Travaplan Limited (hereinafter referred to as Travaplan, “we”, “us”, “our”) hereby agree to abide by Data Protection Legislation (as defined below). Travaplan operates an online platform consisting of a website and a mobile phone application (the “Platform”) that makes it easy for group travel organisers to plan, book and manage group trips. The platform includes search and selection features for flights, accommodation, car rental and activities along with a payment facility and trip private chat function.
We will handle your personal information in accordance with Data Protection Legislation. “Data Protection Legislation” means the Data Protection Acts 1988 to 2018 and any other applicable law or regulation relating to the processing of personal data and to privacy (including the E-Privacy Directive and the European Communities (Electronic Communications Networks and Services) (Privacy and Electronic Communications) Regulations 2011 (“E-Privacy Regulations”), as such legislation shall be supplemented, amended, revised or replaced from time to time, including by operation of the General Data Protection Regulation (EU) 2016/679 (“GDPR”) (and laws implementing or supplementing the GDPR, and laws amending or supplementing the E-Privacy Regulations).
Personal Information Collection
Travaplan may collect and use the following kinds of personal information in accordance with Data Protection Legislation for the purposes set out below (”Registration Data”):
- Information that you or your employer (as trip organiser) provide for the purpose of registering your details on the website/application, including information such as your name, e-mail address and your mobile phone number.
- Information entered in your travel profile relating to home airport, airline or hotel preferences etc.
- Information about trips managed via this application such as where you group is travelling to, what bookings were made and other details such as dates of travel.
- Information about your or your employer’s use of the website/application
We fully respect your right to privacy in relation to your interactions with our services and endeavour to be transparent in our dealings with you as to what information we will collect and how we will use your information. Also, we only collect and use individual’s information where we are legally entitled to do so. Information in relation to personal information collected by Irish entities is available on www.dataprotection.ie, the website of the Irish Data Protection Commissioner (“DPC”).
All the personal information that you or your employer provide to us must be accurate and up to date. You must inform us of changes to such information as soon as possible by contacting [email protected]
EXCEPT TO THE EXTENT CONTRARY TO LAW NEITHER TRAVAPLAN NOR ANY OF OUR DIRECTORS, OWNERS, EMPLOYEES, AFFILIATES, TRAVEL PARTNERS OR OTHER REPRESENTATIVES WILL BE LIABLE FOR ANY DIRECT OR INDIRECT LOSS OR DAMAGES ARISING OUT OF, OR IN CONNECTION WITH YOUR USE OF ANY INFORMATION, PRODUCTS, SERVICES AND/OR THE MATERIALS OFFERED THROUGH THIS PLATFORM, INCLUDING BUT NOT LIMITED TO LOSS OF DATA, INCOME, PROFIT OR OPPORTUNITY, LOSS OF OR DAMAGE TO PROPERTY AND/OR CLAIMS OF THIRD PARTIES, OR ANY INDIRECT OR CONSEQUENTIAL LOSS OR DAMAGES HOWSOEVER ARISING, EVEN IF TRAVAPLAN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH LOSS OR DAMAGE OR SUCH LOSS OR DAMAGES WERE REASONABLY FORESEEABLE.
Information About Others
Use, Disclosure and Retention of Personal Information.
Travaplan may use your personal information in accordance with Data Protection Legislation to:
- Set up and maintain your registration with the Travaplan application
- Communicate with you or your employer or the trip organiser
- Administer and manage this application.
- Personalize the application for you.
- Enable your access to and use of the application services and ensure the technical functionality and security of our services.
- Operate, develop and improve our services.
- Monitor and audit the services/internal audit performance.
We will not share your personal information with third party service providers without your consent, although you may receive messages from our sponsors, including business partners, suppliers, sub-contractors, advertisers and advertising networks who may request that you join in conversation with them in respect of their products/services.
Travaplan may occasionally run industry surveys on behalf of our partners. These surveys will be carried out on a permission basis only, with users invited to participate by email or via on-site invitation. There is no obligation to participate in these optional surveys. Users who do not wish to be considered for participation in such surveys can unsubscribe from receiving these invites at any time either via the application directly or by email to [email protected] You may also request that your personal information not be used for marketing purposes generally.
The details contained on your user profile will include your name, email address and/or mobile phone number. Your user profile can only be viewed by you and the other employees of your organisation who are registered for your trip(s). Where an individual from a different organisation is participating in any trip(s) you are participating in, that individual’s personal information will not be accessible to you and the individual will not be able to access your or any other participant’s personal information, although their personal information will be visible to other parties within their organisation. We will use your user profile so that you are recognisable on our database. We will use your email address to contact you from time to time and may also use it for security reasons to confirm that you are who you say you are.
A user may have all of their personal information changed or removed from the Travaplan database (other than in circumstances where Travaplan is required to retain your personal information in order to comply with legal obligations applicable to it and in which case Travaplan will retain such information for no longer than is necessary to achieve this purpose), by making a request that their name and/or details be changed or removed from the user list to Travaplan either via the application directly or by email to [email protected]
We may use the information collected automatically from your employer or through your usage of the Travaplan website/application, such as your IP address and information stored via cookies, to gather statistics about the number of people who visit Travaplan. We may share this information with third parties to help us improve the Travaplan user experience and/or to develop new products and services and improve on our existing services, and for the purposes of digital marketing (online, mobile and social media).
We will disclose your personally identifiable information if we believe we are required to do so by law for any reason including to prevent and investigate fraud or other misuse or to protect the rights and property of Travaplan or the public. We may also co- operate with law enforcement and credit reference agencies in any official investigation and we may disclose your personal information to the relevant agency or authority in doing so and in order to comply with any legal obligation which we may have and/or for the purposes of fraud protection and/or credit risk reduction.
Any personal information that you or your employer provide to us will be kept and stored for such period of time that we deem appropriate taking into account our obligations under all applicable data protection legislation.
Are There Cases Where We May Use Your Information To Contact You?
We may contact you:
- for administration reasons related to the service (e.g. to provide you with password reminders or to notify you that a particular service, activity or online content has been suspended for maintenance, or in response to a question that you ask us);
- to provide you with information about our service, activities or online content, including sending e-newsletters or similar correspondence and updates or responding to any contact you have made with us, e.g. on our website, by email or via the ‘Contact Travaplan’ facility referred to below;
- to invite you to participate in surveys about our services (participation is always voluntary).
What Rights Do You Have?
As a data subject, you have the following rights under Data Protection Legislation and we, as Data Controller in respect of Your Data, will comply with such rights in respect of Your Data:
- the right of access to personal information relating to you;
- the right to correct any mistakes in your personal information;
- the right to ask us to stop contacting you with direct marketing;
- rights in relation to automated decision taking;
- the right to restrict or prevent your personal information being processed;
- the right to have your personal information ported to another data controller;
- the right to erasure; and
- the right to complain to the DPC if you believe we have not handled your personal information in accordance with Data Protection Legislation.
These rights are explained in more detail below, but if you have any comments, concerns or complaints about our use of your personal information, please contact us (see ‘Contact Travaplan’ below). We will respond to any rights that you exercise within a month of receiving your request, unless the request is particularly complex or cumbersome, in which case we will respond within three months (we will inform you within the first month if it will take longer than one month for us to respond). Where a response is required from us within a particular time period pursuant to Data Protection Legislation, we will respond within that time period.
Right of Access to Personal Information Relating To You
You may ask to see what personal information we hold about you and be provided with:
- a summary of such personal information and the categories of personal information held;
- details of the purpose for which it is being or is to be processed;
- details of the recipients or classes of recipients to whom it is or may be disclosed, including if they are overseas and what protections are used for those oversea transfers;
- details of the period for which it is held or the criteria we use to determine how long it is held;
- details of your rights, including the rights to rectification, erasure, restriction or objection to the processing;
- any information available about the source of that data;
- where your personal information are transferred out of the EEA, what safeguards are in place.
Requests for your personal information must be made to us (see ‘Contact Travaplan’ below) specifying what personal information you need access to, and a copy of such request may be kept by us for our legitimate purposes in managing the service and our website. To help us find the information easily, please give us as much information as possible about the type of information you would like to see. If, to comply with your request, we would have to disclose information relating to or identifying another person, we may need to obtain the consent of that person, if possible. If we cannot obtain consent, we may need to withhold that information or edit the data to remove the identity of that person, if possible.
There are certain types of data which we are not obliged to disclose to you, which include personal information which records our intentions in relation to any negotiations with you where disclosure would be likely to prejudice those negotiations. We are also entitled to refuse a data access request from you where (i) such request is manifestly unfounded or excessive, in particular because of its repetitive character (in this case, if we decide to provide you with the personal information requested, we may charge you a reasonable fee to account for administrative costs of doing so), or (ii) we are entitled to do so pursuant to Data Protection Legislation.
Right to Update Your Personal Information or Correct Any Mistakes In Your Personal Information
You can require us to correct any mistakes in your personal information which we hold free of charge. If you would like to do this, please:
- email or write to us (see ‘Contact Travaplan’ below);
- let us have enough information to identify you (e.g. name, registration details); and
- let us know the information that is incorrect and what it should be replaced with.
If we are required to update your personal information, we will inform recipients to whom that personal information have been disclosed (if any), unless this proves impossible or has a disproportionate effort.
It is your responsibility that all of the personal information provided to us is accurate and complete. If any information you have given us changes, please let us know as soon as possible (see ‘Contact Travaplan’ below).
Right to Ask Us To Stop Contacting You With Direct Marketing
We have a legitimate interest to send you electronic communications in connection with the service and related matters (which may include but shall not be limited to newsletters, announcement of new features etc.). We may also ask you for your consent to send you direct marketing from time to time. We may also ask you different questions for different services, including competitions. We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them.
You can ask us to stop contacting you for direct marketing purposes. If you would like to do this, please:
- email or write to us (see ‘Contact Travaplan’ below). You can also click on the ‘unsubscribe’ button at the bottom of the electronic communication. It may take up to 15 days for this to take place; and
- let us know what method of contact you are not happy with if you are unhappy with certain ways of contacting you only (for example, you may be happy for us to contact you by email but not by telephone).
We will provide you with information on action taken on a request to stop direct marketing – this may be in the form of a response email confirming that you have ‘unsubscribed’. Unsubscribing from direct marketing does not unsubscribe you from essential electronic communications in respect of the administration of Your Account.
Rights In Relation To Automated Decision Taking (if applicable)
You may ask us to ensure that, if we are evaluating you, we don’t base any decisions solely on an automated process and have any decision reviewed by a member of staff. Profiling may occur in relation to your personal information for the purposes of targeted advertising and de-targeting you from specified advertising. This allows us to tailor our advertising to the appropriate customers and helps to minimise the risk of you receiving unwanted advertising. These rights will not apply in all circumstances, for example where the decision is (i) authorised or required by law, (ii) necessary for the performance of a contract between you and us, or (ii) is based on your explicit consent. In all cases, we will endeavour that steps have been taken to safeguard your interests.
Right to Restrict or Prevent Processing of Personal Information
In accordance with Data Protection Legislation, you may request that we stop processing your personal information temporarily if:
- you do not think that your personal information is accurate (but we will start processing again once we have checked and confirmed that it is accurate);
- the processing is unlawful but you do not want us to erase your personal information;
- we no longer need the personal information for our processing; or
- you have objected to processing because you believe that your interests should override the basis upon which we process your personal information.
If you exercise your right to restrict us from processing your personal information, we will continue to process the Personal information if:
- you consent to such processing;
- the processing is necessary for the exercise or defence of legal claims;
- the processing is necessary for the protection of the rights of other individuals or legal persons; or
- the processing is necessary for public interest reasons.
Right to Data Portability
In accordance with Data Protection Legislation, you may ask for an electronic copy of your personal information that you have provided to us and which we hold electronically, or for us to provide this directly to another party. This right only applies to personal information that you have provided to us – it does not extend to data generated by us. In addition, the right to data portability also only applies where:
- the processing is based on your consent or for the performance of a contract; and
- the processing is carried out by automated means.
Right to Erasure
In accordance with Data Protection Legislation, you can ask us (please see ‘Contact Travaplan’ below) to erase your personal information where:
- if you had given us consent to process your personal information, you withdraw that consent and we cannot otherwise legally process your personal information;
- you object to our processing and we do not have any legal basis for continuing to process your personal information;
- your personal information has been processed unlawfully or have not been erased when it should have been; or
- the personal information have to be erased to comply with law.
We may continue to process your personal information in certain circumstances in accordance with Data Protection Legislation (i.e. where we have a legal justification to continue to hold such personal information, such as it being within our legitimate business interest to do so (e.g. retaining evidence of billing information etc.). Where you have requested the erasure of your personal information, we will inform recipients to whom that personal information have been disclosed, unless this proves impossible or involves disproportionate effort. We will also inform you about those recipients if you request it.
Right to Complain to the DPC
Children and Travaplan
Children under the age of 16 should not use Travaplan without the consent of their parents/guardians and must not attempt to register with Travaplan and/or submit any personal information to us. Travaplan does not knowingly collect personal information from any person who is under the age of 16. If it comes to our attention that we have collected personal information from a person under the age of 16, we will delete this information as quickly as possible. If you have reason to believe that this has occurred, please contact us via the Contact Us page, and we will delete any such information.
We understand that certain trips will involve children under 16 and organisers will want them to join as users for this purpose. We ask that organisers of these trips communicate with the children through their parents or guardians rather than directly. We would also recommend that organisers of trips that include children make themselves aware of local child protection law in the country in which they’re operating.
Securing Your Data.
The security of personal information is important to us. We restrict access to personal information to employees, contractors and agents who need to know such personal information in order to operate, develop or improve our services. We do our utmost to protect the privacy of your personal information through the appropriate use of security technology. We ensure that we have appropriate physical and technological security measures to protect your information; and we ensure that, when we outsource any processes, the service provider has appropriate security measures in place.
Unfortunately, the transmission of information via the internet is not completely secure. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. We are not responsible for any delays, delivery failures, or any other loss or damage resulting from (i) the transfer of data over communications networks and facilities, including the internet, or (ii) any delay or delivery failure on the part of any other service provider, and you acknowledge that the delivery of our services may be subject to limitations, delays and other problems inherent in the use of such communications facilities. You will appreciate that it is not for us to perfectly secure your personal information from cyber-attacks, such as hacking, spyware and viruses. Accordingly, you will not hold us liable for any unauthorized disclosure, loss or destruction of your personal information arising from such risks. Although we will do our best to protect personal information about you, we cannot guarantee the security of your information transmitted to us, and any transmission is at your own risk.
Our website also contains hyperlinks to websites owned and operated by third parties. These third party websites have their own privacy policies, including cookies. We do not accept any responsibility or liability for the privacy practices of such third party websites and your use of such websites is at your own risk. We recommend that you review the privacy statement and cookies policy of each website you visit, to determine how that particular website protects your privacy.
Cookies and Device Identification
EU Cookie Directive – Web legislation Notification
The EU cookie directive notice appears on the Travaplan site to inform EU members that Travaplan stores cookies on your computer. We operate an implied consent approach, whereby we inform users that we are using cookies and if they continue to use Travaplan, they are giving their consent for us to store cookies on their machine. If they do not wish to have cookies stored on their machine, we cannot guarantee all aspects of our application will work as designed.
What is a cookie?
A cookie is a small text file that is placed on your device by a web server which enables a website and/or mobile app to recognise repeat users, facilitate the user’s ongoing access to and use of a website and/or mobile app and allows the website and/or mobile app to track usage behaviour and compile aggregate data that will allow content improvements and targeted advertising. We collate information on in relation to our service, which is represented in aggregate format through cookies. They help us to improve our service and to deliver many of the functions that make your browser experience more user friendly.
You can find a list of cookies we use and the purposes for which we use them in the tables below.
First party cookies
Travaplan does not create first party cookies.
Third party cookies
|cloudflare||These are used to speed up the loading of website content.||Controlled by the third party|
|rawgit||These are used to speed up the loading of website content.||Controlled by the third party.|
|Google Analytics||Used to monitor how the application is being used in order to improve the user experience||Varies from seconds to years depending on the cookie type.|
You should also be aware that there are cookies which are found in other companies’ internet tools which we may use to enhance the website. You may see ‘social buttons’ during your use of the website, including but not limited to Twitter, YouTube and Facebook, which enable you to share or bookmark certain web pages. These websites and social platforms have their own cookies and privacy practices, which are controlled by them.
What is device identification?
Device Identification is a technology that identifies devices by collecting information from the browser on the device, such as the browser version, operating system, IP address, installed fonts, time zone and more. These pieces of information are used to uniquely identify a device. This process does not use any personal information. The device ID generated through the device identification process may be stored in a cookie.
How to delete and block our cookies?
The ‘Help Menu’ on the menu bar of most browsers will tell you how to prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie and how to disable cookies altogether. You can also disable or delete similar data used by browser add-ons, such as flash cookies, by changing the add-on’s settings or visiting the website of its manufacturer.
Can I withdraw my consent to storage of Travaplan cookies?
If you do not wish to have Travaplan cookies stored on your machine, you will need to delete your cookies using your internet browser settings. For further information about deleting or blocking cookies, please visit: http://www.aboutcookies.org/Default.aspx?page=2.
Cross-Border Data Transfers
Travaplan operates under the jurisdiction of the DPC. The Data Protection laws of Ireland may be different to the national laws of Travaplan users outside of the Republic of Ireland.
Retention of Personal Information
Your personal information will be kept and stored for such period of time as we deem necessary taking into account the purpose for which it was collected in the first instance. This may include retaining your personal information as necessary to administer your account, comply with our legal obligations, to resolve disputes, to enforce our agreements, to support business operations, and to continue to develop and improve our services.
Where we retain information for service/website improvement and development, we take steps to eliminate information that directly identifies you, and we only use the information to uncover collective insights about the use of our service/website, not to specifically analyze personal characteristics about you.
If your personal information contains any material which may reasonably be deemed to be offensive, inappropriate or objectionable or otherwise engage in any disruptive behaviour in relation to our services, we may remove such content and/or suspend the use of your account. We may also remove any such material from any of our social media pages.
Where we reasonably believe that you are or may be in breach of any applicable laws, for example on hate speech, we may disclose your personal information to relevant third parties, including to law enforcement agencies or your internet provider. We would only do so in circumstances where such disclosure is permitted under applicable laws, including Data Protection Legislation.
We will notify serious data breaches in respect of your personal information to the DPC without undue delay, and where feasible, not later than 72 hours after having become aware of same. If notification is not made after 72 hours, we will record a reasoned justification for the delay; however, it is not necessary to notify the DPC where the personal information breach is unlikely to result in a risk to the rights and freedoms of natural persons. A personal information breach in this context means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal information transmitted, stored or otherwise processed.
We will keep a record of any data breaches, including their effects and the remedial action taken, and will notify you of any data breach affecting your personal information (which poses a high risk to you) when we are required to do so under Data Protection Legislation. We will not be required to notify you of a data breach where:
- we have implemented appropriate technical and organisational measures that render the personal information unintelligible to anyone not authorised to access it, such as encryption; or
- we have taken subsequent measures which ensure that the high risk to data subjects is not likely to materialise; or
- it would involve disproportionate effort, in which case we may make a public communication instead.
By email to [email protected] or
By post to, 43 Dundela Park Sandymount, Co Dublin. Ireland
We will endeavour to deal with any questions or complaints raised within 10 working days.
You have the right under Data Protection Legislation, to access the information we hold about you. If you would like to obtain a copy of the personal information we hold on you, or have any queries regarding the Company’s use of personal information, please contact us by submitting a request to us in writing to Data Access Requests to the address above.
Waiver and Severability