Who are We?
At Tramada Systems (“Tramada,” “we”, “us” and “our”), we understand that using Tramada software to process “Travel Agency” (“Agency”), clients’ travel bookings involves significant trust on the parts of the Agency and its clients. We take this trust very seriously, and make it a priority to ensure the security and confidentiality of the personal information of the Agency and its clients provided to us to process (such as a client’s name, phone number, address, email address, or payment details).
Tramada is bound by the Privacy Act 1988 (Commonwealth) (“Privacy Act”) and the Australian Privacy Principles (“APPs”) set out in the Privacy Act. At Tramada we are committed to ensuring that all information provided to us is treated with the appropriate degree of discretion and confidentiality. Our employees understand their responsibility to protect and use personal information correctly.
- Agency Travel Programs – Overview
- What information the Agency Collects from you that we process on its behalf
- Disclosure of your information
- Your choices with respect to collection and use of your information
- How we protect your information
- External links
- Where your data is stored
- Data Retention
- Cookies and other technologies
- How to Contact Us
When an Agency uses Tramada software to manage travel bookings, we have to make certain decisions about why and how to process the Agency’s clients’ personal information in order to help the Agency manage its clients’ travel bookings. We are therefore also responsible for protecting the client’s personal information throughout the travel booking process.
AGENCY TRAVEL PROGRAMS – OVERVIEW
To help Agencies manage their customers’ travel bookings and their client servicing needs, the Agency has contracted with Tramada Systems to use its proprietary software to carry out some aspects of its processing. Under this contract, the Agency will designate Registered User/s (“Registered User”) to manage and administer the travel needs of its individual clients and of its corporate clients’ personnel and their associates. Some corporate clients will in turn engage an internal travel arranger (“Travel Arranger”) to manage the travel needs of its personnel and their associates. Registered Users and Travel Arrangers both book and manage the travel needs of Travellers (“Travellers”).
- Rules relating to bookings by Travellers
- Agency Registered User/s and client Travel Arrangers
Whether you book travel directly from an Agency or allow your Agency Registered User or Travel Arranger to do so on your behalf, authorised individuals within your company may have access to your personal information, as well as to your travel itineraries and to all other information in your profile or booking, and they may also direct that we share this information with third parties for recordkeeping or other authorised purposes. Your Agency Registered User or your Travel Arranger will also be able to update your profile settings and travel preferences in accordance with your instructions to them. Your Agency Registered User or your Travel Arranger will also be able to view, change or cancel any of your trip itineraries as necessary to fulfil your instructions or in accordance with your agreements with them.
- Scope of Policy
WHAT INFORMATION THE AGENCY COLLECTS FROM YOU THAT WE PROCESS ON ITS BEHALF
Circumstances where Tramada holds personal information include, without limitation, when you:
- Authorise your Agency or Travel Arranger to complete a traveller profile for you
- Book travel arrangements which may include air, hotel, car, rail or other services
Traveller information: The Agency collects the full name, contact number and other personal information necessary for the travel reservation, such as passport number and billing information, of a Traveller when a travel reservation is made through it. It may also collect information about each Traveller’s preferences, including meal requests, seat selection, frequent flyer/hotel/car hire programs and membership numbers, and ticketing options.
How Your Personal Information gets into the Tramada System
Before any personal information can be entered into the Tramada processing system by an Agency, there will be a requirement for the Agency Registered User to sign in via a password protected login. Tramada also encourages Agencies to use two-factor authentication for their logins. Personal Traveller information being entered by a Travel Arranger will require the Arranger to sign in via a secure online booking engine or via the organisation’s online portal which, in turn, will have secure integrations with the Agency and /or Tramada and which will also have their own individual Privacy Policies. Generally, Tramada stores all information provided to it including, without limitation, all personal information about you that you specifically and voluntarily provide or give to the Agency Registered User or the Travel Arranger in any other way. This includes information that can identify you (“personal information”), including first name, surname, telephone number and email address, passport information and billing information (such as credit card number, cardholder name, and expiration date). Your Agency Registered User or Travel Arranger may enter into the Tramada system additional personal information about you such as your employer ID number.
Tramada provides software in which Agencies store and process personal information. We do not modify or disclose this information and only access it to the extent required to solve processing issues for Agencies and for account administration purposes.
Use of your information: The Agency uses sensitive billing information (such as cardholder name, credit card number, and expiration date) for the purposes of completing the travel bookings you make with an Agency Registered user or your Travel Arranger. Tramada provides the Agency with the software to process and store this information and to facilitate the services the Agency provides you.
DISCLOSURE OF YOUR INFORMATION
Tramada may share your personal information with the following entities:
- With our service providers and third-party vendors which provide services or functions to enable us to process information (e.g. internet service providers, payment processing providers, global distribution systems, online booking engines). These service providers and vendors help us provide the Agency with the processing services and applications it requires to efficiently deliver its travel services to you.
- With regulators to meet Tramada’s legal and regulatory obligations.
- With law enforcement agencies so that they may detect crime or prosecute offenders.
- When we believe it is appropriate to investigate, prevent, or take action regarding illegal or suspected illegal activities; to protect and defend the rights, property, or safety of Tramada, the Agencies which use Tramada, their customers, or others; and in connection with other agreements.
YOUR CHOICES WITH RESPECT TO COLLECTION AND USE OF YOUR INFORMATION
Your Agency Registered User or your Travel Arranger can access, add, update or delete your information by logging into the Tramada system and/or into the Online Booking Engine used by your organisation.
You may submit a written request to access the personal data that your Agency and therefore we hold about you. If you make such a request, our Agency and Tramada are entitled to request appropriate identification before servicing such request. You can make a written request for access to your personal data by contacting your Agency. We will endeavour to respond to the request as passed on by your Agency within an appropriate timeframe and, in any event, within any timescales required by law.
In relation to Agency Registered Users’ personal information held by Tramada, please note that we reserve the right to send you service announcements, administrative messages, and surveys relating either to the Agency’s account with us or to its transactions with Tramada, without offering the Agency Registered User the opportunity to opt out of receiving them while designated as a Registered User of the Agency and authorised to access the Tramada system.
HOW WE PROTECT YOUR INFORMATION
We want the Agency and you to feel confident about using our services to process your travel needs and we are committed to protecting the security of your personal information so we take all reasonable precautions to protect it from unauthorised access, modification or disclosure. Your data is stored in a secure environment and all data transfers are encrypted. We use firewalls, an intrusion detection system, regular vulnerability scanning and access monitoring to monitor access to our production environment. We have secure working environments and work management systems that prevent unauthorised access or copying of personal information (e.g. staff management). We have locked down access to our production environment and data access is only available to staff on a need-to-know basis. All accesses to the production environment are logged. It is not possible to connect a device to our production environment.
We use virus scanning tools and have procedures in place to keep these up to date.
We conduct an annual Security Awareness programme and this forms part of the Tramada Induction of all new staff members.
We conduct an annual security review in accordance with PCI DSS (Payment Card Industry Data Security Standards), including an external penetration test.
Whilst Tramada has strong processes for managing the security of personal information, security risks do change over time. Tramada will endeavour to stay vigilant in improving and maintaining, from time to time, the security and confidentiality of your personal information.
WHERE YOUR DATA IS STORED
Tramada stores and processes Personal Data about Travellers in secure environments in Australia (including an online back-up service) and in other countries. We also use Google Cloud which has strict data protection policies and practices, for data storage. Tramada endeavours to ensure that no matter where it is stored, your information is protected in accordance with this Privacy and the requirements of the applicable data protection law wherever it is processed.
Under certain circumstances, we may be required to disclose your Personal Data in response to valid requests by public authorities, including to meet national security or law enforcement requirements.
Your Agency determines for how long your information is to be retained or if it is to be anonymised. We will not retain your information for longer than is necessary for business purposes or for legal requirements. However, please be advised that we may retain (on behalf of the Agency) some information after your Agency has closed your account with it, for instance, if this is necessary to meet its legal obligations, including retaining the information for tax, reporting, accounting or other purposes.
COOKIES AND OTHER TECHNOLOGY
Only domain name, not email address, is recognised for visitors to our website.
The information we collect is:
- used to improve the content of our website.
- never shared with other organisations for commercial purposes.
This site collects site performance identifiers. These give us information about how Tramada’s website is used and helps us provide you with a more user-friendly experience. We use analytics cookies (See Below) to gather statistics about our site. For example, they help us monitor how many users are on the site and what sections are most popular.
Cookies and digital identifiers may be disabled by changing security settings on your web browser, however doing so may diminish the service that Tramada provides through its website.
A user may choose to give certain contact information by filling out our enquiry form. You may use this form without providing any information other than an email address and country/state. No other field is mandatory. We never sell or give away this information. It is only gathered to contact the user about services on our site for which they have expressed interest. It is optional for the user to provide information excepting email address.
Registration is not required to enter our site.
HOW TO CONTACT US
If you have any questions or complaints about our privacy handling process, please contact the Privacy Officer as outlined below. We will commit to respond within 30 days. If you are making a complaint and it takes longer to resolve, we will keep you up to date on the progress of the investigation.
Tramada Systems Pty Ltd
Level 7/175 Liverpool Street
Sydney NSW 2000
If you are unhappy with our response you may lodge a complaint at https://forms.business.gov.au/aba/oaic/privacy-complaint-/