Triplicity Corporate Privacy Notice

Last update: January 1, 2024

Scope

Clients’ privacy is of significance to Triplicity LLC ("Triplicity”, “we”, “us”, “our”) and we are committed to maximally avoid risky processing of Travelers’ personal data (personal information), as well as to process only as much data as it would be absolutely necessary for achievement of our purposes or providing services set in the Business Travel Service Agreement ("Agreement”).
This Privacy Notice applies to the Travelers’ personal data (personal information) provided by business Clients of TRIPLICITY.
Unless otherwise defined herein, terms defined in the Agreement shall have the same meaning in this Privacy Notice. Wherever the context may require, any pronoun shall include the corresponding masculine, feminine and neuter forms. The definitions of terms herein shall apply equally to the singular and plural forms of the terms defined. The words “include”, “includes” and “including” shall be deemed to be followed by the phrase “without limitation”.
This Privacy Notice supplements the Agreement. In case of conflict, this Privacy Notice shall prevail.
Due to TRIPLICITY is in B2B (business-to-business) relationships with its Clients this Privacy Notice does not relate (except confidentiality rules) to the personal data of Client’s representatives, who acts on behalf and in the interests of the Client (legal person), except for verification, legal and anti-money laundering (also Know-Your-Client) purposes.

What data do we collect?

The amount and types of personal data depend on the context of the business relationship and their interaction with TRIPLICITY, the choices made by the Client and the products, services, and features Clients use.
The personal data TRIPLICITY collects about Travelers can include the following below.
Contact details
First, middle and last name, date of birth (as required), addresses, business email addresses, telephone, and other means of communication.
Verification details
TRIPLICITY can ask Clients to provide a copy of passport/ID of its representative or other relevant information to verify the authenticity of the Client. For example, we might request the Client to confirm the role and authorization level of the current Traveler (authorised to book and pay for services or not authorised, etc.).
Communication data and e-Evidence
Email/chat communications, call records. Due to remote nature of our services, our main contact channels with Clients are emails/chats/calls/other electronic evidence. As a result, on the one hand, we want to be sure Clients received exactly those services they requested, but on the other hand, in case of disputes we must be able to protect, establish and exercise our legal claims, as well as comply with legal obligations. Another important purpose of communication data processing is preventing frauds and other illegal activities. “Other electronic evidence” might include IP address, user-agent, device settings, timestamps, meta data (log files etc.), which will ensure documenting of legal acts requested and/ or performed by TRIPLICITY and/ or Clients.
Travelers’ data
  • Identification information, including first, middle, last name, date of birth, gender, citizenship;
  • Contact details, including corporate email, phone etc.;
  • Documents, including copies of passport, ID, immigration/ visa documents;
  • Vaccinations and similar confirmations (only if necessary, so TRIPLICITY is able to render requested services);
  • Additional info, including job title, authorisation level, personal preferences (e.g. flight times, lay overs, avio seats, flying habits, airline/ meal preferences, preferred hotels, car rental services etc.), purpose of trip (business trip, leasure, conference etc.)
By sharing Travelers’ personal data Clients confirm that Travelers have been informed about processing of their personal data by TRIPLICITY in accordance with this Privacy Notice. Clients also confirm that they have obtained all necessary consents, as may be required by the laws and regulations applicable to Clients.

Why do we need personal data?

Conclusion and Performance of the Agreement (Main Purpose)
TRIPLICITY primary purpose of personal data processing is to conclude and perform the Agreement. First, we must verify and establish authorised communication with Clients, perform necessary legal authentication and register the new Client. Secondly, we must perform the Agreement and render Services on request of Clients. Thirdly, we must manage invoicing and payments.
Customer support
Upon request of Travelers and Clients we might respond to requests, questions, or concerns. For example, Travelers might need assistance during and after reservation.
Security, compliance and fraud prevention
We process data the following purposes:
  • security, including preventing and timely identifying hacker’s attacks;
  • fraud prevention;
  • monitoring, identifying and fixing technical bugs and errors;
  • compliance with legal and regulatory requirements;
  • investigating of potential misconduct;
  • establishing, protecting and exercising legal claims.
Other activities, including surveys and marketing
We might send to Clients:
  • reminders to those who did not complete the onboarding;
  • invitations to participate in surveys, referral campaigns and TRIPLICITY’s internal events;
  • updates on our products;
  • amendments of the Agreement or this Privacy Notice;
  • TRIPLICITY newsletters and other marketing communication;
  • holidays greetings.
We might also use aggregated data for analytical, research and statistical purposes, as well as for UX/UI enhancement.

How do we share personal data?

Corporate affiliates and change of control
We may share personal data with our corporate affiliates and if TRIPLICITY itself (or part of its business) is sold or otherwise changes control, owners would have access to personal data for the uses set out herein. 
Service providers
We may share personal data with suppliers who perform services on our behalf and have agreed in writing to protect and not further disclose personal data.
Payment service providers and travel vendors
We may share Travelers’ data with the payment service providers, acquirer banks and the travel vendors Clients have booked with. This can include online travel agencies, hotels, airlines, car rental companies, and travel insurance providers. These third parties will process Travelers’ data in accordance with their own privacy policies (our Privacy Notice does not apply). If Clients contact our customer support, the latter may need to share information about Client’s request with the relevant travel vendor to assist Clients.
Business partners
We may share data with various business partners. Some of these business partners may use personal data for fraud detection, including identifiers, contact data and network activity information, also to detect, prevent, or otherwise address fraud, security or technical issues. We may also ask our partners to create a survey, form, application, or questionnaire, so we know the degree of Clients’ satisfaction with our services. Some of these business partners may use data for online advertising purposes. We may also share personal data as otherwise described to Clients at the time of collection. We may also share aggregated usage information with partners. We enter into confidentiality and personal data processing terms with partners to ensure they comply with high levels of confidentiality and best practice in privacy and security standards and we regularly review these standards and practices.
Trips shared by Clients
If Clients use or have itineraries as part of our Service, Clients can send or grant access to their itinerary to anyone they choose. The itinerary may contain enough details (for example, booking reference codes) to allow the recipient to cancel or modify your booking, perform a check-in, etc. Clients should only share their itinerary with people they trust.
Information shared in public
If Clients provide us with a review of their trip, they authorize us to publish it on all our Platforms under the screen name they provided. Clients also authorize us to aggregate it with other reviews.
Authorities
We may disclose Travelers’ data if required by law, for example to law enforcement or other authorities. This includes court orders, subpoenas and orders arising from legal processes, and administrative or criminal investigations.

Data security

Subject to the applicable laws, we provide the necessary safeguards to maintain protections of Travelers’ data. We have procedures in place to prevent unauthorized access to and misuse of personal data.
Our systems are configured with data encryption, or scrambling technologies and firewalls constructed to industry standards. We also use Secure Socket Layer (SSL) technology that protects personal data Clients send over the Internet. We limit access to personal data to those employees, agents, contractors and other service providers who have a business need to know. They will only process the data on our instructions, and they are subject to a duty of confidentiality. We have put in place procedures to deal with any security incident and will notify Clients and any applicable regulator of a breach where we are legally required to do so.
We use appropriate business systems and procedures to protect and safeguard information, including personal data. We also use security procedures and technical and physical restrictions for accessing and using the personal data on our servers.

Data retention

We will retain personal data for as long as deemed necessary to manage the business relationship with Clients, to provide TRIPLICITY services and to comply with applicable laws (including those regarding document retention), resolve disputes or claims with any parties, and as otherwise necessary to allow us to conduct our business.
All personal data we retain about Clients is subject to this Privacy Notice and our internal retention manuals. If you have questions about the specific retention periods for the various types of personal data we process, please get in touch using the contact details below.

Travelers’ rights

Travelers’ have the following rights:
  • get a copy of their personal data (access rights) once in 12 months;
  • request to rectify incorrect data;
  • based on applicable law request to delete data, except if we need to retain it for providing services on Clients’ request, complying with laws, preventing frauds, exercising/defending legal claims.
  • withdraw the consent; the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
Due to the remote nature of our services, it is important for us to keep communicating through the same email (Verified Email), which was used by Clients during the Agreement conclusion. Verified Email is the key communication channel for us, so we can give quick answers and not divulge Travelers’ data to any malicious person. Travelers might also submit a request through the voice call, but still we must use the Verified Email to reply, due to law requirements and in order to protect our legal claims.  If Travelers submit their request through the authorised agent or by using third party service we will ask for additional verification by contacting the Traveler via Verified Email.
Fees and denials
Usually Travelers do not have to pay a fee to access (or to exercise any of the other rights). However, we may charge a reasonable fee if Traveler’s request is clearly unfounded, repetitive (more than once in a 12-month period) or excessive. Alternatively, we could refuse to comply with Traveler’s request in these circumstances. We might also refuse to act on Traveler's request, when we are not in a position to identify the Traveler and verify their request or the requested fee was not paid. We may need to request specific information from Travelers to help us confirm their identity. This is a security measure to ensure that personal data is not disclosed to unauthorised persons.

Contact us

In case of questions about this Privacy Notice or to exercise rights set here in, Travelers must contact us at corporate.privacy@triplicity.com.

Amendments of this Privacy Notice

This Privacy Notice might change from time to time. In case of material changes, we will always contact Clients in advance. An example of this kind of change would be if we were to start processing your personal data for purposes that aren’t detailed above, which are not compatible with those set herein.