Meili Travel (“Meili”) respects your right to privacy and complies with our obligations under relevant data protection legislation including the General Data Protection Regulation (EU) 2016/679 (“GDPR”).
‍
The purpose of this Privacy Policy (“Policy”) is to outline how we process personal data, including special categories of data and the basis on which personal data is obtained from you or collected about you from third parties. We do not knowingly attempt to solicit or receive information from children.
‍
We take great care with any personal data we hold, so that we provide the highest standard of service to you, whilst taking steps to keep your data secure and to ensure it is only used for the specified, explicit and legitimate purposes stated within this Policy.
‍
Unless otherwise stated, the controller (as defined in the GDPR) of your personal data for all purposes outlined in this Policy is Meili. We can be contacted by post at 1 Grant's Row, Lower Mount Street, Dublin 2, Dublin, D02HX96, Ireland by email at dataprotection@meili.travel. If you have any queries about our processing activities, or if you wish to enact a rights request, please contact our Data Protection Team. Their contact details are below:
‍
Data Protection Team, 1 Grant's Row, Lower Mount Street, Dublin 2, Dublin, D02HX96. Email: dataprotection@meili.travel

We, our, us, Meili refers to Meili Travel Technology Limited. Meili is a private company limited by shares incorporated in Ireland with company number 685899 and having its registered office at 1 Grant's Row, Lower Mount Street, Dublin 2, Dublin, D02HX96.

We collect information from you when you apply for a role at Meili. We will only collect information that is adequate, relevant and limited to what is necessary in relation to the purposes identified within this Policy.
‍
Most information will be collected directly from you, but we may collect additional information from your references or any certifying bodies based on the qualifications you provide.
‍
In the case of job applications made through external agencies, we will initially collect data from the relevant agency.
‍
During the recruitment process, we may contact references or stated previous workplaces, to verify the information provided.

The following section provides more detail on the purposes for which we process your personal data and the legal basis by which we do this.

You can choose not to give us personal information; however, this may have an effect on you. We may need to collect personal information by law, or to enter into or fulfil a contract we have with you. If you choose not to give us this personal information, it may delay or prevent us from fulfilling our contract with you or doing what we must do by law.

We may share your personal data with outside organisations, below is a list of the categories of recipients of organisations we share your personal data with:

Our Representatives

Our employees, agents and contractors including companies that provide services in relation to telecommunications and postage, data storage, document production and destruction, IT, and IT security, making and receiving payments, data analysis and management information, risk analysis, complaints handling, marketing and market research.

Government, Statutory And Regulatory Bodies

State regulators and authorities such as the Data Protection Commission and the Revenue Commissioners; Law Enforcement Agencies such as An Garda Síochána & The Criminal Assets Bureau.
‍
We may also disclose your personal data to the following recipients or categories of recipients:
‍
• In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
‍
• If Meili or substantially all of its business or assets are acquired or transferred to a third party whether in the event of a merger, reorganisation, transfer of undertakings, receivership, liquidation or other winding up or any other similar circumstances, in which case personal data held by it about its customers will be one of the transferred assets.
‍
• If we are under a duty to disclose or share your personal data in order to comply with any law, legal obligation or court order, or in order to enforce rights under the GDPR or other agreements.
‍
• To protect our rights, property or safety, our customers, or others. This includes exchanging information with other companies and organisations for the maintenance and security of the site and services.
‍
• Any party which you have given us permission to speak with (references etc.)
‍
We take steps to ensure that any third-party partners who handle your information comply with data protection legislation and protect your information just as we do. We only disclose personal information that is necessary for them to provide the service that they are undertaking on our behalf. We will aim to anonymise your information or use aggregated non-specific data sets where possible.
‍
Where we transfer your personal data outside of the EEA to our suppliers, we will ensure that appropriate safeguards are in place to protect your personal data.

Meili does not undertake automated individual decision making for information obtained from you through our website.

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. This means that the period of time for which we store your personal data may depend on the type of data we hold. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
‍
If successful employee information such as your employee file is retained for the duration of the employment contract plus 7 years after the contract’s termination. CVs and interview notes are retained for 12 months after the interview after which time they are destroyed.

You have the right to have Meili correct any inaccurate personal data we have collected about you. You also have the right to have incomplete personal data completed; you may provide us with supplementary information to do this. To do so, please contact our Data Protection team at: dataprotection@meili.travel

In certain instances, you have the right to have Meili erase the personal data we have collected about you. Your right of erasure will apply in the following circumstances:
‍
• We no longer need the data for the purpose that it was originally collected;
‍
• You withdraw your consent;
‍
• You object to the processing and the organisation has no overriding legitimate interest in the data;
‍
• We have collected the data unlawfully; or
‍
• The data must be erased to comply with a legal obligation.
‍
This right will not apply where we are required to process personal data in certain circumstances including the following:
‍
• For exercising the right to freedom of expression;
‍
• For compliance with a legal obligation, such as the performance of a contract or compliance with certain legislation;
‍
• For the performance of a public interest task or exercise of official authority;
‍
• For health purposes in the public interest;
‍
• For archiving purposes in the public interest, scientific or historical research, or statistical purposes; or
‍
• For the establishment, exercise or defence of legal claims.
‍
To exercise this right, please contact our data protection team at the contact details listed in Section 1 of this Policy.

You have the right to object to the processing of your personal data at any time:
‍
• For direct marketing purposes;
‍
• For profiling to the extent it relates to direct marketing; or
‍
• Where we process your personal data for the purposes of legitimate interests pursued by us, except where we can demonstrate compelling legitimate grounds for this processing which would override your interests, rights and freedoms or in connection with the enforcement or defence of a legal claim.
‍
Should this occur, we will no longer process your personal data for these purposes unless doing so is justified by a compelling legitimate ground as described above.
‍
To exercise your right to object, please contact our data protection team at the contact details listed in Section 1 of this Policy.
‍
NOTE: We will use all reasonable efforts to communicate the fact that you have exercised your right to rectification or erasure of personal data or restriction of processing in accordance with these rights outlined above, to each recipient to whom your personal data has been disclosed in accordance with this Policy, unless this proves impossible or involves disproportionate effort.

You have the right to have Meili restrict the processing of your personal data where one of the following applies:
‍
• You contest the accuracy of the personal data (we will restrict the processing of the personal data until we verify the accuracy of the personal data);
‍
• The processing is unlawful, and you oppose the erasure of your personal data;
‍
• Meili no longer requires the personal data for the purposes of the processing but the data is required by you for the establishment, exercise or defence of legal claims; or
‍
• You object to the processing of the personal data as outlined in Section 8.3 above (we will restrict the processing of the personal data while we verify our legitimate grounds for the processing which may override your interests, rights and freedoms).
‍
Where you have restricted the processing of your personal data, we will continue to store your personal data but will only process it with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of other people or for reasons of important public interest or other non-restricted purposes.

You have the right to obtain from us information on the personal data we hold on you including the following:
‍
• Purposes of the processing.
‍
• Type of personal data held.
‍
• Categories of recipients of the personal data.
‍
• Information on how long the data will be stored.
‍
• If automated individual decision making, including profiling, takes place, as well as information on the logic involved and consequences of this.
‍
• If data is not collected directly from you, information on the source of the data.
‍
• The existence of the right to request from us rectification or erasure of your personal data or restriction of processing of your personal data or to object to such processing.
‍
• The right to lodge a complaint with the Data Protection Commission.
‍
Any such request should be submitted in writing and sent for the attention of the data protection team at the contact details listed in Section 1 of this Policy. We will need to verify your identity in such circumstances and may request more information or clarifications from you if needed to help us locate and provide you with the personal data requested. There is usually no charge applied to access your personal data (or to exercise any of the other rights). However, if your request is clearly unfounded, repetitive or excessive, we may charge a reasonable fee. Alternatively, we may refuse to comply with your request in these circumstances.

You have the right to receive personal data concerning you which you have provided to us in a structured, commonly used and machine-readable format. You also have the right to provide this data to another controller or have Meili transmit this data to another controller on your behalf, where technically feasible. This applies to automated data only to the extent provided by you to us. This right to portability is limited to the following situations.
‍
• Where the processing is based on the legal basis of consent; and/or
‍
• Where the processing is based on the legal basis of entering into or performance of a contract

Where we are processing your personal data on the legal basis of consent, you are entitled to withdraw your consent at any time. In general, we will not rely on consent as a lawful basis for processing your data as part of your employment.

If you are not satisfied with our use of your personal data or our response to any request by you to exercise any of your rights in Section 8, then you have the right to complain to the Data Protection Commission (DPC). Please see below for contact details of the DPC.
‍
Data Protection Commission,
21 Fitzwilliam Square South,
Dublin 2,
D02 RD28,
Ireland
Phone: +353 (0)1 7650100, Fax: +353 (0)57 8684757, Email: info@dataprotection.ie.

Some of our suppliers who provide us with services such as IT security or data hosting services may process your personal data such as identity and policy data outside the European Economic Area (“EEA”) where privacy laws may not be as protective as those in your jurisdiction. There are special requirements set out under Chapter V of the GDPR to regulate such data transfers and ensure that adequate security measures are in place to safeguard and maintain the integrity of your personal data on transfer.
‍
Where we transfer your personal data outside the EEA to our suppliers, we will make sure that it is protected to the same extent as in the EEA and we will use at least one of the following safeguards:
‍
• Transfer it to a non-EEA country with privacy laws that give the same protection as the EEA (Adequacy Decision).
‍
• Put in place a contract with the recipient that means they must protect it to the same standards as the EEA (Standard Contractual Clauses).
‍
• Ensure that the organisation receiving the data has put in place internal data protection rules that govern the transfer of data within its group to any entities outside of the EEA (Binding Corporate Rules).

Meili will take all steps reasonably necessary to ensure that your personal data is treated securely and in accordance with this Policy. We will use all reasonable efforts to put in place security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors, other recipients and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
‍
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk. Once we have received your information, we will use reasonable procedures and security features to try to prevent unauthorised access. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Any changes to this Privacy Policy will be posted on this website so you are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it.

For furContact us. If you have any questions or complaints relating to this Policy, please contact us at:
‍
Data Protection Team, Meili Travel Technology, 1 Grant's Row, Lower Mount Street, Dublin 2, Dublin, D02HX96. Email: dataprotection@meili.travel

Effective date of this policy: 14th March 2023