Data Protection Policy

Policy Owner

This policy is owned and distributed by Travel Expedite.

Introduction

Data protection is fundamental to ensuring the security and confidentiality of personal and sensitive information entrusted to Travel Expedite. This policy outlines the measures Travel Expedite adheres to in order to safeguard data in compliance with the data protection standards of the United Kingdom.

Scope

This policy encompasses all data processed and stored by Travel Expedite, including but not limited to:

  • Personally Identifiable Information (PII)
  • Financial data (payment details, billing information)
  • Travel itinerary details
  • Passport and visa information
  • Any other sensitive information related to clients and their travel arrangements

Related Documents

  • Data Retention and Disposal Policy
  • Privacy Policy
  • Physical Access Control Policy
  • System Configuration Documents
  • Roles and Responsibilities
  • Audit Policy
  • Acceptable Use Policy
  • Information Security Policy

Policy Statement

Protection

i) All data, irrespective of its format (electronic, physical, or otherwise), containing personal or sensitive information shall be rigorously protected using appropriate technical and organizational measures.

ii) Data shall be classified based on its sensitivity level (e.g., public, internal, confidential, restricted) to ensure that suitable handling and protection measures are applied.

iii) Regular backups of data shall be created and securely stored in off-site locations to mitigate risks of data loss due to hardware failure, natural disasters, or unauthorized access.

iv) A comprehensive inventory of all data storage media (servers, hard drives, cloud storage, etc.) shall be maintained, including their locations and access controls. This inventory shall be reviewed and updated periodically.

v) Data shall be securely destroyed or erased when it is no longer required for business purposes or legal obligations, adhering to the guidelines outlined in the Data Retention and Disposal Policy.

b) Distribution

i) Strict controls shall be implemented to govern the distribution of data, both internally within Travel Expedite and externally to third parties.

ii) The use of portable media storage devices (USB drives, external hard drives, etc.) for business purposes shall be strictly regulated and require explicit authorization from management.

iii) Any movement of data media shall be meticulously documented in the inventory, and management approval shall be mandatory for removing data from designated secure areas.

iv) When data needs to be transported to off-site locations, it shall be done exclusively through secure, tracked courier services or encrypted channels, ensuring end-to-end protection.

v) Records pertaining to data inventory and distribution shall be retained in accordance with the Data Retention and Disposal Policy.

c) Sanctions

Instances of non-compliance with this policy shall be promptly identified, thoroughly documented, and escalated as per the procedures outlined in the Audit Policy. Any personnel found to be intentionally violating this policy will be subject to disciplinary action, up to and including termination of employment, as per the organization’s established disciplinary procedures.

Policy Review

This Data Protection Policy shall be reviewed annually and updated as necessary to ensure its continued effectiveness and alignment with evolving data protection laws and regulations of England and Wales. Any significant changes to the policy shall be communicated to all relevant personnel.