1. Introduction

Wings Travel Management (“Wings”, “we”, “our”, or “us”) respects your privacy and is committed to complying with this Global Privacy Policy in conjunction with our general Wings Terms and Conditions and The Wings Data Protection Agreement, where applicable, which describes how Wings, as a travel management company, collects and uses the personal data you provide to us. This Global Privacy Policy describes what personal data we collect about you, how we collect it, how we use it, with whom we may share it, and what choices you have regarding our use of your personal data. We also describe the measures we take to protect the security of your personal data and how to contact us.

This Global Privacy Policy applies to Wings’ travel management and related services provided to you, including Wings’ websites, portals and applications that display or link you to this Global Privacy Policy (hereinafter referred to collectively as the “Services”). Once you leave such websites and applications for others, the privacy policies of the other websites or applications shall apply.

We encourage you to read this Global Privacy Policy carefully in its entirety, as it relates to your rights regarding the processing of your personal data. As a user of our Services, you understand and agree that we collect, use, and disclose your personal data in accordance with this Global Privacy Policy.

Our privacy practices vary (as they must amongst countries in which we operate), to reflect local legal requirements. Wings complies with applicable laws in the jurisdictions in which it operates, including the Regulation (EU) 2016/679 General Data Protection Regulation (GDPR) by May 25, 2018 in its handling of personal data of persons in the European Economic Area (EEA). It is in our legitimate business interests to provide you with the Services which use the personal data provided to us for the purposes described herein. Your agreement to the terms of this Global Privacy Policy is not intended to and does not constitute a “consent” to such terms for purposes of the GDPR.

  1. Identification of the personal data that Wings collects

In the course of providing its Services, Wings collects, uses, and discloses personal data.  Personal data is information that can be used to identify you or with which Wings can link to you.  You, as a traveller or user of the Services, may be asked to provide certain personal data when you use our Services, such as:

  • Names and contact information (work and home/mobile phone, fax, email, address);
  • Traveller and emergency contact names and information;
  • Traveller (e.g. routings, class of service, seat preferences, frequent flyer data, meal preferences, hotel/rail/car and other ground transportation membership data and preferences, special accommodation requests, other personal data supplied by you via your profiles, surveys, or other requests);
  • Travel documentation (e.g. passport/visa/driver’s license number, citizenship, date of birth, gender, photographs);
  • Payment data (corporate/personal credit cards) and bank information;
  • Logins, user ID’s, employee ID’s, passwords, IP addresses, and browsing information; and
  • Sensitive personal data such as data about, racial or ethnic origin and religious beliefs for visa applications (where required to be provided under law).

If you submit any personal data relating to other people in connection with the Services (e.g. if you make a reservation for another individual), you represent that you have the authority to do so and we will collect, use, and disclose such personal data in accordance with this Global Privacy Policy.

Wings may collect personal information (including personally identifiable information or, where relevant, sensitive personal data) about you and/or the person on behalf of whom you are utilising the Services (“Your Data”) in the following ways:

Information you give us. This is information that you give us by filling in forms on our websites, online booking tools or other applications, or by corresponding with us by phone, email or otherwise. The information may include without limitation your and /or your travellers name, address, e-mail address, phone number or other contact details, marital status, age, occupation, role/title/area of responsibilities, financial and credit card information, personal description and photograph and other information (including as required by laws and regulations addressing insurance and related matters or as required to provide the Services).

Of course, you are not required to supply any of the information that we may request, notably sensitive data, although this might limit the Services we are able to offer you.  While we make every effort to ensure that Your Data is accurate, complete and up to date, you can help us considerably in this by promptly notifying us if there are any changes to Your Data.

Information we collect about you. We, our service providers and other business partners, collect certain information by using automated means, such as cookies, when you interact with our applications, or visit our websites. This information may include your IP address, browser type, operating system, the full URLs, referring URLs and information on actions taken or interaction with our digital assets. We may use third-party web analytics services on our websites and applications, to help us analyse how visitors use our websites and other digital platforms. We, our service providers and our business partners may also collect information about your activities on our websites and other digital platforms for use in providing you with content tailored to your individual interests. The information collected for these purposes may include details about things like the particular pages you view on our websites and the actions you take on our websites and or other digital assets.

Information we may receive from other sources. We work closely with third parties (including Global Distribution Systems (GDSs) and other related travel suppliers for booking/ticketing purposes; industry reporting authorities, payment and delivery services, analytics providers, search information providers, credit reference agencies, financial institutions, financial advisers, disclosure and criminal check services, police forces and courts) and may receive information about you from them). These third parties may be based outside of the EEA (see the storage and transfer of Your Data section for more information).

  1. Does Wings disclose personal data across borders?

When sharing with or disclosing personal data to other parties, including to Wings’ related companies, affiliates, subsidiaries, partners, subcontractors, and local travel agents who provide the Services and maintain facilities, your personal data may be transferred to countries with data protection laws providing a lower standard of protection for your personal data than your home country.

We will transfer Your Data in compliance with applicable data protection laws, including having adequate mechanisms in place to protect Your Data when it is transferred internationally (e.g. data protection agreements).  If you have questions or wish to obtain more information about the international transfer of Your Data or the implemented safeguards, please contact us as provided in this Global Privacy Policy.

  1. How does Wings store and protect personal data?

Wings has a number of systems and procedures in place which assist us in ensuring all our client information is safely stored as well as multiple layers of security in place which help manage all access to customer and company data globally.

All staff/user network access is managed via our Active Directory across Wings global domain. Our strict user permissions management policy covers all mandatory aspects such as password complexity, mandatory password resets, as well as control of “in and out” of network communication.

All connectivity between our operations, data centres as well as any external data feeds required by our clients, are managed by our global firewall solution. All data movement between the locations is also encrypted and transmitted via secure IPSec VPN tunnels. It is important to note that our data centres are strategically positioned in line with our Business Continuity and Disaster Recovery Plan, and as that reside in two different geographical locations (EEA and AME, United Kingdom and South Africa).

In addition to adhering to vendor recommended best practices there are also ongoing efforts aimed at reducing the attack surface and proactively monitoring Active Directory for signs of compromise.

Access and permissions for systems within our application layer such as our front, mid and back office tools are managed per application and in line with the user permissions management policies for the respective solutions, adding an extra layer of security/control

Wings has adapted our booking and other processes to align with the PCI DSS requirements, with all card numbers being masked and data only used for its intended purpose.

In a similar vein, Wings only use data for the intended purpose, we do not hand off data to any third party that is not part of the process.

5. How long does Wings keep my personal data?

Wings retains Your Data for the period necessary to fulfil the purposes outlined in this Global Privacy Policy read in conjunction with local applicable laws or unless a longer retention period is required or permitted by applicable laws. The general retention period as set out in the Wings Retention Policy is 3 (three) years, however this is subject to variances, more fully set out the Retention Policy.  When determining how long to retain Your Data, Wings takes into account the necessity of the personal data for the provision of our Services, applicable laws and regulations, including data protection laws, and our legal obligations.  We may retain records to investigate or defend against potential legal claims.  When retention of the personal data is no longer necessary, the data will be deleted, masked, de-identified or aggregated for analytic purposes. Reference must also be made to the Wings Retention Policy.

6. What about Wings applications?

Wings makes its online applications and online booking tools (mobile and web-based) available for download from various application marketplaces.  Wings collects usage information for it to improve the application and to deliver a better and more personalized experience.  Wings may follow information on your use of our applications (e.g. anonymized statistics on the daily number of visitors, the daily requests for specific usage elements, the countries from which applications and Services are accessed).  We use these statistics exclusively for measuring activities and for improvement or adaptation of Services for your benefit.  Wings uses such statistics for the analysis of activities, the improvement of Services, and for communicating findings and product improvements to you and other clients and prospective clients.  Such statistics do not contain personal data and cannot be used for the collection of personal data.  In accordance with the applications’ terms of use, certain information about you (which may include your email address, itinerary data, and other information you provide voluntarily) may be shared with third parties as stated in this Global Privacy Policy. Wings is not in the business of selling and/or purchasing data and Wings confirms that it shall not sell Your Data.

Some web pages created by Wings Travel Management use ‘cookies’, which are small text files that may be placed on your hard disk for record-keeping purposes. It is essentially your identification card and cannot be executed as code or deliver viruses. It is uniquely yours and can only be read by the server that gave it to you. A cookie’s purpose is to tell the server that you returned to that web page. Cookies in and of themselves do not personally identify users, although they do identify a user’s computer. Furthermore, a cookie in no way gives us access to your computer. The use of cookies is an industry standard.

Many major web sites use cookies to provide useful features for their customers. Most browsers are initially set up to accept cookies. If you’d prefer, you can set yours to refuse cookies. However, you will not be able to take full advantage of a web site if you do so.

  1. Your rights

Under applicable data protection laws, you may have certain rights regarding the personal information we maintain about you.  We also offer you certain choices about what personal information we collect from you, how we use that information, and how we communicate with you.

You can choose not to provide Your Data to us.  You also may refrain from submitting information directly to us.  However, if you do not provide Your Data when requested, or if you exercise your rights you or your traveller may not be able to benefit from the Services (as applicable), and we may not be able to provide you with information about our products and services.

To the extent provided by applicable data protection laws, you may withdraw any consent you previously provided to us, or object at any time to the processing of Your Data.  We will apply your preferences going forward.  In some circumstances, withdrawing your consent to our use or disclosure of Your Data will mean that you cannot make use of certain Services.

Requests and access to Your Data.  In addition you may have the right to: obtain confirmation that we hold personal information about you, request access to and receive information about the personal information we maintain about you, receive copies of the personal information we maintain about you, update and correct inaccuracies in your personal information, object to the processing of your personal information, and have the information blocked, anonymized or deleted, as appropriate. The right to access personal information may be limited in some circumstances by local law requirements including applicable data protection laws.  To exercise these rights, please contact Legal@wings.travel.

You have the right to ask us not to process Your Data for marketing purposes.  We will inform you (before collecting Your Data) and obtain your prior consent where required by the Applicable Data Protection Law if we intend to use Your Data for such purposes or if we intend to disclose Your Data to any third party for such purposes.  You can exercise your right to prevent such processing by advising us of your preferences before we collect Your Data, including on the form that is used to collect Your Data.  You can also exercise the right at any time by contacting us at Marketing@wings.travel.

The rights above are likely to apply to you if you are based in Europe.

Our websites or other digital applications and platforms may, from time to time, contain links to and from the websites of our service providers.  If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies.  Please check these policies before you submit any personal data to these websites.

If you provide us with any information or material relating to another individual, you should make sure that the sharing with us and our further use as described to you from time to time is in line with applicable laws, so for example you should duly inform that individual on the processing of her/his personal data and obtain her/his consent, as may be necessary under applicable data protection laws.

  1. Changes to our Global Privacy Policy

Any changes we make to our Global Privacy Policy in the future will be posted on this page and, where appropriate, notified to you by e-mail.  Please check back frequently to see any updates or changes to our Global Privacy Policy.

  1. How can I exercise my rights or make complaints?

If you have any questions about this Global Privacy Policy or wish to exercise any of your rights as described in this Global Privacy Policy, please contact us as follows:-

Attn:                                  Wings Legal Department

Email:                                legal@wings.travel or GDPR@wings.travel