CWT Data Protection Policy
Last updated 12 February 2014
Why do we collect personal data?
What data do we collect?
When servicing a given corporate Client, an electronic 'Traveler Profile' is created in CWT's proprietary tool, CWT Portrait, for each traveler. The personal data is entered through feeds from the corporate clients or by the traveler (or the authorized travel arranger). The personal data that we collect for each traveler may include: name, gender, date of birth, address, phone numbers, email addresses, credit card references/numbers, travel destinations, travel schedules, travel preferences (seat, meal, smoking, etc.), passport and visa details, as well as next of kin information. If a 'master profile' is created by an online booking tool service provider (OBT), CWT receives the profile data from the OBT and a profile is automatically created in CWT Portrait to enable the counselor to fulfill traveler’s requests. When organizing a meeting or event for a corporate Client, CWT collects personal data to register the participants to the meeting or event through tools that may be selected by the Client or receives lists of participants from the Client. CWT collects personal data from users to its web sites through the use of online forms and when the user emails us his/her details. CWT forwards these user requests to the appropriate CWT team to respond to the user.
How we process personal data
In addition to creating Traveler Profiles and 'passenger name record' (PNR), CWT uses the personal data (usually the PNR) of the traveler for the following travel and other travel-related purposes.
Reservations: The Traveler Profiles are stored in a database as a reference document to be consulted each time a reservation is to be made. When a reservation is made, CWT creates a PNR that contains all of the personal data along with the reservation information that is needed to fulfill the travel request of a traveler and to fulfill regulatory requirements for travel to certain destinations such as the Secure Flight program in the United States and the Advanced Passenger Information System in several countries such as the UK, China. To make reservations, CWT needs to transfer personal data to various third party travel suppliers (such as airlines, hotels, car rental companies, online booking tool companies and safety and security tracking providers, as well as computer reservation systems) within the traveler's home country or in another country where the traveler may be traveling and often also to government bodies for certain destinations (such as DHS in the US, ...). Without this information travel will not be possible.
Consolidation of Travel Data: At the request of the Client (the paying party for the travel), CWT or a third party may prepare information reports that summarize and analyze the travel expenditures per destination, per travel supplier, etc. Such reports may include certain personal data from the traveler's profile.
Transfers to Third Parties at Corporate Client's Request: CWT may transfer personal data to third parties at the request of the Client. For example, for data consolidation or emergency traveler tracking services. These transfers could involve transfers of personal data to other countries.
Transfers within the CWT group: Transfers are made throughout CWT, its subsidiaries, joint ventures and international partners to support travel-related services such as emergency online booking services, airline ticket issuance and technical help-desk requests, and for screening where required for compliance with the law.
Transfers to CWT service providers: transfers are for CWT to obtain support services in connection with the travel and meetings & events services to its clients (such as administrative, information technology and technology platforms for CWT tools, telecommunications, payment services).
Regulatory transfers: CWT may be required by law to transfer data to governments and law enforcement agencies where required.
Compliance with Travel Policy: At the request of the Client, CWT may report on the compliance of the travelers with the travel policy of the Client and identify any exceptions to the compliance.
Collecting Travel Payments: CWT may transfer personal data to third parties in the traveler's home country or to another country for the purpose of collecting payments related to travel reservations.
CWT Databases: The electronic Traveler Profiles that CWT maintains are stored in a central database at a CWT location in the United States. For clients using an OBT provider, the personal data may be stored by these third-parties.
New Products and Services: With the goal of improving service and based on the data given to CWT, CWT may send additional information to the traveler if it applies to his/her trip or in advance of future trips. An example might be a list of restaurants near a specific hotel in the destination city or parking at the departure airport.
Application of the Policy
Transfer to Third Parties: Prior to a transfer, third parties (except for travel suppliers and authorized transfers, such as within the EU) are required to sign a data transfer agreement with CWT that requires them to follow the applicable data protection laws.
Security: CWT has implemented appropriate technical and organizational measures to protect the personal data obtained from our Clients' travelers against accidental or unlawful disclosure or destruction.
Retention and Deletion: CWT keeps personal data only as long as required to fulfill the services requested by its Clients. CWT may need to keep certain data to comply with financial reporting laws or to inquiries from Clients on past travel activities.
Leisure travelers: In many instances, our leisure operations also keep traveler profiles.
Travelers' Rights of Access
The traveler has a right of access to his/her personal data. The traveler can update his/her Traveler Profile directly in CWT Portrait. To contact CWT with questions or issues about CWT’s data processing, the traveler should contact his/her primary contact at CWT, either the usual travel counselor who books the travel or the program manager, the primary contact of the Client.
Frequently Asked Questions
How does CWT notify the travelers?
CWT notifies the travelers about CWT’s data processing through this Policy. CWT is also adding a 'Traveler Communication' to its traveler-facing tools and will email updates on an annual basis.
Why is the travel agreement between CWT and the Client not sufficient to protect the travelers' personal data?
The travel services agreement is between the corporate Client and CWT, not between the traveler and CWT. Data protection laws protect the rights of the individual traveler, and in processing the individual traveler's data, CWT has obligations under these laws which it has to fulfill itself and cannot pass onto the Client.
When does CWT need to obtain the traveler's consent?
Practically speaking, it will be very difficult and in some countries even impossible for CWT to provide travel services to an individual traveler who refuses to allow CWT to process his/her travel data.
What obligations does CWT have in processing the data?
CWT must ensure, at the very least, that the personal data:
- is processed fairly and lawfully,
- is obtained only for specific and lawful purposes and shall not be further processed in any manner incompatible with these purposes,
- is not excessive (in terms of the type of data requested) in relation to the purposes for which it is collected and further processed,
- is accurate,
- is kept secure and not held for longer than necessary.
Can CWT use the data to carry out its own analyses?
CWT may not use the data for promotion and marketing purposes by third parties unless the traveler gives his/her consent. However, CWT may, for instance, use the data to analyze the travel trends of its corporate clients in order to propose other CWT services to the clients, such as CWT Solutions Group services, without receiving the traveler's consent.
The following notes are to detail certain points and country specifics.
'Carlson Wagonlit Travel' refers to the group of companies of which the parent company is CWT Global B.V., a Dutch company, and its affiliates in 50+ countries around the world. CWT values the protection of personal data of all our travelers wherever they are based around the world.
Australia. We will use and disclose personal data for the primary purpose for which it was collected. We may also use and disclose personal data for purposes related or ancillary to the main reasons we collect it.
European Union. Under E.U. rules, personal data can flow from the European Union member states and three EEA countries (Norway, Lichtenstein and Iceland), and to a list of designated third countries (including Argentina, Israel, PNRs to the U.S. Bureau of Customs and Border Protection, PNRs to the Australian Customs Service), without any further safeguard being necessary. CWT has entered into EU Model Clauses, such as with its US affiliates, and its Indian affiliate.
United States Safe Harbor. The E.U. has negotiated with the U.S. Department of Commerce certain principles and guidelines for the transfer of data. The U.S.-EU Safe Harbor Privacy Principles guide U.S. entities in providing an adequate level of protection for personal data. Carlson Wagonlit Travel, Inc. and its U.S. subsidiaries comply with the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework regarding the collection, use, and retention of personal information from European Union member countries and Switzerland. Carlson Wagonlit Travel, Inc. and its U.S. subsidiaries certify that they adhere to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view the certification of Carlson Wagonlit Travel, Inc., please visit http://www.export.gov/safeharbor/.
Dispute resolution for Safe Harbor claims: any question or concerns regarding the use of disclosure of personal information should be directed to your usual contact, either travel counselor or program manager. CWT will investigate and attempt to resolve complaints and disputes regarding use and disclosure of your personal information in accordance with the Safe Harbor principles. For complaints that cannot be resolved between CWT and the complainant, CWT has agreed to cooperate with the European Union Data Protection Authorities or the Swiss Federal Data Protection and Information Commissioner.
This policy is subject to change. The changes will be posted on this web site, so please be sure to check the site regularly.