PRIVACY POLICY
INTRODUCTION
This Privacy (“Policy”) applies to the securing and processing of personal data by GOED Travels Travel Limited (hereinafter “GOED Travels”) in connection with personal data provided by any person (“User”) who has purchased or intends to purchase or inquires about any product(s) or service(s) made available by GOED Travels through any of GOED Travels’ interface channels, including website, mobile site, and mobile app (collectively referred to as “Sales Channels”
For the purpose of Privacy Policy:
– All references to “you” or “your” in this policy are to “User.”
– All references to “we”, “us”, or “our” are to ‘GOED Travels’.
The User agrees to the terms of the Privacy Policy and the contents herein by accessing or using the website or any other sales channel. Please do not access or use our website or any other Sales Channels if you disagree with the Privacy Policy.
This privacy statement does not cover any third-party website(s), mobile site(s), or mobile app(s). Users should be aware that the information and privacy practises of GOED Travels’s business partners, advertisers, sponsors, or other sites to which GOED Travels provides hyperlink(s) may differ from this privacy policy.
We value your privacy and recognise that the use and disclosure of personal data has significant implications for us and the users whose personal data we process.
PURPOSE OF THIS POLICY
We understand your desire to know how and why information is collected, used, disclosed, transferred, and stored. As a result, we have created this Policy to familiarise you with our practises. In accordance with applicable data protection laws, this policy describes how we process your information when you use our Website or other digital platforms. It is critical that you read this policy, as well as any other policies we may provide on specific occasions when we collect or process your personal data, so that you understand how and why we use your personal data. This policy supplements and does not supersede the other notices.
DEFINING CONTROLLER OF PERSONAL DATA
A “Controller” is a person or organisation who, alone or jointly, determines the purposes for which and how personal data is or is likely to be processed. As controller, GOED Travels is issuing this notice.
A natural or legal person, public authority, agency, or other body that processes personal data on behalf of the Controller is referred to as a Processor.
GOED Travels may be the Controller or Processor of your personal data depending on the circumstances.
TYPE OF PERSONAL DATA WE COLLECT
Personal data is any information about a user that can be used to identify that user. It excludes personal data from which the identity has been removed (anonymous data). When you contact GOED Travels directly or indirectly through a third party, you may be asked for personal information.
For any purpose, including gathering statistical or demographic information, we collect, use, and share aggregated data. Although aggregate data may be derived from your personal data, it is not legally regarded as personal data because it does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to determine the percentage of users who use a particular website feature. However, if we combine or connect aggregated data with your personal data in such a way that it can be used to directly or indirectly identify you, we treat accordance with this policy.
We do not collect any special categories of personal data about you via our Website (including information about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, trade union membership, political opinions, health information, and genetic and biometric data). We also do not collect information on offences and criminal convictions.
We collect, use, store, and transfer various types of personal information about you. We have grouped the following categories of personal data together to explain how we use this type of information. The following terms appear throughout this Notice:
“Contact Data” includes your home address, workplace address, email address, and phone numbers.
“Identity Data” includes your first and last name, username or other unique identifier, and title.
“Website User Data” refers to usernames, passwords, and other security-related information that you use in connection with our services.
“Transaction Data: A history of your online shopping behavior and activities.” anyone else for whom you booked a reservation through your linked GOED Travels account. In such a case, you must confirm and represent that each other traveller(s) for whom a booking has been made has agreed to have the information shared by you disclosed to us and shared with the relevant service provider(s). “Marketing and Communications Data”: This category includes your marketing and communication preferences. We also keep track of when you receive and read our marketing communications, which we use to improve our marketing services, provide you with more relevant information, and improve the quality of our marketing materials. The marketing communications we send you contain additional information about the personal data we process in connection with marketing.
“Public Domain or Third Party Data”: Data available in the public domain or received from any third party, including social media channels, as part of your account information, including but not limited to personal or non-personal information from your linked social media channels (such as name, email address, friend list, profile pictures, or any other information permitted to be received per your account settings).
“Profile Data” refers to information collected gradually when you visit our site, such as your referral website, pages you visit, actions you take, patterns of page visits, and information from forms you fill out.
“Technical Data” refers to information collected when you visit our website, mobile site, or mobile app, such as your internet protocol (IP) address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use. and
“Usage Data” is how you interact with GOED travels Website.
“Any other Personal Data”: If you request GOED Travels to provide visa-related services, you must provide copies of your passport, bank statements, originals of completed application forms, photographs, and any other information that the respective embassy may require to process your visa application. If you ask GOED Travels to provide foreign exchange (forex) services, we will need passport copies, A2 forms, air tickets, or travel authentication documents to verify confirmed travel, as well as any other documents needed to process your Forex transaction.
MODES OF COLLECTING PERSONAL DATA
We will only obtain personal information if you choose to provide it to us in the following circumstances:
(a) Direct interaction:
- When you make an enquiry, request a quotation, or make a reservation or purchase through our ‘Website’ or through our customer service team – via email(s), letter(s), fax, phone, or in person
- When you register with us, subscribe to our newsletter, enter prize draws/competitions/surveys/feedback, send us questions, or sign up for promotions.
- When you participate in an online or offline event, promotion, or page hosted by us on a third-party platform or location.
- By using cookies on our website
(b) Cookies and other technologies :
- We collect Technical Data about your equipment, browsing habits, and browsing patterns. We collect this personal information through the use of cookies, server logs, and other similar technologies. Please see the cookie policy for more information on the data collected.
(c) Third parties or publicly available sources:
- We get Technical Data from analytics providers like Google.
GROUNDS FOR PROCESSING OF DATA
When you use our Website, we will use your personal information in the following ways:
(a) “performance of a contract” refers to situations in which we must carry out agreements we are about to or have already made with you as a party or where we must act upon your request before doing so;
(b) “legal or regulatory obligation”: a situation in which we must adhere to a legal or regulatory requirement;
(c) “Legitimate interests”: whenever it is in our best interests, as long as those interests do not infringe upon your fundamental rights. This could imply that it is in our best interests to keep an eye on how you use our website or client portals in order to maintain the security of those platforms. Before we use your personal information for our legitimate interests, we make sure to weigh your rights and any potential effects on you (both good and bad);
(d) “Consent”: We rely on consent as a legal justification for processing your personal data so that we can send you text messages or emails with direct marketing messages.
Unless you give us permission or we are otherwise required or permitted by law, we do not use your personal data for activities where our interests are outweighed by the impact on you.
USE OF PERSONAL DATA
Your personal information will only be processed (i.e. used) when allowed by law, that is, when we have a basis in law for doing so. For the following reasons, we typically use the data to develop and enhance our relationships with our users:
While you make a booking:
We may use your Personal Information on file with us to facilitate your booking. This information may include all of the data you provided previously, such as contact information. We may also use the information from your travellers list that is stored in or linked to your account. This information is presented to the User at the time of booking in order for you to complete your bookings as quickly as possible.
We may also use your Personal Information for a variety of other purposes, including but not limited to:
– keep you informed of the status of your transaction; – send booking confirmations via SMS, WhatsApp, or other messaging services; – send any updates or changes to your booking(s); – permit our customer service to contact you if necessary; – confirm your reservations with the appropriate service providers.
– change the information on our website, mobile site, and mobile app – ask for customer feedback on the goods or services we provide – send message(s) or email(s) of confirmation
-Send you important notices and communications about our products and services available, as well as any changes to the terms and conditions and/or policies. Contact you on your birthday or anniversary to offer you a special gift or offer.
– send information about the goods and services offered by GOED Travels and its affiliates.
– send you travel vouchers and/or payment reminders.
– Travel industry newsletters that keep you informed. You have the option to unsubscribe from this service in the email message you receive if you do not want to receive these notifications.
We may disclose your personal information to third parties for the following reasons, but not limited to:
– When handling your reservation, inquiry, or participation is necessary.
– To carry out the service’s intended function and/or to conduct bookings, reservations, blocking, and other user-initiated activities.
– In order to process information, extend credit, fulfil orders, deliver goods, manage and improve customer data, offer customer service, determine your interest in our goods and services, and conduct customer research or satisfaction surveys, we may share personal information with other companies. These companies are obligated to protect your information.
Your personal information may be used for marketing promotions, research, and other programmes
– As a registered user, you’ll get alerts about new goods and services, as well as information on sales, promotions, and events. You always have the choice to stop receiving our emails.
– In order to improve our product offerings, create and deliver products, services, content, and advertising, we might also use personal information.
– Additionally, private data may be used for internal planning, review, and auditing.
– GOED Travels occasionally runs special offers to give its customers the chance to win amazing trips and travel-related prizes. We may gather personal data during such activities, including contact details and survey questions. Winners of contests will be contacted using this information, and survey data will be used to create promotions and make product improvements.
COLLECTION AND USE OF NON-PERSONAL DATA
Non-personal data is information that cannot be used to identify an individual. We may collect data about customer activities on our various portals. This aggregated data is used in research, analysis, product improvement and monitoring, and various promotional schemes. It may be shared with third parties in aggregated, non-personal form to improve customer experience, product offerings, or services.
COOKIES AND OTHER TECHNOLOGIES
When you visit our Website, we use cookies and other technologies to improve your experience. To that end, we’ve created a cookie policy to help you understand our practises. You can view the cookie policy here.
LINKS
Our Website contains links to other websites for your convenience. When you click on one of these links, you will leave our site and visit another. Such third-party websites are not under our control. You should carefully review the privacy policies of any other sites you visit, as those policies will apply to your visit to those other sites.
WITH WHOM YOUR PERSONAL DATA IS SHARED:
Group Companies (Companies in the same group):
We may share your Personal Information with our affiliate or associate entities under controlled and secure conditions in order to improve personalization and service efficiency.
If GOED Travels’ assets are acquired, our customer information may be transferred to the acquirer as well, depending on the nature of the acquisition. Furthermore, as part of business expansion/development/restructuring or for any other reason, if we decide to sell/transfer/assign our business, any part thereof, any of our subsidiaries or any business units, customer information, including the Personal Information collected herein, will be transferred as part of such restructuring exercise.
Service Providers and suppliers:
Your information will be given to the end service providers, such as airlines, hotels, bus service providers, taxi services, railroads, or other suppliers, who are in charge of carrying out your booking. You agree to allow us to share your information with the aforementioned service providers and suppliers by making a reservation with GOED Travels. It is crucial to remember that GOED Travels does not permit the end service provider to use your information for anything other than completing their assigned tasks under the contract.
GOED Travels does not sell or rent individual customer names or other Personal Information of Users to third parties, with the exception of sharing such information with our business/alliance partners or vendors who are engaged by us to provide various services and to share promotional and other benefits with our customers based on their booking history with us from time to time.
Third Party Vendors and Business Partners:
We may also share certain filtered Personal Information with our corporate affiliates or business partners, who may contact customers to offer specific products or services, which may include free or paid products / services, allowing the customer to have a better travel experience or to take advantage of special benefits designed specifically for GOED Travels customers. Such partners include entities that offer travel savings/EMIs, co-branded credit cards, travel insurance, insurance coverage against loss of wallet, banking cards, or similar sensitive information, and so on. If you choose to use any of our business partners’ services, the services you use will be governed by the privacy policies of the respective service provider.
GOED Travels may disclose your Personal Information to third parties that GOED Travels may hire to perform specific tasks on its behalf, such as payment processing, data hosting, and data processing platforms.
Based on this information, we may provide non-personal data to suppliers, advertisers, affiliates, and other current and potential business partners. We may also use aggregate data to inform third parties about how many people have seen and clicked on links to their websites.
GOED Travels will occasionally hire a third party for market research, surveys, and other purposes, and will provide information to these third parties specifically for use in connection with these projects.
DISCLOSURE OF INFORMATION
Where necessary, we will disclose your personal data to: (subject to our professional obligations and any terms of business we may enter into with you):
– any person or entity to whom we are required or requested by any court of competent jurisdiction or any governmental, taxation or other regulatory authority, law enforcement agency, or similar body to make such disclosure;
– our professional advisers or consultants, such as lawyers, bankers, auditors, accountants, and insurers who provide us with consulting, legal, banking, audit, accounting, or insurance services; and
– Service providers who provide us with information technology and system administration.
INTERNATIONAL TRANSFER
Due to the multinational nature of GOED Travels, some affiliated companies and other recipients may be located in countries (including the United States) that do not provide a level of data protection equivalent to that required by local law. GOED Travels will take steps to ensure that such recipients follow applicable law and provide an adequate level of protection for your personal data, including appropriate technical and organisational security measures, as well as the implementation of appropriate contractual measures to secure such transfer in accordance with applicable law.
USER GENERATED CONTENT
GOED Travels allows its users to share their experiences through reviews, blog articles, ratings, and general poll questions. Customers can also provide feedback or ask questions about a service provided by GOED Travels, or respond to questions raised by other users. GOED Travels may also hire a third party to contact you and solicit feedback on your recent GOED Travels booking. Though participation in the feedback process is entirely voluntary, you may still receive emails or notifications (app, SMS, WhatsApp, or any other messaging service) inviting you to share your review(s). These reviews may be written (with or without images) or in video format. The reviews that are written or posted will be visible on GOED Travels, as well as other travel or travel-related platforms. GOED Travels collects the following types of User Generated Content:
– Articles for a website or blog
– Reviews and ratings
– Questions and Answers
– Crowd Source Data Collection (poll questions).
Each User who posts reviews or ratings, Q&A, or photographs must have a profile that other Users can access. Other Users may be able to see the number of trips taken, reviews written, questions asked and answered, and photos uploaded.
Each User shall be diligent and take due care to ensure that the views expressed by you on the social media platform or the GOED Travels website are not derogatory or contrary to law, public policy, morality, religion, caste, creed, colour, sex, race, culture, ethics, customs, traditions, decency, good conscience, third party intellectual property, and so on. By uploading pictures, views, images, contents, visuals, audios, experiences, and so on to the social media platform or GOED Travels website, you grant GOED Travels permission to use, reproduce, copy, and upload pictures, views, look and feel, images, contents, visuals, audios, and so on in any manner deemed fit by GOED Travels, without any responsibility, liability, compensation, or cost owed to you or any third party. GOED Travels expressly disclaims all or any disputes, responsibilities, liabilities, litigations, costs, expenses, compensations, and so on arising from or in connection with the use, reproduction, copying, uploading of pictures, views, look and feel, images, contents, visuals, audios, experiences, and so on contributed, shared, expressed by you or on your behalf, and/or otherwise to any third party.
REQUIREMENTS FOR USING OUR MOBILE APPLICATIONS
When you install the GOED Travels app on your phone, a list of permissions will appear that are required for the application to function properly. The permissions that GOED Travels requires, as well as the data that will be accessed and used, are as follows:
Android permissions:
Location: This permission allows us to provide you with the details of the nearest branch from your location in case you require physical assistance with any travel query.
SMS: If you grant us access to your SMS, we will be able to send you SMS related to ‘OTP’ and holiday package details to your mobile number. Phone: The app requires access to make phone calls in order for you to call our customer service centres directly from the app.
Contacts: If you grant us access to your contacts, we will be able to provide you with a variety of social features such as sharing vacation packages with your friends, and so on.
Photo/ Media/ Files: The app’s libraries use these permissions to save and cache images and document data for your convenience and faster use of the app the next time you browse with us. By saving image and document data locally, your phone avoids having to re-download it each time you use the app.
IOS Permissions:
Notifications: If you choose to receive notifications, we will be able to send you exclusive deals, promotional offers, travel-related updates, and so on.
INFORMATION PROTECTION AND SECURITY
We implement suitable technical and organisational measures to ensure a level of security appropriate to the risk of processing, taking into account the costs of implementation as well as the nature, scope, context, and purposes of processing as well as the risk of varying likelihood and severity to natural persons’ rights and freedoms. These measures include:
(a) personal data pseudonymisation and encryption;
(b) the ability to maintain the confidentiality, integrity, availability, and resilience of processing systems and services indefinitely;
(c) the capacity to quickly make personal data accessible and available again in the event of a technical or physical incident; and
(d) a procedure for routinely testing, evaluating, and assessing the efficiency of organisational and technical measures to guarantee processing security.
We ensure that those with permanent or regular access to personal data, as well as those involved in the processing of personal data or the development of tools used to process personal data, are trained and informed of their rights and responsibilities when processing personal data.
We have implemented appropriate security measures and certifications to protect your personal data and prevent unauthorised access. We have an SSL site, which users should use to protect data transmission while transacting online.
We require any third parties who process your information to implement the same levels of protection for your data.
While no system, including ours, is completely secure, we will continue to use internet security procedures to keep your data safe with us. You agree to comply with the most recent revised privacy notice in effect at the time you open, browse, use this site for transactions, or store any data/information. If you use a social networking or other service that stores your information, you are bound by their terms of service and privacy notice.
DATA RETENTION
This includes, for example, the purposes of satisfying any legal, regulatory, accounting, or reporting requirements, performing legal work, or establishing or defending legal claims.
Your personal data will be stored in our databases in accordance with our document management, retention, and destruction policy and applicable laws. This period may extend beyond the end of your relationship with us, but only for as long as we need to have enough information to respond to any issues that may arise later. For example, we may need or be required to keep information in order to provide you with credit for a trip you purchased but had to cancel. We may also need to keep certain information in order to prevent fraudulent activity, protect ourselves from liability, pursue available remedies, or limit any damages that we may sustain.
We may anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes in some cases, in which case we may use this information indefinitely without further notice to you.
CHANGES TO THE POLICY
This notice goes into effect on October 1, 2019. We reserve the right to update or change this Policy at any time, and we will notify you of any significant changes as soon as possible, either via email or by posting a prominent notice of change on our Website. Your continued use of our Website following the posting of any changes to the policy on this page will constitute your acknowledgment of the changes and your agreement to abide and be bound by the modified notice.
YOUR RIGHTS
In certain circumstances, you have rights in relation to your personal data under applicable data protection laws. We will act promptly and in accordance with any applicable law, rule, or regulation relating to the processing of your personal data.
The following sections outline your rights under the General Data Protection Regulation (GDPR):
(a) right to know how personal data is used – you have the right to know how we will use and share your personal data. This explanation will be provided to you in a concise, transparent, understandable, and easily accessible format, written in clear and simple language.
(b) right to access personal data – you have the right to obtain confirmation that we are processing your personal data, access to your personal data, and information about how we use your personal data.
(c) Right to have incorrect personal data corrected – You have the right to have any inaccurate or incomplete personal data corrected. If we have disclosed the relevant personal data to any third parties, we will take reasonable steps to notify those third parties of the rectification;
(d) right to have personal data erased in certain circumstances – in certain circumstances, you have the right to request that certain personal data held by us be erased. This is also referred to as the right to be forgotten. This is not a blanket right to demand the deletion of all personal data. We will carefully consider each request in accordance with any laws relating to the processing of your personal data.
(e) Right to restrict processing of personal data in certain circumstances – In certain circumstances, you have the right to prohibit the processing of your personal data. This right applies if you are disputing the accuracy of personal data, if you have raised an objection to processing, if processing of personal data is unlawful and you oppose erasure and instead request restriction, or if we no longer require the personal data but you need the personal data to establish, exercise, or defend a legal claim.
(f) Data portability – in certain circumstances, you have the right to request a copy of your personal data in a commonly used electronic format. This right only applies to personal data that you have provided to us (for example, by filling out a form or submitting information via a Website). The right to data portability will also apply to information about you gathered by monitoring your behaviour. The right to data portability applies only if the processing is based on your consent or is required for the performance of a contract and is carried out using automated means (i.e. electronically).
(g) right to object to processing of personal data in certain circumstances, including where personal data is used for marketing purposes – you have the right to object to processing carried out by us if (a) we are processing personal data based on legitimate interests or the performance of a task in the public interest (including profiling), (b) we are using personal data for direct marketing purposes, or (c) information is being processed for scientific or historical research purposes. At the point of data collection, you will be informed that you have the right to object, and this right will be explicitly brought to your attention and presented clearly.
(h) right not to be subjected to automated decisions where the decision has a legal or similarly significant effect – you have the right not to be subjected to an automated decision where the decision has a legal or similarly significant effect on you.
We may need to ask you for additional information to confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). The purpose of this security measure is to prevent the disclosure of personal information to individuals who are not authorised to receive it. In order to speed up our response, we might also get in touch with you to ask for more details about your request.
We make every effort to respond to all legitimate requests within a calendar month. If your request is particularly complex or you have made a number of requests, it may take us longer than one calendar month. In this situation, we’ll let you know and keep you informed.