Introduction

This Privacy Notice (“Notice”) establishes how BLANDY TRAVEL Protects the privacy of the Personal Data of our employees, customers, partners, or any other entity with which the BLANDY TRAVEL relates in the context of its activity).

Being a travel agent, the BLANDY TRAVEL need to collect, use, and disclose Personal Data to perform the functions and business activities, including carrying out and managing travel reservations on behalf of our clients. In the BLANDY TRAVEL we are committed to protect the privacy and confidentiality of Personal Data and to maintain the various physical, digital, human and process related controls.

In the context of the General Data Protection Regulation 2016/679 (“GDPR”) the BLANDY TRAVEL is a “data controller” of any personal information that is shared in the context of our relationship with our clients or other interested parties.

By providing us Personal Data, stakeholders agree that this notice apply to how we deal with Personal Data and consent that Personal Data is collected, used, and disclosed as detailed in this Notice. If stakeholders do not agree with all or part of this Notice, the stakeholders should not provide us their Personal Data. If stakeholders do not provide us their Personal Data or withdraw their consent according to this Notice, that could affect our ability provide the services or negatively affect the quality of services provided. For example, most travel bookings must be made under the traveller’s full name and must include contact details and appropriate identification (e.g. passport details). We cannot make reservations without this information. There may be cases where local data protection laws impose treatment practices more restrictive than the practices defined in this notice. When that occurs, we will adjust our data processing practices to comply with these local laws data protection.

What Personal Data Do We Collect?

Personal Data have the meaning given by the local data protection laws and, where the GDPR applies, the meaning given under the GDPR. Personal Data usually mean data related with a living individual who can be identified from that data; or is identifiable from the combination of that data and other available data.

Generally, the type of personal information we collect is necessary to facilitate travel arrangements, support reservations or to arrange services and / or products relating to travel on behalf of our clients.

In this regard, we usually process the following types of Personal Data about our customers:

a) Contact information (such as name, home address / correspondence, telephone number, email address);
b) Payment data;
c) Passport detailed data;
d) Loyalty programs /frequent flyer detailed data;
e) Data on dietary needs and health problems (if any); and
f) Otherdetails relevant tothetravel plans or required by therelevant travel serviceprovider(s) (e.g. airlines andproviderofaccommodationor tourism).

When our customers contact us for other purposes, Personal Data related to those purposes may also be collected. For example, we may collect personal information so that we may contact our customers about a contest / campaign that has signed up or to respond to a question or comment they have sent us. We also collect data necessary for use in the business activities of BLANDY TRAVEL and our related entities, including, for example, financial details required to process multiple transactions, video surveillance images used for security purposes, or other relevant Personal Data you may choose to provide us.

In some circumstances, we may collect Personal Data from our customers that may be considered sensitive data in accordance with local data protection laws. Sensitive data may include (without limitation) racial or ethnic origin, philosophical or religious beliefs or affiliations, sexual preferences or practices, criminal history and the alleged commission of an offense, affiliation to political, professional, or commercial associations, biometric and genetic information, financial data, and health data. We will only collect sensitive data in accordance with local data protection laws, with explicit consent of the subject and where the data is reasonably necessary or directly related to one or more of our functions or operational activities (for example, travel), unless required or permitted to do so by law. To the extent permitted or required by local data protection laws, our customers consent that we use and disclose your sensitive data solely for the purpose for which it was collected, unless we subsequently receive your consent for another purpose. For example, if our clients provide us with health information related to travel insurance that they wish to do, customers consent that we use and disclose such health information on their behalf in the contacts made with the entity that promotes such travel insurance. Another example is when our customers can divulge their religious beliefs because they are interested, for example, in certain vacation packages, the use and disclosure of this information to make the trip operational. We will not use sensitive data for purposes other than those for which it was collected, unless we receive consent for another purpose.

How Do We Collect Personal Data?

We will only collect Personal Data in accordance with local data protection laws. We generally collect Personal Data in the context of contacts with our customers. We will collect this data directly from our customers, unless it is unreasonable or impractical to do so.

Generally, this collection will occur when customers:
a) contact us in person, by phone, letter, e-mail;
b) visit us through our website; or
c) contact us through social networks.

We may also collect Personal Data when:
a) purchase or ask questions about travel plans or other products and services;
b) enter contests or register in campaigns / promotions;
c) sign up to receive marketing communications (for example, e-newsletters);
d) request leaflets or other information

Unless they choose to do so under a pseudonym or anonymously, we may also collect Personal Data from our customers in the context of surveys or when they provide feedback.

In some circumstances, it may be necessary to collect Personal Data from our customers from third parties. This includes cases where a person makes a travel reservation on behalf of another person (s) (for example, a family reservation, a group, or a booking made by an employer). When this happens, we have the authority of the person making the travel reservation to act on behalf of any other traveller in the reservation, as well as with the consent of that person to collect, use and disclose Personal Data in accordance with this Notice. Our clients should inform us immediately if they know that their personal information has been provided to us by another person without their consent or if they have not obtained the consent before providing us with the Personal Data of another person.

We make every effort to maintain the accuracy and completeness of the Personal Data we store and to ensure that all Personal Data is up-to-date. However, any interested party may contact us immediately if there is any change to their Personal Data or if they are aware that we have inaccurate Personal Data (see section 13 below). We will not be liable for any losses arising from any inaccurate, inaccurate, defective, or incomplete personal information that the Interested Parties, or anyone acting on your behalf, may provide to us.

How Do We Use Personal Data?

We will only process Personal Data when:

a) Consent has been given for such processing (which may be withdrawn at any time, as detailed in section 8 below);
b) Processing is necessary to provide our services;
c) Processing is necessary for compliance with legal obligations; and / or
d) Processing is necessary for our legitimate interests or for any third party receiving Personal Data (as detailed in sections 5 and 6 below).

When you contact us regarding an inquiry or travel reservation, the purpose for which we collect your personal information is generally to provide you with travel advice and / or to help you book travel-related products and services. However, the purpose of the collection may be different depending on the specific circumstances disclosed in this Notice (e.g. collection of Personal Data for participation in a contest, provision of feedback, etc.).

When a customer makes a reservation or organizes travel-related products and services with our support, we generally act as an agent for travel service providers (e.g. for a hotel). In this case, we process Personal Data as necessary to provide the requested services. This usually includes the collection of Personal Data for internal purposes as described in this Notice, and for the travel service provider for whom we act as an agent (for example, to provide contracted services). For example, if you book a flight through BLANDY TRAVEL, we will use the Personal Data to allow the flight to be booked and we will disclose the Personal Data to the airline to allow it to provide the flight service.

We may share data with our travel service providers (hotels, airlines, car rental companies or other providers related to travel reservations). These travel service providers may also use the Personal Data as described in their respective privacy policies for additional information that facilitates booking the trip or providing the services requested. We recommend that our Customers review the privacy policies of any travel service providers that are purchased through BLANDY TRAVEL. We will provide copies of all relevant terms, conditions, and privacy policies of travel service providers upon request.

We act as agents for or on behalf of many thousands of travel service providers worldwide, so it is not possible to refer in this Notice to all the travel service providers for which we operate (in particular their locations). For more information on disclosure of Personal Data to travel service providers located outside the RGPD context, see section 6 below.

If there is any concern regarding the transfer of Personal Data to a travel service provider, or if further information is required, please refer to section 13 of this Notice.

The purposes for which we collect Personal Data also include:

a) provide services or tools that our customers choose to use (for example, keeping travel preferences on our website on a wish list or storing Personal Data to enable early filling in of online forms);
b) identification of fraud or errors;
c) legal or regulatory compliance;
d) develop and improve our products and services;
e) maintaining or improving the relationship with our Clients, namely by creating and maintaining a customer profile that allows the delivery of a service aligned with their preferences;
f) market research, customer satisfaction assessment and feedback on the services we provide;
g) facilitate the participation of our Clients in loyalty programs;
h) analysis related to our business and services, including, but not limited to, sales and travel destination preference trends;
i) internal organization and accounting;
j) compliance with applicable legal obligations or applicable customs / immigration requirements related to travel; and
k) other purposes as authorized or required by law (e.g. to prevent a life threatening, health or safety protection, or to enforce the legal rights of the BLANDY TRAVEL ).

Where permitted by local data protection laws, we may use Personal Data to perform marketing activities related to our (and third party) products and services that we believe may be of interest to our Customers, unless they have requested to not receive such data. information. These campaigns may include, but are not limited to, email submissions, digital marketing, and other electronic notifications. Personal Data will be used to send digital marketing material (including e-newsletters, e-mail, SMS, MMS, and IM) if the Customers have chosen to receive it. Customers can sign up to receive e-newsletters and other promotional / digital marketing materials by following the relevant links on our website or requesting that one of our collaborators do so.

Any individual who does not wish to receive promotional / marketing material from us, participate in market consultations or receive other types of communication should refer to sections 8 and 13 of this Notice.

What Personal Information Is Disclosed To Third Parties?

At BLANDY TRAVEL we do not sell, rent, or exchange Personal Data. Personal Data will only be disclosed to third parties in accordance with the provisions of this Notice and in accordance with local data protection laws (note: in this Notice the reference to “disclosing” includes transferring, verbal, or written sharing, sending, or making available data to another person or entity).

Personal Data may be disclosed to the following types of third parties:

a) contracted entities, suppliers, and service providers, including:
a.1) in each of the circumstances described in section 4 (“How do we use Personal Data?”);
a.2) providers of ICT solutions that support us in delivering products and services (such as any external data-hosting providers we can use);
a.3) publishers, printers, and distributors of marketing material;
a.4) organizers of events and exhibitions;
a.5) marketing or market consulting agencies;
a.6) courier services or courier services; and
a.7) external consultants (such as lawyers, accountants, auditors, or recruitment consultants);
b) travel service providers such as travel wholesalers, tour operators, airlines, hotels, car rental companies, transfer managers and other related service providers;
any third party to whom we assign or transfer any of our rights or obligations;
c) people making travel reservations on behalf of others (for example, a family member, friend, or co-worker);
d) Employers, in the context of corporate, corporate or government business trips;
e) contact persons (for example, a family member) when our Customers are not contactable, and the contact is in our opinion of Customer’s interest (e.g. where the person is concerned about their well-being or needs acting on behalf of Customer due to unforeseen circumstances);
f) as required or authorized by applicable law, and to comply with the legal obligations of the BLANDY TRAVEL ;
g) customs or immigration services to comply with applicable legal obligations in the context of travel;
h) government agencies or public authorities to comply with valid and authorized requests, including court orders or other valid legal process;
i) regulatory authorities or law enforcement authorities, including for fraud protection and related security purposes; and
j) supervisory agencies where there is suspicion of illegal activity and that the Personal Data are a necessary part for investigation or denunciation of the subject.

In addition to the above, we will not disclose personal information without consent, unless we believe disclosure is necessary to reduce or prevent a threat to life, health or safety of an individual, public health or safety, or for an action (e.g. prevention, detection, investigation, or punishment of criminal offenses), or where such disclosure is authorized or required by law (including applicable data protection / privacy laws). 

On the websites or social networks of BLANDY TRAVEL users may choose to use certain third-party resources with which we associate. These features, which may include social networking tools and geo-localization, are operated by third parties, and are clearly identified as such. These third parties may use or share Personal Data in accordance with their own privacy policies. We recommend consulting third-party privacy policies if you consider these relevant tools.

What Personal Data Are Transferred Abroad?

We may disclose personal information to certain recipients abroad as described below. We will ensure that such international transfers are necessary for the execution of a contract between our Customers and third parties abroad or that are subject to appropriate or adequate safeguards as required by local data protection laws (e.g. GDPR). We will provide copies of the relevant safeguards documents upon request (see section 13 below).

It is possible that Personal Data are transferred for a foreign entity located in a jurisdiction where it is not possible to guarantee a data protection level equal to that in the context of GDPR. In these cases, the BLANDY TRAVEL you cannot be responsible for how these recipients handle, store, and process your Personal Data.

(a) Related entities abroad

The BLANDY TRAVEL operates a global business, including operations in . Personal data may be disclosed with our related entities abroad for support in the travel reservation and / or to enable administrative, consultative, or technical services, including the storage and processing of such data.

(b) Travel service providers located abroad

To provide our services, it may be necessary for us to disclose personal data to relevant suppliers of travel services abroad. We deal with many different travel service providers around the world, so the location of a relevant travel service provider will depend on the travel services provided. Relevant travel service providers will in most cases receive personal data in the country in which they will provide the services or on which their business is based.

(c) Our service providers located abroad

We may also have to disclose personal data to service providers located abroad for supporting the provision of services, including the storage and processing of such data. Generally, we will only disclose personal information to such recipients abroad in the context of a travel reservation and / or to allow the provision of administrative and technical services provided on our behalf.

If there is any specific doubt as to where or for whom personal data can be sent, see section 13 of this Notice.