GDPR statement and Policy
On May 25, 2018, the General Data Protection Regulation (GDPR) came into effect across European Union (EU) member states, impacting any organization that processes personal data of EU individuals. GDPR represents a strengthening and harmonizing of existing data privacy rights for individuals in the European Union.
2 Tier Travel Ltd. is committed to protecting personal data of our EU employees, contractors, customers, and vendors, regardless of where that data is processed. We have a robust security program and an established series of internal policies, processes, and practices across our organization to ensure that personal data of EU individuals is processed appropriately and protected in our information systems.
When processing the personal data of EU individuals we:
— Ensure there is a legitimate business reason to collect the data;
— Ensure we have consent to collect and use the data (where required);
— Limit collection, storage and usage of the data only to the extent for which there is a business reason and consent.
Below are some highlights of how 2 Tier Travel Ltd. is ensuring compliance with GDPR:
Data Breach Response Plan: In the event of a data breach that may impact the security of employee, customer, or vendor personal data, we will take steps to notify EU authorities within 72 hours of discovery of the incident.
Data Privacy Impact Assessment: When initiating new projects or products, implementing new software, or onboarding new vendors that may process personal data of EU individuals, we will assess data privacy impact in order to ensure that personal data is adequately protected in any systems or processes controlled by 2 Tier Travel Ltd. .
Data Subject Rights: We understand that anyone doing business with us may have questions about the types of personal data 2 Tier Travel Ltd. processes about them. If you would like to make a request about the personal data 2 Tier Travel Ltd. processes, please email your request to the email below.
If you have questions about 2 Tier Travel Ltd. and GDPR, please contact