skip navigation

CWT Global Privacy Policy and Notice

The Global Privacy Policy is available in English and in the following languages. Please note that some of these pages are currently being translated.

Last updated December 2024

Your privacy matters

CWT Global B.V. and affiliate entities (together CWT) specialize in managing business travel, meetings and events and related products and services around the world for companies of all sizes as well as governmental and non-governmental organizations.

CWT is committed to respecting your privacy through appropriate protection and management of your personal information, received by our corporate clients and their employees, contractors or guests.

This Global Privacy Policy and Notice describes the personal information we collect, how we use it and share it, in the context of the provision of our services, and your rights.

Why do we collect your personal information and under which legal basis?

CWT collects personal information from its corporate clients, their employees, contractors or guests (“travelers and attendees”) for the performance of its commercial agreements relating travel, hospitality, meetings and events services and specifically:  

  • the management of travel, transportation, hospitality, meetings and events reservations and bookings;
  • the assistance with visa application;
  • the management of event badges, stationary, catering and audio-visual services;
  • the reporting on corporate client’s travel policy compliance and travel expenses;
  • the management of corporate client’s travel spend and budget analysis;
  • quality assurance and training purposes;
  • the prevention and detection of fraud and incidents;
  • the management of corporate client relationship, account administration and reconciliation, and corporate client invoicing;
  • the management and communication of travel information on itineraries, safety alerts and fare optimization;
  • the provision of customer online and offline support; and
  • the communication of travel satisfaction surveys.

We also process your personal information for the performance of sanction screening in order to comply with international laws and regulations.

We may also process your contact information to communicate information on CWT products and services as well as process information for our internal aggregated statistics for market and corporate client account analysis and business forecasting, as our legitimate interests.

Where meal preferences, which may reveal religious beliefs and data concerning health (known as special categories of personal data under European data protection laws) are collected, the processing will be based on prior consent.

What personal information do we collect?

We collect your name, surname, phone number, email and address, country of residence, company name, job title, employee identification number, Internet Protocol address, gender, date and place of birth, payment card information, travel preferences where expressed such as seat, meal, smoking, special assistance services, government-issued photo identification documents (passport or identity card), visa details, emergency contact information, ticket number and itinerary details, fare information, frequent flyer information, loyalty card information, information related to travel requests, from time to time audio recordings for quality and assurance in the context of the purposes described above.

How do we collect your personal information?

Upon the conclusion of our commercial agreement with our corporate clients, CWT  will typically collect the list of employees authorized to travel together with minimal personal information (name, business email and address, employee number, job title) from our corporate clients and create an online ‘self-service Traveler Profile’ in its proprietary Profile Management database. Further personal information (listed above) may be entered upon account activation by the travelers themselves or their travel arranger on their behalf as per Client corporate travel policy and CWT terms and conditions of use. In cases where special categories of personal data is collected, a prior consent notice is automatically activated next to the relevant field. Traveler Profiles may also be populated with information directly received from an online booking tool service provider (OBT) upon request by a corporate client.  

When organizing meetings and events, CWT receives minimal personal information (name, surname, contact details, organization, job title and country of residence) about attendees from our corporate clients. CWT may also receive such personal information through online booking service providers contracted by client.

With whom do we share your personal information?

In order to fulfil the purposes described above,  and in line with travel industry practices, CWT shares your personal information with the relevant third-party service providers listed below:

  • Travel suppliers (airlines, hotels, car rental companies, transportation companies): these suppliers will provide the actual travel or hospitality requested;
  • General Distribution Systems (GDS), which are computerized reservation systems holding real-time airline seat and hotel room inventory (including rental car availability, etc…): GDS enables CWT to make a preliminary reservation with a travel supplier while traveler or attendee makes a definitive confirmation or alternative selection;
  • Online Booking Tools (OBT), which are online portals displaying airline and hotel options and act as a Profile Management tool:  Corporate clients will select as to whether they wish to use an OBT;
  • Safety and security service providers;
  • Card payment companies;
  • From time to time, governmental bodies in accordance with applicable laws; and
  • Providers of conference badges and stationary, catering services and audio-visual services.

Our corporate clients also may request us to share traveler or attendee information with designated third-parties of their choice, in connection with the products and services we provide.

Furthermore, CWT uses third-party sub-contractors for the management of its information technology tools and platforms. Such subcontractors may access your personal data but only for, on behalf of, and under the instructions of CWT, and are required to adhere to CWT policies, procedures and processes and to comply with applicable data privacy laws.

CWT also reserves the right to disclose your personal data if required to do so by law or in the good faith belief that such action is reasonably necessary to comply with applicable law.

In accordance with the California Consumer Privacy Act, in the preceding twelve (12) months, CWT has not sold any personal information.

Do we perform cross-border transfers of your personal data?

Given the international nature of CWT travel services, personal data transfers need to be made both internally within the CWT group, its affiliates and joint-ventures, and externally to its global partners and third-party providers described above.

Where your personal data is transferred to a country which is not governed by a data protection law affording a similar or adequate level of data protection than that in force in your country of residence, or to which no adequacy decision has been issued by the relevant European Commission, CWT has taken steps to ensure an adequate level of protection of the transferred data in the country of transfer by entering into appropriate data transfer agreements based on the European Standard Contractual Clauses (also known as European Model Clauses) issued by the European Commission. This enables the safeguarding of your information in the overseas country, and in accordance with applicable laws.

Specifically with respect to CWT’s intra-group personal data transfers from the European Economic Area to third countries e.g. the US, India and the Philippines, such are legitimized under article 46 of the European General Data Protection Regulation through CWT’s conclusion of the EC Commission’s Standard Contractual Clauses. For a copy of these clauses, please make a request at globalprivacy@mycwt.com.  

Where do we store your personal data?

Given the international nature of CWT group, we use several locations across the globe for our data storage requirements.

Based on the residency of the traveler, CWT will store Traveler Profile information in CWT’s Profile Management database either in a data center located in Spain (for European resident data) or in a data center located in the U.S. (for all other resident data). European resident data are then internally transferred to our U.S.-based data center for the purpose of mid and back-office streamlining and cost-effectiveness including travel reservation consolidation and client reporting.

Storage of financial data is performed on a regional basis on CWT servers hosted in data centers in the U.S., data centers in Spain and data centers in Singapore.

For personal information collected in the People’s Republic of China (PRC), resident data is stored in the PRC.

How do we ensure your personal data is safe?

We continuously implement and maintain administrative, organizational, technical and physical security measures to ensure the confidentiality, integrity, availability and resilience of our systems that process your personal data.

How long do we retain your personal data?

We will retain your personal data for a period not exceeding that required for the purposes for which they were collected, notably to fulfil our commercial agreements, provide our services, respond to inquiries on travel history and other business activities, comply with our legal obligations such as financial reporting and within limits prescribed by applicable regulations, and to preserve evidence for the management of disputes, claims or litigation.

For further information, please review our Retention Policy.

Compliance with this Policy and data protection laws

CWT is committed to complying with both this Global Privacy Policy and Notice and applicable data protection and privacy laws including but not limited to:

  • The European General Data Protection Regulation  (‘GDPR’);
  • The UK Data Protection Act (‘UK DPA’);
  • The California Consumer Privacy Act (‘CCPA’) ;
  • The Brazilian Law for the Protection of Personal Data (‘LGPD’);
  • The Australian Privacy Act;
  • The Singaporean Personal Data Protection Act;
  • The Chinese Cybersecurity Law ('CSL');
  • The Chinese Data Security Law  (‘DSL’);
  • The Chinese Personal Information Protection Law (‘PIPL’).

Direct-Marketing Data Protection Notice

We may use your personal contact information (name, surname, email, company name, job title, country of residence) to send you direct-marketing communications.

Where you receive a direct-marketing communication from us, it is either because you or your company on your behalf have requested such communication, or because we believe the communication is of interest to you or your company based on the services we provide to you and your company.

In some cases, we will have collected your contact details from publicly available sources or through a third-party with whom you or your company on your behalf have agreed onward sharing.

When you visit CWT websites, you can always elect not to provide us with your contact information. You can still visit most of CWT’s web pages but may be unable to receive our newsletters, to download white papers or be sent information on specific products and services or invitations to events, which necessarily require us to interact with you.

We rely on our legitimate interests to keep you informed on our products and services. However if you no longer wish to receive direct-marketing communications, you can click on the ‘unsubscribe’ link at the bottom of the communication. In this cases, your contact details will no longer be used in that regard.

Where we engage third-party sub-contractors to manage our marketing campaigns, they do so on our behalf and under our instructions, and we ensure they commit to complying with our policies and applicable privacy laws and do not use your data for any other purposes.

CWT shall retain your information so long as you wish to keep receiving our direct-marketing communications and/or to comply with legal obligations, a Court order or regulatory requirements, and to fulfil your request to ‘unsubscribe’ from marketing communications.

Your Rights

You are entitled to several rights in relation to your personal data under application data protection laws.

You have a right to access and rectify the personal data CWT processes about you, manage or withdraw your consent to data processing, where relevant. Where pertinent and upon legitimate grounds, you also have a right to erasure (right to be forgotten) of your personal information.

Depending on your country of residence and upon legitimate grounds, you also have a right to restrict the processing of your personal information, and a right to data portability.

You also have the right to object, based on grounds relating to your particular situation and at any time, to the processing of your personal data, which is based on our legitimate interest (as per article 21 of the GDPR).

If you wish to exercise your rights, please complete our SAR Form which will initiate the processing of your request.

Contact Information

To contact CWT’s Data Protection Officer with questions or issues about this Global Privacy Policy and Notice, please use globalprivacy@mycwt.com. Depending on your country of residence, you may also have a right to lodge a complaint with your local supervisory data protection authority.

For CWT Employees

In the course of your employment at CWT, we may process your personal information as described above for the purposes of your CWT business travel and meetings & events. For other purposes and processing that relate to your employment, please refer to our internal company policies and notices.

List of CWT Entities

 

This policy is subject to change. The changes will be posted from time to time on CWT websites, so please ensure you check this policy regularly.