Omega World Travel Limited Privacy Policy

1. Important Information and Who We Are
Omega World Travel Limited is part of the Omega group of companies (“Omega”) and respects individual privacy and values the confidence of its customers, employees, consumers, vendors and business partners. Our registered office is at Thanet House, 231-232 Strand, London, WC2R 1DA, United Kingdom. Our website is at www.omegaworld.co.uk. Our Data Protection Officer is Nicola Smith.

Contact Information:
Email: Nicola.smith@omegaworld.co.uk
Direct: 020 7864 6765
Mobile: 07785 426 924

2. Reasons for This Privacy Policy
This privacy policy provides information on how Omega collects and processes your personal data when we manage travel bookings for business travellers. This document sets out our obligations under the General Data Protection Regulation ('GDPR') effective from 25 May 2018. Tmeet the changed regime Omega have appointed a Data Protection Offices ttake on these responsibilities and a thorough audit has taken place of the data we hold and need thold tachieve compliance with GDPR and tlegitimately use the data for the purpose intended, namely the efficient management of travel bookings for our customers.

3. The Data We Collect
Omega collects, uses and discloses personal information only for the benefit of our customers tachieve their travel bookings, arrangements for meetings and events and concierge and VIP services. At all times the collection and retention of personal information is compliant with the laws of the United Kingdom and GDPR and the earlier Data Protection Act. Omega relies upon its clients tensure that the business travellers arrangements which require the processing of their personal data arises from their consent and understanding that the transmission of the data tsuppliers of services is necessary tmake the booking concerned.

Omega has a tradition of upholding the highest ethical standards in its business practices. The General Data Protection Regulation (GDPR) and for the United States the EU-US Privacy Shield Framework sets forth the privacy principles Omega follows with respect tthe collection, retention and transmission of personal information when required from the European Union (EU) tthe United States.

The information you may be asked tprovide includes, but is not limited to; name, address, telephone number, billing information (including credit card data), passport information, frequent flyer rewards schemes, dietary requirements, travel preferences. Unless stated otherwise, this collected data and information is used for the provision of our travel services and may be shared with our affiliates, subsidiaries, Global Distribution Systems, Industry Reporting Authorities, and other travel supplies that are deemed necessary tfulfill travel arrangements.

4. The Data We Process
Omega World Travel may be required tdisclose personal information in response ta lawful request made by public authorities, including tomeet national security or law enforcement requirements.
Omega confirms that it will only transfer personal data for the specified purpose and will not process it further without express permission. Personal Data may be transferred tour Agents strictly for the purpose of making the travel booking for the traveller.

Omega has and will take all appropriate security measures tprevent any unauthorised or unlawful processing and against any accidental loss or damage tpersonal data. Omega uses only approved suppliers and third parties tprocess data only where necessary tachieve travel bookings and where there are agreements in place tprotect the data.

Omega staff are trained tunderstand the importance of data protection and the confidential nature of the data.

5. Definitions
For purposes of this Privacy Policy, the following definitions shall apply:

“Agent” means any third party (GDS, industry reporting authorities, internet booking engines, and other travel related suppliers that are deemed necessary tfulfill travel bookings and obligations) that collects or uses personal data under the instructions of, and solely for, Omega or twhich Omega discloses personal information for use on Omega's behalf.

“Omega” means Omega World Travel Limited, its predecessors, successors, subsidiaries, divisions, affiliates and groups in the United Kingdom and the United States.

“Personal data” means any information or set of information that identifies or could be used by or on behalf of Omega tidentify an individual. Personal data does not include information that is encoded or anonymized, or publicly available information that has not been combined with non-public personal information.

“Sensitive personal information” means personal information that reveals race, ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, or that concerns health or sex life. In addition, Omega will treat as sensitive personal information any information received from a third party where that third party treats and identifies the information as sensitive.

6. Scope
The GDPR applies tall personal data received by Omega in the United Kingdom in any format, including electronic, paper or verbal and the protection under GDPR extends tdata protection in all EU countries. Our U.S parent Omega World Travel Inc. has made further precautions tprotect personal data by registration with the US Privacy Shield Framework ensuring that both European and American traveller data in their possession is fully protected tthese high standards.

7. Choice and Opting Out
Omega will offer individuals the opportunity tchoose (opt-out) whether their personal information is (a) tbe disclosed ta non-agent third party, or (b) tbe used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual.

For sensitive personal information, Omega will give individuals the opportunity taffirmatively and explicitly (opt-in) consent tthe disclosure of the information ta non-agent third party or the use of the information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. An individual wishing tlimit the use or sharing of their data should contact our Data Protection Officer

8. Data Integrity and Purpose Limitation
Omega will use personal information only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual. Omega will take reasonable steps tensure that personal information is relevant tits intended use, accurate, complete, and current.

9. Accountability for Onward Transfer
Omega will obtain assurances from its Agents that they will safeguard personal data consistently with this Policy. These Agents may use this information tfulfill travel arrangements and other duty of care obligations. If Omega has knowledge that an agent is using or disclosing personal information in a manner contrary tthis Policy, Omega will take reasonable steps tprevent, stop the use, or remediate the unauthorized processing of data. In addition, Omega will attempt tlimit the purposes for which the data may be processed and ensure the Agent will provide a similar level of privacy protection.

10 Access and Correction
Omega acknowledges the right of individuals taccess their personal data. Upon request, Omega will grant individuals reasonable access tpersonal data that it holds about them. In addition, Omega will take reasonable steps tpermit individuals tcorrect, amend, or delete data that is demonstrated tbe inaccurate or incomplete.

11. Security
Omega will take reasonable and appropriate precautions tprotect personal data in its possession from loss, misuse and unauthorized access, disclosure, alteration and destruction.

12. Transfer of Personal Data Outside of the EU
Omega may transfer, store and process your personal data outside of the European Economic Area, when this is necessary for the travel booking concerned and where we are requested tproduce management information for our clients. We will not transfer personal data outside of the EEA without the client's written consent unless Omega is fulfilling a travel booking with an entity in a country recognised as having equivalent data protection as the EEA or has entered intstandard contractual clauses (for controller tprocessor transfers) with Omega.

13. Recourse, Enforcement and Liability
Omega will conduct compliance audits of its relevant privacy practices tverify adherence tthis Policy. Any employee that Omega determines is in violation of this policy will be subject tdisciplinary action up tand including termination of employment.

14. Your Legal Rights
(i) the right tbe informed
Omega's Clients have the right taccess all information provided under our contract with them.

(ii) the right taccess and rectification
As a Travel Management Company, Omega receives traveller data in order tcreate and manage travel bookings for its corporate clients. Data can be accessed, verified and rectified upon request.

(iii) the right terasure
Omega can be requested terase data at the data subjects request.

(iv) subject access request
The data subject can make a written request for access this personal data.

Omega will investigate and attempt tresolve complaints and disputes regarding use and disclosure of personal information in accordance with the principles contained in this Policy.

Changes tthe Privacy Policy
This Privacy Policy may be amended from time ttime, consistent with the requirements of the GDPR. Omega will provide appropriate public notice about such amendments.

Updated 6/1/23