Version date: 31 January 2013
This policy applies to www.embarque.co.uk (the "Web Site"). To demonstrate our commitment to the data protection of your Personal Information that we collect and process in relation to the Web Site, we have developed this policy, which discloses our data protection practices for the information we collect from you, as well as the collection, storage, use, or transfer of your Personal Information.
It is Embarque’s policy to notify individuals about the purposes for which we collect and use information we collect, how to contact us with inquiries or complaints, the types of third parties to which we disclose information, and the choices and means available for you to limit use and disclosure.
Embarque London Ltd. ("Embarque", "us", "we") is registered as a data controller with the UK's Information Commissioner's Office and we are the data controller with respect to the Personal Information we collect and process about you in relation to the Web Site.
If you do not agree with the terms and conditions of this Data Protection Policy, you are not permitted to use the Web Site.
This policy informs you about:
1. What information we collect
2. Who collects and owns the information
3. How we use your Personal Information or disclose it to third parties
4. What choices you have regarding collection, use and distribution of your Personal Information
5. How to correct, update or delete your Personal Information
6. What kind of security procedures we use to protect the loss, misuse or alteration of information under
7. How to seek enforcement of your rights under this policy
8. How this policy may be amended
“Personal Information” is information in respect of which we can identify you from that information or other information which is or is likely to come into our possession. The types of data we collect about you on our Web Site include your name, address, telephone number, email address and details of the parts of our Web Site you have visited.
1. What Information Is Collected.
Embarque collects the Personal Information that you provide to us through our Web Site, as explained in this Section and Sections 2 and 3.
Users may browse through the informational portion of our Web Site without providing us with any Personal Information. However, if you request information or materials from us, we may ask for your contact information, such as your name, email address, company name, address, and phone number. In addition, we may collect Personal Information from you when you send us emails or submit other forms of information directly to us. We may also collect Personal Information from you at other points on our Web Site that state that your Personal Information is being collected.
If you or your business have an account with Embarque we will require you to complete a registration form in order to access the Embarque "Client Centre". This registration form will request certain Personal Information about the Web Site user (“User”) and the traveller who will use our transportation services (“Client”) in the event the Client is different from the User. This information will be compiled into a profile. Such information may include at least the following for each User: name, address, email address, company name, phone number and ARC or IATA number; and for the Client: name, email address, phone number, company name, work address, home address and billing address, pick-up and drop-off information, credit card information, corporate account information, and in-transit itineraries. However, if you do not have an account for the Embarque "Client Centre" you will not be required to complete a registration form or create a profile and any Personal Information we collect from you will be on a specific reservation basis and will not be retained for future use.
2. Who Collects Your Information.
Embarque England Limited owns the Web Site and all Personal Information collected through the Web Site is stored on Embarque England Limited's servers. We may outsource to a third party the hosting and operation of the Web Site. However, such third parties do not and will not have any ownership interest in the Personal Information collected or any right to use the Personal Information apart from the operation of our Web Site.
3. How We Use Your Personal Information or Disclose It to Third Parties.
Delivery of Service - We use your Personal Information collected through our Web Site to administer and deliver our services. In connection with the delivery of our services, we may share your Personal Information with third-party partners or vendors who help deliver or administer the services, but they are only permitted to use your Personal Information in connection with the delivery or administration of our services. For example, we share a Client's credit card information with a third-party credit card processing company, but that company is not permitted to use the credit card or your Personal Information for any purpose other than to fulfill the specific purchase transaction. We may also share your Personal Information with Embarque subsidiaries, affiliates, licensees, and subcontracted service providers who need such information to provide the services that you have specifically requested.
Embarque Marketing - We use the Personal Information collected through the Web Site to provide you with information or newsletters related to our services, and to promote our services to you or your company. This may include information and promotions via email, post, fax or telephone calls. If you no longer wish to receive these, you can opt-out free of charge by contacting us at email@example.com.
Third Party Marketing - We will not provide your Personal Information to third parties for their marketing purposes without your prior consent.
Embarque Customer Surveys - For Personal Information that we have collected through your voluntary participation in an online customer survey to obtain your suggestions or comments about Embarque's services, we use such Personal Information only for the purpose for which it was collected. We will not use such Personal Information for direct marketing or disclosure to other companies.
Transfer Due to Corporate Reorganisation - We may share, sell or transfer the Personal Information you provide to us in the event of bankruptcy or the sale or transfer of a division or some or all of our business.
Internal Marketing Research and Reporting - We use non-personal information on an aggregated basis for a variety of purposes, including operating and enhancing our Web Site and our services, internal marketing research, and management reporting. We reserve the right to use and disclose this aggregated information to third parties for any purpose. Aggregate information will not identify you.
4. Controlling the Collection, Use and Onward Transfer of Your Personal Information.
You can control the content of the Personal Information we have collected from you by following the instructions stated below in Section 5. In addition, if you do not want to receive marketing materials or communications from us, you can opt out.
We only share your Personal Information with third parties in limited circumstances where:
Ø We provide your Personal Information to service providers we have retained to perform services, or process Personal Information, on our behalf, only to the extent necessary to deliver or administer such services. We require service providers to process Personal Information in a manner consistent with this Data Protection Policy.
Ø Access, use, preservation, or disclosure of your Personal Information is reasonably necessary for Embarque to detect, prevent or remedy security or technical issues, or suspected or actual fraudulent or illegal activity; to satisfy any applicable law, regulation, ordinance, or legal process, including government investigation; or to protect the rights of Embarque, our clients, or other individuals, as required or permitted by law.
Ø You have authorised Embarque to do so. Embarque will notify you in the event we use your Personal Information in a manner different from that described in this Data Protection Policy. [We will not share any sensitive information without your opt-in consent.]
[In the unlikely event that sensitive information (such as a medical or health condition, race or ethnic origin, religious or philosophical belief, etc.) is provided to Embarque, Embarque will offer you the opportunity to affirmatively and explicitly consent to: (i) the use of sensitive information in a manner different from that described in this Data Protection Policy; or (ii) the disclosure of sensitive information to a third party (“opt-in”).]
Please note that if you provide any Personal Information on your own or directly to third parties who may be linked to, or otherwise connected with, our Web Site, different rules may apply to their use or disclosure of your Personal Information. We encourage you to investigate and ask questions before disclosing Personal Information to third parties.
5. Correcting, Updating and Deleting Your Personal Information.
You can access, amend, update, or delete your Personal Information through the Web Site by logging into your Carey or Embarque account, by contacting us at firstname.lastname@example.org[, or by calling Embarque’s Worldwide Reservations Centre]. However, for verification and security purposes, before we allow you to access, amend, update, or delete your Personal Information through any means, you may be asked to provide us certain Personal Information. In addition, we may charge a reasonable fee and/or set a reasonable limit on the number of times within a given period that access requests will be considered. We may also restrict access to Personal Information in limited circumstances, for example, where the legitimate rights of persons other than the User or Client would be violated, or where the burden or expense of providing access would be disproportionate to the data protection risk to the individual.
We store your Personal Information for as long as necessary for the purposes for which they were collected or, if longer, as necessary to comply with our legal obligations.
6. Our Security Procedures.
Embarque will use your Personal Information to the extent necessary to deliver or administer our services, and only for the purposes for which it was originally collected, or subsequently notified to you, in accordance with this Data Protection Policy. Embarque will take reasonable steps to ensure that your Personal Information is accurate and kept up-to-date.
We have established and currently maintain security procedures to protect the confidentiality, security and integrity of your Personal Information from loss, misuse, unauthorised access, and disclosure. We use encryption, Secure Socket Layers, and firewalls, and we implement off-line efforts to further protect this information, including updating our security practices and data protection policies, and limiting employee, agent, and subcontractor access to Personal Information to those who need to know such information to deliver or administer services. In addition, both electronic and paper records containing Personal Information are maintained in access-controlled facilities.
Our Web Site are maintained in the United Kingdom. To the extent that there is any international transfer of data, Embarque will ensure that the recipients of your Personal Information provide adequate protection of your Personal Information. For these purposes, Embarque is registered with the U.S. Department of Commerce’s Safe Harbor Program (“Safe Harbor”) and adheres to the seven U.S. Safe Harbor Data Protection Principles of Notice, Choice, Onward Transfer, Security, Data Integrity, Access, and Enforcement.
7 . Contact
If you have any questions or concerns regarding this Data Protection Policy, please contact:
Embarque England Limited
Attn: Data Controller
8. Changes to this Policy.
Embarque may amend or change this Data Protection Policy at any time. We will post any revisions to this Data Protection Policy on the Web Site. Therefore, you should review the Web Site periodically to ensure that you are informed of our current policies and practices. Any User or Client who provides additional Personal Information after these changes are posted will be deemed to have accepted the revised policy.
This Data Protection Policy is effective and was last updated on the date set out at the beginning of the policy.