We respect the privacy of every individual who visits the Internet Website located at www.arrangemy.com (the “Site”).
This policy applies only to personal information processed by or on behalf of BookOTel LTD t/as arrangeMY and Integrated Business Travel LTD t/as arrangeMY travel.
We may collect information from you when you visit our website, make a booking, have a booking made on your behalf, contact us by telephone or email or receive a communication from us relating to your service.
If you are making a booking on behalf of another traveller, you should draw their attention to this policy which sets out how we will use their information.
What personal information do we collect, and why?
We use the data we collect about you for various purposes. European data protection legislation sets out specific “lawful basis” for processing personal data. The table below sets out under which basis we process different information about you, and explains the purpose of that processing. It also sets out the specific rights you have in respect of that processing, which may depend on the basis we process it for.
|Consent||To perform our contract with you, or for a travel provider to perform their contract with you||To comply with a legal obligation||Our legitimate interest|
|Advance Passenger Information||X||X|
|Payment Card Information||X||X|
|Information about the booking||X||X||X|
|Communications with us||X||X||X|
|Loyalty Scheme Information||X||X|
We may use any of your personal data in connection with any complaint made relating to our service to you, or in respect of reviewing any legal rights or obligations, either on the basis of performing our contract with you or in our legitimate interests to resolve any dispute. We may share any of your personal data with a prospective purchaser or purchaser of any part of our business, on the basis of our legitimate interests and the interests of our purchaser, so that they can appropriately value the business and assess any risks and continue doing business with you after the acquisition.The travel data that we store may include: name, address, email address, travel destinations, travel schedules, seating preferences, smoking or non-smoking accommodations, meal preferences and reservation information, as well as passport details.
The provision of APIS information is a requirement when booking certain travel including flights, and failure to do so will mean that you are unable to travel. Otherwise, providing your personal information is not a legal requirement, however, the information requested on our website or notified to you as being required when you speak to a Business Travel Consultant is required in order for us to provide the travel services, as we are unable to make bookings and appropriately manage the service without this information.
When servicing a given corporate client, we may create a “Traveller Profile” with travel data for each traveller, which is kept on file as a reference document and consulted each time a reservation is to be made. When a reservation is made, a “passenger name record” (PNR) is created, which contains all of the information, needed to fulfil the travel request of each traveller.
Details relating to any transactions will be encrypted to ensure their safety. Transmission of information online is not 100% secure and we cannot guarantee the security of data sent to us in this way. Transmission of data over the internet is at your own risk. You are responsible for keeping your password to access arrangeMY trip.
Who we share personal information with and international transfers
In addition to creating Traveller Profiles and PNRs, AM uses the travel data with the consent of the traveller for the following travel and other travel-related purposes.
Travel providers: When you book travel through our services, we provide your information to the suppliers of those travel services, which may be a third party intermediary such as an airline, hotel or car hire company directly. You will know when you are making the booking who the booking will be with and is often requested on your behalf.
They will use this information as a “data controller” – this means that how they process your travel information should be set out in their own privacy policies, and they have their own responsibilities to comply with data protection laws.
Your employer: If you are using arrangeMY trip to book employment related travel which is paid for by your employer, we may share information about the travel booked with your employer. They will use also this information as a “data controller” – this means that how they process your travel information should be set out in their own privacy policies, and they have their own responsibilities to comply with data protection laws.
Your team administrator/booker: If you have travel booked on your behalf by someone else (either an administrator appointed by your employer, or a team administrator who has booked personal travel for you), they will have access to the information that you have given them to input onto arrangeMY trip.
Service providers: We use third party service providers to support our provision of the service. These include travel intermediaries, and other, less direct business functions, including IT support or hosting our data on cloud platforms.
We will have in place an agreement with our service providers which will restrict how they are able to process your personal information.
If you request a booking which is made with a travel services provider outside the European Economic Area (for example a hotel in New York), we may transfer your personal data to that travel service provider in order to perform our contract with you and make your booking with them.
How long do we keep your information for?
We will retain your personal information within arrangeMY trip and our back office in-house systems whilst you are an active client, for a period of up to seven years after you have left the service. Information held on arrangeMY trip may be deleted one year after you have stopped being an active client.
In certain circumstances, we may be required to retain your personal information for longer. Such retention is required by law or record keeping requirements, including managing our relationship with you, defending any claims, or for tax purposes.
Requesting your rights
You may request any of the rights outlined above by emailing firstname.lastname@example.org
Please contact us if you have any concern about how your personal information is processed at email@example.com and we will try to resolve your concerns. However, if you consider that we are in breach of our obligations under data protection laws, you may lodge a complaint with the Information Commissioner’s Office.
In the addition to the above we are also proud to announce arrangeMY are one of only a small selection of Travel Management companies to be certified ISO 27001 compliant, a widely-recognised international security standard.
We know how important it is for our customers to feel we are delivering security management best practices and comprehensive security controls. This accreditation demonstrates our commitment to deliver the best business travel services to our customers across the globe.
The ISO 27001 certification requires us to continually:
- Systematically evaluate our information security risks, taking into account the impact of company threats and vulnerabilities
- Design and implement a comprehensive suite of information security controls and other forms of risk management to address company and architecture security risks
- Adopt an overarching management process to ensure that the information security controls meet the our information security needs on an ongoing basis
arrangeMY welcomes the ISO 27001 standard and best practices into our organisation. The certification confirms our longstanding commitment to the security of our services to our customers. Going through the certification process confirms that we are addressing each element of the ISO standard and that our management practices follow internationally-recognised best practices.
The key to the ongoing certification under this standard is the effective management of a rigorous security program. The Information Security Management System (ISMS) required under this standard defines how we perpetually manage security in a holistic, comprehensive way.
Certification means a third party accredited independent auditor has performed an assessment of our processes and controls and confirms they are operating in alignment with the comprehensive ISO 27001 certification standard.
What does this mean to me as a customer?
Our ISO 27001 certification demonstrates our commitment to information security at every level. Compliance with this internationally recognised standard, validated by an independent third-party audit, confirms that our security management program is comprehensive and follows leading practices. This certification provides more clarity and assurance for customers evaluating the scope of our security practices.
Which arrangeMY locations are covered?
arrangeMY ISO 27001 accreditation covers our Head Office address based in Worcester, Worcestershire and our Data Centre in Media City, Manchester and IT Tech Team in Ombersley, Worcestershire all located within the UK.
What arrangeMY services are in scope for the ISO 27001 certification?
The scope of arrangeMY’s Information Security Management System (“ISMS”) covers the business processes and information assets supporting the operational duties and services that arrangeMY conduct.
These include core systems and operations supporting customer-facing applications, related hardware, infrastructure, personnel, facilities and traveller data, under arrangeMY control or managed by arrangeMYTrip – SABScorp and arrangeMYData – Travelogix.
The objectives of the ISMS are to ensure the confidentiality, integrity, and availability of information assets through controls identified above.
This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States .
Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google.
BookOTel Ltd T/as arrangeMY encourages you to review the privacy statements of Web sites you choose to link to from BookOTel Ltd T/as arrangeMY so that you can understand how those Web sites collect, use and share your information.
BookOTel Ltd T/as arrangeMY is not responsible for the privacy statements or other content on Web sites outside of the BookOTel Ltd T/as arrangeMY Web site.
BookOTel Ltd T/as arrangeMY welcomes your comments regarding this Statement of Privacy. If you believe that arrangeMY has not adhered to this Statement, please contact us using the below details:
BookOTel Ltd T/as Building 7, Berkeley Business Park, Wainwright Road, Worcester, WR4 9FA.
Tel 01905 610016, email firstname.lastname@example.org
We will use commercially reasonable efforts to promptly determine and remedy the problem