Creative Group Privacy Notice last updated on February 1, 2024
Creative Group, Inc. a Creative Group Company (collectively “Creative Group”, “us”, “we”, “our”) are committed to protecting your privacy. This Privacy Notice (“Notice”) explains our privacy practices and provides information on how and why we collect, use and share your personal information through our interaction with you and through our products and services and when companies or individuals visit our subsidiary websites and sub-domains (“Website”), our mobile applications (“Apps”) or use our communications platforms (“Services”). The policy also describes their choices regarding use, access, deletion, and correction of personal information.
Creative Group’s Privacy Notice applies to our clients (including our client’s end users) and users (all other individuals who use the Creative Group products, Services, Apps or Website) who provide personal information directly to us through use of our Website, Apps, or Services, (collectively “You”). You may choose not to provide certain information to us, but doing so may restrict your ability to use our Services. If you have any questions or concerns about our use of your personal information, please contact us using the contact details provided at the bottom of this Notice.
We recommend that you read this Notice in full to ensure you are fully informed. However, if you only want to access a particular section of this Notice, then you can click on the relevant link below to jump to that section.
- Information we collect
- Information we use
- Sharing and disclosure of information to third parties
- Your privacy rights/Unsubscribe from our mailing list
- Third-party sites
- Data Protection Principles
- Data Retention
- International data transfers
- EU-US/Swiss-US and UK Extension to the EU-US Data Privacy Frameworks
- Children’s privacy
- Updates to this Notice
- Contact Us
INFORMATION WE COLLECT
The personal information that we may collect about you falls into the following categories:
Information which you provide to us
Certain parts of our Website and Services may ask you to provide certain personal information. We will clearly communicate the reason you are being asked to provide such personal information, and the types of personal information required to fulfill a request or service.
We collect information which you provide directly to us when you use our Website, Apps or Services. The types of personal information we may collect directly from you include first and last name, email addresses, postal addresses, phone numbers, gender, government ID which may include the foregoing and date and place of birth, information about the type of service required, marketing preferences, employer, employee identification number, job titles, visa details, emergency contact information if provided, credit card payment information, ticket and itinerary details, Internet Protocol address (“IP Address”), transactional information, fare information, frequent flyer/loyalty status information, travel preferences where requested such as seat, meal, special assistance services, smoking status, as well as any communications, inquiries, contact or other information you choose to provide during your use of the Services. There may be instances where such information is recorded via audio for quality assurance purposes, however you will be informed prior to participating in such instances.
When you provide this personal information, we will only use this information for the specific reason for which it is provided.
Information we collect automatically when you visit our Website or Apps or use our Services
We may collect certain information about your use of the Site through the use of tracking technologies or by other passive means. This “passively collected” information includes, but is not limited to, the domain name of the website that allowed you to navigate to the Site, search engines used, the IP address used, the length of time spent on the Site, the pages you looked at on the Site, other websites you visited before and after visiting the Site, the type of internet browser you have, the frequency of your visits to the Site, and other relevant statistics, including the following:
Log Information. When you access the Site, our servers automatically record information that your browser sends whenever you visit a website. These server logs may include information such as your web request, IP address, browser type, browser language, the date and time of your request, and one or more cookies (small text files containing a string of characters) that may uniquely identify your browser.
Links. The Site may include links in a format that enables us to keep track of whether these links have been followed by IP addresses. We use this information to improve the quality of our products and design.
Web Beacons. Web beacons (also known as “pixel tags” or “clear GIFs”) are 1×1 single-pixel graphics that allow us to count the number of users who have visited or accessed the Site and to recognize users by accessing our cookies. We may employ web beacons to facilitate Site administration and navigation, to track the actions of users of the Site, to compile aggregate statistics about Site usage and response rates, and to provide an enhanced online experience for visitors to the Site. We may also include web beacons in HTML-formatted e-mail messages that we send to determine which e-mail messages were opened.
Third Party Tracking. We do not allow third parties to collect personal information about your online activities over time and across different websites when you use the Site.
When you visit our Website, or use our Apps or Services, we may collect certain information automatically from your device. In some countries, including in the European Union this information may be considered Personal Data under applicable data protection laws:
Usage information – We keep track of your activity in relation to the Website, Apps or Services, the configuration of their computers, and performance metrics related to their use of the Website, Apps or Services. For example, when you use our Services, we may collect:
- Traffic data about the communications that take place through our platform (such as calls, team chat, video conferencing, SMS,) to enable us to transmit those communications effectively and efficiently;
- Network Monitoring data to enable us to maintain the security and agility of our internal networks;
- Log data about you when they use the Services, Website or Apps including IP address, Internet Service Provider (“ISP”), browser type, referring/exit pages, the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system, date/time stamp, and/or clickstream data to analyze trends in the aggregate and administer the site;
- Device data about any device including mobile phone number and other information related to mobile devices like operating system and model if you use our Services via our Apps. With respect to other devices information collected by cookies and other similar technologies, we use various technologies to collect information which may include saving cookies to your computers;
- Call Detail Records of data record produced by a telephone call or other telecommunications transactions. The record contains various attributes of the call, such as time, duration, completion status, source number and destination number;
- Meta data, which is data created about other data which can include size, formatting, other characteristics of a data item;
- Emails/Communications with us; and
- Billing data, which includes any payment data.
Cookies and other similar technologies – We use various technologies to collect information which may include cookies when you visit our Website or use our Apps or Services. Please see the Creative Group Cookies Notice for further information.
Information we collect from third parties
We learn information about you when businesses interact with us and use our services, including when someone else provides us information about you (e.g., when our client or a third party (such as an employer, travel agency, global distribution system, travel supplier, etc.) provides us your information in order for us to perform Services for them.
We may collect the names and e-mail addresses of individuals from third parties to market our products/services to these individuals. This collection of information and marketing is always carried out in compliance with applicable law. We only receive this information where we have checked that these third parties either have your consent or these third parties are otherwise legally permitted or required to disclose your personal information to us.
We may receive personal information about you from other sources, including publicly available databases or third parties from whom we have purchased data, and combine this data with information we already have about you, in accordance with applicable laws. This helps us to update, expand and analyze our records, identify new clients, and provide products and services that may be of interest to you.
We may collect personal information about you from other applications you may use if you choose to integrate Creative Group Apps or Services with other Apps or Services.
INFORMATION WE USE
We may use the information we collect from you for a range of purposes, including to:
- Administer, operate, protect, and maintain the Website, Apps or Services;
- Process and complete travel, hotel/hospitality, transportation transactions, and send related information, including transaction confirmations and invoices;
- Meetings and events coordination and execution;
- Client reporting and relationship management;
- Manage and improve your use of the Website, Apps or Services;
- Provision of online and offline support to Clients and End Users;
- Prepare and provide you testimonials regarding the Website, Apps and/or Services;
- To help deliver our Website, Apps, or Services to Clients for service and support;
- Investigate and prevent fraudulent activities, unauthorized access to the Website, Apps or Services, and other illegal activities; and
- For any other purposes about which we notify and receive your consent from you;
- To help personalize your experience and retarget you for advertising purposes;
- Traveler satisfaction surveys;
- Respond to inquiries and requests and to provide you with information and access to resources that you have requested;
- Quality assurance and training purposes;
- Aggregate and analyze your use of the Website, Apps or Services for trend monitoring, marketing advertising purposes; and
- Send you technical alerts, updates, security notifications, and administrative communications.
We and our third-party marketing service providers may also use the information clients send to us for our marketing purposes if this is in accordance with your marketing preferences and applicable law. However, you may opt out of our marketing efforts. For further information, see the “Unsubscribe from our Mailing List” and “Do Not Sell My Personal Information” sections below.
Legal basis for processing personal information (EEA/UK only)
Definitions of certain terms (including but not limited to Data Subject, Personal Data, Processing, Legal Basis, Data Processor, Data Controller) within this notice are defined under Article 4 of the European General Data Protection Regulation 2016/679 (GDPR) which will also apply to UK residents under the UK Data Protection Act of 2018 (UK GDPR) found here: GDPR Definitions.
If you are from the European Union (EU) or United Kingdom, our legal basis for collecting and using your Personal Data described above will depend on the Personal Data concerned and the specific context in which we collect it. This notice provides mandatory information as required under Articles 13 and 14 of the GDPR regarding the transparency of data processing of your Personal Data as the Data Subject.
Creative Group will act as a Data Processor where your employer is our client acting as Data Controller. Under written contract, the Data Controller will pass Personal Data of their employees to Creative Group to manage and process employee travel arrangements in connection with their business. It is this contract which forms the ‘Legal Basis’ for the processing of Personal Data carried out by Creative Group in these circumstances.
Creative Group will become a Data Controller if it collects additional Personal Data directly from you only where we have your consent to do so, and where we need the Personal Data to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect the Personal Data in question.
If we ask you to provide Personal Data to comply with a legal requirement or enter into a contract with you, we will make this clear at the relevant time and advise you whether the provision of your Personal Data is mandatory or not (as well as of the possible consequences if you do not provide your Personal Data).
Similarly, if we collect and use your Personal Data in reliance on our or a third party’s legitimate interests and those interests are not already listed above (see “Information We Use” section), we will make clear to you at the relevant time what those legitimate interests are.
Creative Group acts as a Data Controller for any Personal Data held regarding its own employees, and legally processes this data under its Contract of Employment with those Data Subjects.
If you have questions about or need further information concerning the legal basis on which we collect and use your Personal Data, please contact us using the contact details provided under the “Contact Us” section below.
SHARING AND DISCLOSURE OF INFORMATION TO THIRD PARTIES
To fulfill the travel arrangements on your behalf, it will in most cases be necessary to process personal information via a third party (these will include but are not limited to airlines, hotels, car hire companies, and visa or passport companies). Personal information shall only be transferred to, or processed by, third party companies where such companies are necessary for the fulfillment of the travel arrangements.
We may share and disclose your information that we collect with the following third parties for the purposes of providing you travel management services:
- Creative Group or any of its affiliates consistent with this Notice for data processing;
- Business partners, contractors, travel suppliers, vendors, and authorized third party agents, to:
- Operate, deliver, improve, and customize our Services including but not limited to:
- Airlines, hotels, property rental companies, transportation services
- Online Booking Tools (OBTs) if contracted to utilize with our Clients
- Global Distribution Systems (GDSs)
- Card payment companies
- Duty of Care providers
- Provide support and technical services;
- Send marketing and other operational communications related to our Services;
- Enforce our acceptable use policy;
- Law enforcement agencies, regulatory or governmental bodies, or other third parties in order to respond to legal process, comply with any legal obligation; protect or defend our rights, interests, or property or that of third parties; prevent or investigate wrongdoing in connection with the Website, Apps, or our Services;
- Any third parties in connection with prospective or actual, sale, merger, acquisition, financing, or reorganization of our business.
- Operate, deliver, improve, and customize our Services including but not limited to:
For EU/UK persons only:
Personal Data shall not be transferred to a country or territory outside the EU or UK unless the transfer is made to a country or territory recognized by the EU or UK as having an adequate level of data security, or is made with the consent of the Data Subject, or is made to satisfy the Legitimate Interest of Creative Group in regard to its contractual arrangements with its Clients.
All internal group transfers of Personal Data shall be subject to written agreements under the Company’s Intra Group Data Transfer Agreement (IGDTA) for internal data transfers which are based on Standard Contractual Clauses recognized by the European Data Protection Authority.
YOUR PRIVACY RIGHTS/UNSUBSCRIBE FROM OUR MAILING LIST
Update and access to your information
Where we process personal information collected via our Website or Apps or via our Services for our own account management, billing, or marketing purposes, we provide individuals with the opportunity to access, review, modify, and delete any such personal information that we process as required by the applicable law of your residence.
Unsubscribe from our mailing list
You may at any time ask us to remove you from our mailing list by clicking “Unsubscribe” in any e-mail communications or push notification we send you, or by emailing Privacy@creativegroupinc.com to submit a request. We will remove you from our mailing list in accordance with applicable laws.
Your Privacy Rights as an EU/UK Person
In addition, if you are from the EU or UK, you may have broader rights to access and delete your Personal Data, to object to or restrict processing of your Personal Data, or request portability of your personal information.
To make such requests, you can send an email to Privacy@creativegroupinc.com or write to us at the mailing address in the “Contact Us” section below. We will consider and handle all requests in accordance with applicable laws.
If we have collected and processed your Personal Data with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your Personal Data conducted in reliance on lawful processing grounds other than consent.
You also have the right to complain to your local data protection authority at any time. In general, when processing Personal Data to provide our Services, we do so only on behalf of our EU/UK Clients and in accordance with their instructions. This means that if you wish to access, review, modify or delete any Personal Data we process on behalf of a Creative Group client, under applicable EU/UK law or otherwise, you should contact that Client with your request. We will then help them to fulfill that request in accordance with their instructions.
Your Privacy Rights as a Resident in CA, CO, CT, UT, and VA (United States Only).
If you are a resident of California, Colorado, Connecticut, Utah, or Virginia, you may have certain rights under the applicable states’ comprehensive data privacy laws (including but not limited to, the CCPA, CPRA, SB 190, SB6, SB227, and SB1392. In some states, you need not be physically present in the states listed above to exercise these rights, provided that you have a current residence in the aforementioned states, subject to certain limitations and applicability.
Rights to Access and Data Portability:
You have the right to request that we disclose certain information to you about the collection and use of your personal information over the preceding twelve (12) months. Once we receive and confirm your verifiable consumer request, we will disclose to you:
(1) information identifying each third-party company to whom we may have disclosed, within the past year, personal information pertaining to you for our direct marketing purposes;
(2) a description of the categories of personal information disclosed with third parties;
(3) our business or commercial purposes for collecting or selling that personal information;
(4) the specific pieces of personal information we collected about you (also known as a data portability request);
(5) if we sold or disclosed your personal information for a business or commercial purpose, two separate lists disclosing (a) sales, identifying the categories that each category of recipient purchased; (b) disclosures for a business purpose, identifying the categories that each category of recipient obtained.
Right to Request Deletion or Data Correction:
You have the right to request that we delete or correct any of the personal information we collected from you and retained, subject to certain exceptions.
We may deny your deletion or correction request if retaining the information is necessary for us or our service providers to:
- Complete transaction for which we collected the personal information, provide the service you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise reasonably perform our contract with you or on behalf of you for our Clients;
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.);
- Comply with a legal or regulatory obligation;
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such acts;
- Debug products and software to identify and repair errors that impair existing intended functionality;
- Enable solely internal uses that are reasonably aligned with consumer expectations based on our dealings and your relationship with us;
- Make other internal and lawful uses of that information which are compatible with the context that you provided said information.
If you are a resident of CA, CO, CT, UT, or VA who qualifies to receive such an accounting or would like to exercise a correction, deletion, or data portability request, please email CCPAinquiries@creativegroupinc.com, or contact us at (888) 236-2800, and we will contact you within ten (10) days of such request to verify your identity and eligibility.
Please note that, in order to better safeguard your privacy and the privacy of others, we may (to the extent permitted — and/or required — by applicable law/regulation) ask you to provide additional information to verify your identity and/or residency before processing any data-related requests. We strive to respond to a verifiable consumer request in a prompt manner. If we require additional time, we will inform you of the reason and extension period in writing. Any disclosures we provide will only cover the 12-month period preceding a verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests and for compliance with state privacy laws, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance, specifically by electronic mail communication.
There is no charge for making privacy-related requests or responding to your verifiable consumer requests unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will inform you of our decision and why, and provide you with a cost estimate for you to consent to before completing your request.
Click the above to submit a request as a resident under the CCPA, CPRA, SB 190, SB6, SB227, and SB1392.
This Notice does not apply to, nor are we responsible for, the privacy, information, or other practices of any third parties, including any third party operating any site or service to which the Website links including but not limited to social media sites. The inclusion of a link on the Website does not imply our endorsement of the linked site or service. You should check the privacy notices of those sites before providing your personal information to them.
Keeping your information secure is important to us. We maintain a variety of appropriate technical and organizational safeguards to protect your personal information both during transmission and once it is received. Creative Group has no control over or responsibility for the security or privacy policies or practices of other sites on the Internet you might visit, interact with, or from which you might buy products or Services, even if you visit them using links from our Website.
Please note that no website, mobile app, or service is completely secure and so, while we endeavor to protect our Clients’ information using the measures described above, we cannot guarantee that unauthorized access, hacking, data loss or a data breach will not occur.
DATA PROTECTION PRINCIPLES
For EU and UK Data Subjects, Creative Group has adopted the following principles to govern its collection and processing of Personal Data:
- Personal Data shall be processed lawfully, fairly, and in a transparent manner.
- The Personal Data collected will only be those specifically required to fulfill travel, accommodation, or other travel-related requirements. Such data may be collected directly from the Data Subject or provided to Creative Group via his /her employer or a contracted relationship on behalf of such Data Subject. Such data will only be processed for that purpose.
- Personal Data shall only be retained for as long as it is required to fulfill contractual requirements, or to provide statistics to our client.
- Personal Data shall be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are collected and/or processed. Personal Data shall be accurate and, where necessary, kept up to date.
- The Data Subject has the right to request from Creative Group access to and rectification or erasure of their Personal Data, to object to or request restriction of processing concerning the data, or to the right to data portability. In each case such a request must be put in writing and sent to GDPRInquiries@dt.com.
- Personal Data shall only be processed based on the legal basis as explained above, except where such interests are overridden by the fundamental rights and freedoms of the Data Subject which will always take precedent. If the Data Subject has provided specific additional consent to the processing, then such consent may be withdrawn at any time (but may then result in an inability to fulfil travel requirements).
- Creative Group will not use Personal Data for any monitoring or profiling activity or process, and will not adopt any automated decision making processes.
- The Data Subject has the right to make a complaint directly to a supervisory authority within their own country. Creative Group’s Data Protection compliance is supervised by:
200 N. Martingale Rd. Suite 600
Schaumburg, IL 60173
We will retain your personal information/Personal Data for no longer than is necessary to fulfill the purposes for which the information was originally collected unless a longer retention period is required or permitted by law, for legal, tax or regulatory reasons, or other legitimate and lawful business purposes.
Where we have no ongoing legitimate business need to process your personal information/Personal Data, we will either delete, aggregate, or otherwise anonymize it.
INTERNATIONAL DATA TRANSFERS
Your personal information/Personal Data may be transferred to, and processed in, countries other than the country in which you are resident. Specifically, information collected outside the United States, including in the EU may be transferred to and stored on our servers in the United States, Canada, and potentially in other countries where our group of companies and third-party service providers and partners operate. These countries may have data protection laws that are different to the laws in your country (and in some cases, may not be as protective).
However, we have taken appropriate safeguards to ensure that your personal information will remain protected in accordance with this Notice and applicable laws. For example, with respect to personal information originating from the EU, UK, and Switzerland, Creative Group has self-certified to the EU-U.S. Data Privacy Framework, Swiss-U.S. Data Privacy Framework, and UK Extension to the EU-U.S. Data Privacy Framework which can be verified here.
Under certain conditions, more fully described on the Data Privacy Framework website, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
EU-US/Swiss-US and UK Extension to the EU-US Data Privacy Frameworks
In compliance with the Data Privacy Framework, Creative Group commits to resolve complaints about our collection or use of your Personal Data. EU, UK, and Swiss individuals with inquiries or complaints regarding our Data Privacy Framework policy should first contact Creative Group at:
200 N. Martingale Rd. Suite 600
Schaumburg, IL 60173
Creative Group has further committed to cooperate with the panel established by the EU data protection authorities (DPAs), the Swiss Federal Data Protection and Information Commissioner (FDPIC) and the UK Information Commissioners Office (ICO) with regard to unresolved Data Privacy Framework complaints concerning data transferred from the EU, Switzerland, and UK.
Creative Group complies with the EU-US Data Privacy Framework, the Swiss-US Data Privacy Framework, and the UK Extension to the EU-US Data Privacy Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of Personal Data transferred from the European Union and Switzerland to the United States, respectively.
Creative Group commits to all Personal Data transferred from the EU, Switzerland, and UK to the US to be subject to the principles of the Data Privacy Framework. Creative Group only receives Personal Data for the purpose of arranging travel-related services, and will not use this data for any other purpose. The types of Personal Data collected may include mandatory items such as passport data, contact information, and methods of payment. This list is not exhaustive. That Personal Data will at all times be kept secure, and Creative Group will take responsibility and appropriate measures to protect it from loss, misuse and unauthorized access, disclosure, alteration, and destruction.
Personal Data will only be onward transferred to third parties who are directly involved in fulfillment of travel arrangements for our travelers, and for that specific purpose only. These will include (but are not limited to) airlines, hotels, and global distribution systems. This data will be kept securely by the third party. Creative Group commits to fully comply and be liable with the ‘Accountability for Onward Transfer’ Principal in the Data Privacy Framework in as far as the Personal Data transfer applies as required by applicable law.
Individuals have the right to access their own Personal Data with the ability to have that data corrected or deleted, or limiting its use or its disclosure. An individual may also elect not to have their Personal Data transferred to one or more third parties, or processed for a specific purpose, but it may severely limit or prevent travel arrangements being made on their behalf in such circumstance. That application must be made in writing to the address above.
Creative Group acknowledges the investigatory and enforcement powers of the Department of Transportation (DoT), or any other US authorized statutory body in relation to the Data Privacy Framework, and the requirements to disclose Personal Data in response to a lawful request by any public authority, or to meet national security or law enforcement requirements in the United States. Creative Group commits to making public any order from the DoT or a court relating to any non-conformance to the principles of the Data Privacy Framework.
Creative Group will utilize the external services of the UK Information Commissioner’s Office, Swiss Federal Data Protection and Information Commissioner’s Office, or EU Data Protection Authorities for free dispute resolution arising from the processing of Personal Data under the Data Privacy Framework. It may be possible for an individual to invoke binding arbitration in certain circumstances if agreed with the Commissioner’s Office.
Creative Group will conduct internal audits to ensure that the policy statements made above remain true and accurate, and that they have been implemented in accordance to the Data Privacy Framework.
Children are not eligible to use our Websites, Apps or Services, and we ask that minors (children under the age of 18) not submit any personal information to us. If you are a minor, you may use the Site only in conjunction with your parents or guardians.
UPDATES TO THIS NOTICE
We may update this Notice from time to time in response to changing legal, technical, or business developments. If we change our Notice, we will post those changes on this page in addition to updating the “Last Updated” date at the top of this webpage. If we make changes, we will notify you more directly, for example by posting a notification or message on the Website or by emailing you prior to such changes taking effect. We encourage you to review this Notice regularly to stay informed of the latest modifications.
Attn: Legal Team
200 N. Martingale Rd. Suite 600
Schaumburg, IL 60173