Meili Travel (“Meili”) respects your right to privacy and complies with our obligations under relevant data protection legislation including the General Data Protection Regulation (EU) 2016/679 (“GDPR”).
‍
The purpose of this Privacy Policy (“Policy”) is to outline how we process personal data, including special categories of data and the basis on which personal data is obtained from you or collected about you from third parties. We do not knowingly attempt to solicit or receive information from children.
‍
We take great care with any personal data we hold, so that we provide the highest standard of service to you, whilst taking steps to keep your data secure and to ensure it is only used for the specified, explicit and legitimate purposes stated within this Policy.
‍
Unless otherwise stated, the controller (as defined in the GDPR) of your personal data for all purposes outlined in this Policy is Meili. We can be contacted by post at 1 Grant's Row, Lower Mount Street, Dublin 2, Dublin, D02HX96, Ireland by email at dataprotection@meili.travel. If you have any queries about our processing activities, or if you wish to enact a rights request, please contact our Data Protection Team. Their contact details are below:
‍
Data Protection Team, 1 Grant's Row, Lower Mount Street, Dublin 2, Dublin, D02HX96. Email: dataprotection@meili.travel

We, our, us, Meili refers to Meili Travel Technology Limited. Meili is a private company limited by shares incorporated in Ireland with company number 685899 and having its registered office at 1 Grant's Row, Lower Mount Street, Dublin 2, Dublin, D02HX96.

We collect information from you when you access our meili.travel website, or when you apply for a role through our website. We will only collect information that is adequate, relevant and limited to what is necessary in relation to the purposes identified within this Policy.
‍
The table below outlines the categories and types of data we collect along with the source of the data. The types of data we collect may change over time; the following table is an indicative list to help you understand the types of data we collect.

The following section provides more detail on the purposes for which we process your personal data and the legal basis by which we do this.

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact our data protection team at the contact details listed in Section 1 of this Policy.
‍
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal data without your knowledge or consent, in compliance with this Policy, where this is required or permitted by law.

You can choose not to give us personal information; however, this may have an effect on you. We may need to collect personal information by law, or to enter into or fulfil a contract we have with you. If you choose not to give us this personal information, it may delay or prevent us from fulfilling our contract with you or doing what we must do by law.

We may share your personal data with outside organisations, below is a list of the categories of recipients of organisations we share your personal data with:

Our Representatives

Our employees, agents and contractors including companies that provide services in relation to telecommunications and postage, data storage, document production and destruction, IT, and IT security, making and receiving payments, data analysis and management information, risk analysis, complaints handling, marketing and market research.

Government, Statutory And Regulatory Bodies

State regulators and authorities such as the Data Protection Commission and the Revenue Commissioners; Law Enforcement Agencies such as An Garda Síochána & The Criminal Assets Bureau.

We may also disclose your personal data to the following recipients or categories of recipients:

• In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
‍
• If Meili or substantially all of its business or assets are acquired or transferred to a third party whether in the event of a merger, reorganisation, transfer of undertakings, receivership, liquidation or other winding up or any other similar circumstances, in which case personal data held by it about its customers will be one of the transferred assets.
‍
• If we are under a duty to disclose or share your personal data in order to comply with any law, legal obligation or court order, or in order to enforce rights under the GDPR or other agreements.
‍
• To protect our rights, property or safety, our customers, or others. This includes exchanging information with other companies and organisations for the maintenance and security of the site and services.

We do not currently process any special categories of personal data.

We may contact you by email for the following purposes:
‍
• to send you marketing contacts and newsletters when you sign up to receive information from us.
‍
• To discuss potential job applications should you apply for a role on our website.

Meili does not undertake automated individual decision making for information obtained from you through our website.

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. This means that the period of time for which we store your personal data may depend on the type of data we hold. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. This means that the period of time for which we store your personal data may depend on the type of data we hold. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

You have the right to have Meili correct any inaccurate personal data we have collected about you. You also have the right to have incomplete personal data completed; you may provide us with supplementary information to do this. To do so, please contact our Data Protection team at: dataprotection@meili.travel

In certain instances, you have the right to have Meili erase the personal data we have collected about you. Your right of erasure will apply in the following circumstances:
‍
• We no longer need the data for the purpose that it was originally collected;
‍
• You withdraw your consent;
‍
• You object to the processing and the organisation has no overriding legitimate interest in the data;
‍
• We have collected the data unlawfully; or
‍
• The data must be erased to comply with a legal obligation.
‍
This right will not apply where we are required to process personal data in certain circumstances including the following:
‍
• For exercising the right to freedom of expression;
‍
• For compliance with a legal obligation, such as the performance of a contract or compliance with certain legislation;
‍
• For the performance of a public interest task or exercise of official authority;
‍
• For health purposes in the public interest;

• For archiving purposes in the public interest, scientific or historical research, or statistical purposes; or
‍
• For the establishment, exercise or defence of legal claims.
‍
To exercise this right, please contact our data protection team at the contact details listed in Section 1 of this Policy.

You have the right to object to the processing of your personal data at any time:
‍
• For direct marketing purposes;
‍
• For profiling to the extent it relates to direct marketing; or
‍
• Where we process your personal data for the purposes of legitimate interests pursued by us, except where we can demonstrate compelling legitimate grounds for this processing which would override your interests, rights and freedoms or in connection with the enforcement or defence of a legal claim.
‍
Should this occur, we will no longer process your personal data for these purposes unless doing so is justified by a compelling legitimate ground as described above.
‍
To exercise your right to object, please contact our data protection team at the contact details listed in Section 1 of this Policy.
‍
NOTE: We will use all reasonable efforts to communicate the fact that you have exercised your right to rectification or erasure of personal data or restriction of processing in accordance with these rights outlined above, to each recipient to whom your personal data has been disclosed in accordance with this Policy, unless this proves impossible or involves disproportionate effort.

You have the right to have Meili restrict the processing of your personal data where one of the following applies:
‍
• You contest the accuracy of the personal data (we will restrict the processing of the personal data until we verify the accuracy of the personal data);
‍
• The processing is unlawful, and you oppose the erasure of your personal data;
‍
• Meili no longer requires the personal data for the purposes of the processing but the data is required by you for the establishment, exercise or defence of legal claims; or
‍
• You object to the processing of the personal data as outlined in Section 10.3 above (we will restrict the processing of the personal data while we verify our legitimate grounds for the processing which may override your interests, rights and freedoms).
‍
Where you have restricted the processing of your personal data, we will continue to store your personal data but will only process it with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of other people or for reasons of important public interest or other non-restricted purposes.

You have the right to obtain from us information on the personal data we hold on you including the following:
‍
• Purposes of the processing.
‍
• Type of personal data held.
‍
• Categories of recipients of the personal data.
‍
• Information on how long the data will be stored.
‍
• If automated individual decision making, including profiling, takes place, as well as information on the logic involved and consequences of this.
‍
• If data is not collected directly from you, information on the source of the data.
‍
• The existence of the right to request from us rectification or erasure of your personal data or restriction of processing of your personal data or to object to such processing.
‍
• The right to lodge a complaint with the Data Protection Commission.
‍
Any such request should be submitted in writing and sent for the attention of the data protection team at the contact details listed in Section 1 of this Policy. We will need to verify your identity in such circumstances and may request more information or clarifications from you if needed to help us locate and provide you with the personal data requested. There is usually no charge applied to access your personal data (or to exercise any of the other rights). However, if your request is clearly unfounded, repetitive or excessive, we may charge a reasonable fee. Alternatively, we may refuse to comply with your request in these circumstances.

You have the right to receive personal data concerning you which you have provided to us in a structured, commonly used and machine-readable format. You also have the right to provide this data to another controller or have Meili transmit this data to another controller on your behalf, where technically feasible. This applies to automated data only to the extent provided by you to us. This right to portability is limited to the following situations.
‍
• Where the processing is based on the legal basis of consent; and/or
‍
• Where the processing is based on the legal basis of entering into or performance of a contract

Where we are processing your personal data on the legal basis of consent, you are entitled to withdraw your consent at any time. We rely on your consent for marketing activities only. It is your choice to receive these communications and you have the right to withdraw your consent at any time. This does not affect the legality of the processing which took place when we had your consent. For further information on our marketing activities and how to stop receiving marketing communications, please see Section 11.
‍
Please note if you withdraw your consent, we will no longer send direct marketing communications to you.

If you are not satisfied with our use of your personal data or our response to any request by you to exercise any of your rights in Section 10, then you have the right to complain to the Data Protection Commission (DPC). Please see below for contact details of the DPC.
‍
Data Protection Commission,
21 Fitzwilliam Square South,
Dublin 2,
D02 RD28,
Ireland
Phone: +353 (0)1 7650100, Fax: +353 (0)57 8684757, Email: info@dataprotection.ie.

For marketing purposes, we may contact you via email, post, SMS and phone.
‍
We rely on consent to contact you for marketing. Consent will always be provided in the form of a clear opt-in. You have the right to withdraw your consent at any time using the contact details listed in section 1.
‍
All emails and texts will contain a link to unsubscribe or opt-out of future marketing communications from Meili.

Some of our suppliers who provide us with services such as IT security or data hosting services may process your personal data such as identity and policy data outside the European Economic Area (“EEA”) where privacy laws may not be as protective as those in your jurisdiction. There are special requirements set out under Chapter V of the GDPR to regulate such data transfers and ensure that adequate security measures are in place to safeguard and maintain the integrity of your personal data on transfer.
‍
Where we transfer your personal data outside the EEA to our suppliers, we will make sure that it is protected to the same extent as in the EEA and we will use at least one of the following safeguards:
‍
• Transfer it to a non-EEA country with privacy laws that give the same protection as the EEA (Adequacy Decision).
‍
• Put in place a contract with the recipient that means they must protect it to the same standards as the EEA (Standard Contractual Clauses).
‍
• Ensure that the organisation receiving the data has put in place internal data protection rules that govern the transfer of data within its group to any entities outside of the EEA (Binding Corporate Rules).

For further details on our use of cookies, please refer to our Cookie Policy.

Meili will take all steps reasonably necessary to ensure that your personal data is treated securely and in accordance with this Policy. We will use all reasonable efforts to put in place security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors, other recipients and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
‍
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk. Once we have received your information, we will use reasonable procedures and security features to try to prevent unauthorised access. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Any changes to this Privacy Policy will be posted on this website so you are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it.

For furContact us. If you have any questions or complaints relating to this Policy, please contact us at:
‍
Data Protection Team, Meili Travel Technology, 1 Grant's Row, Lower Mount Street, Dublin 2, Dublin, D02HX96. Email: dataprotection@meili.travel

Effective date of this policy: 14th March 2023