Travelliance Privacy Policy

Effective June 14, 2018

Travelliance is committed to protecting the privacy of our employees, our Customers, and their employees and guests. As part of this commitment, Travelliance has established a privacy program that demonstrates our due diligence to privacy laws.

1. Scope
Travelliance’s global privacy policy governs the principles and the practices that Travelliance follows with respect to the collection, use, sharing and securing of Personal Information processed by Travelliance, both internally with our employees and externally as to our Customer and those that use our service.

2. Definitions

  • Customer – A company who has entered into a business relationship with Travelliance for Travelliance to perform a service.
  • Individual – A person whose data Travelliance has processed, for example, an employee of Travelliance, an employee of a Customer or a guest of a Customer, or a person using a Travelliance website, service or tool.
  • PII – Personally Identifiable Information
  • Personal Information – Any data element or combination of data elements that enables the identification of an Individual, including, but not limited to, name, address, human resources data, personal health information, government identification such as social security number, name, biometric identifier, home address, driver’s license number, credit card number, or account number.
  • Processed – Personal Information that is in Travelliance’s possession or under its control.

3. Accountability
Travelliance, its employees, and contractors take responsibility for Personal Information in accordance with Travelliance policies and standards. Travelliance’s Chief Privacy Officer is responsible for defining the requirements of this policy and for ensuring compliance with its provisions. The Chief Information Security Officer is responsible for implementing and maintaining appropriate controls and measures to enable compliance. Travelliance shall make known, upon request, the identity of the Chief Privacy Officer and the Chief Information Security Officer.

Travelliance is liable for Personal Information it processes and for Personal Information Travelliance provides to contractors for processing. With respect to Personal Information that has been transferred to a contractor to be processed, contractual requirements are used to provide a comparable level of protection. Travelliance’s liability for a third party’s performance of its obligations is set forth in each agreement that Travelliance signs with its Customer, and Travelliance has potential liability for the performance of its services and obligations, including those related to protection of PII.

Our services also involve the transfer of data to third parties (for example, hotels, banks, 401k providers and tax agencies) as required by law or as instructed by the Customer. In these cases, Travelliance does not have a direct relationship with the third party and is not liable for the processing of data in their possession. These third parties have their own independent obligations with respect to the data, usually by operation of law or through contract.

Travelliance trains its employees with respect to its privacy policies and practices.

Travelliance’s employment records also contain PII with regards to our employees. Such data is handled and Processed as Personal Information by Travelliance.

4. Notice, Choice and Consent
Travelliance provides notice as to the purposes for which Personal Information is collected, used, retained, and disclosed. All employees are required to understand the purposes for which Personal Information is collected and used by Travelliance. All employees are required to understand the requirements behind the collection of Personal Information by Travelliance and the rights of Individuals with regards to that Personal Information.

In most cases, Customers are responsible for notification of purpose and for obtaining appropriate consent when they collect Personal Information and such Personal Information is transferred to Travelliance by Customers. Any such Personal Information received from Customers to be Processed shall be deemed to have been collected with appropriate notification. Travelliance assumes no responsibility for obtaining or validating that appropriate consent has been obtained in respect of data transferred to Travelliance by third parties or Customers.

In some cases, Travelliance collects Personal Information directly from the Individual, for example, when Individuals visit a Travelliance website, or when Individuals use certain confidential services of Travelliance. In these cases, Travelliance is responsible for obtaining appropriate consent, except where inappropriate or if the collection is required/permitted by law without consent. Where appropriate, Travelliance describes any choices available within the services to Individuals and obtains appropriate consent. Individuals who seek to vary or withdraw consent that has been obtained by Travelliance directly may do so in writing in the manner set out in the Enforcement Section of this policy. If an Individual decides that such Individual no longer wishes to receive commercial emails from Travelliance, such Individual can “opt-out” by clicking on the “unsubscribe” link provided at the bottom of every commercial email. Subject to legal or contractual restrictions, Travelliance shall abide by the withdrawal or variation of consent and shall advise the Individual of the consequences of a change in the scope of consent. In cases where consent has been obtained by the Customer, the Individual will be referred to the Customer. If an Individual has additional rights with regards to their data with regards to notice, choice, or consent, Travelliance shall comply with any data laws that allow for such rights of an Individual.

Unless required by law, neither Travelliance nor any of its employees shall use or disclose Personal Information for any purpose other than the purpose for which it was originally collected without first identifying and documenting the new purpose and obtaining the appropriate consent as required by law. Any questions with regards to compliance with this section shall be addressed to privacy@tvlinc.com

5. Collection and Use
Travelliance does not collect employee, Customer, or Individual data indiscriminately. Travelliance collects Personal Information of Customers and Individuals only for the purposes of providing and promoting the services we offer, and limits use to those purposes. Personal Information shall be collected by fair and lawful means, and not by misleading or deceiving Individuals about the purpose for which information is collected.

6. Retention and Disposal
Travelliance retains Personal Information only as long as necessary to fulfill the stated purposes or as legally required and thereafter appropriately disposes of such information. Travelliance specifies minimum and maximum retention periods for the various records containing Personal Information.

When Personal Information is no longer necessary or relevant for the identified purpose or to fulfill a legal or business requirement, it shall be securely destroyed. Travelliance will either physically or electronically erase the Personal Information or make it anonymous in a non-recoverable manner.

7. Access
Unless Travelliance is permitted or required by law to prohibit access, Travelliance makes Personal Information available for review and updating, either directly through the self-service feature in its products, by directing Individuals to the employer for access, or through an access request made to established contacts within Travelliance.

Where applicable, Individuals may contact Travelliance in the manner set out in the “Enforcement” section of this policy. Travelliance responds to requests within the time limit set out by the applicable privacy legislation and, if applicable, provides the Individual with an estimate of the cost associated with administering and responding to the request. Travelliance requires sufficient information to authenticate requests for access, deletion, or modification.

8. Sharing
Travelliance does not use or disclose Personal Information for purposes other than those for which it is collected, unless required by law. Each employee is responsible for understanding the potential for which Travelliance may disclose Personal Information of Employees, Customers and/or Individuals.

Travelliance may disclose Personal Information to the following third parties to fulfill the specified purposes:

  • Corporate Entities – In the event that Travelliance, or any portion of our assets, are acquired, sold, or transferred, Travelliance may disclose Personal Information with the company involved to complete the business transition.
  • Service Providers and Subsidiaries, Affiliates and Contractors – Travelliance may disclose Personal Information to service providers or to Travelliance’s subsidiaries, affiliates, and contractors to fulfill the services Travelliance offers. These services may include, among other things, providing products or services to an Individual or Customer on our behalf, creating or maintaining our databases, researching, and analyzing the usage and performance of our applications, preparing, and distributing communications, responding to inquiries, or as part of our processes.
  • Employer Designated Third Parties – As part of the services Travelliance delivers to employees, Travelliance transfers data to third parties such as banks, tax agencies, and benefit providers.
  • Legal Parties –In response to a legal inquiry, Travelliance may disclose Personal Information to law enforcement or the applicable party involved in the inquiry to fulfill the request. When required to provide information in response to a legal inquiry, Travelliance exercises reasonable caution to ensure that the order or request is valid and only legally required Personal Information is disclosed and that proper notice of such disclosure is provided.

If Travelliance or any employee has knowledge that a third party uses or discloses Personal Information in a manner inconsistent with this policy, Travelliance is required to take appropriate steps to prevent or stop the use or disclosure. Any such knowledge by an employee shall be communicated to privacy@tvlinc.com.

Travelliance does not sell any Personal Information to third parties for marketing or any other commercial purposes.

9. Cross Border Transfer
We do not represent or warrant that ours sites, or any part thereof, is appropriate or available for use in any particular jurisdiction. Those who choose to access a site do so on their own initiative and at their own risk, and are responsible for complying with all local laws, rules and regulations. We may limit a site’s availability, in whole or in part, to any person, geographic area or jurisdiction we choose, at any time and in our sole discretion. By using a site and submitting any Personal Information, you consent to the transfer of Personal Information to other countries which may provide a different level of data security than in your country of residence.

10. Safeguards
Travelliance has implemented policies, procedures, and practices to protect Personal Information. All employees are responsible for understanding and following these safeguards.

Travelliance protects Personal Information using recognized industry standard security safeguards appropriate to the sensitivity of the information. Travelliance reviews its security policies and procedures on a regular basis and updates them as needed to maintain their relevance. Travelliance makes reasonable security arrangements to protect Personal Information in its custody or under its control from and against risks, such as loss or theft, as well as unauthorized access, collection, use, disclosure, copying, modification, disposal, and destruction. The methods of protection include physical measures, organizational measures, and technological measures.

Travelliance requires all third parties to whom it may transfer Personal Information as required to perform its services, to maintain adequate security safeguards in compliance with applicable laws and standards to protect Personal Information.

11. Quality
In delivering services, Travelliance relies on Customers, Individuals, and our employees to supply Travelliance with accurate, complete, and up-to-date information that is relevant to Travelliance’s purpose in Processing such Personal Information. Individuals should review their records on a regular basis and make the appropriate updates or notify Travelliance or their employer of errors promptly. Travelliance makes reasonable efforts to maintain the integrity of the data within its products as necessary to fulfill the purposes for which the information is to be used.

Where Travelliance collects information outside of service delivery, Travelliance makes reasonable efforts to keep Personal Information as accurate, complete, and up-to-date as is necessary to fulfill the purposes for which the information is to be used. Travelliance provides a means for Individuals to update or correct the Personal Information Travelliance possesses.

12. Enforcement
Where appropriate, Individuals may request access, modification, deletion or otherwise with respect to Personal Information, and raise concerns or complaints regarding their Personal Information with Travelliance by sending a communication via email to: Privacy@tvlinc.com or by mailing it to:

Chief Privacy Officer
Travelliance
1900 E. Golf Road, Suite M-150
Schaumburg, IL 60173

All Travelliance employees shall be aware of the above locations to send such complaints or requests and provide same to any Individual that wishes to make any request with regards to Personal Information.

If an Individual files a complaint with regards to Personal Information, Travelliance will investigate the complaint and verify whether Travelliance is following this policy and Travelliance’s Privacy Policy. It is Travelliance’s practice to respond to the Individual within 45 days of receiving the complaint. If required to respond in a shorter time period by law, Travelliance will comply with such shorter time period. Travelliance will take all appropriate action to remedy any such issues. If the matter cannot be settled, Travelliance agrees to cooperate with the dispute resolution system set forth below.

If Individuals feel that their complaint was not satisfied, they may file a formal complaint, free of charge, with the regulatory bodies below.

  • In Canada, the Privacy Commissioner of Canada, or the Privacy Commissioner in the applicable province
    • Office of the Privacy Commissioner of Canada 30 Victoria Street Gatineau,
      Quebec K1A 1H3
      Phone: 1-800-282-1376
  • In the U.S., the Attorney General in the applicable State
  • In the E.U., the United Kingdom’s Information Commissioner’s Officer or their member state Data Protection Authority.
    • The Information Commissioner’s Office
      Wycliffe House, Water Lane
      Wilmslow-Cheshire SK9 5AF
      Phone +44 1625 545 745
      Email: registration@ico.org.uk

To contact the DPAs directly see http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm

  • In Switzerland, the Swiss Federal Data Protection and Information Commissioner Office of the Federal Data Protection and Information:
    • Commissioner FDPIC
      Feldeggweg 1
      CH – 3003 Berne
      Telephone: +41 (0)58 462 43 95
      Telefax: +41 (0)58 465 99 96
  • Regarding any Privacy complaints, grievances should be filed with the entities in the following order: Travelliance, the applicable EU Data Protection Authority,
    The Department of Commerce, then the FTC.

Travelliance will conduct periodic assessments to confirm the accuracy of this policy and verify its adherence to Travelliance’s Privacy Policy. In addition, Travelliance will deploy internal auditing measures to monitor its compliance with the Principles and to address all questions or complaints.

13. Questions
Questions or comments regarding this policy can be directed to Privacy services privacy@tvlinc.com

Reports of policy violations can be submitted to privacy@tvlinc.com or to your manager, HR or anonymously to the Chief Privacy Officer.