GBDMC

Menu

Privacy Policy

GB DMC PRIVACY POLICY

GB DMC PVT Ltd is registered in England & Wales. Company number: 13677419. Registered office: 2 SNAGGE COURT Marston MORETINE Bedfordshire MK43 0LF United Kingdom

This document sets out GB DMC’s policy on the protection of information you disclose to us. Protecting the confidentiality and integrity of personal data is a critical responsibility that we always take seriously. GB DMC PVT LTD will ensure that data is processed in accordance with the provisions of the General Data Protection Regulation (EU) 2016/679 (GDPR).

GB DMC requires you to provide contact details of the people you wish to be authorised users of our services in order for us to fulfil our contract with you. In addition, it may be necessary for you to disclose personal data (including Child data or ‘special category’ data, eg. allergies, disabilities) about your clients/customers as part of our delivery of travel services.

Fair Processing of Data

In processing the personal data, the following principles will be adhered to. Personal data will be:

  • Used lawfully, fairly and in a transparent way
  • Collected only for valid purposes that are clearly explained and not used in any way that is incompatible with those purposes
  • Relevant to specific purposes and limited only to those purposes
  • Accurate and kept up to date
  • Kept only as long as necessary for the specified purposes
  • Kept securely

Personal information (including special category data) will only be processed when there is a lawful basis for doing so and only on your instructions.

No personal data provided to us will be the subject of automated decision making.

The specific lawful basis on which we process information you give us is for the performance of contract to deliver travel services to your client.

Lawful Processing of Data

It is your responsibility as Data Controller to advise your clients/customers that their data may be transferred to third party processors such as GB DMC PVT LTD. and seek any necessary consent in respect of that processing.

Please be aware that we will add the personal data of authorised users to our mailing list so we can send updates on the services provided, newsletters and invitations to events by phone, letter or email. This is part of our contractual commitment to ensure that your authorised users are kept up to date with the services we provide for your clients. We also believe we have a legitimate interest in contacting you for this purpose.

If any authorised user wishes to stop receiving such information from us they can ‘opt out’ of the newsletter or ask us to remove their details from our mailing list by contacting us on sales@gbdmc.com

Collection and Retention of Data

GB DMC LTD will collect personal information about authorised users at the beginning of our relationship and information about your clients as and when you transmit this information to us for booking travel services.

We will retain that data when it is necessary to do so and only for as long as required to fulfil the purpose/s it was collected for, including the purposes of satisfying any legal, accounting, or reporting requirements.

When determining the retention period for personal data, Europe Incoming will consider various factors such as the nature, sensitivity of the personal data, potential risk from harm of unauthorised use or disclosure and the purposes for which the personal data is processed.

On termination of our contract with you, you may request that we delete personal data or return it to you. We will do so without delay unless there is a lawful basis for us to continue to process it. In this instance, we will securely destroy personal data after the relevant data retention period has expired.

Data Security and Sharing

GB DMC LTD has in place appropriate security measures to prevent personal information from being accidentally lost, use or accessed in an unauthorised way.

  • An IPS perimeter firewall protects against network based attacks from the internet.
  • All internal networks separate and restricted using VLANs. Software based firewalls provide additional security on local servers.
  • All user and administrative passwords are subject to a policy which require complexity and frequent changing.
  • Software and Operating Systems are updated regularly.

Access to personal data of your authorised users and clients/customers is limited to those employees and contractors who have a business need to know. They will only process information on our instructions and are subject to a duty of confidentiality.

We will share personal data with third parties where it is necessary to deliver our travel services and where we have your general or express authority to do so, unless we are required by law to share the data without your authority.

Where we share data with a third party sub-processor, we will contractually require the sub-processor to respect the security of the data subject (your client) and to treat it in accordance with the law.

Contact details of your authorised users (not clients/customers) may also be sent to a digital marketing company for the limited purpose of administering our mailing lists and no other purpose.

Where there is a significant change to a sub-processor, we will inform you and allow you to object before we share personal data.

Your Rights and Obligations

GB DMC LTD. will conduct regular reviews of the information we hold to ensure its relevancy. You are under a duty to inform us of any changes to lists of authorised users. If you have concerns about the accuracy of personal data, we hold please contact us immediately on info@gbdmc.com

You should also contact us if any data subject (authorised users, clients, customers) indicates that they want to exercise their rights in respect of personal data we hold, including the rights to:

  • Request access to personal information
  • Request erasure to personal information
  • Object to processing of personal information
  • Request the restriction of processing of personal information
  • Request the transfer of personal information to another party

Depending on the nature of the request, GB DMC LTD may have grounds for refusing to comply with a request. In this case, we will provide an explanation promptly.

If we receive any direct request to exercise rights in respect of personal data we process on your behalf, we will notify you as Data Controller before responding.

 GB DMC’S Rights and Obligations

GB DMC undertakes to assist you in meeting your obligations under GDPR in relation to the security of processing, notification of data breaches and data impact assessments. We have procedures in place to deal with any data security breach and will notify you as soon as reasonably practicable. Where legally required to do so, we will notify the applicable data regulator, in the UK, this is the Information Commissioners Office (ICO).

We will assist you in providing data subject access requests and allowing data subjects to exercise their rights in respect of the personal date we hold. Where necessary, this assistance extends to submitting to audits and inspections and providing information you require to satisfy your obligations. We undertake to tell you if we are asked to do anything which would infringe data protection legislation.

GB DMC LTD will adhere to principles of this policy and relevant legislation when designing or implementing new systems or processes.

If you have any further questions, please contact us on info@gbdmc.com

 

 

Scroll to Top