General Data Protection Regulation – GDPR – A new regulatory framework governing the handling of personal data as from 25 May 2018
Saltour AB handles personal data in accordance with the new European General Data Protection Regulation (GDPR), which has replaced the old Swedish Personal Data Act
According to the new legislation, Saltour is the Controller of personal data. We use the data to be able to provide you with travel booking services via email, text-message, telephone and occasionally via normal postal letter. Saltour AB only gives your personal data to its business partners (such as airlines, rail operators, hotels, bus companies, shipping lines, etc.) in order to fulfil our commitments to you as our customer. The legal basis is that we must be able to “perform a contract”.
We save these data as long as we have an agreement on travel agency services with you or your employer. We must retain certain types of data in accordance with tax legislation. We never share these personal data for reasons other than the above. From time to time, we may use these data ourselves in order to inform you about news and changes that affect our assignment to perform travel agency services.
The person responsible for handling personal data at Saltour AB is Per Ingels.
You can ask for your personal data to be corrected or removed by sending a mail to info at saltour.se.
We protect your personal integrity. You must be able to feel safe when you entrust us with your personal data. This is why we have established this policy. It is based on applicable data protection legislation and clarifies how we safeguard your rights and your integrity.
The aim of this policy is to inform you how we treat your personal data, what we use them for, who may have access to them and under what circumstances and how you can exercise your rights
We handle your personal data primarily in order to fulfil our obligations to you. Our starting-point is not to handle more personal data than is needed for the purpose, and we always strive to use the least sensitive data to protect your integrity as far as possible.
We also need your personal data to provide you with a good service as regards, for example, travel bookings, follow-up and information.
Which personal data do we process? We only process personal data when we have the legal grounds to do so. We do not process personal data unless they are needed to fulfil commitments in accordance with an agreement or the law.
Here are some examples of personal data we process:
- Phone number
- Fax number
- Date of Birth
- A photocopy of passport
- Debit/Credit card numbers and other bank-related data
- Data you register or state of your own accord and voluntarily
- Content you yourself publish, known as “user-generated” content, such as specific seating requirements or special dietary requirements (air travel)
- We do we access your personal data
We do not collect your personal data without your consent. We do this by asking you to fill in and send us our Traveller’s Profile 2018 form. This is available for download under the “Become a customer” tab. When you send in or give us your personal data by telephone or when you visit us, you give us your consent to register your data in our booking system.
You can revoke your consent at any time. If you revoke your consent, we will no longer process your personal data or retrieve any new data, provided that they are not needed in order for us to fulfil our obligations according to an agreement or the law. Please note that revoking your consent may lead to us not being able to fulfil our obligations to you.
We also gain access to your personal data in the following way:
- Data you provide to us directly (the traveller’s profile)
- Data we receive when you hire one of our employees
- Data we receive when you contact us, apply for a job with us, visit us or contact us in some other way
What information do we give to you?
When we collect your personal data for the first time, we will inform you how we have obtained the personal data, what we will use them for, what rights you have under the data protection legislation and how you can exercise them. You will also be informed as to who is responsible for handling your personal data and how you can contact us if you have questions or need to submit a request or enquiry with regard to your personal data and/or rights.
Are your personal data processed in a secure way?
We have designed routines and working methods so that your personal data will be processed securely. The starting-point is that only employees and other persons within the organization who need the personal data in order to perform their working tasks will have access to them.
Our security systems are designed with your integrity very much in focus and protect very securely against intrusion, destruction and other changes that may imply a risk to your integrity.
We have policies for IT security to ensure that your personal data are processed securely. We do not transfer personal data in any ways other than those explicitly stated in this policy.
When do we divulge your personal data?
Our starting-point is not to divulge your personal data to a third party unless you have given us your consent to do so or unless it is necessary in order for us to fulfil our commitments in accordance with an agreement or the law. In case we do divulge your personal data to a third party, we establish a confidentiality agreement and ensure that it is processed securely.
Saltour AB is the controller of personal data, which means that we are responsible for how your personal data are processed and for ensuring your rights are protected.
As a registered Saltour AB customer, you have the following rights:
- To, at any time, receive a registry extract detailing which personal data are registered with us.
- To request your data are corrected if they contain errors.
- To to request that Saltour erase your personal data under the following conditions:
– They are no longer needed for the purpose for which they were collected.
– If they were saved with your consent but you are now revoking that consent.
– If the data processing is based on a balance of interests and there is no longer a legitimate reason that outweighs your interest.
– If the personal data has been processed illegally.
– If you object to the processing for direct marketing purposes
- The right to have your personal data erased does not apply if we are obliged by law (e.g. The Accounting Act) to retain it.
- You have the right to data portability (the right to have your personal data transferred) on condition that the legal basis is consent or contract. Data you are able to transfer include personal data about yourself, which you have yourself provided are which have been generated by your actions/activities, such as traveller’s profiles.
- You have the right to request restrictions on how your data are processed. This request may not be granted, however, if the processing is required as part of a service offered to you.
- You have the right to object to the processing of your personal data and Saltour will then stop processing them while the issue is under investigation.
- You have the right to lodge a complaint with the Data Protection Authority regarding how your personal data has been processed by us.
If you wish to invoke any of your rights, please contact our Managing Director Per Ingels by phone: +46 8 505 88 010 or through e-mail per.ingels at saltour dot se