Published 25 May 2018
World Travel and Tourism Council is committed to protecting your privacy.
We recognise our obligation to keep personal information secure and believe it is important for our partners, Members, website users, and other individuals to know how we treat their personal information.
This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
By visiting our website or otherwise providing data to us you are accepting and consenting to the practices described in this policy.
Here are some of the key changes we made on 25 May 2018, when the European Union General Data Protection Regulation (“GDPR”) came into effect:
- Who we are and how to get in touch with us: We have clarified what the WTTC is, where we are headquartered and who to get in touch with about any personal data of yours that we may be holding.
- Collection and use of data: We’ve provided more information about the ways we collect personal data about you, who we collect that data from, and how we intend to use it.
- Purpose of processing: We provide more detail on the purpose and legal basis for the processing your data.
- Who has access to your information: Our policies and procedures haven’t changed but we’ll tell you exactly who will and won’t get access to your data.
- Your rights as a Data Subject: We’ve set out the rights individuals have under the new GDPR in relation to their personal data and how those rights can be exercised.
Who are we?
We are the World Travel & Tourism Council (“WTTC”), a membership organisation founded by, and existing to serve companies and institutions engaged in or with the economic sector of Travel & Tourism. We are headquartered in the United Kingdom and incorporated as a Private company limited by guarantee without share capital, company number 02506591. Our registered office address is The Harlequin Building, 65 Southwark Street, London, SE1 0HR, U.K.
WTTC is registered as a Data Controller with the UK Information Commissioner’s Office (“ICO”), which is an independent public body sponsored by the Department for Digital, Culture, Media and Sport of the UK Government. The representative of the Data Controller can be contacted by organisations with questions about any aspect of our handling of data privacy, by email at [email protected], by telephone at +44 (0) 20 7481 8007, or in writing to the company registered address.
WTTC has also voluntarily appointed Mr. Jason Christopher Norman as its Data Protection Officer to act as the first point of contact for the supervisory authorities and for individuals whose data is processed. His contact details are also as above.
The information we collect from you
We collect information directly from individuals when they voluntarily submit their personal information to us by filling in forms (on our website or otherwise), or by corresponding with us by phone, email or otherwise.
This includes information you provide when you apply for Membership, register to attend an event, request information, participate in a competition, promotion or survey or in discussion boards on our website.
The information you give us may include your name, address, email address, phone number, company name and address, alternative contact details (e.g. those of a family member or secretary), photograph and financial and information.
At certain parts of our website, we may provide the opportunity for users to send an e-mail to us which may contain their personal data.
When this sort of information is collected we will provide the reason for collecting the information and how the information will be used.
The information we collect about you
With regard to each of your visits to our website we may automatically collect the following:
- Technical information, including the Internet Protocol (IP) address used to connect your computer to the Internet, your browser type and version, time zone setting, browser plug-in types and versions, operating system and platform; and
- Information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our website (including date and time); page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.
If you work for or are otherwise engaged with a company or institution in which WTTC has a legitimate interest, we may collect personal data about you from friends, colleagues or from information in the public domain to contact you. When we do so we will tell you the source of the personal data and give you the option to withdraw consent for further processing.
We may also capture personal data when you attend an event hosted by us via photograph, video or audio footage taken.
How we use “cookies”
Our website uses “cookies” to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our website.
A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer's hard drive.
We use the following cookies:
- Strictly necessary cookies. These are cookies that are required for the operation of our website.
- Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
You can find more information about the individual cookies we use and the purposes for which we use them in the table below:
To gather analytics and usage data.
Examples of usage data collected includes the type of Internet browser you are using and the domain name of the web website from which you linked to the website
Our website also uses third party requests to gather analytics and usage data for the website or to allow you to share certain pieces of our content on your social media accounts.
- Other than third party requests generated by Google Analytics, we use the “Facebook Connect” application to allow you to log in to your Facebook account and share certain pieces of our content.
Most browsers allow you to refuse to accept cookies by adjusting your browser settings. For example:
- In Google Chrome: Click the “three line” Chrome menu (usually in the top right hand corner of the browser). Select Settings. Click Show advanced settings. In the "Privacy" section, click the Content settings button. In the "Cookies" section, you can block all cookies by selecting "Block sites from setting any data". Please refer to Google Chrome's help & support section for further instructions and guidance.
- In Windows Internet Explorer 7 and Windows Internet Explorer 8: Click the Tools button, and then click Internet Options. Click the Privacy tab, and then, under Settings, move the slider to the top to block all cookies or to the bottom to allow all cookies, and then click OK. Please refer to Microsoft's help & support section for further instructions and guidance.
Please keep in mind that blocking cookies may have a negative impact upon the usability of many websites and if you block cookies, you may not be able to use all the features on the website. In Google Chrome, you'll see a blocked cookie icon in the address bar to warn you whenever a cookie has been blocked.
You can delete cookies already stored on your computer by clearing your browsing data. For example:
- In Google Chrome: Click the “three line” Chrome menu (usually in the top right hand corner of the browser). Select Settings. Click Show advanced settings. In the "Privacy" section, click the Content settings button. In the "Cookies" section, click “All cookies and website data” to open the Cookies and website data dialogue. To delete all cookies, click “Remove all” at the bottom of the dialogue. To delete a specific cookie, hover over the website that issued the cookie with your mouse, then click the X that appears in the right corner. You can also choose to remove all cookies created during a specific time period, using the Clear Browsing Data dialogue. Please refer to Google Chrome's help & support section for further instructions and guidance.
- In Windows Internet Explorer 7 and Windows Internet Explorer 8: Click the Tools button, and then click Internet Options. On the General tab, under Browsing history, click “Delete”. Select the Cookies check box, and then click “Delete” if it isn't already checked. Clear or select check boxes for any other options you also want to delete. Please refer to Microsoft's help & support section for further instructions and guidance.
Our use of collected information
We use information held about you in the following ways:
1. Information collected from you. We will use this information:
- To administer our Membership scheme;
- To carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products and services that you request from us;
- To provide you with information about the services we provide;
- To notify you about changes to our service; and
- To respond to inquiries or to process requests.
2. Information we collect about you. We will use this information:
- To provide you with information about the services we provide;
- To administer our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- To improve our website to ensure that content is presented in the most effective manner for you and for your computer;
- To allow you to participate in features of our service, when you choose to do so; and
- As part of our efforts to keep our website safe and secure.
In summary, where we collect your personal data, we’ll only process it:
- To perform a contract with you, or
- Where we have legitimate interests to process the personal data and they’re not overridden by your rights, or
- In accordance with a legal obligation, or
- Where we have your consent.
How long do we keep your information?
We review our retention periods for personal information on a regular basis. We are legally required to hold some types of information to fulfil our statutory obligations. We will hold your personal information on our systems for as long as is necessary for the relevant activity, or as long as is set out in any relevant contract you hold with us.
Who has access to your information?
We will not sell or rent your information to third parties.
We will not share your information with third parties for marketing purposes.
We may communicate your information to selected third parties including:
- Suppliers and sub-contractors for the performance of any contract we enter into with them or you;
- Analytics and search engine providers that assist us in the improvement and optimisation of our website; or
For WTTC Members Only: From time to time we publish a Members Directory in order to educate Members about each other’s businesses and to provide a Member with the contact details for each Member (if a Member has consented to his or her details being disclosed). Please note that Members do not have the right to require us to give them access to other Member’s personal information.
Where We Store Your Personal Data
The data that we collect from you may be transferred to countries other than the country you live in, where it may be processed by staff who work for us or for one of our suppliers. These countries may have laws different to what you’re used to. However, when we disclose personal data to a third party in another country, we put safeguards in place to ensure your personal data remains protected.
For individuals in the European Economic Area (EEA), this means that your data may be transferred outside of the EEA. Where your personal data is transferred outside the EEA, it will only be transferred to countries that have been identified as providing adequate protection for EEA data (like New Zealand), or to a third party where we have approved transfer mechanisms in place to protect your personal data – i.e., by entering into the European Commission’s Standard Contractual Clauses, or by ensuring the entity is Privacy Shield certified (for transfers to US-based third parties).
How do we secure your information?
World Travel and Tourism Council maintains strict physical, electronic and administrative safeguards for the protection of users’ personal information from unauthorised or inappropriate access. Employees, business partners and affiliates who misuse a user’s personal information are subject to disciplinary actions.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
In addition to the WTTC policies explained above, as a data subject you could, under the prevailing regulations, choose to exercise the following rights, if applicable:
- To request from WTTC access to and rectification or erasure of your personal data or restriction of processing and to object to processing;
- To have personal data sent to you or another Data Controller in a commonly used machine-readable format (data portability);
- Where the basis for processing is consent, the right to withdraw consent at any time;
- To lodge a complaint with a supervisory authority; and
- To be informed:
- whether the provision of personal data is part of a statutory or contractual requirement or obligation and the possible consequences of failing to provide the personal data;
- the categories of personal data sourced from third parties or publicly accessible sources;
- the existence of automated decision making, including profiling and information about how decisions are made, the significance and the consequences;
- the identity of any recipient or categories of recipients of the personal data;
- and, if WTTC intends to process your personal information for a purpose other than that for which it was collected, what that purpose is and any relevant further information.