This privacy notice explains the privacy practices of Fraedom Holdings Limited, Fraedom UK Limited, Fraedom Pty Ltd, Fraedom Company, Fraedom LLC and their related group entities (as applicable) ("Fraedom Group", "we", "us", and "our"). In most instances, we are providing “Services” to your company or organisation ("Company") under a contract with that Company ("Contract").
The purpose of this privacy notice is to provide information about the way data that personally identifies the user or subject of the Service ("Personal Data") is processed in connection with the Service.
Who is responsible for processing Personal Data?
Generally, Fraedom’s customer, the Company, has primary responsibility for determining how and why we use your Personal Data and is the data controller for the purposes of data privacy laws. For more information about how the Company processes Personal Data, you should refer to the Company’s privacy notice. In the event that you have any queries, comments or complaints about the way in which we use your Personal Data, you should discuss these with the Company in the first instance.
When Fraedom processes your Personal Data in connection with the Service, it does so as a data processor and in accordance with the instructions of the Company.
Changes to our Privacy Notice
From time to time, we may update this privacy notice to reflect new or different privacy practices. We will place a notice online when we make material changes to this privacy notice so that you are always aware of what information we collect, how we use it and under what circumstances we disclose it. Please ensure that you read this privacy notice regularly.
You might find external links to third party websites on our application. This privacy notice does not apply to your use of a third party site.
What Personal Data Do We Collect Or Receive?
In order to provide the Service and other services required by your Company, we may process various categories of Personal Data from time to time. This Personal Data may be collected from you or be provided on your behalf by your Company and may include:
- your name, title, gender and date of birth;
- your company name and employee ID number;
- your contact information, including your telephone number and email address;
- your credit card details;
- your passport details; and
- your travel itinerary and special travel requirements.
It could also include sensitive or special category data, such as data relating to your health (for example, if you request wheelchair access), religion or racial or ethnic origin (for example, if you have special dietary requirements). This Personal Data will be processed where the Company has a legal basis for this, for example, you have given your express consent (which you may have given to the Company and then passed to us on your behalf) and at all times in accordance with the terms of this privacy notice.
Your provision of your Personal Data is voluntary. However, if you elect not to provide certain Personal Data, you may be unable to use the Service and we may be unable to provide the information or services that you have requested.
If you are using the Service on behalf of someone else (for example, you are authorised to make travel bookings or submit expenses on their behalf), you must ensure that you have that person's consent to provide their Personal Data and for processing of that Personal Data as described in this privacy notice. If you are not certain whether you have such consent, then you must not input any Personal Data in this Service.
If you have any questions regarding our authority to collect and/or process Personal Data or any other terms of the Contract, please contact your manager.
Please provide accurate Personal Data and update it as necessary. In the absence of any updates, we will assume that the Personal Data submitted is correct.
How Do We Collect Or Receive Personal Data?
What We Do With Personal Data And On What Basis Do We Use It
We may process Personal Data for various purposes as instructed by the Company, including for:
- the creation, storage and administration of your traveller (if applicable) and expense administration profiles
- the transfer and disclosure of Personal Data to service providers which the Company requires or requests us to provide as part of our provision of services under the Contract
- the transfer and disclosure of Personal Data to service providers, in and to the Countries, that are relevant to the provision of the Service to you (for example, the provision of IT infrastructure for the logging and management of support queries and for the purpose of optical character recognition associated with the technology we use)
- responding to you or your Company's requests for information concerning your expense transactions or to respond to questions you or your Company might have
- the transfer, disclosure and storage of Personal Data of your Company's registered administrators to enable us to contact them about the Services we provide to you (for example, to keep them informed about future releases of our technology, the status of support queries that have been logged, advising of upcoming maintenance windows and other issues that may affect the Service)
- addressing questions relating to our services from you or your Company and pursuant to the Contract
- the provision to your Company of management information, data aggregation (including aggregation using data provided to us by third parties at your Company's request), quality assurance surveys and any other services required from time to time by your Company
- the transfer and disclosure of Personal Data to your Company as required by your Company from time to time, including as part of its management information, expense management and travel monitoring requirements
- the transfer of data to third parties at your Company's request
- responding to an audit of the Service under the Contract by your Company
As data controller, the Company will be responsible for establishing the legal basis for our use of your Personal Data and the Company will be responsible for communicating this to you. If, in very limited circumstances, we act as data controller, we will only collect, use and share your Personal Data where we are satisfied that we have an appropriate legal basis to do this.
Your Personal Data may be transferred to, stored at or processed in other countries, including the United Kingdom and other European Economic Area (EEA) countries, Australia, New Zealand, the United States of America, Canada, Hong Kong, Singapore and India, that may not have equivalent privacy or data protection laws. However, regardless of where your Personal Data is transferred, we will protect it in accordance with this Privacy Notice and the applicable law.
We generally use approved Standard Contractual Clauses to assure that Personal Data is adequately protected when it is transferred out of the European Economic Area, Switzerland and/ or the UK but we may also make transfers to recipients with approved binding corporate rules or to recipients in the United States who have signed up to the EU-US and/or Swiss-US Privacy Shield Framework. Please contact us using the application's "Get in touch" facility if you would like more information about cross-border transfers or to obtain a copy of the standard contractual clauses.
Other disclosures of Personal Data
How We Protect And Store Your Information
We use physical, technical, organisational, and administrative safeguards to help protect your Personal Data from unauthorised access or loss. For example, we may use technology such as encryption to protect sensitive Personal Data during transmission.
Storing your Personal Data
We will retain your personal information for as long as the information is needed for the purposes listed above and for any additional period that may be required or permitted by law, including in accordance with legal, regulatory, tax, accounting requirements.
In specific circumstances we may store your personal information for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your Personal Data or dealings.
Your rights in relation to your Personal Data
We respect the rights you have under any applicable privacy laws. Subject to certain exemptions, these may include rights to access, correct and request the deletion or restriction of their Personal Data as required by law.
Certain parts of the Service allow you to make choices about what information is collected about you and how it is used or shared.
Otherwise, where we are processing your Personal Data as a data processor, we will refer you to the Company for assistance with these requests. We support our clients in responding to requests as required by law.
Queries and Complaints
If you have any questions about this privacy notice, wish to exercise any of your rights as described above, or wish to file a complaint regarding this privacy notice, you can contact us by writing to the address detailed under the "Contact" heading below.
You have a right to lodge a complaint with your local supervisory authority if you have concerns about how we are processing your Personal Data.
We ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority at any time.
You can contact us by writing to us at:
Fraedom UK Limited
1 Sheldon Square,
FAO: Legal Department
This page was last updated on 27. 05. 2020