Last update March 4, 2024
Why do we collect personal data?
This Data Protection and Privacy Policy explains how Genuine TMC uses personal information. Genuine TMC provides travel management services for official travel and leisure travel in conjunction with official travel and leisure travel to government agencies and other entities under contracts and agreements with agencies and entities. We will provide the travel services in performing these agreements. Genuine TMC must collect certain data from travelers, personnel systems, or users of our websites.
What data do we collect?
Genuine TMC creates an electronic ‘Traveler Profile’ for each traveler to properly provide travel services to our clients and their travelers. The personal data is entered through feeds from the customer’s systems or by the traveler (or the authorized travel arranger). The personal data that we collect for each traveler may include name, gender, date of birth, address, phone numbers, email addresses, credit card references/numbers, travel destinations, travel schedules, travel preferences (seat, meal, smoking, etc.), passport and visa details, as well as next of kin information. This ‘Travel Profile’ is stored in the Global Distribution System (GDS) and is used to make reservations. Genuine TMC collects personal data from users on its websites through online forms and when the user emails us their details. Genuine TMC forwards these user requests to the appropriate Genuine TMC team to respond to the user.
How we process personal data?
In addition to creating ‘Traveler Profiles’ and Passenger Name Records (PNR), Genuine TMC uses the traveler’s personal data (usually the PNR) for the following travel and other travel-related purposes.
Reservations: The ‘Traveler Profiles’ are stored in a database as a reference document to be consulted each time a reservation is made. When a reservation is made, Genuine TMC creates a PNR containing all of the personal data and the reservation information needed to fulfill a traveler’s travel request and regulatory requirements for travel to specific destinations, such as the Secure Flight program in the United States. To make a reservation, Genuine TMC needs to transfer personal data to various third-party travel suppliers (such as airlines, hotel car rental companies, online booking tool companies, and safety and security tracking providers, as well as computer reservation systems) within the traveler’s home country or in another country where the traveler may be traveling. Without this information, travel would not be possible.
Consolidation of Travel Data: At the request of the Client (the entity paying for the travel), Genuine TMC or a third party may prepare information reports that summarize and analyze the travel expenditures per destination, per travel supplier, etc. Such reports may include specific personal data from the traveler’s profile.
Transfers to Genuine TMC service providers: Transfers are for Genuine TMC to obtain support services in connection with its clients’ travel and meetings & events services (such as administrative, information technology, and technology platforms for Genuine TMC tools, telecommunications, and payment services).
Compliance with Travel Policy: At the client’s request, Genuine TMC may report on the travelers’ compliance with the client’s travel policy and identify any exceptions to the compliance.
Collecting Travel Payments: Genuine TMC may transfer personal data to third parties in the traveler’s home country or another country to collect payments related to travel reservations.
Genuine TMC Databases: Genuine TMC maintains electronic ‘Traveler Profiles’ that are stored in the Global Distribution System (GDS) used to make travel reservations. For clients using an online booking tool (OBT) provider, these third parties may store personal data.
Application of the Policy
Security: Genuine TMC has implemented appropriate technical and organizational measures to protect the personal data obtained from our clients’ travelers against accidental or unlawful disclosure or destruction. Genuine TMC must adhere to applicable security requirements in those contracts and agreements concerning the safeguarding of, access to, and processing of any travel or traveler data. These security requirements may include the Privacy Act and adherence to data protection for information management systems per guidance issued by the National Institute of Standards & Technology, the U.S. Office of Management & Budget, or specific agencies.
Retention and Deletion: Genuine TMC keeps personal data only as long as required to fulfill the services requested by the clients and by the appropriate data retention periods specified in the contract or by applicable retention periods specified in the Federal Acquisition Regulations.
Exceptional Situations: There are some situations, however, where the standard procedure will be impossible to follow. In these cases, the information for the trip (including personal data) will not be given by the traveler but by a third party. Suppose the client provides us with personal data about a traveler. In that case, the client must ensure that it is entitled to disclose that data to us and that without us taking any further steps required by data protection and privacy laws, we may collect, use, and disclose such information for the purposes described above. The client should take reasonable steps to ensure the individual traveler concerned is aware of the various matters detailed in this Genuine TMC Data Protection and Privacy Policy as those matters relate to that individual, including our identity, how to contact us, the purpose of collection, our information disclosure practices, the individual’s right to obtain access to the data, and the consequences for the individual if the data is not provided.
Leisure Travelers: In many instances, our leisure operations also keep traveler profiles.
Travelers’ Rights of Access
The traveler has a right of access to their data. To contact Genuine TMC with questions or issues about Genuine TMC data processing, the traveler should contact their primary contact at Genuine TMC, either the usual travel counselor who books the travel or the program manager, the primary contact of the Client.
Frequently Asked Questions
How does Genuine TMC notify travelers of its data policies?
Genuine TMC notifies travelers about Genuine TMC data processing through this Policy, which is also under the contract agreement.
What obligations does Genuine TMC have in processing the data?
Genuine TMC must ensure, at the very least, that the personal data:
- Is processed fairly and lawfully,
- Is obtained only for specific and lawful purposes and shall not be further processed in any manner incompatible with these purposes,
- Is not excessive (in terms of the type of data requested) in relation to the purposes for which it is collected and further processed,
- Is accurate,
- It is kept secure and not held for longer than necessary.
Can Genuine TMC use the data to carry out its own analyses?
Genuine TMC may not use the data for promotion and marketing purposes by third parties unless the traveler consents. However, Genuine TMC may, for instance, use the data to analyze its clients’ travel trends to propose other Genuine TMC services to them without receiving the traveler’s consent.
This policy is subject to change. The changes will be posted on our website, so please be sure to check the site regularly.