Basic information about the processing of Personal Data
Amadeus IT Group, S.A. (“Amadeus”), i:FAO Group GmbH (“i:FAO”)
To provide cytric mobile services (the “cytric mobile”) to Amadeus and/or i:FAO Customers in accordance with a contract that has been entered between Amadeus or i:FAO and an Amadeus or i:FAO customer. Cytric mobile is a solution that enables Amadeus or i:FAO Customers to provide their Authorized Users (“Travelers”) access to cytric travel and expense in order to perform business travel bookings and other services and to monitor the safety and wellbeing of Travelers throughout a trip including sending notifications to Travelers.
Performance of a contract
Legitimate business interest
Amadeus Affiliates and Third-Party Service Providers
Under certain circumstances, you have rights to access, review and restrict processing of Personal Data as well as the right to lodge a complaint with a supervisory authority.
Amadeus and i:FAO are committed to protecting the privacy of its customers and end users Personal Data they collect and process and will adhere to the policies and practices described in this cytric Mobile Privacy Notice (the “Privacy Notice”), as well as any applicable customer agreement as it relates to the processing of Personal Data.
This Privacy Notice only addresses the processing of Personal Data directly collected by Amadeus or i:FAO through the cytric Mobile App. This Privacy Notice does not apply to the Personal Data that may be collected or processed by Amadeus or i:FAO for other purposes, such as through Amadeus or i:FAO websites, or the Personal Data of travelers included in the travel information processed in the Amadeus GDS or Personal Data transferred from an Amadeus Customer to Amadeus in order to provide the cytric Mobile Services to you. Where Personal Data is collected for other purposes, the relevant privacy notice will be provided explaining the purposes the Personal Data is being processed for.
Use of the cytric Mobile Services by travelers is subject to the policies of the Amadeus or i:FAO Customer who has contracted with Amadeus or i:FAO for the Amadeus Mobile Messenger Services. Amadeus and i:FAO are not responsible for the privacy or security practices of Amadeus or i:FAO Customers and these may differ from the practices of Amadeus or i:FAO. If you wish to make any changes to your Personal Data that is processed through the cytric Mobile Services, this request should be made to the Amadeus or i:FAO Customer directly.
This cytric Mobile Privacy Notice applies to Personal Data that Amadeus and/or i:FAO collects when providing access to the cytric Mobile App pursuant to a contract with an Amadeus or i:FAO Customer.
Amadeus and/or i:FAO collect and process Personal Data through the use of the cytric Mobile App. The types of Personal Data that are processed may include:
· Identification data;
· Device and network data;
· Usage data;
· IP address;
· Location data;
· Travel data; and
· Any other info you provide to us in contact forms.
What purpose is the Personal Data used for?
Amadeus and/or i:FAO process the Personal Data collected from you via the cytric Mobile App for the purposes of:
· Sending you important information regarding the App, changes to our terms, conditions, and policies and/or other administrative information;
· Protecting travelers, Amadeus or i:FAO Customers, Amadeus and i:FAO from fraud and other illegal activities and addressing security or technical issues in connection with the cytric Mobile Services;
· Detecting, preventing or otherwise addressing security or technical issues in connection with services provided through the cytric App; and
· For our internal business purposes, such as data analysis, audits, developing new products, improving our services, developing Amadeus and/or i:FAO solutions, and identifying usage trends.
In addition to this Privacy Notice, processing of Personal Data is subject to any applicable agreements with the Amadeus or i:FAO Customer.
What is the legal basis for the processing of the Personal Data?
Amadeus and i:FAO rely on a variety of legal grounds to process Personal Data through the cytric Mobile App, including necessary for the performance of a contract, legitimate interest of Amadeus or i.FAO and consent.
Performance of a contract
Amadeus and i:FAO require your data to pursue the legitimate interests of Amadeus or i:FAO in a way that might be reasonably be expected provided this does not materially impact an individual’s rights freedoms or interests, this would include Amadeus or i:FAO’s performance of the contract with the Amadeus or i:FAO Customer for the Amadeus Mobile Messenger Services.
Amadeus and i:FAO may collect and process Personal Data with consent, this would include access to location data.
Amadeus or i:FAO may share Personal Data with its affiliates, agents, and third-party service providers such as suppliers of information technology services, security services, and legal, financial/accounting service providers, and other similar professional advisers. Amadeus or i:FAO may also share Personal Data with third parties, if Amadeus or i:FAO choose to sell, transfer, or merge parts of the business or assets. If there is a change of control of the business those who purchase the business or part of may use Personal Data in the same way as set out under this Privacy Notice.
Where such disclosure takes place, Amadeus and i:FAO require the appropriate technical and organizational security measures to be in place to protect Personal Data, and for Personal Data to be processed lawfully. Amadeus and i:FAO only allows affiliates and third-party service providers to process Personal Data on behalf of Amadeus or i:FAO for specified purposes and in accordance with Amadeus’ or i:FAO’s instructions.
Further information on the affiliates and third-party service providers that Amadeus or i:FAO uses to process Personal Data on their behalf can be requested through using the contact details found in the “Contacting Us” section of this Privacy Notice. When requesting this information please refer to information about affiliates and third-party service providers so that the relevant information can be provided.
Amadeus and i:FAO may also disclose Personal Data as required by law, subpoena, or regulation, or when requested by a government, law enforcement authority, or as otherwise required or permitted by law.
When Amadeus or i:FAO share your Personal Data with its affiliates and third-party service providers who process Personal Data on behalf of Amadeus or i:FAO this will involve transferring Personal Data outside the European Economic Area (EEA). When Personal Data is transferred to another country it will continue to receive adequate protection through contractual or other arrangements put in place with Affiliates and third-party service providers. For these transfers at least one of the following appropriate safeguards will be implemented;
· Personal Data will be transferred to countries that have been deemed to provide an adequate level of protection for Personal Data by the European Commission;
· Standard data protection clauses approved by the European Commission which give personal data transferred the same protection it has in EEA;
Further information on the appropriate safeguards used when transferring Personal Data outside the EEA can be requested through the contact details set out below in the “Contacting Us” section. When requesting this information please make a reference to the transfer of personal data outside the EEA.
Security and Integrity of Personal Data
Amadeus and i:FAO have taken the appropriate technical and organizational security measures to protect Personal Data from loss or unlawful processing. When Personal Data is processed on behalf of Amadeus or i:FAO, access is limited to those who require access on a business need-to-know basis. Personal Data will be processed in accordance with the instructions of Amadeus and i:FAO and those who have access are subject to a duty of confidentiality.
Amadeus and i:FAO have in place procedures to deal with any suspected Personal Data breach and will notify individuals and any applicable regulator of a breach where they are legally required to do so.
Third Party Sites
Retention of Personal Data
Amadeus and i:FAO will retain Personal Data provided by you for as long as necessary to fulfil the purposes it was collected for including for the purposes of satisfying any legal, accounting or reporting requirements.
At the end of that retention period Personal Data will either be deleted completely or anonymized, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning.
Individuals should contact the relevant Amadeus or i:FAO Customer providing the incident and risk management services with any issues or requests they may have relating to Personal Data processed in the delivery of cytric Mobile Services. If you are a traveler, end user of the App and you wish to make any changes to your contact information or communication preferences, you will need to do so by contacting the Amadeus or i:FAO Customer providing access to the services.
Under certain circumstances individuals can exercise their rights under data protection laws to access, review, correct, update, or otherwise limit use of Personal Data that has been provided to Amadeus or i:FAO. Individuals may exercise these rights relating to their own Personal Data or contact Amadeus or i:FAO for other data protection related questions by (i) for Amadeus: emailing email@example.com or writing to our Chief Privacy Officer at Amadeus IT Group, S.A. C/Salvador de Madariaga 1, 28027 Madrid, Spain, or (ii) for i:FAO emailing datenschutz@i:fao.net or writing to our Data Privacy Officer at i:FAO GmbH Clemensstraße 9, 60487 Frankfurt am Main. Please ask the person who provides you with access to cytric Mobile Services if it is an Amadeus or an i:FAO Customer in order to ensure that you reach out to the right person. In case you reach out to the wrong entity we will try to redirect your request internally if possible.
Amadeus and i:FAO will require authentication of the identity of the individual wishing to exercise their rights under data protection laws and may require additional information to assist in responding to requests.
Amadeus and i:FAO intend to carefully address any request and/or claim from individuals. You are entitled to file any claim or complaint before the relevant data protection authorities, if the answer provided by Amadeus or i:FAO does not meet your expectations.
Additional Privacy Disclosures for the United States California and Nevada
If you are a California or Nevada (United States) resident, please see our Additional Privacy Disclosures for the United States California and Nevada here https://amadeus.com/en/policies/additional-privacy-disclosures-us-california-nevada, which is incorporated by reference into this Privacy Notice.
This Privacy Notice is published by Amadeus IT Group S.A. and may be changed at any time. The date it was updated is shown here: 5th May 2021.
If you have any questions regarding this Privacy Notice, please contact us by e-mail at firstname.lastname@example.org