We comply with the General Data Protection Regulation (GDPR) and the French Data Protection Act (Act No. 78-17 of 6 January 1978, as amended by Act No. 2018-493 of 20 June 2018) This Privacy Policy outlines PEN GROUP’s policy and responsibility regarding the collection, use, and disclosure of Personal Data. By continuing to use PEN GROUP’s products and services, you signify that you have read, understood and agree to be bound by this Privacy Policy as amended from time to time in respect of PEN GROUP’s collection, use and disclosure of your Personal Data. This Privacy Policy informs you how we use your personal data on the following guiding principles:
- We use your Personal Data to provide you with products and services which meet your needs and requirements;
- We aim to continuously improve our products and services for you and will use your Personal Data to help us achieve this;
- We give you some control over the Personal Data we hold about you, including who is allowed to see it and how it is used;
- We will not use your Personal Data to contact you for direct marketing purposes without your consent;
- We will take reasonable care to safeguard your Personal Data through security policies and secure business processes.
1. Types of Personal Data
The types of Personal Data that PEN GROUP collects depends on the circumstances of collection and on the nature of the products and services requested. Personal Data, which includes but is not limited to:
- personal information that links back to an individual e.g., name, gender, date of birth, passport or other personal information like pictures, etc.;
- contact information e.g., address, phone number, email address;
- travel information e.g., flight information, number of passengers flown, service preferences or requests, etc.
2. How we collect your personal data
Generally, PEN GROUP collects Personal Data, either:
- Directly from you: we collect Personal Data that you provide us with when you use any of our products, services and website or when you deal with us.
- From your authorised representatives (i.e. persons whom you have authorised, persons who have been validly identified as being you or your authorised representative pursuant to our then-current security procedures)
- From third parties (e.g., your travel agent or our service provider)
- Or from publicly available sources, through our websites, and other channels.
Where we transact or contract with a corporate entity, that corporate entity may provide us with your personal data in connection with a transaction or contract. That corporate entity is responsible for obtaining your consent to disclose your personal data to us.
3. Purposes for Collection, Use and Disclosure
PEN GROUP collects Personal Data in order to fulfil the following purposes, which include but are not limited to:
- marketing and communicating with you in relation to products and services offered by PEN GROUP’s affiliates, subsidiaries, or trusted third-party service providers;
- contacting you for product or customer satisfaction surveys and market research, safety, security and legal compliance.
PEN GROUP may also use and disclose your Personal Data with and to third parties in order to fulfil the purposes listed above.
In connection with the above, we may disclose, transfer, and jointly use your Personal Data to and with our subsidiaries and affiliated companies.
PEN GROUP may also use and disclose your Personal Data to persons who have been validly identified as being you or your authorized representative(s) pursuant to our then-current security procedures, for the purpose of the relevant transaction or enquiry.
PEN GROUP shall use its best endeavors to ensure that its directors, employees, officers, agents, consultants, contractors and such other third parties mentioned above who are involved in the collection, use and disclosure of Personal Data will observe and adhere to the terms of this Privacy Policy.
PEN GROUP may disclose your Personal Data to law enforcement agencies and government for security, customs and immigration purposes.
In addition, PEN GROUP may disclose Personal Data to our legal advisors for establishing, exercising or defending our legal rights, to our other professional advisors, or as otherwise authorised or required by law. PEN GROUP also reserves the right to share Personal Data as is necessary to prevent a threat to the life, health or security of an individual or corporate entities such as PEN GROUP, subsidiaries or affiliated companies. Further, PEN GROUP may disclose Personal Data, as is necessary, to investigate suspected unlawful activities including but not limited to fraud, intellectual property infringement or privacy.
4. Transfer of information overseas
PEN GROUP may transfer your personal information to its affiliates, subsidiaries, or trusted third-party service providers located in other countries. These transfers are necessary for the purposes of managing and processing your information as described in this Privacy Policy.
When transferring personal data outside your home country, PEN GROUP takes appropriate steps to ensure adequate safeguards to protect your information. These safeguards may include ensuring that the country to which your data is transferred provides sufficient data protection. PEN GROUP may enter into agreements with third parties that include standard contractual clauses approved by relevant data protection authorities.
The countries where PEN GROUP may transfer personal information may not have the same data protection laws as your country of residence. In such cases, PEN GROUP will take the necessary steps to ensure your privacy and data protection rights are respected and maintained.
By providing us with your personal information, you consent to the transfer, storage, and processing of your information in countries outside of your home country, as outlined in this section.
5. Consent
Generally, in the course of PEN GROUP performing servicing functions, Personal Data will, by nature of the task or transaction, be provided by our customers to PEN GROUP. In such instances, consent will necessarily be implied from the Customer that they are agreeable to providing Personal Data in order for PEN GROUP to provide the requested or necessary service and/or product to them. However, where required by law, PEN GROUP will adopt an ‘opt-in’ policy for obtaining customer consent, in which event, express written consent will be sought from you when collecting your Personal Data e.g., signing a form or checking a box. Where you make reservations on behalf of another person, you undertake and will ensure that the individual whose Personal Data is supplied to PEN GROUP has authorized the disclosure, is informed of and consents to the terms and conditions of this Privacy Policy.
Statistical Data is not linked to a customer record and PEN GROUP does not need to seek consent for the collection, use or disclosure of Statistical Data.
6. Retention
PEN GROUP will retain Personal Data for as long as it is necessary to fulfil the purpose for which it was collected, the legal or business purposes of PEN GROUP, or as required by relevant laws.
When destroying Personal Data, we will take commercially reasonable and technically possible measures to make the personal information irrecoverable or irreproducible in accordance with the applicable laws.
7. Accuracy
PEN GROUP needs your assistance to ensure that your Personal Data is current, complete and accurate. As such, please inform PEN GROUP of changes to your Personal Data by contacting PEN GROUP and submitting your updated particulars to PEN GROUP in writing (see Section 10, Enquiries).
PEN GROUP may also request Personal Data updates from you from time to time. As detailed in Section 3 above under the “Purposes for Collection, Use and Disclosure” section.
8. Security Safeguards
PEN GROUP takes the security and protection of your Personal Data very seriously. As such, PEN GROUP makes reasonable security arrangements to protect your Personal Data against loss or theft as well as unauthorised access and undue disclosure.
All Personal Data collected through PEN GROUP’s website are protected by a secure server. In addition, SSL (Secure Socket Layer) protects the transmission of data from the internet to our systems.
For example, when you transmit sensitive information such as contact details through PEN GROUP’s website, such information will be encrypted before being dispatched over the internet.
If, however, a customer does not take reasonable care to ensure the continued confidentiality and accuracy of their Personal Data, PEN GROUP will not be liable for any consequential misuse and/or fraud. If you have any concerns about security, you should contact PEN GROUP (see Section 10, Enquiries).
9. Updates to the Privacy Policy
PEN GROUP will amend this Privacy Policy from time to time without notice, and the updated versions will be posted on PEN GROUP’s website and date stamped so that you are aware of when the Privacy Policy was last updated. Subject to applicable laws, the English version of this Privacy Policy will prevail over any version of this Privacy Policy in another language. In the event of any inconsistency in interpretation between the English version and any translation of the Privacy Policy, this Privacy Policy statement in English will prevail.
10. Enquiries
If you have comments, questions or complaints about or requests relating to this Privacy Policy statement, please contact PEN GROUP in writing at the address below referencing ‘Privacy Policy’:
PEN GROUP, 33 Avenue de Wagram, 75017 Paris, FRANCE,
or email to contact@pen-group.com referencing: “Privacy Policy”.