TRAXESS PRIVACY NOTIFICATION
Version V2.4, latest updated on 6.9.2019
Traxess AG is processing personal data of persons who have signed up for the service individually, employees of corporate clients and client’s customers/employees. In the service provided to the client segments, TRAXESS acts as the data processor as well as data controller.
The standards outlined in this Privacy Notice are part of the legal agreement between TRAXESS and clients and the clients’ customers. It shall comprise all security measures in place for protecting personal data and to secure the availability of the software as a service provided by TRAXESS in compliance with Swiss Data Protection Law and the EU’s General Data Protection Regulation as of 25 May 2018 (hereinafter referred to as the “GDPR”).
2. Purpose of processing personal data
The purpose of collecting and processing of personal data on behalf of corporate clients / employees or contracted by private users is to
- provide pre- and on-trip travel and security information
- send alert information that might affect travellers
- monitor and locate travellers in case of an event
- have data available for initiating a crisis intervention to protect and safe life
- have access to information that is required for IT support
- manage system access to products and services
- detect and prevent illegal activities in the software
TRAXESS is using data exclusively in the legally permitted cases, but not for advertising or any market and opinion research purposes.
3. Type and extent of the personal data collection
Visiting our website without login
If user visit our website outside the login-protected area, the web se
rver technology we use automatically logs general technical visit information. These include the IP address of the device used (anonymized), information about the browser type, the Internet service provider and the operating system used.
Using the website with login
When using the software within the login-protected area, beside the automatically logs general technical visit information, all data entered or submitted by the user during the registration process and during the use of the software will be stored. This is particularly the case when customers register and enter travel bookings. Personal master data (name, address, e-mail address), the settings required for the respective service are collected.
By entering data during the registration, user give consent to the processing, use and disclosure of personal data within the scope and scope of the purposes described in this privacy notice declaration.
Travellers booking reservations
Booking reservation data is exchanged between TRAXESS and the Travel Agency concerned when using the optionally available automated data import function. This includes flight bookings, hotel and car reservations etc. processed by the Travel Agency. For processing these data, the employer of the user has contracted the service provided by TRAXESS and has given approval on behalf of employees.
Using the TRAXESS Mobile Security App
When downloading and installing the TRAXESS Security Mobie App, the device identification code and the phone number is detected and linked to the user’s profile. The device type and its technical settings are identified. If the user is turning on the “GPS tracking” function, the device is sending coordinates of the device position on a time interval that is steered by changing the position of the device. These coordinates are captured and stored.
In the registration process of the device, user give consent to the processing, use and disclosure of personal data including GPS tracking within the scope and scope of the purposes described in this privacy notice declaration prior to the software installation on the device.
4. Data transfer to third parties
Personal data will be treated confidentially by TRAXESS and will not be passed on to third parties without the customers’ consent, unless it is required due to a judicial or official request. TRAXESS will not pass on any data to non-EU countries without the customer’s consent. The data remain with TRAXESS and are not made available to any third party except to the extend for providing contracted assistance services as approved either by the users or by their employer.
5. Data Security
We use technical and organizational security measures in accordance with recognized market standards to protect personal data stored with us against unintentional, illegal or unauthorized manipulation, deletion, modification, access, disclosure or use and against partial or complete loss. The TRAXESS servers are located in a multi-certified and secure datacentre in Switzerland. The connection to our servers is TLS/SSL-encrypted with security rating not less than A.
We regularly back up customer data (backup). In order to prevent data loss even in extreme cases (e.g. destruction of datacentre by an earthquake), the encrypted backups are mirrored in on dedicated virtual servers based in Germany. Our security measures are continuously adapted and improved in line with technological developments. We assume no liability for the loss of data or their knowledge and use by third parties. Furthermore, we cannot guarantee the security of data transmission over the Internet; in particular, there is a risk of access by third parties when data is transmitted by e-mail. However, access is protected according to industry Best Practises.
6. Storage of historical data
Any user data that are processed and stored on our servers are encrypted. The data storage is depending on the service contracted by clients. On default, TRAXESS applies the following standard that might change upon client request. The default standard applied is:
TRAXESS Travel Security Solution / TRAXESS SENTINEL
- Full data history of users is stored for three months.
- Anonymised data history without private user information (without name, email, phone number) is stored one year.
TRAXESS Travel Management Solution
- Full data history of users is stored for one year.
- Anonymised data history without private user information (without name, email, phone number) is stored five years.
After a contract with a corporate client has expired, all data are removed from the TRAXESS servers within one month.
We are using cookies that are essential for system operations of our live applications. Cookies are information files that the web browser of the user automatically stores on the computer’s hard drive when visiting our site.
Users can manage their security settings in the browser themselves and thereby block or deactivate cookies installed on the TRAXESS software, whereby certain services of TRAXESS may no longer be accessible for users.
8. Use of Google Analytics or other analytics tools
On the TRAXESS Software Solutions that is accessing Google Maps, the Google Analytics Method and its tools or any other tool that is capturing data for user profiling is blocked. The result of this is that there are no personal data of users who are accessing the system provided to other parties that includes Google.
On the TRAXESS Enterprise Portal www.traxess.ch published on the web, TRAXESS cannot prevent Google from capturing public IP’s. However, this will not impact the privacy of users who are visiting our Enterprise portal.
9. Use of social media plug-ins
The TRAXESS Enterprise Portal website is using social plug-ins from Facebook, Twitter, LinkedIn and Xing, such as “Like” button, “Twitter-Button”.
10. Links to other websites
The TRAXESS Travel Security Solution contains hyperlinks to websites of third parties which are not operated or controlled by TRAXESS. TRAXESS is not responsible for their content or data protection practices.
11. Information, correction, deletion and objection
Users have the rights regarding their personal data:
- the right of access under Article 15 GDPR,
- the right to correction under Article 16 GDPR,
- the right to cancellation under Article 17 GDPR,
- the right to restrict processing under Article 18 GDPR,
- the right to data transfer from Article 20 GDPR, and
- the right of objection under Article 21 GDPR.
Users are asked to give consent in connection with the TRAXESS services. They grant consent by clicking on the corresponding checkbox that TRAXESS may collect, process and use personal data accordingly.
The consent given by users in the past can be revoked at any time without affecting the legality of the processing carried out based on the consent until revocation. Users can cancel the consent given in the past by not accessing the TRAXESS Travel Security Portal anymore and by removing the app installation on their mobile device. Unfortunately, the services and features provided to users will not be available anymore after the consent is revoked.
Users can request the correction of user profile data or the removal of any personal data stored on their profile
- by contacting the system admin dedicated by the employer who as contracted the service on behalf of its employees or
- by contacting TRAXESS via the contact channels included in this privacy notice.
The restrictions according to §§ 34 and 35 GDPR apply to the right to information and the right of cancellation. In addition, there is a right of appeal to a competent data supervisory authority (Article 77 GDPR).
12. Changes to this Privacy Notice
We reserve the right, at our sole discretion, to amend this Privacy Notice or impose new clauses, at any time. If we do so, an updated version will be communicated to clients and made available in the solution. The new Privacy Notice will be effective immediately upon being made available.
13. Contact Information
In charge of data processing in the TRAXESS Travel Mgmt. & Travel Security Solutions is Traxess AG. User can contact the TRAXESS data protection officer
- by sending a letter to Traxess AG, Bleicherweg 10, 8002 Zurich, Switzerland.
- by sending an email to firstname.lastname@example.org.
- by calling the phone number +41 (0)43 505 13 31