Thank you for your interest in Crystal Travel and for visiting our website or profile tool. Data privacy, data security and protecting your personal details are important issues for us that we factor into all our business processes.
This data privacy statement contains all information on data privacy at Crystal Travel.
1. Data privacy notice Crystal Travel website / online travel portal / communication media
Our data privacy notice sets out how we deal with personal data when people visit and use the Crystal Travel website, the online travel portal and the Crystal Travel app, including information on the use of cookies and the integration of social networks.
Additional information on how airlines companies, co-editors or partner companies of Crystal Travel deal with personal data can be found on the respective websites.
2. Data privacy notice Crystal Travel
We know how important the protection of your personal data is to you. It is also very important to us that you trust us to deal with your personal data carefully and responsibly, and we would like to provide you with as much transparency as possible in this regard. This data privacy notice therefore explains to you what information is processed in connection with Crystal Travel.
Unless otherwise stated in this data privacy notice, Crystal Travel is responsible for processing your personal data under the European Union’s General Data Protection Regulation (GDPR) and the Federal Act on Data Protection Act (FADP).
3. Master data
We are obliged to collect personal data from you when you use our service in order to process travel bookings. The provision of certain services is dependent upon the collection of personal data. You may decide not to provide this personal data, but you may not be able to benefit from some of our services as a result.
In order to provide a travel booking service, we require the following data from you as a minimum:
-
- Last name as stated in your passport MANDATORY
-
- First name as stated in your passport MANDATORY
-
- Date of birth MANDATORY
We collect more data to ensure a smooth booking procedure and to make the processes as efficient as possible (confirmation and ticket dispatch, contact, etc.):
-
- Company address
-
- Corporate Mobile telephone number
Corporate Email address. This Information is not mandatory but allows us to Identify our travellers and to provide a better service.
To save you time when making your bookings, you CAN (not mandatory) give us further details that are also stored and saved by us:
-
- Passport number
-
- Corporate Credit card to pay for your trips
-
- Travel preferences (seating preferences, meal preferences etc.)
-
- Airline miles numbers (e.g. Miles & More, Flying Blue, etc.)
-
- Hotel programmes (e.g. Starwood preferred guest, etc.)
-
- Car hire programmes (e.g. Hertz No1, etc.)
Please note that when you provide us with your meal preferences, your religious or health background might be derived from such information. We process such information for the sole purpose of communicating your meal preferences to the relevant travel supplier. You can delete this data at any time in your Traveller Profile or by contacting us, in which case such information will not be stored or processed by us anymore.
In connection with our ancillary services, some countries (e.g. USA, Canada, etc.) or providers (e.g. airlines, visa services, etc.) may also ask for further information that is only given for the respective trip or if you agree can be stored as additional data:
-
- Place of birth
-
- Nationality
-
- Family members
-
- Visa information about earlier visas
-
- Information on previous trips
In connection with our ancillary services, you may need to provide us with certain special category data as defined by the GDPR, such as health related information to request special assistance on a flight, or visa formalities. We will not collect such special category data without seeking your explicit consent and will only process and retain such data for the duration of the specific service for which it was provided. This will not be stored as additional data.
4. Crystal Travel customer number
When you open a customer account, we give you a unique customer number that forms part of your master data. It is designed to identify you clearly as a participant. This clear identification number is purely system generated and is used for identification purposes.
5. Programme data
We also record data about trips you have undertaken as part of your business and to fulfil our obligations with the tax authorities. The programme data notably include details on flight route, flight date, flight number, price, carrying airline and booking class as well as information on hotels and hire cars.
Furthermore, saving data serves as a fraud prevention tool, and can also be used to provide detailed information in the event of queries and to expedite the processing of potential claims by you.
6. Dealing with your personal data
We process your personal data, i.e. master and programme data, in order to:
-
- Process your queries and bookings
-
- Send you relevant query booking information
-
- Provide you with a smooth booking process and therefore organise the best possible trip for you
-
- Cater for special wishes and preferences
-
- Always be in a position to check where you are on your trip so that we can intervene in emergencies
-
- Advise you about current enhancements or changes to trips
-
- Analyse and optimise your personal corporate travel habits
-
- Create a personal contact so that we can provide personal advice.
7. Data transmission within the framework of Crystal Travel
Your personal data must sometimes be passed on to providers in order to book flights, hotels, hire cars and other services. Crystal Travel AG only passes on data that are necessary for booking purposes and for issuing flight tickets.
7.1 Crystal Travel partner companies
Crystal Travel has a densely interwoven partner network and maintains long-established relationships with selected companies in order to cater for any customer requirement and offer the best possible service quality. Below is an overview of existing partnership business relationships:
-
- Reed and Mckay
-
- Airlines
-
- Hotels
-
- Car rentals
Crystal Travel partner companies only receive data if and when you have asked for a service with a partner company through us.
When you use travel services from these travel suppliers, their own privacy policies will apply to how they use your personal information. You can find these privacy policies on their websites and you should check that you are happy with them before completing your travel booking order.
7.2 Other third parties
We use providers such as IT providers as processors so that we can offer you our products and services on the basis of our contractual obligations or our justified interests. The providers were carefully chosen and work solely on our instruction. They provide guarantees on compliance with data privacy obligations.
We may also have to pass on your personal data to official bodies and authorities for specific purposes.
The MTrip App collects location data to display the real-time risk alerts and personalized assistance notification features, even when the app is closed and not in use. This option can be changed later by going to the device settings.
8. Consent
By using our service and providing personal information in the Traveller’s Profile, you give us your consent to evaluate and analyse your master and programme data on your use of our services (e.g. our booking system, our website, our app, our newsletter or other communication media). Your data is not used for marketing purposes unless you give us your specific consent for such purpose.
9. Duration of storage
We process your data as long as is necessary to meet our contractual and statutory obligations. In doing so, it should be noted that Crystal Travel services are not time limited and extend over several years.
When the purpose for which we processed your data no longer exists, the latter are deleted unless we are required to keep them for the following purposes:
-
- To comply with storage periods under commercial and tax law based on the Swiss Commercial Code or the Swiss Tax Code
-
- To retain evidence under the statute of limitation.
As a data subject, you may exercise the following rights under the relevant legal requirements:
-
- Right to information
-
- Right to rectification
-
- Right to erasure („right to be forgotten“)
-
- Right to restriction of processing
-
- Right to data portability
-
- Right to object
You may use our contact form to exercise your rights. To enable us to process your application and identify you, we would like to point out that we will use your personal data under the lawfulness of data processing.
In your customer profile on our online travel portal, you may also update most of your master data yourself at any time. Please update your personal data directly after any change (e.g. your postal address, email address or telephone number).
10. Right to object
For reasons based on your specific situation, you are entitled to file an objection against the processing of your personal data at any time.
We will no longer process your personal data unless we can demonstrate compelling and legitimate reasons for the processing that outweigh your interests, rights and freedoms, or the processing is intended to assert, exercise or defend legal claims.
If the personal data are processed for direct marketing purposes, you are entitled at any time to file an objection against the processing of your personal data for the purposes of such marketing.
If you object to the processing for direct marketing purposes, your personal data will no longer be processed for these purposes (e.g. newsletter).
You may withdraw your consent for us to process your personal data at any time, including using our contact form.
11. Data security
We employ technical and organisational security measures to protect your data that we process against accidental or intended manipulation, loss, destruction or unauthorised access. Our security measures are being constantly improved in line with technological developments.
-
- We store your personal data on servers in Switzerland. When we engage service providers, personal data may also be transmitted to other countries, with due regard to the applicable data protection provisions. Specifically, we will transfer via servers in Canada post trip Personal Data used to provide management information reporting on the performance of your travel programme. Canada benefits from adequate protection with regard to the Personal Data. Should Canada and/or Personal Data, in whole or in part, not be covered by the EU’s Commission adequacy decision anymore, we shall ensure that such transfers will be compliant with GDPR and all applicable data protection regulations.
12. Updating
We review this data privacy notice regularly and update it where necessary. We will inform you of any major changes to this data privacy notice (e.g. through our website). Users are asked to regularly inform themselves of the content of the data privacy statement. This data privacy statement appears in German accompanied by an English translation.
You have the right to lodge a complaint with your local data protection supervisory authority. In Switzerland, the relevant authority is the Federal Data Protection and Information Commissioner (FDPIC) Zurich.