mobilemenu

Trevolution Corporate Privacy Notice 

(for B2B clients located in EU/UK)  

About this Notice 

This Privacy Notice applies to the Travelers’ personal data provided by business (B2B) Clients of Trevolution Travels LLC, UAE (“TT”, “we”, “us”, “our”). 

This Privacy Notice supplements the Agreement concluded between the Client and TT on rendering travel services – TT sells airline tickets and renders other travel-related services on Clients’ request, assisting  Clients in organising business trips of Clients’ employees, guests and other related individuals. In case provisions of Agreement conflict with this Privacy Notice, this Privacy Notice shall prevail. 

Clients’ privacy is of significance to TT and we are committed to maximally avoid risky processing of Travelers’ personal data, as well as to process only as much data as it would be absolutely necessary for achievement of our purposes or providing services set in the Agreement.

Unless otherwise defined herein, terms defined in the Agreement shall have the same meaning as in this Privacy Notice. Wherever the context may require, any pronoun shall include the corresponding masculine, feminine and neuter forms. The definitions of terms herein shall apply equally to the singular and plural forms of the terms defined. The words “include”, “includes” and “including” shall be deemed to be followed by the phrase “without limitation”. 

Due to TT is in B2B (business-to-business) relationships with its Clients this Privacy Notice does not relate (except confidentiality rules) to the personal data of Client’s representatives, who acts on behalf and in the interests of the Client (legal person), except for verification, legal and AML purposes. 
 

What data do we collect? 

The amount and types of personal data depend on the context of the business relationship and Clients’ interaction with TT, the choices made by the Client and the products, services, and features Clients use. 

The personal data TT collects about Travelers can include the following:

Contact details: first, middle and last name, date of birth (as required), addresses, business email addresses, telephone, and other means of communication.

Verification details: TT can ask Clients to provide a copy of passport/ID of its representative or other relevant information to verify the authenticity of the Client. For example, we might request the Client to confirm the role and authorization level of the current Traveler (authorised to book and pay for services or not authorised, etc.).

Communication data and e-Evidence: email/chat communications, call records. Due to remote nature of our services, our main contact channels with Clients are emails/chats/calls/other electronic evidence. As a result, on the one hand, we want to be sure Clients received exactly those services they requested, but on the other hand, in case of disputes we must be able to protect, establish and exercise our legal claims, as well as comply with legal obligations. Another important purpose of communication data processing is preventing frauds and other illegal activities. “Other electronic evidence” might include IP address, user-agent, device settings, timestamps, meta data (log files etc.), which will ensure documenting of legal acts requested and/ or performed by TT and/ or Clients. 

Travelers’ data (mainly, it is necessary to book flights – airline requirements):   

  • Identification information, including first, middle, last name, date of birth, gender, citizenship; 
  • Contact details, including corporate email, phone etc.; 
  • Documents, including copies of passport, ID, immigration/ visa documents,   
  • Vaccinations and similar confirmations (only if necessary, so TT is able to render services requested by Clients under the Agreement); 
  • Additional info, including job title, authorisation level, personal preferences (e.g. flight times, lay overs, avio seats, flying habits, airline/ meal preferences, preferred hotels, car rental services etc.), purpose of trip (business trip, leasure, conference etc.)  

By sharing Travelers’ personal data Clients confirm that Travelers have been informed about processing of their personal data by TT in accordance with this Privacy Notice. Clients also confirm that they have obtained all necessary consents, as may be required by the laws and regulations applicable to Clients.
 

Why do we need personal data?

Conclusion and Performance of the Agreement (Main Purpose) :
TT primary purpose of personal data processing is to conclude and perform the Agreement – TT legitimate interest. First, we must verify and establish authorised communication with Clients, perform necessary legal authentication and register the new Client. Secondly, we must perform the Agreement and render Services on request of Clients. Thirdly, we must manage invoicing and payments – legal obligation of TT to have documented financial / tax reports.

Customer support :
Upon request of Travelers and Clients’ reps we might respond to requests, questions, or concerns – legitimate interest of TT. For example, Travelers might need assistance during and after reservation. 

Security, compliance and fraud prevention :
We process data the following purposes (letimitate interests of TT):

  • security, including preventing and timely identifying hacker’s attacks,
  • fraud prevention,
  • monitoring, identifying and fixing technical bugs and errors,
  • compliance with legal and regulatory requirements,
  • investigating of potential misconduct,
  • establishing, protecting and exercising legal claims.

Other activities, including surveys and marketing :

  • We might send to Clients
  • reminders to those who did not complete the onboarding;
  • invitations to participate in surveys, referral campaigns and TT’s internal events;
  • updates on our products;
  • amendments of the Agreement or this Privacy Notice;
  • TT newsletters and other marketing communication;
  • holidays greetings.

We might also use aggregated data for analytical, research and statistical purposes, as well as for UX/UI enhancement.

How do we share personal data?

Corporate affiliates and change of control. We may share personal data with our corporate affiliates and if TT itself (or part of its business) is sold or otherwise changes control, owners would have access to personal data for the uses set out herein. 

Service providers (processors). We may share personal data with suppliers who perform services on our behalf and have agreed in writing to protect and not further disclose personal data. 

Payment service providers and travel vendors. We may share Travelers’ data with the payment service providers, acquirer banks and the travel vendors Clients have booked with. This can include online travel agencies, hotels, airlines, car rental companies, and travel insurance providers. These third parties will process Travelers’ data in accordance with their own privacy policies (our Privacy Notice does not apply). If Clients contact our customer support, the latter may need to share information about Client’s request with the relevant travel vendor to assist Clients. 

Business partners. We may share data with various business partners. Some of these business partners may use personal data for fraud detection, including identifiers, contact data and network activity information, also to detect, prevent, or otherwise address fraud, security or technical issues. We may also ask our partners to create a survey, form, application, or questionnaire, so we know the degree of Clients’ satisfaction with our services. Some of these business partners may use data for online advertising purposes. We may also share personal data as otherwise described to Clients at the time of collection. We may also share aggregated usage information with partners. We enter into confidentiality and personal data processing terms with partners to ensure they comply with high levels of confidentiality and best practice in privacy and security standards and we regularly review these standards and practices.  

Trips shared by Clients. If Clients use or have itineraries as part of our Service, Clients can send or grant access to their itinerary to anyone they choose. The itinerary may contain enough details (for example, booking reference codes) to allow the recipient to cancel or modify your booking, perform a check-in, etc. Clients should only share their itinerary with people they trust.   

Information shared in public. If Clients provide us with a review of their trip, they authorize us to publish it on all our Platforms under the screen name they provided. Clients also authorize us to aggregate it with other reviews.  

Authorities. We may disclose Travelers’ data if required by law, for example to law enforcement or other authorities. This includes court orders, subpoenas and orders arising from legal processes, and administrative or criminal investigations.  

Transfers outside EU/UK: Clients’ personal data may be transferred outside the European Union (EU) or the United Kingdom (UK). When TT plans such transfers, it provides safeguards, so the level of Clients’ personal data protection is not undermined. Such transfers might take place in cases, if:  

  • we have to perform an Agreement;  
  • if travelers’ consented to the proposed transfer;  
  • transfer is based on an international agreement, such as a mutual legal assistance treaty, in force between the requesting third country and the EU/UK;  
  • transfer is based on adequacy decision made by the European Commission (e.g. the EU-U.S. Data Privacy Framework)/UK Government (e.g. the UK-US Data Bridge Regulations) or standard data protection clauses adopted by the relevant authority, e.g. when we share the data with associated companies located outside EU or UK or when we use data storage facilities of our partners operating in the USA under relevant safeguards; other cases may be applicable (you shall be informed prior to any such transfer). 

Where applicable, you can ask us for a copy of these contractual agreements using the contact details provided below.
 

Data security 

Subject to the applicable laws, we provide the necessary safeguards to maintain protections of Travelers’ data. We have procedures in place to prevent unauthorized access to and misuse of personal data.  

Our systems are configured with data encryption, or scrambling technologies and firewalls constructed to industry standards. We also use Secure Socket Layer (SSL) technology that protects personal data Clients send over the Internet. We limit access to personal data to those employees, agents, contractors and other service providers who have a business need to know. They will only process the data on our instructions, and they are subject to a duty of confidentiality. We have put in place procedures to deal with any security incident and will notify Clients and any applicable regulator of a breach where we are legally required to do so.

We use appropriate business systems and procedures to protect and safeguard information, including personal data. We also use security procedures and technical and physical restrictions for accessing and using the personal data on our servers. 
 

Data retention

We will retain personal data for as long as deemed necessary to manage the business relationship with Clients, to provide TT services and to comply with applicable laws (including those regarding document retention), resolve disputes or claims with any parties, and as otherwise necessary to allow us to conduct our business. 

All personal data we retain about Clients is subject to this Privacy Notice and our internal retention manuals. If you have questions about the specific retention periods for the various types of personal data we process, please get in touch using the contact details below.
 

Travelers’ rights

Travelers’ have the following rights:  

  • get a copy of their personal data (access rights) ; 
  • request to rectify incorrect data; 
  • based on applicable law request to delete data, except if we need to retain it for providing services on Clients’ request, complying with laws, preventing frauds, exercising/defending legal claims. 
  • withdraw the consent; the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal; 
  • Object processing; if objection relates to TT’s obligations under the Agreement, TT will inform the Client, so the Client, the traveller (complainant) and TT can resolve the objection request and at the same time TT will not suffer under the Agreement.  
  • Request to restrict processing (in accordance with requirements of applicable laws);
     

Examples of cases, where Clients’ interests under the Agreement might conflict with Travellers’ rights:  

  • the Client requested TT to organise tickets for the current Traveller; the Client shared personal data of the Traveller; TT searched for flights, booked seats with airlines and later issued invoice; at this point the Traveller contacts TT and requests delete or objects their data processing; in such cases TT will inform Clients and “freeze” further flight reservation, until the Client and the Traveller will agree on final workflow – keep organising the trip or delete data and cancel trip.
     

Due to the remote nature of our services, it is important for us to keep communicating through the same email (Verified Email), which was used by Clients during the Agreement conclusion. Verified Email is the key communication channel for us, so we can give quick answers and not divulge Travelers’ data to any malicious person. Travelers might also submit a request through the voice call, but still we must use the Verified Email to reply, due to law requirements and in order to protect our legal claims.  If Travelers submit their request through the authorised agent or by using third party service we will ask for additional verification by contacting the Traveler via Verified Email.

FEES and DENIALS: usually Travelers do not have to pay a fee to access (or to exercise any of the other rights). However, we may charge a reasonable fee if Traveler’s request is clearly unfounded, repetitive (more than twice in a 12-month period) or excessive. Alternatively, we could refuse to comply with Traveler’s request in these circumstances. We might also refuse to act on Traveler’s request, when we are not in a position to identify the Traveler and verify their request or the requested fee was not paid. We may need to request specific information from Travelers to help us confirm their identity. This is a security measure to ensure that personal data is not disclosed to unauthorised persons. 

Contact us 

In case of questions about this Privacy Notice or to exercise rights set here in, Travelers must contact us at corporate.privacy@trevolution.group   

Amendments of this Privacy Notice 

This Privacy Notice might change from time to time. In case of material changes, we will always contact Clients in advance. An example of this kind of change would be if we were to start processing your personal data for purposes that aren’t detailed above, which are not compatible with those set herein. 

Last updated on August 1, 2024