Data Protection Policy of BS Travel Management
We, the data controllers and data processors of the Rogers Group:
Shall endeavour to:
• Ensure that we are duly registered as controllers and/or processors with the Data Protection Commissioner.
• Ensure that personal data is:
• Inform data subjects of all relevant matters relating to the collection of their personal data, including the purpose for which the data is being collected and the period for which the data will be stored.
• Adopt policies and implement appropriate technical and organisational measures so as to ensure that the processing of personal data is performed in accordance with applicable data protection legislation.
• Maintain a record of all processing operations under our responsibility.
• On the written request of a data subject, provide confirmation to him/her as to whether or not personal data relating to him/her is being processed and forward to him/her a copy of the data.
• On being informed of the inaccuracy of personal data by a data subject to whom such data pertains, cause the data to be rectified without undue delay.
• Destroy, as soon as reasonably practicable, personal data where the purpose for which the data was collected has lapsed.
• Notify the Data Protection Commissioner and the relevant data subjects, where applicable, of any personal data breach in a timely manner.
• Where processing operations are likely to result in a high risk to the rights and freedoms of data subjects, carry out, prior to the processing, an assessment of the impact of the envisaged processing operations on the protection of personal data.
Shall endeavour not to:
• Collect personal data unless: (a) it is done for a lawful purpose connected with one of our functions or activities; and (b) the collection of the data is necessary for that purpose.
• Process personal data unless:
o for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject before entering into a contract;
o for compliance with any legal obligation to which we are subject;
o for the legitimate interests pursued by us, except if the processing is unwarranted in any particular case having regard to the harm and prejudice to the rights and freedoms or legitimate interests of the data subject; or
o for such other purpose as may be authorised by law.
• Process the personal data of a data subject who has objected in writing to such processing unless we demonstrate compelling legitimate grounds for the processing which override the data subject’s interests, rights and freedoms or for the establishment, exercise or defence of a legal claim.
• Process the personal data of a child below the age of 16 years unless consent is given by the child’s parent or guardian.
• Transfer personal data to another country:
• Without lawful excuse, disclose personal data in any manner that is incompatible with the purpose for which such data has been collected.