Travel Point


PRIVACY POLICY


1. General provisions


1.1 The administrator of your personal data is TRAVEL POINT GLOBAL Limited Liability Company that operates under TRAVEL POINT (“TRAVEL POINT”). We are ready to provide our services to any Internet user. You can use our services by using the website https://travel-point.me/ and this Privacy Policy (“Policy”) is an integral part of the agreement on their use.


1.2 First, we want you to understand how TRAVEL POINT works.

The functionality of TRAVEL POINT is built on the interaction with a “token”, such as BMP-Link or Go-Link. This is the key to the storage with data about the tickets you have sold in the Global Distribution Systems (GDS). The token is created to allow you to transfer your data and its processing to third-party applications. We at TRAVEL POINT use the “token” to keep records of tickets sold in one place, to provide invoices to customers, and for settlements with partners.

TRAVEL POINT was created to make life easier for airline managers and simplify interaction with consolidators.

Is it necessary to use a token in TRAVEL POINT? No, it is not necessary. Most of the functionality will not be available. You will need to request invoices for payment yourself, you will need to return to the ticket accounting plates and keep a calendar, noting who to register when.

Is it possible to disable the download of tickets in TRAVEL POINT? Yes, you can do it yourself or write to support@travel-point.me

Can I delete all user data from TRAVEL POINT? Yes. If you need to do this, please write to support@travel-point.me


1.3 We have developed this Policy to confirm that TRAVEL POINT complies with the provisions of the General Data Protection Regulation, ie. Regulation No. 2016/679 of the European Parliament and of the Council of the European Union “On the protection of individuals with regard to the processing of personal data and the free movement of such data and repealing Directive 95/46/EC” (“GDPR”), the Law of Ukraine “On the Protection of Personal Data” and other legislative acts regulating the procedure for interacting with personal data of Internet users.


1.4 We respect personal data. By using TRAVEL POINT services, you entrust us with your personal information and we do our best to ensure the security of this data and at the same time provide you with the opportunity to manage it.


1.5 Please note that the Policy applies to all personal data that you provide to us and that we collect independently in the course of providing TRAVEL POINT services (including through cookies),as well as data that you enter into the TRAVEL POINT reporting system to facilitate the management and analysis of data related to the sale of airline, railway and bus tickets, i.e. in the process of creating your own database


1.6 This Policy does not apply to websites that you have accessed through hyperlinks posted on our website https://travel-point.me/


1.7 With this Policy, we want to tell you about

- who we are;

- how we work with personal data;

- what personal data we collect;

- what is the purpose of processing personal data;

- where and why we transfer personal data;

- how long we keep personal data;

- what rights you have as a data subject;

- how we keep personal data confidential;

- how we keep and ensure the confidentiality of the information in your database;

- how to contact us.


1.8 For us, the legal basis for processing personal data is, in accordance with Article 6 GDPR, separately or simultaneously

- your consent to the processing of your personal data and the personal data of third parties on whose behalf or for whose benefit you act, in order to provide TRAVEL POINT with its services;

- the need to perform a contract to which you or a third party on whose behalf or in whose favor you act is a party;

- the need, at the passenger's request, to take actions necessary to conclude a contract with the carrier.

1.9 The processing of a special category of personal data (for example, health data) will be carried out only if you have the appropriate consent to the processing of your personal data and personal data of third parties on whose behalf or in whose interests you act, and/or the need for carriers to provide special services related to the passenger's health condition.

1.10 Please note that you, as a user, are solely responsible for the interaction of TRAVEL POINT with other programs, extensions or applications from other developers, its compliance with the rules and policies, in particular GDS terminals.

1.11 We reserve the right to make changes to this Privacy Policy at any time and for any reason. The date of the last update of the Policy will be indicated in the “Last Updated” line at the end of this page.


2. Personal data of third parties


2.1 If you use TRAVEL POINT services on behalf of or for the benefit of third parties (for example, your clients), the information you provide about such third parties is collected and processed by TRAVEL POINT on the same terms as your personal data. If you provide us with personal data of third parties for and on whose behalf you act, you declare that you are entitled to entrust us with the processing of this personal data.


2.2 If you use the TRAVEL POINT services to record and store your clients’ data, you are creating your own database. All information and content you submit or upload to this database is your own and you have full control over it.


2.3 We collect and process third party data (including your clients’ data) solely on your behalf to provide the data storage and consolidation services you have subscribed to.


2.4 Our support team and programmers may access your database and information in a limited and strictly reasonable manner only in exceptional circumstances:

- to resolve any problem with our services and only upon your direct request to our support team;

- to comply with any legal requirement (enforcement action, subpoena or court order, defence against unlawful claims, etc;)

Any other interference and use of this data and information is not permitted.


3. Consent to the processing of personal data


3.1. If you have checked the “I agree with the privacy policy” box during registration on our website or have joined our Subagency Agreement for the provision of intermediary services, the provisions of which are published on our website, we consider that you:

- unconditionally, fully and without any changes accept the terms of this Policy;

- are informed that this website may collect your personal data and personal data of third parties on whose behalf or in whose favor you act, as well as their processing using the technical capabilities of TRAVEL POINT;

- consent to the collection and processing of all personal data provided by you for the purposes specified in this Policy;

- consent to the processing of a special category of personal data (for example, health data) about you or third parties on whose behalf or in whose interests you act, if it is necessary to provide special services directly related to such category of personal data;

- consent to the processing and international dissemination of your personal data and personal data of third parties on whose behalf or in whose favor you act, if required by the terms of service;

- consent to the transfer of personal data to third parties in order to fulfill the terms of the contract and provide the relevant services to TRAVEL POINT;

- give your consent to the collection and storage of your personal data and personal data of third parties on whose behalf or in whose interests you act, without limitation of validity, until you or the third party on whose behalf or in whose interests you act personally request or wish to terminate the processing of your personal data and/or their destruction, and/or until the termination of the relationship at the initiative of TRAVEL POINT and/or on other grounds in accordance with the provisions of this Policy and the requirements of the law.


3.2 By agreeing to the terms of the Policy, you confirm that you are a legally capable person who has reached the age of 16.


3.3 By agreeing to the terms of the Policy, you consent to the processing of your personal data and personal data of third parties on whose behalf or in whose interests you act, under the conditions specified in this Privacy Policy.


3.4 By providing information about third parties, you confirm that such third party is familiar with the provisions of this Privacy Policy, and it gives its unconditional and full consent to the collection and processing of personal data in accordance with the terms of this Policy


4. Personal data we collect and process


4.1 We receive and store any information that you provide through the website https://travel-point.me/, inform our support service, provide TRAVEL POINT in any other way to the extent necessary to provide services, improve the quality of such services and fulfill contractual obligations to you or third parties on whose behalf or in whose interests you act.


4.2 The above information includes:

- information that can be used to identify an individual who directly uses the TRAVEL POINT services, such as, surname, name, mobile phone number, e-mail address, name of the employing company, position;

- information that can be used to identify a passenger, i.e. an individual who is transported by an aircraft with the consent of the carrier in accordance with the contract of carriage and in whose name the ticket (transportation document) is issued, in particular, surname, name, date of birth, gender, citizenship, mobile phone number, postal address, e-mail address, mileage card, loyalty card information, visa information;

- Identity document information, such as passport number and series, date of issue, and expiration date;

- technical information, including the Internet Protocol (IP) address used to connect to the Internet, your registration information, browser type and version, time zone, browser plug-in types and versions, operating system and platform;

- profile information (settings, search history, booking and sales history);

- information about your visit, history of visits and movements on our website, history of leaving our website (including date and time), services you viewed or searched for, page response time, loading errors, length of time spent on certain pages, information about page activity (such as scrolling, clicking and hovering), ways to leave the page;

- information necessary for us to improve the quality of the TRAVEL POINT service, which is an integral part of the provision of the service in general, including information that you use when working with online cloud distribution systems after logging in;

- information obtained in the course of communication with you by phone, e-mail, through our website, social media, customer support or otherwise;

- information necessary for the conclusion and/or performance of a contract with you or third parties on whose behalf or in whose favor you act;

- cookies that are essential and without which our website cannot function, and cookies that are collected and sent to Amplitude to enable us to use their tools to improve the website. You can find out more about our Cookie policy at the link https://travel-point.me/cookies-policy;

- information you provide when creating and updating your own database;

- other information that you voluntarily leave on this website.


4.3 If you do not want us to process your personal data or the personal data of third parties on whose behalf or for whose benefit you are acting, please do not provide us with such information.


4.4 We do not collect personal data from persons under the age of 16, and they are prohibited from providing information to receive our services. If we find out that personal data is submitted by someone other than a parent of a child (i.e., a person under 16) or a legal guardian or a user directly authorized by them, we undertake to delete such data immediately.


5. Purpose of personal data processing


5.1 We use your personal data and the personal data of third parties on whose behalf or in whose favor you act in order to provide TRAVEL POINT with the fullest, highest quality services, in particular, but not exclusively, for preparing, producing or issuing any air ticket, making changes to the ticket, calculating and making a refund, providing EMD services, etc.


5.2 We may also use personal data to provide you with quality responses or other information from TRAVEL POINT based on your requests or requests from third parties on whose behalf or in whose interests you act.


5.3 Also, the purpose of processing personal data is to use them for marketing and advertising purposes, including direct marketing, market research, statistics.


5.4 We also use personal data to continuously improve the provision of TRAVEL POINT services, improve your experience of using our website https://travel-point.me/ .


6. Transfer of personal data


6.1 Your data may be transferred to third parties only for the purpose of proper provision of TRAVEL POINT services, which could not be provided without such transfer of your personal data or personal data of third parties on whose behalf or in whose favor you act. For example, personal data may be transferred to carriers for issuing tickets (transportation documents).


6.2 We may also provide your personal data and personal data of third parties on whose behalf or in whose interests you act, to persons, officials, representatives, agents, employees or partners of TRAVEL POINT related to TRAVEL POINT in order for them to provide you with their services.


6.3 TRAVEL POINT uses Amplitude on its website, which is a web analytics tool that helps to understand how visitors interact with this site. Amplitude collects data about: browser, device type, device model, location, country, city, service provider, screen resolution (mobile), time spent on the site, language, operating system, pages visited on the site. Amplitude uses the information to study the use of the website, prepare reports on website activity and offer other additional services. Please note that Amplitude receives your cookies. Without such cookies, Amplitude's work is impossible. You can read Amplitude's privacy policy on their official website at this link.


6.4 In addition, we may disclose information

- in response to an enforcement action, subpoena or court order;

- to protect against unlawful claims;

- to fulfill other legal requirements;

- in case we consider it necessary to respond to illegal actions against us, or to analyze an illegal act, to protect or preserve our rights, property or safety of TRAVEL POINT.


6.5 In case of transfer of personal data on the grounds other than those specified in this Policy, you will be notified of such transfer and you will be able to authorize or prohibit us from providing your personal data to a third party.


6.6 When transferring personal data, we always use the most secure and proven methods.


7. Cross-border data transfer


7.1 You agree that in order to provide its services, TRAVEL POINT may store and process personal data, including verification of transactions on servers and resources located outside of Ukraine and the European Economic Area. You give your unconditional consent to the transfer of any or all of your personal data and the data of third parties on whose behalf or for whose benefit you act outside of Ukraine and the European Economic Area only for the purpose of obtaining the proper level of services. Your personal data may be stored and processed on servers and resources owned by TRAVEL POINT or independent contractors, which may be located anywhere in the world (e.g., USA, Canada).


7.2 If you use this website, you agree to the transfer of your personal data outside of Ukraine, the European Union and the European Economic Area. You are informed and agree that your personal data may also be transferred to the United States. Any cross-border transfer of data takes place only to fulfill the terms of the relevant requests, the agreements of this Policy and for the purpose of providing services. All cross-border transfers are limited to those categories of data and recipients that are necessary to fulfill the relevant contracts, provisions of this Policy and the provision of services.


8. Personal data retention period


8.1 We store your personal data for as long as it is necessary for the above activities. It depends on the purpose for which the data was collected or whether we have a permanent legal basis for storing the data (e.g., to fulfill the provisions of a contract between us, to provide the services you have requested). Please be assured that if we no longer have a reason or legitimate need to process your personal data, we will delete it or store it in a way that it can no longer identify you.


8.2 TRAVEL POINT's storage of different types of personal data depends on the following factors

- the purpose of collecting the personal data;

- the time it will take to achieve the purpose;

- any specific reason or strict legal obligation to retain the personal data for a certain period of time.


8.3 If you have an account on our website, we will store personal data such as your email address, first name, last name, the name of the company you work for, and mobile phone number to enable you to log in and access our services for as long as your account exists.


8.4 When determining the period of storage of personal data, we also take into account the storage time necessary to fulfill our obligations to you or third parties on whose behalf or in whose interests you act, regulatory authorities, as well as to submit accounting and tax reports.


9. Rights of the user (personal data subject)


9.1 We respect your rights regarding personal data and facilitate their realization. You can contact TRAVEL POINT at the contacts listed below with a request to exercise your rights.

9.2 You can exercise the rights to:

- access to information related to the processing of your personal data:

- access to information that is the subject of the contract between us;

- receive an electronic copy of the personal data that was processed;

- clarification and/or correction of your personal data, in particular, we will notify all persons to whom we have previously transferred your personal data, provided that such notification is feasible and does not require disproportionate efforts from us;

- direct transfer of your personal data from TRAVEL POINT to third parties;

- restriction, full or partial withdrawal of your consent to the processing of personal data in certain ways;

- destruction of your personal data at your request, or if the consent to processing has been withdrawn, or if there is no longer a need to process your personal data.

- destruction of your database created as a result of using Travel Point software products as an online service to simplify the management and analysis of data related to the sale of airline, railway and bus tickets.


9.3 If you believe that your rights and/or legitimate interests have been violated, you have the right to file a claim or complaint with the competent state authority.


10. Maintaining the confidentiality of personal data


10.1 We take a set of technical, organizational and legal measures to protect your personal data from unauthorized or accidental access, collection, storage, use, transmission, blocking or destruction, as well as other unauthorized actions or accidental leakage.


10.2 For example, we provide:

- compliance with the principle of minimum necessary access (Least Privilege). Access is granted in accordance with job responsibilities, business needs and the ‘need to know’. We periodically conduct access checks to ensure that employees have only the rights they need to do their jobs;

- familiarising TRAVEL POINT employees with the requirements of current legislation and regulations on the processing and protection of personal data;

- accounting and storage of material information carriers, which makes it impossible to steal, replace, unauthorised copying and destruction;

- identification of threats to the security of personal data confidentiality;

- use of a log collection system (Graylog) that automatically collects event logs from critical systems. Automated rules provide notifications of potential incidents;

- training employees in the use of information security tools and rules for working with personal data information systems;

- ensuring authentication security: all Travel Point systems use a password complexity policy (length, characters, regular change). Where possible, we use multi-factor authentication (MFA);

- keeping records of information security tools, operational and technical documentation for them;

- monitoring of user actions, review of violations of personal data security requirements;

- use of third-party solutions to prevent distributed denial of service (DDoS) attacks;

- hosting in a secure environment: your data and your customers' data are stored in the AWS cloud environment, which ensures the physical security of data centres. AWS has international security certifications (ISO 27001, SOC 2, etc.);

- separated environment: your data and your customers' data do not enter test or development environments. There are separate environments for development, testing and production;

- backup: all data is regularly backed up in encrypted form. This helps to avoid the loss of information in case of failures or attacks;

- monitoring and response: algorithms for detecting anomalous activity are implemented to minimise the risk of data leakage;

- other measures to protect confidentiality.


10.3. In the course of our activities, we use specialised solutions for automatic monitoring of incidents on a 24/7 basis. This allows us to respond quickly to possible threats.


11. Contacts


11.1 You can contact us by sending a message to support@travel-point.me or through TRAVEL POINT technical support using the chat that works directly on our website.

11.2 You can also send us a letter to the address: 72 Velyka Vasylkivska St., Kyiv, 03150, office 31, recipient TRAVEL POINT GLOBAL Limited Liability Company, legal entity registration code 42896302.


Version of the document dated: 22.01.2025