Privacy and Cookie Statement
WHO WE ARE
TripLink is part of the Trip.com Group providing fully customized payment services for global customers. TripLink’s products and services are offered through different companies. This privacy and cookie statement is issued on behalf of TripLink so when we mention TripLink, “we”, “us” or “our” in this privacy and cookie statement, we are referring to the relevant company in TripLink responsible for managing your account and processing your data.
Table of contents
1. When this privacy and cookie statement applies
2. Personal data we may collect about you, how do we use the data, and what is the legal basis for the use?
3. How we share your personal data?
4. Where we transfer your personal data?
5. Your choices and rights (if you live in the EEA or the UK)
6. How long we retain your personal data?
7. Information security and protection
8. Updates to this privacy notice
9. Contact us
10. Cookies
1. WHEN THIS PRIVACY AND COOKIE STATEMENT APPLIES
Personal data is any information about an individual from which that person can be identified. Company information or data is not considered “personal data” if it relates to a legal entity rather than a natural person. This privacy and cookie statement applies when TripLink processes personal data, it does not apply to the processing of company information.
TripLink is committed to protecting personal data. This privacy and cookie statement will inform you as to how we collect and use your personal data through your use of this website and any data you may provide when you use our services. We may also use your personal data for purposes such as to communicate with you about our services, the operation and management of our services, and complying with our legal obligations. More information is set out in section 2.
Depending on your location, you have certain data protection rights. Specifically, if you reside within the EEA or the UK, please see information set out in section 5.
2. PERSONAL DATA WE MAY COLLECT ABOUT YOU, HOW DO WE USE THE DATA, AND WHAT IS THE LEGAL BASIS FOR THE USE?
Depending on how you use our services, we may collect different categories of personal data. We may collect personal data from individuals acting on behalf of our business partners in order to set up the account, communicate with the customer, and carry out know-your-client (KYC) checks. For example, a director, legal representative, or employee of the business partner may be authorised to manage the TripLink account and provide instructions to us.
The table below describes the personal data we collect, for which purposes we use it and the legal bases we rely on to process it.
Detailed purpose and scenario description | Categories of Personal Data | Legal Basis | |
Setting up the account | In order provide your services we require to process personal data to onboard our customers, register our customers, including setting up customer accounts, and once set up, managing customer accounts, including dealing with any requests, queries, claims, notifications, updates and confirmations.
| Identification documents, contact details, (where applicable) bank account details. | It is necessary for us to process your personal data to perform our contract with you, or to take steps at your request prior to entering into a contract with you. We also have a legitimate interest in managing our business and providing you with our services. |
Know Your Client (KYC) checks | To carry out KYC checks, necessary to onboard and in accordance with our legal obligations. | Identity documents and financial verification records. In the event that the KYC checks produce results, sanction, criminal record, PEP, media, financial enforcement, court, embargo and / or caution information. | When we have a legal obligation under the relevant and applicable laws and regulations, we process the data in order to comply with that obligation. We also have a legitimate interest in ensuring the security of our operations, assets, and individuals interacting with our services. |
Fraud detection and prevention, and preventing misuse of services. | We may detect and prevent fraud, illegal activities and potential transaction risks, and use your personal data for other risk assessment and security purposes. We monitor customer accounts to prevent, investigate and/or report fraud, terrorism, misrepresentation, security incidents or crime, in accordance with applicable law and to prevent the misuse of TripLink services. We also use personal data to improve the service security and reliability, and to keep the customer portal secure. | Identity documents and date of birth, account information. | When we have a legal obligation under the relevant and applicable laws and regulations, we process the data in order to comply with that obligation. We also have a legitimate interest in ensuring the security of our operations, assets, and individuals interacting with our services. It is necessary for us to process your personal data to perform our contract with you and keep your account secure. |
Entering into agreements | To provide our services, it is necessary to enter into contracts with our business partners. When we do this, we may process personal data in order to execute the agreement.
| Contact details and signature
| It is necessary for us to process your personal data to perform our contract with you, or to take steps at your request prior to entering into a contract with you. |
Facilitating transactions | In order to deliver our services to you and facilitate transactions, we use your personal data to facilitate the customer deposit process; verify payments, administer customer payments and products and analysing and issuing chargebacks (if necessary) | Contact details; account details | It is necessary for us to process your personal data to perform our contract with you.
|
Fulfilling legal and regulatory obligations; purposes required by law | Comply with applicable laws, protect our and your rights and interests, defend ourselves. Comply with applicable security and anti-terrorism, anti-bribery, customs and immigration, and other such due diligence laws and requirements. Complying with our obligations under the law, including reporting to tax authorities. | All data collected provided it is necessary. | When we have a legal obligation under the relevant and applicable laws and regulations, we process the data in order to comply with that obligation.
|
Investigations, complaints management, and dispute resolution | We use information you provide to investigate any complaints received from you or from others about our website, or our products and services. We use data in connection with legal claims, compliance, crimes, regulatory and investigative purposes as necessary (including the disclosure of such data in connection with legal authority investigation, legal process or litigation).
| Account registration information; account Information; contact details Other personal data required under the applicable law or by appropriate authorities. | When we have a legal obligation under the relevant and applicable laws and regulations, we process the data in order to comply with that obligation. It is necessary for us to process your personal data in order to perform our contract with you. We also have a legitimate interest in managing our business, providing you customer service, ensuring the security of our operations, assets, and individuals interacting with our services. |
Business development and engagement of suppliers | We have a legitimate interest in developing our business and reaching out to potential customers and investing in our relationships with existing customers and suppliers to let them know about our services, including notifying our partners of relevant offers and services and inviting them to events and obtaining feedback in order to improve our partnerships. | Contact details | We have a legitimate interest in managing our business and providing you with our services. |
Customer service | Providing support to our customers and suppliers, including dealing with any requests, queries, claims, notifications, updates and confirmations. | Account registration information; account information; contact details. Other personal data you provided to our staff to facilitate your request. | It is necessary for us to process your personal data in order to perform our contract with you, or to take steps at your request prior to entering into a contract with you. We also have a legitimate interest in managing our business and providing you customer service. |
There are instances where we have a legitimate interest to use your data. Our legitimate interest will vary depending on what we are using your data for, and we explain above what the interest is and how it relates to the processing operations that we are carrying out. Where we process personal data based on a legitimate interest, then – as required by data protection law – we have carried out a balancing test to document our interests, to consider what the impact of the processing will be on individuals and to determine whether individuals’ interests outweigh our interests in the processing taking place.
Automatically Collected Information
TripLink automatically collects user-related information during service use for security and service provision. The specific details are as follows.
For more details on how we use cookies, please refer to our cookie statement below.
Personal data received from third party sources
We may collect personal data from publicly available sources (for example websites, reporting agencies, online directories and registers etc) for the purposes of fulfilling our legal obligations, carrying out KYC and due diligence checks.
Personal data provided to us about other individuals
During the course of business, you may share information about others (e.g. personal data about your employees). By sharing this information with us, you confirm that you have provided all the necessary notices and obtained all the necessary consents required by the applicable laws and regulations in order to share that personal data, including providing information about how their personal data may be used in accordance with this privacy statement.
3. HOW WE SHARE YOUR PERSONAL DATA
We may share your data with the following categories of recipients:
Personal Data Category | Category of Recipient | Why? |
Contact details, date of birth, identification documents, (where applicable) bank account details, and information related to financial verification records, Automatically Collected Information, and signatures. | Affiliates within our group | We may share personal data with our affiliates to assist with providing services or functions on our behalf, including but not limited to, the purposes of business development, onboarding customers and setting up accounts, internal management of customer/supplier data, KYC checks, providing customer services support, and compliance services etc., to the extent necessary. All business divisions of our group offer similar protection measures for personal data, strictly adhering to the same standards as this Privacy Notice. |
Contact details, name, identification documents, and (where applicable) bank account details. | Financial institutions and third-party payment processors | We share relevant information with financial institutions or third-party payment processors for administering payment transactions, deposit processes, analysing and issuing chargebacks, and complying with legal and regulatory obligations. If deemed necessary for fraud detection and prevention, we may share additional necessary information with relevant financial institutions. |
Contact details, identity documents and financial verification records and results. | Third-party service providers | We collaborate with third-party vendors who provide services or functions on our behalf, such legal services, information verification, carrying out background checks, and supplier engagement etc. Third-party vendors can only access and collect information necessary for these functions and cannot share or use it for other purposes. |
All data collected provided it is necessary. | Government authorities, law enforcement, regulators and fraud prevention agencies | To prevent, investigate and/or report fraud, terrorism, misrepresentation, security incidents or crime, in accordance with applicable law; and to assist competent authorities in investigation, legal process or litigation, for regulatory and investigative purposes as necessary. |
All data collected provided it is necessary. | Prospective buyers and their advisers; TripLink’s advisers | In the event that the business is sold or integrated with another business, your details will be disclosed to our advisers and any prospective buyers’ advisers and will be passed to the new owners of the business. |
4. WHERE WE TRANSFER YOUR PERSONAL DATA?
If you are an individual based in the European Economic Area (“EEA”) or the United Kingdon (“UK”), the following applies:
Due to the global nature of our business, many of our affiliates within our corporate group and the external third parties above are based outside the EEA or the UK, so their processing of your personal data will involve a transfer of data outside the EEA or the UK.
If you are based in the UK and we transfer your personal data out of the UK, or if you are based in the EEA and we transfer your data out of the EEA, we ensure a similar degree of protection (provided in the country that the personal data is being transferred from) is afforded to it. The measures we have in place include the following:
5. YOUR CHOICES AND RIGHTS (IF YOU ARE AN INDIVIDUAL LIVING IN THE EEA OR THE UK)
You have the following rights:
Right | Summary |
The right of access | Enables you to receive a copy of your personal data |
The right to rectification | Enables you to correct any inaccurate or incomplete personal data we hold about you |
The right to erasure | Enables you to ask us to delete your personal data in certain circumstances |
The right to restrict processing | Enables you to ask us to halt the processing of your personal data in certain circumstances |
The right to object
| Enables you to object to us processing your personal data in certain circumstances, including where we process your personal data on the basis of our legitimate interests (or those of a third party), or where we are performing a task in the public interest. In these circumstances your objection will be upheld, and we will cease processing your personal data, unless the processing is based on compelling legitimate grounds, is necessary for public interest reasons, is needed for the exercise or defence of legal claims that may be brought by or against us, or the law provides exemptions (e.g. for the purposes of law enforcement, national security or taxation). |
The right to data portability | Enables you to request us to transmit personal data that you have provided to us, to a third party without hindrance, or to give you a copy of it so that you can transmit it to a third party, where technically feasible |
If you live in France: The right to instruct us regarding the use of your personal data after your death | Enables you to instruct us on the processing (retention, deletion, and disclosure) of your personal data after your death. You can change or revoke such instructions at any time. |
These rights may be limited, for example if fulfilling your request would reveal personal data about another person, or if you ask us to delete information which we are required by law or have compelling legitimate interests to keep. If you wish to exercise any of these rights, please contact us at the contact details set out at section 9.
Wherever we rely on your consent, you have the right to withdraw that consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal. We may however have other legal grounds for processing your data for other purposes, such as those set out above.
We are committed to investigating and resolving complaints about our collection or use of your personal data. To make a complaint, please clearly provide the following information to help us address the issue effectively:
· The specific data privacy complaint (please provide as much detail as possible including country, your understanding of the data privacy infringement, and redress requested).
· Your full name and how we can contact you.
· Any previous correspondence on this specific data privacy issue
If you are not satisfied with our resolution of your complaint, you have the right to complain to a data protection authority in the country that you reside in or, the country of your place of work or the country where the alleged infringement took place.
We aim to resolve all issues in a timely manner, or as mandated by applicable law, but if this is not possible because a more detailed investigation is required, we will keep in regular contact with you to ensure that you are kept informed of the resolution of your matter.
6. HOW LONG WE USE PERSONAL DATA FOR
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal or regulatory requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and any specific and applicable legal, regulatory or other requirements.
7. INFORMATION SECURITY AND PROTECTION
TripLink attaches great importance to information security and has set up a dedicated team for this. We strive to protect your personal data and have taken appropriate managerial, technological, and physical security measures.
In terms of the data life cycle, we have established security measures for all stages including data collection, storage, display, processing, use, and destruction. We take different control measures according to the level of information sensitivity, including but not limited to access control, SSL encryption transmission, and high-level encryption algorithms for encrypted storage, in order to mask the sensitive information to be displayed, etc. We have obtained ISO 27001 and PCI DSS certifications. We rely on currently available technologies and take appropriate security measures to protect your information.
In the unlikely event of a data breach affecting your personal data, we will inform you in accordance with laws and regulations by email or other means.
8. UPDATES TO THIS PRIVACY NOTICE
We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal data.
9. CONTACT US
The data controller for your personal data is one or more of the following entities, depending on which entity or entities provide you with the relevant services:
· TripLink International B.V
· TripLink International (UK) Limited
· TripLink International Co., Limited
· TripLink Solutions Co., Limited
· TripLink International Pte. Ltd.
If you have questions about this privacy notice or wish to contact us for any reason in relation to our personal data processing, please contact us at privacyHQ@triplinkintl.com.
The TripLink local representative in the EEA is TripLink International B.V., which can be contacted directly by email at the following address: privacyEU@triplinkintl.com.
The TripLink local representative in the UK is TripLink International (UK) Limited, which can be contacted directly by email at the following address: privacyUK@triplinkintl.com.
You have the right to make a complaint at any time to your local supervisory authority for data protection issues. However, we would appreciate the chance to deal with your concerns, so please contact us in the first instance. To contact us, please email privacyHQ@triplinkintl.com.
10. COOKIES
What is a cookie?
Our website uses cookies that are essential for its operation.
A cookie is a small text file that we store on your computer or phone when you use our website. To learn more about cookies, please go to www.aboutcookies.org.
We may also use similar technologies such Software Development Kids (SDKs). In this statement we refer to all technologies as “cookies”.
What type of cookies does TripLink use?
Essential cookies:
These are cookies that TripLink cannot operate without. They include, for example, cookies that enable you to log into TripLink. You can switch these cookies off in your browser settings, however you may then not be able to use TripLink.
You can find more information about the individual cookies we use and the purposes for which we use them in the table below. Please note that we do not use any targeting cookies or similar.
We use session and persistent cookies. Session cookies are deleted when you close TripLink. Persistent cookies remain on your computer or phone and are activated the next time you visit TripLink.
Table of cookies
Essential cookies:
Cookie Name | Provider | Purpose |
suid | Trip.com | To identify visitors across domains |
ibu_country | Trip.com | Site information |
_bfa | Trip.com | UBT Meta information |
nfes_isSupportWebP | Trip.com | Check whether the current page has enabled WebP conversion |
Trip.com | Used as a risk control device indicator to prevent change of the equipment fingerprints | |
_RF1 | Trip.com | To obtain the IP adress from the client for risk identification |
_resDomain | Trip.com | NFES application autowrite for service worker |
Ctrip.com | Used as a token of risk control device indicator to obtain equipment fingerprints on the server | |
Trip.com | Used as a risk control equipment indicator to prevent change of the equipment fingerprints | |
Triplink_enable_nonessential | triplinkintl.com | Check status of consent |
trilinklocale | triplinkintl.com | Language of the page |
GUID | Trip.com | For client identifier |
s_bf_uid_ | Trip.com | Visitor ID to record relevant information of devices |
UBT_VID | Trip.com | UBT user ID |
_pd | Trip.com | Performance data of page |