PRIVACY POLICY

UAB Travel Union

June 2020

LAST REVISED ON 01/06/2020.

Please note that We might amend this Privacy Policy from time to time. Therefore, please check this Privacy Policy for updates.

This privacy policy is made available to you by UAB „Travel Union“, address: Verkių g. 31B-2 (AltSpace), Vilnius 09108. Lithuania hereinafter referred to as “TU”, “we” or “us”. We comply with data protection legislation such as the EU General Data Protection Regulation, which regulates the processing of personal data relating to you and grants you various rights in respect of your personal data. The aim of this Privacy Policy is to inform you about how we will use your personal data you provide to us through this Website/App, in connection with Virtual Travel Game program, as well as personal data provided and/or collected by us through other channels. We also inform you about your rights under applicable data protection law with respect to the handling of your Personal Data by us. Before providing us with Personal Data we recommend that you read this Privacy Policy which also forms part of our Terms and Conditions that govern our services.

I. What is Personal Data?

For the purposes of this Privacy Policy, “Personal Data” means any information provided by you when interacting with us, for example through our mobile application, Website or when calling us, or data is collected about you through your use of our mobile application, Website and allowing you to be identified personally, either directly (e.g. your name) or indirectly, because the data references an identifier such as your name, an identification number, location data, an online identifier (e.g. telephone number) as an individual person. We may also collect personal data about you in other instances which relate to your account at TU.

For the purposes of the Data Protection Act of Lithuania, TU is a data controller of Your personal data collected for or used in connection with the administration of TU services and products, and TU is a data controller of Your personal data. A data controller is the person who determines the purposes for which, and the manner in which, any personal data is processed. Data controllers have a responsibility to establish practices and policies in line with the Act.

II. When is what kind of data stored and processed for what reason?

1. Use of the Website and/or Mobile App

Whenever you navigate our Website and/or App, data about you is collected and processed. We collect the following data:

  • Personal data You provide on applications or other forms or upload to Your personal account, such as name, address, e mail address, gender, telephone number, date of birth;
  • Information related to the browser or device you use to access our website;
  • IP address/location;
  • Your correspondence with Us;
  • Your language preference for email communication;
  • Your email marketing preferences;
  • Country you are browsing from;
  • Browsing habits, including sites visited;
  • Age;
  • Marital status;
  • Other demographics and statistical information; and
  • KYC and AML related data (more specifically: Name and Surname; Personal code ; Date of birth; Tax identification number; Birth place – city and country ; Face image; Phone number registered in the App; Address registered in the App; E-mail address registered in the App).

TU reserves the right after becoming fully operational to extend personal data about Your transactions with Us or other parties, such as account activation, e-wallet balance, payment/transfer and buy/sell histories and parties to transactions, and credit, debt, or other payment information. In this regard privacy policy would be updated and You will be informed separately.

We also collect technical information when You visit Our website or use our Mobile Application, including the following:

  • Unique identification numbers, e.g. Internet protocol (IP) address and device ID;
  • Your login information (public key for biometric authentication, and Secure Remote Password verifiers for account access pin and signature pattern. there is no login names or passwords with TU);
  • As applicable to Your type of device, browser type and version, and browser plug in types and versions, app release, app version, device model, manufacturer (brand), operating system, operating system version, OS library version, time of last seen, enable wifi, radio (EDGE, HSDPA, LTE, WCDMA, none), device screen (width, high, dpi), NFC, telecom operator, Bluetooth enable, Bluetooth version;
  • time zone setting, city, region, country and language;
  • operating system and platform;
  • crash reports from devices, push notification tokens;
  • phone books entries if allowed by the customer; and
  • information about Your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from Our website (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse overs), and methods used to browse away from the page.

The data is collected through the session cookies (with regard to cookies see also below) we use on our Website. It is anonymised before we use it to build anonymous utilisation profiles, for marketing purposes and to optimise our Website and the services we provide. This data shall not be used in order to identify the visitor of this Website personally.

2. Use of your persona data

We will use Your personal data in order to process Your application for TU membership or an TU e-wallet, to forward to third party suppliers of pre-paid cards, to comply with laws and regulations or good practice with regard to anti money laundering and similar, and to provide You with Our services, including:

  • Analysing Your registration application;
  • Carrying out Our obligations arising from any contracts entered into between You and Us and to provide you with the information, products and services that you request from Us;
  • Taking steps aimed at fraud or other illegal activities detection and prevention;
  • Personalising aspects of Our overall services for You;
  • Communicating with You;
  • Learning from the way You use and manage Your e wallet and Our services;
  • Operating Our Mobil App or Site (see our Cookies Policy);
  • Resolving disputes with You;
  • Administering Our Mobile App or Site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
  • Improving Our Mobile Site or App to ensure that content is presented in the most effective manner for You and for Your computer;
  • In Our efforts to keep Our Mobile App or Site safe and secure;
  • Allowing You to participate in interactive features of Our services, when You choose to do so;
  • Measuring or understanding the effectiveness of advertising We serve to You and others, and to deliver relevant advertising to You
  • Analysing the effectiveness of our marketing campaigns
  • Targeted advertising; and
  • Collecting feedback.

We may also use Your personal data to send You information about Our products and services, or the products or services of third parties, where you have consented to this. You may opt out of this and if You do not wish to receive this information, please update Your preferences via the Services or contact Us by one of the methods referred to on the TU App or Website.

3. Interacting with us

Every time you interact with us (e.g. registering in our Website or Mobile Application, by phone, support chat in the App or through a third party provider, posting a comment on our blog on social media, signing up for our newsletter) we may collect and process the Personal Data you provide to us.

a. Registration

When you create account via TU App, at this stage we collect Personal Data, which includes:

  • Age;
  • Your full name;
  • Your address, including city and country;
  • Your e-mail address;
  • The rate/special offer selected;
  • Any add-on packages selected;
  • Frequent Flyer program or participation in any other loyalty program information organized by TU;
  • Telephone/mobile; and
  • KYC data.

We use this Personal Data to handle your account and to establish and fulfil our contract with you. This includes verifying your identity and sending stay-related and/or marketing communication.

We take the protection of your Personal Data very seriously and therefore have kept the mandatory required fields to a minimum.

b. Newsletter and special offers

If you provide your contact information to us (e.g. when entering a service with us or when signing up for our newsletter via our Website), we may use this Personal Data to send you our newsletters and details of other special offers which may be of interest to you, based on previous interactions with us.

If you sign up for our newsletter via our Website, you are required to provide your email address only. When you sign up for the newsletter via our website, you will receive an email to reconfirm your interest in staying in touch (double opt-in). Any additional information is voluntary and will be used solely for a personalisation of the newsletter.

By providing your email address and subsequent confirmation via the double opt-in, you consent to receive our newsletter. You can revoke your consent and opt out of receiving the newsletter at any time by clicking on the unsubscribe link included in every newsletter. Moreover, you also have the possibility of unsubscribing in your personal profile under “data protection”. For any further objections, kindly address the contact stated at the end of this policy.

We also include web beacons in HTML-formatted e-mail newsletters in order to count how many newsletters (or particular articles, links, etc.) are being accessed, and on our website to count users who have visited these pages.

We use your Personal Data to send you newsletters and special offers.

For the user account, you can deactivate your account at any time by contacting info@travelunion.eu You can deactivate your account via the TU App.

If you deactivate your account, your account will be set to inactive.

d. “Contact Us” functionality

You can get in contact with us via our Website or App by using the “Contact Us” functionality, or by telephone using TU Customer support service. To contact us you are required to provide the following information:

  • Your full name,
  • Your telephone number and your e-mail address,
  • Your enquiry, and
  • Recaptcha, to confirm you are an actual person, and not a robot.

Any additional information is provided voluntarily.

We use your information to reply to your enquiry.

Please note at the moment of the Virtual Travel Game TU encourage contacting is done through Mobile App chat or Website chat and dedicated email support@travelunion.eu.

e. TU Blog

In our TU Blog (including social media and website), we publish articles on banking, fintech and travelling. The blog will allow you to post public comments. If you submit a comment, it will be published with the corresponding blog post and your username. Posting comments on our blog is entirely voluntary.

When you comment on a blog post, we collect and store the following Personal Data:

  • Name
  • Website URL

We use this Personal Data to post the comment on the blog page.

4. Processing of Personal Data to personalise your future account

We may collect and process Personal Data about you, if it is relevant for your future activities in TU, or if it is in your interest. We may collect and process certain additional data to personalise your stay upon your express request and consent

a. Your consent to our ‘Personalise your Stay’ option

You have the option to enable TU to find out more about you to improve your unique and personal experience by opting for the “personalise” option. Only if you have expressly consented to this option we are permitted to conduct further research on you, in particular on publicly available social media entries and the internet. We do not undertake any research, in particular on social media or the internet if we have not obtained your express consent for this option.

If you consent to the “personalise your stay” option we may undertake additional research and record and use the respective information to make your stay more personal. For example, we may collect information on

  • your sports preferences such as in relation to golf or football to provide you, in our sole discretion, with relevant information in this regard or
  • your social media profiles to find out your favourite flowers or wine to allow us to provide you, in our sole discretion, with comforts or other conveniences tailored to you

We will not collect any information which is embarrassing to you or inappropriate under, or not compliant with, local standards, conventions and habits or which are incorrect.

You may withdraw your consent at any time for the future by contacting us under the details of the contact section below.

b. Personal data collection without your express consent

If you have not provided your express consent to the “personalise” option, we do not undertake additional research and do not record and use respective information. In such cases, the Personal Data we collect is limited to information we have gained from you personally or by authorised representatives and to information which is relevant for the banking, fintech and travel preferences. We do not undertake any additional research on you in this case, in particular, no research on social media or the internet.

5.Client service delivery and data sharing

The TU loyalty programme including also a third-party providers.

Your Personal Data may be shared:

  • Within the TU group and to establish and fulfil our contract with you or to the extent you consented to such sharing of data, for example. This includes verifying your identity, taking payments getting in contact and communicating with you.
  • With our commercial partners in the event that you book an event or an activity organised by such commercial partners.
  • With our third party service providers who process your data on our behalf. TU’s third party service providers hosting providers (including Amazon Web Services), and providers of data analysis, IT services, and other similar services requested by TU to provide the Website and other business-related services to you. Any data processing on our behalf complies with the applicable laws.

We will not transfer your personal data to third-party recipients unless you consent to such transfer of data or such transfer is permitted under applicable law.

6. Transfer of Personal Data to a third country

Where information is transferred outside the European Economic Area, we will ensure that appropriate safeguards are implemented. If your Personal Data is transferred to a country that is not subject to an adequacy decision by the EU Commission, data is adequately protected by EU Commission approved standard contractual clauses, an appropriate Privacy Shield certification or a third party’s Binding Corporate Rules.

7. Social Media Buttons

On our Website we use the following social media plug-ins: Facebook, Google+, Twitter, LinkedIn, Instagram, Weibo, WeChat. The plug-ins can be identified by the social media buttons marked with the logo of the provider of the respective social media networks.

We have implemented these plug-ins using the so-called 2-click solution. This means that when you navigate on our Website, Personal Data will initially not be collected by the providers of these social media plug-ins. Only if you click on one of the plug-ins will your Personal Data be transmitted: By activating the plug-in, data is automatically transmitted to the respective plug-in provider and stored by them (in the case of US providers your Personal Data will be stored in the USA). We neither have influence on the collected data and data processing operations conducted by the providers, nor are we aware of the full extent of data collection, the purposes or the retention periods.

Information on the purpose and scope of data collection and its processing by the plug-in provider can be found in the respective data protection policies of these providers, where you will also find further information on your rights and options for privacy protection.

Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA: https://www.facebook.com/privacy/explanation

Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA:
https://www.google.com/policies/privacy/

Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy.

Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA:
https://help.instagram.com/155833707900388

Weibo Corporation, No.8 Sina Plaza, Courtyard 10, the West, XiBeiWang E. Road, HaiDian District, Beijing 100080, China:
http://weibo.com.au/terms

Tencent International Service Pte. Ltd., 10 Anson Road, #21-07 International Plaza, Singapore 079903:
https://www.wechat.com/en/privacy_policy.html

LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA: http://www.linkedin.com/legal/privacy-policy.

8. Integration of YouTube videos

We have included a link to our YouTube channel on our Website. The videos are stored on http://www.YouTube.com, operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. Your Personal Data will not be transferred to YouTube unless you play the videos. We have no influence on this data transfer. You will find further information with regard to the processing of personal data under YouTube’s privacy policy available at https://www.google.com/intl/en/policies/privacy/

9. Cookies

We use cookies on our Website. Cookies are small text files sent by a web server to your web browser and saved locally on your computer. The cookie allows the server to uniquely identify the browser on each page. Cookies do not cause any harm to your computer and do not contain viruses.
We use the following categories of cookies on our Website:

Category 1: Strictly Necessary Cookies

These cookies are essential in order to enable you to move around the Website and use its features. Without these cookies, services you have asked for such as remembering your login details or data provided for a booking cannot be provided.

Category 2: Performance Cookies

These cookies collect information on how people use our website. For example, we use Google Analytics cookies to help us understand how users arrive at our site, browse or use our site and highlight areas where we can improve areas such as navigation, booking experience and marketing campaigns. The data stored by these cookies never shows personal details from which your individual identity can be established.

Category 3: Functionality Cookies

These cookies remember choices you make such as the country you visit our Website from, language and search parameters such as number of guests, time of stay etc. These can then be used to provide you with an experience more appropriate to your selections and to make the visits more tailored and pleasant.

Current versions of web browsers offer enhanced user controls regarding the placement and duration of both first and third-party cookies. Search for “cookies” under your web browser’s “Help” menu for more information on cookie management features available to you. You can enable or disable cookies by modifying the settings in your browser. You can also find out how to do this, and find more information on cookies at www.allaboutcookies.org. However, if you choose to disable cookies in your browser, you may be unable to complete certain activities on our websites or to correctly access certain parts of it. If you would like more information about interest-based advertising, including how to opt-out of these cookies, please visit http://youronlinechoices.eu/.

10. Google Analytics

Our Website uses Google Analytics, which is a web analytics service provided by the third party provider Google, Inc. (“Google”). Google Analytics is used for the purpose of evaluating your use of our Website, compiling reports on Website activity and other services relating to Website activity and internet usage. The information generated by the cookie about your use of the Website is usually transmitted to and stored by Google on servers in the United States. This transfer is covered by Google’s Privacy Shield certification and a separate data processing agreement that we have concluded with Google :
https://support.google.com/analytics/answer/6004245?hl=de&ref_topic=2919631 (information on Google Analytics and data privacy).

11. What kind of security measures for the compliance with data protection?

We strive to maintain the appropriate standards of security and we have put in place robust technical and organisational measures for the protection of your Personal Data in accordance with the current state of the art technologies, especially to protect the data against loss, falsification or access by unauthorised third persons. For the transfer of particularly sensible Personal Data via the internet, we exclusively use encrypted transmission routes and we comply with the Payment Card Industry Data Security Standards (PCI DSS) which is a set of policies and procedures intended to optimise the security Once we have received your personal data we will use strict procedures and security features to prevent unauthorised access. As far as third parties (i.e. external companies) are rendering data processing services for us, we have committed them to the compliance with our data privacy regulations. The external service providers are supervised by our Global Data Protection Manager in terms of compliance with these regulations.

12. Your Rights

In respect of the collection and use of your personal data, you may:

  • withdraw your consent at any time for example by unsubscribing from the newsletter under “data protection”,
  • ask us whether we process Personal Data about you, for which purposes, the categories of Personal Data concerned, to which categories of recipients the information has been disclosed, where possible, the envisaged period for which the personal data will be stored (or, if not possible, the criteria used to determine that period),
  • inquire with us about the appropriate safeguards relating to the transfer to a third party, ask us for a copy of the Personal Data undergoing processing and ask to receive your Personal Data in a structured, commonly used and machine-readable format and to transmit those data to another controller without any hindrance from us. Via the TU App buttons”, you will be displayed all stored data relating to your person. We guarantee that no unauthorised persons are able to have access either to your profile
  • have inaccurate data rectified,
  • object against the further processing and request erasure of your Personal Data,
  • request that the processing of your personal data is restricted by TU,
  • request not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

If you have any further questions on your personal data which has been stored with us or would like to exercise your rights please refer to our Data Protection Officer via the contact details stated below:

dpo@travelunion.eu; tel. +37068263255

Please note each Data Subject has the right to lodge a complaint with a supervisory authority of the alleged infringement if the Data Subject considers that the Processing of Personal Data relating to him or her infringes the GDPR.

The supervisory authority responsible for such complaint according to Article 77 GDPR in Lithuania is:

State Data Protection Inspectorate

A. Juozapaviciaus str. 6, 09310 Vilnius, Lithuania

More information about the procedure of data subject request, can be found in Data Subject Requests Procedure and Details on Data Subject Rights Policy.

13. Retention and deletion of Personal Data

We will retain your personal data only for a limited period of time needed to fulfil the purposes of processing mentioned above. After that time your personal data will be erased. If we process your personal data based on your consent we will retain your personal data for a limited period of time needed to fulfil the purposes of processing it.

Where we enter into a contract with you, we will keep your information for the duration of the contractual relationship you have with us, and, to the extent permitted, after the end of that relationship for as long as necessary to perform the purposes set out in this notice. The criteria to determine the storage period are statutory and contractual requirements, the nature of our relationship with you, the nature of the data concerned and the technical requirements. Laws may require us to hold certain information for specific periods.

Where we process personal data for marketing purposes or with your consent, we process the data until you ask us to stop and for a short period after this (to allow us to implement your requests). We also keep a record of the fact that you have asked us not to send you direct marketing or to process your data so that we can respect your request in future.

In other cases, we may retain data for an appropriate period after any relationship with you ends, to protect ourselves from legal claims, or to administer our business.

14. Updates

This Privacy Policy may be updated periodically. We will update the date at the top of its first page accordingly and encourage you to check for changes that we have made, which will be available at https://www.travelunion.eu/privacy-policy/. On some occasions, we may also actively advise you of specific data handling activities or significant changes to this Privacy Policy, as required by applicable law.

15. Who is the contact person for questions and/or problems relating to the data protection?

Please contact our Data Protection Manager at dpo@travelunion.eu; +37068263255

Appendix – additional definitions to be included if deemed appropriate

Key actors

  • You” (including “Your”) or “User” means TU client and/or user.
  • Controller” shall have the meaning under the GDPR, i.e. “the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law”.
  • Processor” shall have the meaning under the GDPR, i.e. “a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller”.
  • Subprocessors” means a processor engaged by the Processor to carry out certain processing activities on behalf of the Controller.
  • Third Party” shall have the meaning under the GDPR, i.e. “a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data”.
  • Supervisory Authority” shall have the meaning under the GDPR, i.e. “an independent public authority which is established by a Member State pursuant to Article 51” of the GDPR, specifically in Lithuania, State Data Protection Inspectorate. For more information please see: https://vdai.lrv.lt/en/

Personal Data categories

  • Personal Data” shall have the meaning under the GDPR, i.e. “any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.

General notions

  • Processing” shall have the meaning under the GDPR (i.e. “any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction”).
  • Data Processing Agreement” means a controller-processor agreement in accordance with Article 30 of the GDPR.
  • Privacy Shield” means the EU-U.S. Privacy Shield legal framework, designed by the U.S. Department of Commerce and the European Commission and Swiss Administration to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States in support of transatlantic commerce.
  • Standard Contractual Clauses” means sets of standard contractual clauses for transfers as adopted by the European Commission for the international transfer of personal data.