GDPR AND YOUR PRIVACY

LUXE Travel Management, A FROSCH Company, (“LUXE Travel”, "LTM", “we”, “our”, or “us”) is committed to safeguard our customers and employees integrity. This Privacy Notice is a description of what processing of personal data is done and what measures are in place to secure that the processing is according to the individuals rights and freedoms. By accessing or using our site(s) and/or products and services you signify that you have read, understood and agree to our collection, storage, use and disclosure of your information as described in this Privacy Notice.

LUXE Travel Management (LTM) GOES GDPR
”For your sake”

For Luxe Travel Management (LTM) to ensure that we care about your personal integrity, we have:

  • Updated all Terms and Conditions

  • Updated our Privacy policy

  • Trained our staff

  • Making all our suppliers and partners contractually aware

  • Seeing to that all our processing is compliant

  • Seeing to that all our applications are designed with your privacy in mind

  • Deploying functionality so that you can exercise your privacy rights

  • Transparent in how and why we process your personal data

How Do We Use the Information We Collect?

THE TRAVELER
Purpose

Processing of personal data when traveling with LTM

  • For LTM to be able to provide you with the services set in the Terms & Conditions for LTM, LTM will have to process your personal data. The processing is done by LTM, partners, authorities and suppliers of services – all with the objective to give you the service that you expect.

Processing of personal data at LTM

  • All processing is based upon a common standard with the airline industry, the Passenger Name Record (PNR). Can also be called Booking Reference Number. The PNR is stored at LTM for the following reasons:

    • To fulfill the travel contract with you

    • To be able to handle any complaints that you might have

    • To be able for LTM to evaluate and improve the products and services

    • Minors; LTM is not processing data about minors for any other purpose than travel

After you have traveled, the PNR will be made into a pseudonym for further processing, but for handling any complaints that you might have.

Legal ground

Under the jurisdiction, LTM may process your data for the following reasons:

  • Fulfillment of contract - so that you will arrive at your destination safely

  • Legitimate interest – for analysis for enhancements of LTM services

  • Regulations concerning Airline operations

  • Regulations set by authorities

The data processed

The data processed is according to the ARC/IATA standard PNR

LTM deletes passport number, if applicable, after you have completed your travel.

Data transfers

LTM is dependent on a number of sub-contractors that ensures that the services you have purchased are delivered according to expectations. The suppliers, partners and authorities are processing your personal data and subject to a Data protection agreement (DPA) or Data Exchange agreement (DEA). The agreements stipulates that your personal data can only be used in association to your consumption or the services purchased. LTM works with the following types of contractors handling your personal data:

  • Airports

  • Travel agents

  • Lounge suppliers

  • IT service suppliers

  • Outsourced online Booking engines and QC

  • Service providers supporting your travel (e.g. Call centers)

  • Service providers supporting irregularities (e.g. hotels, transport companies, goods delivering companies)

  • Authorities

Location of your personal data by LTM subcontractors

The locations where LTM is storing your personal data are:

  • Texas

  • California

  • Florida

  • England (UK)

  • Illinois

Global distribution systems (GDS)

LTM inventory (available flights and seats) is accessible for Travel agents all over the world through a number of GDS (e.g. Amadeus, Travelport, Sabre). This means that you can purchase or change a ticket with LTM at more than one of our travel agency offices in the world. When you book a ticket with LTM, a PNR is created with your personal data. The GDS can be seen as and is a marketplace for airline tickets hotels and car rental, and consequently the GDS is subject to GDPR and as a Processor of your personal data responsible for handling according to law. However, this also means your personal data can be processed worldwide by an airline direct or our after-hour service provider if you want to make changes in your travel plan.

Partner Airlines & interlining

LTM cooperates with a series of partner airlines (StarAlliance, Oneworld and Star) that simplifies your travel. These partner airlines help LTM deliver services to the passenger by offering parts of a trip to a destination where one particular airlines does not travel. In order for the delivery of service to be completed, the PNR is sent to the partner airline.

Authorities

Some countries require LTM to send a passenger list to them before departure (e.g. USA, China). This is mandatory and if this is not done you will not be admitted in to the country.

PROFILE ACCOUNT HOLDER

The purpose of being an “LTM profile account holder” is to facilitate travel with LTM. LTM digital services are made available for you (e.g. travel history, pre filled booking dialogue). You can also choose to get personalized offers that are tailored towards your preferences.

Legal ground

Under the jurisdiction LTM may process your data for the following reasons:

  • Fulfillment of contract – LTM and you have entered an agreement as a profile account holder and we are determined to full fill our end by providing services in accordance to your preferences and expectations

  • Consent - you can opt-in or opt-out in getting personalized offers

The data processed

  • Name, email

  • Flight details (Flown information)

  • Ancillary information (extra services purchased)

If you give consent to further processing:

  • Analyze data with the purpose of determining buying behavior and preferences

  • Analyzing data from 3rd party processors (Mosaic, Google and Signature analytics) and creating scoring models

  • Personalized marketing based on information given to LTM by profile account holder

Data transfers

There are no data transfers of your Profile Account information

CORPORATE TRAVEL

LTM has agreements with other companies in regards of providing travel services to our clients. Our agreements may give a company reduced price or extra services. The Corporate traveler is identified by a DK code that is associated to the agreement. The company typically wants to know who has traveled, where, when and what services has been purchased. This information is transferred from LTM to the company regularly. The company provides LTM with your personal data as an employee.

Legal ground

LTM and the company has an agreement which regulates the processing of personal data.

Data processed

Profile Information:

  • Name, email, phone Travel Information:

  • Flight details (Flown information)

  • Ancillary information (extra services purchased)

PROCESSING OF SENSITIVE DATA

The legislation states:

“Personal data which are, by their nature, particularly sensitive in relation to fundamental rights and freedoms merit specific protection as the context of their processing could create significant risks to the fundamental rights and freedoms. Those personal data should include personal data revealing racial or ethnic origin, whereby the use of the term ‘racial origin’ in this Regulation does not imply an acceptance by the Union of theories which attempt to determine the existence of separate human races.

Purpose

LTM processed sensitive data in order to be able to cater for all passengers correctly. Since this information is necessary through out your travel, the information is transferred to 3rd parties so that the delivery of service is according to your need. Depending upon where you travel, the information can be transferred to a country outside of the EU. The data set is called Special Service Request information (SSR). SSR information is is an ARC/IATA standard and is used throughout the airline industry. The services that LTM provides that requires sensitive data are:

  • Need of wheel chair, stretcher or bed in cabin, at the airport and/or on the flight

  • Illness and fit for travel

  • If you have a disability and need to be accompanied by guide dog or staff

  • Different kind of meals depending upon religious beliefs or illness

  • If you are traveling incognito

  • If you are in custody

  • If you are a deportee

Legal ground

Under the jurisdiction LTM may process your data for the following reasons:

  • Fulfillment of contract - so that you will get the service needed

  • The information of your need is given to us by you

  • Regulations concerning Airline operations

  • Regulations set by authorities

Data processed

The following data is processed and associated to the passenger:

Description

  • Blind, specify whether or not accompanied by guide dog

  • Diabetic meal

  • Deaf, specify if accompanied by a guide dog

  • Deportee, accompanied by an escort

  • Deportee, unaccompanied

  • Disabled passenger with intellectual or development disability needing assistance

  • Passenger with emotional support/psychiatric assistance or animal in cabin

  • Gluten intolerant meal

  • Hindu meal

  • Kosher meal

  • Muslim meal

  • Medical case. Can be used for disabled passengers needing special attention. Follow IATA MEDA procedure.

  • Name - when airline holds reservation under a different name

  • Passenger in custody, accompanied

  • Passenger in custody, unaccompanied

  • Stretcher passenger

  • Wheelchair - dry cell battery

  • Wheelchair - wet cell battery

  • Wheelchair - all the way to seat

  • Wheelchair - for ramp

  • Wheelchair - up and down steps

  • Wheelchair - on board

COOKIES

LTM may use cookies to enhance your browsing experience on our LTM website and applications.

What is a cookie?

A ‘cookie’ is a small text file containing information which is stored on your computer or mobile device. Cookies are only used for technical reasons and to facilitate your use of LTM website, Concur or Cvent application. One type of cookie will save a file permanently on your computer. It can thereafter be used to customise these sites based on the user’s choices and interests. Another common type of cookie is the “session cookie”. When you visit a website or application, session cookies are sent between your computer and the server to collect information. Session cookies are not saved once you close your web browser. For more information about how cookies work, please be referred to www.allaboutcookies.org.

The cookies that LTM uses on this website are:

  • Market selector (Country and Language) information for routing the users to recently visited domain, if not mentioned explicitly

  • Default values for Complex event processing (CEP) based on the last search or market

  • Logged in user session ID for single sign on

  • Business data like booking flow for redirection's and functional back scenarios on corporate booking engines

  • We are continuously working to improve luxetm.com and our LTM application. In order to do this, we use tools like Google Analytics and Adobe Analytics to analyse our users’ behaviour.

  • To access all of this site's functionality, your browser settings should be set to allow JavaScript. If you have JavaScript turned off, you will be offered a modified version of the LTM website. The browser settings are often found under Internet Options in your browser.

Concur Online Booking engine

First and third-party cookies. We use first and third-party cookies on our Channels. Whether a cookie is 'first' or 'third' party refers to the domain placing the cookie. First-party cookies are those set by a website that you are visiting at the time (e.g., cookies placed by the SAP Concur French website while visiting that website). Certain cookies are set by a domain other than that of the website you are currently visiting. If you visit a website and another entity sets its cookie or reads its cookie through that website, this would be a third-party cookie (e.g., cookies placed by Google while visiting the SAP Concur UK website).

Persistent and session cookies. We use persistent cookies and session cookies on our Channels. Persistent cookies remain on your Device for the period of time specified in the cookie. They can remain on your Device after you visit the website that set them and can be read the next time that you visit the website that created that specific cookie or visit another website with a beacon from the website that dropped the cookie. Persistent cookies can remain after you end a browser session. A browser session starts when you open a browser window and finishes when you close the browser window. Session cookies allow us to link your actions during a browser session. Session cookies are created temporarily. Once you close the browser, session cookies are typically deleted.

Cvent Group Registratiom Site

We use cookies or similar automatic data collection technologies as individuals interact with our Applications to collect certain information about their equipment, browsing actions and patterns, including: Details of your visits to our Applications, such as the date and time you access our Applications, length of time you spend on our Applications, websites you visited before or after our Applications, the resources and content that you access and use on the Applications. Information about your computer and internet connection, such as your IP Address, computer type, screen resolution, language, Internet browser type and version.

Uncertainty of compliance

Please note that it is not certain that the current, ’passive consent’ solution used on the LTM website will remain legally compliant. The legal situation is thus currently unclear, but we estimate that the ePrivacy Regulation will in some form enter into force during the present year.

RIGHT TO ACCESS

If you are interested in what data LTM stores, you can request an excerpt. The amount of work associated to each request is large. Under GDPR you may request one copy free of charge, and further requests are subject to an administrative fee. We will provide you with an excerpt no later than 30 days after you have registered for an excerpt.

How does LTM identify you

LTM does not store passport number, social security number or any other number that is uniquely associated to you. This means that the only way for you to identify yourself is through a profile or active PNR, Concur and Cvent online booking account and by logging in we can provide you with all the information.

LTM will search for information associated to name, e- mail and telephone number. All three of the search criteria will have to associated to the information given in an excerpt.

Login to your profile

If you are a Concur account but do not have a login, please visit the website or call: 949-336-1000

Minors (Under 18 years of age)

If you are under 18 years of age, then LTM does not process any personal information for any other purpose than for your specific travel. Your data is only kept for handling of complaints.

Description of the data that will be provided to you as a Traveler

  • Name, email, phone, address

  • Flight details (Flown information)

  • Booking details (bookings available)

  • Ancillary information (extra services purchased)

  • Customer Care, Cases identified for the 3 search criteria

Description of the data that will be provided to you as a LUXE Travel client,

Profile Information:

  • Name, email, phone, address, etc.

  • Subscription and Consent information from mailers

Travel Information:

  • Flight details (Flown information)

  • Booking details (bookings available)

  • Ancillary information (extra services purchased) Campaign details

  • Delivery and Tracking logs

Customer Care

  • Cases identified for the profile

Right to Access

If you want an excerpt of the information we have about you, please call: 949-336-1000

RIGHT TO BE FORGOTTEN

Background

As a data subject you have the right to ask LTM to delete all information we have about you. It will take LTM up to 30 days to ensure that all the data is deleted. However, there are some inconveniences and information LTM will not delete.

Inconveniences

  • As a profile Account member the digital services LTM provides will not be available

  • As a customer. The agreement can be between LTM and your company. This means that deletion is not just up to you, but also your employer.

Information that is not being deleted

  • The legal ground for not deleting your PNR data is Regulation EC 261/2004 of the European Parliament and of the Council of the European Union. Keeping this data will enable you to enforce this legislation if you choose to.

  • The activities done by a passage that qualifies under ICAO Resolution “A33-4 adoption of national legislation on certain offences committed on board civil aircraft (unruly/disruptive passengers)”

  • The legal ground for not deleting your PNR data is Legitimate Interest from a fraud prevention perspective.

SAFEGUARDS & GOVERNANCE

LTM Data Protection Ambassador

LTM has appointed a Data Protection Ambassador. The Data Protection Ambassador is an expert in data protection and reports to the highest management level. The role has the responsibility to secure that LTM is compliant with data protection legislation by:

  • Monitoring internal compliance

  • Informing and advising on LTM data protection obligations

  • Act as a contact point for data subjects and the supervisory authority

  • Report to authorities if LTM is breached

Information and training

LTM staff is trained and informed about Data privacy and the commitments we are given to our customers. LTM subcontractors and partners are informed and aware that LTM takes the responsibility to process data about seriously.

Governance and compliance to GDPR

LTM has appointed a Data Protection Ambassador and through out the organization appointed other Data Protection Ambassadors. This team has the responsibility to assess and secure that your personal data is processed according to law and that the processing of personal data is done with without risk.

Personal Data Breach Notification

LTM will inform you and the authorities if your data is breached.

Data protection agreements

All LTM “Processors” that are processing personal data are subject to a Data Protection Agreement

Data exchange agreements

All LTM partners acting as “Processors ” are subject to a Data Exchange Agreement

Information security

LTM works continuously with improving information security. The work is done according to the ISO 27001 standard.

Effective Date:  25 May 2018 ©LUXE Travel Management, All rights reserved.

2017 LUXE Travel® Management corporate website re-design by Shari Mogren, Marketing Coordinator for LUXE Travel Management. Email: smogren@luxetm.com.