Privacy Policy

Introduction

At Traveo , we understand the needs of privacy and safety. We consider our travelers’ trust as one of our most valuable assets. Therefore, we want to do the utmost for your data to ensure it’s safe with us.

This document describes how we collect and use the data concerning the use of our services. We keep it simple and easy to understand, as our company has been built on openness and our services on trust. Here you will also find our contact information in case you would need any further assistance.

Traveo  Soft Pvt. Ltd. and their local subsidiaries provide business process outsourcing services in the areas of travel and expense management using modern technology solutions.

Our expense management services allow the client to capture, track and store his business expenditure receipts, as well as to generate and submit for approval the expense reports derived from those receipts, which are uploaded via either web, e-mail, Gmail and Outlook Add-on and/or mobile applications, Mobile camera also.

Our travel management services allow the client to use our web pages, mobile applications, call center, integrated partner applications, instant messaging and social media platforms. This policy applies to all the platforms you can use to get access to our services and all the data we collect using those platforms.

This policy may change when the applicable legislation changes or if we decide to extend our services. Please visit this page regularly to be kept up-to-date.

If you do not agree with this Privacy Policy, we kindly advise you to stop using our services.

What kind of information we collect

Information provided by you or your employer

Depending on the services you or your employer has selected, we collect some specific information about you.

To provide you with the best available accommodation, flight or rail ticket we need to know certain things about you, like your first name, last name, ID document number, contact details, other travelers’ data; sometimes also your date of birth can be asked, in order to process the booking.

In order to perform our expense management services, we may also receive and store the following information about you: your bank account number, scanned expense receipts and credit card statements, which may include personal data such as name, address and bank account information.

Use of our services does not always require users to fill in or upload sensitive personal data. In order to avoid unnecessary exposure, we ask you to make sure that sensitive personal data are not filled in or uploaded to your account (intentionally or accidentally) in any form as photos, notes or other if it is not necessary.

Information we collect automatically when you use our services

When you use our services we also collect certain information automatically like your IP address, browser type and version or mobile device data and local settings, e.g. language; activity on our website, including the pages you visited and searches you made.

Information from other sources

If you use a third party payment provider, if you link your profile with social media or instant messaging profile or if you use our platform via third party integrated software we can collect information from those sources.

All our accommodation and transport services providers may also share with us information about you and your trip.

Refer a friend

In case we would enable a refer-a-friend functionality, you must always seek your friend’s consent to our use of your friend’s name and e-mail address to contact them about our services. By providing us with your friend’s name and email address, you warrant that your friend consents to such contact.

What is the purpose of data collection

We need our users and travelers’ data to provide our services to them: searching for hotels and rates available, booking rooms or tickets, managing expenses, creating and transmitting expense reports or any other service we provide and to improve our services for our clients.

We also use your contact information to inform you about any changes to trip itineraries, any actions waiting for you in the system or any new features and services available.

How long do we store your data

Personal data is gathered for a specific purpose and stored also for a specific purpose. The overall rule we apply is that we will delete all the data within 6 months after the end of the year when the data is no longer needed for any purpose.

Please be aware that there are various purposes for which we gather and later process your personal data. We take into consideration all those purposes and have defined a data retention period for each category of the personal data.

Why do we put the deadline on 6 months after the end of the year of termination of the purpose? Because, even though we regularly delete the data that is not needed anymore from our system, this deleted data may stay in the system or the infrastructure logs and backups. These logs and backups are deleted within a period of 6 months.

With whom do we share your data

Traveo  provides users with the platform that gives you access to multiple different service providers e.g. hotels, airlines, rail companies, Bus or Cab providers financial institutions. We need to share your data with them for the purpose of managing your expenses or your trip bookings.

We may share your information with any other company within our group for the purposes stated in this privacy policy. We may also share it with hired consultants or vendors working on our behalf, in line with all Indian regulations.

Of course, we might have to share the information with the competent authorities if the applicable legislation so requires.

Our website(s) and/or web and mobile application include links to third party sites. Traveo  does not control these third-party sites, and we encourage you to read the privacy policy of every site you visit.

Where is your personal data processed

We mainly process your personal data within the Asia Pacific Region (APAC). Being the data processor, Traveo  relies on a limited number of sub-processors to perform well-defined elements of its services. Some of these sub-processors may be located outside of the APAC. They have been selected carefully and all have adequate privacy guarantees in place.

How we secure the data

We use appropriate technical and operational measures (e.g. data encryption, security audits,, hashing, etc.) to secure information collected by Traveo  to be compliant with all applicable regulations regarding personal data protection and our contractual obligations. We built our information security based on the ISO 27001 standard.

When providing our services, we only engage subcontractors, parent or subsidiary companies which adhere to equivalent rules on the protection of personal data in line with Indian regulations.

Personal data of a child

Traveo  services are meant to be used by adult users. Underage persons’ data will be collected only with parents / legal guardians’ permission.

Your rights

You have a right to review the information we collect about you. It is available in your profile and you can always ask for a proper data record by emailing us.

You can always contact us if you believe that we are no longer entitled to use your personal data, or if you have any other questions about how your personal information is used. Please email or write to us using the contact details below. We will handle your request in accordance with all applicable  national data protection laws.

Contact: sameer@Traveosoft.com

Who is responsible for data processing

As part of the business unit Tarveo -  Travel & Expense:

  1. Traveo Soft Pvt. Ltd, 126 KHB Colony, Bangalore India – 560095

Data Protection Officer

We have appointed a Data Protection Officer: Sameer Kakar

in case of any request related to data privacy you might reach our DPO or local point of contact by e-mail: sameer@Traveosoft.com.

What we will do if there is an update to this policy

From time to time we may change our privacy practices. We will notify you of any changes to this Policy as required by law. We will also post an updated copy on our website. It will have a different date and version number from the one set out below. Please check our site periodically for updates.

Cookies Notice

In common with many online businesses, we use cookies. Cookies and other tracking technologies can be used on our websites and apps in various ways, such as to analyse traffic or to offer a better personal experience. Those technologies are either used by us directly, or by our business partners, including third party service providers and advertisers we work with. If you want to learn more about what a cookie is and how they are used, click on the read more link below.

Collected information

Information you provide us or your employer provides us

Traveo  needs a set of data to perform their services for you i.e. your first name, last name, e-mail address, sometimes date of birth, and payment methods. We also encourage you to provide us with contact details, document details, loyalty cards and the information about your special rates and benefit programs you want to use, as well as your trip preferences.

According to the contract between Traveo Soft Pvt. Ltd. (Trvaeo)  and your employer or travel management company (TMC) that serves you, your employer or a TMC can provide part or all of this information.

Information collected automatically

All contacts with Traveo ’s platform or with its Customer Service via phone, e-mail, chat, messaging platform or any other channel will be a source of information about you and your preferences. We collect all the communication between you and Traveo  as well as automatically registered data about your contacts with the Traveo  platform and services like IP address, web browser used, device used, and localisation or language settings, third party applications you use to contact us.

For the purpose of administration and maintenance works, we collect logs of operations on the  Traveo  platform especially all incidents and technical errors that might occur. We might also use collected user operations data to prevent fraud and misuse of our services.

We might also ask you for an opinion about our services or your trip to help us understand your needs and provide better services for you and other our clients.

Information collected from other sources

We receive personal data about you from business partners that distribute our services by way of a co-branded or private-labeled website, business partners that offer their products and/or services via our services, or business partners that provide services in connection with our services (e.g. payment processing services).

Traveo  services are available through our own platforms and applications and through integrated third party software web pages, online booking tools, instant messaging systems, social media platforms. We will collect information about travellers and users provided by integrated third party software to perform and improve our services.

Traveo  is also integrated with multiple services providers, with hotels, airlines, travel management companies, rail operators, financial institutions, security services etc. Those third parties take part in whole trip management service and share the data about the trip with the Traveo  platform, which manages it all.

Purpose of data processing

We use the information collected about users and travellers for providing and improving the travel management services we offer. We can use it for:

  1. Booking trips: this is the most important reason for collecting your data when you are using the travel module. It is necessary to properly search for, book and later on manage your trip (book hotel, issue air or rail ticket). This is our core business and purpose. Additionally we offer other services of our partners connected with travelling i.e. fulfilling payments, providing additional support, monitoring your safety.
  2. Managing expenses: this is the main reason for the collection of your data when you are using our expense management module. It is necessary to recognize your expenses, letting you report them and allow the system to reimburse them.
  3. Customer service: we offer you 24/7 support in English languages. Availability of your data is necessary to help you if you need it. We can provide various support services such as helping you with the booking, resolving issues with the Traveo platform, supporting you in communication with hotel etc.
  4. Providing user access: the Traveo platform and applications requires proper authentication and authorization. Your data is used to manage the user account on our platform. Using the account, you can manage your reservations, set up your profile, manage your company or TMC and use all other features of the system.
  5. Marketing: we use your data for marketing and training purposes:
  6. We use contact data to send information about products and services.
  7. We use collected data to personalise search results in the Traveo platform and applications and to recognize you when you visit or return to our website, so we can show you ads or other content tailored to your preferences;
  8. In case of participations in any promotion events and loyalty programs, we use your data to manage those events.
  9. Communication with users and travellers: we might contact you using phone, e-mail, SMS or an instant messaging platform. We collect the communication between you and us and we will use your data to:
  10. Recognize you when you contact us or enter the Traveo platform or application
  11. Solve all the issues raised by you or services providers
  12. Notify and remind you about all the tasks and actions you might be interested on the platform.
  13. Ask you for an opinion.
  14. Send you vouchers, trip itineraries, summaries of your trips.
  15. Send you important alert.
  16. Market analysis: We can use anonymized data for the analysis of the market. Non-anonymized data or opinions can be collected only if you will agree.
  17. Misuse detection: Data collected allows us to monitor user behaviour and detect misuse of our services or applications, frauds and other potentially dangerous actions.
  18. Service improvement: Data analysis is used to improve our services, to understand our client needs, negotiating with our providers, improving usability of our applications and eliminating problems and issues.
  19. Service monitoring: All technical components of the Traveo platform and integrated applications collect user operations logs, errors and technical alerts for the purpose of system administration and maintenance.
  20. Legal needs: if some cases your data can be used to solve any legal dispute or administrative proceeding.

We collect and process your personal data based on:

  1. Contractual obligations: using your data is necessary to fulfil contract between you and us or between your employer and us.
  2. Legitimate interest: we can use your data to provide you with the best available travel and expense services: personalised application, messages and search results, providing you proper help and product and training information, for administrations and maintenance purposes, fraud detection and for legal reasons.
  3. Your permission: we can ask you for a permission to use your data for special marketing purposes. You can revoke such a permission any time by contacting us.

With whom we can share your data

We share the information we collect about you according to the purpose of data collection.

Solely for purposes of service level assurance we may use third party providers (e.g. our hotel, airline, railway providers, financial institutions, etc.) – who supply us with their specialized service.

In the framework of their service provision, our partners may process application and personal data, but they can never get or link it to any customer details which are not included in those items. We may cooperate with our partners based within or outside the APAC, however, all of them without any exception have appropriate technical and organizational measures in place to protect your personal data and they have provided us with adequate contractual guarantees in this regard.

Data shared to manage business travel

For managing your business travel, we may share your data with:

  1. Travel services providers we use to organize your trip that can include hotels, airlines, global distribution systems where we book your trip, travel management companies issuing your tickets, but also security agencies that cares about yours safety.
  2. Payment operators and other financial services providers to organize all the payments for the services ordered by you. We will share with them only the set of data required to fulfil the service. We can also share additional data in case it is necessary to prevent or detect a fraud or theft.
  3. Your employer or an organization that organizes your trip using our services. We report your business trips to your employer, or if you are a guest of a company or client of the travel agency, we will report the data back to them.
  4. Other Traveo entities that provide services or process the data on our behalf, as we centralize our operations.
Data shared to manage expenses

For managing your expenses, we may share your data with:

  1. Our Optical Character Recognition (OCR) service provider we use to process electronic images of the receipts and other documents you might upload, and only those images.
  2. Your employer or an organization that manages your expenses using our services. We report your expenses to your employer, or if you are a guest to your host our client, we will report the data back to them.
  3. Other Traveo entities that provide services or process the data on our behalf, as we centralize our operations.

We can also share your data with:

  1. Vendors, consultants and business partners who help us to carry out work on our behalf.
  2. Competent authorities, we may disclose personal data so far as reasonably necessary: if we think you have or may have breached our general terms and conditions or to enforce our rights or protect the public or where we have reasonable grounds for believing that a criminal act has been committed or if we are required to do so by law or appropriate authority.

3 With involved parties in the case of an actual or proposed (including negotiations) sale or merger or business combination involving of all or the relevant part of our business.

4 Other services users (or groups of users) or public, but only the content you provide on such a forum.

  1. In aggregated and anonymized form, which cannot be used to identify person.

Where we process your personal data

Your personal data may be stored, used and otherwise processed within India, and/or any other countries of the APAC.

We may also store, use or otherwise process personal data outside the APAC. We will always take steps to ensure that any international transfer of information is carefully managed to protect your rights and interests.

Personal data will not be transferred to a country outside the APAC unless:

  1. the country to which it is transferred is one which the European Commission considers to provide an adequate level of data protection
  2. or the personal data is transferred to a United States company which has signed up to the Safe Harbour scheme
  3. or service providers and other third parties to whom data is transferred undertake contractually to process data in accordance with our instructions and to maintain appropriate security to protect the personal data or we are obliged to provide the personal data to a government or public authority.

Social media

Traveo  uses social media and instant messaging platforms in several ways. We promote our services and products or services and products of our partners. We share information about our work and we gather feedback and marketing data. We also use social media and instant messaging platforms to support online usage of our services.

We are offering services through social media and instant messaging platforms. You can connect your account in the Traveo  system to your existing account on one of supported social media platforms and take advantage of this channel of communication with us. Our system will be able to send you some notifications and you will be able to perform actions, as you would do in our system. Any time you can disconnect accounts using our or native social media or instant messaging platform functionality.

You can also allow us to use some of the social media platform data, available on your profile like photo, email address or name.

On our pages and in our application we can place social media plugins (i.e. like or share buttons). If you will use it, some of the data will be shared with social media platform and it can be shared with larger audience according to your own social media privacy settings. We advise you to read also privacy policies of your social media platform.

Cookies and other tracking tools

What are cookies and how do they work?

Cookies are small bits of text that are downloaded to your computer or other device when you visit a website. Your browser sends these cookies back to the website every time you visit the site again, so it can recognise you and can then tailor what you see on the screen.

What do we use cookies for?

Cookies are used for different purposes. They allow you to be recognized as the same user across the pages of a website, between websites or when you use an app.

Our website and apps use cookies for different purposes:

Technical cookies

We try to give our visitors an advanced, user-friendly website and apps that adapt automatically to their needs and wishes. To achieve this, we use technical cookies to show you our website, to make them function correctly, to create your user account, to sign you in and to manage your bookings. These technical cookies are absolutely necessary for our website to function properly.

Functional cookies

We also use functional cookies to remember your preferences and to help you to use our website and apps efficiently and effectively. For example, these cookies remember your preferred currency, language, your searches. We may also use cookies to remember your registration information so that you don’t have to retype your login credentials each time you visit our site. Your password will, however, always be encrypted. These functional cookies are not strictly necessary for the functioning of our website, but they add functionality.

Analytics cookies

We use these cookies to gain insight into how our visitors use our website and apps. This means we can find out what works and what doesn’t, optimize and improve our websites or apps, understand the effectiveness of advertisements and communications, and ensure we continue to be interesting and relevant. The data we gather can include which web pages you have viewed, which referring/exit pages you have entered and left from, which platform type you have used, which emails you have opened and acted upon, and date and time stamp information.

It also means we can use details about how you’ve interacted with the site, such as the number of clicks you make on a given page, your mouse movements and scrolling activity, the search words you use and the text you enter into various fields. We make use of analytics cookies as part of our online advertising campaigns to learn how users interact with our website or apps after they have been shown an online advertisement. This may include advertisements on third-party websites.

Commercial cookies

We can use third-party cookies as well as our own to display personalized advertisements on our websites and on other websites. This is called “retargeting,” and it is based on browsing activities.

How you can control cookies.

To learn more about cookies and how to manage or delete them, simply visit allaboutcookies.org and the help section of your browser. In the settings for browsers such as Internet Explorer, Safari, Firefox or Chrome, you can set which cookies to accept and which to reject. Where you find these settings depends on which browser you use. Use the “Help” function in your browser to locate the settings you need.

If you choose not to accept certain technical and/or functional cookies, you may not be able to use some functions on our website. We currently do not support “Do Not Track” browser settings.

How long do we store data

Data retention schedule for our application users

Data Category

Explanation

Retention period

Identification data

PII

Name, login, title, email address, IDs assigned by the controller.

Account deactivation + 10 years

Contact data

Address (work and home), other addresses, telephone number (work and home).

Data deleted, account deactivated or requested to stop processing/delete data

Identification information assigned by government institutions

ID card number, passport number, drivers license number, license plate number, etc.

Data deleted, account deactivated or requested to stop processing/delete data

Electronic identification data

IP addresses, cookies, connection moments, etc.

Account deactivation + 10 years

Electronic localization data

Cell tower data, GPS data, etc.

Account deactivation or consent withdrawn

Special financial data

Financial transactions

Amounts paid and payable by the data subject, awarded credit lines, sureties, payment method, payment overview, deposits and other guarantees.

Moment of transaction related invoice payment recognized + 10 years

Personal characteristics

Personal details

Age, sex, date of birth, place of birth, nationality.

Data deleted, account deactivated or requested to stop processing/delete data

Habits

Travel details

Information regarding business travel habits and preferences

Data deleted, account deactivated or requested to stop processing/delete data

Leisure pursuits and interests

Leisure activities and interests

Hobbies, sports, other interests.

Data deleted, account deactivated or requested to stop processing/delete data

Memberships

Memberships (other than professional, political, or in trade unions) – only if required to manage business travel or expenses

Memberships in loyalty programs, organizations, clubs, partnerships, unions, groups, etc. – if used for business travel management or expense management.

Account deactivation + 10 years

Consumption habits

Travel data

Details regarding the goods and services provided to the data subject.

Moment of transaction related invoice payment recognized + 10 years

Business expense data

Details regarding the goods and services reported as expenses by the data subject.

Contract end

Application usage

Details regarding usage of the application by the data subject.

Account deactivation

Requests, complaints, incidents or accidents

Information regarding a request, accident, incident, or complaint in which the data subject is involved, the nature of the request, damage, involved persons, witnesses.

Closing the case + 10 years

Profession and employment

Current employment

Employer, title and role description, seniority, work location, specialization or company type, work modes and conditions.

Account deactivation + 10 years

Photographs recordings

Images

Camera recording, photographic recording, digital photos or scans of receipts uploaded, etc.

Data deleted, Contract end, Request to delete data / stop processing

Sound recordings

Sound recordings

Phone recordings regarding requests or issues, etc.

Closing the case + 10 years

Electronic activity logs

Application and infrastructure logs

Logs of user actions and technical requests registered

Account deactivation

Users login logs

Recorded user login attempts

Account deactivation + 10 years

Your rights

Right of access

You can request access to your Personal data. You may also request rectification of inaccurate Personal data, or to have incomplete Personal data completed.

You can request any available information as to the source of the Personal data, and you may also request a copy of your Personal data being processed by us.

Right to be forgotten

Your right to be forgotten entitles you to request the erasure of your Personal data in cases where:

  1. the data is no longer necessary;
  2. you choose to withdraw your consent;
  3. you object to the processing of your Personal data by automated means using technical specifications;
  4. your Personal data has been unlawfully processed;
  5. there is a legal obligation to erase your Personal data;
  6. erasure is required to ensure compliance with applicable laws.
Right to restriction of processing

You may request that processing of your Personal data be restricted in the cases where:

  1. you contest the accuracy of the Personal data;
  2. we no longer need the Personal data, for the purposes of the processing;
  3. you have objected to processing for legitimate reasons.
Right to data portability

You can request, where applicable, the portability of your Personal data that you have provided to us, in a structured, commonly used, and machine-readable format you have the right to transmit this data to another Controller without hindrance from us where:

  1. the processing of your Personal data is based on consent or on a contract; and
  2. the processing is carried out by automated means.

You can also request that your Personal data be transmitted to a third party of your choice (where technically feasible).

Right to object to processing for the purposes of direct marketing

You may object (i.e. exercise your right to “opt-out”) to the processing of your Personal data particularly in relation to profiling or to marketing communications. When we process your Personal data on the basis of your consent, you can withdraw your consent at any time.

Right not to be subject to automated decisions

You have the right not to be subject to a decision based solely on automated processing, including profiling, which has a legal effect upon you or significantly affects you.

Right to lodge a complaint to the competent Supervisory Authority

If you have a privacy-related complaint against us, you should complete and submit the Complaint/Data Subjects’ Request Form or make your complaint by email or by letter in accordance with our Global Complaints/Requests Handling Policy. If you are dissatisfied with our response, you may then seek further recourse by contacting the relevant Supervisory Authority

For any issue, please contact

Sameer Kakar

sameer@traveosoft.com