Data Protection Policy of Advanced Travel Partners (UK) Limited ("ATPI")
ATPI is fully committed to compliance with the requirements of the Data Protection Act 1998 ("the Act"). ATPI will therefore follow procedures that aim to ensure that all employees, agents, partners, and subsidiary companies that have access to any personal data held by or on behalf of ATPI, are fully aware of and abide by their duties and responsibilities under the Act.
ATPI regards the lawful and correct treatment of personal information as very important to its successful operations and to maintaining confidence between ATPI and those with whom it carries out business. ATPI will ensure that it treats personal information lawfully and correctly.
To this end ATPI fully endorses and adheres to the Principles of Data Protection as set out in the Data Protection Act 1998.
1. Policy Introduction
1.1 This policy sets out the principles that ATPI will follow in relation to Personal Data that it holds about all Data Subjects.
1.2 If you require any clarification of the terms of this policy, whether information amounts to Personal Data, and/or whether certain actions amount to Processing, you should contact the UK Compliance Officer.
2.1 "Data Controller" means a person or organisation who processes Personal Data about a living individual. ATPI is a Data Controller for Personal Data we process about individuals for whom we arrange travel and accommodation, etc.
2.2 "Personal Data" means data relating to or about an identifiable living individual.
2.3 "Sensitive Personal Data" is a category of Personal Data which is information regarding racial or ethnic origin, political opinions, religious or other beliefs, trade union membership, physical or mental health or condition, sex life and information about offences.
2.4 "Data Subject" means an individual who is the subject of Personal Data.
2.5 "Processing" includes the holding, obtaining, recording, organising, retrieving, consulting, using, adapting, altering, disclosing, transferring, disseminating and destroying of information. Processing extends to any operation or set of operations carried out on information or data and therefore covers everything ATPI does with Personal Data.
3. Data Protection Principles
The Act stipulates that anyone processing personal data must comply with Eight Principles of good practice. These Principles are legally enforceable. The Principles require that personal information:
1. Shall be processed fairly and lawfully and in particular, shall not be processed unless specific conditions are met;
2. Shall be obtained only for one or more specified and lawful purposes and shall not be further processed in any manner incompatible with that purpose or those purposes;
3. Shall be adequate, relevant and not excessive in relation to the purpose or purposes for which it is processed;
4. Shall be accurate and where necessary, kept up to date;
5. Shall not be kept for longer than is necessary for that purpose or those purposes;
6. Shall be processed in accordance with the rights of data subjects under the Act;
7. Shall be kept secure i.e. protected by an appropriate degree of security;
8. Shall not be transferred to a country or territory outside the European Economic Area, unless that country or territory ensures an adequate level of data protection.
4. Processing Data
4.1 ATPI processes Personal Data (both manually and electronically), including Sensitive Personal Data, for a number of reasons, including but not limited to:
4.1.1 Provision of travel and accommodation services to corporate customers and individual travellers;
4.1.2 Providing data to third parties (ie, airlines etc) solely for the completion of a contract to supply services as above;
4.1.3 Internal company health and safety matters;
4.1.4 Review and management of internal company HR policies and procedures;
4.1.5 Other purposes required by law, regulation or as deemed necessary by ATPI for the management of its employees and its business.
4.2 Sensitive Personal Data is only processed by ATPI for the purpose of providing specific services and welfare to individuals, including but not limited to:
4.2.1 Provision of travel and accommodation services to corporate customers and individual travellers;
4.2.2 Providing data to third parties (ie, airlines etc) solely for the completion of a contract to supply services as above where such Sensitive Data is necessary for the correct provision of welfare or health etc while travelling;
4.2.3 ATPI’s obligations under the Disability Discrimination Act 1995;
4.2.4 ATPI’s obligations to its staff
4.2.5 As required by applicable laws and regulations.
5. Collection of Data
5.1 ATPI collects and records Personal Data from various sources, but primarily by obtaining information from Data Subjects themselves during the booking process.
5.2 In some circumstances, data may be collected indirectly from telephone systems, e-mail, and internet websites.
5.2.1 Such data may be further processed in circumstances including but not limited to the investigation of security breaches, abuse of ATPI’s Information Technology Systems, or where the data is required for regulatory or law enforcement purposes.
6. Disclosure and Transfers
6.1 From time to time ATPI may transfer Personal Data (including Sensitive Personal Data) out of the European Economic Area, and in particular into the United States of America, and to countries where the data is required to complete a contract with the Data Subject.
6.2 Personal Data may also be transferred to third parties to process only on ATPI’s instructions subject to contract arrangements approved by ATPI on behalf of its customers.
6.3 ATPI may disclose Personal Data in order to comply with a legal or regulatory obligation.
7. Retaining Data
7.1 ATPI endeavours to ensure that the Personal Data held is accurate, and that inaccurate, irrelevant, and excessive, information is either deleted or rendered anonymous as soon as reasonably practical. However, ATPI may retain some Personal Data (including Sensitive Personal Data) in order to comply with legal and regulatory obligations and for other legitimate business reasons.
7.2 ATPI reserves the right, at its absolute discretion, to retain Personal Data (including Sensitive Personal Data) after the travel or other arrangements organised for the Data Subject have been completed for purposes including but not limited to, health and safety records, disputes, and in relation to possible or actual legal claims.
8. Company Responsibilities
• ATPI takes its responsibilities under the Act very seriously. To that end it will always ensure:
• There is someone with specific responsibility for data protection in the organisation;
• Everyone managing and handling personal information understands that they are contractually responsible for following good data protection practice;
• Anyone wanting to make enquiries about handling personal information is correctly advised on the procedure to follow;
• Queries about handling personal information are promptly and courteously dealt with;
• Methods of handling personal information are regularly assessed and evaluated;
• Performance with handling personal information is regularly assessed and evaluated;
9. Your rights
ATPI will make Personal Data held about Data Subjects available to those individuals upon written request. If you wish to exercise this right you should contact the UK Compliance Officer at the address below. You may be required to pay a small administration fee.
Suffolk NR32 3BE
0207 111 8000
10. Responsibilities of Data Subjects
10.1 You must notify ATPI immediately of any changes in your personal circumstances, which could cause the Personal Data held by ATPI to be incorrect.