Soluçoẽs
- Agentes de Viagens
  - Produtos
  - Conteúdo
    - Hotel Content
    - Veja todo o conteúdo de viagens
- Produtos para Agentes de Viagens
  
  Produtos exclusivos para agentes de viagens, oferecendo soluções personalizadas para otimizar vendas e atender clientes com excelência.
  Todos os produtos do agentes de viagens

Amadeus Privacy Statement

Last updated - September 2022

Basic information about the processing of Personal Information

Basic information about the processing of Personal Information
Data Controller	AMADEUS IT GROUP, S.A. will be the data controller for data processing activities related to this website (“Amadeus”).
Purpose of Personal Information Processing	Amadeus will be the data controller for processing your personal data for the purposes of making the Site available to you, as well as for any processing of personal data carried out based on the Terms and Conditions, specific forms made available to you and/or the sending of commercial communications as well as for the purposes of improving the Site (as applicable).
Legal Grounds for Processing	The legal basis by which we will process your personal data is: (i) the performance of a contract with you, governed by the Terms and Conditions, by specific forms used when collecting your data; (ii) your consent when subscribing to our commercial communications (if applicable) and/or; (iii) Amadeus’ legitimate interest for the purposes of research, analytical and statistical improvements.
Information Amadeus collects from you	IP address Information collected through cookies (as applicable) If shared by you: (i) name and surname; (ii) e-mail address; (iii) company name; (iv) address and country; (v) phone number; and/or (vi) position or business title. Other information you may share with us based on specific forms.
Recipients of the Personal Information	We may share personal data with Amadeus affiliates, who, due to the nature of the services Amadeus provides as a global travel technology supplier, may be in any location around the world. We may also disclose your information to third parties, business partners, suppliers, subcontractors, and service providers for the performance of any contract we enter into with them. If necessary or legally required we may disclose your personal data to public and government authorities, including public and government authorities outside your country of residence.
International Transfers of Data	Amadeus may share your personal data with its affiliates and third-party service providers, this may involve transferring personal data outside the European Economic Area. When personal data is transferred to a third country, it will continue to receive adequate protection through contractual or other arrangements put in place with Amadeus´ affiliates and third-party service providers.
Retention Period	Amadeus retains personal data for as long as necessary to fulfil the purposes it was collected for, including for the purposes of satisfying any legal requirements.
Your rights	You have the right to access, rectification, erasure, to object to and/or to restrict processing of personal information and the right to lodge a complaint with a supervisory authority (Spanish Data Protection Authority). You may exercise your rights via e-mail: dataprotection@amadeus.com or by sending your request to our registered office at Calle Salvador de Madariaga, 1, 28027 Madrid (Spain).
Additional information	More information about privacy and data protection is available below.

Data Controller

AMADEUS IT GROUP, S.A. with registered office at Calle Salvador de Madariaga, 1, 28027 Madrid (Spain) (“Amadeus” “we” or “us”) will be the data controller and entity responsible for processing your personal data included in travel information processed within the Amadeus Global Distribution System (“Amadeus GDS”) on a global scale.

For the purposes of this Notice, a “data controller” is the legal person that determines the purposes and means of the processing of personal data. Other entities may also process the data on behalf of the data controller, these will be the “data processors”.

One of the main purposes for which Amadeus process personal data is the “management of the GDS System”. A Global Distribution System consists of a system that enables live reservations used by entities of the travel sector such as airlines, hotels, travel agents, etc. (“Amadeus GDS Users”). The GDS discloses, among others, product, price and availability data in order to facilitate the execution of automated transactions. Amadeus is the company providing the “reservation tool” to Amadeus GDS Users.

In this context, “personal data” is any data that is related to you and that identifies you either directly or indirectly (for instance, ID number, date of birth, location data, billing information, etc.).

Also, throughout this Notice, the term “minor” will be understood as a person conceived as such from a data protection perspective. Minors will always be children younger than 14 years old. However, depending on the local laws this threshold can rise up to children under 16 years of age.

Where does Amadeus obtain travellers’ personal data from?

In line with the above, Amadeus GDS Users are the ones that collect personal data from you (the traveller) and input this information into the Amadeus GDS in order to carry out the pertinent reservations. Therefore, Amadeus receives the data included in the GDS from these entities. See below the categories of data we process and received for the purposes described in this Notice.

For which purposes do we process travellers’ data and on which legal basis do we rely on?

This Privacy Statement (“Notice”) is applicable to all your personal data processed by Amadeus for the purposes of managing the Amadeus GDS and any processing thereafter. This Notice does not address the collection, use, or disclosure of information through any other means other than the Amadeus GDS. This Notice does not apply to the personal data that Amadeus may process about you for other purposes such as through websites or regarding services not related to the Amadeus GDS. If you are interested in learning more about other processing activities, please follow thislink .

This Notice is also independent of notices that Amadeus GDS Users may provide travellers.

Personal information Amadeus GDS Users share with us about you will be used, transferred and disclosed (if applicable) (“processed”) as permitted by local law, to:

Purpose	Legal Basis
Manage the Amadeus GDS. That is, providing access to Amadeus GDS Users to enable travel reservations; and to issue tickets and other travel related documents. Strictly for this purpose, we share personal data with Amadeus affiliates (within the Amadeus group of companies), who may be in any location around the world. A link to the complete list of Amadeus affiliates and their locations can be found here .	The performance of a contract to which you (as a traveller) are a party with Amadeus GDS User (for instance, your travel agency).
Conducting data analysis, audits, statistics, developing new products, improving our services, and identifying usage trends.	Amadeus’ legitimate interest of understanding better our services and improving them, identifying usage trends and developing new products.
Anonymizaition and aggregation process in order to use data for analytical purposes. Aggregated data which cannot be used to identify travellers may be shared by Amadeus with third parties.	Amadeus' legitimate interest for research, analytical and statistical activities for the purposes of improving our services, identifying usage trends and developing new products.
Interact with public and government authorities, including public and government authorities outside your country of residence when required by law or to defend Amadeus rights.	Comply with legal obligations to which Amadeus is subject.
Detecting, preventing and otherwise addressing fraudulent activities.	Our legitimate interest to ensure security of the services.
Disclose data to third parties in the event of a reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets or stock (including without limitation in connection with any bankruptcy or similar proceedings).	Amadeus’ legitimate interest to managing the company’s structure and ownership including its dissolution.
Disclosing personal data with local authorities and counsels or advisors, if necessary, to enforce our terms and conditions; to protect our operations or those of any of our affiliates; protect our rights, respond to requests from public and government authorities, including public and government authorities outside your country of residence; privacy, safety, property, and/or that of our affiliates you, or others; and permit us to pursue available remedies or limit the damages that we may sustain.	Where not mandatory to meet legal obligations (i.e., responding courts and competent authorities), our legitimate interest to exercise our rights including the rights to protect our business and defend our position.

When processing travel reservations, Amadeus will process preferences or special requests which may be considered as special categories of data such as health data or information on religious / ideological beliefs. This is the case, for instance, when someone requires traveling assistance due to a physical disability and such information is provided by the traveller. In relation to some health data (e.g., physical disabilities), we process it in compliance with legal obligations to which we are subject, and based on the public interest to meet such requests in accordance with the law. Otherwise, we will, through Amadeus GDS Users, requests your explicit consent.

Where the processing of your data is based on the legitimate interest, we will carry out a balancing test (available upon request) to ensure that our legitimate interests are not overridden by your rights and freedoms. Although travellers cannot be identified from anonymized and aggregated data, you may object to such processing of your personal data by requesting it through the contact information included in the “Your Rights” and “Contacting Us” section.

What Information do Amadeus GDS Users share about travellers?

Personal data required by the Amadeus GDS User to enable the reservation and its input in the PNR (Passenger Name Record) of the Amadeus GDS. This always includes the name of the traveller, the itinerary and the form of payment.

In addition, the Amadeus GDS User may require and/or collect other personal data to complete the reservation such as contact details (email, telephone number or address), billing data, date of birth or special service requests.

Traveller’s personal data may be shared with the following entities

Amadeus shares personal data with:

Amadeus GDS Users who can also share personal data with third parties that are considered reliable from the perspective of data protection. As a general principle, information about you (the traveller) is only shared with the parties involved in the agreement Amadeus signs with Amadeus GDS User and with other entities from the industry (for instance, the International Airport Transport Association) as necessary to perform the contracts (which serve as the legal basis of the data sharing) that Amadeus GDS Users have entered into with you (the traveller).

To better understand how personal data is processed and shared when processing a travel reservation, you can also refer to the relevant privacy notices of Amadeus GDS Users involved in the provision of the travel reservation.

Agents, suppliers, subcontractors, and service providers for the performance of any contract we enter into with them and which process the personal data on our behalf as processors.
Local authorities.

Where such disclosures take place Amadeus requires recipients to apply the appropriate technical and organizational security measures to protect personal data, and for personal data to be processed lawfully. Amadeus only allows affiliates and third-party service providers to use personal data for specified purposes and in accordance with Amadeus’ instructions.

Do we send travellers’ personal data outside the European Economic Area?

Due to the global nature of the travel industry, personal data may be transferred to and processed by Amadeus GDS Users in different locations around the world. These transfers will be conducted as needed for the performance of a contract between you (the traveller) and the Amadeus GDS User.

Also, when Amadeus shares your personal data with Amadeus affiliates and third-party service providers who process personal data on behalf of Amadeus, this may involve transferring personal data outside the European Economic Area (“EEA”).

When personal data is transferred to a country outside the EEA, Amadeus will ensure that the entities receiving such data will continue to apply the same level of protection as the one in the EEA. For these transfers, at least one of the following appropriate safeguards will be implemented:

Personal data will be transferred to countries that have been deemed to provide anadequate level of protection for personal data by the European Commission;
Standard contractual clauses as approved by the European Commission which, together with supplementary measures, will ensure personal data transferred will retain the same protection it has in EEA; or
Any other lawful transfer mechanism as foreseen in applicable laws and/or as approved by the European Commission or relevant Data Protection Authority

Further information on the appropriate safeguards used when transferring personal data outside the EEA can be requested through the contact details set out below in the section “Your rights” and “Contacting Us”. When requesting this information please make specific reference to the transfer of personal data outside the EEA.

For how long do we keep travellers’ personal data?

Amadeus retains personal data for as long as necessary to fulfil the purposes above.

The default retention period for a PNR is five (5) years from when it becomes inactive. PNRs are active as long as a segment in the PNR is active (the related service is still pending). After the completion of the last segment of the PNR, the PNR is archived, and access to the PNR is restricted. After a period of five (5) years the PNRs are deleted..

Security and Integrity of Personal Information

We use reasonable organizational, technical and administrative measures to protect personal data under our control, including but not limited to measures to protect personal data from loss or unlawful processing.

When personal data is processed on behalf of Amadeus, access is provided only to those who have a business need to know and to the information strictly needed to perform the pertinent task or service. Personal data will be processed in accordance with the instructions of Amadeus and those who have access will be subject to a duty of confidentiality.

Amadeus has procedures in place to deal with any suspected personal data breach and will notify travellers and any applicable regulator of a breach where they are legally required to do so. A data breach is an incident that leads to the unauthorised destruction, modification, loss or disclosure of your personal data.

Your rights

Under data protection laws, you may exercise your rights of:

Access. This means that you can ask us to confirm whether we are processing your data or not, and ask for a copy of your personal data. You can also ask for information on how we process your data such as which data is processed about you, who it is shared with and how it is used.
Erasure. This means you will be able to ask us to delete your data where it is no longer required for the purposes they were received; or where we should have already deleted them.
Objection. This means that you can ask us not to process your data in certain situations, for instance, when we use your data to fulfil our legitimate interests.
Rectification. This means that you can ask us to modify or change certain data about you if it is not accurate or complete.
Data portability. This means you can ask for a portable copy of your data in a structured way and for the same to be easily shared with another controller upon your request.
Restriction of the processing. This means you can limit the processing of your personal data in certain circumstances.
You, or your parents / legal guardians in case of minors under 14, can also withdraw the consent you have granted for a specific purpose at any time.

All of these rights can be exercised by sending a request to Amadeus via email: dataprotection@amadeus.com or by sending your request to the registered office at Salvador de Madariaga, 1, 28027, (Madrid).

Lastly, although Amadeus intends to carefully address any request and/or claim from you, as well as carefully process your personal data, you are entitled to file any claim or complaint before the applicable data protection authority including to the Spanish Data Protection Authority (AEPD). You can find their contact detailshere .

Your rights

If you have any questions regarding this Notice, please contact us atdataprotection@amadeus.com .

Additional Privacy Disclosures for the United States California and Nevada

If you are a California or Nevada (United States) resident, please see our Additional Privacy Disclosures for the United States California and Nevadahere , which is incorporated by reference into this Notice.

Para residentes nos Estados Unidos:

Por favor, consulte o nossoAviso Suplementar de Privacidade dos Estados Unidos,onde encontrará informações adicionais aplicáveis a pessoas residentes nos Estados Unidos.