Please find attached the Travelport Public Statement issued on March 09th 2021 Regarding the Travelport commitment and compliance to GDPR – General Data Protection Regulation.
Please feel free to use this statement for any Operator customers requiring the GDPR compliance.
Dear valued Travelport business partner:
The GDPR came into effect on 25 May 2018 and Travelport put in place an active and ongoing compliance framework which continues to evolve with the data protection landscape and emergence of new laws, including the Data Protection Act 2018 and UK GDPR. The details of this framework are below:
✓ Organization: Travelport has formed a Privacy Steering Committee of senior leadership within the organisation. The Steering Committee oversees Working Groups within Travelport tasked to ensure ongoing compliance with GDPR / Data Protection requirements. The Committee also escalates issues as needed to the Senior Leadership Team.
✓ Processing activities: Travelport continues to update our record of processing activity and this will continue as required.
✓ Update privacy policies: Privacy policies are available on www.travelport.com/privacy and have been written to provide a straightforward description of what Travelport does with personal data. We periodically review and, where necessary, update our policies.
✓ Data Subjects’ rights: Two new rights under the GDPR include the right to be forgotten and the right to data portability. Travelport has implemented processes for the exercise of these new rights with respect to Travelport’s GDS and ancillary products.
✓ Data Protection by Design and Data Protection Impact Assessments: The GDPR requires products and services to be designed with privacy principles in mind. Travelport has incorporated Data Protection Impact Assessments and other privacy-by-design mechanisms into Travelport’s development processes.
✓ Data Subject access requests: The GDPR introduced new timescales and new rules regarding access requests. Travelport has enhanced internal processes to comply with these new requirements.
✓ Consent: Certain activities, such as the processing of special category data, may require a data subject’s consent. Travelport will obtain consent, where necessary, for any of its products and services that involve the processing of special category data obtained directly from the data subject.
✓ Data breaches: Travelport has updated its incident response procedures to account for managing personal data breaches in accordance with the GDPR.
We take the protection of personal data seriously and should you have any questions around our specific activities, please feel free to contact us.
Data Protection Officer, Travelport