Last updated March 2021
Your privacy matters
CWT Global B.V. and affiliate entities (together CWT) specialize in managing business travel, meetings and events and related products and services around the world for companies of all sizes as well as governmental and non-governmental organizations.
CWT is committed to respecting your privacy through appropriate protection and management of your personal information, received by our corporate clients and their employees, contractors or guests.
Why do we collect your personal information?
CWT collects personal information from its corporate clients, their employees, contractors or guests (“travelers and attendees”) for the performance of its commercial agreements relating travel, hospitality, meetings and events services and specifically:
We also process your personal information for the performance of sanction screening in order to comply with international laws and regulations.
We may also process your contact information to communicate information on CWT products and services as well as process information for our internal aggregated statistics for market and corporate client account analysis and business forecasting, as our legitimate interests.
What personal information do we collect?
We collect your name, surname, phone number, email and address, country of residence, company name, job title, employee identification number, Internet Protocol address, gender, date and place of birth, payment card information, travel preferences where expressed such as seat, meal, smoking, special assistance services (which may reveal religious beliefs and data concerning health, known as special categories of personal data under European data protection laws), government-issued photo identification documents (passport or identity card), visa details, emergency contact information, ticket number and itinerary details, fare information, frequent flyer information, loyalty card information, information related to travel requests, from time to time audio recordings for quality and assurance in the context of the purposes described above.
How do we collect your personal information?
Upon the conclusion of our commercial agreement with our corporate clients, CWT will typically collect the list of employees authorized to travel together with minimal personal information (name, business email and address, employee number, job title) from our corporate clients and create an online ‘self-service Traveler Profile’ in its proprietary Profile Management database. Further personal information (listed above) may be entered upon account activation by the travelers themselves or their travel arranger on their behalf as per Client corporate travel policy and CWT terms and conditions of use. In cases where special categories of personal data is collected, a prior consent notice is automatically activated next to the relevant field. Traveler Profiles may also be populated with information directly received from an online booking tool service provider (OBT) upon request by a corporate client.
When organizing meetings and events, CWT receives minimal personal information (name, surname, contact details, organization, job title and country of residence) about attendees from our corporate clients. CWT may also receive such personal information through online booking service providers contracted by client.
With whom do we share your personal information?
In order to fulfil the purposes described above, and in line with travel industry practices, CWT shares your personal information with the relevant third-party service providers listed below:
Our corporate clients also may request us to share traveler or attendee information with designated third-parties of their choice, in connection with the products and services we provide.
Furthermore, CWT uses third-party sub-contractors for the management of its information technology tools and platforms. Such subcontractors may access your personal data but only for, on behalf of, and under the instructions of CWT, and are required to adhere to CWT policies, procedures and processes and to comply with applicable data privacy laws.
CWT also reserves the right to disclose your personal data if required to do so by law or in the good faith belief that such action is reasonably necessary to comply with applicable law.
In accordance with the California Consumer Privacy Act, in the preceding twelve (12) months, CWT has not sold any personal information.
Do we perform cross-border transfers of your personal data?
Given the international nature of CWT travel services, personal data transfers need to be made both internally within the CWT group, its affiliates and joint-ventures, and externally to its global partners and third-party providers described above.
Where your personal data is transferred to a country which is not governed by a data protection law affording a similar or adequate level of data protection than that in force in your country of residence, or to which no adequacy decision has been issued by the relevant European Commission, CWT has taken steps to ensure an adequate level of protection of the transferred data in the country of transfer by entering into appropriate data transfer agreements based on the European Standard Contractual Clauses (also known as European Model Clauses) issued by the European Commission. This enables the safeguarding of your information in the overseas country, and in accordance with applicable laws.
Specifically with respect to CWT’s intra-group personal data transfers from the European Economic Area to third countries e.g. the US, India and the Philippines, such are legitimized under article 46 of the European General Data Protection Regulation through CWT’s conclusion of the EC Commission’s Standard Contractual Clauses. For a copy of these clauses, please make a request at email@example.com.
Where do we store your personal data?
Given the international nature of CWT group, we use several locations across the globe for our data storage requirements.
Based on the residency of the traveler, CWT will store Traveler Profile information in CWT’s Profile Management database either in a data center located in Spain (for European resident data) or in a data center located in the U.S. (for all other resident data). European resident data are then internally transferred to our U.S.-based data center for the purpose of mid and back-office streamlining and cost-effectiveness including travel reservation consolidation and client reporting.
Storage of financial data is performed on a regional basis on CWT servers hosted in data centers in the U.S., data centers in Spain and data centers in Singapore.
For personal information collected in the People’s Republic of China (PRC), resident data is stored in the PRC.
How do we ensure your personal data is safe?
We continuously implement and maintain administrative, organizational, technical and physical security measures to ensure the confidentiality, integrity, availability and resilience of our systems that process your personal data.
How long do we retain your personal data?
We will retain your personal data for a period not exceeding that required for the purposes for which they were collected, notably to fulfil our commercial agreements, provide our services, respond to inquiries on travel history and other business activities, comply with our legal obligations such as financial reporting and within limits prescribed by applicable regulations, and to preserve evidence for the management of disputes, claims or litigation.
For further information, please review our Retention Policy.
Compliance with this Policy and data protection laws
Direct-Marketing Data Protection Notice
We may use your personal contact information (name, surname, email, company name, job title, country of residence) to send you direct-marketing communications.
Where you receive a direct-marketing communication from us, it is either because you or your company on your behalf have requested such communication, or because we believe the communication is of interest to you or your company based on the services we provide to you and your company.
In some cases, we will have collected your contact details from publicly available sources or through a third-party with whom you or your company on your behalf have agreed onward sharing.
When you visit CWT websites, you can always elect not to provide us with your contact information. You can still visit most of CWT’s web pages but may be unable to receive our newsletters, to download white papers or be sent information on specific products and services or invitations to events, which necessarily require us to interact with you.
We rely on our legitimate interests to keep you informed on our products and services. However if you no longer wish to receive direct-marketing communications, you can click on the ‘unsubscribe’ link at the bottom of the communication. In this cases, your contact details will no longer be used in that regard.
Where we engage third-party sub-contractors to manage our marketing campaigns, they do so on our behalf and under our instructions, and we ensure they commit to complying with our policies and applicable privacy laws and do not use your data for any other purposes.
CWT shall retain your information so long as you wish to keep receiving our direct-marketing communications and/or to comply with legal obligations, a Court order or regulatory requirements, and to fulfil your request to ‘unsubscribe’ from marketing communications.
You are entitled to several rights in relation to your personal data under application data protection laws.
You have a right to access and rectify the personal data CWT processes about you. Where pertinent and upon legitimate grounds, you also have a right to erasure (right to be forgotten) of your personal information.
Depending on your country of residence and upon legitimate grounds, you also have a right to restrict the processing of your personal information, and a right to data portability.
You also have the right to object, based on grounds relating to your particular situation and at any time, to the processing of your personal data, which is based on our legitimate interest (as per article 21 of the GDPR).
If you wish to exercise your rights, please complete our SAR Form which will initiate the processing of your request.
For CWT Employees
In the course of your employment at CWT, we may process your personal information as described above for the purposes of your CWT business travel and meetings & events. For other purposes and processing that relate to your employment, please refer to our internal company policies and notices.
This policy is subject to change. The changes will be posted from time to time on CWT websites, so please ensure you check this policy regularly.