Overview
This Privacy and Cookie Policy (the "Policy") becomes effective for all users from the date 01st Oct 2020.
We, TBO.com Operating through our flagship brand "PAXES", a corporation incorporated under the laws of the UAE as the data processor ( "TBO", "We", Or "us "), explain in this Policy how we collect, process and/or use information that we receive via our websites, emails we send, and mobile applications (collectively, the "Platform") that link to this Policy, as amended from time to time. This Policy describes how PAXES collects, processes, uses, shares and secures the personal information you provide. It also describes your choices regarding use, access, and correction of your personal information. For purposes of this Policy, personal information shall mean any information relating to an identified or identifiable natural person.
This Policy applies only to information we collect, process and use through the Platform. This Policy does not apply to information that we collect through other channels, such as information that we collect offline, from other websites or from emails you send us.
Information We Collect
We collect information about you to provide our services. In order for us to best provide our services to you (and to help make it feasible for us to do so), it is essential that we are able to collect and use the information as described in this Policy. This means that the data collection is largely necessary for fulfilling the relationship we have with you, and where that is not the case, we have a legitimate interest in collecting the information described below.
Information You Give Us
When you fill out online forms, provide traveller or booking information, or provide us with other personal information actively, we collect that information for processing and use in accordance with this Policy. PAXES may change its offerings, products and features from time to time, the options you have to provide us with personal information also may change, but here are few illustrations through which we collect personal information as provided by you:
- When you register on our site
- When you create an account
- Signing up for email alerts
- Completing a form related to one of our products or services
- Uploading various documents required for identification
- Contacting us for technical support or customer service
Depending on how you interact with our Platform, the personal information we collect from you may vary. For example, to create an account we may ask only for an email address and password. In other circumstances, on signing up with us as an agent, we may ask you to provide other information, which may include your name, phone number, and/or postal address. We also collect and store certain information associated with actions you take. For example, when you perform a search on our site, we store such search information, information provided by you through online forms, IP addresses among others. We also store information about the bookings performed or offers availed, the time and duration of your activity on our Platform, and other information about your behaviour on our Platform.
On our Android platform, when you set up an individual user account, you may create a profile (a "Profile") that will include personal information you provide. At your request, we will create your Profile with information we extract from details you have entered on the Platform. When you fill out and save your Profile, your saved Profile can be viewed only by authorized PAXES employees.
If you enter credit card information on the Platform in connection with a booking, that information is sent directly from your browser to the third-party service provider we use to manage credit card processing and we do not store it on our servers. The service provider is not permitted to use the information you provide except for the sole purpose of credit card processing on our behalf.
Information We Collect Automatically
When you use the Platform, your device is automatically providing information to us so that we can customize our response to you. The type of information we collect by automated means generally includes technical information about your computer, such as your IP address or other device identifier, the type of device you use, and operating system version. The information we collect also may include usage information and statistics about your interaction with the Platform. That information may include the URLs of our web pages that you visited, URLs of referring and exiting pages, page views, time spent on a page, number of clicks, platform type, location data (if you have enabled access to your location on your mobile device), and other information about how you used the Platform.
Automated means of data collection include the following:
Cookies And Tracking Technologies.
Technologies such as cookies, locally shared objects (sometimes called "flash cookies"), mobile identifiers and similar technologies ("Cookies") are used by PAXES. We use Cookies to remember users’ settings as well as for authentication and analytics. These technologies may be used in analysing trends, administering the Platform, tracking users’ movements around the Platform and to gather demographic information about our user base as a whole. You can control the use of Cookies at the individual browser level, but if you choose to disable Cookies, it may limit your use of certain features or functions on our website or service. For more information on Cookies, how we use them, the third parties we work with who use them, and how you can control them, please see the section entitled Cookie Policy.
Log File Information.
Log file information is automatically reported by your browser or mobile application each time you access a website on our Platform. For example, when you access our website, our servers automatically record certain information that your web browser sends when you visit any website. These server logs include information such as your web request, Internet Protocol ("IP") address, browser type, referring / exit pages and URLs, number of clicks, domain names, landing pages, and pages viewed.
Device Information.
We collect information about the device you use to access the Platform, including type of device, operating system, settings, and unique device identifiers, and IP address. Whether we collect some or all of this information often depends on what type of device you’re using and its settings. We collect the device type and any other information you choose to provide, such as username, geolocation, or email address. We also use mobile analytics software to allow us to better understand the functionality of our mobile software on your phone. This software records information such as how often you use the application, the events that occur within the application, aggregated usage, performance data, and where the application was downloaded from. We do not link the information we store within the analytics software to any personally identifiable information you submit within the mobile application.
How We Use Information/Purposes
We use the information we collect to provide our services. In order for us to best provide our services (and to help make it feasible for us to do so), it is essential that we are able to collect and use the information as described in this Policy. It is largely necessary for fulfilling the relationship we have with you, and, where that is not the case, we have a legitimate interest in using the information we collect, including personal information, for these purposes:
- To provide you with relevant content
- To customise and improve the features, performance, and support of the site
- For internal operations, including troubleshooting, data analysis, testing, research, and service improvement (this includes use of your IP address and mobile device information to help diagnose problems with our service and to administer the Platform)
- To communicate with you or initiate communication with you on behalf of third parties through your PAXES account or through other means such as email, telephone (including mobile phone), or postal mail, including through the use of contact information that you provide to us or (where it is lawful for us to do so)
- To analyse use of the Platform and improve the Platform
- To create aggregate statistical data that does not identify you individually (we use mobile device data and IP addresses to gather demographic information)
- For other purposes that you separately authorise as you interact with PAXES
When we collect any information that does not identify you as a specific natural person ("Non-Personal Information"), we are permitted to use and disclose this information for any purpose, notwithstanding anything to the contrary in this Policy, except where we are required to do otherwise by applicable law. If we combine any Non-Personal Information with your personal information (such as combining your ZIP code with your name), we will use and disclose such combined information as personal information in accordance with this policy. Similarly, if applicable law requires that we treat certain Non-Personal Information as personal information, we will use and disclose this information as personal information in accordance with this policy.
Cookie Policy
TBO.com operating under the flagship brand “PAXES” (“TBO”, “we”, or “us”) is committed to protecting your privacy. This Cookie Policy explains:
i. what types of cookies and similar technologies are placed on your device when you visit our website https://www.paxes.com (the “Website), mobile applications and travel booking platform (the “Platform”) (together, the “Services”); and
ii. how PAXES uses these cookies and similar technologies.
Our Website Privacy Policy and Platform Privacy Policy can provide you with further details about how we use your personal information, although not all information captured through the use of cookies and similar technologies will identify you.
What are cookies?
Cookies are small text files that are sent to or accessed from your web browser or your device’s memory. A cookie typically contains the name of the domain (internet location) from which the cookie originated, the “lifetime” of the cookie (i.e., when it expires) and a randomly generated unique number or other identifier. A cookie also may contain information about your device, such as user settings, browsing history and activities conducted while using our Services. We may also use other similar tracking technologies such as widgets which allow you to redirect to our social media pages.
Who can drop cookies on my device?
First-party cookies
First-party cookies are placed on your device directly by PAXES. For example, PAXES use first-party cookies to keep you logged in to our Platform, authenticate your device and adapt our Services to your browser’s language and culture preferences
Third- Party Cookies
Third-party cookies are placed on your device by our partners and service providers. PAXES does not use any third-party cookies.
How long does a cookie stay on my device?
The lifespan of the cookies we use depends on the category of cookies. There are session cookies and persistent cookies.
Session cookies
Session cookies only last until you close your browser. We use session cookies for a variety of reasons, including to learn more about your use of our Services during one single browser session and to help you to use our Services more efficiently.
Persistent cookies
Persistent cookies have a longer lifespan and aren’t automatically deleted when you close your browser. These types of cookies are primarily used to authenticate your device, save your preferred language, help you quickly sign-in to our Platform again and for analytical purposes.
What does PAXES use cookies (and other tracking technologies) for?
Like most providers of online services, PAXES uses cookies to provide, secure and improve our Services, including by remembering your preferences and recognising you when you visit our Platform. To fulfil these purposes, PAXES may also link information from cookies with other personal information PAXES holds about you. This means that in these cases we will know that the cookie information relates to you.
When you visit our Services, essential cookies will be set on your device. Other types of cookies (as listed below) will also be set on your device if you choose to accept them.
Essential Cookies
These cookies are strictly necessary to help support the structure of our internet sites & services. They perform functions like [ensuring our pages load properly and allowing you to return to webpages you have previously visited]. The legal basis for the use of essential cookies is our legitimate interest (Article 6(1)(f) GDPR) and necessary for the performance of our service in accordance with Booking Terms and Conditions (Article 6(1)(b) GDPR) |
||
Cookie name | What do they do? | Duration |
login | To keep a user logged in to the Platform. | Expires with session |
2FAVerified | To mark a device as having been verified by two-factor authentication. | 30 days |
Save Cookie | To flag a user’s acceptance of cookies on the Website. | Expires with session |
culture | To save a user’s preferred language/culture. | 30 days |
Analytics Cookies
These cookies are used for analytics purposes including to help us understand how our Services are used and to help us customise and improve the Services for our visitors. They help us to make the use of our services easier for you, and if necessary, to make improvements. The legal basis for the use of Analytics Cookies is your consent (Article 6(1)(a) GDPR). |
Google™ Maps API Cookies
Some features of our Platform and some PAXES services rely on the use of Google™ Maps API Cookies. Such cookies will be stored on your device.
When browsing the Services and using the services relying on Google™ Maps API cookies, you consent to the storage, collection of such cookies on your device and to the access, usage and sharing by Google of the data collected thereby.
Google™ manages the information and your choices pertaining to Google™ Maps API Cookies via an interface separate from that supplied by your browser. For more information, please see https://www.google.com/policies/technologies/cookies/.
Google Analytics
We use Google Analytics, which is a Google service that uses cookies and other data collection technologies to collect information about your use of the Services and services in order to report website trends.
You can opt out of Google Analytics by visiting www.google.com/settings/ads or by downloading the Google Analytics opt-out browser add-on at https://tools.google.com/dlpage/gaoptout.
How can you control cookies?
Tools within this Cookie Policy
You can set and modify your cookies preferences at any time, by using the Cookie Management Preference Tool available at the top of this Cookie Policy.
Browser and devices controls
Some web browsers provide settings that allow you to control or reject cookies or to alert you when a cookie is placed on your computer. The procedure for managing cookies is slightly different for each internet browser. You can check the specific steps in your particular browser help menu.
You also may be able to reset device identifiers by activating the appropriate setting on your mobile device. The procedure for managing device identifiers is slightly different for each device. You can check the specific steps in the help or settings menu of your particular device.
What happens if I disable all cookies?
The changes you make to your cookie preferences may make browsing our Services a less satisfying experience. In some cases, you may even find yourself unable to use all or part of our site.
Opting out of advertising cookies does not mean you will not see ads – it means you won’t see personalised advertising from the companies that participate in the opt-out programs. Also, if you delete cookies on your device after you opted out, you will need to opt-out again.
Note that if you use browser or device controls and/or if you delete or clear cookies on your device after you have modified your cookie preferences, the next time you visit our Platform, our cookies banner will appear and you will need to select your preferences again. Please therefore ensure that your preferences contained in the Cookie Management Preference Tool are up to date.
How do I contact PAXES?
If you have questions about this Cookie Policy or would like any further information, here’s how you can reach us:
Email us at dpo@paxes.com; or
Write to us at Attn: Legal Department at TBO.com, 2408 Oaks Liwa Heights, JLT, Dubai P.O Box: 34544
All credit/debit cards
All credit/debit cards details and personally identifiable information will NOT be stored, sold, shared, rented or leased to any third parties
Opting Out of Cookies
We use Cookies that are necessary for us to provide the services you use and you cannot opt out of these Cookies on the Platform. You may be able to disable placement of some (but not all) Cookies by setting your browser to decline cookies, though this may worsen your user experience. Additionally, you can also control, manage and/or delete cookies via your browser settings.
If you enable location data for our Android Application, we may capture your location data. In such instances, we do not share your location with any other third Parties. You may disable location services at any time in your device privacy settings.
Do Not Track Signals
We do not currently respond to 'do not track' signals and similar settings or mechanisms. When you use the Platform, we try to provide a customized experience.
Other Important Privacy Information
If you wish to access, correct, update or request your personal information, you can do so at any time by contacting us using the contact details provided under "Contact Us" section on our site.
You have the right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the "unsubscribe" Or "opt-out" link in the marketing emails we send you. If you are an unregistered user, or to opt-out of marketing you may contact us using the contact details provided under the "Contact Us".
Similarly, if we have collected and processed your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws. Notwithstanding the foregoing, we reserve the right to keep any information in our archives that we deem necessary to comply with our legal obligations, resolve disputes and enforce our agreements.
Choices Regarding Your Personal Information
In addition to your rights outlined above, if you are a registered user on our site, you can manage your account settings in the "Account Settings" page on the Platform where we provide you with the opportunity to 'opt-out' of having your personal information used for certain purposes.
We will send you notifications and if, and to the extent, you have opted-in to receive promotional communications, or other messages using the contact information (e.g., your email address, your mobile device identifier) you provided to us when you registered or when you requested information from us. You may opt-out of continuing to receive optional messages by following the instructions included in each message. Also, you can control most of the emails you receive from us by editing your email preferences within "My Account" settings on the site; provided you will need to separately opt-out of receiving our various emails by unsubscribing to each email that you have originally subscribed to. You can control the mobile push notifications within the "settings" section of the mobile app.
We will send you service-related announcements when we believe it is necessary to do so. In some cases, you can stop or limit the information we collect by automated means. To learn more about how you may be able to stop or limit our receipt of that information please review the section entitled Cookie Policy.
Closure of account
If you'd like to close your PAXES account, you can do so within your Account Settings on the Platform. When you close your account, you will no longer have full access to its features, but we reserve the right to keep any information in a closed account in our archives that we deem necessary to comply with our legal or regulatory obligations, resolve disputes and enforce our agreements.
How Long We Keep Your Personal Information
We keep your personal information only so long as we need it to provide the Platform to you and fulfill the purposes described in this Policy. This is also the case for anyone that we share your personal information with and who carries out services on our behalf. Retention periods can vary significantly based on the type of information and how it is used. Our retention periods are based on criteria that include legally mandated retention periods, pending or potential litigation, our intellectual property or ownership rights, contract requirements, operational directives or needs, and historical archiving. When we no longer need to use your personal information and there is no need for us to keep it to comply with our legal or regulatory obligations, resolve disputes and enforce our agreements, we’ll either remove it from our systems or depersonalize it so that we can't identify you.
Security Safeguards
We employ physical, electronic, and managerial measures to safeguard the information we collect online. However, no company can fully eliminate security risks, so we cannot make guarantees about any part of our services. You are responsible for keeping your username and password secret. Once you have registered with us, we will never ask you for your password. Please create a unique password for your PAXES account and do not use it for any other web services or applications. Do not share your password with anyone else.
Data Control
The information about you that we collect, process and/or use through the Platform is controlled by TBO.com, at 2408, Oaks Liwa Heights, JLT Dubai P.O Box 34544. The privacy protections and the rights of authorities to access your information in other countries may not be the same as in your home country.
You may reach us here
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact us at dpo@paxes.com
Updates to Our Privacy Policy
We may revise this Policy from time to time by posting an updated version on the Platform. This version of the Policy will be effective for you as described at the beginning of the Policy. Further revisions of this Policy will become effective as follows: The revised Policy will be effective immediately for unregistered users and users registering accounts or otherwise acknowledging the Policy on or after the revision date. For other users who registered accounts before the revision date, it will also become effective immediately. However, they can object to the new Policy within thirty (30) days after the revision date. If we make a change that we believe materially reduces your rights or increases your responsibilities, we will notify you by email (sent to the email address specified in your account) or by means of a notice on this website prior to the change becoming effective. We may provide notice of changes in other circumstances as well. We encourage you to periodically review this page for the latest information on our privacy practices. Your continued use of the Platform is subject to the most current effective version of this Policy.
Contact Us
TBO.com
Attn: Legal Department
Email: dpo@paxes.com
1. Who are we?
Welcome to the PAXES website privacy policy. TBO.com operating under the flagship brand “PAXES” (“TBO”) is a provider of a B2A (Business to Agent) travel portal (the “Platform”) that allows registered travel agents (“Travel Agents”) to book hotels, flights and other travel services with our selected hotels, airlines, tour operators, car rental companies, cruise lines and private transfer providers (“Suppliers”) in real time on behalf of their end customers (“Customers”). References in this privacy policy (“Privacy Policy”) to “we”, “our”, or “us” are references to TBO.com We operate the PAXES website available at https://www.paxes.com/ (the “Website”) to promote and provide further information and content about the PAXES Platform and to provide you with the opportunity to register to use the Platform and receive information and promotional materials about those services
2. About this Policy
We are committed to protecting and respecting the privacy of the users of the Service. This Privacy Policy sets out the basis on which your personal data, as a visitor of our Website, will be processed by us as a controller. If you visit our Website, we may use your personal data in connection with your request for or use of our services. In accordance with UK and European Economic Area (“EEA”) data protection laws, we are the controller of the personal data that you provide to us or that we collect from you. We are responsible for safeguarding your personal data which will be processed in accordance with this Privacy Policy. Please read the Privacy Policy carefully to understand how we will use your personal data.
Once you have created an account for our Platform, any personal data that we process of our Suppliers, Travel Agents, and their Customers will be governed by our Platform Privacy Policy.
3. How can you contact us?
If you have any questions about your personal data, how we look after it or if there are any changes to your personal data, please:
- Email us at dpo@paxes.com; or
- Write to us at Attn: Legal Department at TBO.com, 2408 Oaks Liwa Heights, JLT, Dubai P.O Box: 34544
4. What personal data do we collect and process, and how do we use it?
When you access the Website, you may provide us with personal data, and we may collect and process such personal data in accordance with this Privacy Policy.
We will only use your personal data where we have a valid lawful basis to do so. We have included a table below which lists all the ways in which we use your personal data and the lawful bases we rely on to do so.
Where we mention “legitimate interests”, this is the lawful basis we rely on when we feel that it is necessary to use your personal data for a reason which is in our and/or your interests and which does not unfairly affect your rights over your personal data.
What personal data do we process? | Why do we process this personal data? | What is our lawful basis for processing? |
Information you give us | ||
Identity Data: this may include your full name, geographical location and other personal identifiers. Additional data may be collected about you from the correspondence that you send to us, any conversations you have with us and any feedback you give us Admin Contact Data: this may include your professional email address, phone number(s), postal address and any other contact details you may choose to provide to us. Company Data: this may include information about the company you work for including the company name, email address, phone number and postal address. |
|
If you are:
we will assume you are happy to receive relevant marketing communications unless you have previously opted out of such communications. This is based on our legitimate interests in promoting our business and to provide you with offers for relevant products/services. If you change your mind about this, you can withdraw your consent at any time by clicking on the “unsubscribe” link at the bottom of each email. If you choose to withdraw your consent to receiving these marketing emails, we will still be able to send you service emails that are necessary for our relationship with you. |
Information automatically collected when you browse our Website | ||
Technical Data: we may automatically collect data regarding general technical use of the Website, such as your IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform. We may also receive technical data about you if you visit other websites through the Website using our cookies. For more information about cookies, please see our Cookie Policy. Usage Data: we may generate information about how you navigate and engage with our Website and download materials and online activity data such as clickstream data, page interaction information, your preferences (including country and language) and methods used to browse away from our content or Website. Location: we can identify the country that you are located in based on your IP address. |
|
|
We will only use your personal data for the reasons we have set out above. If we need to use your personal data for any other reason, we will let you know and tell you the reason along with the relevant lawful basis, unless the law prevents us from doing so.
5. Who do we share your personal data with?
By using the Website, we may need to disclose your personal data to the following categories of third parties in limited circumstances so that we can operate our Website and comply with our legal duties.
- With our third party service providers: your personal data may be held and processed securely by us on the dedicated systems supplied, monitored and maintained by our third party infrastructure providers, and by any other third party service providers we may use, such as our Website hosting provider, customer relationship management provider, analytics, security operations and other third-party service providers.
- In corporate transactions – we may transfer your personal information if we are involved, whether in whole or in part, in a merger, sale, acquisition, divestiture, restructuring, reorganization, dissolution, bankruptcy or other change of ownership or control.
- Regulators or law enforcement agencies: we may disclose your personal information if reasonably necessary with regulators, law enforcement agencies or where mandatory under a court order: (i) to comply with a legal process, such as a court order, subpoena or search warrant, government / law enforcement investigation or other legal requirements; (ii) to assist in the prevention or detection of crime (subject in each case to applicable law); or (iii) to protect the safety of any person.
- To enforce our legal rights: we may also share your personal data: (i) if disclosure would mitigate our liability in an actual or threatened lawsuit; (ii) as necessary to protect our legal rights and legal rights of our users, business partners or other interested parties; (iii) to enforce our agreements with you; and (iv) to investigate, prevent, or take other action regarding illegal activity, suspected fraud or other wrongdoing.
- With other entities within the TBO Group: when it is necessary for operational reasons such as the use of a group-wide logistics and IT infrastructure and for any administrative purposes to organise, develop and deliver our services, run our organisation and decide on future strategies.
You can ask us for more information about these organisations by contacting us using the details at the top of this policy.
6. Where do we store your information?
We will not transfer or store your personal data outside of the European Economic Area (EEA) (or the UK to the extent the UK is no longer part of the EU), except to selected third parties that we have instructed to help us provide the services to you.
If we do transfer or store your personal data outside of the EEA, we will ensure we have put adequate measures in place in order to protect your personal data to an equivalent data protection standard as in the UK and the EEA.
We will only share your personal data with countries and organisations that:
- The European Commission has deemed as having equivalent data protection laws as in the EEA; or
- We have entered into a contract which include certain requirements to make sure your personal data is protected to equivalent standards as in the EEA and the UK – please click here for a link to the standard contractual/data protection clauses.
If there are any other circumstances which would require us to transfer your personal data outside of the EEA (or the UK to the extent the UK is no longer part of the EU), we will seek your consent to transfer your personal data outside of the EEA.
You can ask us for more information about where we may transfer or store your personal data and how we will take steps to ensure your personal data is protected by using the contact details in section 3 of this policy.
7. How do we keep your personal data secure?
We will ensure we put security measures in place to protect your personal data from being destroyed, lost or shared with somebody that should not see it. However, we cannot guarantee your personal data will be free from every security risk that may be possible when your information is sent to and from the Website.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our services, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
The Website may include links to third-party websites which may collect your personal data. We have no control over what these websites do with your personal data. Please check the policies on these websites which will tell you what they do with your personal data.
8. How do we use cookies?
We use cookies or other similar technologies to capture certain data when you interact with the Website. For further information on our use of cookies, please see our Cookie Policy.
9. How long do we keep your information for?
We will only keep your personal data for as long as is necessary for us to do so for the reasons we collected it for in the first place as set out in this Privacy Policy or as otherwise required by applicable laws. We store your personal data in line with legal, regulatory, financial and good-practice requirements.
If you want further information on how long we keep your personal data, please contact us using the details set out in section 3 of this policy.
10. What are your rights in relation to your personal data?
As a result of us collecting and processing your personal data, you may have the following legal rights:
- To access the personal data we hold about you and request a copy of it;
- To ask us to correct your personal data if inaccurate or incomplete;
- To ask us to delete your personal data where we do not have a compelling reason to continue to process your personal data in such circumstances;
- To ask us to stop using your personal data in certain circumstances where there is no need for us to continue processing it in certain circumstances;
- To ask us to only use your personal data for certain things if: it is not accurate; it has been used unlawfully; or it is not relevant for the purposes it was initially collected for; and/or
- To ask us to stop using your personal data to send you marketing emails.
If you want to exercise any of the rights listed above at any time, please contact us using the details in section 3 of this policy.
We will respond to all requests that we receive from users in accordance with applicable data protection laws. We may ask you to provide proof of identity before we can answer the above requests. In some cases, we may reject requests for certain reasons (for example, if the request is unlawful).
11. How can you make a complaint?
You also have the right to make a complaint about how we have used your personal data to:
- Us - by contacting us by email or post using the details in section 3 of this policy and we will always try to help you with your problem in the first instance.
If you’re still not happy with how we have dealt with your complaint, you can contact:
- A data protection regulator; or
- The national courts – to seek a remedy if you think that your rights in relation to your personal data have been breached.
12. Changes to this Privacy Policy
We may need to change this Privacy Policy as our Service develops and offers you more exciting features or if the law changes. We will let you know if any important changes are made, otherwise, we will always display the latest version of our policy on our Website.
1. Who are we?
Welcome to the PAXES (“TBO”) privacy policy. TBO.com operating under the flagship brand “PAXES” owns and operates the booking platform which can be accessed on www.paxes.com (the “Platform”) and the PAXES smartphone app for iOS and Android devices (the “App”), collectively referred to as the PAXES “Service”. For more information about PAXES, please visit our website https://www.paxes.com/.
2. How does PAXES work?
We have developed the PAXES Service to enable travel agents (“Travel Agents”) to book hotels, flights and travel services with our selected hotels, airlines, tour operators, car rental companies, cruise lines and private transfer providers (“Suppliers”), in real time, on behalf of their end customers (“Customers”).
We are committed to protecting and respecting the privacy of the users of the Service. This privacy policy (“Privacy Policy”) sets out the basis on which (i) your personal data, as a Travel Agent or Supplier or any representatives that you authorise to use the Service on your behalf, will be processed by us as a controller and (ii) your Customers’ personal data will be processed by us as a processor. Please read the Privacy Policy carefully to understand how we will use your personal data.
3. How can you contact us?
If you have any questions about your personal data, how we look after it or if there are any changes to your personal data, please:
- Email us at dpo@paxes.com; or
- Write to us at Attn: Legal Department at TBO.com, 2408 Oaks Liwa Heights, JLT, Dubai P.O Box: 34544
4. PAXES as controller and processor
Controller
If you visit our register on our Platform, or download our App as a Travel Agent or Supplier, we may use your or your representatives’ personal data in connection with your request for or use of our Services. In order to use the Services, you must accept our Terms and Conditions which are available here https://www.paxes.com/terms-conditions. Where this is the case, in accordance with UK and European Economic Area (“EEA”) data protection laws, we will be the controller of the personal data that you provide to us or that we collect from you. We will be responsible for safeguarding your personal data which will be processed in accordance with this Privacy Policy.
Processor
Our Service is intended for use by Travel Agents and Suppliers. However, our Service provides the functionality for Travel Agents to input and collect information about their Customers which is then sent to our Suppliers. Where we process any Customer personal data, our role will be limited to that of an intermediary and we will be considered a processor in accordance with UK and EEA data protection laws. We will be processing Customer personal data on behalf of Travel Agents, who will be the controllers of any Customer personal data, under the terms and conditions that we have in place with the Travel Agents. The Travel Agents will be responsible for the processing of Customer personal data on our Platform or App which will be processed in accordance with their own privacy policies. For example, a Travel agent may input Customer personal data in order to search for a hotel and send an email to the Customer’s email address to provide a quotation or send a voucher for the reservation.
We may also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate Customer personal data from confirmed bookings for internal reporting purposes.
5. What data do we collect about you?
When you use the Service, we may collect, use, store, transfer and otherwise process the following types data depending on your relationship with us:
(A) TRAVEL AGENT/ SUPPLIER
Category of data | Types of data collected |
Business representative contact details |
When you register for our Service on behalf of your organisation, you may be required to provide us with your:
|
Company Data |
|
Billing Data |
|
Feedback and Enquiry | Information about you from correspondence that you send to us, any conversations between us and any feedback you give to us. |
Marketing and Communications Data | Information about your preferences in receiving marketing material from us and your communication preferences. |
Technical Data |
We may automatically collect the following types of information when you use our Services:
|
Usage Data | We may generate information about how you navigate and engage with our Services and download materials and online activity data such as clickstream data, page interaction information, your preferences (including country and language) and methods used to browse away from our content or Services. |
The law treats some types of personal data about you as “special” and such data requires more protection because of its sensitive nature. This includes information about your race, religion, health, sex life, sexual orientation or criminal offences. We will only collect or use this type of personal data (a) with your explicit consent or (b) if the law requires us to do so.
(B) CUSTOMER
The Travel Agent may choose to input, collect or use some or all of the following types of the data from their Customers when using our Service:
Category of data | Category of data |
Identity and contact data |
|
Payment Data |
|
Special requirements Data |
|
6. How do we collect personal data about you?
We collect personal data in different ways, depending on whether you are Travel Agent or Customer, including:
(A) TRAVEL AGENT
-
Directly from you via the Platform/[App]
We will collect your personal data directly from the Platform or App when you choose to register an account with us.
When you provide us with personal data about your Customers, you must ensure that you are authorised to disclose that information to PAXES and TBO may collect, use and share such data for the purposes described in this Privacy Policy.
-
Automated technologies
When you interact with the Platform or App, we may automatically collect technical data about your mobile device, browsing actions and patterns. We collect this personal data using cookies and other similar tracking technologies. We may also receive technical data about you if you visit other websites through the Platform ,or App using our cookies. For more information about cookies, please see our Cookie Policy.
(B) CUSTOMER
- From our registered Travel agents
Travel Agents registered for our Services, may input, use and share personal data about Customers for the purpose of making a booking for one of our travel services with our Suppliers.
Any Customer personal data processed and used in connection with our Services, will be done so in accordance with the relevant Travel Agent’s privacy policy.
7. How do we use your personal data?
We collect your personal data so that we can provide you with our Services. We will only use your personal data where we have a valid lawful basis to do so. We have included a table below which lists all the ways in which we use your personal data and the lawful basis we rely on to do so. Where we mention “legitimate interests”, this is the lawful basis we rely on when we feel that it is necessary to use your personal data for a reason which is in our and/or your interests and which does not unfairly affect your rights over your personal data.
(A) TRAVEL AGENT/ SUPPLIER
What we use your personal data for | What personal data we use | The lawful basis that we rely on to use your personal data |
To provide our Services to you, including registering your account on the Platform and App |
|
Performing our contract with you. |
To send you information about our Services which you have requested by contacting us |
|
To take necessary steps at your request prior to entering into a contract with you. |
To provide our customer service to you:
|
|
|
To use data analytics to improve our Platform, App, products and services, marketing, user and customer relationships and experiences |
|
Our legitimate interests of understanding you better to provide a better service to you for your benefit. |
To monitor operations, user activity and networks for fraud prevention and crime detection. |
|
|
To send you marketing communications if you would like to receive them.
We will only send you marketing communications about PAXES products/services that we consider may be of interest to you. |
|
Your express consent (where legally required to do so).
If you are:
we will assume you are happy to receive relevant marketing communications unless you have previously opted out of such communications. This is based on our legitimate interests in promoting our business and to provide you with offers for relevant products/services. If you change your mind about this, you can withdraw your consent at any time by clicking on the “unsubscribe” link at the bottom of each email. If you choose to withdraw your consent to receiving these marketing emails, we will still be able to send you service emails that are necessary for our relationship with you. |
To share your information with our third-party service providers which facilitate the provision of our Services such as our Suppliers (if you are a Travel Agent) and our Travel Agents (if you are a Supplier) and the fulfilment of essential service functions, such as web hosting, cloud storage, analytics, marketing, accounting, security tools. |
|
|
To share data with another organisation in the context of a joint venture, collaboration, financing, sale, merger, reorganisation or similar event relating to our business. |
|
|
We are required to comply with certain legal and regulatory requirements and may process your personal data for compliance with such legal or regulatory obligation, to which we or regulators or law enforcement agencies are subject.
To establish, exercise or defend legal claims. |
|
|
(B) CUSTOMER
What we use your personal data for | What personal data we use | The lawful basis that we rely on to use your personal data |
To provide our Services to Travel Agents that have registered an account with us, including enabling registered Travel Agents to input Customer personal data on the Platform/App for the purposes of fulfilling a booking for one of our travel services. |
|
Not applicable.
We only use your personal data on behalf of our registered Travel Agents and in accordance with their instructions. |
To contact you in exceptional circumstances where the Travel Agent is unable to contact you. |
|
Not applicable.
We only use your personal data on behalf of our registered Travel Agents and in accordance with their instructions. |
We will only use your personal data for the reasons we have set out above. If we need to use your personal data for any other reason, we will let you know and tell you the reason along with the relevant lawful basis, unless the law prevents us from doing so.
8. Who do we share your personal data with?
We may share your personal data with other organisations so we can provide our Service to you and comply with our legal duties. We have set out below who these organisations are and the reasons for sharing your personal data with such organisations.
-
Our Suppliers (if you are a Travel Agent) – in order to fulfil a booking on behalf of your Customer and to provide our Service, including:
- hotels;
- airlines;
- tour operators;
- car rental companies;
- cruise lines;
- private transfer providers; and
- any intermediary booking platforms such as Expedia.
- Our Travel Agents (if you are a Supplier) – in order to fulfil a booking on behalf of our Travel Agent’s Customers to provide our Service.
-
Our service providers – who help us operate and improve our services by assisting with various tasks including:
- payment service providers;
- marketing;
- personal information hosting and maintenance;
- analytics;
- security operations; and
- other third-party service providers that we may use from time to time.
-
Third party purchaser – in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
You can ask us for more information about these organisations by contacting us using the details at the top of this policy.
We may also need your share your personal data to comply with the law; to enforce our Terms and Conditions; to protect the rights, property or safety of us, other Platform or App users or other individuals/organisations; or where you have given us your consent to do so.
9. Where do we store your information?
We will not transfer or store your personal data outside of the European Economic Area (EEA) (or the UK to the extent the UK is no longer part of the EU), except to selected third parties that we have instructed to help us provide the services to you.
If we do transfer or store your personal data outside of the EEA, we will ensure we have put adequate measures in place in order to protect your personal data to an equivalent data protection standard as in the UK and the EEA.
We will only share your personal data with countries and organisations that:
- The European Commission has deemed as having equivalent data protection laws as in the EEA; or
- We have entered into a contract which include certain requirements to make sure your personal data is protected to equivalent standards as in the EEA and the UK – please click here for a link to the standard contractual/data protection clauses.
If there are any other circumstances which would require us to transfer your personal data outside of the EEA (or the UK to the extent the UK is no longer part of the EU), we will seek your consent to transfer your personal data outside of the EEA.
You can ask us for more information about where we may transfer or store your personal data and how we will take steps to ensure your personal data is protected by using the contact details in section 3 of this policy.
10. How do we keep your personal data secure?
We will ensure we put security measures in place to protect your personal data from being destroyed, lost or shared with somebody that should not see it. However, we cannot guarantee your personal data will be free from every security risk that may be possible when your information is sent to and from the Platform or App.
The Platform or App may include links to third-party websites which may collect your personal data. We have no control over what these websites do with your personal data. Please check the policies on these websites which will tell you what they do with your personal data.
11. How do we use cookies?
We use cookies or other similar technologies to capture certain data when you interact with the Platform or App. For further information on our use of cookies, please see our Cookie Policy.
12. How long do we keep your information for?
We will only keep your personal data for as long as is necessary for us to do so for the reasons we collected it for in the first place.
(A) TRAVEL AGENT
Generally, we will keep your personal data for as long as you are a registered for our Services and have an account with us.
After this, we may keep your personal data for up to 3 years (or longer where the law requires). This is so we can:
- Communicate with you about any questions or complaints you may have after you have stopped being a user of our Services; or
- To comply with the rules on accounting, reporting or any other law.
(B) CUSTOMER
We will only keep Customer personal data for a 12 month period to comply with the rules on accounting, reporting or any other law or the period determined by the relevant Travel Agent which is the controller of the Customer personal data. For details on how long the relevant Travel Agent keeps your personal data for, please contact them or read their privacy policies.
In certain circumstances, we may aggregate your personal data (so that it will no longer identify you) for research, analytical or statistical purposes, in which case we may use this information indefinitely without further notice to you.
If you want further information on how long we keep your personal data, please contact us using the details set out in section 3 of this policy.
13. What are your rights in relation to your personal data?
As a result of us collecting and processing your personal data, you may have the following legal rights:
- To access the personal data we hold about you and request a copy of it;
- To ask us to correct your personal data if it inaccurate or incomplete;
- To ask us to delete your personal data where we do not have a compelling reason to continue to process your personal data in such circumstances;
- To ask us to stop using your personal data in certain circumstances where there is no need for us to continue processing it in certain circumstances;
- To ask us to only use your personal data for certain things if: it is not accurate; it has been used unlawfully; or it is not relevant for the purposes it was initially collected for; and/or
- To ask us to stop using your personal data to send you marketing emails.
If you want to exercise any of the rights listed above at any time, please contact us using the details in section 3 of this policy.
14. How can you make a complaint?
You also have the right to make a complaint about how we have used your personal data to:
- Us - by contacting us by email or post using the details in section 3 of this policy and we will always try to help you with your problem in the first instance.
If you’re still not happy with how we have dealt with your complaint, you can contact:
- A data protection regulator; or
- The national courts – to seek a remedy if you think that your rights in relation to your personal data have been breached.
15. Changes to this Privacy Policy
We may need to change this Privacy Policy as our Service develops and offer you more exciting features or if the law changes. We will let you know if any important changes are made, otherwise, we will always display the latest version of our policy on our Platform and App.