Privacy statement: how we process and protect your personal data
(EU directive 95/46/CE)
American Travel Center, conscious of your personal data and of our relationships with you, our client, and with our suppliers, aims to process your data in a transparent manner. This statement discusses how we gather and treat your personal data, and your legal rights and obligations. Please read it carefully:
In the processing of your personal data, we define the following concepts:
‘Personal data’, any information concerning an individual, for example, name, date of birth, gender, nationality, passport or identity card number, address, telephone number or GSM number
‘Treatment’, an operation performed on personal data, for example, collection, recording, storage, correction and destruction
‘Controller’, the person within the company who is responsible for the treatment of data
2. Our company
Our company is registered as ‘American Travel Center sprl’
Our company registration number is 0806.604.290
Our registered head office is Rue de Beth 6, 6852 Opont, Province Luxembourg, Belgium
3. Data controller
The person designated to oversee the treatment of data within our company is owner/director, Mr Iain Rikken
Our company is required to comply with the legal requirements for the processing of data for the purposes it determines. It is responsible for the processing of personal data, including that of its customers, prospects and partners/suppliers.
4. What kind of data do we collect?
Our company processes your data for different purposes. Our core business is travel and travel-related activities. We collect data about you to enable us to carry out our core business and related activities. To identify you, contact you, and to serve you effectively, we collect (amongst others) the following data:
Your last name; your given name(s); your address; your gender; your date of birth; your nationality, your email address; your telephone/GSM number; your passport details or national identity card details
We may also collect data about you which is not essential for us to perform our core business, but you which you give us expressly to enhance your travel experience, for example:
Your airline frequent flyer number(s); your known traveler number(s); seating preferences, dietary preferences/needs, special anniversaries, and so on
We may post on our Facebook page (or other social media) edited client testimonials about the trips they book with us. We take care to protect the client’s identity by only using first name(s) and by not posting any image which may identify them.
We may need to provide our partners and suppliers with medical data about you, only in is as far as it is necessary to determine your fitness to participate in the said activity.
We may also use public data or data collected from third parties. This data may be public, for example, relating to the directors of a company. You may also have made public some data (on social media platforms, for instance). Our company may also have to buy data from companies. These companies are responsible for the legitimate collection of the information they provide us. This data may be used to perform direct marketing or to check the accuracy of the information about you in our possession.
5. Legitimate interest
Our company must be able to function as a business. Our core business is travel and travel-related activities. The European regulation on the protection of personal data speaks of ‘legitimate interest’. The legitimate interest of our company forms the basis of the way we treat your personal data. We take care to balance the impact that the treatment of data can have on privacy and the legitimate interests of any business. If you have any objections to certain treatments of data, you can contact us. You can also exercise the rights about the treatment of personal data which the regulations provide (see section 7).
6. Our partners and suppliers
For the execution of a number of our operations relating to our core business, we call upon:
We strive to only engage reliable partners and suppliers with sufficient security in place to safeguard our data and that of our clients.
For the remote processing of credit card payments (Visa and Mastercard), we use EMS. We do not store credit card information electronically.
7. Exercising your customer rights
The European regulation on the protection of privacy provides consumers and prospects with the following rights:
‘Right to consult data’, you can consult the data we process about you. If you exercise this right of access, we will try to give you as complete a picture as possible about your data. However, some data could be deleted from our files. Or some data stored on media for back-ups may over time no longer be accessible
‘Right of rectification of data’, you may ask the above mentioned data controller to correct your data or to complete your data
‘Right to object to a specific use’, you may dispute the way we treat your data for a specific use, based on your legitimate interests. There are, however, cases in which we are required by law to treat your data.
‘Right to delete data’, if you suspect your data is being treated inappropriately, you may request that we delete it. There are, however, instances where removal of data is not legally allowed.
‘Right to oppose automatic treatment of data’, you may oppose automatized treatment of your data. Certain processes are indeed automated to better serve you.
To exercise any of these rights, or if you have questions about the way we treat your personal data, please direct your request to the above mentioned data controller (see section 3). We may need to ask you to verify your identity.
(UPAV model, May 2018)