Meili Travel
(“Meili”) is a technology platform that provides you with access to car rental content
from the top car rental suppliers. Meili is respects your right to privacy and
complies with our obligations under relevant data protection legislation
including the General Data Protection Regulation (EU) 2016/679 (“GDPR”).
The purpose of this
Privacy Policy (“Policy”) is to outline how we process personal data, including
special categories of data and the basis on which personal data is obtained
from you or collected about you from third parties. We do not knowingly attempt
to solicit or receive information from children.
We take great care
with any personal data we hold, so that we provide the highest standard of
service to you, whilst taking steps to keep your data secure and to ensure it
is only used for the specified, explicit and
legitimate purposes stated within this Policy.
Unless otherwise
stated, the controller (as defined in the GDPR) of your personal data for all
purposes outlined in this Policy is Meili. We can be contacted by post at 1
Grant's Row, Lower Mount Street, Dublin 2, Dublin, D02HX96, Ireland by email at
dataprotection@meili.travel. If you have any
queries about our processing activities, or if you wish to enact a rights
request, please contact our Data Protection Team. Their contact details are
below:
Data Protection Team,
Meili Travel Technology, 1 Grant's Row, Lower Mount Street, Dublin 2, Dublin,
D02HX96. Email: dataprotection@meili.travel
We, our, us, Meili
refers to Meili Travel Technology Limited. Meili is a private company limited
by shares incorporated in Ireland with company number 685899 and having its
registered office at 1 Grant's Row, Lower Mount Street, Dublin 2, Dublin,
D02HX96.
We collect information
from you when you access our meili.travel technology platform and when you
input data to select a car rental booking. We will only collect information
that is adequate, relevant and limited to what is necessary in relation to the
purposes identified within this Policy.
The table below outlines
the categories and types of data we collect along with the source of the data.
The types of data we collect may change over time; the following table is an
indicative list to help you understand the types of data we collect.
|
Data
Category |
Data Type |
Where we
collect the data from |
|
Technical details |
IP Address,
Residency |
Directly from you
when you use the Meili Platform. |
|
Personal Details |
Age, name,
address, email address |
Directly from you
when you use the Meili platform to select a rental car. |
The following section provides more detail on the purposes for which we
process your personal data and the legal basis by which we do this.
|
Purpose /
Activity |
Legal
Basis for processing |
|
Technical Details |
Legitimate
Interest |
|
Personal Details |
Performance of a
contract |
We will only use your
personal data for the purposes for which we collected it, unless we reasonably
consider that we need to use it for another reason and that reason is
compatible with the original purpose. If you wish to get an explanation as to
how the processing for the new purpose is compatible with the original purpose,
please contact our data protection team at the contact details listed in
Section 1 of this Policy.
If we need to use your
personal data for an unrelated purpose, we will notify you and we will explain
the legal basis which allows us to do so. Please note that we may process your
personal data without your knowledge or consent, in compliance with this
Policy, where this is required or permitted by law.
You can choose not to
give us personal information; however, this may have an
effect on you. We may need to collect personal information by law, or to
enter into or fulfil a contract we have with you. If
you choose not to give us this personal information, it may delay or prevent us
from fulfilling our contract with you or doing what we must do by law.
We may share your
personal data with outside organisations, below is a list of the categories of
recipients of organisations we share your personal data with:
Our Representatives
Our employees, agents and
contractors including companies that provide services in relation to
telecommunications and postage, data storage, document production and
destruction, IT, and IT security, making and receiving payments, data analysis
and management information, risk analysis, complaints handling, marketing and market
research.
Government, Statutory and
Regulatory Bodies
State regulators and
authorities such as the Data Protection Commission and the Revenue
Commissioners; Law Enforcement Agencies such as An
Garda Síochána & The Criminal Assets Bureau.
We may also disclose your
personal data to the following recipients or categories of recipients:
•
In the event that we sell or buy any
business or assets, in which case we may disclose your personal data to the
prospective seller or buyer of such business or assets.
•
If Meili or substantially all of its business or
assets are acquired or transferred to a third party whether in the event of a
merger, reorganisation, transfer of undertakings, receivership, liquidation or
other winding up or any other similar circumstances, in which case personal
data held by it about its customers will be one of the transferred assets.
•
If we are under a duty to disclose or share your
personal data in order to comply with any law, legal obligation or court order,
or in order to enforce rights under the GDPR or other agreements.
•
To protect our rights, property or safety, our
customers, or others. This includes exchanging information with other companies
and organisations for the maintenance and security of the site and services.
We do not currently process any special categories of personal data.
We may contact you by email for the following purposes:
•
to
send you a booking confirmation email.
Meili does not undertake automated individual decision making for
information obtained from you.
We will only retain your
personal data for as long as necessary to fulfil the purposes we collected it
for, including for the purposes of satisfying any legal, accounting, or
reporting requirements. This means that the period of time
for which we store your personal data may depend on the type of data we hold.
To determine the appropriate retention period for personal data, we consider
the amount, nature and sensitivity of the personal data, the potential risk of
harm from unauthorised use or disclosure of your personal data, the purposes
for which we process your personal data and whether we can achieve those
purposes through other means, and the applicable legal requirements.
You have the right to
have Meili correct any inaccurate personal data we have collected about you.
You also have the right to have incomplete personal data completed; you may
provide us with supplementary information to do this. To do so, please contact
our Data Protection team at: dataprotection@meili.travel
In certain instances, you
have the right to have Meili erase the personal data we have collected about
you. Your right of erasure will apply in the following circumstances:
•
We no longer need the data for the purpose that it
was originally collected;
•
You withdraw your consent;
•
You object to the processing and the organisation
has no overriding legitimate interest in the data;
•
We have collected the data unlawfully; or
•
The data must be erased to comply with a legal
obligation.
This right will not apply
where we are required to process personal data in certain circumstances
including the following:
•
For exercising the right to freedom of expression;
•
For compliance with a legal obligation, such as the
performance of a contract or compliance with certain legislation;
•
For the performance of a public interest task or
exercise of official authority;
•
For health purposes in the public interest;
•
For archiving purposes in the public interest,
scientific or historical research, or statistical purposes; or
•
For the establishment, exercise
or defence of legal claims.
To exercise this right,
please contact our data protection team at the contact details listed in
Section 1 of this Policy.
You have the right to
object to the processing of your personal data at any time:
•
For direct marketing purposes;
•
For profiling to the extent
it relates to direct marketing; or
•
Where we process your personal data for the purposes
of legitimate interests pursued by us, except where we can demonstrate
compelling legitimate grounds for this processing which would override your
interests, rights and freedoms or in connection with
the enforcement or defence of a legal claim.
Should this occur, we
will no longer process your personal data for these purposes unless doing so is
justified by a compelling legitimate ground as described above.
To exercise your right to
object, please contact our data protection team at the contact details listed
in Section 1 of this Policy.
NOTE: We will use all
reasonable efforts to communicate the fact that you have exercised your right
to rectification or erasure of personal data or restriction of processing in
accordance with these rights outlined above, to each recipient to whom your
personal data has been disclosed in accordance with this Policy, unless this
proves impossible or involves disproportionate effort.
You have the right to
have Meili restrict the processing of your personal data where one of the
following applies:
•
You contest the accuracy of the personal data (we
will restrict the processing of the personal data until we verify the accuracy
of the personal data);
•
The processing is unlawful
and you oppose the erasure of your personal data;
•
Meili no longer requires the personal data for the
purposes of the processing but the data is required by
you for the establishment, exercise or defence of legal claims; or
•
You object to the processing of the personal data as
outlined in Section 9.c above (we will restrict the processing of the personal
data while we verify our legitimate grounds for the processing which may
override your interests, rights and freedoms).
Where you have restricted
the processing of your personal data, we will continue to store your personal
data but will only process it with your consent or for the establishment, exercise or
defence of legal claims or for the protection of
the rights of other people or for reasons of important public interest or other
non-restricted purposes.
You have the right to
obtain from us information on the personal data we hold on
you including the following:
•
Purposes of the processing.
•
Type of personal data held.
•
Categories of recipients of the personal data.
•
Information on how long the data will be stored.
•
If automated individual decision making, including
profiling, takes place, as well as information on the logic involved and
consequences of this.
•
If data is not collected directly from you,
information on the source of the data.
•
The existence of the right to request from us
rectification or erasure of your personal data or restriction of processing of
your personal data or to object to such processing.
•
The right to lodge a complaint with the Data
Protection Commission.
Any such request should
be submitted in writing and sent for the attention of the data protection team
at the contact details listed in Section 1 of this Policy. We will need to
verify your identity in such circumstances and may request more information or
clarifications from you if needed to help us locate and provide you with the
personal data requested. There is usually no charge applied to access your
personal data (or to exercise any of the other rights). However, if your
request is clearly unfounded, repetitive or excessive,
we may charge a reasonable fee. Alternatively, we may refuse to comply with
your request in these circumstances.
You have the right to
receive personal data concerning you which you have provided to us in a
structured, commonly used and machine-readable format.
You also have the right to provide this data to another controller or have Meili
transmit this data to another controller on your behalf, where technically
feasible. This applies to automated data only to the extent provided by you to
us. This right to portability is limited to the following situations.
•
Where the processing is based on the legal basis of
consent; and/or
•
Where the processing is based on the legal basis of entering into
or performance of a contract
Where we are processing
your personal data on the legal basis of consent, you are entitled to withdraw
your consent at any time. We rely on your consent for marketing activities
only. It is your choice to receive these communications and you have the right
to withdraw your consent at any time. This does not affect the legality of the
processing which took place when we had your consent. For further information
on our marketing activities and how to stop receiving marketing communications,
please see Section 10.
Please note if you
withdraw your consent, we will no longer send direct marketing communications
to you.
If you are not satisfied
with our use of your personal data or our response to any request by you to
exercise any of your rights in Section 9, then you have the right to complain
to the Data Protection Commission (DPC). Please see below for contact details
of the DPC.
The Data Protection
Commissioner, 21 Fitzwilliam Square South, Dublin 2 D02 RD28.
Phone: 01 7650100 /
1800437 737
For marketing purposes,
we may contact you via email, post, SMS and phone.
For non-customers we rely
on consent to contact you for marketing. Consent will always be provided in the
form of a clear opt-in. You have the right to withdraw your consent at any time
using the contact details listed in section 1.
For existing or past
customers, we rely on legitimate interest (to develop and grow our business) to
contact you for marketing. We will always provide you with the option to
opt-out at the point of data collection. Additionally, you can use the contact
details listed in section 1 to opt-out of receiving future marketing
communications.
All emails and texts will
contain a link to unsubscribe or opt-out of future marketing communications
from Meili.
Some of our suppliers who
provide us with services such as IT security or data hosting services may
process your personal data such as identity and policy data outside the
European Economic Area (“EEA”) where privacy laws may not be as protective as
those in your jurisdiction. There are special requirements set out under
Chapter V of the GDPR to regulate such data transfers and ensure that adequate
security measures are in place to safeguard and maintain the integrity of your
personal data on transfer.
Where we transfer your
personal data outside the EEA to our suppliers, we will make sure that it is
protected to the same extent as in the EEA and we will use at least one of the
following safeguards:
•
Transfer it to a non-EEA country with privacy laws
that give the same protection as the EEA.
•
Put in place a contract with the recipient that
means they must protect it to the same standards as the EEA.
•
Transfer it to organisations that are compliant with
the EU/US Privacy Shield. This is a framework that sets privacy standards for
data sent between the US and EU countries. It makes sure those standards are similar to
those used and expected within the EEA.
For further details on our use of cookies, please refer to our Cookie Policy.
Meili will take all steps
reasonably necessary to ensure that your personal data is treated securely and
in accordance with this Policy. We will use all reasonable efforts to put in
place security measures to prevent your personal data from being accidentally lost,
used or accessed in an unauthorised way, altered or
disclosed. In addition, we limit access to your personal data to those
employees, agents, contractors, other recipients and other third parties who
have a business need to know. They will only process your personal data on our instructions,
and they are subject to a duty of confidentiality.
Unfortunately, the
transmission of information via the internet is not completely secure. Although
we will do our best to protect your personal data, we cannot guarantee the
security of your data transmitted to our website; any transmission is at your
own risk. Once we have received your information, we will use reasonable
procedures and security features to try to prevent unauthorised access. We have
put in place procedures to deal with any suspected personal data breach and
will notify you and any applicable regulator of a breach where we are legally
required to do so.
Any changes to this
Privacy Policy will be posted on this website so you are always aware of what
information we collect, how we use it, and under what circumstances, if any, we
disclose it.
Contact us. If you have
any questions or complaints relating to this Policy, please contact us at:
Data Protection Team, Meili
Travel Technology, 1 Grant's Row, Lower Mount Street, Dublin 2, Dublin, D02HX96.
Email: dataprotection@meili.travel