Article 8 and 9(1) and (2) of the General Data Protection Regulation ("GDPR") requires parental or guardian consent for the use of sensitive personal data of any person under the age of 16.
As per General Data Protection Regulation, we require your explicit consent for access and use of following sensitive personal data belonging to person of whom you have parental or guardian responsibility :
Information on allergies, dietary requirements, disability or other relevant health information
Abovementioned Sensitive Personal Data will be processed in order to fulfil our and the data subject's legitimate interests (Article 6(1)(f) GDPR) and for the provision to the data subject of following services:
- Making accommodation or hotel arrangements
- Making transportation arrangements
- Making restaurant arrangements or other food arrangements
- Making other services arrangements
- Supporting the data subject with the tours or with preparations for the tours
- Managing the itinerary or the preparation of the itinerary
- Considering, entering into or performing contracts or other relationship
- Responding to queries or requirements
- Emergency scenario (accident, fire, injury, health and safety, etc.) follow-up
JTB processes personal data of the data subject in its interest as well as interest of the data subject, so JTB provides and the data subject receives the travel related services that you (and/or) the data subject have requested and other related services specified in the above.
We keep personal data as long as there is a statutory or legal requirement to do so or in order to provide the aforementioned services to the data subject. For accounting or auditing purposes we may retain personal data for a period of time after our direct business dealings have ended.
We may share personal data of the data subject with JTB group companies as well as with other companies which may be located within or outside the EEA and provide travel and business process services related to the provision of the services indicated above, for example: airlines, hotels, accommodations, transportations, restaurants, tour operators, travel agencies and other service providers (including service providers for JTB). Where a company is located outside the EEA, we will arrange adequate safeguards such as Binding Corporate Rules or Standard Contact Clause arrangement or transfer personal data of the data subject based on appropriate legal basis.