Published using Google Docs
Privacy Statement Neoke
Updated automatically every 5 minutes

PRIVACY STATEMENT FOR USERS

0.        EXECUTIVE SUMMARY

0.1        Why, what, where, when, who, and how (long)

Why: The first and foremost reason we ask you for personal details is to offer you a smooth and seamless experience to (complete the) purchase, book(ing), order, use, facilitate and/or consume (consummation of) your travel product by providing our travel partners (with which you wish to make a reservation, order or purchase) with your relevant personal information to avoid being bothered again to provide this information to the travel provider again (and again) (e.g. upon check-in), to simplify the organization of your trips, including components such as car rentals, hotel bookings, and flights; and to streamline your travel experience by automating related actions.

What: Neoke collects and processes personal information that is legally required by travel providers or governmental authorities, based on local regulations. For this purpose, we may ask you to provide certain personal data, such as your full name, email address, telephone number, date and place of birth, gender, nationality, driver's license/passport/ID details (including your picture), credit card details, loyalty/membership program number and those of the people in your company and any (email/telephone) correspondence with Neoke. Neoke may also ask for certain sensitive data (e.g. health data) and additional information such as your travel-related preferences and restrictions, which can enhance your experience. You have full control over the information you choose (not) to share, but please note not all services may be available to you if we do not have the relevant information from you.

What else – rights: You will have all rights granted by applicable law, such as the right to know what information we hold, the right to be forgotten, and the right to amend, correct, delete, or block your personal information

What else – security: We have implemented a range of procedures and measures to prevent unauthorized access to, and the misuse of, your personal data that we process (including encryption, and multi-factor authentication).

Where: At Neoke, we believe in giving you ownership and control over your important data, such as your passport. This is why we store it on your device instead of keeping it in our databases. However, to digitize documents, we do need to rely on a third-party technology provider who must comply with regulations and retain a copy of the documents for a specified period. Neoke uses encryption and employs self-sovereign identity technology based on blockchain to keep the data stored on your device safe and secure. This technology ensures that the certificates issued to you cannot be manipulated. When you request it, we will share or unlock this information with other services in the context of a travel-related interaction, such as check-in or log in. Afterward, we will store it on either our platform or theirs, following local legal regulations that may require us to keep certain data points for a set period of time.

When: Upon registration with Neoke (or at any time thereafter), Neoke may ask you to provide, update and complete relevant required personal information in its system through the website/app on which the Neoke service is available to you.

Who: Neoke is responsible for the data it collects and acts as a data controller. Neoke will share the relevant personal information with the relevant travel provider with which you have made a reservation, purchase or order, which shall also act as (co-) data controller upon receipt of the relevant information. Neoke and each travel provider shall each be solely responsible for the processing of personal data by itself or on its behalf in accordance with applicable data protection laws.

Furthermore, Neoke may share certain personal information with its affiliated group companies (e.g. for customer service) and trusted subcontractors. Neoke is responsible for these parties (which act as data processor subject to a data processor agreement with Neoke).

How (long): We will collect and process your personal information in accordance with this privacy statement and retain your personal data for as long as necessary to manage our business relationship with you, provide Neoke services to you, and comply with applicable laws, including those related to document retention. We will also retain some data to resolve disputes or claims with third parties and, if necessary, to conduct our business

The above is a general overview. Depending on the law that applies to you, we might be required to provide some additional information. Please find below more detailed information about the use and process of your personal information.

Important notice: We may from time to time request you to provide (either on voluntarily basis or as required as per government regulations or government-issued identification documents or medical certificates) certain sensitive information (e.g. personal data revealing health data (e.g. disability, medical/physical) limitations and illnesses) (the "Sensitive Data"). We shall require the prior explicit active consent (e.g. checkbox) from the User and stipulate the purpose for usage and process when such data is requested. Gender or passport information is not a sensitive personal data point.

Glossary: appendix 1 includes a glossary with relevant privacy terms and their definitions.

1.        INTRODUCTION AND DEFINITIONS

1.1         About Neoke

1.1.1        We are Neoke B.V., a private limited liability company, incorporated under the laws of the Netherlands and having its registered office at Poortland 66 (1046 BD) in Amsterdam (trade register: 87691418). Neoke B.V. may be referred to in this document as 'we', 'us', 'our', or 'Neoke'.

1.1.2        We collect personal data via our platform (app) and service.

1.1.3        The personal data that Neoke collects in relation to its users depends on the context of the business relationship and their interaction with Neoke, the choices the user makes, and the products, services and functions they use.

1.2         Privacy statement and acceptance

1.2.1        This privacy statement explains how Neoke processes your personal data. "You", "your" or "User" means you, the user of our service as made available on our website/app (including any other natural person of whom the personal data is provided to Neoke).

1.2.2        This privacy statement applies to every group company of Neoke that is responsible for or involved in the processing of a User's personal data. Depending on the nature of the business relationship, various group companies of Neoke may be responsible for the processing of that personal data.

1.2.3        To the extent permitted or required by law, by signing up for, registering (including uploading or otherwise enabling your personal data) and/or using our services, you hereby (i) accept, acknowledge (to have read and understood) and agree to this privacy statement, and (ii) give your explicit consent to Neoke to collect, use, transfer, disclosure or process the personal data as from time to time provided or otherwise made available to us for purposes and to such recipients and locations as described in the privacy statement.

2.         DATA COLLECTION

2.1         Personal data that Neoke collects

2.1.1         Personal data that you – as a User – (may) provide to us, such as:

We collect relevant contact information from Users, such as first and last name, place/date of birth (if required), (email) addresses, (mobile) telephone numbers, credit card details (if required), ID/passport/driver's license details (including your picture for facial recognition, verification or validation), loyalty number, preferences or special requests, etc .

We may from time to time request you to provide certain Sensitive Data (e.g. personal data revealing health data (e.g. disability, medical/physical) limitations and illnesses). If certain sensitive data is requested on a voluntarily basis, there is no obligation to provide any requested Sensitive Data and any disclosure of such requested Sensitive Data is at your sole discretion. However, certain Sensitive Data may be required by governmental rules and regulations. If you do not or cannot provide the requested or required Sensitive Data, you may not be able to (fully) use our services, or use and consummate the transaction, service or product for which you use our services (e.g. immigration, country entry, boarding, etc).

We collect data necessary for payment and billing purposes (including your bank details, bank account number, credit/ debit card, and VAT number) and data otherwise required for invoice processing.

We collect information about transactions enabled by us to build a history of the traveller's trips. To enrich this data, we may ask the traveller to provide information about other trips they have taken and managed outside of our platform. This will enable the traveller to keep all of their travel information in one place and use it to improve their future travel experiences.

We may ask you to provide (on voluntarily basis) information in respect of any food allergies, favourite cuisines, general food preferences, contact details and identity documents, which information we may use for profiling purposes to help you make sure each traveler's experience is as personalized as possible.

When a User communicates with Neoke, we collect and process information about this communication. During calls with our customer service (including when being in queue or on hold), live listening and calls can be recorded for quality control and training purposes. These recordings can also be used for claims handling and fraud detection.

Recordings are kept for a limited time before they are automatically deleted unless Neoke has a legitimate interest in keeping the recording for longer. This only happens in exceptional cases, such as for fraud investigation, compliance, and legal purposes.

2.2         Information We Collect Automatically

2.2.1         Depending on the business relationship, Neoke may also automatically collect information, some of which may be personal data. This data is collected when a User uses online services such as a registration form or a user account.

The data collected may include:

2.3         Personal Information You Provide Us About Others or without our request

2.3.1         By sharing the personal data of other persons (such as family members or other people who travel in your company), you confirm that these persons have been informed about the use of their personal data by Neoke in accordance with this privacy statement. You also confirm that you have obtained all necessary consents as required by applicable laws and regulations.

2.3.2        Unless explicitly requested by us, we discourage you from providing (sensitive) personal data at your own initiative. If you choose to disclose without our explicit request, we accept and assume through your self-disclosure your explicit and unconditional consent to process and use that information as described in, and subject to this Privacy Policy.

2.4         Other information we receive from other sources

If you (choose to) use our Service, you give consent to the collection and process of your travel related data (e.g. place and date of your reservation, purchase order, loyalty program or travel plans) from the relevant (travel) suppliers with which you may have made a reservation or purchase and which work with Neoke in order for you to enjoy a seamless travel experience.

Law enforcement or tax authorities may contact Neoke with additional information about Users in the event that they are affected by an investigation.

In certain cases, and as permitted by applicable law, Neoke may need to collect data from third-party sources for fraud detection and prevention, risk management, and compliance purposes (e.g. sanction/PEP screening).

3.         PROCESSING PURPOSES AND SHARING

3.1         Purposes

3.1.1         Neoke uses the previously described information about Users, some of which may be personal data, where relevant, for the following purposes:

A.         Registration and administration

Neoke uses account information, contact details, and financial information to manage and maintain the business relationship with the User and to render its service to you. This also applies to registration and verification purposes.

Important notice: Neoke has no access to your vault (which is only available on your personal device), and it does not control, store or otherwise process the personal data in your vault.

B.         Render its service (including customer service)

Neoke uses the information provided by Users, which may include personal data (including Sensitive Data), to support its services. For example, it can be used to process the relevant personal information of Users by sending it to the travel provider, guiding the users, automating certain tasks for them, and responding to requests, questions, or comments from Users or travel provider.

We only use and disclose Sensitive Data as necessary in connection with the performance of services and the provision of goods, compliance with federal, state, or local laws, and as otherwise permitted by applicable privacy and data security laws.

C.         Other activities, including marketing and profiling

If a potential User has not yet completed the online registration, Neoke may send a reminder to complete the registration process. We believe that this extra service is useful for our (future) Users because it allows them to complete the registration without having to re-enter all registration details.

Neoke may invite Users to complete travel related reviews, ratings and scores and attend (online) events, seminars, webinars that may be relevant or interesting to them or where they can share travel experiences. We may also use personal data to provide and host online forums that allow Users to find answers to frequently asked questions about the range and use of Neoke's products and services.

Marketing (e.g. newsletters): To the extent relevant to the business relationship, Neoke uses personal data for communication, including providing information about its systems or product updates, sending Neoke newsletters, and inviting Users to participate in references, promotions, or for other marketing communications. When we use personal information to send direct marketing messages electronically, we offer an opt-in option.

Profiling: We use data like ID documents and contact details to make 'things' smoother for our Users, like reducing check-in waiting times. We also consider preferences to personalize experiences, such as food choices and accessibility needs. The profiling is for general purposes and not used for automated decision making.

D.         Communication with users

Neoke has (access to) communication with you (telephone, chatbot, email, platform). We also use automated systems to review, scan and analyze communications for the following purposes:

Communications sent or received using Neoke's means of communication are received and stored by Neoke. We do not record all calls. If a call is recorded, each recording is kept for a limited time before being automatically deleted. This is the case unless we have determined that it is necessary to keep the recording for fraud investigation or legal purposes.

E.         Analysis, improvement and research

Neoke uses the information provided to us, which may include personal data, for analytical purposes. This is part of our commitment to improve Neoke's products and services and to improve the user experience.

This data can also be used for testing purposes, troubleshooting and improving the functionality and quality of Neoke's online services. We may also record some live sessions using tools such as Hotjar and invite users to participate in surveys and other market research from time to time.

Certain Users may be invited to join a user forum to communicate with Neoke and/or to exchange experiences with other Users.

Please refer to the information Neoke provides when you are invited to participate in a survey, market research or to join an online platform to understand how your personal data may be treated differently than described in this Privacy Statement.

F.         Security, fraud detection, and prevention

We process the information provided to us, which may include personal data, to investigate, prevent and detect fraud and other illegal acts. This may include personal data that a User has provided to Neoke, for example for verification purposes as part of the registration process, personal data collected automatically, or personal data obtained from external sources (including from guests).

Neoke may also use personal data to facilitate investigation and enforcement by competent authorities, if necessary. For these purposes, personal data may be shared with law enforcement authorities.

Neoke may also use personal data for risk assessment and security purposes, including user authentication, and we use external service providers for third-party risk management. These providers help us assess the business risk profile of our Users. They may also provide us with due diligence reports from third parties, which, as permitted by applicable law, may contain potential information about criminal convictions and owner or User violations.

G.         Legal, regulatory and compliance

In certain cases, Neoke must use the information provided (which may include personal data) to handle and resolve legal disputes or for regulatory investigations, risk management, and compliance. We may also use it to enforce our agreement(s) with Users or to resolve any complaint or claim involving a User, and in accordance with internal rules and procedures.

In addition, we may need to share information about Users (including personal data) where required to do so by law or strictly necessary to respond to requests from competent authorities. This includes tax authorities, courts, other government and public authorities, or local municipalities (for example, regarding short-term rental laws).

Finally, Neoke may use personal data for anti-money laundering verification and KYC (know your client) related purposes and obligations (including sanction screening for 'politically exposed persons' (PEPs) and sanctioned individuals).

If we use automated means to process personal data that produces legal effects or significantly affects you or other natural persons, we will take appropriate measures to safeguard your or the other person's rights and freedoms. This includes the right to human intervention.

3.2         Legal grounds

3.2.1         First of all, Neoke strongly believes that the User should be in control of its personal data. Therefore and save as set out otherwise below, Neoke will at all times obtain your consent before processing personal data for any services you wish to use from Neoke, including for marketing and profiling purposes or as otherwise required by law.

3.2.2        Purpose A and B: In addition to the consent, Neoke assumes the legal basis that the processing of personal data for purposes A and B is also necessary for the execution of the agreement between the User and Neoke. If the required information is not provided, Neoke will not be able to work with a User and provide its service, nor will we be able to provide customer service.

3.2.3         Purposes C to G: Neoke relies on its legitimate interest to provide its services to, or obtain services from Users, to prevent fraud and to improve its services. When we use personal data to serve the legitimate interest of Neoke or a third party, we will always balance the rights and interests of the data subject and the protection of their information against the rights and interests of Neoke and/or the third party.

3.2.4        Purpose F and G: Neoke also relies, where applicable, on compliance with legal obligations (such as lawful law enforcement requests) or the protection of vital interests (e.g. airport security and border control).

3.2.5        The collection and process of any Sensitive Data will be strictly under the condition of your prior explicit (active) consent (including at the time of requesting the consent, disclosure of the purpose and use).

3.2.6         Important notice: you can at all times withhold or withdraw your consent without detriment. If you wish to object to the processing as set out under C to G and cannot find a way to opt out directly (for example in your account settings), please contact Neoke at contact@Neoke.com.

3.2.7        Important notice: Insofar Neoke will conduct decision-making based on profiling or solely automated decision-making (which produces legal effects or similarly significantly affects the data subject), it shall require the prior explicit consent from the User (including stipulate the purpose).

4.         SHARE WITH OTHERS

4.1         Sharing with affiliated group companies

4.1.1         To support the use of Neoke services, your information (which may include personal data) may be shared with or within Neoke affiliates. This is done for the purposes described below, subject to any contractual terms.

The purposes for sharing data within the Neoke group of companies are:

A.         to offer, provide or make available services and products (including supplier management) and to provide support (such as completing reservation/booking, canceling, changing and/or managing, account management, and any customer service, billing, and collection);

B.         to prevent, detect and investigate fraud and other illegal activities;

C.         for analytical, quality, and product improvement purposes (including monitoring conversations by live listening or recording for quality and training purposes);

D.         marketing activities (including news items) from which you can easily unsubscribe or unsubscribe) and to personalize online services (including personalized offers and promotions);

E.         communication purposes (by email, telephone, or post) for the above purposes (including survey, market research, reviews, or ratings) or as necessary under our agreement with you;

F.         legal purposes, including the handling of complaints, claims, legal claims, and for the detection of fraud (in which cases any telephone conversations may be recorded);

G.         to ensure compliance with applicable laws or law enforcement.

With a view to purpose A, and insofar as applicable, Neoke relies on the legal basis that the processing of personal data is necessary for the performance of the agreement with you for the purchase, booking, reservation, order, or use of the product or service as offered by the travel provider.

Neoke further relies on its legitimate interest and that of its group companies to receive, process, and share personal data as described under B to G. This is to provide services to or obtain services from Users, including to improve the services and prevent fraud or other illegal acts. When personal data is used to serve the legitimate interest of Neoke or a third party, Neoke will always balance the rights and interests of the person concerned in protecting their personal data and the rights and interests of Neoke or the third party.

For purpose G, Neoke also relies on compliance with legal obligations where applicable (such as lawful law enforcement requests or enforcing its terms and conditions for use of the service).

Finally, where needed under applicable law, Neoke will obtain your consent prior to processing your personal data, including for email marketing purposes or as otherwise required by law.

If you wish to object to the processing as set out under B to G, and cannot find a way to unsubscribe directly (for example in your account settings), please contact Neoke at contact@Neoke.com

4.2         Sharing with third parties

4.2.1         We share Users' information (which may include personal data) with third parties, as permitted by law and as described below:

(a)        Travel providers. We may transfer, disclose, share or otherwise enable your personal data with travel providers to allow them to offer, facilitate or provide their product or service to you. Depending on the product or service used, ordered or booked by you, the details we share can include your name, contact and payment details, ID/passport information, the names of the people accompanying you and any other information or preferences you specified when you book, order or use the relevant service or product of the relevant travel provider. The travel providers shall also act as (co-) data controller upon receipt of the relevant information. Neoke and each travel provider shall each be solely responsible for the processing of personal data by itself or on its behalf in accordance with applicable data protection laws.

(b)        Service providers (including suppliers, auxiliaries, and subcontractors). We share personal information with selected third-party service providers to provide our products and services, billing/collection, prevent and detect fraud, store data and otherwise support our business processes, or so that they can conduct business on our behalf.

(c)        Payment providers and other financial institutions. In order to process payments between a User and Neoke, relevant personal data may be shared with payment providers and other financial institutions.

(d)        Screening of sanctions lists or risk management as required by applicable law.

(e)        Forced disclosure. When required by law, strictly necessary for the performance of our services, in legal proceedings, or to protect our rights or the rights of users, we disclose personal data to law enforcement agencies, research organizations, users, or group companies.

As applicable and unless indicated otherwise, for purposes (a), (b) and (c) Neoke relies on the legal basis that the processing of personal data is necessary for the performance of a contract, and for purposes (a) to (e), Neoke relies on its legitimate interests to share, process, enable and receive personal data, and, where applicable, for (d) and (e) on compliance with legal obligations (such as lawful law enforcement requests).

Travel providers may further process your personal data outside our control. Travel providers may also ask for additional personal data, for instance to provide additional services, or to comply with local restrictions. If available, please read the privacy statement of the relevant travel provider to understand how they process your personal data.

4.3         Sharing and disclosure of aggregated data

4.3.1         We may share information with third parties in an aggregated form and/or another form in which the recipient cannot identify you, for example for industry analysis or demographic profiling.

5.         SECURITY AND PROTECTION

5.1         You have access to your personal data via your Account.

5.2         We have procedures in place to prevent unauthorized access to and misuse of personal data.

5.3         We use appropriate business systems and procedures to protect and secure information, including personal data. We also use security procedures and technical and physical restrictions to access and use the personal information on our servers. Only authorized personnel have access to personal data in the context of their work.

6.         DATA RETENTION

6.1         We retain personal data for as long as it is deemed necessary to manage the business relationship with a User, to provide Neoke services to a User, and to comply with applicable laws (including those relating to the retention of documents ), disputes, or claims with any parties, and if otherwise necessary to enable us to conduct our business.

6.2        Upon termination of the agreement with you, we will delete all your personal data in any event after 2 years after termination of the agreement (or for certain relevant personal information such longer period as required by law).

6.2         Any personal data we hold about you as a User is subject to this privacy statement and our internal retention guidelines. If you have any questions about the specific retention periods for the different types of personal data we process, please contact Neoke at contact@Neoke.com.

7.         YOUR CHOICES AND RIGHTS

7.1         Depending on where you are located or the entity of Neoke that processes your personal data, different rights may apply to the processing of that data, as set out in this privacy statement. As applicable:

7.2         Where we use your personal information based on your consent, you have the right to withdraw that consent at any time, subject to applicable law. Where we process your personal data on the basis of legitimate interest or public interest, you also have the right to object at any time, subject to applicable law.

7.3         Regardless of your location or the Neoke entity you have a contract with, we rely on our Users to ensure that the personal information we hold is complete, accurate, and current. Always inform us in good time of any changes or inaccuracies in your personal data.

7.4        To protect your privacy and security, we will verify your identity before responding to such request, and your request will be answered within a reasonable timeframe. We may not be able to allow you to access certain personal data in some cases e.g. if your personal data is connected with personal data of other persons, or for legal reasons. In such cases, we will provide you with an explanation why you cannot obtain this information. We may also deny your request for deletion or rectification of your personal data if you have future/ongoing service with us or due to statutory provisions, especially those affecting our accounting processes, processing of claims, for fraud detection or prevention purposes, and mandatory data retention, which may prohibit deletion or anonymization. This includes retaining your personal data for a period of 120 days after your last checkout to handle any post-booking matters such as in the case of complaints or claims, for fraud prevention, trade sanction reasons, legal claims or requests.

8.         THIRD PARTIES WE USE

        To enhance your experience with Neoke, we may utilise Hotjar to record user sessions. This tool helps us understand how users interact with Neoke, but will never record your personal data. Hotjar only tracks user’s navigation (e.g. where they click, scroll their mouse, or move in between pages) and protects user information by blurring images that are uploaded, and decoding text (e.g. numbers will appear as asterixis; ‘***’). All user session recordings are completely anonymous; IP/MAC addresses will not be shared.

        To further ensure a seamless experience with Neoke, we also partner with Veriff, a trusted third-party service provider, for the digitalization and verification of user identities during the check-in process. Veriff supports us in maintaining a secure and trustworthy environment, utilizing their advanced technology to confirm user identities. This process is critical for adhering to our high standards of security, privacy, and compliance with regulatory requirements. Please be assured, like with our use of Hotjar, your personal data privacy remains our utmost priority.

9.        CONTACT US

9.1         If you have any questions, wishes, or comments about how we process your personal data, or if you would like to exercise any of the rights you have under this Privacy Statement, please contact us at contact@Neoke.com. You can also contact your local data protection authority.

9.2         We handle privacy-specific questions, requests, and concerns reported to us using internal policies and procedures based on applicable privacy laws, regulations, and guidelines. We regularly review and improve this policy and procedures, also taking into account User feedback.

10.         CHANGES TO THIS PRIVACY STATEMENT

This privacy statement may be amended or supplemented from time to time. If we intend to make material changes or changes that affect you, we will always contact you in advance. An example of this type of change would be if we started processing your personal data for purposes not described above.

Version: 28 March 2024.


APPENDIX 1 – Glossary and definitions

Some useful terms and definitions:

"Algorithm" means a computational procedure or set of instructions and rules designed to perform a specific task, solve a particular problem, or produce a machine learning or AI model.

"Anonymization" means the process in which individually identifiable data is altered in such a way that it no longer can be related back to a given individual.

"Automated processing" means a processing operation that is performed without any human intervention.

"Caching" means the saving of local copies of downloaded content, reducing the need to repeatedly download content.

"Cookie" means a small text file stored on a client machine that may later be retrieved by a web server from the machine. Cookies allow web servers to keep track of the end user’s browser activities, and connect individual web requests into a session. Cookies can also be used to prevent users from having to be authorized for every password protected page they access during a session by recording that they have successfully supplied their username and password already.

"Data breach" means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

"Data controller" means the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data. 

"Data minimisation": The principle of “data minimisation” means that a data controller should limit the collection of personal information to what is directly relevant and necessary to accomplish a specified purpose. They should also retain the data only for as long as is necessary to fulfil that purpose.

"Data processor" means a natural or legal person (other than an employee of the controller), public authority, agency or other body which processes personal data on behalf of the controller.

"Personal data" means any information that relates to an identified or identifiable living individual (e.g. name, address, email, etc). Different pieces of information, which collected together can lead to the identification of a particular person, also constitute personal data (e.g. location data, IP data, ID number, etc). Personal data that has been de-identified, encrypted or pseudonymised but can be used to re-identify a person remains personal data and falls within the scope of the GDPR. Personal data that has been rendered anonymous in such a way that the individual is not or no longer identifiable is no longer considered personal data. For data to be truly anonymised, the anonymisation must be irreversible.

"PEP" (politically exposed person) means any of the following persons: (i) head of state, head of government, minister, deputy minister or state secretary, (ii) member of Parliament or member of a similar legislative body, (iii) member of the board of a political party, (iv) member of a Supreme Court, Constitutional Court or other high-level court that gives rulings against which, except in exceptional circumstances, no appeal is possible, (v) member of a court of audit or a board of directors of a central bank, (vi) ambassador, agent or senior officer of the armed forces, (vii) member of the management, supervisory or administrative bodies of a state-owned company, (viii) director, deputy director, member of the board of directors or person holding an equivalent position at an international organization, or (ix) any of their family members (child, sibling or parent) or their spouse or partner.

"Profiling" means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

"Travel provider" (or "travel partner, "supplier") means the provider of a travel (related) product or service (such as airline, car rental, accommodation provider, attraction, security/border controls and assistance (e.g. immigration, airport security, priority lane, travel assistance), travel agent, tour operator, corporate travel provider, etc).