Your Data Is Safe With Us
We take your privacy seriously. That’s why we’re accredited with an internationally-recognised certification in data security, storage and risk management.
Data Privacy and Security
We understand that your data is sacred – that’s why we only collect the information necessary for your travel requirements. We know exactly what data we need, where it is and why it’s stored, and as an ISO27001 certified company, we constantly review our security practices and controls for your peace of mind.
What kind of personal data do we collect?
The business travel industry is dependent on large volumes of data to facilitate travel arrangements, itinerary requests and related services. For example, to make a booking, we might need information such as your name, relevant addresses, contact information, passport details, banking details, dietary requirements and any other information that will help us meet your travel requests. In other circumstances, we may keep your data on record to respond to you regarding an enquiry or a promotional event/competition. In some cases, we also might need to pass your travel information onto a third party if you’ve specifically requested a travel ancillary that we ourselves, do not handle in-house; travel insurance or visa applications, for example.
Being an ISO27001 certified organisation means that we have carefully selected all of our partners and subsequently have ensured they meet our heightened security standards. It also means that we ourselves have a robust and secure data management system in place. Any data we collect is securely stored only for as long as legitimately necessary.
We are committed to providing independent assurance of our data privacy system and security controls through regular third-party assessments and audits. We take data security very seriously, providing continuous training for our staff around the handling of personal information, scrutinising our supply chain and industry partners on their data-practices and creating a dedicated in-house ISO Committee to focus on ensuring we meet industry standards and best practice.
ISO27001 is a globally-recognised standard of risk management that provides a framework for a robust Information Security Management System (ISMS). What this means for our clients is that they have complete assurance that their data and information meets international standards and is handled and stored with minimal risk.
General Data Protection Regulation (GDPR) – May 25th 2018
GDPR empowers EU Citizens to have more control over their personal data. The General Data Protection Act 1998 that the UK currently operates under is no longer fit for purpose, as it doesn’t cover cyber-security and cloud storage. GDPR will allow individuals to consent, in unambiguous terms, as to exactly how their data is used.
Companies will then be bound by the new laws and regulations to obtain, handle, process, transmit, analyse, store and retain personal data in line with the consent given. Personal data is any information related to a natural person or ‘Data Subject’ that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, bank details, and posts on social networking websites, medical information, or a computer IP address. Standardised data management is being implemented across the European Union in order to harmonise best practice and will still apply after Brexit takes effect.
Standards must be in place by May 2018, but Business Travel Direct has already created a detailed plan, keeping us on track for early compliancy. To learn more about GDPR and how it might affect you, your company or your travellers, you can click to download our infographic.
GDPR – Are You Ready?
Find out all you need to know about what GDPR is, when it applies and how it affects the business travel industry, you, and your travellers.