World Travel and Tourism Council is committed to protecting your privacy.

We recognise our obligation to keep personal information secure and believe it is important for our partners, Members, website users, and other individuals to know how we treat their personal information.

This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.

Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

By visiting our website or otherwise providing data to us you are accepting and consenting to the practices described in this policy.

Any changes we may make to our privacy policy in the future will be posted on this page. Please check back frequently to see any updates or changes to our privacy policy.

Here are some of the key changes we made on 25 May 2018, when the European Union General Data Protection Regulation (“GDPR”) came into effect:

• Who we are and how to get in touch with us: We have clarified what the WTTC is, where we are headquartered and who to get in touch with about any personal data of yours that we may be holding.
• Collection and use of data: We’ve provided more information about the ways we collect personal data about you, who we collect that data from, and how we intend to use it.
• Purpose of processing: We provide more detail on the purpose and legal basis for the processing your data.
• Who has access to your information: Our policies and procedures haven’t changed but we’ll tell you exactly who will and won’t get access to your data.
• Your rights as a Data Subject: We’ve set out the rights individuals have under the new GDPR in relation to their personal data and how those rights can be exercised.

Who are we?

We are the World Travel & Tourism Council (“WTTC”), a membership organisation founded by, and existing to serve companies and institutions engaged in or with the economic sector of Travel & Tourism. We are headquartered in the United Kingdom and incorporated as a Private company limited by guarantee without share capital, company number 02506591. Our registered office address is The Harlequin Building, 65 Southwark Street, London, SE1 0HR, U.K.

WTTC is registered as a Data Controller with the UK Information Commissioner’s Office (“ICO”), which is an independent public body sponsored by the Department for Digital, Culture, Media and Sport of the UK Government. The representative of the Data Controller can be contacted by organisations with questions about any aspect of our handling of data privacy, by email at dpo@wttc.org, by telephone at +44 (0) 20 7481 8007, or in writing to the company registered address.

The information we collect from you

We collect information directly from individuals when they voluntarily submit their personal information to us by filling in forms (on our website or otherwise), or by corresponding with us by phone, email or otherwise.

This includes information you provide when you apply for Membership, register to attend an event, request information, participate in a competition, promotion or survey or in discussion boards on our website.

The information you give us may include your name, address, email address, phone number, company name and address, alternative contact details (e.g. those of a family member or secretary), photograph and financial and information.

At certain parts of our website, we may provide the opportunity for users to send an e-mail to us which may contain their personal data.

When this sort of information is collected we will provide the reason for collecting the information and how the information will be used.

The information we collect about you

With regard to each of your visits to our website we may automatically collect the following:

• Technical information, including the Internet Protocol (IP) address used to connect your computer to the Internet, your browser type and version, time zone setting, browser plug-in types and versions, operating system and platform; and
• Information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our website (including date and time); page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.

If you work for or are otherwise engaged with a company or institution in which WTTC has a legitimate interest, we may collect personal data about you from friends, colleagues or from information in the public domain to contact you. When we do so we will tell you the source of the personal data and give you the option to withdraw consent for further processing.

We may also capture personal data when you attend an event hosted by us via photograph, video or audio footage taken.

How we use “cookies”

Our website uses “cookies” to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our website.

We will ask you to consent to our use of cookies in accordance with the terms of this policy when you first visit our website and when you re-visit the website after clearing your browsing history. By using our website and agreeing to this policy, you consent to our use of cookies in accordance with the terms of this policy.

A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer's hard drive.

We use the following cookies:

• Strictly necessary cookies. These are cookies that are required for the operation of our website.
• Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.

To gather analytics and usage data.

Examples of usage data collected includes the type of Internet browser you are using and the domain name of the web website from which you linked to the website

Our website also uses third party requests to gather analytics and usage data for the website or to allow you to share certain pieces of our content on your social media accounts.

• Other than third party requests generated by Google Analytics, we use the “Facebook Connect” application to allow you to log in to your Facebook account and share certain pieces of our content.
• Third party requests do not generate cookies but they can still transfer personal information to third parties. Please refer to our analytics service provider's privacy policy which can be found at: https://www.google.com/policies/privacy/ and Facebook’s privacy policy which can be found at: https://www.facebook.com/policy.php.

Most browsers allow you to refuse to accept cookies by adjusting your browser settings. For example:

• In Google Chrome: Click the “three line” Chrome menu (usually in the top right hand corner of the browser). Select Settings. Click Show advanced settings. In the "Privacy" section, click the Content settings button. In the "Cookies" section, you can block all cookies by selecting "Block sites from setting any data". Please refer to Google Chrome's help & support section for further instructions and guidance.
• In Windows Internet Explorer 7 and Windows Internet Explorer 8: Click the Tools button, and then click Internet Options. Click the Privacy tab, and then, under Settings, move the slider to the top to block all cookies or to the bottom to allow all cookies, and then click OK. Please refer to Microsoft's help & support section for further instructions and guidance.

Please keep in mind that blocking cookies may have a negative impact upon the usability of many websites and if you block cookies, you may not be able to use all the features on the website. In Google Chrome, you'll see a blocked cookie icon in the address bar to warn you whenever a cookie has been blocked.

You can delete cookies already stored on your computer by clearing your browsing data. For example:

• In Google Chrome: Click the “three line” Chrome menu (usually in the top right hand corner of the browser). Select Settings. Click Show advanced settings. In the "Privacy" section, click the Content settings button. In the "Cookies" section, click “All cookies and website data” to open the Cookies and website data dialogue. To delete all cookies, click “Remove all” at the bottom of the dialogue. To delete a specific cookie, hover over the website that issued the cookie with your mouse, then click the X that appears in the right corner. You can also choose to remove all cookies created during a specific time period, using the Clear Browsing Data dialogue. Please refer to Google Chrome's help & support section for further instructions and guidance.
• In Windows Internet Explorer 7 and Windows Internet Explorer 8: Click the Tools button, and then click Internet Options. On the General tab, under Browsing history, click “Delete”. Select the Cookies check box, and then click “Delete” if it isn't already checked. Clear or select check boxes for any other options you also want to delete. Please refer to Microsoft's help & support section for further instructions and guidance.

Our use of collected information

We use information held about you in the following ways:

1. Information collected from you. We will use this information:

• To administer our Membership scheme;
• To carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products and services that you request from us;
• To provide you with information about the services we provide;
• To notify you about changes to our service; and
• To respond to inquiries or to process requests.

2. Information we collect about you. We will use this information:

• To provide you with information about the services we provide;
• To administer our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
• To improve our website to ensure that content is presented in the most effective manner for you and for your computer;
• To allow you to participate in features of our service, when you choose to do so; and
• As part of our efforts to keep our website safe and secure.

In summary, where we collect your personal data, we’ll only process it:

• To perform a contract with you, or
• Where we have legitimate interests to process the personal data and they’re not overridden by your rights, or
• In accordance with a legal obligation, or
• Where we have your consent.

How long do we keep your information?

We review our retention periods for personal information on a regular basis. We are legally required to hold some types of information to fulfil our statutory obligations. We will hold your personal information on our systems for as long as is necessary for the relevant activity, or as long as is set out in any relevant contract you hold with us.

Who has access to your information?

We will not sell or rent your information to third parties.

We will not share your information with third parties for marketing purposes.

We may communicate your information to selected third parties including:

• Suppliers and sub-contractors for the performance of any contract we enter into with them or you;
• Analytics and search engine providers that assist us in the improvement and optimisation of our website; or
• If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use and other agreements; or to protect the rights, property, or safety of our Members, or others.

Where We Store Your Personal Data

The data that we collect from you may be transferred to countries other than the country you live in, where it may be processed by staff who work for us or for one of our suppliers. These countries may have laws different to what you’re used to. However, when we disclose personal data to a third party in another country, we put safeguards in place to ensure your personal data remains protected.

For individuals in the European Economic Area (EEA), this means that your data may be transferred outside of the EEA. Where your personal data is transferred outside the EEA, it will only be transferred to countries that have been identified as providing adequate protection for EEA data (like New Zealand), or to a third party where we have approved transfer mechanisms in place to protect your personal data – i.e., by entering into the European Commission’s Standard Contractual Clauses, or by ensuring the entity is Privacy Shield certified (for transfers to US-based third parties).

We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.

How do we secure your information?

World Travel and Tourism Council maintains strict physical, electronic and administrative safeguards for the protection of users’ personal information from unauthorised or inappropriate access. Employees, business partners and affiliates who misuse a user’s personal information are subject to disciplinary actions.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

Your choices

In addition to the WTTC policies explained above, as a data subject you could, under the prevailing regulations, choose to exercise the following rights, if applicable:

• To request from WTTC access to and rectification or erasure of your personal data or restriction of processing and to object to processing;
• To have personal data sent to you or another Data Controller in a commonly used machine-readable format (data portability);
• Where the basis for processing is consent, the right to withdraw consent at any time;
• To lodge a complaint with a supervisory authority; and
• To be informed:
  - whether the provision of personal data is part of a statutory or contractual requirement or obligation and the possible consequences of failing to provide the personal data;
  - the categories of personal data sourced from third parties or publicly accessible sources;
  - the existence of automated decision making, including profiling and information about how decisions are made, the significance and the consequences;
  - the identity of any recipient or categories of recipients of the personal data;
  - and, if WTTC intends to process your personal information for a purpose other than that for which it was collected, what that purpose is and any relevant further information.

Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to dpo@wttc.org, by telephone at +44 (0) 20 7481 8007, or in writing to the WTTC company registered address.

‍