This Amadeus Hospitality Website Privacy Notice (“Privacy Notice”) describes how the Hospitality Division of Amadeus (“Amadeus Hospitality”) collects and processes personal data provided by you to the Amadeus Hospitality website (amadeus-hospitality.com) (“WebSite”).  This Privacy Notice does not apply to personal data that may be collected or processed by Amadeus Hospitality for other purposes, such as Amadeus Hospitality HR; or recruitment services; or guest personal data included in Amadeus Hospitality products. Where personal data is collected for other purposes and if applicable, the relevant privacy notice will be provided explaining the purpose for which the personal data is being processed.

This Privacy Notice applies to personal data Amadeus Hospitality processes that relates to personal data provided by you to Amadeus Hospitality via its Website.  Processing of other personal data may be subject to agreements between you and Amadeus Hospitality.  Other information that is not personal data will be processed in accordance with the other contractual agreements between you and Amadeus Hospitality.  This Privacy Notice should be read together with other privacy notices that may be provided and if applicable on specific occasions when personal data is collected or processed.  This Privacy Notice supplements other privacy notices and is not intended to override them.

Who is processing the personal data?

Amadeus Hospitality is made up of different legal entities that are all under the control of Amadeus IT Group S.A.  This Privacy Notice is issued on behalf of Amadeus Hospitality.  Amadeus Hospitality is the data controller of the personal data.

Amadeus Hospitality has a Chief Privacy Officer who is responsible for overseeing questions in relation to this Privacy Notice. If you have any questions about this Privacy Notice, including any requests to exercise your legal rights as described below, please contact the Chief Privacy Officer using the details set out below.

What personal data is processed and how is this personal data collected?
Personal Data means information about an identified or identifiable individual.  It does not include information where an individual cannot be identified e.g. non-personal or aggregated data.

Amadeus Hospitality processes personal data that is collected from individuals and personal data that is provided to Amadeus Hospitality through its WebSite.

Amadeus Hospitality processes different kinds of personal data that can be grouped together as follows:

• Identity Data – includes name, user name or other identifier;
• Contact Data – includes address, email address and telephone  number;
• Technical data – includes IP address;  login data; browsing actions and patterns
• Commercial/Usage data – includes information about how Amadeus Hospitality products and services are used;
• Profile data – includes information about interests, preferences, feedback and survey responses
• Marketing  and communications data – includes preferences for receiving marketing from Amadeus Hospitality and communication preferences;

What is the Personal Data used for and what is the legal basis for processing

Amadeus Hospitality uses the personal data to provide services that you have requested for marketing and communication personal data is used to personalize the content of communications;

The legal basis for processing personal data is

• the processing is necessary for the performance of a contract that Amadeus Hospitality has or is about to enter into with you; or
• where the processing of personal data is necessary for Amadeus Hospitality legitimate business interests;   Where personal data is processed for legitimate interests, the privacy impact on the individual whose data is being processed will be considered.

Who is the personal data shared with

Amadeus Hospitality may share personal data with its affiliates, agents and third party service providers such as suppliers of information technology services, security services and legal, financial/accounting and other similar professional advisers.

Amadeus Hospitality may also share personal data with third parties, if Amadeus Hospitality chooses to sell, transfer, or merge parts of the business or assets.  If there is a change of control of the business those who purchase the business or part of may use personal data in the same way as set out under this Privacy Notice.

Where such disclosure takes place Amadeus Hospitality requires the appropriate technical and organizational security measures to be in place to protect personal data and for personal data to be processed lawfully.

Amadeus Hospitality only allows affiliates and third party service providers to process personal data on behalf of Amadeus Hospitality for specified purposes and in accordance with Amadeus Hospitality instructions.

Further information on the affiliates and third party service providers that Amadeus Hospitality uses to process personal data on their behalf can be requested through the contact details set out below in the section legal rights.  When requesting this information please make a reference to information about affiliates and third party service providers so that the relevant information can be provided.

Amadeus Hospitality may also disclose personal data as required by law, subpoena, or regulation; when requested by government or law enforcement authorities or as otherwise required or permitted by law.

International Transfer of Traveler Personal Data

When Amadeus Hospitality shares your personal data with its affiliates and third party service providers who process personal data on behalf of Amadeus Hospitality this will involve transferring personal data outside the EEA.  When personal data is transferred to another country it will continue to receive adequate protection through contractual or other arrangements put in place with affiliates and third party service providers.  For these transfers at least one of the following appropriate safeguards will be implemented;

Personal data will be transferred to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission;
Standard data protection clauses approved by the European Commission which give personal data transferred the same protection it has in EEA;
With affiliates and third party service providers based in the US, Privacy Shield which gives personal data similar protection it has in EEA;
Further information on the appropriate safeguards used when transferring personal data outside the EEA can be requested through the contact details set out below in the section legal rights.  When requesting this information please make a reference to the transfer of personal data outside the EEA.

Data Security and Integrity

Amadeus Hospitality has taken the appropriate technical and organizational security measures to protect personal data from loss or unlawful processing. When Personal Data is processed on behalf of Amadeus Hospitality access is limited to those who have a business need to know, Personal Data will be processed in accordance with the instructions of Amadeus Hospitality and those who have access are subject to a duty of confidentiality.

Amadeus Hospitality shall have in place procedures to deal with any suspected personal data breach and will notify individuals and any applicable regulator of a breach where they are legally required to do so.

Data Retention

Amadeus Hospitality retains personal data for as long as necessary to fulfil the purposes it was collected for including for the purposes of satisfying any legal, accounting or reporting requirements.

Details of retention periods for different kinds of personal data can be found in specific privacy notices or are available upon request through the contact details below.

Legal rights

Under certain circumstances individuals can exercise rights under data protection laws. Individuals can exercise these rights relating to their own personal data, or contact Amadeus Hospitality for data protection related questions, by mail to:

Chief Privacy Officer,

3470 NW 82nd Ave #1000

Doral, Florida, 33122

United States of America

For the following rights please make a reference to the following in the request:

• Right to access– request for access to personal data –
• Right to information
  • Amadeus Hospitality affiliates and third party service  providers who process personal  data on behalf of Amadeus Hospitality;
  • transfers to third countries – information about data transfers outside EEA;
• Right to information– about retention periods of personal data;

Amadeus Hospitality will require authentication of the identity of the individual to exercise rights under data protection laws and may require additional information to assist in responding to requests.

Your rights

Amadeus Hospitality intends to carefully address any request and/or claim from you, as well as carefully process personal data.  You are entitled to file any claim or complaint before the relevant data protection authorities, if the answer provided by Amadeus Hospitality does not meet your expectations.

Updates

This Privacy Notice is published by Amadeus Hospitality.  This Privacy Notice may be changed at any time. The date it was last updated is May 21, 2018.