BCD Travel Services B.V. ("IATA", "IATAN", "ARC", "we", "our", or "us"), as controller of your personal data, respects your privacy and is committed to complying with this Policy. This Policy describes how we, as a travel management and related services company, collect and use the personal data that you, the company which you are an employee of or are otherwise traveling on behalf of ("Company"), or third parties provide to us.
What is the scope of this Policy?
This Policy describes what personal data we collect about you, how we collect it, how we use it, with whom we may share it, and what choices you have regarding our use of your personal data. We also describe the measures we take to protect the security of your personal data and how to contact us.
Our privacy practices vary across the countries in which we operate to reflect local legal requirements. IATAN, and ARC comply with applicable data protection laws in the jurisdictions in which they operate in their handling of personal data.
What personal data do IATAN and ARC collect?
[Please refer to your specific service agreement for detailed data collection specifics]
In general, the personal data collected may include identification and contact details, travel credentials and documents (e.g., IATA numbers, IATAN numbers, ARC settlement data), employment and company information, travel and booking details, and payment or billing information.
How do IATAN and ARC use personal data and on which legal bases?
IATAN and ARC collect and use your personal data for specified, explicit, and legitimate purposes as described in this Policy and do not process your personal data further in a manner that is incompatible with those purposes.
Your personal data may be used to provide travel management services, facilitate bookings and ticketing, ensure compliance with legal and regulatory obligations, investigate and prevent fraud or misuse of services, and communicate relevant information about our services.
IATAN and ARC retain personal data for the period necessary to fulfill the purposes outlined in this Policy, unless a longer retention period is required or permitted by applicable law. In determining how long to retain personal data, we consider the necessity of the data for the provision of our services, applicable laws and regulations, and our legal obligations. Records may be retained to investigate or defend against potential legal claims. Once the data is no longer necessary, it will be securely deleted.
