The purpose of this policy, along with our Terms of Service, is to explain how we collect, use and protect your personal data across our applications and websites. We review and adapt this policy from time to time to ensure it covers the various privacy laws around the world, and you can find the latest version here. If very significant changes are made to the policy, we may notify our users with notices posted through our applications or other forms of communication.
We define ‘personal data’, broadly, as any information pertaining to you as an identifiable individual. Your name, email address, contact details, IP address or device IDs are examples that satisfy this definition. We may also store other, less specific, information about how you use our service, or which country you are using our systems from. As we often work with suppliers who also receive your personal information (e.g. travel sites, agents, airlines, etc.) as part of the booking process, we will always provide links which allow you to check on their privacy policies and terms and conditions along with your booking.
How do we use your personal data, and why?
We only use information for which consent has been given, and involved in the following situations: service delivery (e.g. bookings, etc), legal compliance or obligations, or other normal business reasons. Below, find explanations of each of these situations.
Service delivery and bookings
We use your data to provide or facilitate contracts you are trying to execute, most often a booking with a travel supplier, or with us. There are a number of ways this might occur.
• Tailoring a website to your device (like mobile or tablet)
• Providing results for your search queries which match your requirements (country of origin, etc.)
• When you’ve selected a Travel Supplier’s offering, we use information such as your device ID, IP address, and search details to redirect you to their platform
• When we are performing the booking on your behalf, we will transfer such data as is needed to finish that transaction (contact information, passport, etc) to the Travel Supplier’s system
• Contacting you with messages, notifications or alerts that are necessary in order to deliver our services requested, such as booking confirmation emails or other essential communications like flight status alerts and notifications about changes or updates to our services or to this policy, or our Terms of Service;
• Responding to customer inquiries, e.g. customer service emails or other contact points;
• Allowing you to maintain any accounts you have with us;
Legal compliance and obligations
We may need to retain and use your information in connection with legal claims, or for compliance, regulatory and auditing purposes. For example we may retain information where we are required by law, or if we are compelled to do so by a court order or regulatory body. Also, when you exercise any applicable legal rights you have to access, amend or delete your personal data, we may request identification and verification documents from you for the purpose of confirming your identity.
Other normal business usage
We also use data to improve our services and to protect or further our legitimate interests. This represents a range of important things like security and fraud, and malicious attack prevention, to helping us see whether a fancy new feature is popular or panned by our users. Examples of this type of usage include:
• Security and fraud prevention, we may use an IP address or your location to check payment origin against booking details, or use the information to prevent automated software agents (bots) from abusing our systems.
• Sorting out bugs, and situations where we are presenting incorrect displays to various devices, to make the user experience accurate and efficient
• Providing customer service, which can be either with our own systems or assisting our supplier partners in understanding your user journey prior to arriving on their site
• Understanding how our users use our services, and optimising the experience, for example:
• collecting data on the number of users who are redirected to, or make bookings with either jotraveler or its partner travel suppliers and the details of the different travel parameters for business analytics;
• analyzing at aggregate levels what different groups may be viewing or clicking on within our sites and applications in order to better understand which features are more useful or popular;
• executing A/B tests that display alternate versions of our applications to different groups of users, in order to evaluate the impact of such changes on our users’ experience;
• monitoring email communication opens/reads and clickthroughs
• Personalising your usage of our sites and applications in order to deliver a relevant experience. For example:
• cookies help us remember language and currency preferences, as well as let us provide a history of search;
• if you have opt-ed in for newsletters or email, we can tailor the timing and content to your needs;
• we may use your ip address or provided location to predict departing airports, arriving airports, or the city for a hotel search; and
• we display relevant advertisements to you about our services or other services that we think may be of interest to you.
Personalizing your experience involves us creating a profile of your activity on our services, such as page views, clicks and viewing of specific routes and offers. Ultimately, these combine to improve the features we offer, the level of personalization and the quality and efficiency of the user experience.
• Performing Data Analytics at a strategic level based on the anonymized requests of millions of users, this helps us see demand for routes and locations, particular suppliers or fare types, layovers and thousands of other variables. We use these to generate insights into emerging trends in travel, and inform strategic business decisions for jotraveler.
• Processing job applications you might make with jotraveler, more details are available about how we use your data for potential employment when you apply for a role.
Where we process your personal data based on a legitimate interest we will only do so where the processing is relevant and limited to what is necessary for the purpose it was collected for. And we will always ensure our legitimate interests don’t unfairly impact on your own rights and freedoms.
Consent for data usage
We will explicitly obtain your consent for purposes such as:
• communicating to you in a one-way (push) manner via email or messaging, e.g. price alerts, email newsletters;
• when we cookie your device, where local legal compliance requires consent; and
• if we obtain feedback in a 1-on-1 survey or similar.
Where we process personal data based only on your consent, you can withdraw this consent at any time either by using the functionality provided within the appropriate product feature or by contacting us.
For site usage, booking, and app usage, your consent is provided via acceptance of the terms of service, your usage of the application or site being contingent upon this. This consent can also generally be withdrawn by user request, or cessation of use of the jotraveler site.
How do we collect personal data?
As users visit our sites or use our apps, there is a myriad of of information collected and stored about their experience. There’s little point in collecting more than is needed, so we stick to the important things. Here are some examples of how we collect only what’s required.
We can’t help you plan and book your dream trip without information. So, when you use our services, we have to collect, keep and share some personal data and ask that you agree to that in line with this policy. We collect information in a few distinct ways:
You give it to us voluntarily
Information you choose to give us might include personal data needed for you to book travel for yourself and others. This ranges from the dates and destination you choose in a search, to the basic stuff for making a booking with a Travel Supplier such as names and contact details. It can also include content like the reviews or photographs you upload to our services to share with other travellers. Most importantly, it’s always up to you whether or not you choose to give us this kind of information.
We generate or collect it automatically
We generate or collect some information from your computer or device automatically as you use our services. This includes stuff like your IP address, information about the device and browser you are using to access our services, the website URL you visited us from and the third party sites you visit when you click on links to exit the jotraveler site. It also includes details of the bookings you have made via jotraveler. We may also know your location from your mobile or your IP address. This helps us to improve your experience and make sure you receive the content that’s most relevant to you.
We receive it from third parties
Sometimes we’re given information about you from third parties, depending on how you choose to interact with us. For example, when you come to our website via a promotional partner, or when you log into your jotraveler account using our social network login feature. And, if you’ve redirected to a Travel Supplier’s website or app to complete your booking, we might collect information from them about whether you went ahead with your trip and what you booked.
Our services are not intended for children under 13 years of age, and no one under the age of 13 should provide any information to, on or via our services. We don’t knowingly collect personal data from children under 13, and will delete any that we learn we have collected or received that was not provided by, or with express consent on behalf of, the child’s parent or legal guardian.
What specific types of personal data do we collect?
Depending on how you interact with our services, we may collect or process the following categories of personal data via the three different ways explained above.
• Contact Information: name, address, email address, telephone number and other similar information.
• Identification information: details of your passport which may contain information like your name, address, gender, immigration status, nationality and date of birth.
• Payments information: your credit or debit card number, expiry date and verification code when you book travel with us or via one of our partners.
• Travel and Booking information: your booking reference, booking history, passenger name record (“PNR”), identification or passport information and travel itinerary.
• Demographic Information: your age, gender, location and preferred language when you use our services. In circumstances where you are applying for a job with jotraveler, we may ask for certain information for diversity monitoring purposes (such as race and ethnicity).
• Device and Location Information: generic details from your device such as your IP address, type, make, model and operating system of your device; specific location data based on GPS data from your mobile device (when you grant us access to this information via your device settings); and approximated location based on your IP address.
• Application Usage Information: your jotraveler search history and travel preferences; how you’ve interacted with our sites and applications, including time you spend on our site and/or app and the pages, features or functionality you have accessed; links you have clicked on to be redirected to or from our services, including the identity of the Travel Supplier you are redirecting to and the type of travel service you have selected; and where you’ve redirected to a Travel Supplier’s website or app for the purposes of completing a booking, we may collect information from that Travel Supplier about whether and what you went on to book with them.
• User Preferences Information: selected preferences associated with your jotraveler account including specific consents you have given or declined, email and push notification preferences and cookies containing your advertisement preferences.
• Previous Communications Information: includes communications we receive from you such as feedback, help requests and queries via email and other electronic communication methods such as online chat, instant messaging or social media; and metadata associated with those communications, such as time and date.
• Employment Information or Provided Content: any information you submit to us during the course of any correspondence you may have with us, such as signatures, photographs, opinions and, where you are applying for a job with jotraveler, details of your employment history, salary and other similar information.
• Social Media Linked Information: if you use a third party social media platform to log in to jotraveler, your email address is automatically collected as part of that process; and information from your publicly accessible LinkedIn (or other social network) profile such as name, email address and CV for recruitment purposes, where you have given this to a third party and they have made it available to us in accordance with their own terms and privacy policies.
How long do we store your personal data?
Our policy on personal data retention is to store data for only as long as is necessary to satify legal requirements, or while we are using it to provide services to you as a customer. For example, fulfilling a booking contract, or for a legitimate business interest. Once this period is complete, we may anonymize and aggregate the date (rendering it non-personally identifiable), or delete it in accordance with best practices. You can ask us to delete your personal data at any time.
We have different retention policies with regard to how we go about keeping the data, the first is where there is a legal obligation to retain data for specific periods of time, and the second takes into account the specific purpose of the data itself – such as during the regular conduct of business.
If you have a jotraveler account, we will keep personal data such as your email address, name and other details so you can log in and use our applications and web services for as long as you require. We may keep other information not tied to specific users, indefinitely – such IP address activity – which we use to help us understand patterns of network traffic and usage of our products and services and to both improve our offerings and protect our business interests. No matter how long the retention period, you can ask us to delete your personal data in certain circumstances.
How is personal information shared with third parties?
There are a few possibilities where we may share information with third parties, first, if you ask us to, second, if it’s a necessary part of the business flow (like a travel partner) or finally where there is a legal requirement. When you leave our site for a travel partner, they will collect data according to their own policies. Some companies that advertise on our sites may also collect information (see “How can I control the advertising I see?”). Finally, there are third parties that help with delivery of services – for instance, payment providers, who use your data on our behalf.
Sharing personal data with third parties who process it only under our instruction
We share information relating to our users with selected third parties who provide us with a variety of different services that support the delivery of our services (let’s call them “Third Party Processors”). These Third Party Processors range from providers of technical infrastructure to customer service and authentication tools. We require any Third Party Processor which handles information on our behalf to do so pursuant to contractual terms which require that the information is kept secure, is processed in accordance with applicable data protection laws, and used only as we have instructed and not for that Third Party Processor’s own purposes (unless you have explicitly consented to them doing so). Third Party Processors may be located in, or process your information, outside of the country in which you are based. Where our use of a Third Party Processor involves the transfer of personal data from within Europe to a location outside of the European Economic Area, we will put in place appropriate measures to ensure that the personal data is adequately protected in that location, most often by applying European Commission-approved standard contractual clauses alongside robust security checks. The types of Third Party Processors we may share elements of your personal data with include:
• payment processors engaged by us to securely store or handle payments information, such as credit or debit card details, required for facilitating bookings with Travel Suppliers – for example, when you provide us with your credit or debit card details we store these in a PCI-compliant data vault provided by an industry-leading third party payment processor;
• providers of email management and distribution tools – for example, if you sign up to receive jotraveler newsletters or other marketing messages we will manage the delivery of these to you using a third party email distribution tool;
• providers of security and fraud prevention services – for example, we use these providers to identify automated software agents that might disrupt our services or to prevent misuse of our APIs;
• providers of data aggregation and analytics software services that enable us to effectively monitor and optimise the delivery of our services;
• providers of tracking tools that we use to monitor instances where you click on a link to a Travel Supplier’s website and redirect from the jotraveler platform to that Travel Supplier’s;
• providers of software platforms that assist us in communicating or providing customer support services to you – for example, we manage and respond to any messages you send to us via our help centre using a third party communications management tool;
• providers of recruitment management services – for example, when you apply for a vacancy at jotraveler we use a third party tool to manage and store any information relating to your application;
• providers of online cloud storage services and other essential IT support services
Sharing your information with third parties, or allowing them to collect it, for processing outside of our control
We will share personal data with third parties where you have expressly authorised us to do so, for example, if we run a promotion in conjunction with a partner and you instruct us to share your email address with that third party for the purpose of receiving promotional emails.
Certain information may also be collected from you by third parties such as advertisers, marketing networks and affiliates (see the How do we advertise? section below) using cookies and similar technologies. For example, your IP address, and site activity like searches or pages viewed on jotraveler, may be collected and transmitted to these third parties to allow them to serve relevant advertising to you across the web. The information that is collected in this way will never include your name, contact details or other information that would enable you to be identified in the offline world.
Disclosing information for legal (or other) reasons
We may disclose your information if it is necessary to enforce our Terms of Service or if necessary to prevent, detect or prosecute illegal or suspected illegal activities, including fraud, or to prevent other damage or where necessary in response to legally binding requests, legal action against us, or to enforce our rights and claims.
How do we keep your personal data secure?
Keeping your personal data secure is our highest priority. We limit access to only those jotraveler employees who have to come into contact with your information to do their jobs and deliver our services. While no website or app can guarantee complete security, we have implemented an organizational security process designed to keep your personal data as safe as possible. jotraveler uses technical, architectural, and administrative security measures as well as best practice approaches to ensure your data stays private and is used in accordance with your approvals. All our cloud based data storage is provisioned with strict access limitations and encryption at rest on-disc. All transmission of data uses TLS and HTTPS/SSL encryption to ensure the best possible security. We also maintain an end-to-end process of security with our Third Party vendors, which includes security assessments and documentation and status updates on a regular basis.
Privacy and Data Protection are impressed upon all jotraveler employees through training and enforced policies. We always work with the principle of least privilege (PoLP), which for us means that in each policy or technical system we build, the absolute minimum level of accessibility to data is granted to operate the system, and no more. We also make every effort to eliminate ties to personally identifiable data where possible through techniques like anonymisation. All new systems connected to our data, or changes in data collected will trigger a privacy review and impact assessment to ensure compliance with all our data protection policies.
Where do we store your information?
We store the information we collect from you on secure servers in data centers located in Singapore and the United States, and occasionally on servers located nearer to you, based on legal requirements. We only use major Third Party Cloud Platform suppliers, with audited ISO 27001, 27017, 27018, SOC 1,2,3, CSA Star, and other more local physical and network certifications to ensure the absolute best in class security for our systems and your data.
While some countries we operate from may have different or less stringent data protection and security standards, our policies and technology start from a high common denominator of security. If the local laws in these countries are unique in exceeding this standard, we’ll provide the safeguards needed to protect your data in the prescribed way. We do this through a process of regular review of technical, organisational and administrative security measures, and by monitoring evolving privacy standards around the world.
How is your information used for advertising?
Advertisements you might see while using Jotraveler
You may see advertisements when you use our sites or applications. These will either be delivered by us directly or by third party advertising solution providers. Sometimes these advertisements will be personalised to make them relevant to you. In some cases, the personalisation may include details based on previous searches at the hotel or flight level. An example of this might be that you recently searched for a flight to Rome, and jotraveler might serve an relevant advertisement for hotels in that location. Alternatively, it may be interest based, delivered from a third party ad network that has information about sites you may have interacted with. An example of this might be a third party network that had information you visited a Skiing site, and then selected a Skiing destination for advertisement on jotraveler. In either case, the personalisation will never include your name or contact details which could be used to identify you in the offline world.
Advertisements you might see while on non-jotraveler platforms
You may also see advertisements for our services once you’ve left jotraveler and are using non-jotraveler websites. This can happen where a non-jotraveler Platform makes advertising space available for sale and jotraveler, or a Third Party Ad Solution that we work with, purchases that space. These advertisements may be personalised and served to you because of information that Third Party Ad Solutions have collected about you.
How can I control the advertising I see?
The following sections on cookies and tracking codes outline some of the ways you can control what advertisers store about you on your computer, changing these settings allow you to control some of the advertising that can appear. Changing these settings generally result in more generic advertising as they no longer have access to data used to send you the most relevant advertising.
We use a combination of cookies and other technologies such as pixels/web beacons and tracking codes (explained below) to collect information for use in line with the purposes set out in this policy.
What is a cookie?
Current web browsers allow you to set notifications for receiving a cookie, giving you the chance to decide whether or not to accept it. They can also be entirely blocked on site by site basis using the same configuration panels. Here are some basic instructions for some popular browsers for controlling your cookie settings:
• Microsoft Edge
• Open Edge
• Click on the More actions button on the toolbar and select Settings
• Search for View advanced settings and click on it
• Under Cookies section select your blocking options
• Restart Edge
• Click the menu button and choose Options
• Select the privacy panelgo to this website
• Set “Firefox will” to “Use custom settings for history”
• From here you can opt to disable or enable your blocking options
• Go to the Chrome menu icon and click Settings
• Click the “Show advanced settings” at the bottom
• In the “Privacy” section, click “Content settings” button
• In the “Cookies” section, you can opt to disable or enable your blocking options
What are web beacons and pixels?
Web beacons or pixels are extremely small (often the size of 1 pixel, hence the name), transparent image files inside a web page or email. We use them to understand how you interact with Travel Supplier sites you have been redirected to. For example, we might use the beacon to confirm if you completed the booking with them, and what you booked. We also use beacons to gather information such as whether you’ve opened an email, so that we can determine if the content was of interest, and thereby improve the nature of communications with you.
What are tracking codes?
Tracking codes are snippets of code placed in the page to measure things like visits and interactions. We use tracking codes to find out more about how you interact with our websites and applications, advertising, and how you navigate jotraveler sites.
What types of third-party cookies do you use, and how can I control their usage?