GDPR
Information for Rex Travel AB's customers before the application of the new data protection regulation - GDPR
On 25 May 2018, the Swedish Personal Data Act will be replaced by the EU's General Data Protection Regulation, GDPR. Rex Travel is then, in a similar way as today, directly responsible for living up to the GDPR's requirements for personal data controllers.
Rex Travel processes travelers' personal data as an independent personal data controller for travelers' information. Rex Travel is therefore not a personal data processor and therefore cannot enter into a personal data processor agreement.
Each company/customer of Rex Travel is responsible for personal data for its employees' personal data because the company must be able to make its own decisions about "why and how" employees' personal data is used for personnel administration.
Rex Travel, on the other hand, is the data controller for travelers' personal data, and in that role Rex Travel has direct responsibility for ensuring compliance with the data protection regulations. Both the company and Rex Travel are thus independent personal data controllers (but process the employees'/travellers' personal data for different purposes).
The Swedish Travel Association has stated that "It is the travel agency that is responsible for personal data processing that takes place at the travel agency and thus the one that independently and on its own responsibility has to ensure that the processing of personal data carried out by the travel agency complies with the GDPR".
We process your personal data primarily to fulfill our obligations to you. Our starting point is not to process more personal data than is necessary for the purpose, and we always strive to use the least privacy-sensitive data.
We also need your personal data to provide you with good service, for example in terms of travel orders, follow-up and information.
What personal data do we process?
We only process personal data when we have a legal basis. We do not process personal data other than when it is needed to fulfill obligations according to agreements and laws. Here are examples of the personal data we process:
-
Name
-
Address
-
Email address
-
Phone number
-
Fax number
-
Age
-
Date of birth
-
Sex
-
Title
-
User name
-
Photographs/passport copies
-
Debit card number, credit card number and other bank-related information
-
Information that you registered yourself and voluntarily provided
-
Content that you publish yourself, so-called user-generated content, e.g. special seat reservation requests and requests for special food (flight)
We develop routines and working methods to ensure that your personal data is handled securely. The starting point is that only employees and other people within the organization who need the personal data to perform their tasks should have access to it.
Rex Travel AB only discloses your personal data to third parties such as (airlines, hotels, bus companies, shipping companies) in order to fulfill our obligations towards you as a customer.
If you have agreed to newsletters or offers, we also use the data to be able to provide information, offers and newsletters.
Responsible for the personal data is Rex Travel AB.
You can request that your personal data be corrected or deleted by contacting Rex Travel.
Rex Travel AB
Peter Zacke, CEO