eRevMax EU US GDPR Privacy Shield Policy

 

Introduction

eRevMax is an international travel technology company that provides channel management, rate intelligence and connectivity solutions to hotels. The company connects multiple online channels to the property management systems of hotels to seamlessly deliver rate and inventory updates and reservations. Our technological systems and databases are shared between our US, EU and India offices.

eRevMax is committed to protecting the confidentiality and integrity of personal information that it comes across in conducting its business. eRevMax and each of its associate companies that may from time to time handle personal information collected from individuals located within European Union member countries comply with the EU-US Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, onward transfer and retention of personal information from European Union member countries. eRevMax has certified to the U.S. Department of Commerce that it, and its associate companies eRevMax Ltd. and eRevMax Technologies Pvt. Ltd. adhere to the Privacy Shield Principles of:

  • Notice
  • Choice
  • Accountability for onward transfer
  • Security
  • Data integrity and purpose limitation
  • Access
  • Recourse, enforcement, and liability
Our adherence to each of these principles is detailed in this policy. If there is any conflict between the terms in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.  To learn more about the Privacy Shield program, and to view eRevMax’s certification, please visit: www.privacyshield.gov

eRevMax is under the jurisdiction as well as the investigatory and enforcement powers of the US Federal Trade Commission for purposes of the EU-US Privacy Shield Framework.

Note: It must be emphasized that eRevMax does not have control over and is not responsible for the uses to which our clients, e.g. hotels, channels and OTAs etc. may make of personal information disclosed to them.

Scope

This Policy applies to all information in any format, including electronic, paper or verbal, collected by eRevMax from its Associates, Clients, Partners, Consumers (Reservation Bookers) by which an individual can be identified (“Personal Information”). The Personal Information we collect includes but is not limited to the Employee Information, Hotel Guest data and booking information described below as well as certain information including names, email addresses, bank account details, mailing and billing addresses and telephone and fax numbers collected from Partners, Clients, both existing and potential, required by eRevMax to conduct its business. Additionally, in our section on Online Information, we also discuss how we use all information gathered online even if it is not Personal Information. eRevMax will not deviate from this Policy even if applicable national laws are less stringent than this Policy.

Definitions

For purposes of this Policy, the following definitions shall apply:
"Agent" means any third party that collects or uses personal information under the instructions of, and solely for, eRevMax.

“Associate” means employees, contractors, consultants working with eRevMax and its associate companies.

"Client" means any customer including Partners of eRevMax viz. Channels, Hotels, PMS, Resellers, located in the EEA, for whom we provide channel management, rate intelligence and connectivity solutions through our servers in the United States.

“Consumer” / “Reservation Booker” means customers of hotels / hotel guests who make the reservation.

"eRevMax " means eRevMax, Inc., its predecessors, successors, subsidiaries, divisions and groups in the United States and associate companies in UK and India.

"Personal information" means any information or set of information that identifies or could be used by or on behalf of eRevMax to identify an individual. Personal information does not include information that is encoded or anonymized, or publicly available information that has not been combined with non-public personal information.

Personal Information Flow Diagram

The flow of the personal information of Associates, Clients and Partners, and Consumers (Reservation Bookers) is illustrated for understanding and clarity of all concerned.









Notice

Excluding our Employee Information which is discussed below, we collect, process and use Personal Information only as a part of our business relationship with our clients and partners, including contract and billing administration; product and service delivery; fulfilling our business obligations to our customers; communicating with customers and potential customers about marketing and technical information concerning our products and services; notifying our customers and potential customers regarding product launches and important events related to eRevMax; and other related business activities of which you are informed of at the time your Personal Information is collected or as soon thereafter as practical.  eRevMax only collects personally identifiable information for execution of contractual terms (non-HR category, for conducting the business) and / or about existing or prospective employees (HR Category). eRevMax may disclose Personal Information to its business partners or to protect and defend the rights or property of eRevMax. eRevMax must reply to lawful requests from public authorities, including to meet national security or law enforcement requirements, for disclosure of Personal Information. eRevMax does not sell, lease, or rent Personal Information to third parties.

Online Information

In general, our Websites may be visited without providing any Personal Information. However, eRevMax may receive Personal Information through its online forms. At the point of collection, privacy policy link is provided for you to go through and be informed of how your Personal Information will be used; apart from these uses, eRevMax will only use Personal Information in accordance with the terms of this Policy.

Employee Information

eRevMax collects Employee information from prospective and present Employees only for legitimate business purposes, including (1) the management and operations of our company, its functions and activities, (2) Employee communications, including Employee surveys, (3) maintaining a global directory, (4) carrying out obligations under employment contracts and employment, tax and benefits laws, and in connection with other working relationships or arrangements, (5) development and training programs, (6) recruiting and hiring job applicants, (7) assessing qualifications and performance, (8) performing background checks and verifying references, (9) managing Employee performance, (10) determining Employee compensation or payment, (11) managing the Employee termination process, and (12) other general human resources purposes. Our European Union Employees at the time of their employment are notified in detail how their Personal Information will be used. Employee information on health, performance evaluations, and disciplinary actions and other sensitive Employee matters, whether it is stored manually or electronically, is accessible by other eRevMax Employees only if necessary with respect to legitimate human resource functions or issues. eRevMax will obtain affirmative consent from an Employee before using such Employee’s Personal Information for any purpose other than described above. Employees may decline to provide this consent, and Employees may withdraw their consent at any time.

For legitimate human resources purposes, Employees may choose to voluntarily disclose Personal Information about family members. If our Employees choose to do this, their family member’s Personal Information shall be treated, for the purposes of this Policy, the same as an Employee’s Personal Information. Employee Personal Information is never sold, leased, or rented to any third party. Employee Personal Information will never be disclosed to third parties except as follows: (1) to those retained by eRevMax as agents for the purposes set forth in the paragraph above, (2) where required pursuant to an applicable law, governmental or judicial order, law or regulation, or to protect the rights or property of eRevMax, (3) where authorized in writing by the Employee, and (4) where the Employee voluntarily provides Personal Information and the context makes it clear that such information will be provided to a third party.

Where personal data is transferred from the EU to the US in the context of the employment relationship, we will cooperate in investigations by and to comply with the advice of the competent EU Authorities, as applicable.

Choice

An opportunity is given to choose opt-out before Personal Information is (1) disclosed to a third party (other than an eRevMax agent doing work at our direction), or (2) to be used for a purpose that is materially different than that for which it was originally collected or subsequently authorized by the individual. Although eRevMax does not ever anticipate providing sensitive Personal Information to a non-agent third party or using it for a purpose other than that for which it was collected, eRevMax will never do so without first allowing the individual involved to affirmatively and expressly consent (opt-in) to such transfer or use. The only exception to this choice for both sensitive and non-sensitive Personal Information would be where eRevMax is required to disclose Personal Information pursuant to governmental or judicial order, law or regulation to meet national security or law enforcement requirements.

Accountability for Onward Transfer

eRevMax will not transfer Personal Information originating in the EU to third parties unless such third parties have entered into an agreement in writing with eRevMax requiring them to provide at least the same level of privacy protection to Personal Information as required by the Principles of the EU-US Privacy Shield Framework. eRevMax will only transfer data to our agents, resellers or third-party service providers (such as accountants, attorneys, consultants, and other service providers) who need the information in order to provide services to or perform activities on behalf of eRevMax, including in connection with the delivery of services or products, eRevMax’ management, administration, or legal responsibilities. eRevMax shall remain liable under the principles if its agent processes such personal information in a manner inconsistent with the principles, unless eRevMax proves that it is not responsible for the event giving rise to the damage.

Security

To protect Personal Information collected and stored by eRevMax, there are reasonable and appropriate technical and operational security measures to prevent Personal Information from loss, misuse, unauthorized access, disclosure, alteration, and destruction. With respect to Information Security Management and Data Security, eRevMax is ISO 27001:2013 and Payment Card Industry Data Security Standard v3.2 certified.

Data Integrity and Purpose Limitation

eRevMax shall only collect and retain Personal Information which is relevant to the purposes for which the information is collected, and it will not use it in a way that is incompatible with such purposes unless such use has been subsequently authorized by the concerned individual. eRevMax will take reasonable steps to ensure that Personal Information is reliable for its intended use, accurate, complete, and current. eRevMax may occasionally contact individuals to determine that personal data is still accurate and current.

Access

Associates, Clients and Partners can request information on personal information stored by eRevMax and its associate companies, who has access to the data and who actually accessed personal data. Associates, Clients and Partners can further request, with due authentication, to modify / delete personal data.

If you wish to access, amend, or confirm that eRevMax has personal data relating to you, or if you wish to correct or delete your Personal Information if it is inaccurate, please notify us at dataprivacy@erevmax.com or call us at +1 (646) 485 5207; ask for Jyoti Kumar Saraf. We will respond to your request within a reasonable time.

Recourse, Enforcement and Liability

eRevMax remains committed to protecting privacy as set forth in this Policy. The recourse mechanism and its applicability is uniform for all interested parties. If you have any question concerning this Policy or your Personal Information, or if you wish to report a probable breach of security, contact us at dataprivacy@erevmax.com whereupon you will receive an automated email acknowledgment. Alternatively, call us at +1 (646) 485 5207 asking for Mr. Jyoti Kumar Saraf. The request/complaint will be taken up by the eRevmax Internal Committee constituted for this purpose. The committee will send an initial response within one week and put all reasonable effort to provide resolution within 45 working days.
Independent Recourse Mechanism – eRevMax has selected EU Data Protection Authority (EU DPA) as the competent authority for Independent Recourse Mechanism. In case you are not satisfied with the resolution provided by eRevMax, you may approach EU Data Protection Authority as an independent recourse mechanism for investigation and resolution of complaints and disputes at no cost to the individual and by reference to the Principles. eRevMax will cooperate with the appropriate EU Data Protection Authorities during investigation and resolution of complaints concerning data that is transferred from the EU to the United States brought under Privacy Shield. If the resolution provided is still not satisfactory and all other options are exhausted, Individuals/Complainant may invoke binding arbitration.

Right to Change Policy

eRevMax may require to review and amend this policy from time to time to ensure its adherence to modified laws, changes to EU-US Privacy Shield Framework, or new/modified business procedures. Changes, if any, will be updated in the published policy.

Effective: January 17, 2018.