Privacy policy

Technical and organizational measures in relation to personal data protection for the CEE Travel Systems products

The specified measures and approaches are used for the purpose of personal data protection by C.E.E. Group Travelport a.s., a joint-stock company with its seat at Sokolovská 685/136f, Karlín, 186 00 Prague 8, Reg. No.: 060 32 575, registered in the Commercial Register maintained by the Municipal Court in Prague, Section B, Insert 22427 (“CEE Travel Systems”).

CEE Travel Systems is authorised to update this document regularly.

1. Handover of personal data

1.1. List of third parties who are in the position of personal data controllers and who are provided with personal data:

For the Travelport+ and Smartpoint products:​

  • Travelport International Operations Limited, a company with its seat at Axis One, Axis Park, 10 Hurricane Way, Langley, Bershire, SL3 8AG, UK, registered under Reg. No. 09726717.

For the CETS product:​

  • Travelport Austria GmbH, Dresdner Strasse 81-85, 1200 Vienna, Austria.

For the GOL IBE, GOL API, GOL Mobile, TripGate and Trip Manager products:​​

  • Travelport International Operations Limited, a company with its seat at Axis One, Axis Park, 10 Hurricane Way, Langley, Bershire, SL3 8AG, UK, registered under Reg. No. 09726717.

1.2. List of third parties who are in the position of personal data processors and who are provided with personal data:

For the GOL IBE, GOL API, GOL Mobile, Commission Manager, Trip Manager products:​

  • C.E.E. Group Travelport a.s., Sokolovská 685/136f, Karlín, 186 00 Prague, Czech Republic, Reg. No. 06032575
  • Travelport Slovakia s.r.o., Grösslingova 45, 811 09 Bratislava, Slovakia, Reg. No. 35916591
  • Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States of America
  • Zendesk, Inc, 1019 Market Street, 6th Floor, San Francisco, California 94103, United States of America
  • Atlassian Pty Ltd, Level 6, 341 George Street, Sydney, NSW 2000, Australia
  • Instago Sagl, Vicolo dei Calvi 2, 6830 Chiasso, Switzerland
  • PragueNet spol. s r.o., Jičínská 226/17, Praha 3, 13000, IČ: 14100703
  • And other programmers and contractors involved in product development and support​

Reservation of flight tickets​ and train tickets​

  • Travelfusion Limited, company registration number 03880175, whose principal place of business is at Unit 3.01, The Wenlock Building, 50-52 Wharf Road, London N1 7, UK
  • And other programmers and contractors involved in product development and support​

For eStreaming API, eStreaming Pipe, Air Cache , GEM, GRM, RDP, Go-Link, TCP products:​

  • C.E.E. Group Travelport a.s., Sokolovská 685/136f, Karlín, 186 00 Prague, Czech Republic, Reg. No. 06032575
  • Travelport Slovakia s.r.o., Grösslingova 45, 811 09 Bratislava, Slovakia, Reg. No. 35916591
  • Global Travel Solutions, a private enterprise with registered office at: Dniprovska Naberezhna, 14-A, office 218/220, 2nd Floor, Kyiv 02095, Ukraine. The registered number assigned for legal entity according to the registry is 36159354
  • Atlassian Pty Ltd, Level 6, 341 George Street, Sydney, NSW 2000, Australia
  • Zendesk, Inc, 1019 Market Street, 6th Floor, San Francisco, California 94103, United States of America
  • And other programmers and contractors involved in product development and support​

For CEE Repricer, GalileoTerminal.com, Queue Processor and CEE Itinerary (#ITIN) products:​

  • C.E.E. Group Travelport a.s., Sokolovská 685/136f, Karlín, 186 00 Prague, Czech Republic, Reg. No. 06032575
  • Travelport Slovakia s.r.o., Grösslingova 45, 811 09 Bratislava, Slovakia, Reg. No. 35916591
  • Zendesk Inc., 1019 Market Street, 6th Floor, San Francisco, California 94103, United States of America
  • And other programmers and contractors involved in product development and support​

For invoicing and recording/managing business contacts:​

  • Citrix Systems, Inc, 851 Cypress Creek Road, Fort Lauderdale, FL 33309, USA
  • The Rocket Science Group, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA
  • Oracle Corporation, 500 Oracle Parkway, Redwood Shores CA, 94065, USA
  • Fakturoid s.r.o., V pláni 532/7, 142 00 Praha 4, Czech Republic, Reg. No. 04656679
  • mikonboard s.r.o., Biskupcova 1653/27, 130 00 Praha 3, Czech Republic, Reg. No. 24805530
  • Integromat s.r.o., Voctářová 2449/5, 180 00, Praha 8, Czech Republic, IČO 29152861

2. Personal data processing principles

Within CEE Travel Systems we have implemented and we ensure the following principles:​​

  • Creation and implementation of a system of managed access to information.
  • Securing of information systems, the internet and e-mail.
  • Ensuring of accessibility, reliability and integrity of data.
  • Information protection and back-up.
  • Exchanges of information with a third party may be carried out only based on applicable law or based on a contract entered into.

3. Marketing communications and consent

We may collect and use personal data, such as email addresses, to send newsletters and other promotional materials about our products and services. This data is collected solely with your explicit consent, provided through a clear opt-in mechanism during the subscription process. You may withdraw this consent at any time by clicking the 'unsubscribe' link in any email you receive from us or by contacting us directly. Withdrawal of consent will not affect the legality of processing based on consent prior to withdrawal. Provision of our services is not contingent upon your consent to receive marketing communications.

4. Technical and organisational measures

4.1. Rules for authorisation for use of products

  • CEE Travel Systems products may only be used by companies and/or individuals based on a valid user agreement.
  • Following the end of a user agreement, CEE Travel Systems products and user access will be deactivated.
  • CEE Travel Systems products have unique authorisation details, which are linked to the product (API products), and/or specific users (Desktop applications).
  • Users have been assigned user names and manage passwords which correspond to security criteria for the number of characters, types of characters and repetition of passwords.
  • Accounts and access to them are automatically locked after several unsuccessful access attempts.
  • Log-ins are automatically logged out after a certain period of inactivity.
  • Users have various levels of authorisation, which limit their access to specific data regarding passengers.​

4.2. Software security and communication

For all products:​

  • Communication is encrypted via SSL technology.
  • CEE Travel Systems ensures regular testing of assessment and evaluation of the effectiveness of implemented technical and organisational measures for ensuring network security.​

For the Travelport+ and Smartpoint products:​​

  • The products are operated in accordance with the PCI DSS standard, and for those reasons the minimum requirements for installation are as follows:
    • Microsoft Windows operating system version 7+SP1 or higher
    • Microsoft .NET Framework version 4.6.2 or higher
    • Travelport Smartpoint application in version 7.5 or higher
    • The Galileo SSL client for SSL encrypted communication in version 3.0.0 or higher.​

For the GOL IBE, GOL API, GOL Mobile, GalileoTerminal and TripGate and Trip Manager products:​

  • These products are operated in accordance with the PCI DSS standard.
  • The products are operated in a secured hosting environment.
  • Servers ensuring product functionality are secured by firewalls.
  • Data repositories are only available to authorised persons.
  • Pseudonymised databases are used for product development.​

For all other products:​​

  • The products are operated in a secured hosting environment.
  • Servers ensuring product functionality are secured by firewalls.
  • Data repositories are only available to authorised persons.
  • Pseudonymised databases are used for product development.

4.3. Logging

For the Travelport+ and Smartpoint products:​

  • Operations with reservations in Travelport+ are recorded in this system in history with the signature of the user who has made the particular change.​

For all other products:​

  • Activities of products, users and controllers are recorded in transaction logs.​

4.4. Persons’ authorisation to handle personal data

For the Travelport+ and Smartpoint products:​

  • Only persons authorised by CEE Travel Systems may handle personal data.
  • For performance of activities such as help desk tasks (help with reservations), IT support (installation and creation of access), commerce (recording of agencies and user access), etc., entrusted persons have access to necessary systems for account establishment with necessary securing against unauthorised access.

4.5. Training

  • All persons participating in personal data processing are trained regarding personal data protection methods and procedures.