Introduction
This website is operated by Gotogate, Inc. which is part of the Etraveli Group. The companies within the Etraveli Group handle a variety of personal data, such as names, email addresses and other travel related information in their daily businesses. Therefore, we take data security and adherence to data protection legislation very seriously. This privacy policy explains how we collect, store, use and disclose any personal data we collect about you when you use this website, as well as how we protect the privacy and confidentiality of your personal information. Your privacy matters to us so whether you are new to our service or a long-time user, please do take the time to get to know our practices – and contact us if you have any questions.
Etraveli Group AB, reg. no. 556584-4684 (“we”, “us” or “our”) is the so-called “data controller” of your personal data and is therefore responsible for the lawfulness of what we do with your personal data.
The personal data we collect
Generally, the type of personal data we collect is the information that we need to enable you to make your travel arrangements and bookings. This includes information such as your first and last name, date of birth, telephone number and email address. The personal data we must receive to provide you with the travel arrangement you booked via our websites is the only data that is mandatory to provide. Depending on the kind of travel services you use, we may also collect your frequent flyer number, information about your dietary requirements and health issues (if any), and other details which are relevant to your travel arrangements or which are required by another travel service provider (such as airlines and hotels). This is not an exhaustive list. Should you call our support, we will collect the data you provide during the phone call. As you can see below, our cookies also collect some information.
If you make a reservation for someone else through our website, we will request personal data about that individual. In those circumstances, we rely on you to advise those individuals about this privacy policy.
The sensitive personal data we collect
In some cases, we may handle so-called “special categories of personal data” about you, which may be considered sensitive. This would be the case, for example, if you (i) have submitted a medical certificate for use of a cancellation protection or a refund from an airline (ii) have a medical or health condition affecting your trip and for which you request assistance or where certain clearance is needed, or (iii) have made a request revealing some other sensitive personal data about you.
Before we handle sensitive personal data about you, we require your consent to do so. We therefore ask you to use the dedicated contact forms on our websites for submitting any sensitive data. The contact forms enable you to give us the consent required under applicable data protection legislation. Such consent may of course be withdrawn at any time. We will not handle any sensitive personal data that we are not permitted by you to handle, or that you have not provided us with. A limited amount of our personnel will have access to your sensitive personal data, and after handling your sensitive data in accordance with your request, we will erase the data as soon as possible.
What we do with your personal data
To be allowed to handle your personal data, the applicable data protection legislations obligate us to have a so-called “legal basis” for each of our purposes to process your personal data. For this reason, we have drafted the below table to show our legal basis for each of our purposes.
Record phone calls for quality assurance purposes and for any future requests or inquiries by you. | Our legitimate interest to (i) improve our service through internal education, and where applicable (ii) solve your potential requests or claims. If you do not want the phone call to be recorded, you may object to such recording before the recording starts. | 6 months from the date of the phone call. Only a limited number of persons have access to your recording. |
Use of cookies to for example improve the usability of this website, provision of a personalized experience and for collecting usage statistics. We also use session cookies to improve the security of this website | Our legitimate interest to (i) improve our website, (ii) show you offers of interest to you, and (iii) have a secure service offering and website. If you don’t want us to store cookies on your computer, you may change the settings in your browser at any time. | Depending on the type of cookie. See below for more detailed storage times. |
In addition to the above, we undertake such day-to-day measures that are necessary for businesses providing services to consumers, such as bookkeeping, accounting, billing, fulfilling anti-money laundering obligations and maintaining our website security. To the extent this is not mandatory under applicable laws, we undertake these measures based on our legitimate interest. We may also analyze our customers’ behavior in order to improve our websites and services on a general level. However, such analysis will use generalized or anonymized data on an aggregated level.
Sharing your personal data
We will only share your personal data where necessary for the purposes listed in this privacy policy. This may be to other companies within the Etraveli Group, government authorities and our trusted business partners. For example we may share your personal data (including sensitive personal data when applicable) with business partners such as airlines, hotel providers, insurance companies and Global Distribution Systems (so-called GDSs) to enable your travel arrangements and bookings.
Each partner is responsible for its own handling of your personal data after it has received it from us, meaning that you must contact the partner in question for any requests related to your rights under applicable data protection legislation. We recommend that you read the partners’ respective privacy policies for information on their handling of your personal data.
We will also share your personal data with other companies (so-called “data processors”) needed to deliver the services you requested, such as service providers running our call centers and our other suppliers and vendors that will handle your personal data when providing their services to us (for example external storage).
Due to the global nature of the travel industry, your personal data may be processed in different locations around the world when the parties we share your personal data with reside in a country outside the EU/EEA. Our sharing of personal data outside the EU/EEA requires certain legal ground under applicable data protection legislation. Where a country is regarded by the European Commission to be a country with adequate level of protection for personal data, this will be our legal ground. Otherwise there are three main types of legal ground on which that we may base such sharing. These are:
- that the transfer is necessary for our performance of the contract with you (for example when you have booked a flight with an airline residing outside the EU/EEA);
- that the transfer will be based on the standard data protection clauses for transfer of personal data to countries outside of the EU/EEA adopted by the European Commission (a copy of these standard data protection clauses can be found at http://ec.europa.eu/justice/data-protection/international-transfers/transfer/); and
- the EU-U.S. Privacy Shield, where the transfer is made to the United States and the recipient is duly certified.
Third party providers
Please note that our website contains links to other websites and serves content from third-party providers. This privacy policy only applies to our website and our services. When you follow links to other websites, or use third-party services and products, you should read their privacy policies. Also, if you choose to contact us via social media, this privacy policy does not apply to any personal data submitted by you as part of such contact – in such case, we recommend that you read the privacy policy of such social media provider.
Your rights
According to the applicable data protection legislation, you have certain rights as a so-called “data subject”. Below, we have listed your rights. Your rights include the following:
- Right to access – You are entitled to access the personal data that we handle. You are also entitled to receive certain information about what we do with the personal data. Such information is provided in this document.
- Right to rectification – Under certain circumstances, you are entitled to correct inaccurate personal data concerning you and to have incomplete personal data completed. Please note that we might not be able to correct inaccurate personal data provided by you due to e.g. the airlines rules, and that such particular change may incur a cost.
- Right to erasure – Under certain circumstances, you are entitled to have your personal data erased. This is the so-called “right to be forgotten”.
- Right to restriction of processing – Under certain circumstances, you are entitled to restrict how we use your personal data.
- Right to data portability – You are entitled to receive your personal data (or have your personal data directly transmitted to another data controller) in a structured, commonly used and machine-readable format from us.
- Right to object – You are entitled to object to certain types of handling of personal data that we carry out. This applies to all our activities that are based on our “legitimate interest”.
Finally, you also have the right to lodge a complaint with the applicable data protection supervisory authority.
Cookies
A cookie is a small text file that is stored on your computer, some only until you close down your browser (so-called “session cookies”) and some for an extended period of time (so-called “permanent cookies”). If you do not wish to allow storage of cookies on your computer, you can change the settings in your browser. Note however that in a few cases some of our website features may not function properly and some content may not be displayed correctly as a result.
This website uses cookies for a number of reasons, including for provision of a personalized experience, for improving the usability of this website and for collecting usage statistics. We also use session cookies to improve the security of this website.
In some cases when using cookies, we share data with third parties. For example, we use Google Analytics and Google AdWords, services which transmits website traffic data to Google servers. Google Analytics does not identify individual users and does not associate your IP address with any other data held by Google. We use reports provided by Google to help us understand website traffic and webpage usage and optimize advertisements bought from Googles own and other advertising network. Google may process the data in the manner described in Google’s Privacy Policy and for the purposes set out above in this section. You can opt out of Google Analytics if you disable or refuse the cookie, disable JavaScript, or use the opt-out service provided by Google. To opt out of advertising features from Google use this link.
Our website also uses Facebook pixel, which collects anonymized aggregated data that helps us with optimization of ad purchases on Facebooks different platforms (including Instagram). Facebook collects a user id that will allow them to match if a user has visited a site with the Facebook pixel. We as advertisers can however never identify the behavior of a specific user. Facebook and its related platforms are in a closed advertising ecosystem where their users can regulate if they consent to advertisers using data collected from their websites to purchase ads on Facebook. To view and change your advertising settings on Facebook use this link.
Further, our website uses conversion tracking scripts and cookies from Microsoft Bing, TripAdvisor (you can view their privacy policies by following the links). All these services collect aggregated statistical data that helps us optimize purchases of advertisements. We as advertisers cannot identify a single user using this data. You can turn of the use of cookies in your browser settings.
To be transparent, we have summarized the cookies used on this website here.
For further information about cookies visit www.youronlinechoices.com.
Data security
In order to keep your personal data secure, we have implemented a number of technical and organizational security measures. For example, we maintain high levels of technical security in all systems (including traceability, disaster recovery, access limitations etc.). In addition, we have adopted policies to ensure that our employees (which of course are subject to confidentiality obligations) do not use personal data when it is not necessary. Such policies also set out our standards for when we contract suppliers or introduce new IT systems within our operations.
Preference Center
Here is the link to your personal preference center.
How to contact us
If you have any questions relating to our handling of your personal data or our use of cookies, or if you would like to invoke any of your rights under applicable data protection legislation, please send an email to: privacy@etraveligroup.com or use the following details:
Etraveli Group AB
Attn: Privacy Manager
P.O Box 1340
751 43 Uppsala
Sweden
Changes to the privacy policy
If we change how we handle your personal data or how we use cookies, we will promptly update this privacy policy and publish it on this website.