This legal notice applies to the entire contents of the Travaplan group travel management platform, which consists of this website and a mobile phone application, for the purpose of facilitating bookings of certain travel services (the “Platform”). Please take some time to read these Terms and Conditions of Use (“Terms of Use”) carefully. Registering for an account on our website or any mobile application, activation or use of your account or accepting these Terms of Use indicates that you have reviewed these Terms of Use and have agreed to be bound by them. You will be required to expressly accept these Terms of Use and our privacy policy before first accessing (or before continuing to access) our service through your account.  If you choose to accept these Terms of Use, we will keep a record of your acceptance in this regard. If you do not agree with these Terms of Use, you must not accept these Terms of Use and may not use the Platform.

If you are entering into these Terms of Use on behalf of a company or other legal entity, you represent that you have the authority to bind such entity and its affiliates to these Terms of Use, in which case the terms “you” or “your” shall refer to such entity and its’ affiliates. Please note that, where you sign up to these Terms of Use on behalf of individuals within your organisation or other persons or arrange for individuals within your organisation or other persons to sign up to the Terms of Use, you are acting as the Data Controller and we are Data Processor for these purposes and in respect of all Personal Data provided and we will act only on your instructions as Data Controller in respect of all such Personal Data.

If you are a User and have signed up to the Terms of Use through your employer or any trip organiser, then you should refer any queries, complaints or issues you may have in relation to your Personal Data directly to your employer or the Trip Organiser as Data Controller. As a User, you will be required to comply with these Terms of Use, with the exception of Appendix 1 of these Terms of Use, which does not apply to you

For the purposes of these Terms of Use, the following terms shall have the following meanings:-

“Data Controller” as defined in Data Protection Legislation 

“Data Processor” as defined in Data Protection Legislation

“Data Protection Legislation” means the Irish Data Protection Acts 1988 to 2018, any other applicable law or regulation relating to the processing of personal data and to privacy (including the E-Privacy Directive and the European Communities (Electronic Communications Networks and Services) (Privacy and Electronic Communications) Regulations 2011 (“E-Privacy Regulations”), as such legislation shall be supplemented, amended, revised or replaced from time to time, including by operation of the General Data Protection Regulation (EU) 2016/679 (“GDPR”) (and laws implementing or supplementing the GDPR, and laws amending or supplementing the E-Privacy Regulations).

“Personal Data” as defined in Data Protection Legislation

“Users” all travellers participating in trips booked through the Platform.

The Platform is powered by technology owned by Travaplan Limited and allows you to use this technology to search, discuss and book flights, accommodation, vehicle rental services and activities, as well as manage payments between travellers and store trip related photographs. By accepting the Terms of Use and/or using any part of this Platform, you agree to conduct your use of this Platform and the technology supporting it and provided on this Platform in accordance with the Terms of Use and that the Terms of Use are an agreement between Travaplan and you.

Travaplan may revise this legal notice at any time by updating this posting. You should check the Platform terms from time to time to review the then current legal notice, because it is binding on you. Certain provisions of this legal notice may be superseded by expressly designated legal notices or terms located on particular pages on the Platform/website.

Information about us.

This site is operated by Travaplan Limited an Irish registered company trading as Travaplan. We are registered in Ireland under company number 583599 and have our registered office at 43 Dundela Park, Sandycove, Co Dublin, Ireland. Our VAT number is IE3422821BH. You can contact us by email at [email protected]

Travaplan facilitates bookings for a variety of travel related services. Travaplan provides introductory services and does not own or operate any of the travel related companies. Your contract for services will be between you and the relevant service provider(s).  The terms and conditions of the contract between you and the relevant service provider(s) are available to you once you click through (leave the Travaplan application to go to the booking sites website(s)) to make a booking. Travaplan makes no warranty or representation in relation to any services purchased from third party service providers via the introduction process.

Fees and Charges

Use of the Platform is provided free of charge to the following:

  • Trip organisers/planners who are not charging for their services and who are Data Controllers for the purposes of Data Protection Legislation
  • All Users

If you are intending to use this Platform for uses other than those listed above you must contact Travaplan before starting to invite others to join and use the Platform.

Where Users/trip organisers use Stripe or any similar trip booking/payment facility accessed through the Travaplan website to process payments connected with any trip booked through the Travaplan site, Travaplan may charge a non-refundable administration fee of up to 2% as a percentage of such payments. It is the responsibility of the service provider to process your reservation/booking correctly. We will notify you if there are any other fees, charges or commissions payable to Travaplan at a future date in connection with the use of the Platform (including any introductory service fees) and we reserve the right to apply such fees, charges and/or commissions in the future.

Your Responsibilities

As Data Controller you will (a) comply with the terms of the Data Protection Appendix attached to these Terms of Use which governs the relationship between us as Data Processor and You as Data Controller in respect of the User Uploaded Data (b) be responsible for Users’ compliance with these Terms of Use, (c) be responsible for the accuracy, quality and legality of User Uploaded Data (as defined below) and the means by which You acquired User Uploaded Data, (d) use commercially reasonable efforts to prevent unauthorized access to or use of services and content, and notify Travaplan promptly of any such unauthorized access or use, (e) use services and content only in accordance with these Terms of Use and applicable laws and government regulations. You will not (a) make any service or content available to, or use any service or content for the benefit of, anyone other than You or Users, unless expressly permitted by us, (b) sell, resell, license, sublicense, distribute, make available, rent or lease any service or content, or include any service or content in a service bureau or outsourcing offering, (c) use our service to store or transmit infringing, libelous, or otherwise unlawful or tortious material, or to store or transmit material in violation of third-party privacy rights, (d) use our service to store or transmit Malicious Code (as defined below), (e) interfere with or disrupt the integrity or performance of any service or third-party data contained therein, (f) attempt to gain unauthorized access to any service or content or its related systems or networks, (g) permit direct or indirect access to or use of any service or content in a way that circumvents a contractual usage limit, or use any of our services to access or use any of our intellectual property except as permitted under these Terms of Use, (h) copy a service or any part, feature, function or user interface thereof, (i) copy content except as permitted herein, (j) frame or mirror any part of any service or content, other than framing on Your own intranets or otherwise for Your own internal business purposes or as permitted under these Terms of Use, (k) access any service or content in order to build a competitive product or service or to benchmark with any product or service, or (l) reverse engineer any service. Any use of the services in breach of these Terms of Use, by You or Users that in our judgment threatens the security, integrity or availability of our services, may result in our immediate suspension of the services, however We will use commercially reasonable efforts under the circumstances to provide You with notice and an opportunity to remedy such violation or threat prior to such suspension.

User Uploaded Data” is data (which may include personal information) uploaded by you or others  through your account with us, and may be any information, data or materials provided or utilized by you or others in connection with the services, including, without limitation, user credentials, and any data contained in your or others’ websites, applications or in tests created by you or a party authorized by you in connection with the service, and/or any personal information provided by you during a support request, and/or actual tests you run, their text logs, video logs etc. Travaplan is a Data Processor in respect of the User Uploaded Data. User Uploaded Data includes any personal information of your employees and/or other individuals who provide their personal information to you (as trip organiser) in connection with the organisation of any trip utilising our services. You are Data Controller in respect of all such User Uploaded Data. We shall process all such User Uploaded Data (to the extent that this may be required in connection with the service), only in accordance with your instructions and as set out in this Terms of Use.

“Malicious Code” includes but not restricted to code, files, scripts, agents or programs intended to do harm or any unlawful activities, including, for example, viruses, worms, time bombs and Trojan horses.

Liability

In the event of a dispute between Travaplan and you, our liability to you, if any, is limited to the amount of the fees (if any) set out under the heading Fees and Charges above and paid by you when making the booking.

Travaplan hereby excludes to the fullest extent permitted by law any warranties (whether express or implied), as to the quality, completeness, performance or fitness for a particular purpose of (i) any service ordered using this Platform and (ii) this Platform and any of its contents, including, but not limited to, any information relating to the service to be provided contained within this Platform and the technology supporting and provided on this Platform. Travaplan reserves the right to make alterations to the Platform at any time. The information on this Platform is updated from time to time. By using this Platform you acknowledge that the details and all other information including, but not limited to, information relating to travel, holidays, accommodation, car rental and other related services published on this Platform may include inaccuracies or typographical errors.

We will not be liable for any loss or damage caused by a virus, distributed denial-of-service attack, or other technologically harmful material that may infect your computer or mobile equipment, computer programs, data or other proprietary material due to your use of the Platform or to your downloading of any content on it, or on any website linked to it.

The Platform contains hyperlinks or references to third party service providers’ websites. Such hyperlinks or references are provided for your convenience only and we have no control over third party websites and accept no legal responsibility for any content, material or information contained in them. The display of any hyperlink and reference to any third party service provider’s website does not mean that we endorse that third party’s website, products or services. The Platform can forward information from third party services or provide links to such services. Any booking you make for travel related services on this Platform is made with a service provider and not Travaplan. Travaplan and this Platform only facilitate the making of reservations with the service provider and we are not liable or responsible for the fulfilment of any booking, for the performance of any service or for the acts or omissions of any third party service providers introduced through the Platform. Travaplan is not a party to the contract between you and the service provider and has no responsibility or liability (direct or indirect) to any party in respect of the terms of your contract with the service provider or any problems arising with the services provided pursuant to that contract or any other problems between you and the service provider. On making a booking for a service on the service provider’s platform you are bound by and deemed to have accepted the terms and conditions of the service provider.

EXCEPT TO THE EXTENT CONTRARY TO LAW NEITHER TRAVAPLAN NOR ANY OF OUR DIRECTORS, OWNERS, EMPLOYEES, AFFILIATES, TRAVEL PARTNERS OR OTHER REPRESENTATIVES WILL BE LIABLE FOR ANY DIRECT OR INDIRECT LOSS OR DAMAGES ARISING OUT OF, OR IN CONNECTION WITH YOUR USE OF ANY INFORMATION, PRODUCTS, SERVICES AND/OR THE MATERIALS OFFERED THROUGH THIS PLATFORM, INCLUDING BUT NOT LIMITED TO LOSS OF DATA, INCOME, PROFIT OR OPPORTUNITY, LOSS OF OR DAMAGE TO PROPERTY AND/OR CLAIMS OF THIRD PARTIES, OR ANY INDIRECT OR CONSEQUENTIAL LOSS OR DAMAGES HOWSOEVER ARISING, EVEN IF TRAVAPLAN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH LOSS OR DAMAGE OR SUCH LOSS OR DAMAGES WERE REASONABLY FORESEEABLE.

The listing of any travel information or services or link in this Platform is not and should not be taken as a recommendation from Travaplan or a warranty or representation that the travel information or services will be of a certain standard or suitable for your purpose. Travaplan shall in no way be liable to you in the event that the travel information or services are not suitable for your purpose. You should use your own discretion when utilising this information.

Service Access

While Travaplan endeavours to ensure that the Platform is accurate, up-to-date, free from bugs and normally available 24 hours a day, we cannot guarantee, nor do we promise the uninterrupted use by you of the Platform Travaplan shall not be liable if for any reason the Platform is unavailable at any time or for any period. Access to the Platform may be suspended temporarily and without notice in the case of system failure, maintenance or repair or for other reasons beyond Travaplan’s control. Furthermore, we cannot promise that the Platform will be fit or suitable for any purpose. Any reliance that you may place on the information on the Platform is at your own risk.  Any content in the Platform is provided for your general information purposes only and to inform you about us and our services and other websites that may be of interest.

Beta Testing Phase

Travaplan may operate a pilot version of the services/Platform (the “Test Version”) in the initial stages of its operations and business development (the “Beta Phase”) which it and you, as a user of the Platform, acknowledge is incomplete and subject to further developments and improvements, but has been released for testing and initial feedback to a limited number of initial users. Where you are being offered a Test Version, this will be clearly drawn to your attention by Travaplan upon commencement of the services and when you sign up to use the Platform. Travaplan reserves the right to provide you with regular updates as to the functionality of the Platform and the services and to develop, change and/or improve on the functionality and features of the Platform during the Beta Phase. Please note that all of the other provisions of this Privacy Policy (including but not limited to the sections headed Liability, Service Access and Disclaimer) apply to your usage of the Platform and the provision of and access to the services during the Beta Phase. An uninterrupted service cannot be guaranteed during the Beta Phase and the Platform may need to be temporarily shut down/rendered inaccessible from time to time during the Beta Phase. In the event of any loss to your personal information or data relating to trips which you have booked through the Platform during the Beta Phase, we will use our reasonable commercial efforts to recover all such information, but cannot guarantee that this will be possible. In signing up to use the Platform during the Beta Phase, you agree to provide Travaplan with feedback on our services and to be contacted by Travaplan for this purpose.

Customer Accounts

Customer Accounts are not available to minors (i.e. persons under 18 years of age) or any person who cannot legally agree to the terms of these Terms of Use. By accepting these terms, you confirm that you are capable of entering into a binding agreement. You must accurately complete any subscriber information requested by Travaplan. The Platform is intended to appeal to a broad audience, and therefore it is the responsibility of the parent or guardian to determine whether any use of the Travaplan services are appropriate for your child.

To open an account for usage of the Platform, you or the User must provide true and accurate information as required to complete the Registration Form available on our website and shall regularly update such information to keep it true and accurate by contacting us to notify us of any changes to such information at [email protected]

You or the User shall provide a valid email address and/or mobile phone number belonging to them and choose a password, and keep these details up to date, so that both Travaplan and the other members of your travelling group can communicate with you effectively.

We reserve the right to remove or change your or any User profile at any time if we deem it to be in breach of terms and conditions or of an inappropriate nature.

You are entirely responsible for the privacy, confidentiality and storage of email addresses and/or mobile phone number, and password used to access the system. All website activities that can be traced to the email address and password of you or any User are deemed as having been performed by you or the relevant User as the case may be. Travaplan does not assume any liability for content of messages sent and is exempt from any claim that may arise from third parties as a result of messages sent. Travaplan may temporarily disable access to Your or any User’s Account if You report unauthorized use.

You agree to notify Travaplan immediately of any unauthorized use of your or any Users account reported to you, to [email protected]

Payments on the Platform

The Platform makes a system for payments available via the Stripe platform. You will be asked by Stripe to read and agree to the Stripe terms when you first set up your stripe account.

Right to Unsubscribe

You can unsubscribe from the Platform at any time without incurring any fee, by contacting [email protected]. The cancellation of your membership with Travaplan will not affect or absolve you of any liability to third party service providers to make any payment and/or fulfil any contract to which you have agreed to be bound through the Platform or otherwise.

Intellectual Property Rights and Limited License

The Platform and all intellectual property rights in it, including but not exclusive to, content, text, graphics, images, trade names, domain names, design rights, database rights, patents, structure, photographs, buttons, artwork and computer code and all other intellectual property rights of any kind whether or not they are registered or unregistered (anywhere in the world) is owned by Travaplan and is only available to you for personal purposes. Nothing in these terms and conditions grants you any legal rights in the Platform other than are as necessary to enable you to access the Platform. Unless you have received written consent from Travaplan to the contrary, you may only use the Platform and its content for personal, non­commercial purposes. You do not have permission to modify copy, distribute, collate, transfer, reproduce or display any of the above for personal or business use. In particular, by proceeding to access this Platform, you agree:

  • Not to use the Platform to make any speculative or false reservation;
  • Not to use the Platform to research suppliers or suppliers pricing;
  • Not to use the name “Travaplan” or any Travaplan branding for commercial or any other purposes without obtaining prior written permission from Travaplan;
  • Not to reproduce material from this Platform (Website’s) for commercial or any other purposes.

Disclaimer

This Platform is made available to You and Users as it is and Travaplan makes no warranties or representations that (i) this Platform or the technology (servers etc.) making it available and supporting it will be without fault or defects or (ii) the information posted on this Platform is free from infection by viruses or anything else with contaminating or destructive properties. Travaplan accepts no liability for any infection or effects from harmful applications such as, but not limited to, viruses, Trojans, tampering, fraud or theft, error, technical failure, omissions, delay, unauthorised access or any event which corrupts the acceptable administration, communication and integrity of this Platform.

Waiver

Our failure to enforce at any time or for any period any one or more of the Terms of Use shall not be a waiver of them or the rights attaching to any of them.

Headings

The headings used in these Terms of Use are for reference only and shall not affect the meaning or scope of these Terms of Use. Travaplan is a business name owned by Travaplan Limited and all references to Travaplan in these Terms of Use are deemed to include reference to Travaplan Limited.

Modification of Terms of Use.

Travaplan reserves the right to change/modify the Terms of Use and the contents of this Platform for any reason and without prior notice and without liability to you, any other User or any third party. This right shall not affect the Terms of Use accepted by you or any User, upon making a legitimate booking or purchase using this Platform. You should check these Terms of Use, which will be posted on our website, for any changes/modifications each time you access the Platform. By continuing to use the website after we have posted changes/modifications to these Terms of Use, you are indicating that you agree to be bound by the modified Terms.

The service provider may from time to time change its terms and conditions (which are available on their websites) upon which the service provider makes the reserved service available to you. Travaplan is not responsible and shall have no liability if the service provider’s terms and conditions available on this Platform have been or are changed by the service provider.

General Terms and Conditions.

The Terms of Use and your use of and access to this Platform are governed by the laws of the Republic of Ireland. The courts of the Republic of Ireland shall have exclusive jurisdiction over all disputes arising between you and Travaplan out of or relating to your use of this Platform. Use of this Platform is unauthorised in any jurisdiction that does not give effect to all provisions of the Terms of Use including without limitation this paragraph. You agree that no relationship, partnership, employment, or agency relationship exists between you and Travaplan as a result of the Terms of Use or your use of this Platform. Our performance of the Terms of Use is subject to existing laws and legal process and nothing contained in these Terms of Use shall prevent Travaplan complying with any law enforcement or governmental authorities requests or requirements relating to your use of this Platform or information provided to or gathered by Travaplan with respect to such use and Travaplan shall have no liability in respect of such compliance.

Client’s Undertaking/Restrictions

You agree that you are responsible and liable for all other Users who utilise the Platform and services through you, with or without your consent. While we make every effort to ensure that User Uploaded Data is secure at all times, you likewise recognize that there are instances that may damage, corrupt, delete or in any way alter User Uploaded Data that are beyond our control.  Therefore, you accept responsibility for backing up any data, software, information and any other files. Under no circumstance shall we be held responsible for any server breaches, intercepted data, loss of data or any other analogous circumstances. Although Travaplan cannot monitor the conduct of its customers or Users offsite, it is a violation of these Terms of Use for You or Users to use any information obtained from this Platform in order to harass, abuse or harm other persons, or in order to contact, advertise to, solicit or sell to any User or person without their prior express consent.

You agree to refrain from using the Platform:

  1. in excess of, or beyond, the agreed purpose;
  2. to distribute, sell, license, provide or otherwise make our services available to third parties without our consent;
  3. to store or transmit material or information that is infringing, libelous, defamatory, obscene, fraudulent, false or contrary to the ownership or intellectual property rights of any other person or otherwise harmful, unlawful or tortious, or in violation of any third party privacy or other rights;
  4. in any way that is in violation of any applicable law, rule or regulation;
  5. to transmit viruses, malware, or other malicious code in the Platform;

It is prohibited to modify, reverse-engineer, or otherwise manipulate, interfere with or disrupt our services. In order to ensure the integrity of our services, we reserve the right at any time in our sole discretion to block You or Users from certain IP addresses from accessing the Platform.

You agree to hold harmless and indemnify us and our subsidiaries, affiliates, officers, agents and employees from and against any third party claim arising from or in any way related to your breach of these Terms of Use, or your violation of any law or the rights of a third party, or your use of our services, including any liability or expense arising from all claims, losses, damages (actual or consequential), suits, judgments, litigation costs and attorneys’ fees, of every kind and nature. Nothing in these Terms of Use shall be deemed to exclude or limit your liability in respect of any indemnity given by you under these Terms of Use.

Privacy

Our Privacy Policy also applies to your use of the Platform/site and sets out the terms on which we process any Personal Data we collect from you or any User, or that you or any User provides to us. You and each User will be required to expressly accept these Terms of Use and our Privacy Policy before first accessing (or before continuing to access) our service through your account. If you do not agree to these Terms of Use and our Privacy Policy you must leave our website immediately. If you choose to accept these Terms of Use and our Privacy Policy, we will keep a record of your acceptance in this regard.

Amendment

Travaplan reserves the right in its sole discretion to amend these Terms of Use at any time and you should regularly check this Terms of Use for any amendments.

If you have any questions about these Terms of Use or should you wish to make a complaint, please write to:

By email to [email protected] or

By post to, 43 Dundela Park Sandymount, Co Dublin. Ireland

We will endeavour to deal with any questions or complaints raised within 10 working days.

Waiver and Severability

Our failure to exercise any rights under this privacy policy shall not constitute or be deemed a waiver or forfeiture of such rights or a waiver or forfeiture of such rights in the future. If any part of this privacy policy is determined to be invalid or unenforceable pursuant to applicable law including, but not limited to, the warranty disclaimers and liability limitations set forth above, then the invalid or unenforceable provision will be deemed superseded by a valid, enforceable provision that most closely matches the intent of the original provision and the remainder of the privacy policy shall continue in effect.

Governing Law

These Terms of Use are governed by the laws of the Republic of Ireland. The courts of the Republic of Ireland shall have exclusive jurisdiction over all disputes arising between you and Travaplan in relation to these Terms of Use.

APPENDIX 1: DATA PROTECTION APPENDIX

TO GOVERN RELATIONSHIP BETWEEN TRAVAPLAN AS DATA PROCESOR AND YOU AS DATA CONTROLLER

  1. Definitions

1.1          The following definitions and rules of interpretation apply in this Clause.

Appropriate Technical and Organisational Measures: has the meaning given to such term in Data Protection Legislation (including, as appropriate, the measures referred to in Article 32(1) of the GDPR).

Authorised Person: the personnel authorised on Your behalf to provide instructions to Us in relation to the Processing provisions in this Clause.

Business Day: a day other than a Saturday, Sunday or public holiday in India when banks are open for business.

Business Purpose: the provision of the services as provided for in our Terms of Use.

Data: any data or information, in whatever form, including but not limited to images, still and moving, and sound recordings.

Data Controller: has the meaning given to such term in Data Protection Legislation.

Data Processor: has the meaning given to such term in Data Protection Legislation.

Data Protection Legislation: means the Data Protection Acts 1988 to 2018  and any other applicable law or regulation relating to the processing of personal data and to privacy (including the E-Privacy Directive and the European Communities (Electronic Communications Networks and Services) (Privacy and Electronic Communications) Regulations 2011 (“E-Privacy Regulations”), as such legislation shall be supplemented, amended, revised or replaced from time to time, including by operation of the General Data Protection Regulation (EU) 2016/679 (“GDPR”) (and laws implementing or supplementing the GDPR, and laws amending or supplementing the E-Privacy Regulations).

Data Protection Officer: a data protection officer appointed pursuant to Data Protection Legislation.

Data Subject: an individual who is the subject of Personal Data (including any User).

Delete: to remove or obliterate Personal Data such that it cannot be recovered or reconstructed.

EEA: European Economic Area.

GDPR: General Data Protection Regulation (EU) 2016/679.

Normal Business Hours: 9.00am to 5.00 pm in Dublin, Ireland.

ODPC: Office of the Data Protection Commissioner, Canal House, Station Road, Portarlington, Co. Laois, R32 AP23, Ireland.

Our System: any information technology system or systems owned or operated by Us to which User Uploaded Data is delivered or on which our services are performed.

Personal Data: has the meaning set out in Data Protection Legislation and relates only to personal data, or any part of such personal data, in respect of which You are the Data Controller, and in respect of which We are the Data Processor.

Personal Data Breach: means any “personal data breach” as defined in the GDPR in respect of the Personal Data which is caused by Us.

Processed Data: any of User Uploaded Data that has been Processed by Us.

Processing: has the meaning given to such term in Data Protection Legislation, and Processed and Process shall be interpreted accordingly.

Representatives: a Party’s employees, officers, representatives, advisers or subcontractors involved in the provision or receipt of our services.

Restricted Transfer: any transfer of Personal Data to countries outside of the EEA which are not subject to an adequacy decision by the European Commission, where such transfer would be prohibited by Data Protection Legislation.

Security Features: any security feature, including any encryption, pseudonymisation, key, PIN, password, token or smartcard.

Specific Instructions: instructions meeting the criteria set out in Clause 2.1 of this Section.

Standard Contractual Clauses: the contractual clauses dealing with the transfer of Personal Data outside the EEA, which have been approved by (i) the European Commission under Data Protection Legislation, or (ii) by the ODPC or an equivalent competent authority under Data Protection Legislation.

Sub-processor: has the meaning given to such term in Clause 12.1 of this Section.

Term: the duration of the provision of our services

User Uploaded Data: the User Uploaded Data (NPD) and User Uploaded Data (PD).

User Uploaded Data (NPD): all Data uploaded during the Term by You or any User from time to time in respect of use of the services other than User Uploaded Data (PD).

User Uploaded Data (PD): the Personal Data uploaded during the Term by You or any User from time to time in respect of use of the services, and any other Personal Data Processed by Us on behalf of You or any User.

  1. Services

2.1          We shall not act on any specific instructions given by You from time to time during the Term in       respect of Processing unless they are:

2.2.1       in writing (including by electronic means); and

2.2.2       given by an Authorised Person.

2.3          We shall Process User Uploaded Data (PD) for the Business Purpose only and in compliance with Your     instructions from time to time, which may be:

2.3.1       Specific Instructions; or

2.3.2       the general instructions set out in these Terms of Use

unless required to do otherwise by law, in which case, where legally permitted, We shall inform You of such legal requirement before Processing.

2.4          The types of Personal Data to be Processed pursuant to these Terms of Use shall include (but shall not      be limited to) Personal Data uploaded by you or other Users through use of the services, and may be    any information, data or materials provided or utilized by you or Users in connection with the services,                including, without limitation, user credentials, and any other Personal Data contained in your or User’s websites, applications or in tests created by you or a User in connection with the services; and the                categories of Data Subject to whom such Personal Data relates shall include Users.

  1. Parties’ obligations

3.1          We shall:

3.1.1       only make copies of User Uploaded Data to the extent reasonably necessary for the Business Purpose      (which, for clarity, may include for generating logs in relation to your use of the services, back-up,          mirroring (and similar availability enhancement techniques), security, disaster recovery and testing the services); and

3.1.2       not extract, reverse-engineer, re-utilise, use, exploit, redistribute, re-disseminate, copy or store       User Uploaded Data other than for the Business Purpose.

3.2          We shall notify You in writing without delay of any situation or envisaged development that shall in any       way change the ability of Us to Process User Uploaded Data (PD) as set out in these Terms of Use.

3.3          In general, User Uploaded Data and any logs created by us relating to User Uploaded Data will be kept      and stored for 60                 days from the date of upload/creation, after which point it will then be automatically          deleted by Us. Notwithstanding this, we shall, at Your cost and taking into account the nature of Our      Processing of Personal Data, promptly comply with any written request from You requiring Us to amend,     transfer or Delete any of User Uploaded Data in advance of the expiration of this 60 day period.

3.4          At Your request and cost, We shall provide to You a copy of all User Uploaded Data held by Us in a              commonly used format.

3.5          At Your request and cost, taking into account the nature of Our Processing of the Personal Data and             the information available, We shall provide to You such information and such assistance as You may       reasonably require, and within the timescales reasonably specified by You, to allow You to comply with          Your obligations under Data Protection Legislation, including but not limited to assisting You to:

3.5.1       comply with Your own security obligations with respect to the Personal Data;

3.5.2       discharge Your obligations to respond to requests for exercising Data Subjects’ rights with              respect to the Personal Data;

3.5.3       comply with Your obligations to inform Data Subjects about serious Personal Data Breaches;

3.5.4       carry out data protection impact assessments and audit data protection impact assessment            compliance with respect to the Personal Data; and

3.5.5       the consultation with the ODPC following a data protection impact assessment, where a data         protection impact assessment indicates that the Processing of the Personal Data would result in a high              risk to Data Subjects.

3.6          Any proposal by Us to in any way use or make available User Uploaded Data other than as provided for     pursuant to these Terms of Use shall be subject to prior written approval of You.

3.7          You acknowledge that We are under no duty to investigate the completeness, accuracy or               sufficiency of (i) any instructions received from You, or (ii) any User Uploaded Data.

3.8          You shall:

3.8.1       ensure that You are entitled to transfer User Uploaded Data (PD) to Us so that We may lawfully process and              transfer (if applicable) User Uploaded Data (PD) in accordance with these Terms of Use;

3.8.2       ensure that the relevant Data Subjects have been informed of, and have given their consent to,     such use, processing, and transfer as required by Data Protection Legislation;

3.8.3       notify Us in writing without delay of any situation or envisaged development that shall in any way influence, change or limit the ability of Us to process User Uploaded Data (PD) as set out in these      Terms of Use;

3.8.4       ensure that User Uploaded Data (PD) that You instructs Us to Process pursuant to these Terms of Use        is:

(a)           obtained lawfully, fairly and in a transparent manner in relation to the Data Subject (including in    respect of how consent is obtained);

(b)           collected and processed for specified, explicit and legitimate purposes, and not further processed in a        manner incompatible with those purposes;

(c)           adequate, relevant and limited to what is necessary in relation to the purposes for which it is          processed;

(d)           accurate, and where necessary kept up to date;

(e)           erased or rectified without delay where it is inaccurate, having regard to the purposes for which they are     processed;

(f)            kept in a form which permits identification of Data Subjects for no longer than is necessary for the                purposes for which the Personal Data are processed (subject to circumstances where Personal              Data may be stored for longer periods insofar as it will be processed solely for archiving purposes in the             public interest, scientific or historical research purposes or statistical purposes, and subject to the        implementation of Appropriate Technical and Organisational Measures);

(g)           processed in a manner that ensures appropriate security of the Personal Data, including protection              against unauthorised or unlawful processing and against accidental loss, destruction or damage,        using Appropriate Technical and Organisational Measures; and

3.8.5       provide such information and such assistance to Us as We may reasonably require, and within the              timescales reasonably specified by Us, to allow Us to comply with Our obligations under Data                 Protection Legislation.

3.9          User Uploaded Data (PD) passed to Us for Processing shall not be kept by You for a period that is                longer    than necessary.

  1. Our employees

6.1          We shall take reasonable steps to ensure the reliability of all Our employees who have access to User Uploaded Data (PD), and to ensure that such employees have committed themselves to a binding              duty of confidentiality in respect of User Uploaded Data (PD).

  1. Records

5.1          We shall keep at Our normal place of business records (including in electronic form) relating to all               categories of Processing activities carried out on behalf of You, containing:

5.1.1       the general description of the security measures taken in respect of the Personal Data, including details of any Security Features and the Appropriate Technical and Organisational Measures;

5.1.2       the name and contact details of Us; any sub-supplier; and where applicable Our representatives; and          where applicable any Data Protection Officer appointed by Us;

5.1.3       the categories of Processing by Us on behalf of You; and

5.1.4       details of any non-EEA Personal Data transfers, and the safeguards in place in respect of such     transfers.

  1. Audits

6.1          Subject to Clause 6.2, 6.3 and 6.5, and to the extent required by Data Protection Legislation, You shall         have the right to examine and review the use by Us of User Uploaded Data provided to Us by You only     for the purpose of ascertaining that User Uploaded Data has been used and Processed in        accordance           with the terms of these Terms of Use.

6.2          An audit under this Clause 6 shall be carried out on the following basis: (i) You must first contact Us             by email asking for evidence of compliance with Our obligations under these Terms of Use, and We               shall respond to such email within 30 Business Days; (ii) if We have not responded to Your   email with a response which is reasonably satisfactory to You within such 30 Business Day                 period then, no more than once in any twelve (12) month period and during Normal Business        Hours during the course of one Business Day You may audit Our Processing of Your Personal                Data at a location agreed by Us. You shall bear the reasonable expenses incurred by Us in               respect of any such audit and any such audit shall not interfere with the normal and efficient                 operation of Our business. We may require, as a condition of granting such access, that You (and                 representatives of You) enter into reasonable confidentiality undertakings with Us.

6.3          The scope of any examination and review by You of the use by Us of the Personal Data shall be   agreed in writing prior to the commencement of any such examination and review.

6.4          In the event that the audit process determines that We are materially non-compliant with our          obligations under this Section, You may, by notice in writing, deny further access to User Uploaded      Data.

6.5          To the extent permitted under Data Protection Legislation, We may demonstrate Our and, if            applicable Our Sub-processors’, compliance with Our obligations under this Section through Our      compliance with a certification scheme or code of conduct approved under Data Protection      Legislation.

  1. Data Subject Requests

7.1          Taking into account the nature of Our Processing of the Personal Data and at Your cost, We shall assist You by employing Appropriate Technical and Organisational Measures, insofar as this is possible, in respect of the fulfilment of Your obligations to respond to requests from a Data     Subject exercising his/her rights under Data Protection Legislation.

7.2          We shall, at Your cost, notify You as soon as reasonably practicable if We receive:

7.2.1       a request from a Data Subject for access to that person’s Personal Data (relating to the services);

7.2.2       any communication from a Data Subject (relating to the services) seeking to exercise rights           conferred on the Data Subject by Data Protection Legislation in respect of Personal Data; or

7.2.3       any complaint or any claim for compensation arising from or relating to the Processing of such     Personal Data.

7.3          We shall not disclose the Personal Data to any Data Subject or to a third party other than at the      request of You, as provided for in these Terms of Use, or as required by law in which case We shall to                 the extent permitted by law inform You of that legal requirement before We discloses the Personal            Data to any Data Subject or third party.

7.4          We shall not respond to any request from a Data Subject except on the documented instructions of You      or an Authorised Person or as required by law, in which case We shall to the extent permitted by law           inform You of that legal requirement before We respond to the request.

  1. Data Protection Officer

8.1          We shall appoint a Data Protection Officer, if required to do so pursuant to Data Protection              Legislation, and provide You with the contact details of such Data Protection Officer.

8.2          You shall appoint a Data Protection Officer, if required to do so pursuant to Data Protection             Legislation, and provide Us with the contact details of such Data Protection Officer.

  1. Security

9.1          We shall, in accordance with Our requirements under Data Protection Legislation, implement        Appropriate Technical and Organisational Measures to safeguard the User Uploaded Data (PD) from          unauthorised or unlawful Processing or accidental loss, alteration, disclosure, destruction or                damage, and that, having regard to the state of technological development and the cost of                 implementing any measures (and the nature, scope, context and purposes of Processing, as well                as            the risk to Data Subjects), such measures shall be proportionate and reasonable to ensure a level of             security appropriate to the harm that might result from unauthorised or unlawful Processing or         accidental loss, alteration, disclosure, destruction or damage and to the nature of the Personal        Data to be protected.

9.2          We shall ensure that User Uploaded Data provided by You can only be accessed by persons and                 systems                 that are authorised by Us and necessary to meet the Business Purpose, and that all equipment             used by Us for the Processing of User Uploaded Data shall be maintained by Us in a physically secure            environment.

9.3          You shall make a back-up copy of User Uploaded Data as often as is reasonably necessary and record the               copy on media from which User Uploaded Data can be reloaded in the event of any corruption or loss of   User Uploaded Data.

  1. Breach reporting

10.1        We shall promptly inform You if any of User Uploaded Data is lost or destroyed or becomes damaged,       corrupted, or unusable, or if there is any accidental, unauthorised or unlawful disclosure of or                access to any of User Uploaded Data. In such case, We will use Our reasonable endeavours to restore           User Uploaded Data at Your expense (save where the incident was caused by Our negligent act or       omission, in which case it will be at Our expense), and will comply with all of Our obligations          under Data Protection Legislation in this regard[1].

10.2        We must inform You of any Personal Data Breaches, or any complaint, notice or communication in              relation to a Personal Data Breach, without undue delay. Taking into account the nature of Our              Processing of the Personal Data and the information available to Us and at Your cost We will provide          sufficient information and assist You in ensuring compliance with Your obligations in relation to              notification of Personal Data Breaches (including the obligation to notify Personal Data Breaches to the      ODPC within seventy two (72) hours), and communication of Personal         Data Breaches to Data       Subjects where the breach is likely to result in a high risk to the rights of      such Data Subjects. Taking into       account the nature of Our Processing of the Personal Data and the information available to Us and at   Your cost, We shall co-operate with You and take such reasonable commercial steps as are directed by            You to assist in the investigation, mitigation and remediation of each such Personal Data Breach.

  1. Restricted transfers

11.1        A Restricted Transfer may not be made by Us (other than transfers to our Affiliates and by any       agents and contractors for the purposes of performing the services, and You shall endeavour to           obtain explicit consent from relevant Data Subjects in respect of such potential transfers) without the                prior written consent of You (such consent not to be unreasonably withheld, delayed or                    conditioned), and if such consent has been obtained (or is unnecessary), such Restricted Transfer may      only be made where there are Appropriate Technical and Organisational Measures in place with regard           to the rights of Data Subjects (including but not limited to the Standard Contractual Clauses, Privacy Shield, binding corporate rules, or any other model clauses approved by the ODPC).

11.2        Subject to Clause 11.3, in the event of any Restricted Transfer by Us to a contracted Sub-                processor, to         any Affiliate of You or otherwise (“Data Importer“) for which your consent has been obtained (or is     unnecessary), We and You shall procure that (i) You (where the Restricted Transfer is being made at the request of You) or Us acting as agent for and on behalf of You (where the Restricted              Transfer is being made at the request of Us), and (ii) the Data Importer,                shall enter into the Standard                 Contractual Clauses in respect of such Restricted Transfer.

11.3        Clauses 11.1 or 11.2 shall not apply to a Restricted Transfer if other compliance steps (which may               include, but shall not be limited to, obtaining explicit consents from Data Subjects) have been taken to               allow the relevant Restricted Transfer to take place without breach of applicable Data Protection    Legislation.

  1. Sub-processors

12.1        You agree and acknowledge that We may have User Uploaded Data Processed by any of Our Affiliates and by any agents and contractors for the purpose of providing the Service (a “Sub-processor”). A list of the categories of Sub-processors used by Us if relevant is maintained on our website at www.travaplan.com If you object to such sub-processing arrangements, then You should confirm this to Us and, if you do so confirm, You acknowledge that You may no longer be able to avail of some or all of Our services.

12.2        We must enter into a data processing contract with the Sub-processor which places the same data               protection obligations on the Sub-processor as We have in these Terms of Use (in particular,                 providing sufficient guarantees to implement Appropriate Technical and Organisational Measures in   such a manner that the Processing will meet the requirements of Data Protection                 Legislation).

12.3        With respect to each Sub-processor, We shall, before the Sub-processor first Processes Your         Data (PD), ensure that the Sub-processor is capable of providing the level of protection for Your            Data (PD) required by these Terms of Use.

12.4        We will remain fully liable to You in respect of any failure by the Sub-processor to fulfil its data      protection obligations in this regard.

  1. Warranties

13.1        We warrant and undertake to You that:

13.1.1     We will Process User Uploaded Data in compliance with our obligations under Data Protection     Legislation;

13.1.2     We will maintain Appropriate Technical and Organisational Measures against the unauthorised or                unlawful Processing of User Uploaded Data (PD) and against the accidental loss or destruction of, or                damage to, User Uploaded Data (PD); and

13.1.3     We will discharge Our obligations under this Section with all due skill, care and diligence.

13.2        You hereby warrant and undertake that:

13.2.1     You have complied with and shall comply with Your obligations under Data Protection Legislation;

13.2.2     You have the right to transfer (or to authorise Users to transfer) User Uploaded Data (PD) to Us in                 accordance with the terms of these Terms of Use;

13.2.5     Your instructions that are set out in this Section accurately reflect the instructions of the Data           Controller to the extent that We are a Data Processor on behalf of the Data Controller;

13.2.6     You shall and shall cause, appropriate notices to be provided to, and valid consents to be               obtained                from, Data Subjects, in each case that are necessary for Us to Process (and have Processed by        Sub-processors) Personal Data under or in connection with these Terms of Use,              including Processing          outside the EEA on the basis of any of the legal conditions for such transfer and Processing set out in   Clause 11 above;

13.2.7     You shall not, by act or omission, cause Us to violate any Data Protection Legislation, notices         provided to, or consents obtained from, Data Subjects as a result of Us or Our Sub-processors   Processing the Personal Data; and

13.2.8     notwithstanding anything contained in these Terms of Use, You shall pay in immediately available               funds Our costs incurred or likely to be incurred, at Our option in advance under this Section        (where matters are to be at Your cost).

  1. Indemnity

14.1        You (the “Indemnifying Party”) agree to indemnify and keep indemnified and defend at Your own                expense Us (the “Indemnified Party”) against all costs, claims, damages or expenses incurred by               the          Indemnified Party or for which the Indemnified Party may become liable due to any failure by the               Indemnifying Party or its employees or agents to comply with any of its obligations under this               Section and/or under Data Protection Legislation.

14.2        If any third party makes a claim against the Indemnified Party, or notifies an intention to make a    claim against the Indemnified Party, the Indemnified Party shall: (i) give written notice of the                 claim against the Indemnified Party to the Indemnifying Party as soon as reasonably practicable; (ii)                 not make any admission of liability in relation to the claim against Indemnified Party without the prior                 written consent of the Indemnifying Party; (iii) at the Indemnifying Party’s request and expense, allow          the Indemnifying Party to conduct the defence of the claim against the Indemnified Party including     settlement; and (iv) at the Indemnifying Party’s expense, co-operate and assist to a reasonable extent                 with the Indemnifying Party’s defence of the claim against the Indemnified Party.

  1. Limitation of liability

15.1        Unless required to do so by the ODPC or any other competent supervisory authority, We shall not                 make any payment or any offer of payment to any Data Subject in response to any complaint or any    claim for compensation arising from or relating to the Processing of User Uploaded Data,                without the            prior written agreement of You.

15.2        You acknowledge and agree that We are reliant on You for direction as to the extent to which We are           entitled to use and process User Uploaded Data (PD). Consequently, We will not be liable for any   claim brought by a Data Subject arising from any action or omission by Us, to the extent that    such action or omission resulted directly from Your instructions and/or the transactions contemplated                 by this Section.

  1. Consequences of termination on User Uploaded Data. Upon termination or expiry of these Terms of Use, at   the choice of You, We shall Delete or return all User Uploaded Data to You and Delete existing              copies of User Uploaded Data, unless legally required/entitled to store User Uploaded Data for a period        of time. If You make no such election within a ten (10) day period of termination or expiry of these           Terms of Use, We may Delete any of User Uploaded Data in our possession; and if You elect for                 destruction rather than return of User Uploaded Data, We shall as soon as reasonably practicable                ensure that all User Uploaded Data is Deleted from Our System, unless legally required/entitled to store         User Uploaded Data for a period of                time.

Interested?

Are you interested in TravaPlan? Please complete the form below and a member of our team will contact you.