EU Data Protection

Travel data is our business. Customer trust is our mission.

More

Overview

We are proud of our privacy practices and the strength of our site security. We want you to know how we protect your information and use it to provide you services. As there are unique concerns and needs for companies in the EU as well as EU citizens, we have created this resource to help answer questions about our data protection practices, privacy policy, and the like.

Refer to our full data security statement, User Agreement, and Privacy Policy, but here are some details that are likely of most interest relative to the EU.

Physical, System, and Operational Security

Traxo services are hosted in cloud service providers that are audited and certified against industry standards. This includes AWS, which is compliant with the PCI, HIPAA, SSAE 16, SOC 2, and SOC 3 standards among others. A full list of AWS certifications is available at aws.amazon.com/compliance.

System configuration and patching occurs through an automated process, backed by source code management for change management, tracking and review. System access is logged and tracked and multiple factors of authentication (MFA) are required for operators access.

We use numerous monitoring solutions as part of regular operations to prevent and eliminate attacks. In addition, secure destruction policies are implemented for all sensitive information.

For more detailed information about our security practices, you can view our documentation.

Privacy Shield

Traxo complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework with respect to the transfer of personal data from the EEA or Switzerland, to our servers which are located In the US.

The EU-U.S. and Swiss-U.S. Privacy Shield Frameworks were designed to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the EEA and Switzerland to the United States.

View information about our current certification at privacyshield.gov. This page covers the scope of our participation, information about our privacy policy, and who to contact at Traxo regarding questions or complaints.

European Union General Data Protection Regulation (GDPR)

We want to keep you informed and prepared about how we support the new European General Data Protection Regulation (GDPR). Not only is GDPR an important step in protecting the fundamental right to privacy for European citizens, it also raises the bar for data protection, security, and compliance.

What is GDPR?

The General Data Protection Regulation (GDPR) is a new European privacy law that goes into effect on May 25, 2018. The GDPR will replace the EU Data Protection Directive, also known as Directive 95/46/EC, and will apply a single data protection law throughout the EU.

Who does GDPR apply to?

GDPR applies to any organization located within the EU as well asl those located outside of the EU if they offer goods or services to EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location. The GDPR defines personal data as any information relating to an identified or identifiable natural person.

What is Traxo’s role under GDPR?

Depending on the service, Traxo is either a data controller or data processor, or both. A controller is the entity that determines the purposes, conditions and means of the processing of personal data, while the processor is an entity which processes personal data on behalf of the controller. In the case of Traxo CAPTURE and Traxo CONNECT, Traxo is only a data processor. For the Traxo Traveler service, Traxo is both a data controller and a data processor.

What has Traxo done to comply with GDPR?

We have conducted an extensive analysis of our operations to ensure we comply with the new requirements of the GDPR. This has included all infrastructure, services, and products used by Traxo in the operations of our services for travelers, developers, and corporations. Additionally, with the assistance of outside advisors, we have reviewed our customer terms, privacy notices, and arrangements with third parties for compliance with GDPR. We can confirm all of our services will be fully compliant with GDPR by May 25, 2018.

Data Processing Addendum (DPA)

We offer data processing addendums (DPAs) for our customers that operate in the EU. This DPA reflects the requirements of the European Data Protection Regulation (“GDPR”) as it comes into effect on May 25, 2018. Traxo’s services offered in the European Union are GDPR ready and this DPA provides you with the necessary documentation of this readiness.

To ensure no inconsistent or additional terms are imposed on Traxo beyond that reflected in our standard DPA, we cannot agree to sign customers’ DPAs. Contact us if you have any questions.

Download our addendum here. Once completed and signed, email the document to business@traxo.com so we may countersign and make this document legally binding.

Data Subject Rights (DSR) Requests

Controllers and processors of data are obliged to give effect to the rights of data subjects under EU data protection law. These rights are called Data Subject Rights (DSRs). In short, these rights include:

  • Right of access
  • Right to rectification, be forgotten & erasure
  • Right to restriction of processing
  • Right of data portability
  • Right to object

Traxo has established processes to support exercising your DSR requests. All requests should be initiated as a logged-in user using features built into the Traxo product used.

  • Traxo Travelers: Navigate to Settings to exercise your Member Account Rights
  • Traxo CAPTURE: Navigate to your Account Overview to edit your account and exercise rights
  • Traxo CONNECT: Navigate to your profile or the profile of the member to exercise rights

We will respond to these requests within 14 days or less, which is well within the GDPR requirement of 30 days.

Contact us if you have any questions.

“European Parliment, Plenar Hall” by CherryX licensed under CC BY 3.0 with modifications