.|
Your background information.
|Necessary for our legitimate interest in knowing our corporate customers and their officers, directors and shareholders and complying with best practice, as well as complying with our legal obligations.|
|To provide services to our corporate customers and their authorised representatives including to provide travel proposals and to make travel bookings on their behalf.||General information.|
Contact information. Financial information. Public information.
|Necessary for our legitimate interests in performing our contractual obligations to our corporate customers who pay for authorised representatives to use our services|
|To complete travel bookings on behalf of our customers’ authorised representatives, including sharing information about authorised representatives with our customers and sharing advanced passenger information with travel suppliers.||General information |
Financial information Public information. Travel information.
|Necessary for our legitimate interests in performing our contractual obligations to our customers who pay for authorised representatives to use our services and for complying with our legal obligations.|
Where we process special categories of personal data, we do so on the basis of your explicit consent.
|To manage our professional relationship with our customers and prospects using our record management systems and engagement tools, identifying opportunities and contacting you by phone, email and other means.||General information. Contact information.|
|Necessary for our legitimate interest in winning new business, understanding and maintaining our business relationships and administering our business.|
|To provide our online services including our website, content and features to you and the general public which may remember your preferences or include personalised content and services.||Technical information. Usage information Profile information||Necessary for our legitimate interest in providing our online services to our clients and the public and complying with best practice, the performance of our contract with you as our client and compliance with our legal obligations.|
Where required by law, we rely on your consent to deploy cookies or similar technologies on your device or to read information on your device except where necessary for essential services. Your consent is obtained if you select your choices in our cookie panel. Your choices will extend to first party and third party cookies.
|To send you service communications about matters relevant to your use of our services and your engagement with us, changes in our terms, surveys and other feedback requests, etc.||General information|
|Necessary for the performance of our contract with you and our legitimate interest in understanding how our services are used, views about our services and keeping our users informed.|
|To send you relevant marketing communications including our newsletter, by email, phone and/or text message.||Contact information|
|Consent or, as the case may be, necessary for our legitimate interest in promoting our organisation.|
|To assess your job application and for business administration purposes. |
For example, if you apply for a job, we will review your CV, publicly available information about you, information from your previous employers and professional references.
|General information Contact information Profile information Public information|
|Necessary for our legitimate interest in considering applications, responding to queries and, as the case may be, necessary for taking steps prior to entering into a contract. Special categories data may be processed as is necessary in the context of employment and social security laws.|
|To develop and improve our services, content and features and organisation including measurement of engagement, activity and analytics and development for our internal business purposes.||Anonymised usage information, Profile information, |
|Necessary for our legitimate interest in service development and keeping our services relevant. |
Where required by law, we rely on your consent to deploy cookies or similar technologies on your device or to read information on your device except where necessary for essential services.
|To ensure the proper administration of our organisation, including to: |
• keep appropriate records;
• resolve complaints;
• enforce our terms; • debt collection; and
|All personal data as is necessary and|
|Necessary for compliance with our legal obligations,to establish, exercise or defend legal claims and necessary for our legitimate interest in the proper administration of our organisation and services and protecting our reputation.|
|To ensure information security ofour information systems, premises, meetings and communications.||To ensure information security of our information systems, premises, meetings and communications.||Necessary for our legitimate interest in ensuring the security of people, our organisation and assets and compliance with our contractual obligations, and as necessary for compliance with our legal obligations.|
|To ensure your health and safety at our premises or to make reasonable adjustments on account of your disability.||General information|
|Necessary for our legitimate interest in ensuring health and safety and good accessibility at our premises in the substantial public interest and complying with our legal obligations.|
|To engage our third party service providers and advisors who may process your personal data on our behalf or otherwise to facilitate the provision of our services and the fulfilment of essential service functions including cloud storage, telecommunications, information security, professional advice and other services.||To engage our third party service providers and advisors who may process your personal data on our behalf or otherwise to facilitate the provision of our services and the fulfillment of essential service functions including cloud storage, telecommunications, information security, professional advice and other services.||Necessary for our legitimate interest in providing our services and running our organisation.|
|To monitor interactions and operations for the prevention and detection of crime including fraud, and share information with law enforcement authorities and other stakeholders.||All personal data as is necessary and proportionate||Necessary for our legitimate interest in protecting people, our organisation and assets and detecting and preventing crime, and compliance with our legal obligations.|
|To share data with another organisation in accordance with the law for the purposes of a joint venture, collaboration, merger or acquisition.||All information as is lawful, necessary and proportionate||Necessary for our legitimate interest in engaging in activities to promote our organisation and complying with our legal obligations.|
|Processing and sharing your personal data in connection with legal claims, law enforcement or regulatory requests.||All personal data as is necessary and|
|Necessary for compliance with our legal obligations, to establish, exercise or defend legal claims or for our legitimate interest in complying with best practice.|
We may process your personal data for other purposes which are compatible with the existing ones. However, we will obtain your prior consent for any new purpose where required by law.
- WHO IS YOUR PERSONAL DATA DISCLOSED TO?
We may share your personal data with the following third parties:
- Our travel suppliers (airlines, hotels, car rental companies, transportation companies) who provide the actual travel or hospitality requested by you
- Our service providers and partners in the context of the services and advice they provide to us
- Airline operators, to whom we are required to provide your advance passenger information. These operators are required to disclose this information to the governments of countries you visit.
- Our corporate customer, who may need information about your travel or hospitality booking
- Recruitment agent, your former employer or other person proving a reference about you
- HMRC, the Police and other authorities where required by law or best practice
- The public if you interact with us on social media or as required by law
- Third parties where ordered by the court or necessary in establishing, exercising or defending legal claims
- Another organisation in case of a merger, acquisition or collaboration
- Other third parties where you have provided consent
- HOW DO WE SECURE YOUR PERSONAL DATA?
We have put in place appropriate organisational and technical measures to safeguard your personal data that we keep on premise and on our systems. All personal data is password protected and encrypted. We are fully PCI-DSS compliant.
We seek to ensure our third-party service providers do the same. We only appoint service providers under an appropriate contract who provide sufficient guarantees about data security in accordance with applicable law.
No system is completely secure and we cannot fully guarantee the security of your personal data. We will deal with any personal data breach in accordance with our incident response procedure and will notify you and the regulator where we are legally required to do so.
Access to your personal data is restricted on a “need to know” basis.
- HOW LONG IS YOUR DATA KEPT?
We will retain your personal data for as long as it is necessary for the purposes set out above. Generally, your personal data will be kept for 7 years in accordance with IATA requirements, subject to exceptions where required by statute or our practice. If you are a job applicant we will hold your information for a maximum of 12 months.
We review our customers’ traveller information on an annual basis and request validation that travellers are still employed by the customer. If you have left the employment of our customer we will delete your traveller data, and if we are aware that you no longer use our services we will delete your traveller data, but will retain personal data on invoices in accordance with our legal and regulatory obligations.
After the retention period, your personal data will either be securely deleted or anonymised, and it may be used for analytical purposes.
- WHERE WE STORE YOUR PERSONAL DATA
Generally, your personal data will be held in the UK.
However, we may use or make available tools which require the transfer of your personal data outside the UK. In these cases, we will satisfy ourselves that your data protection rights are adequately protected by appropriate technical, organisational and contractual safeguards in accordance with data protection laws before any such transfer.
If you would like us to stop sending you our newsletter or other marketing communications and to process your personal data for direct marketing purposes, please contact us.
You can request to stop receiving our newsletter or other marketing communications at any time by clicking on the unsubscribe link at the bottom of each marketing message and we will add you to a suppression list or otherwise arrange that you no longer receive marketing communications.
Subject to certain exemptions, limitations and appropriate proof of identity, you have the following rights in relation to your personal data:
- Right to information about matters set out in this notice. You may also contact us for further details about our data retention policies, international data transfers and other matters that are unclear.
- Right to make an access request to receive a copy of your personal data held by us.
- Right to rectification of any inaccurate or incomplete personal data.
- Right to withdraw consent previously provided.
- Right to object to our processing of personal data based on our legitimate interests.
- Right to erasure of personal data that is no longer needed.
- Restriction on the processing of personal data.
- Right to human intervention in respect of any automated decision-making without human involvement that significantly affected you.
- Right to data portability from one service provider to another, where applicable.
- Right to lodge a complaint with the Information Commissioner’s Office.
All requests will be processed without undue delay and no later than within one month. If we cannot process your request within this period, we shall explain why and process it as soon as possible thereafter.
THIRD PARTIES MAY PROCESS YOUR PERSONAL DATA
Our website, content and features may involve the use of third party services, social media platforms such as Twitter and Instagram, or other third party services.
We may also share your personal data with third parties, such as credit reference agencies, payment services providers, public authorities and others who process your personal data for their own purposes.
You should check the privacy statements of these third parties and we are not responsible for how they may process your personal data. Please note some of them may use your personal data for business administration, product development or advertising purposes.
CATEGORIES OF PERSONAL DATA
We process the following categories of personal data about you:
|Contact information||including your home or business address, telephone, email and similar information.|
|General information||including your [name, job function, date of birth, gender, details of your enquiry or communication and similar information.|
|Profile information||including your demographic information from our analytics and advertising partners, your preferences and interests known, observed or inferred by using analytics, advertising or other tools and sources including notes of your past interactions with us.|
|Public information||from public registers, databases, social media, the Internet and similar sources.|
|Special categories of personal data||including your race, ethnic origin, religious or philosophical beliefs, sexual orientation, political or trade union affiliation and information about your health.|
|Technical information||including online identifiers, internet protocol (IP) address, details of operating system, browser type, language, time zone setting, location, date and time of access, local storage data and similar information obtained from your device, browser, an APIor similar source.|
|Travel information||including your profile, passport or national identity card details, nationality, travel history and requirements, visa information.|
|Usage information||about how you navigate and engage with our online services and newsletters, features including online activity data such as downloads, clickstream data with URLs visited previously, page interaction, such as scrolling, clicks, and mouseovers, methods used to browse away from our website, information in security logs and similar information|
|including your personal, professional and financial information obtained from you, public sources and third parties such as former employers, colleagues and similar information.|
UPDATES TO THIS NOTICE
If we make any changes to our notice, you will be able to see them on this page, as indicated by the “Last updated” date at the top.
If any such changes significantly affect you, we will ask for your prior consent where we are required to do so by law.