Privacy Policy Roadmap

Roadmap B.V. - Privacy Statement

Roadmap BV ("Roadmap" or “we”) aims to be a good host of your data and respects the privacy of our clients, the end users of the Roadmap Travel Services and visitors of our websites. We have created this privacy statement (hereafter: “Privacy Statement”) to inform our customers, end users and visitors (“You”) how we collect, use and share your personal data.

The first section of the Privacy Statement provides information about processing of personal data whereby Roadmap acts as a Data Controller and determines the purpose and means of processing. The second section is specifically aimed at the processing of personal data of the end users of the Roadmap Travel Services (by means of the Roadmap travel app or a customized corporate client travel app) on behalf of our corporate clients (“Customers”). As such Roadmap acts as a data processor on the instructions of the Customer. Section 3 through 7 is general and applies to all processing of personal data by Roadmap.

  1. Processing as a Data Controller

To improve and analyse the use of our website and to measure statistics and traffic we use cookies on our website (www.getroadmap.com). A cookie is a small text file containing a string of alphanumeric characters that uniquely identifies your browser. Cookies help us to optimize your use of the website. The user-friendliness of our website and Your privacy are of utmost importance to us. When You first visit our website, a pop-up will request your consent for the use of the cookies. If you do not accept the cookies, You have to realize that the Roadmap website may not function properly. Roadmap only session cookies. A session cookie is temporary and disappears after You close your browser.

When You use the website of Roadmap, our servers automatically record certain information that Your web browser sends whenever You visit any website. These server logs may include information such as your web request, Internet Protocol ("IP") address, browser type, browser language, referring / exit pages and URLs, platform type, number of clicks, domain names, landing pages, pages viewed and the order of those pages, the amount of time spent on particular pages, the date and time of your request, one or more cookies that may uniquely identify your browser.

On our website you can find links to social media platforms such as Twitter, YouTube, LinkedIn and Facebook, which are outside our control and are not covered by this Privacy Statement. If you use these links you will be redirected to these sites and we suggest you to read the privacy policy of these social media platforms carefully to inform yourself what type of personal data is processed by these platforms.

You can reset your web browser to refuse all cookies or to indicate when a cookie is being sent. Information regarding the acceptance or blocking of cookies is to be found in the help-function of your internet browser.

For managing and processing orders, provision of the Services, invoicing and payment, the following personal data may be processed: name, telephone, email address, business address and function of contact persons, Chamber of Commerce registration number, VAT number, order information, website and other company information, email messages with contact persons.

The legal basis for this processing of personal data is that processing is necessary for the performance of the contractual relationship with Customers of the Roadmap Travel Services and/or that processing is necessary to fulfill our legitimate interest in an adequate customer or supplier relationship management system.

Providing our (potential) Customers, fans, suppliers and other business relations with relevant information, such as newsletters, blogs, magazines, product information and invitations for events, we process the following information: e-mail address.

The legal basis for this processing of personal data is your consent and /or the processing is necessary for the performance of the contractual relationship and /or the processing is necessary to fulfill our legitimate interest in maintaining the relationships with our business relations.

To provide access to our offices, buildings and properties, the following personal data may be processed; name, company, telephone number of suppliers, visitors, customers and contact persons.

The legal basis for this processing of personal data is that processing is necessary to fulfill our legitimate interest in securing access to our premises, buildings and properties and in safeguarding our employees and all other persons present at our locations.

If you are a jobseeker, we process personal data in order to evaluate your potential to become a Roadmap employee. The legal grounds for such processing is your consent. The data that may be processed: name, address, email, telefoonnumber, professional information.

Unless a specific retention period is mandated or permitted under applicable law, for example under fiscal law we will only retain your personal information for the duration of time necessary to fulfill the purposes described above. This means that, in some cases, we may retain your personal information for a period of time following termination of your relationship with us. As a rule we will retain Customer data for as long as needed to comply with applicable (tax) law and company accounting purposes. Data will be cleared where possible during this retention period, however, if special situations arise, for example in the event of a dispute or claim, we may secure evidence and store data for a longer period.

If processing is based only on your consent (website/marketing purposes), we will only process as long as we have your consent.

  1. Processing as a Data Processor

The Roadmap Travel Services is provided through a customized B2B travel app. Roadmap will be processing personal data on behalf of the Customer in the course of the performance of the service agreement with the Customer. Roadmap acts as data processor and the Customer is the controller of the personal data.

We process the following information of the end users of the Roadmap Travel Services on behalf of the Customer:

The legal basis for this processing of the personal data is that the processing is necessary for the performance of the contractual relationship with our Customer and/or is based on the consent of the end user and/or the processing is necessary to fulfill our legitimate interest in maintaining the relationships with our Customer or end users.

Unless a specific retention period is mandated under applicable law, for example under fiscal law, Roadmap will only retain your personal data for the duration of time necessary to perform the services in accordance with the service agreement with our Customers and upon instructions of our Customers.

  1. Sharing your personal date

We will never sell or share your personal data with other third-party companies for their commercial or marketing use without your consent, except as part of a specific program or feature that you requested and for which you will have the ability to opt-in or opt-out.

We may share your personal data with third party service or data providers to the extent that it is necessary to perform the Roadmap Travel Services. In such cases, these third parties may only use your personal data for the purposes described above and only in accordance with our instructions. For outbound communication purposes (SMS and/or email) communication details (a mobile number or email address) will have to be shared with communication networks and/or service providers. We will always encrypt such communication in transit. How communication networks further treat this information (SMTP, SMPP) and if encryption will happen end to end is unfortunately beyond our control.

Our employees may have access to the personal data, for example employees working at the customer services, sales, legal, development and ICT security departments. Access will be granted only if necessary for the purposes described above and only if the employee is bound by an obligation of confidentiality.

We may share your personal data if required to do so by law or court order, for example with law enforcement agencies or other governmental agencies.

The Roadmap Services or website may contain links to other service providers which are outside our control and are not covered by this Privacy Statement. If you access services from third party providers using a link provided in our Roadmap Travel Service or website, the third-party providers may collect information from you which will be used by them in accordance with their own privacy policies, which may differ from ours. We encourage you to review the privacy policies of such third-party providers so that you understand if and how they collect and/or use your information.

Roadmap Services are ad-free and we have no intention to introduce advertisement into the product, but if we ever do, will update this section.

  1. Data Security

Roadmap has implemented appropriate technical and organisational measures to ensure a level of security appropriate to the risk of the processing of your personal data. However, please note that this is not a guarantee that such information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards. If Roadmap learns of a security systems breach, then we notify our Customer and if needed the end user as soon as possible and take appropriate protective steps.

Please be aware that roadmap does not ensure or warrant the security of any information you transmit to Roadmap and you do so at your own risk. Using unsecured WIFI or other unprotected networks to submit messages through the Roadmap Services is never recommended.

To protect your privacy and security, we take reasonable steps (such as SMS authentication in certain cases) to verify your identity before registering your mobile phone number and granting you access to the Travel Services.

  1. Your rights

You can exercise a number of rights in relation to Your personal data, which are explained below. In each case, please use the contact details below if you would like to exercise any of your rights. Note that in many cases, your rights are not absolute and we may not be required to comply with your request.

Right of access

You have a right to request a copy of the information that we hold about you and how it is processed.

Right to rectification

If you believe any of the personal data we hold about you is incorrect, you may request to update it.

Right to erasure

In certain circumstances, you have the right to ask us to erase your personal information, for example where the personal information we collected is no longer necessary for the original purpose or where you withdraw your consent.

Right to restriction of processing

In certain circumstances, you are entitled to ask us to (temporarily) stop using your personal information.

Right to data portability

In certain circumstances, you have the right to ask that we transfer personal information that you have provided to us to a third party of your choice.

Right to object

You have the right to object to processing which is based on our legitimate interests. Unless we have a compelling legitimate ground for the processing, we will no longer process the personal data on that basis when you file an objection.

Rights relating to automated decision-making

You have the right not to be subjected to automated decision-making, including profiling, which produces legal effect for you or has a similar significant effect. Roadmap does not apply automated decision-making.

Right to withdraw consent

We may ask for your consent to process your personal data in specific cases. When we do this, you have the right to withdraw your consent at any time. Roadmap will stop the further processing from the moment of withdrawal of your consent. However, this does not affect the lawfulness of the processing before consent was withdrawn.

  1. International data transfer

Your personal data are stored on servers located in the European Union. We process your personal data in accordance with the applicable privacy laws in Europa (including the GDPR). We shall not transfer the personal data outside of the EEA, unless we are instructed to do so by our Customer. In any case where we transfer personal data outside the European Union, we shall ensure that such a transfer is subject to appropriate safeguards. In most cases, such transfer will be governed by a contract based on the model contractual clauses for data transfer approved by the European Commission.

  1. Questions or complaints

Questions or complaints regarding the processing of your personal data should be directed to privacy@getroadmap.com.

You also have the right to lodge a complaint with the local data protection authority in the jurisdiction where your company is established, where you work, where you live or where an alleged infringement takes place. You can find a listing of the EU Data Protection Authorities (“DPAs”) at the website of the European Commission. Nevertheless, we encourage you to express any concerns or complaints through our privacy department first.

  1. Changes and updates to this Privacy statement

This Privacy Statement may be revised periodically and this will be reflected by the "effective date" below. Please revisit this page to stay aware of any changes. Please contact Roadmap via email to service@getroadmap.com with any questions or comments about this Privacy Statement, your personal data, consents and or your opt-in or opt-out choices.

Effective date November 2018.