top of page

PRIVACY POLICY

Technical and organizational measures in relation to personal data protection for the CEE Travel Systems products

The specified measures and approaches are used for the purpose of personal data protection by C.E.E. Group Travelport a.s., a joint-stock company with its seat at Sokolovská 685/136f, Karlín, 186 00 Prague 8, Reg. No.: 060 32 575, registered in the Commercial Register maintained by the Municipal Court in Prague, Section B, Insert 22427 (“CEE Travel Systems”).

CEE Travel Systems is authorised to update this document regularly.

 

1. Handover of personal data

1.1. List of third parties who are in the position of personal data controllers and who are provided with personal data:

 

For the Travelport+ and Smartpoint products:​

  •  Travelport International Operations Limited, a company with its seat at Axis One, Axis Park, 10 Hurricane Way, Langley, Bershire, SL3 8AG, UK, registered under Reg. No. 09726717.

 

For the CETS product:​

  • Travelport Austria GmbH, Dresdner Strasse 81-85, 1200 Vienna, Austria.

 

For the GOL IBE, GOL API, GOL Mobile, TripGate and Trip Manager products:​

  • Travelport International Operations Limited, a company with its seat at Axis One, Axis Park, 10 Hurricane Way, Langley, Bershire, SL3 8AG, UK, registered under Reg. No. 09726717.

 

1.2. List of third parties who are in the position of personal data processors and who are provided with personal data:

For the GOL IBE, GOL API, GOL Mobile, Commission Manager, Trip Manager products:​

  • C.E.E. Group Travelport a.s., Sokolovská 685/136f, Karlín, 186 00 Prague, Czech Republic, Reg. No. 06032575

  • Travelport Slovakia s.r.o., Grösslingova 45, 811 09 Bratislava, Slovakia, Reg. No. 35916591

  • Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States of America

  • Zendesk, Inc, 1019 Market Street, 6th Floor, San Francisco, California 94103, United States of America

  • Atlassian Pty Ltd, Level 6, 341 George Street, Sydney, NSW 2000, Australia

  • Instago Sagl, Vicolo dei Calvi 2, 6830 Chiasso, Switzerland

  • And other programmers and contractors involved in product development and support​

 

Reservation of flight tickets​ and train tickets

  • Travelfusion Limited, company registration number 03880175, whose principal place of business is at Unit 3.01, The Wenlock Building, 50-52 Wharf Road, London N1 7, UK

  • And other programmers and contractors involved in product development and support​ 

 

Reservation of insurance coverage​

  • TRAVEL SUPPORT SYSTEMS s.r.o., Leitnerova 975/32, Staré Brno, 602 00 Brno, Czech Republic, Reg. No. 27670791 

  • ERV pojišťovna, a.s., Křižíkova 237/63a, Praha 8 - Karlín, 186 00, IČO 49240196 

Reservation of accommodation​

  •  Travelport International Operations Limited, a company with its seat at Axis One, Axis Park, 10 Hurricane Way, Langley, Bershire, SL3 8AG, UK, registered under Reg. No. 09726717.

  • And other programmers and contractors involved in product development and support​ 

 

For eStreaming API, eStreaming Pipe, Air Cache , GEM, GRM, RDP, Go-Link, TCP products:​

  • C.E.E. Group Travelport a.s., Sokolovská 685/136f, Karlín, 186 00 Prague, Czech Republic, Reg. No. 06032575

  • Travelport Slovakia s.r.o., Grösslingova 45, 811 09 Bratislava, Slovakia, Reg. No. 35916591

  • Global Travel Solutions, a private enterprise with registered office at: Dniprovska Naberezhna, 14-A, office 218/220, 2nd Floor, Kyiv 02095, Ukraine. The registered number assigned for legal entity according to the registry is 36159354

  • Atlassian Pty Ltd, Level 6, 341 George Street, Sydney, NSW 2000, Australia

  • Zendesk, Inc, 1019 Market Street, 6th Floor, San Francisco, California 94103, United States of America 

  • And other programmers and contractors involved in product development and support​

 

For CEE Repricer, GalileoTerminal.com, Queue Processor and CEE Itinerary (#ITIN) products:​

  • C.E.E. Group Travelport a.s., Sokolovská 685/136f, Karlín, 186 00 Prague, Czech Republic, Reg. No. 06032575

  • Travelport Slovakia s.r.o., Grösslingova 45, 811 09 Bratislava, Slovakia, Reg. No. 35916591

  • Zendesk, Inc, 1019 Market Street, 6th Floor, San Francisco, California 94103, United States of America

  • And other programmers and contractors involved in product development and support​

 

For invoicing and recording/managing business contacts:​

  • Citrix Systems, Inc, 851 Cypress Creek Road, Fort Lauderdale, FL 33309, USA

  • The Rocket Science Group, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA

  • Oracle Corporation, 500 Oracle Parkway, Redwood Shores CA, 94065, USA

  • Fakturoid s.r.o., V pláni 532/7, 142 00 Praha 4, Czech Republic, Reg. No. 04656679

  • mikonboard s.r.o., Biskupcova 1653/27, 130 00 Praha 3, Czech Republic, Reg. No. 24805530

  • Integromat s.r.o., Voctářová 2449/5, 180 00, Praha 8, Czech Republic, IČO 29152861

2.  Personal data processing principles

 

Within CEE Travel Systems we have implemented and we ensure the following principles:​

  • Creation and implementation of a system of managed access to information.

  • Securing of information systems, the internet and e-mail.

  • Ensuring of accessibility, reliability and integrity of data.

  • Information protection and back-up.

  • Exchanges of information with a third party may be carried out only based on applicable law or based on a contract entered into.

3.  Technical and organisational measures

 

3.1. Rules for authorisation for use of products

  • CEE Travel Systems products may only be used by companies and/or individuals based on a valid user agreement.

  • Following the end of a user agreement, CEE Travel Systems products and user access will be deactivated.

  • CEE Travel Systems products have unique authorisation details, which are linked to the product (API products), and/or specific users (Desktop applications).

  • Users have been assigned user names and manage passwords which correspond to security criteria for the number of characters, types of characters and repetition of passwords.

  • Accounts and access to them are automatically locked after several unsuccessful access attempts.

  • Log-ins are automatically logged out after a certain period of inactivity.

  • Users have various levels of authorisation, which limit their access to specific data regarding passengers.

3.2.   Software security and communication

For all products:​

  • Communication is encrypted via SSL technology.

  • CEE Travel Systems ensures regular testing of assessment and evaluation of the effectiveness of implemented technical and organisational measures for ensuring network security.​

 

For the Travelport+ and Smartpoint products:​

  • The products are operated in accordance with the PCI DSS standard, and for those reasons the minimum requirements for installation are as follows:

    • Microsoft Windows operating system version 7+SP1 or higher

    • Microsoft .NET Framework version 4.6.2 or higher

    • Travelport Smartpoint application in version 7.5 or higher

    • The Galileo SSL client for SSL encrypted communication in version 3.0.0 or higher.​

 

For the GOL IBE, GOL API, GOL Mobile, GalileoTerminal and TripGate and Trip Manager products:​

  • These products are operated in accordance with the PCI DSS standard.

  • The products are operated in a secured hosting environment.

  • Servers ensuring product functionality are secured by firewalls.

  • Data repositories are only available to authorised persons.

  • Pseudonymised databases are used for product development.​

For all other products:​

  • The products are operated in a secured hosting environment.

  • Servers ensuring product functionality are secured by firewalls.

  • Data repositories are only available to authorised persons.

  • Pseudonymised databases are used for product development.

3.3.   Logging

For the Travelport+ and Smartpoint products:

  • Operations with reservations in Travelport+ are recorded in this system in history with the signature of the user who has made the particular change.

For all other products:

  • Activities of products, users and controllers are recorded in transaction logs.

3.4.   Persons’ authorisation to handle personal data

  • Only persons authorised by CEE Travel Systems may handle personal data.

  • For performance of activities such as help desk tasks (help with reservations), IT support (installation and creation of access), commerce (recording of agencies and user access), etc., entrusted persons have access to necessary systems for account establishment with necessary securing against unauthorised access.

3.5.   Training

  • All persons participating in personal data processing are trained regarding personal data protection methods and procedures.

bottom of page