1. Identification of the personal data that TakeTwo Travel Solutions collects
In the course of providing its Services, TakeTwo collects, uses, and discloses personal data. Personal data is information that can be used to identify you or with which TakeTwo can link to you. You, as a traveller or user of the Services, may be asked to provide certain personal data when you use our Services, such as:
Names and contact information (work and home/mobile phone, email, address);
Traveller and emergency contact names and information;
Traveller (e.g. routings, class of service, seat preferences, frequent flyer data, meal preferences, hotel/rail/car and other ground transportation membership data and preferences, special accommodation requests, other personal data supplied by you via your profiles, surveys, or other requests);
Travel documentation (e.g. passport/visa/driver’s license number, citizenship, date of birth, gender, photographs);
Payment data (corporate/personal credit cards) and bank information;
Logins, user ID’s, employee ID’s, passwords, IP addresses, and browsing information; and
Sensitive personal data such as data about, racial or ethnic origin and religious beliefs for visa applications (where required to be provided under law).
TakeTwo may collect personal information (including personally identifiable information or, where relevant, sensitive personal data) about you and/or the person on behalf of whom you are utilising the Services (“Your Data”) in the following ways:
Information you give us.
This is information that you give us by filling in forms on our websites, online booking tools or other applications, or by corresponding with us by phone, email or otherwise. The information may include without limitation your and /or your travellers name, address, e-mail address, phone number or other contact details, marital status, age, occupation, role/title/area of responsibilities, financial and credit card information, personal description and photograph and other information (including as required by laws and regulations addressing insurance and related matters or as required to provide the Services).
Of course, you are not required to supply any of the information that we may request, notably sensitive data, although this might limit the Services we are able to offer you. While we make every effort to ensure that Your Data is accurate, complete and up to date, you can help us considerably in this by promptly notifying us if there are any changes to Your Data.
Information we collect about you.
We, our service providers and other business partners, collect certain information by using automated means, such as cookies, when you interact with our applications, or visit our websites. This information may include your IP address, browser type, operating system, the full URLs, referring URLs and information on actions taken or interaction with our digital assets. We may use third- party web analytics services on our websites and applications, to help us analyse how visitors use our websites and other digital platforms. We, our service providers and our business partners may also collect information about your activities on our websites and other digital platforms for use in providing you with content tailored to your individual interests. The information collected for these purposes may include details about things like the particular pages you view on our websites and the actions you take on our websites and or other digital assets.
Information we may receive from other sources.
We work closely with third parties (including Global Distribution Systems (GDSs) and other related travel suppliers for booking/ticketing purposes; industry reporting authorities, payment and delivery services, analytics providers, search information providers, credit reference agencies, financial institutions, financial advisers, disclosure and criminal check services, police forces and courts) and may receive information about you from them). These third parties may be based outside of the EEA (see the storage and transfer of Your Data section for more information).
2. Does TakeTwo disclose personal data across borders?
When sharing with or disclosing personal data to other parties, including to TakeTwo related companies, affiliates, subsidiaries, partners, subcontractors, and local travel agents who provide the Services and maintain facilities, your personal data may be transferred to countries with data protection laws providing a lower standard of protection for your personal data than your home country.
3. How does TakeTwo store and protect personal data?
TakeTwo has a number of systems and procedures in place which assist us in ensuring all our client information is safely stored as well as multiple layers of security in place which help manage all access to customer and company data globally.
All staff/user network access is managed via our Active Directory across TakeTwo global domain. Our strict user permissions management policy covers all mandatory aspects such as password complexity, mandatory password resets, as well as control of “in and out” of network communication.
All connectivity between our operations, data centres as well as any external data feeds required by our clients, are managed by our global firewall solution. All data movement between the locations is also encrypted and transmitted via secure IPSec VPN tunnels.
In addition to adhering to vendor recommended best practices there are also ongoing efforts aimed at reducing the attack surface and proactively monitoring Active Directory for signs of compromise.
Access and permissions for systems within our application layer such as our front, mid and back office tools are managed per application and in line with the user permissions management policies for the respective solutions, adding an extra layer of security/control.
TakeTwo has adapted our booking and other processes to align with the PCI DSS requirements, with all card numbers being masked and data only used for its intended purpose.
In a similar vein, TakeTwo only use data for the intended purpose, we do not hand off data to any third party that is not part of the process.
4. How long does TakeTwo keep my personal data?
5. What about TakeTwo applications?
6. Your rights
Under applicable data protection laws, you may have certain rights regarding the personal information we maintain about you. We also offer you certain choices about what personal information we collect from you, how we use that information, and how we communicate with you.
You can choose not to provide Your Data to us. You also may refrain from submitting information directly to us. However, if you do not provide Your Data when requested, or if you exercise your rights, you or your traveller may not be able to benefit from the Services (as applicable), and we may not be able to provide you with information about our products and services.
To the extent provided by applicable data protection laws, you may withdraw any consent you previously provided to us, or object at any time to the processing of Your Data. We will apply your preferences going forward. In some circumstances, withdrawing your consent to our use or disclosure of Your Data will mean that you cannot make use of certain Services.
Requests and access to Your Data. In addition you may have the right to: obtain confirmation that we hold personal information about you, request access to and receive information about the personal information we maintain about you, receive copies of the personal information we maintain about you, update and correct inaccuracies in your personal information, object to the processing of your personal information, and have the information blocked, anonymized or deleted, as appropriate. The right to access personal information may be limited in some circumstances by local law requirements including applicable data protection laws. To exercise these rights, please contact firstname.lastname@example.org.
You have the right to ask us not to process Your Data for marketing purposes. We will inform you (before collecting Your Data) and obtain your prior consent where required by the Applicable Data Protection Law if we intend to use Your Data for such purposes or if we intend to disclose Your Data to any third party for such purposes. You can exercise your right to prevent such processing by advising us of your preferences before we collect Your Data, including on the form that is used to collect Your Data. You can also exercise the right at any time by contacting us at email@example.com.
The rights above are likely to apply to you if you are based in Europe.
Our websites or other digital applications and platforms may, from time to time, contain links to and from the websites of our service providers. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
If you provide us with any information or material relating to another individual, you should make sure that the sharing with us and our further use as described to you from time to time is in line with applicable laws, so for example you should duly inform that individual on the processing of her/his personal data and obtain her/his consent, as may be necessary under applicable data protection laws.
8. How can I exercise my rights or make complaints?
Attn: TakeTwo Legal Department