CAFLA Tours, a division of LUXE Travel Management (“CAFLA”, “CAFLA Tours”, “we”, “our”, or “us”) is committed to safeguard our customers and employees integrity. This Privacy Notice is a description of what processing of personal data is done and what measures are in place to secure that the processing is according to the individuals rights and freedoms. By accessing or using our site(s) and/or products and services you signify that you have read, understood and agree to our collection, storage, use and disclosure of your information as described in this Privacy Notice.
CAFLA Tours GOES GDPR
“For your sake”
For CAFLA to ensure that we care about your personal integrity, we have:
How Do We Use the Information We Collect?
Processing of personal data when traveling with CAFLA
Processing of personal data at CAFLA
After you have traveled, the PNR will be made into a pseudonym for further processing, but for handling any complaints that you might have.
Under the jurisdiction, CAFLA may process your data for the following reasons:
The data processed
The data processed is according to the ARC/IATA standard PNR
CAFLA deletes passport number, if applicable, after you have completed your travel.
CAFLA is dependent on a number of sub-contractors that ensures that the services you have purchased are delivered according to expectations. The suppliers, partners and authorities are processing your personal data and subject to a Data protection agreement (DPA) or Data Exchange agreement (DEA). The agreements stipulates that your personal data can only be used in association to your consumption or the services purchased. CAFLA works with the following types of contractors handling your personal data:
Location of your personal data by CAFLA subcontractors
The locations where CAFLA is storing your personal data are:
Global distribution systems (GDS)
CAFLA inventory (available flights and seats) is accessible for Travel agents all over the world through a number of GDS (e.g. Amadeus, Travelport, Sabre). This means that you can purchase or change a ticket with CAFLA at more than one of our travel agency offices in the world. When you book a ticket with CAFLA, a PNR is created with your personal data. The GDS can be seen as and is a marketplace for airline tickets hotels and car rental, and consequently the GDS is subject to GDPR and as a Processor of your personal data responsible for handling according to law. However, this also means your personal data can be processed worldwide by an airline direct or our after-hour service provider if you want to make changes in your travel plan.
Partner Airlines & interlining
CAFLA cooperates with a series of partner airlines (StarAlliance, Oneworld and Star) that simplifies your travel. These partner airlines help CAFLA deliver services to the passenger by offering parts of a trip to a destination where one particular airlines does not travel. In order for the delivery of service to be completed the PNR is sent to the partner airline.
Some countries require CAFLA to send a passenger list to them before departure (e.g. USA, China). This is mandatory and if this is not done you will not be admitted in to the country.
PROFILE ACCOUNT HOLDER
The purpose of being an “CAFLA profile account holder” is to facilitate travel with CAFLA. CAFLA digital services are made available for you (e.g.travel history, pre filled booking dialogue). You can also choose to get personalized offers that are tailored towards your preferences.
Under the jurisdiction CAFLA may process your data for the following reasons:
The data processed
If you give consent to further processing:
There are no data transfers of your Profile Account information
CAFLA has agreements with other companies in regards of providing travel services to our clients. Our agreements may give a company reduced price or extra services. The Corporate traveler is identified by a DK code that is associated to the agreement. The company typically wants to know who has traveled, where, when and what services has been purchased. This information is transferred from CAFLA to the company regularly. The company provides CAFLA with your personal data as an employee.
CAFLA and the company has an agreement which regulates the processing of personal data.
PROCESSING OF SENSITIVE DATA
The legislation states:
“Personal data which are, by their nature, particularly sensitive in relation to fundamental rights and freedoms merit specific protection as the context of their processing could create significant risks to the fundamental rights and freedoms. Those personal data should include personal data revealing racial or ethnic origin, whereby the use of the term ‘racial origin’ in this Regulation does not imply an acceptance by the Union of theories which attempt to determine the existence of separate human races.
CAFLA processed sensitive data in order to be able to cater for all passengers correctly. Since this information is necessary through out your travel, the information is transferred to 3rd parties so that the delivery of service is according to your need. Depending upon where you travel the information can be transferred to a country outside of EU. The data set is called Special Service Request information (SSR). SSR information is is an ARC/IATA standard and is used throughout the airline industry. The services that CAFLA provides that requires sensitive data are:
Under the jurisdiction CAFLA may process your data for the following reasons:
The following data is processed and associated to the passenger:
What is a cookie?
A ‘cookie’ is a small text file containing information which is stored on your computer or mobile device. Cookies are only used for technical reasons and to facilitate your use of CAFLA website, Concur or Cvent application. One type of cookie will save a file permanently on your computer. It can thereafter be used to customise these sites based on the user’s choices and interests. Another common type of cookie is the “session cookie”. When you visit a website or application, session cookies are sent between your computer and the server to collect information. Session cookies are not saved once you close your web browser. For more information about how cookies work, please be referred to www.allaboutcookies.org.
The cookies that CAFLA uses on this website are:
Concur Online Booking engine
First and third-party cookies. We use first and third-party cookies on our Channels. Whether a cookie is ‘first’ or ‘third’ party refers to the domain placing the cookie. First-party cookies are those set by a website that you are visiting at the time (e.g., cookies placed by the SAP Concur French website while visiting that website). Certain cookies are set by a domain other than that of the website you are currently visiting. If you visit a website and another entity sets its cookie or reads its cookie through that website, this would be a third-party cookie (e.g., cookies placed by Google while visiting the SAP Concur UK website).
Persistent and session cookies. We use persistent cookies and session cookies on our Channels. Persistent cookies remain on your Device for the period of time specified in the cookie. They can remain on your Device after you visit the website that set them and can be read the next time that you visit the website that created that specific cookie or visit another website with a beacon from the website that dropped the cookie. Persistent cookies can remain after you end a browser session. A browser session starts when you open a browser window and finishes when you close the browser window. Session cookies allow us to link your actions during a browser session. Session cookies are created temporarily. Once you close the browser, session cookies are typically deleted.
Cvent Group Registratiom Site
Uncertainty of compliance
Please note that it is not certain that the current, ’passive consent’ solution used on the CAFLA website will remain legally compliant. The legal situation is thus currently unclear, but we estimate that the ePrivacy Regulation will in some form enter into force during the present year.
RIGHT TO ACCESS
If you are interested in what data CAFLA stores, you can request an excerpt. The amount of work associated to each request is large. Under GDPR you may request one copy free of charge, and further requests are subject to an administrative fee. We will provide you with an excerpt no later than 30 days after you have registered for an excerpt.
How does CAFLA identify you
CAFLA does not store passport number, social security number or any other number that is uniquely associated to you. This means that the only way for you to identify yourself is through a profile or active PNR, Concur and Cvent online booking account and by logging in we can provide you with all the information.
CAFLA will search for information associated to name, e- mail and telephone number. All three of the search criteria will have to associated to the information given in an excerpt.
Login to your profile
If you are a Concur account but do not have a login, please visit the website or call: 949-336-1000
Minors (Under 18 years of age)
If you are under 18 years of age, then CAFLA does not process any personal information for any other purpose than for your specific travel. Your data is only kept for handling of complaints.
Description of the data that will be provided to you as a Traveler
Description of the data that will be provided to you as a CAFLA Tours client,
Right to Access
If you want an excerpt of the information we have about you, please call: 949-336-1000
RIGHT TO BE FORGOTTEN
As a data subject you have the right to ask CAFLA to delete all information we have about you. It will take CAFLA up to 30 days to ensure that all the data is deleted. However, there are some inconveniences and information CAFLA will not delete.
Information that is not being deleted
SAFEGUARDS & GOVERNANCE
CAFLA Data Protection Ambassador
CAFLA has appointed a Data Protection Ambassador. The Data Protection Ambassador is an expert in data protection and reports to the highest management level. The role has the responsibility to secure that CAFLA is compliant with data protection legislation by:
Information and training
CAFLA staff is trained and informed about Data privacy and the commitments we are given to our customers. CAFLA subcontractors and partners are informed and aware that CAFLA takes the responsibility to process data about seriously.
Governance and compliance to GDPR
CAFLA has appointed a Data Protection Ambassador and through out the organization appointed other Data Protection Ambassadors. This team has the responsibility to assess and secure that your personal data is processed according to law and that the processing of personal data is done with without risk.
Personal Data Breach Notification
CAFLA will inform you and the authorities if your data is breached.
Data protection agreements
All CAFLA “Processors” that are processing personal data are subject to a Data Protection Agreement
Data exchange agreements
All CAFLA partners acting as “Processors ” are subject to a Data Exchange Agreement
CAFLA works continuously with improving information security. The work is done according to the ISO 27001 standard.
Effective Date: 25 May 2018 ©CAFLA Tours, a division of LUXE Travel Management, All rights reserved.