The purpose of this Privacy Statement is to advise users of our services about our collection, use and disclosure policies relating to personal information displayed within this product. It is not intended to serve as a legally binding warranty or representation. Specific warranties and representations relating data protection, security and use are set detailed within our customer contracts.This statement covers the following items:
When we collect personally identifiable information and uses
Why we collect information.
Accessing, modifying, updating or deleting your personal information.
How to Contact Sabs Travel Technology.
1. Information Collection and Uses
Sabs Travel Technology hosts and runs its SABS Corporate product and related data and provide access to this data to assigned internal employees, contractors and end users for their business needs. In this respect Sabs Travel Technology is a Data Processor for the Travel Management Company, and a Sub-Processor for the end user company. Becoming an authorised user enables you to both make travel arrangements and to review your personal information, held within the system. Personal user information is needed to make and confirm travel bookings and this data is stored in a user Profile in a database stored at one of our data centres. This information is either gathered from the end users, the Travel Management Company or via other departments such as the HR department of the end users company.
1.2 Where your information goes
We communicate appropriate personal data to travel providers and booking hubs. Obviously for foreign travel some of this information must go abroad, some of it to outside the European Economic Area (EEA). In particular we are contracted with the Travel Management Companies to use Sabre’s Global Distribution System based in the United States.
1.3 How long we keep your data
As a Data Processor, Sabs Travel Technology does not decide the retention period for your data, this is determined by the end user company as the Data Controller. Please contact your employer for details of their retention policy.
2. Why we collect personal information
Profile data is needed in order to book travel reservation within the host systems including, but not exclusively, GDS, Hotel Reservation Systems, Rail Reservation Systems, Taxi Reservation systems. The Travel Management Company must already have accounts setup with these suppliers in order for Personal Information to be supplied to them during the bookings process. We may collect and use booking information data for billing and internal reporting purposes, and to provide information to our clients to assist them in managing their travellers’ booking activities. Our legal justification for processing this data is “Performance of Contract”.
We agree in all of our customer contracts not to sell, share or otherwise disclose such data to third parties except as necessary to provide our services. We retain the option to disclose aggregate data regarding some or all of our customers, for example for marketing purposes, but will not use personal data or specific traveller or company information without prior agreement.
Your legal rights are as laid out in Chapter III of the General Data Protection Regulation (GDPR). You have the right of access to any and all of your data, the right to have it corrected or erased (the “Right To Be Forgotten”), the right to stop most processing or block it altogether in most circumstances, and finally the right to take away or download a copy.
We and our clients have the ability to include hyperlinks to third party web sites that are not operated by Sabs Travel Technology but we do not accept responsibility for these sites nor do we necessarily endorse them.
SABS Corporate has undergone and continues to undergo a number of security checks and processes which include a review of system architecture by external, independent experts and high-level penetration testing by said independent experts. The system is run from secure, approved data centres and is load balanced across multiple sites. In addition all staff with access to data have been security checked and vetted and cleared, using standard UK Security vetting services from the Disclosure and Barring Service
4. Accessing, modifying, updating or deleting your personal information
You have the right to access your personal data and to modify or delete it if you find inaccuracies, or wish to make amendments within the limitations of the data accessible to either the end users or the Travel Management Company.