Privacy Policy

 

Who are We?

This Privacy Policy applies to all products, applications and services offered by Tramada Systems Pty Ltd (a company incorporated in NSW Australia with a registered office at Level 10, 115 Pitt Street, Sydney NSW), and its affiliates.

Preamble

At Tramada Systems (“Tramada,” “we”, “us” and “our”), we understand that using Tramada software to process “Travel Agency” (“Agency”), clients’ travel bookings involves significant trust on the parts of the Agency and its clients. We take this trust very seriously, and make it a priority to ensure the security and confidentiality of the personal information of the Agency and its clients provided to us to process (such as a client’s name, phone number, address, email address, or payment details).

Tramada is bound by the Privacy Act 1988 (Commonwealth) (“Privacy Act”) and the Australian Privacy Principles (“APPs”) set out in the Privacy Act. At Tramada we are committed to ensuring that all information provided to us is treated with the appropriate degree of discretion and confidentiality. Our employees understand their responsibility to protect and use personal information correctly.

This Privacy Policy is intended to provide readers with a general explanation of how we may collect, store, use and disclose personal information and it takes into account the changes made by the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cth). The policy was last amended on 22 February 2018 and it will be reviewed and updated from time to time to ensure that it reflects our current information handling practices and any relevant legislative changes. Tramada Systems will give reasonable notice of any amendments to the policy on our website (www.tramada.com).

This Privacy Policy sets out our information privacy practices as follows:

When an Agency uses Tramada software to manage travel bookings, we have to make certain decisions about why and how to process the Agency’s clients’ personal information in order to help the Agency manage its clients’ travel bookings. We are therefore also responsible for protecting the client’s personal information throughout the travel booking process.

This is what we explain in this Privacy Policy, which sets out Tramada’s policies concerning the management of personal information and describes the types of personal information Tramada holds, the purposes for which it holds that personal information, and the ways in which Tramada collects, uses and discloses that information.

 

AGENCY TRAVEL PROGRAMS – OVERVIEW

To help Agencies manage their customers’ travel bookings and their client servicing needs, the Agency has contracted with Tramada Systems to use its proprietary software to carry out some aspects of its processing. Under this contract, the Agency will designate Registered User/s (“Registered User”) to manage and administer the travel needs of its individual clients and of its corporate clients’ personnel and their associates.  Some corporate clients will in turn engage an internal travel arranger (“Travel Arranger”) to manage the travel needs of its personnel and their associates. Registered Users and Travel Arrangers both book and manage the travel needs of Travellers (“Travellers”).

  • Rules relating to bookings by Travellers

To book travel, Travellers must be direct clients of Tramada contracted Agencies, or the Agency’s corporate client’s personnel and their associates. Travellers will have registered to become clients of the Agency or will have an arrangement with the Agency’s corporate client, who will authorise to have their profile data loaded into our system by the Agency and/or the Tramada implementations team.  If you are a Traveller, this Privacy Policy applies to how we collect and use your personal information regardless of whether you are booking and managing travel through your Agency Registered User or through your organisation’s Travel Arranger. Accordingly, unless we expressly provide otherwise, when we refer to “you” in this Privacy Policy, we are referring to you as the Traveller, whether you are acting on behalf of yourself or through a Travel Arranger.

  • Agency Registered User/s and client Travel Arrangers

While this Privacy Policy is primarily directed at Travellers, it also applies to Agency Registered Users and to Travel Arrangers.

Any personal information that a Registered user or Travel Arranger provides to us about himself or herself in connection with our Agency Travel Program is managed as set out in this Privacy Policy. Tramada, however, reserves the right to contact Registered Users as contemplated by their Agency’s contract with us (e.g., to follow up on support inquiries, for feedback on aspects of the Agency Travel Program, to discuss the business relationship, or to discuss new or updated applications or services). This contact may occur via our web portal, phone, email, text message, postal mail or in person.

When booking and managing travel on behalf of any Traveller, Agency Registered Users and Travel Arrangers must obtain the relevant Traveller’s consent. Agency Registered Users and Travel Arrangers must also ensure that the relevant Traveller receives and reviews this Privacy Policy.

Whether you book travel directly from an Agency or allow your Agency Registered User or Travel Arranger to do so on your behalf, authorised individuals within your company may have access to your personal information, as well as to your travel itineraries and to all other information in your profile or booking, and they may also direct that we share this information with third parties for recordkeeping or other authorised purposes. Your Agency Registered User or your Travel Arranger will also be able to update your profile settings and travel preferences in accordance with your instructions to them. Your Agency Registered User or your Travel Arranger will also be able to view, change or cancel any of your trip itineraries as necessary to fulfil your instructions or in accordance with your agreements with them.

  • Scope of Policy

This Privacy Policy sets out the information, collection and use practices of Tramada. Note that the policies or practices of your Agency and/or your organisation may differ, and we are not responsible for any use or disclosure of your personal information by anyone at your Agency or your organisation, or for any acts or omissions of your Agency, its Registered Users, your organisation, or its Travel Arrangers. If you have any questions about the manner your Agency, organisation, Agency Registered User or Travel Arranger handles your personal information or books or manages travel on your behalf, please contact the appropriate representative of the Agency or your organisation, or refer to your Agency’s or your organisation’s privacy policy.

 

WHAT INFORMATION THE AGENCY COLLECTS FROM YOU THAT WE PROCESS ON ITS BEHALF

Circumstances where Tramada holds personal information include, without limitation, when you:

  • Authorise your Agency or Travel Arranger to complete a traveller profile for you
  • Book travel arrangements which may include air, hotel, car, rail or other services

Traveller information: The Agency collects the full name, contact number and other personal information necessary for the travel reservation, such as passport number and billing information, of a Traveller when a travel reservation is made through it. It may also collect information about each Traveller’s preferences, including meal requests, seat selection, frequent flyer/hotel/car hire programs and membership numbers, and ticketing options.

Booking travel for someone else:  When you make a reservation for someone else through the Agency, they may request personal information and travel preferences about that individual. You must obtain the consent of other individuals and ensure such other individuals review this Privacy Policy prior to providing us with their personal information and travel preferences, as any access to view or change their information will be available only through your account. The Agency will collect, use and disclose that individual’s personal information only for the purposes of making a reservation.

How Your Personal Information gets into the Tramada System
Before any personal information can be entered into the Tramada processing system by an Agency, there will be a requirement for the Agency Registered User to sign in via a password protected login. Tramada also encourages Agencies to use two-factor authentication for their logins. Personal Traveller information being entered by a Travel Arranger will require the Arranger to sign in via a secure online booking engine or via the organisation’s online portal which, in turn, will have secure integrations with the Agency and /or Tramada and which will also have their own individual Privacy Policies. Generally, Tramada stores all information provided to it including, without limitation, all personal information about you that you specifically and voluntarily provide or give to the Agency Registered User or the Travel Arranger in any other way. This includes information that can identify you (“personal information”), including first name, surname, telephone number and email address, passport information and billing information (such as credit card number, cardholder name, and expiration date). Your Agency Registered User or Travel Arranger may enter into the Tramada system additional personal information about you such as your employer ID number.

Tramada provides software in which Agencies store and process personal information. We do not modify or disclose this information and only access it to the extent required to solve processing issues for Agencies and for account administration purposes.

Use of your information: The Agency uses sensitive billing information (such as cardholder name, credit card number, and expiration date) for the purposes of completing the travel bookings you make with an Agency Registered user or your Travel Arranger. Tramada provides the Agency with the software to process and store this information and to facilitate the services the Agency provides you.

The Agency may also use information about you for the following general purposes: to provide you with the products and services you request; to provide you with travel confirmation and updates; to send you travel notifications; to provide information about service updates and services that may interest you; to communicate with you in general; to respond to your questions and comments. For details in relation to the Agency’s use of your personal information please refer to your Agency’s Privacy Policy.

Call monitoring: Calls to and from our Tramada software service help desk made by Agency Registered Users will be recorded or monitored for the purposes of quality control and for staff training. Call recordings will be maintained for three months and will then be deleted. Any Traveller personal information obtained from Agency Registered Users for the purposes of solving a processing issue during the help desk call will be treated in accordance with this Privacy Policy.

 

DISCLOSURE OF YOUR INFORMATION

Tramada may share your personal information with the following entities:

  • With our service providers and third-party vendors which provide services or functions to enable us to process information (e.g. internet service providers, payment processing providers, global distribution systems, online booking engines). These service providers and vendors help us provide the Agency with the processing services and applications it requires to efficiently deliver its travel services to you.
  • With regulators to meet Tramada’s legal and regulatory obligations.
  • With law enforcement agencies so that they may detect crime or prosecute offenders.
  • When we believe it is appropriate to investigate, prevent, or take action regarding illegal or suspected illegal activities; to protect and defend the rights, property, or safety of Tramada, the Agencies which use Tramada, their customers, or others; and in connection with other agreements.

 

YOUR CHOICES WITH RESPECT TO COLLECTION AND USE OF YOUR INFORMATION

Your Agency Registered User or your Travel Arranger can access, add, update or delete your information by logging into the Tramada system and/or into the Online Booking Engine used by your organisation.

You may submit a written request to access the personal data that your Agency and therefore we hold about you. If you make such a request, our Agency and Tramada are entitled to request appropriate identification before servicing such request. You can make a written request for access to your personal data by contacting your Agency. We will endeavour to respond to the request as passed on by your Agency within an appropriate timeframe and, in any event, within any timescales required by law.

In relation to Agency Registered Users’ personal information held by Tramada, please note that we reserve the right to send you service announcements, administrative messages, and surveys relating either to the Agency’s account with us or to its transactions with Tramada, without offering the Agency Registered User the opportunity to opt out of receiving them while designated as a Registered User of the Agency and authorised to access the Tramada system.

 

HOW WE PROTECT YOUR INFORMATION

We want the Agency and you to feel confident about using our services to process your travel needs and we are committed to protecting the security of your personal information so we take all reasonable precautions to protect it from unauthorised access, modification or disclosure. Your data is stored in a secure environment and all data transfers are encrypted. We use firewalls, an intrusion detection system, regular vulnerability scanning and access monitoring to monitor access to our production environment.  We have secure working environments and work management systems that prevent unauthorised access or copying of personal information (e.g. staff management).  We have locked down access to our production environment and data access is only available to staff on a need-to-know basis. All accesses to the production environment are logged. It is not possible to connect a device to our production environment.

We use virus scanning tools and have procedures in place to keep these up to date.

We conduct an annual Security Awareness programme and this forms part of the Tramada Induction of all new staff members.

We conduct an annual security review in accordance with PCI DSS (Payment Card Industry Data Security Standards), including an external penetration test.

Whilst Tramada has strong processes for managing the security of personal information, security risks do change over time. Tramada will endeavour to stay vigilant in improving and maintaining, from time to time, the security and confidentiality of your personal information.

 

EXTERNAL LINKS

If any part of this website links you to other websites that we do not own or operate, those websites do not operate under this Privacy Policy. We recommend you examine the privacy policies posted on those other websites to understand their procedures for collecting, using, and disclosing personal information.

 

WHERE YOUR DATA IS STORED

Tramada stores and processes Personal Data about Travellers in secure environments in Australia (including an online back-up service) and in other countries. We also use Google Cloud which has strict data protection policies and practices, for data storage. Tramada endeavours to ensure that no matter where it is stored, your information is protected in accordance with this Privacy and the requirements of the applicable data protection law wherever it is processed.

Personal Data relating to residents outside Australia will be handled according to this Privacy Policy.

We will only process Personal information in ways that are compatible with the purposes outlined above in this Privacy Policy (or those you later authorise).

As explained in this Privacy Policy, we may provide your Personal Data to third parties who perform services on our behalf.

Under certain circumstances, we may be required to disclose your Personal Data in response to valid requests by public authorities, including to meet national security or law enforcement requirements.
 

DATA RETENTION

Your Agency determines for how long your information is to be retained or if it is to be anonymised.  We will not retain your information for longer than is necessary for business purposes or for legal requirements. However, please be advised that we may retain (on behalf of the Agency) some information after your Agency has closed your account with it, for instance, if this is necessary to meet its legal obligations, including retaining the information for tax, reporting, accounting or other purposes.

 

COOKIES AND OTHER TECHNOLOGY

We collect and use information throughout our website only as disclosed in this Privacy Policy. This section of the policy applies solely to information collected on this website.

Only domain name, not email address, is recognised for visitors to our website.

The information we collect is:

  • used to improve the content of our website.
  • never shared with other organisations for commercial purposes.

This site collects site performance identifiers. These give us information about how Tramada’s website is used and helps us provide you with a more user-friendly experience. We use analytics cookies (See Below) to gather statistics about our site. For example, they help us monitor how many users are on the site and what sections are most popular.

Cookies are small data text files and can be stored on your computer’s hard drive (if your Web browser permits). The Help portion of the toolbar on most browsers will tell you how to prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. You can choose to not receive a cookie file by enabling your web browser to refuse cookies or to prompt you before accepting a cookie.

Cookies and digital identifiers may be disabled by changing security settings on your web browser, however doing so may diminish the service that Tramada provides through its website.

A user may choose to give certain contact information by filling out our enquiry form. You may use this form without providing any information other than an email address and country/state. No other field is mandatory. We never sell or give away this information. It is only gathered to contact the user about services on our site for which they have expressed interest. It is optional for the user to provide information excepting email address.

Registration is not required to enter our site.

CHANGES TO THIS PRIVACY POLICY

Tramada may update this Privacy Policy in the future. We will notify the Agency about material changes to this Privacy Policy should they be made in the future.

 

HOW TO CONTACT US

If you have any questions or complaints about our privacy handling process, please contact the Privacy Officer as outlined below. We will commit to respond within 30 days. If you are making a complaint and it takes longer to resolve, we will keep you up to date on the progress of the investigation.

Email: privacy@tramada.com

Post:

Privacy Officer
Tramada Systems Pty Ltd
Level 10, 115 Pitt St
Sydney NSW 2000
Australia

 

If you are unhappy with our response you may lodge a complaint at https://forms.business.gov.au/aba/oaic/privacy-complaint-/