At Goelett, we understand the needs of privacy and safety. We consider our travelers’ trust as one of our most valuable assets. Therefore, we want to do the utmost for your data to ensure it’s safe with us.
This document describes how we collect and use the data concerning the use of our services. We keep it simple and easy to understand, as our company has been built on openness and our services on trust. Here you will also find our contact information in case you would need any further assistance.
Goelett Sp. z o.o and their local subsidiaries provide business process outsourcing services in the areas of travel management using modern technology solutions.
Our travel management services allow the client to use our web pages, mobile applications, call center, integrated partner applications, instant messaging and social media platforms. This policy applies to all the platforms you can use to get access to our services and all the data we collect using those platforms.
This policy may change when the applicable legislation changes or if we decide to extend our services. Please visit this page regularly to be kept up-to-date.
If you do not agree with this Privacy Policy, we kindly advise you to stop using our services.
Depending on the services you or your employer has selected, we collect some specific information about you.
To provide you with the best available accommodation, flight or rail ticket we need to know certain things about you, like your first name, last name, ID document number, contact details, other travelers’ data; sometimes also your date of birth can be asked, in order to process the booking.
Use of our services does not always require users to fill in or upload sensitive personal data. In order to avoid unnecessary exposure, we ask you to make sure that sensitive personal data are not filled in or uploaded to your account (intentionally or accidentally) in any form as photos, notes or other if it is not necessary.
When you use our services we also collect certain information automatically like your IP address, browser type and version or mobile device data and local settings, e.g. language; activity on our website, including the pages you visited and searches you made.
If you use a third party payment provider, if you link your profile with social media or instant messaging profile or if you use our platform via third party integrated software we can collect information from those sources.
All our accommodation and transport services providers may also share with us information about you and your trip.
We need our users and travelers’ data to provide our services to them: searching for hotels and rates available, booking rooms or tickets, or any other service we provide and to improve our services for our clients.
We also use your contact information to inform you about any changes to trip itineraries, any actions waiting for you in the system or any new features and services available.
Personal data is gathered for a specific purpose and stored also for a specific purpose. The overall rule we apply is that we will delete all the data within 6 months after the end of the year when the data is no longer needed for any purpose.
Please be aware that there are various purposes for which we gather and later process your personal data. We take into consideration all those purposes and have defined a data retention period for each category of the personal data.
Why do we put the deadline on 6 months after the end of the year of termination of the purpose? Because, even though we regularly delete the data that is not needed anymore from our system, this deleted data may stay in the system or the infrastructure logs and backups for the security purposes. These logs and backups are deleted within a period of 6 months.
Goelett provides users with the platform that gives you access to multiple different service providers e.g. hotels, airlines, rail companies, financial institutions. We need to share your data with them for the purpose of managing your expenses or your trip bookings.
We may share your information with any other company within our group for the purposes stated in this privacy policy. We may also share it with carefully selected partners, hired consultants or vendors working on our behalf, in line with all EU regulations.
Of course, we might have to share the information with the competent authorities if the applicable legislation so requires.
Our website(s) and/or web and mobile application include links to third party sites. Goelett does not control these third-party sites, and we encourage you to read the privacy policy of every site you visit.
We mainly process your personal data within the European Economic Area (EEA). Being the data processor, Goelett relies on a limited number of sub-processors to perform well-defined elements of its services. Some of these sub-processors may be located outside of the EEA. They have been selected carefully and all have adequate privacy guarantees in place.
We use appropriate technical and operational measures (e.g. data encryption, security audits, hashing, etc.) to secure information collected by Goelett to be compliant with all applicable regulations regarding personal data protection and our contractual obligations. We built our information security based on the ISO 27001 standard.
When providing our services, we only engage subcontractors, parent or subsidiary companies which adhere to equivalent rules on the protection of personal data in line with EU regulations.
Goelett services are meant to be used by adult users. Underage persons’ data will be collected only with parents / legal guardians’ permission.
You have a right to review the information we collect about you. It is available in your profile and you can always ask for a proper data record by emailing us.
You can always contact us if you believe that we are no longer entitled to use your personal data, or if you have any other questions about how your personal information is used. Please email or write to us using the contact details below. We will handle your request in accordance with all applicable EU & national data protection laws.
Contact: privacy@goelett.com
Goelett Sp. z o.o., al. Jerozolimskie 180, 02-486 Warsaw, Poland
We have appointed a Data Protection Officer: Karolina Salska
in case of any request related to data privacy you might reach our DPO or local point of contact by e-mail: privacy@goelett.com.
From time to time we may change our privacy practices. We will notify you or your employer of any changes to this Policy as required by law. We will also post an updated copy on our website. It will have a different date and version number from the one set out below. Please check our site periodically for updates.
In common with many online businesses, we use cookies. Cookies and other tracking technologies can be used on our websites and apps in various ways, such as to analyse traffic or to offer a better personal experience. Those technologies are either used by us directly, or by our business partners, including third party service providers and advertisers we work with. If you want to learn more about what a cookie is and how they are used read more below.
Goelett needs a set of data to perform their services for you i.e. your first name, last name, e-mail address, sometimes date of birth, and payment methods. We also encourage you to provide us with contact details, document details, loyalty cards and the information about your special rates and benefit programs you want to use, as well as your trip preferences.
According to the contract between Goelett and your employer or travel management company (TMC) that serves you, your employer or a TMC can provide part or all of this information.
All contacts with Goelett’s platform or with its Customer Service via phone, e-mail, chat, messaging platform or any other channel will be a source of information about you and your preferences. We collect all the communication between you and Goelett as well as automatically registered data about your contacts with the Goelett platform and services like IP address, web browser used, device used, and localisation or language settings, third party applications you use to contact us.
For the purpose of administration and maintenance works, we collect logs of operations on the Goelett platform especially all incidents and technical errors that might occur. We might also use collected user operations data to prevent fraud and misuse of our services.
We might also ask you for an opinion about our services or your trip to help us understand your needs and provide better services for you and other our clients.
We receive personal data about you from business partners that distribute our services by way of a co-branded or private-labeled website, business partners that offer their products and/or services via our services, or business partners that provide services in connection with our services (e.g. payment processing services).
Goelett services are available through our own platforms and applications and through integrated third party software web pages, online booking tools, instant messaging systems, social media platforms. We will collect information about travellers and users provided by integrated third party software to perform and improve our services.
Goelett is also integrated with multiple services providers, with hotels, airlines, travel management companies, rail operators, financial institutions, security services etc. Those third parties take part in whole trip management service and share the data about the trip with the Goelett platform, which manages it all.
Goelett needs a set of data to perform their services for you i.e. your first name, last name, e-mail address, sometimes date of birth, and payment methods. We also encourage you to provide us with contact details, document details, loyalty cards and the information about your special rates and benefit programs you want to use, as well as your trip preferences.
According to the contract between Goelett and your employer or travel management company (TMC) that serves you, your employer or a TMC can provide part or all of this information.
All contacts with Goelett’s platform or with its Customer Service via phone, e-mail, chat, messaging platform or any other channel will be a source of information about you and your preferences. We collect all the communication between you and Goelett as well as automatically registered data about your contacts with the Goelett platform and services like IP address, web browser used, device used, and localisation or language settings, third party applications you use to contact us.
For the purpose of administration and maintenance works, we collect logs of operations on the Goelett platform especially all incidents and technical errors that might occur. We might also use collected user operations data to prevent fraud and misuse of our services.
We might also ask you for an opinion about our services or your trip to help us understand your needs and provide better services for you and other our clients.
We receive personal data about you from business partners that distribute our services by way of a co-branded or private-labeled website, business partners that offer their products and/or services via our services, or business partners that provide services in connection with our services (e.g. payment processing services).
Goelett services are available through our own platforms and applications and through integrated third party software web pages, online booking tools, instant messaging systems, social media platforms. We will collect information about travellers and users provided by integrated third party software to perform and improve our services.
Goelett is also integrated with multiple services providers, with hotels, airlines, travel management companies, rail operators, financial institutions, security services etc. Those third parties take part in whole trip management service and share the data about the trip with the Goelett platform, which manages it all.
We use the information collected about users and travellers for providing and improving the travel management services we offer. We can use it for:
1. Booking trips: this is the most important reason for collecting your data when you are using the travel module. It is necessary to properly search for, book and later on manage your trip (book hotel, issue air or rail ticket). This is our core business and purpose. Additionally we offer other services of our partners connected with travelling i.e. fulfilling payments, providing additional support, monitoring your safety.
2. Customer service: we offer you 24/7 support in multiple languages. Availability of your data is necessary to help you if you need it. We can provide various support services such as helping you with the booking, resolving issues with the Goelett platform, supporting you in communication with hotel etc.
3. Providing user access: the Goelett platform and applications requires proper authentication and authorization. Your data is used to manage the user account on our platform. Using the account, you can manage your reservations, set up your profile, manage your company or TMC and use all other features of the system.
4. Marketing: we use your data for marketing and training purposes:
a. We use contact data to send information about products and services.
b. We use collected data to personalise search results in the Goelett platform and applications and to recognize you when you visit or return to our website, so we can show you ads or other content tailored to your preferences;
c. In case of participations in any promotion events and loyalty programs, we use your data to manage those events.
5. Communication with users and travellers: we might contact you using phone, e-mail, SMS or an instant messaging platform. We collect the communication between you and us and we will use your data to:
a. Recognize you when you contact us or enter the Goelett platform or application
b. Solve all the issues raised by you or services providers
c. Notify and remind you about all the tasks and actions you might be interested on the platform.
d. Ask you for an opinion.
e. Send you vouchers, trip itineraries, summaries of your trips.
f. Send you important alert.
6. Market analysis: We can use anonymized data for the analysis of the market. Non-anonymized data or opinions can be collected only if you will agree.
7. Misuse detection: Data collected allows us to monitor user behaviour and detect misuse of our services or applications, frauds and other potentially dangerous actions.
8. Service improvement: Data analysis is used to improve our services, to understand our client needs, negotiating with our providers, improving usability of our applications and eliminating problems and issues.
9. Service monitoring: All technical components of the Goelett platform and integrated applications collect user operations logs, errors and technical alerts for the purpose of system administration and maintenance.
10. Legal needs: if some cases your data can be used to solve any legal dispute or administrative proceeding.
We collect and process your personal data based on:
1. Contractual obligations: using your data is necessary to fulfil contract between you and us or between your employer and us.
2. Legitimate interest: we can use your data to provide you with the best available travel and expense services: personalised application, messages and search results, providing you proper help and product and training information, for administrations and maintenance purposes, fraud detection and for legal reasons.
3. Your permission: we can ask you for a permission to use your data for special marketing purposes. You can revoke such a permission any time by contacting us.
We share the information we collect about you according to the purpose of data collection.
Solely for purposes of service level assurance we may use third party providers (e.g. our hotel, airline, railway providers, financial institutions, etc.) – who supply us with their specialized service.
In the framework of their service provision, our partners may process application and personal data, but they can never get or link it to any customer details which are not included in those items. We may cooperate with our partners based within or outside the EU, however, all of them without any exception have appropriate technical and organizational measures in place to protect your personal data and they have provided us with adequate contractual guarantees in this regard.
For managing your business travel, we may share your data with:
1. Travel services providers we use to organize your trip that can include hotels, airlines, global distribution systems where we book your trip, travel management companies issuing your tickets, but also security agencies that cares about yours safety.
2. Payment operators and other financial services providers to organize all the payments for the services ordered by you. We will share with them only the set of data required to fulfil the service. We can also share additional data in case it is necessary to prevent or detect a fraud or theft.
3. Your employer or an organization that organizes your trip using our services. We report your business trips to your employer, or if you are a guest of a company or client of the travel agency, we will report the data back to them.
4. Other Goelett entities that provide services or process the data on our behalf, as we centralize our operations.
We can also share your data with:
1. Vendors, consultants and business partners who help us to carry out work on our behalf.
2. Competent authorities, we may disclose personal data so far as reasonably necessary: if we think you have or may have breached our general terms and conditions or to enforce our rights or protect the public or where we have reasonable grounds for believing that a criminal act has been committed or if we are required to do so by law or appropriate authority.
3 With involved parties in the case of an actual or proposed (including negotiations) sale or merger or business combination involving of all or the relevant part of our business.
4 Other services users (or groups of users) or public, but only the content you provide on such a forum.
5. In aggregated and anonymized form, which cannot be used to identify person.
Your personal data may be stored, used and otherwise processed within countries of the European Economic Area (EEA).
We may also store, use or otherwise process personal data outside the EEA. We will always take steps to ensure that any international transfer of information is carefully managed to protect your rights and interests.
Personal data will not be transferred to a country outside the EEA unless:
1. the country to which it is transferred is one which the European Commission considers to provide an adequate level of data protection
2. or service providers and other third parties to whom data is transferred undertake contractually to process data in accordance with our instructions and to maintain appropriate security to protect the personal data or we are obliged to provide the personal data to a government or public authority.
Goelett uses social media and instant messaging platforms in several ways. We promote our services and products or services and products of our partners. We share information about our work and we gather feedback and marketing data. We also use social media and instant messaging platforms to support online usage of our services.
We are offering services through social media and instant messaging platforms. You can connect your account in the Goelett system to your existing account on one of supported social media platforms and take advantage of this channel of communication with us. Our system will be able to send you some notifications and you will be able to perform actions, as you would do in our system. Any time you can disconnect accounts using our or native social media or instant messaging platform functionality.
You can also allow us to use some of the social media platform data, available on your profile like photo, email address or name.
On our pages and in our application we can place social media plugins (i.e. like or share buttons). If you will use it, some of the data will be shared with social media platform and it can be shared with larger audience according to your own social media privacy settings. We advise you to read also privacy policies of your social media platform.
Cookies are small bits of text that are downloaded to your computer or other device when you visit a website. Your browser sends these cookies back to the website every time you visit the site again, so it can recognise you and can then tailor what you see on the screen.
Cookies are used for different purposes. They allow you to be recognized as the same user across the pages of a website, between websites or when you use an app.
Our website and apps use cookies for different purposes:
Technical cookies
We try to give our visitors an advanced, user-friendly website and apps that adapt automatically to their needs and wishes. To achieve this, we use technical cookies to show you our website, to make them function correctly, to create your user account, to sign you in and to manage your bookings. These technical cookies are absolutely necessary for our website to function properly.
Functional cookies
We also use functional cookies to remember your preferences and to help you to use our website and apps efficiently and effectively. For example, these cookies remember your preferred currency, language, your searches. We may also use cookies to remember your registration information so that you don’t have to retype your login credentials each time you visit our site. Your password will, however, always be encrypted. These functional cookies are not strictly necessary for the functioning of our website, but they add functionality.
Analytics cookies
We use these cookies to gain insight into how our visitors use our website and apps. This means we can find out what works and what doesn’t, optimize and improve our websites or apps, understand the effectiveness of advertisements and communications, and ensure we continue to be interesting and relevant. The data we gather can include which web pages you have viewed, which referring/exit pages you have entered and left from, which platform type you have used, which emails you have opened and acted upon, and date and time stamp information.
It also means we can use details about how you’ve interacted with the site, such as the number of clicks you make on a given page, your mouse movements and scrolling activity, the search words you use and the text you enter into various fields. We make use of analytics cookies as part of our online advertising campaigns to learn how users interact with our website or apps after they have been shown an online advertisement. This may include advertisements on third-party websites.
Commercial cookies
We can use third-party cookies as well as our own to display personalized advertisements on our websites and on other websites. This is called “retargeting,” and it is based on browsing activities.
To learn more about cookies and how to manage or delete them, simply visit allaboutcookies.org and the help section of your browser. In the settings for browsers such as Internet Explorer, Safari, Firefox or Chrome, you can set which cookies to accept and which to reject. Where you find these settings depends on which browser you use. Use the “Help” function in your browser to locate the settings you need.
If you choose not to accept certain technical and/or functional cookies, you may not be able to use some functions on our website. We currently do not support “Do Not Track” browser settings.
Data retention schedule for our application users
Data Category | Explanation | Retention period |
Identification data | ||
PII | Name, login, title, email address, IDs assigned by the controller. | Account deactivation + 10 years |
Contact data | Address (work and home), other addresses, telephone number (work and home). | Data deleted, account deactivated or requested to stop processing/delete data |
Identification information assigned by government institutions | ID card number, passport number, drivers license number, license plate number, etc. | Data deleted, account deactivated or requested to stop processing/delete data |
Electronic identification data | IP addresses, cookies, connection moments, etc. | Account deactivation + 10 years |
Electronic localization data | Cell tower data, GPS data, etc. | Account deactivation or consent withdrawn |
Special financial data | ||
Financial transactions | Amounts paid and payable by the data subject, awarded credit lines, sureties, payment method, payment overview, deposits and other guarantees. | Moment of transaction related invoice payment recognized + 10 years |
Personal characteristics | ||
Personal details | Age, sex, date of birth, place of birth, nationality. | Data deleted, account deactivated or requested to stop processing/delete data |
Habits | ||
Travel details | Information regarding business travel habits and preferences | Data deleted, account deactivated or requested to stop processing/delete data |
Leisure pursuits and interests | ||
Leisure activities and interests | Hobbies, sports, other interests. | Data deleted, account deactivated or requested to stop processing/delete data |
Memberships | ||
Memberships (other than professional, political, or in trade unions) – only if required to manage business travel or expenses | Memberships in loyalty programs, organizations, clubs, partnerships, unions, groups, etc. – if used for business travel management or expense management. | Data deleted, account deactivated or requested to stop processing/delete data |
Consumption habits | ||
Travel data | Details regarding the goods and services provided to the data subject. | Moment of transaction related invoice payment recognized + 10 years |
Application usage | Details regarding usage of the application by the data subject. | Account deactivation |
Requests, complaints, incidents or accidents | Information regarding a request, accident, incident, or complaint in which the data subject is involved, the nature of the request, damage, involved persons, witnesses. | Closing the case + 10 years |
Profession and employment | ||
Current employment | Employer, title and role description, seniority, work location, specialization or company type, work modes and conditions. | Account deactivation + 10 years |
Photographs recordings | ||
Images | Camera recording, photographic recording, digital photos or scans of receipts uploaded, etc. | Data deleted, Contract end, Request to delete data / stop processing |
Sound recordings | ||
Sound recordings | Phone recordings regarding requests or issues, etc. | Closing the case + 10 years |
Electronic activity logs | ||
Application and infrastructure logs | Logs of user actions and technical requests registered | Account deactivation + 6 months |
Users login logs | Recorded user login attepmts | Account deactivation + 6 months |
Communication logs | Logs of our communication with our different service providers in accordance to secure booked trip. | Account deactivation + 6 months |
You can request access to your Personal data. You may also request rectification of inaccurate Personal data, or to have incomplete Personal data completed.
You can request any available information as to the source of the Personal data, and you may also request a copy of your Personal data being processed by us.
Your right to be forgotten entitles you to request the erasure of your Personal data in cases where:
1. the data is no longer necessary;
2. you choose to withdraw your consent;
3. you object to the processing of your Personal data by automated means using technical specifications;
4. your Personal data has been unlawfully processed;
5. there is a legal obligation to erase your Personal data;
6. erasure is required to ensure compliance with applicable laws.
You may request that processing of your Personal data be restricted in the cases where:
1. you contest the accuracy of the Personal data;
2. we no longer need the Personal data, for the purposes of the processing;
3. you have objected to processing for legitimate reasons.
You can request, where applicable, the portability of your Personal data that you have provided to us, in a structured, commonly used, and machine-readable format you have the right to transmit this data to another Controller without hindrance from us where:
1. the processing of your Personal data is based on consent or on a contract; and
2. the processing is carried out by automated means.
You can also request that your Personal data be transmitted to a third party of your choice (where technically feasible).
You may object (i.e. exercise your right to “opt-out”) to the processing of your Personal data particularly in relation to profiling or to marketing communications. When we process your Personal data on the basis of your consent, you can withdraw your consent at any time.
You have the right not to be subject to a decision based solely on automated processing, including profiling, which has a legal effect upon you or significantly affects you.
If you have a privacy-related complaint against us, you should complete and submit the Complaint/Data Subjects’ Request Form or make your complaint by email or by letter in accordance with our Global Complaints/Requests Handling Policy. If you are dissatisfied with our response, you may then seek further recourse by contacting the relevant local Supervisory Authority or the local competent court. You may also contact our lead Supervisory Authority, the Polish President of the Personal Data Protection Office. The Contact details can be found on the website: https://uodo.gov.pl/en/484.
Subprocessor | Address | Type of processing | Country of processing |
Microsoft Ireland Ltd. | One Microsoft Place South County Industrial Park Dublin D18 P521 Ireland | Azure cloud datacentre provider | France |
Beyond Sp. z o.o. | ul. A. Kręglewskiego 11 Poznań 61-248 Poland | Datecentre provider | Poland |
COIG SA | ul. Mikołowska 100 Katowice 40-065 Poland | Datecentre provider | Poland |
PCI Booking Ltd. | Unit 7 Coolport Coolmine Industrial Estate Blanchardstown Dublin D15 HC91 Ireland | PDI DSS compliant credit card operations | Ireland |
SendinBlue | 7 Rue de Madrid Paris 75008 France | Mailing service | France |
Twilio Ireland Ltd. | 3 Dublin Landings North Wall Quay Dublin 1 Ireland | Sendgrid mailing service | Ireland |
Systell Sp. z o.o. | ul. Pultuska 10 Pozań 61-052 Poland | Call centre system | Poland |
Cdiscount | 120-126 quai de Bacalan Bordeaux 33000 France | Baleen Web Application Firewall (WAF) | France |
Cloudflare Inc. | 101 Townsend St San Francisco, CA 94107 USA | Web Application Firewall (WAF) | US, EEA/EU |
HappyFox Inc. | 530 Technology Drive, STE 100 Irvine, CA 92618 USA | Ticketing system for technical support | US, EEA/EU |
CDS Groupe | 1 Rue Royale 92210 Saint-Cloud France | Agents working together with Goelett teams on travelers’ support | France |
Request a personalized demo to unlock the potential of seamless booking with Goelett.
Explore how our online booking solution can enhance travel management at your company.
If you have any questions about your booking, please contact our dedicated team at travelsupport@goelett.eu.