Last Updated: May 1, 2018
APT VISTA TRAVEL SERVIVES limited, trading as Vista Events, VAT no: 099088135.
VE materially complies with applicable laws in the jurisdictions in which it operates, including the Regulation (EU) 2016/679 General Data Protection Regulation (GDPR) by May 25, 2018 in its handling of personal data of persons in the European Economic Area.
The personal Data we collect about you
In the course of providing its Services, VE collects, uses, and discloses personal data. Personal data is any information that can be used to identify you or that we can link to you. You, as traveller, meeting attendee, or user of the Services, may be asked to provide certain personal data when you use our Services, such as:
- Names and contact information (work and home/mobile phone, fax, email, address);
- Traveller/attendee arranger and emergency contact names and information;
- Traveller/attendee preferences and trip/meeting details (e.g. routings, class of service, seat preferences, frequent flyer data, meal preferences, hotel/rail/car and other ground transportation membership data and preferences, special accommodation requests, other personal data supplied by you via your profiles, surveys, or other requests);
- Travel documentation (e.g. passport/visa/driver’s license number, TSA number, citizenship, date of birth, gender);
- Payment data (corporate/personal credit cards) and bank information; and
- Logins, user IDs, employee IDs, passwords, IP addresses, and browsing information.
Amendments and updates to this policy may be made from time to time. Any revisions will be posted on our Websites and where appropriate notified to you by email, so you will always be aware of what personal data we collect and how we use it. Please review the Websites regularly so that you are aware of any changes. It is also important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
How does VE collect personal data?
VE collects personal data:
- Directly from you when you access various parts of our Services, including when you communicate with us via email or other channels;
- From other sources, for instance the company which you are an employee of or are otherwise traveling or attending a meeting on behalf of (“Company”), including such Company’s third parties who may send us your personal data on your or your Company’s behalf; and
- From the network of websites and applications accessible through or utilized by our Services and our company, including third party suppliers (e.g. airlines, hotels, payment card providers) and our VE related companies, affiliates, subsidiaries, joint ventures, partners, subcontractors, and agents. This includes personal data we collect automatically through our websites and applications, for instance by using cookies and similar technologies.
How does VE use personal data?
VE uses personal data to:
- Provide its Services and fulfil its obligations to your Company and attendees (e.g. complete and administer meeting reservations, assist in managing the meeting, provide reporting, provide notices about your account and the Services, inform you of updates to our websites and applications and other changes to our products or Services).
- Communicate with you, for instance by email, post, and phone or via VE’s websites or applications and to provide you with customer service.
- Understand how our websites and applications are used and provide a customized experience as you use our Services, such as by providing interactive or personalised elements on our Services and providing you with content based on your interests.
- Fulfil a request made by you or your Company (e.g. reporting, questions, or other requests about your personal data).
- Send you newsletters, marketing emails, and other information or materials that may interest you, as well as showing personalised advertisements. Where required, we will obtain your consent before sending such marketing messages or showing personalised advertisements.
- Generate pseudonymized or aggregated profiles and use such data for reporting and analytic purposes.
- Carry out our obligations and enforce your, our, or other’s rights as we believe reasonably necessary (e.g. billing and collection, fraud prevention, comply with legal obligations, and respond to legal proceedings or requests from legal authorities and law enforcement or other third parties).
Who does VE disclose personal data to and why?
Personal data collected is shared with or disclosed to:
- VE and its related companies, affiliates, subsidiaries, joint ventures, partners, subcontractors, and agents as necessary to fulfil and support the Services, including emergency bookings and assistance, ticket issuance, responding to requests, and assessing or offering promotions.
- Companies VE uses to support its business who provide ancillary services (e.g. fulfilment, surveys, storage, statistical analysis, technology, development, credit checks (as applicable)).
- Your Company for reporting, auditing, tracking and other purposes as necessary with your Company, including those of its personnel they request we send or make personal data available to.
- Third party service providers you or your Company request we send personal data to (e.g. providers who secure compensation for delayed, cancelled, or overbooked flights on behalf of travellers; safety and tracking information providers; companies providing weather information, travel alerts, and destination content through solutions and tools; entities who collect travel information on behalf of airline carriers for the purpose of such entities forwarding it on to certain airlines for tracking of negotiated fares between airlines and your Company; successor organizations and other travel management companies).
- Third party service providers to complete travel and attendee arrangements and reservations and fulfil the Services; airlines, trains, rental car and other ground transportation companies, hotels, cruise lines, and other related suppliers for booking/ticketing purposes; industry reporting authorities; equipment and technology vendors, including, without limitation, online booking tool providers, meeting registration software providers (including onsite and mobile event management solution providers), and audio visual companies; visa and passport providers; credit card companies and payment collection and processing companies).
Does VE disclose personal data across borders?
When sharing with or disclosing personal data to other parties, including to VE’s related companies, affiliates, subsidiaries, joint ventures, partners, subcontractors, and agents who provide Services and maintain facilities, your personal data may be transferred to countries with data protection laws providing a lower standard of protection for your personal data than your country.
How does VE store and protect personal data?
Typically, VE stores personal data on its servers managed internally and with third party storage providers.
VE uses appropriate technical and organizational security measures to protect the personal data VE holds on its network and systems from unauthorized access, disclosure, destruction, and alteration. We conduct periodic reviews of our data collection, storage, processing, and security measures to verify we are only collecting, storing, and processing personal data that is required for our Services and to fulfil our contractual obligations. While we make every effort to protect the integrity and security of our network and systems, we cannot guarantee, ensure, or warrant that our security measures will prevent illegal or unauthorized activity related to your personal data. When using our Services, you should be aware that no data transmission over the Internet can be guaranteed as totally secure. Although we strive to protect your personal data, we do not warrant the security of any data and information that you transmit to us over the Internet and you do so at your own risk.
To protect your personal data, we kindly ask you to not send us credit card information or other similar personal data to us via email. We also encourage you to keep your password confidential and not disclose it to any other person. If you are sharing a computer with anyone you should log out before leaving a site or service to protect access to your password and personal data from subsequent users. Please alert us immediately if you believe your password or any of your personal data has been misused. Please note, we will never ask you to disclose your password or credit card information in an unsolicited phone call or email.
How long does VE keep my personal data?
What about VE applications?
What about links to third party websites and services?
How does VE handle “do not track” requests and use “Cookies” and other similar technologies?
Does VE collect personal data of children?
VE does not knowingly collect personal data from children. Individuals under 18 years of age should not use our Services to submit any personal data about themselves.
What are my rights with respect to my personal data?
You may choose what personal data (if any) you wish to provide to us. However, if you choose not to provide certain details, your experience with some or all our Services may be affected.
To the extent required by applicable law, you have the right to access your personal data and confirm the processing of your personal data. Also, where applicable, you have the right to rectify inaccuracies or errors, erase, restrict the processing, object to processing, and withdraw consent to processing of your personal data, and where applicable, the right to data portability of your personal data. VE will handle such requests in the time specified by applicable law and where permitted by applicable law, may charge a reasonable administrative fee to cover the costs of responding to any such request.
How can I exercise my rights or make complaints?
For data subjects within the EMEA region, please contact us as follows:
APT VISTA TRAVEL SERVICES Ltd
Attn: GDPR Officer
Address: 41 Mesogeion Ave
VE will respond to your requests to the email address or phone number that you have registered with us or we otherwise have on file for you or any other suitable method. Depending on your request, we may review the request with you and/or your Company to assist in resolving and responding to the request.
We are committed to working with you to obtain a fair resolution of any complaint or concern you may have about our use of your personal data. If, however, you believe that we have not been able to assist with your complaint or concern, you may have the right to make a complaint to the data protection authority in your country (if one exists in your country).