AXA Partners - March 14th, 2024
AXA Travel Eye Privacy Policy

Your employer provides you the TRAVEL EYE service which allows you to receive alerts when you are on a business trip or while on expatriation. This service is organized by us, as well as the company Crisis24 which provides the platform.

We value your privacy, and this notice describes how your Personal Data is collected and processed when you use this service.

Data Controller and Data Processor

The Data Controller, as defined by the General Data Protection Regulation 2016/679 of April 27, 2016 (GDPR), is your employer.

To contact your employer's data protection officer, please refer to the information provided by the latter for this purpose.

If you wish, you can also contact our data protection officer whose reference contact has been provided in the Information Notice.

Data categories

Your personal data, which can be collected and processed within the framework of the TRAVEL EYE service, are the following:

  • Your private or professional identity and contact data (surname, first name, address, e-mail addresses, telephone number, etc.),
  • Data related to your professional trips (destinations, accommodation, meeting places, routes, means of transport, travel time, etc.),
  • If you are on expatriation, the address of your new residence and, subject to your consent and at your initiative, information related to your personal trip, should you wish to benefit from the service during these occasions,
  • location information and geo-location data (GPS location data actively transmitted once or continuously by you),
  • Your status data (alerts, special alerts, status requests, etc.),
  • Data related to the computer use of the platform (user ID, roles, permissions, connection time, IP address, etc.).

This data can be communicated directly by you. In some cases, they can also be legitimately received from third parties, for example travel agencies, from access to the PNR list. Provided that you have previously given your authorization, they may come from a connection to your professional calendar or from geolocation.

Purpose of processing

The purpose of processing is to:

  • Provide you with information and advice on risks and security in the countries where you are or plan to be expatriate or on a business trip, especially by reports of global incidents but also alerts and security analyzes,
  • Anticipate crises that may occur during your stay in these same countries and the emergency plans to be implemented,
  • If necessary, organize emergency assistance services.

Legal basis

This processing is justified by the legitimate interest of your employer to meet its security obligations towards its employees.

Data recipients

Your Personal Data may be transmitted to companies and / or to people who contribute to the proper performance of the service (such as IT service providers) or subsequently to your assistance provider if necessary.

They may be communicated to the supervisory authorities, to the competent public services as well as to any other public or private body with which we may be required to exchange personal data in accordance with the applicable regulation.

Location of your data

The platform on which your Personal Data is processed is located within the European Union in Germany, Belgium and Luxembourg.

Your data is not intended to be transmitted to countries outside the EU or the EEA.

Obligation to communicate Personal Data

As a general rule, we only process information which is necessary for the conclusion or execution of the contract which we have signed with your employer, in your interest, or which is necessary for the proper execution of a law. Without this information, we would periodically be unable to offer you the information services referred to above, and, if necessary, the security assistance services provided for in the contract signed by your employer.

Unless this is prescribed or required by contract or applicable law, you are not obliged to provide us with any personal data relating to you. You will not suffer any negative consequences by not voluntarily providing us with personal data. However, in certain individual cases, failure to communicate such data to us may delay or prevent communication with you, or even delay, hinder or prevent the provision of specific services such as security assistance.

Data conservation duration

Data related to your business trips will be anonymized 30 days after the end of your trip.

The data linked to your computer use of the platform (connection data, contact data, etc.) will be deleted no later than six months after your deletion as a user of the platform.

The status data will be anonymized at the latest six months after their creation.

All other data will be erased without delay after the end of the business relationship with our partner (your employer), unless legal obligations prevent such erasure. In this case, your personal data will be erased at the end of this legal obligation and the limitation periods for initiating a complaint.

Your rights as a data subject

If one of the grounds listed by the GDPR applies, you can request from the Data Processor:

  • confirmation that your Personal Data is or is not being processed and, if applicable, a copy of this Personal data
  • the correction of any inaccurate or incomplete Personal Data
  • the erasure of your Personal Data or the limitation of their processing.

You have the right to:

  • withdraw your consent at any time, without prejudice to the processing carried out lawfully before the withdrawal of that, when the processing of your Personal Data is based on your consent
  • contest, for reasons related to your personal situation, to the processing of your Personal Data based on the legitimate interests of the Data Processor
  • benefit from the transferability of your Personal Data
  • not to be subject to a decision based exclusively on an automated processing, including profiling, that legally affects you or seriously affects you.

Should you believe that your Personal Data is being processed in a manner not compliant with applicable data protection regulations, you can contact the data protection supervisory authority in place in the country where your employer is located.

Consent to the one-time or continuous GPS-supported Geo-localisation

TravelEye offers you as an expatriate / traveller / user the possibility to transmit your current location to TravelEye once or continuously in case of location changes. You always have full control to activate / deactivate this function.

In addition to the above "Information on the processing of personal data in connection with the use of TravelEye", with this information we provide you with the relevant details for obtaining your consent to a single or continuous GPS-supported location integration in TravelEye.

Consent to the Processing

The use of GPS location transmission is only possible with your prior explicit consent. In order to use this function, you must actively enable it in TravelEye for single or continuous execution.

By activating this function, you declare your consent to the GPS-supported geolocation in the relevant area.

Purpose of the Data Processing

The extended "Location Data Integration" serves to enable a more precise monitoring of the location by means of active location transmission by the user in TravelEye in order to be able to provide our services even more precisely at your respective location.

If you agree to the one-time use feature, your location will be transmitted each time you actively execute it. The transmission does not continue in the background and there is no permanent monitoring. An uncontrolled location check or transmission is impossible.

If you agree to continuous transmission, GPS-supported geo-location data will be transmitted whenever your location changes. In this case, too, an uncontrolled location check is excluded.

Voluntariness of Geo-Location

Your consent is voluntary. You can refuse it without giving reasons. If you do not wish to give your consent, you cannot use the GPS-supported location localisation. Alternatively, you can enter your locations manually in TravelEye.

Categories of Processed Data

Geo-localisation data (GPS coordinates of the location), IT usage data (IP address of the transmitting device, time stamp of transmission and time stamp of the first use of Location Data Integration by means of GPS-supported location transmission as proof of your consent), business travel data (e.g. travel destinations, travel routes).

Legal Basis of the Data Processing

The use of GPS-supported geo-location localisation and the processing of your personal data in this context will only take place if you have given us your consent by actively enabling it. The legal basis for the processing is article 6 paragraph 1 sentence 1 lit. a GDPR.

Withdrawal of your consent

You have the right to withdraw your consent at any time without giving reasons and without affecting the legality of the processing carried out so far. If you withdraw your consent, we will stop processing your data.

To withdraw your consent, deactivate the function in your TravelEye application or directly on your mobile device in the case of continuous GPS-supported location localisation. If you need any help in doing so, our support team will be happy to assist you at any time.