Effective Date: May 25, 2018
Birdres Technologies Private Limited(“Birdres”) is company incorporated in India is an information technology company engaged in providing IT services including development and implementation of automated aviation, hospitality, travel related software solutions. Birdres is the proprietary owner of the web-based self booking software application called “BirdRes SBT / Amadeus Online Corporate Traveler” accessible for use by corporates traveler to plan and book airline tickets. Birdres, through its web-based portal, facilitates access to Amadeus Web based services to the subscribers in India and has collaboration with airlines, travel partner, hospitality partner to provide travel and hospitality solutions from its web and application based portal. Birdres is committed to protecting the privacy and security of your personal information.
This privacy statement describes how we collect and use your personal information and data, in accordance with the EU General Data Protection Regulation (GDPR). It applies to all the users using and accessing Birdres mobile or web based applications, known through this document as “data subjects”.
Birdres is the "data controller". This means that we are responsible for deciding how we hold and use personal information about you. We are required under data protection legislation to notify you of the information contained in this privacy statement. This statement applies to data subjects. This statement does not form part of any contract to provide services. We may update this statement at any time.
1. Collected Personal Information
a. Personal data, or personal information, means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
b. We may collect, store, and use the following categories of personal information about you:
i. Personal contact details such as name, title, addresses, telephone numbers, and personal email addresses.
ii. Date of birth.
iv. Marital status.
v. Next of kin and emergency contact information.
vi. National Insurance or TAX ID number/PAN card.
vii. Bank account details, payroll records and tax status information.
viii. Driving licence.
ix. Grievance information.
x. Information about your use of our information and communications systems.
xii. payment information, such as credit or debit card information, including the name of cardholder, card number, billing address and expiry date;
xiii. travel information, such as ticket numbers, destinations, visa information, flight information;
xiv. smoking or non-smoking preferences;
xv. information we receive from you on official social media channels and Website;
xvi. Information about your health, including but not limited to any medical conditions, food allergies.
xvii. Sensitive Personal Information: We may also collect sensitive information such as information about your race, ethnicity, religion or health, are considered special categories of information, or “sensitive personal data” under the GDPR. Generally, we try to limit the circumstances where we collect your sensitive personal data. However, this can occasionally occur because you have made certain requests in connection with your travel arrangements that reveal or suggest something about you that could be considered “sensitive personal data”, or if you otherwise choose to provide such information to us (or a third party such as the travel agent through which you made your booking).
if you request a particular type of meal, e.g. halal or kosher meals, this may imply or suggest that you are a member of a particular religion;
if you request specific medical assistance from us and/or an airport operator, e.g. the provision of a wheelchair, this may reveal that you have a particular medical condition.
xviii. any other personal information that you choose to send to us.
2. How is your personal information collected?
3. How we will use information about you
A. We will use your personal data only in-line with the following principles:
i. Lawfulness, fairness and transparency
ii. Purpose limitation
iii. Data minimisation
v. Storage limitation
vi. Integrity and confidentiality
B. We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:
i. Where we need to perform the contract we have entered into with you.
ii. Where we need to comply with a legal obligation.
iii. Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
iv. Where you have given us explicit consent to do so.
v. We may also use your personal information in the following situations, which are likely to be rare:
x. Where we need to protect your interests (or someone else's interests).
y. Where it is needed in the public interest or for official purposes or requested for by the investigating agencies, police or governmental authorities.
vi. enable your use of the services available through our mobile and web based applications;
vii. send statements, invoices and payment reminders to you, and collect payments from you;
viii. send you non-marketing commercial communications;
ix. send you email notifications that you have specifically requested;
x. send you our email newsletter, if you have requested it you can inform us at any time if you no longer require the newsletter;
xi. send you marketing communications relating to our business or the businesses of carefully-selected third parties which we think may be of interest to you, by post or, where you have specifically agreed to this, by email or similar technology you can inform us at any time if you no longer require marketing communications;
xii. provide third parties with statistical information about our users but those third parties will not be able to identify any individual user from that information;
xiii. deal with enquiries and complaints made by or about you relating to services provided;
xiv. keep our website and/or mobile application secure and prevent fraud
xv. If you submit personal information for publication on our website or other publications (both online and offline including social media), we will publish and otherwise use that information in accordance with the license you grant to us.
xvi. We will not, without your express consent, supply your personal information to any third party for the purpose of their or any other third party's direct marketing.
4. If you fail to provide personal information
If you fail to provide certain information when requested, we may not be able to perform the contract we have entered into with you (such as providing a benefit), or we may be prevented from complying with our legal obligations (such as to ensure the health and safety or proof of nationality for example passport)
5. Disclosing personal information
i. We may disclose your personal information to any of our employees, officers, insurers, professional advisers, agents, suppliers or subcontractors insofar as reasonably necessary for the purposes set out in this policy and for the purpose of providing services.
ii. We may disclose your personal information to any member of our group of companies this means our subsidiaries, our ultimate holding company and all its subsidiaries insofar as reasonably necessary for the purposes set out in this policy.
iii. We may disclose your personal information:
a) to the extent that we are required to do so by law;
b) in connection with any ongoing or prospective legal proceedings;
c) in order to establish, exercise or defend our legal rights including providing information to others for the purposes of fraud prevention and reducing credit risk;
d) to the purchaser or prospective purchaser of any business or asset that we are or are contemplating selling; and
e) to any person who we reasonably believe may apply to a court or other competent authority for disclosure of that personal information where, in our reasonable opinion, such court or authority would be reasonably likely to order disclosure of that personal information.
iv. Except as provided in this policy, we will not provide your personal information to third parties.
6. International Data Transfer
i. Information that we collect may be stored and processed in and transferred between any of the countries in which we operate in order to enable us to use the information in accordance with this policy.
ii. Information that we collect may be transferred to the countries which do not have an adequacy decision by the European Commission in respect of that country. This means that the country to which we transfer your data is not deemed to provide an adequate level of protection for your personal information. To ensure that your personal information does receive an adequate level of protection we have put in place the strong inter country security measures to ensure that your personal information is treated by those third parties in a way that is consistent with and which respects the EU laws on data protection.
iii. You expressly agree to the transfers of personal information described in this Section.
i. We have put in place measures to protect the security of your Personal information.
ii. Third parties will only process your personal information on our instructions and where they have agreed to treat the Personal information confidentially, legally and securely.
iii. We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
iv. We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
v. We will store all the personal information you provide on our secure password- and firewall-protected servers.
vi. All electronic financial transactions entered into through our website and/or mobile application will be protected by encryption technology.
vii. You acknowledge that the transmission of information over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet. Any Transmission of data is at your own risk.
viii. You are responsible for keeping the password you use for accessing our website and/or mobile application confidential; we will not ask you for your password except when you log in to our website and/or mobile application.
i. You have certain rights in relation to the Personal information we hold about you, which we detail below. Some of these only apply in certain circumstances where Birdres is holding authority of the data and legally/contractually allowed as per the local laws as set out in more detail below. We also set out how to exercise those rights. These rights include:
a. The right of access.
b. The right of data portability.
c. The right of rectification.
d. The right of erasure.
e. The right to restrict processing.
f. The right to object.
Please note that we will require you to provide us with proof of identity and address before responding to any requests to exercise your rights. We must respond to a request by you to exercise those rights without undue delay and at least within one month (although this may be extended by a further two months in certain circumstances). To exercise any of your rights, please contact us at email@example.com
In the event that you wish to make a complaint about how we process your Personal information, please contact us and we will endeavour to deal with your request as soon as possible. This is without prejudice to your right to launch a claim with your data protection authority.
You have the right to know whether we process Personal information about you, and if we do, to access Personal information we hold about you and certain about how we use it and who we share it with. If you require more than one copy of the Personal information we hold about you, we may charge an administration fee.
Please note that we may not provide you with certain Personal information if providing it would interfere with another’s rights (e.g. where providing the information we hold about you would reveal Personal information about another person) or where another exemption applies.
You have the right to receive a subset of Personal information we collect from you in a structured, commonly used and machine-readable format and a right to request that we transfer such Personal information to another party. If you wish for us to transfer the Personal information to another party, please ensure you detail that party and note that we can only do so where it is legally, contractually and technically feasible. We are not responsible for the security of the Personal information, its transmission or its processing once received by the third party. We also may not provide you with certain information if providing it would interfere with another’s rights (e.g. where providing the information we hold about you would reveal information about another person).
You have the right to correct any Personal Information held about you that is inaccurate. Birdres reserves the right to charge a reasonable administrative fee for this service. Please note that whilst we assess whether the Personal Information we hold about you is inaccurate or incomplete, you may exercise your right to restrict our processing of the applicable information as described below.
To exercise any of your rights, please contact us at firstname.lastname@example.org
You may request that we erase the Personal Information we hold about you in the following circumstances:
i. you believe that it is no longer necessary for us to hold the Personal Information we hold about you;
ii. we are processing the Personal Information we hold about you on the basis of your consent and you wish to withdraw your consent and there is no other ground under which we can process the Personal Information;
iii. we are processing the Personal Information we hold about you on the basis of our legitimate interest and you object to such processing. Please provide us with detail as to your reasoning so that we can assess whether there is an overriding interest for us to retain such Personal Information;
iv. you no longer wish us to use the Personal Information we hold about you in order to send you promotions, special offers, marketing and lucky draws; or
v. you believe the Personal Information we hold about you is being unlawfully processed by us.
Also note that you may exercise your right to restrict our processing of the Personal Information whilst we consider your request as described below.
Please provide as much detail as possible on your reasons for the request to assist us in determining whether you have a valid basis for erasure. However, we may retain the Personal Information if there are valid grounds under law for us to do so (e.g., for the defence of legal claims or freedom of expression) but we will let you know if that is the case. Please note that after deleting the Personal Information, we may not be able to provide the same level of servicing to you as we will not be aware of your preferences.
Where you have requested that we erase Personal Information that we have made public and there are grounds for erasure, we will use reasonable steps try to tell others that are displaying the Personal Information or providing links to the Personal Information to erase the Personal Information too.
To exercise any of your rights, please contact us at email@example.com
Restriction of Processing to Storage Only
You have a right to require us to stop processing the Personal Information we hold about you other than for storage purposes in certain circumstances. Please note, however, that if we stop processing the Personal information, we may use it again if there are valid grounds under data protection law for us to do so (e.g. for the defence of legal claims or for another’s protection).
You may request we stop processing and just store the Personal information we hold about you where:
i. you believe the Personal information is not accurate, for the period it takes for us to verify whether the Personal information is accurate;
ii. we wish to erase the Personal information as the processing we are doing is unlawful but you want us to just store it instead;
iii. we wish to erase the Personal information as it is no longer necessary for our purposes but you require it to be stored for the establishment, exercise or defence of legal claims; or
iv. you have objected to us processing Personal information we hold about you on the basis of our legitimate interest and you wish us to stop processing the Personal information whilst we determine whether there is an overriding interest in us retaining such Personal information.
At any time you have the right to object to our processing of Personal information about you in order to send you promotions, special offers, marketing messages, including where we build profiles for such purposes and we will stop processing the Personal information for that purpose.
You also have the right to object to our processing of Personal information about you and we will consider your request in other circumstances as detailed below by firstname.lastname@example.org
You may object where we are processing the Personal information we hold about you (including where the processing is profiling) on the basis of our legitimate interest and you object to such processing.
Please provide us with detail as to your reasoning so that we can assess whether there is a compelling overriding interest in us continuing to process such data or we need to process it in relation to legal claims. Also note that you may exercise your right to request that we stop processing the Personal information whilst we make the assessment on an overriding interest. Please refer the above para with the heading “Restriction of Processing to Storage Only”.
i. This Section sets out our data retention policies and procedure, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal information.
Ii. Personal information that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
iii. Without prejudice to Section 6.2, we will usually delete personal data falling within the categories set as per client contracts and agreements.
iv. Notwithstanding the other provisions of this Section, we will retain documents including electronic documents containing personal information:
a) to the extent that we are required to do so by law;
b) if we believe that the documents may be relevant to any ongoing or prospective legal proceedings; and
c) in order to establish, exercise or defend our legal rights including providing information to others for the purposes of fraud prevention and reducing credit risk.
d) to the extent it is necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
v. To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
i. We may update this policy from time to time by publishing a new version on our website and/or mobile application.
ii. You should check this page occasionally to ensure you are happy with any changes to this policy.
iii. We may notify you of changes to this policy by email or through the private messaging system on our website and/or mobile application.
12. Third Party Website and/or mobile applications
I Our website and/or mobile application includes or may include hyperlinks to, and details of, third party website and/or mobile applications and applications.
ii. We have no control over, and are not responsible for, the privacy policies and practices of third parties
13. Updating information and Accuracy
i. Please let us know if the personal information that we hold about you needs to be corrected or updated.
ii. we need your assistance to ensure that your Personal Information is current, complete and accurate. As such, please inform us of changes to your Personal Information by contacting us and submitting your updated particulars in writing to us. We reserve the right to charge a reasonable administrative fee for this service.
ii. A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
iii. Cookies may be either "persistent" cookies or "session" cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
iv. Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.
v. We use [only session cookies] OR [only persistent cookies] OR [both session and persistent cookies] on our website and/or mobile application.
vi. The names of the cookies that we use on our website and/or mobile application, and the purposes for which they are used, are set out below:
we use cookie name to recognize a computer when a user visits our website and/or mobile application OR track users as they navigate the website and/or mobile application OR enable the use of a shopping cart on the website and/or mobile application OR improve the website and/or mobile application's usability OR administer the website and/or mobile application OR prevent fraud and improve the security of the website and/or mobile application OR personalize the website and/or mobile application for each user OR target advertisements which may be of particular interest to specific users OR validate authenticated users sessions OR facilitate the use of our website and/or mobile application search engine OR specify purpose.
vii. Most browsers allow you to refuse to accept cookies;
viii. Blocking all cookies will have a negative impact upon the usability of many website and/or mobile applications.
ix. If you block cookies, you will not be able to use all the features on our website and/or mobile application.
x. You can delete cookies already stored on your computer.
xi. Deleting cookies will have a negative impact on the usability of many website and/or mobile applications.
We will respond to reasonable requests to review your personal information and to correct, amend or delete any inaccuracies in a time bound manner for which you can contact us at:
Birdres Technologies Private Limited,
E 9, Connaught Place,
New Delhi - 110001
Referencing: Data Protection