ZIENTRIP Group , reg. no. 556584-4684 (“we”, “us” or “our”) is the so-called “data controller” of your personal data and is therefore responsible for the lawfulness of what we do with your personal data.
Generally, the type of personal data we collect is the information that we need to enable you to make your travel arrangements and bookings. This includes information such as your first and last name, date of birth, telephone number and email address. The personal data we must receive to provide you with the travel arrangement you booked via our websites is the only data that is mandatory to provide. Depending on the kind of travel services you use, we may also collect your frequent flyer number, information about your dietary requirements and health issues (if any), and other details which are relevant to your travel arrangements or which are required by another travel service provider (such as airlines and hotels). This is not an exhaustive list. Should you call our support, we will collect the data you provide during the phone call. As you can see below, our cookies also collect some information.
In some cases, we may handle so-called “special categories of personal data” about you, which may be considered sensitive. This would be the case, for example, if you (i) have submitted a medical certificate for use of a cancellation protection or a refund from an airline (ii) have a medical or health condition affecting your trip and for which you request assistance or where certain clearance is needed, or (iii) have made a request revealing some other sensitive personal data about you.
Before we handle sensitive personal data about you, we require your consent to do so. We therefore ask you to use the dedicated contact forms on our websites for submitting any sensitive data. The contact forms enable you to give us the consent required under applicable data protection legislation. Such consent may of course be withdrawn at any time. We will not handle any sensitive personal data that we are not permitted by you to handle, or that you have not provided us with. A limited amount of our personnel will have access to your sensitive personal data, and after handling your sensitive data in accordance with your request, we will erase the data as soon as possible.
To be allowed to handle your personal data, the applicable data protection legislations obligate us to have a so-called “legal basis” for each of our purposes to process your personal data. For this reason, we have drafted the below table to show our legal basis for each of our purposes.
|What we do (our purposes with handling your personal data)||Our legal basis||Storage time|
|Enable the travel arrangements and bookings you have requested from us (i.e. booking of travel services mediated by us, as well as provision of our own services).||Performance of our contract with you. Where you have provided us with sensitive personal data, consent is the legal basis.||3 years from the date of purchase. Consent for sensitive personal data may be withdrawn at any time.|
|If you have chosen to create a user account on our website, we will make such account available to you. The account includes access to information on your previous travel arrangements and bookings. We will also store your username and password.||Performance of our contract with you.||Your user account data, as well as personal information related to your previous travel arrangements and bookings, will be stored until you decide to cancel your user account via our website. However, if you have not logged into your user account for 24 months, we will erase such account and information within it provided that we don’t have another legal basis for storage.|
|If you have commenced a booking process, but not completed the purchase, we may send you an email with a link back to the search result, or to the commenced booking, depending on at which point your booking process on the website was discontinued.||Our legitimate interest to conduct business and enable you to complete your purchase without having to fill out all information once more. If you do not want these emails, you may opt-out at any time within the email.||24 hours from the time you left the booking process.|
|Before your travel arrangement commences, we will provide you with additional information and offers related to your specific travel arrangement, such as possible add-ons like extra baggage and other information of use for your travel. Some of the information is based on profiling carried out on the information you have provided over the course of the booking process (for example the date(s) you are traveling, your destination etc.).||Our legitimate interest to offer you a more convenient travel, and to enable you to easily find more information of relevance to you. If you do not want this information, you may opt-out at any time within the email.||No longer than until your travel arrangement commences. Other similar processing may continue in accordance with the purposes set out below.|
|After your travel arrangement, we may provide you with our newsletter containing recommendations on other travel arrangements and travel related products and services that might be of interest to you. Some of the recommendations are based on profiling on your previous choices when booking a trip and your behavior in relation to our emails.||Our legitimate interest to conduct business and allow you to make travel arrangements of interest to you. If you do not want these emails, you may opt-out at any time within the email or on our website. Also, before you finalize a purchase, you may object to receiving the newsletter.||3 years from the date of purchase.|
|Record phone calls for quality assurance purposes and for any future requests or inquiries by you.||Our legitimate interest to (i) improve our service through internal education, and where applicable (ii) solve your potential requests or claims. If you do not want the phone call to be recorded, you may object to such recording before the recording starts.||6 months from the date of the phone call. Only a limited number of persons have access to your recording.|
In addition to the above, we undertake such day-to-day measures that are necessary for businesses providing services to consumers, such as bookkeeping, accounting, billing, fulfilling anti-money laundering obligations and maintaining our website security. To the extent this is not mandatory under applicable laws, we undertake these measures based on our legitimate interest. We may also analyze our customers’ behavior in order to improve our websites and services on a general level. However, such analysis will use generalized or anonymized data on an aggregated level.
Each partner is responsible for its own handling of your personal data after it has received it from us, meaning that you must contact the partner in question for any requests related to your rights under applicable data protection legislation. We recommend that you read the partners’ respective privacy policies for information on their handling of your personal data.
We will also share your personal data with other companies (so-called “data processors”) needed to deliver the services you requested, such as service providers running our call centers and our other suppliers and vendors that will handle your personal data when providing their services to us (for example external storage).
Due to the global nature of the travel industry, your personal data may be processed in different locations around the world when the parties we share your personal data with reside in a country outside the EU/EEA. Our sharing of personal data outside the EU/EEA requires certain legal ground under applicable data protection legislation. Where a country is regarded by the European Commission to be a country with adequate level of protection for personal data, this will be our legal ground. Otherwise there are three main types of legal ground on which that we may base such sharing. These are:
According to the applicable data protection legislation, you have certain rights as a so-called “data subject”. Below, we have listed your rights. Your rights include the following:
Finally, you also have the right to lodge a complaint with the applicable data protection supervisory authority.
A cookie is a small text file that is stored on your computer, some only until you close down your browser (so-called “session cookies”) and some for an extended period of time (so-called “permanent cookies”). If you do not wish to allow storage of cookies on your computer, you can change the settings in your browser. Note however that in a few cases some of our website features may not function properly and some content may not be displayed correctly as a result.
Our website also uses Facebook pixel, which collects anonymized aggregated data that helps us with optimization of ad purchases on Facebooks different platforms (including Instagram). Facebook collects a user id that will allow them to match if a user has visited a site with the Facebook pixel. We as advertisers can however never identify the behavior of a specific user. Facebook and its related platforms are in a closed advertising ecosystem where their users can regulate if they consent to advertisers using data collected from their websites to purchase ads on Facebook. To view and change your advertising settings on Facebook use this link.
In order to keep your personal data secure, we have implemented a number of technical and organizational security measures. For example, we maintain high levels of technical security in all systems (including traceability, disaster recovery, access limitations etc.). In addition, we have adopted policies to ensure that our employees (which of course are subject to confidentiality obligations) do not use personal data when it is not necessary. Such policies also set out our standards for when we contract suppliers or introduce new IT systems within our operations.