隐私数据条款
Data Privacy Terms
更新于-2020年3月
Last updated - March 2020
I. 定义 Definition
旅行者数据(旅行者数据)指包含名字、姓氏、办公电话号码、电子邮箱和地址、紧急联系信息、支付卡信息、护照信息、航空预定编号和相关旅行信息,以及由客户指定旅行者(旅行者)的其他个人数据,并且作为“个人数据”,它们的使用、处理或传输受到相关数据保护和隐私法律或法规的监管。
Traveler data (Traveler Data) means information containing name, surname, business phone number, email and address, emergency contact information, payment card information, passport information, Passenger Name Record and related travel information and generally any other personal data of any traveller nominated by the Client (the Travelers), and whose use, processing or transfer is regulated by applicable data protection and privacy laws or regulations as “personal data”.
II. 地位与目的 Status and Purposes
为提供包括以下服务在内的商务旅行管理服务,CWT作为数据控制者(如欧洲数据保护和隐私法律法规,或当地相应的法律法规所定义)对旅行者数据进行处理:
CWT will process Traveler Data as Data Controller (as defined under European data protection and privacy laws or regulations, or local equivalent) for the purposes of providing business travel management services including:
i. 直接向旅行供应商和/或通过诸如GDS或OBT的第三方技术预订旅行服务;
Booking travel services either directly with Travel Suppliers and/or through third party technology such as GDS or OBT;
ii. 签证申请协助;
Visa application assistance;
iii. 账务管理、账单和对账;
Account administration, billing and reconciliation;
iv. 旅行和费用报告包括费用最佳化;
Travel and expenses reporting including fee optimization;
v. 传达重要的旅游资讯,例如行程和安全提示,以及可能感兴趣的CWT产品和服务,包含客户满意度调查;
Communication of essential travel information such as itineraries and safety alerts, as well as CWT products and services that may be of interest including customer satisfaction surveys;
vi. 旅行数据统计和分析
Statistical travel summaries and analysis.
III. 获授权向供应商的披露 Authorized Disclosures to Suppliers
CWT可为上述目的,根据法律的强制性规定或者客户的要求,向经授权的服务供应商(包括GDS和旅行供应商)披露旅行者数据。
CWT may disclose Traveler Data to authorized service providers (including GDS, & Travel Suppliers) for the purposes defined above, in cases where the disclosure is required by law or when requested by Client.
此外,如果CWT聘请第三方数据处理商(处理商)为CWT,代表CWT并根据CWT的指示行动,CWT应确保这些处理商根据合同受到不低于本协议中规定的隐私数据标准和适用的数据保护和隐私的法律法规约束。
Furthermore, where CWT engages third-party data processors (the Processors) acting for, on behalf and upon its instructions, CWT shall ensure that these Processors are contractually bound to no less than the data privacy standards stated in this Agreement and applicable data protection and privacy laws and regulations.
IV. 个人权利 Individuals' Rights
旅行者如对旅客资料的处理和/或转移有任何疑问,特别是查阅、更正及删除资料的要求,应通过CWT网站上的申请表格提出。
Enquiries by Travelers concerning the processing and/or transfer of Traveler Data, in particular access, correction and deletion requests, shall be submitted via a request form included on CWT websites.
对客户的任何此类询问和答复的披露均须经个人事先同意。
Disclosures of any such enquiries and responses to Client is subject to the individual’s prior consent. \
V. 保留和归档 Retention and Archiving
在本协议终止后,CWT将安全地保留所有必要的旅行者数据,以遵守其诸如财务报告和证据保存的法律义务。
Upon the termination of the Agreement, CWT will securely retain any Traveler data necessary to comply with its legal obligations such as financial reporting laws and the preservation of evidence.
在存档期结束时,CWT将删除或销毁任何旅行者数据,该期限不得超过本地保留期限,除非依据相关法律或当地监管机构禁止该等删除或销毁,否则此期限不得超过适用的当地保留期限。在后一种情况下,旅行者数据将被保密,并且不会因任何目的而被主动处理。
At the end of the archiving period, CWT will delete or destroy any Traveler Data, such period not to exceed applicable local retention periods unless such deletion or destruction is prevented by applicable law or local regulator. In the latter case, the Traveler Data will be kept confidential and will not be actively processed for any purpose.
VI. 安全 Security
CWT将实施和保持适当的行政、组织、技术和物理安全措施,以保护旅行者数据免受意外或非法破坏、更改或任何未经授权的披露或访问,并且免受非法形式的处理。
CWT will implement and maintain appropriate administrative, organizational, technical and physical security measures to protect Traveler Data against accidental or unlawful destruction, alteration or any unauthorized disclosure or access and against unlawful forms of processing.
VII. 数据传输 Data Transfers
如果将旅行者数据传输至某个国家,而该国对数据保护没有与数据披露国的保护水平相当,或有关欧洲委员会并未对该国做出有足够数据保护的决定,CWT会基于欧洲委员会发布的欧洲标准合同条款(也称为欧洲格式条款)及适用的数据保护和隐私法律或法规,签订适当的关联公司间的数据传输协议,来确保数据接收国充分地对传输数据进行保护。
Where Traveller Data is transferred to a country which is not governed by a data protection law affording a similar level of data protection than that in force in the country of disclosure, or to which no adequacy decision has been issued by the relevant European Commission, CWT has taken steps to ensure an adequate level of protection of the transferred data in the country of transfer by entering into inter-company appropriate data transfer agreements based on the European Standard Contractual Clauses (also known as European Model Clauses) issued by the European Commission and as and where required by applicable data protection and privacy laws or regulations.
VIII. 客户义务 Client Obligations
客户承诺在向CWT披露其控制的旅行者数据时及/或要求CWT向其指定的第三方披露旅行者数据时,遵守所有适用的隐私和数据保护法律法规,特别是在数据最小化和数据准确性方面。具体并与之相关,客户承诺(1)其在向CWT披露旅行者的个人信息前,已经得到旅行者的明示同意,包括告知旅行者他们对于此类披露的权利;和 (2)其已告知旅行者:为了履行本协议,旅行者的个人信息可能在信息收集国以外的国家被使用、处理和传输。
Client undertakes to comply with all applicable privacy and data protection laws and regulations, particularly regarding data minimization and accuracy, when disclosing to CWT Traveler Data under its control and/or when requesting CWT to disclose Traveler Data with third parties designated by Client. Specifically and where relevant, Client undertakes to (i) obtain express consent from Travelers prior to the disclosure of their personal information to CWT, including inform them of their rights regarding such disclosure, and (ii) inform Travelers that their personal data may be used, processed and transferred outside of the country of collection by virtue of the performance of, and in accordance with, this Agreement.