Basic information about the processing of personal information
|Data controller||Amadeus IT Group, S.A. (“Amadeus”)|
|Purpose of Personal Data Processing||To provide Traveler ID website to users. Traveler ID website is designed to provide information to users about TravelerID mobile application (”TravelerID App”), an app enabling users to create a certified digital identity and enroll to use facial recognition at boarding gate with Amadeus customers.|
|Legal Grounds for Processing||Consent.|
|Recipients of the Personal Data||Amadeus affiliates and third-party service providers.|
|Data subject’s rights||Under certain circumstances, you have rights to access, review and restrict processing of personal information as well as the right to lodge a complaint with a supervisory authority.|
Amadeus IT Group SA (“Amadeus”, “we” or “us”) is committed to protecting the privacy of the personal information (information that identifies you as an individual) it collects and processes from you and warrants it acts in compliance with applicable data protection legislation in its processing activities.
Who is collecting and processing the personal information?
Amadeus acts as the data controller and is responsible for collecting and processing your personal information collected through TravelerID website.
What personal information do we collect about you and for what purposes it is used?
TravelerID Website is designed to provide you information and updates about TravelerID App and services available on Traveler ID App.
If you want to receive e-mails with information, news and updates about Traveler ID App and related customer services, you will be able to provide your e-mail address through a sign-up box available on the Traveler ID website. You will have the option to unsubscribe from these e-mails at any time by clicking on the link available at the bottom of the e-mail.
We may also use your personal information collected through Traveler ID Website in aggregate format for research, analytical and statistical purposes, to improve our services and to identify products, solutions and services that might be of your interest on the basis of our business legitimate interests.
What is the legal basis for the processing of your personal information?
The legal basis for processing personal information collected through Traveler ID Website are consent and legitimate interest. Where personal information is processed based on our legitimate interest, the privacy impact on the individual whose data is being processed will be considered.
Who is your personal information shared with?
In addition, we may also disclose your personal information:
- To an affiliate or other third-party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including without limitation in connection with any bankruptcy or similar proceedings).
- If necessary:
- Under applicable law including laws outside your country of residence;
- To comply with legal processes;
- To respond to requests from public and government authorities including public and government authorities outside your country of residence;
- To enforce our terms and conditions;
- To protect our operations or those of any of our affiliates;
- To protect our rights, privacy, safety or property, and/or that of our affiliates, you or others; and
- To permit us to pursue available remedies or limit the damages that we may sustain.
Where such disclosures take place, Amadeus requires the appropriate technical and organizational security measures to be in place to protect personal information, and for personal information to be processed lawfully. Amadeus only allows affiliates and third-party service providers to use personal information for specified purposes and in accordance with Amadeus instructions. Any sharing of personal information using third party platforms would be governed by the terms of the third-party platform used.
- Finally, Amadeus may share your personal information in aggregated and anonymized form with third parties for analytical purposes.
Internal transfers of personal information
When Amadeus shares your personal information with its affiliates and third-party service providers who process your personal information on behalf of Amadeus, this may involve transferring personal information, including outside the EEA. When personal information is transferred to another country it will continue to receive adequate protection through contractual or other arrangements put in place with affiliates and third-party service providers. For transfers from the EEA to third countries outside of the EEA at least one of the following appropriate safeguards will be implemented:
- Personal information will be transferred to countries that have been deemed to provide an adequate level of protection for personal information by the European Commission.
- Standard data protection clauses approved by the European Commission which give personal information transferred the same protection it has in EEA.
- With affiliates and third-party service providers based in the US, Privacy Shield which gives personal information similar protection it has in EEA.
Further information on the appropriate safeguards used when transferring personal information outside the EEA can be requested through contacting firstname.lastname@example.org. When requesting this information, please make a reference to the transfer of personal information outside the EEA.
Security and integrity of personal information
Retention of personal information
Amadeus retains personal information for as long as necessary to fulfill the purposes it was collected for, including for the purposes of satisfying any legal, accounting, or reporting requirements. Please note that anytime you provide us with your details, we may specify the period of time that we intend to keep the data according to the specific purposes defined at the point of collection.
Data access and correction requests
If you would like to access, review, correct, update, or otherwise limit our use of your personal information (including deletion) that has been previously provided to us, including any other privacy related matters, you may contact us by email at email@example.com or write to our Chief Privacy Officer, via Amadeus IT Group SA, Calle Salvador de Madariaga 1, 28027 Madrid, Spain. For security reasons, we reserve the right to take steps to authenticate your identity before providing access to personal information. Amadeus may also be restricted from allowing access to, changing, or deleting some personal information.
Although Amadeus intends to carefully address any request and/or claim from you, as well as carefully process your personal information, you are entitled to file any claim or complaint before the relevant data protection authorities, if the answer provided by Amadeus does not meet your expectations.