We’re creating a more connected travel industry, underpinned by sustainability and long-term investor relations.
|Basic information about the porcessing of personal data|
|Data controller||Amadeus IT Group, S.A.
C/Salvador de Madariaga 1, 28027 Madrid, Spain
|Purpose of processsing personal data||Amadeus customers - to provide Amadeus products and services, manage accounts and manage Amadeus’s relationship with Amadeus Customers;
Amadeus service providers - to manage accounts and manage Amadeus relationship with service providers;
|Legal grounds for processing||Performance of a Contract
|Recipients of the personal data||Amadeus Affiliates, Third Party Service Providers who may include professional advisers; Regulators and authorities where disclosure required by law;|
|Legal rights||You have a right to access, review and restrict processing of Personal Information and the right to lodge a complaint with a supervisory authority.|
This Privacy Notice describes how Amadeus (“Amadeus”) collect and process personal data provided by Amadeus Business Partners. Personal data provided by Amadeus Business Partners includes personal data of employees, contractors and other points of contact from companies or organizations which Amadeus has a commercial relationship with; this includes personal data (not including personal data of travelers) provided by Amadeus GDS Users (such as, airlines, hotels and travel agencies); other companies and organizations that may use non GDS Amadeus services; third party service providers (collectively these are referred to in this Privacy Notice as “Amadeus Business Partners.”).
This Privacy Notice does not apply to personal data that may be collected or processed by Amadeus for other purposes, such as through Amadeus websites; Amadeus HR or recruitment services; or personal data of travelers included in travel information processed in the Amadeus global distribution system (“Amadeus GDS”). Where personal data is collected for other purposes, the relevant privacy notice will be provided explaining the purpose the personal data is being processed for.
This Amadeus Business Partners Privacy Notice applies to personal data Amadeus process that relates to personal data provided by Amadeus customers or Amadeus business partners globally. Processing of Amadeus Business Partner personal data may be subject to agreements between Amadeus and Amadeus Business Partners. Other information that is not personal data will be processed in accordance with the contractual agreements with Amadeus Business Partners. This Amadeus Business Partners Privacy Notice should be read together with other privacy notices that may be provided on specific occasions when personal data is collected or processed. This Amadeus Business Partners Privacy Notice supplements other Privacy Notices and is not intended to override them.
Amadeus Group is made up of different legal entities that are all under the control of Amadeus IT Group S.A. This privacy notice is issued on behalf of Amadeus Group. When a reference is made to Amadeus it refers to the relevant company in the Amadeus group responsible for processing personal data. Where a specific privacy notice has been provided, the details of the Amadeus entity which is data controller will be provided in the specific privacy notice, in the absence of a specific privacy notice, Amadeus IT Group S.A. is the data controller of the personal data.
Amadeus have a Chief Privacy Officer who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights as described below, please contact the Chief Privacy Officer using the details set out below.
Personal Data means information about an identified or identifiable individual. It does not include information where an individual cannot be identified e.g. non-personal or aggregated data.
Amadeus process personal data that is collected from individuals and personal data that is provided by Amadeus Business Partners and from third parties.
Amadeus process different kinds of personal data that can be grouped together as follows:
Amadeus use the personal data to provide services that an Amadeus Business Partner has requested, provide support, protect the security of Amadeus products and services and Amadeus Business Partners; to perform internal business processes (such as testing and quality assurance); and other uses compatible with providing the services; for marketing and communication personal data is used to personalise the content of communications;
The legal basis for processing personal data is
Amadeus may share personal data with its affiliates, agents and third party service providers such as suppliers of information technology services, security services and legal, financial/accounting and other similar professional advisers.
Amadeus may also share personal data with third parties, if Amadeus choose to sell, transfer, or merge parts of the business or assets. If there is a change of control of the business those who purchase the business or part of may use personal data in the same way as set out under this privacy notice.
Where such disclosure takes place Amadeus require the appropriate technical and organizational security measures to be in place to protect personal data and for personal data to be processed lawfully.
Amadeus only allow affiliates and third party service providers to process personal data on behalf of Amadeus for specified purposes and in accordance with Amadeus instructions.
Further information on the affiliates and third party service providers that Amadeus use to process personal data on their behalf can be requested through the contact details set out below in the section legal rights. When requesting this information please make a reference to information about affiliates and third party service providers so that the relevant information can be provided.
Amadeus may also disclose personal data as required by law, subpoena, or regulation; when requested by government or law enforcement authorities or as otherwise required or permitted by law.
When Amadeus share your personal data with its affiliates and third party service providers who process personal data on behalf of Amadeus this will involve transferring personal data outside the EEA. When personal data is transferred to another country it will continue to receive adequate protection through contractual or other arrangements put in place with Affiliates and third party service providers. For these transfers at least one of the following appropriate safeguards will be implemented;
Further information on the appropriate safeguards used when transferring personal data outside the EEA can be requested through the contact details set out below in the section legal rights. When requesting this information please make a reference to the transfer of personal data outside the EEA.
Amadeus has taken the appropriate technical and organizational security measures to protect personal data from loss or unlawful processing. When Personal Data is processed on behalf of Amadeus access is limited to those who have a business need to know, Personal Data will be processed in accordance with the instructions of Amadeus and those who have access are subject to a duty of confidentiality.
Amadeus have in place procedures to deal with any suspected personal data breach and will notify individuals and any applicable regulator of a breach where they are legally required to do so.
Amadeus retains personal data for as long as necessary to fulfil the purposes it was collected for including for the purposes of satisfying any legal, accounting or reporting requirements.
Details of retention periods for different kinds of personal data can be found in specific privacy notices or are available upon request through the contact details below.
Under certain circumstances individuals can exercise rights under data protection laws. Individuals can exercise these rights relating to their own personal data, or contact Amadeus for data protection related questions, by email to email@example.com or write to Chief Privacy Officer, Amadeus IT Group, S.A. C/Salvador de Madariaga 1, 28027 Madrid, Spain.
For the following rights please make a reference to the following in the request:
Amadeus will require authentication of the identity of the individual to exercise rights under data protection laws and may require additional information to assist in responding to requests.
Amadeus intends to carefully address any request and/or claim from you, as well as carefully process personal data. You are entitled to file any claim or complaint before the relevant data protection authorities, if the answer provided by Amadeus does not meet your expectations.
This Privacy Notice is published by Amadeus IT Group SA. This Privacy Notice may be changed at any time. The date it was last updated is shown here April 30, 20.