Last Updated: December 2021

Basic Information about processing of personal data

Travel Audience
Travel Audience GmbH (“Travel Audience”) operates a data-driven travel advertising platform. Our platform connects performance-oriented advertisers with our network of publishers, reaching millions of travelers.

Our data-driven travel advertising platform consists of three major components:

• Our network of publishers, which are third-party websites using Travel Audience services to publish online advertisements on their webpages
• Our network of data partners, which are third-party websites providing us with data allowing us to improve our advertisement services (‘’Data Partners’’); and
• Our own demand-side platform which allows us to provide end-to-end data-driven advertising solutions to advertisers.

What is the scope of this Privacy Notice?
This Travel Audience Product Privacy Notice (“Privacy Notice”) describes which information is collected and used in the context of digital advertising in general, as well as the information we and our partners may collect, receive, and use in connection with our Travel Audience products and services.

This Privacy Notice does not apply to information we may collect and use on our own website (wordpress-543093-4002560.cloudwaysapps.com). For further information on how we may process personal data through our website, please refer to our Website Privacy Notice located here: https://www.amadeus-hospitality.com/amadeus-hospitality-privacy-notice/

What is digital advertising?
Digital advertising, also called internet advertising, is used by businesses to leverage internet technologies in order to deliver promotional advertisements to consumers. Digital advertising includes promotional advertisements and messages delivered through email, social media networks, online advertising on search engines or in mobile apps, banner ads on mobile sites or websites, and website and affiliate programs.

How does digital advertising work and what information is being collected?

We and our partners use cookies, mobile device advertising identifiers, and other similar tracking solutions to help us collect and store information about the users of websites, social media networks, and mobile apps. This information is typically stored in the form of a user profile and connected to a series of characters that form a “User ID”, though this is not the name, explicit email address, or explicit phone number of an individual. As a result, we are not able – at least not without using additional information – to identify an individual natural person on the basis of a User ID. We are able to link a user to a specific browser or device he utilizes.

Cookies
Cookies are small files that can be stored on computers to contain or communicate certain information and are an essential part of the internet environment and digital advertising. For instance, cookies allow a website to automatically log users into an online service or provide users with personalized advertising. Cookies can be deleted at any time from users’ browsers via the browser settings (see: ‘Cookie Opt-Out’).

Mobile identifiers
Similarly, mobile device advertising identifiers can also be used to recognize a device and allow that user of that device to login automatically to an online service, as well as for other services and functionalities. Users can also reset the mobile device advertising identifier of their mobile device in the settings menu of their device, as also described below.

Universal Identifiers
A Universal Identifier (Universal ID) is an identifier that recognizes the user on different platforms like websites or mobile apps by using deterministic data (e.g., hashed email addresses) and probabilistic data (e.g., IP Addresses) collected in a first-party environment.

What information may be collected?
The technologies we and our partners use may collect the following information about online users and their activity, such as:

• Travel-related information, such as search queries and booking information on our partner websites (for example origin, destination, number of passengers, hotel stars, duration, booking values and solely in a pseudonymized format we may process: email addresses, mobile phone numbers, frequent flyer card numbers, passenger name records and record locator (the “Other Pseudonymized Identifiers”)) and other similar information relating to the use of websites and mobile applications of our partners;
• Device and browser information, such as information relating to a mobile device or a browser (e.g. browser version, hardware model, operation system version and mobile network information);
• Location-based information, such as approximate location information which we or our partners may infer if we are legally allowed to do so from information such as an IP address or GPS data or other online location-based information on which we or our partners sometimes rely on for the quality of our services; and
• Browsing history, such as information regarding which websites or mobile apps users have visited or used.

Most of the data is inferred from the users’ browsing activity thanks to the usage of cookies, mobile identifiers, and other tracking technologies. In some cases, we enrich such data with universal identifiers provided by third party suppliers.

For what purpose is the data used?
The data collected via our and our partners’ products and services are used for the purpose of improving the targeted advertisements services. This means the information we and our partners collect and receive is used to:

• Display personalized advertising that we believe is of real interest to the users;
• Settle accounts with our partners for advertising campaigns using our services;
• Analyze and improve our services (including for instance through cross-device/cross-browser matching; viewability measurements; brand safety features; fraud detection; creation of audiences that may be made available to customers on an anonymous basis; and
• Analyze the effect of our partners’ advertising campaigns. Depending on the customer, we may also place our advertiser pixel on their web properties to collect data for the purpose of campaign optimization for advertisers.

Data Partners and 3rd party technology partners will be responsible for giving any relevant privacy notices, obtaining consents, and informing end-user about how they will process and to which third parties they will share end-user personal data.

We may also use this data in aggregated and anonymized form for the purposes of machine learning. Furthermore, to the extent permitted by law, we may connect different data sources we collect (from our partners or affiliates) to enhance user profiles so that we may show the most relevant advertising to the user. Through these user profiles, we cannot identify a natural person – without additional information – through the information collected and used by us.

What is the legal basis for processing personal data?
The legal basis for processing the data is for the aforementioned purposes:

• The user has given their consent or
• Travel Audience’s legitimate business interest

Who is the personal data shared with?
We do not share the collected information with third parties other than as described below:

Where we are legally allowed to do so, information may be mutually shared with other companies within the Amadeus Group, which likewise only use the data for the purposes described herein.

• Social Advertising: We may use social advertising platforms to reach users on these platforms to deliver personalized ads. In these cases, the privacy terms of these social advertising platforms are relevant for the user regarding the use of the information by such platforms.
• Supply Side Platforms (SSPs): We work with SSPs and might share cookie information with them. In this case we use a tracking script of these SSPs so they can set a cookie and provide us with bid requests for these relevant users.
• Demand Side Platforms (DSPs): We also work with and may push information into third party DSP like Google Display & Video 360, Pocketmath or others.
• Technology partners which allow us to improve the quality of our services for purposes like cross-device tracking, dynamic creative technology or enrichment (of our database) with public statistical information.
• Universal identifier partners:  We collaborate with ID5, with whom we share some of the abovementioned information we obtain from users to create universal identifiers through the ID5 Identity Cloud solution. ID5 may use the data for their purposes as they list on their product privacy policy.
  More info in the following link:  https://id5.io/platform-privacy-policy/
• Paid Search: We may use search channel platforms to reach users and deliver personalised ads. In these case, the privacy terms of these paid search platforms are relevant for the user regarding the use of the information by such platforms

Travel Audience is also a member of the Interactive Advertising Bureau (“IAB”), an international organization participating in the establishment of standards for the advertising industry. As such, Travel Audience also abides by the IAB guidelines on conduct which are available at: https://www.iab.com/guidelines/.

Please also note that Travel Audience’s subcontractors and/or its partners may store data collected outside of the European Economic Area (“EEA”). In such cases, Travel Audience ensures that such transfers are done in compliance with privacy regulations through the use of EU Model Clauses, where applicable.

International Data Transfer
For the provision of the services to its customers, Travel Audience may perform international transfers of personal data to different countries other than where the personal data was collected or the country of residence of a user. In such event, Travel Audience undertakes to carry such international transfers in accordance with applicable Data Protection Laws as well as undertaking actions to establish appropriate safeguards for the users’ personal data.

For personal data subject to the GDPR, Travel Audience ensures that there is a proper legal mechanism in place to allow international personal data transfers outside the European Economic Area (EEA), including the execution of EU Standard Contractual Clauses with those third parties located outside the EEA or to countries that provide an equivalent level of protection as in the EEA (e.g., adequacy decision issued by the European Commission). As part of its global business model, Travel Audience deploys its technology by means of two DSPs located in the EU and the United States of America respectively, which communicate with each other and may entail international transfers of personal data. Such transfers are subject to compliance with data protection laws as described under this section and furthermore, Travel Audience has implemented additional security and privacy protections (e.g., encrypting the communications when we transfer such personal data and the implementation of pseudonymization techniques for certain types of data) to best safeguard the personal data of users.

What rights do users have concerning data collected as part of digital advertising?
Under certain circumstances, users can exercise rights, such as a right to access, erasure, object etc. under data protection laws. Users may exercise these rights relating to their own personal data or contact our Data Protection Officer for other data protection related questions via email at taprivacy@amadeus.com, or via mail at Elsenstraße 106, 12435 Berlin, Germany. Travel Audience will require authentication of the identity of the user and may require additional information to confirm that the rights that user traveler(s) may have under data protection laws are being exercised correctly. Furthermore, users have the automated capability to ensure that they do not receive display advertising personalized by us in the future, as detailed below.

How can a user ensure they do not receive personalized display advertising from Travel Audience?
Users can inform us that they no longer wish to receive the personalized advertising we provide by clicking the appropiate link below.

Opt-Out/Disable Cookies
Opt-In/Enable Cookies

Please keep in mind that to complete this request, we will set a cookie that contains information indicating that that user no longer wishes to receive personalized advertising by us through retargeting. When a user deactivates the acceptance of cookies in their browser, or when they delete their cookies, we will no longer be able to know that they do not want to allow retargeting. In this case, they will have to reactivate the icon above, thereby ensuring that the relevant cookie is stored. The same applies when a user uses a browser other than the one they are currently using.

Please also be aware that when using such opt-out, our tracker will no longer collect data from your browser, but other trackers may continue to do so. If you wish to opt-out of these cookies, you can delete the cookies on your browser as described in the section below, or you may opt-out of such cookies on the website of their original domain name. For reference, you can find below a list of the trackers that may be included in the use of our services, along with the links to opt-out of their data collection if you wish to do so.

YieldLab https://www.yieldlab.com/elements/privacy/
Rubicon https://rubiconproject.com/privacy/consumer-online-profile-and-opt-out/
Pubmatic https://pubmatic.com/legal/opt-out/
Improve Digital https://www.improvedigital.com/platform-privacy-policy/
Stroer (Adscale) https://www.stroeer.de/digitale-werbung/werbemedien/targeting-data/datenschutz.html
AppNexus https://about.ads.microsoft.com/en-us/solutions/xandr/platform-privacy-policy
Google https://tools.google.com/dlpage/optoutplugin/eula.html
BetweenX https://betweendigital.com/opt-out

Technology Partners:
ID5 https://id5-sync.com/privacy

Social Networks:
META https://www.facebook.com/privacy/policy/

Cookie Settings in the Browser
In order to prevent browser-based personalized advertising, users can change their cookie settings via their browser so that cookies are no longer stored. Details on how to do this can be found in the relevant browser’s settings, the specifics of which, can differ depending on the browser used. This will prevent the cookies needed for retargeting from being placed on a user’s computer.

Microsoft Internet Explorer https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies
Mozilla Firefox https://support.mozilla.org/en-US/kb/websites-say-cookies-are-blocked-unblock-them

Google Chrome https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DDesktop
Safari https://support.apple.com/guide/safari/manage-cookies-and-website-data-sfri11471/mac

For other browsers, or in case the displayed links do not lead to the desired result, further information will usually be found by entering the name and manufacturer of the browser and the terms “cookies” and “settings” in an Internet search engine.

Please note that certain website services which require the processing of cookies, such as certain shopping carts on ecommerce sites, may no longer function if cookies are blocked.

Opt-Out on Mobile Devices
An opt-out of cookies as described above regarding browser-based personalized advertising may not prevent personalized advertising on a user’s mobile device. In order to opt out of personalized mobile advertising, users can reset the mobile device advertising identifier of their mobile device in the settings menu of their device. More information on how to do this can be found here: https://www.networkadvertising.org/mobile-choices.

It must be noted that we may still display advertising to such users following their opt-out, but that the selection of such advertisement will no longer be based on data collected through tracking mechanisms.

Retention of personal data
We retain personal data for as long as necessary to fulfil the purposes it was collected for including for the purposes of satisfying any legal, accounting or reporting requirements.

We delete or anonymize personal data collected via our cookies after 13 months. Our cookies reset automatically if the expiration time of 13 months after the last touch point is reached or the user manually deletes the cookie. The Other Pseudonymized Identifiers that we process will be deleted or anonymized after a period of 24 months, if the user has not confirmed the ongoing processing.

Changes to our products and services
We may change our products and services or use new technologies. We will then publish an updated version of this Privacy Notice on our website as well as on other appropriate websites. We therefore recommend that you occasionally view the most recent version of the Privacy Notice on our website if you would like to know what information we record and how we use them.

Right to lodge a complaint at a supervisory authority
Irrespective of any other legal remedy under administrative law or in court you are entitled to the right to lodge a complaint at a supervisory authority, in particular in the member state of your habitual residence, your place of work or the place of the alleged infringement if you consider are of the opinion that the processing of the personal data relating to you breaches the GDPR.

The supervisory authority, at which the complaint was lodged, will inform the complainant about the status and the results of the complaint including the possibility of a legal remedy in court according to Art. 78 GDPR.

Contact us
If you wish to contact our Data Protection Officer (DPO), or have any questions relating to this Privacy Notice, or how we collect and use information with our products and services, you can contact us via email at taprivacy@amadeus.com, or via mail at Elsenstraße 106, 12435 Berlin, Germany.

Legal notice/Impressum
travel audience GmbH
Elsenstraße 106 – 12435 Berlin – Germany
T: +49 30 530 230 610
E: info@travelaudience.com

General Manager:
Arialdo Piatti (Managing Director)
Commercial Court: Berlin Charlottenburg
Commercial Registration Number: HRB 163796B
VAT-ID: DE 279 410 930