本网站（包括相关交易软件、技术及服务器）("网站")由Project Tristar Limited ("Tristar")拥有及经营，Tristar注册地址为: Units 1 & 2 Horton Road, West Drayton, Middlesex UB7 8BQ, England，而Tristar于美国由Tristar Services (US) Inc拥有及经营。 Tristar为数据所有者，并在英国信息委员会注册，注册编号为06434912。您需要接纳以下条款及条件方可使用网站，此外，如您预订服务，需要接纳Tristar的标准销售条款及条件，如有要求，Tristar可提供有关副本。
我们可能将您的个人资料传递至第三方服务供应商或协助我们提供您所要求的货品、服务或资料的机构或允许该等供应商或机构使用您的资料。由于Tristar在全球经营，这可能表示我们可将您的资料传递至您个人资料所属国家以外的国家。本公司已就Project Tristar Limited. 与 Tristar Services (US) Inc之间传递资料制定协议。
采取措施 (包括终止、暂停或限制阁下浏览) 以防止您进入本网站
3.3 您承诺全面及有效赔偿并保证 Tristar 随时就以下所招致、造成的或支付的所有行动、法律程序、开支、申索、要求、负债及费用获得弥偿：
Tristar 向您授出非独家许可证，就您的个人目的而到访及使用本网站的内容。 您不得就商业目的转载或发布本内容的任何部分。
5.2 Tristar名称及商标为注册商标，不得在未经Project Tristar Limited书面许可的情况下使用。
5.3 您同意认本网站内或有关本网站的版权、商标权、数据权、专利权及所有其他知识产权及资料，包括但不限于属于Tristar的文本、图像、音频或图像文件、内容、软件、数据及在本网站上显示或可浏览的资料 。这包括网站的组织及排版及我们或我们的授权商及供应商拥有的相关软件。您同意所有的材料仅作个人用途，您不得在未经我们书面同意的情况下复制、修改、更改、出版、广播、分发、销售或转让任何该等材料。
7.2 Tristar 对使用本网站所引致的任何亏损或损害不负任何责任。
7.3 Tristar 网站可能包含其他网站的链接; 然而，该等其他网站并不受 Tristar控制，故我们不会对任何该网站所载的任何内容或您因使用该等网站所造成的任何损失负责。特此您就外部网站链接或使用该等网站针对 Tristar 发起的所有申索要求，Tristar恕不受理。
Tristar可于指定银行假日，如圣诞节、 节礼日、 元旦及春节收取附加费用。
“Customer” and “You” means any person(s), firm or company which books Services.
"Data Protection Legislation” means all applicable legislation for the time being in force in the UK or any part of it, pertaining to data protection, data privacy, data retention and/or data security (including the Data Protection Directive (Directive 95/46/EC) (as may be superseded by the General Data Protection Regulation (Regulation 2016/679) (“GDPR“)) and the Privacy and Electronic Communication Directive (Directive 2002/58/EC) (as may be superseded by the Regulation concerning the respect for private life and the protection of personal data in electronic communications (Regulation on Privacy and Electronic Communications) 2017/0003 (COD) (“ePrivacy Regulation“) and national legislation implementing or supplementing such legislation in the United Kingdom and any applicable member state of the European Union) and all associated codes of practice and other guidance issued by any applicable data protection authority. The terms “personal data”, “process”, “data controller” and “data processor” shall have the meanings given in the applicable Data Protection Legislation.
“Fulfilment Partner” means a third party private hire or taxi company.
“Group Member”: means at any relevant time, in relation to any entity, an entity which, directly or indirectly through one or more intermediaries, controls, is controlled by, or is under common control with that entity, where "control" means holding, directly or indirectly, a majority of the voting rights in it, or the power to direct or cause the direction of its management, policies or operations (whether through holding of voting rights, by contract or otherwise).
“Passenger Services” means the transportation of passengers (together with any applicable luggage) by a Passenger Vehicle.
“Passenger Vehicle” means any vehicle used for the carriage of passengers.
“Personal Data Breach” means the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to any Processed Data.
“Processed Data” means personal data provided from the customer to Tristar in relation to the Services.
“Services” means: (i) Passenger Services; and (ii) any other services agreed in writing between us and the Customer from time to time.
“Supervisory Authority” means any local, national or multinational agency, department, official, parliament, public or statutory person or any government or professional body, regulatory or supervisory authority, board or other body responsible for administering Data Protection Legislation.
If you are a firm or a company booking Services through us, the data protection terms set out at clauses 1.30-1.39 (inclusive) apply:
1.30 Each party shall: (a) at all times during the term of this agreement, comply with the Data Protection Legislation; (b) to the extent applicable under the Data Protection Legislation, obtain and maintain all appropriate registrations required in order to allow that party to perform its obligations under this agreement; and (c) notify each other of an individual within its organisation authorised to respond from time to time to enquiries regarding personal data.
1.31 Subject to clause 1.37, Tristar: (a) acknowledges that, in respect of Processed Data, as between the parties, it acts as a processor; and (b) shall ensure that all Tristar personnel who have access to and/or process Processed Data are obliged to keep the personal data confidential.
1.32 From the date the GDPR enters into legal force and effect in the United Kingdom, and subject to clause 1.37, Tristar:
(a) shall only process Processed Data in accordance with this Agreement and the Customer’s instructions as set out in this agreement and as issued from time to time (“Processing Instructions“) (which the Customer shall ensure are compliant with the Data Protection Legislation).For the avoidance of doubt, these terms constitute the Customer’s instructions to Tristar, and Tristar is further instructed to:
(i) process personal data to communicate directly with data subjects for the purpose of providing and promoting the Services;
(ii) process personal data to communicate directly to data subjects for the purpose of promoting consumer services, and the Customer warrants that it has attained appropriate consents for this communication;
(iii) process personal data to communicate directly with data subjects for the purpose of requesting that data subjects participate in surveys to improve customer experience;
(b) if applicable law requires it to process Processed Data other than in accordance with the Processing Instructions, shall notify the Customer of any such requirement before processing the Processed Data (unless applicable law prohibits such information on important grounds of public interest);
(c) shall inform the Customer if Tristar becomes aware of a Processing Instruction that, in Tristar’s opinion infringes Data Protection Legislation, provided that, this provision is without prejudice to clauses 1.30 in respect of the Customer, and clause 1.39;
(d) shall provide reasonable cooperation and assistance to the Customer in ensuring compliance with:
(i) the Customer’s obligations to respond to any complaint or request from any applicable data protection authority or data subjects seeking to exercise their rights under any Data Protection Legislation as they relate to this agreement;
(ii) the Customer’s obligations set out under Articles 32 – 36 of the GDPR to:
(A) ensure the security of the processing;
(B) notify the relevant Supervisory Authority and any data subjects, where relevant, of any Personal Data Breach;
(C) carry out any data protection impact assessments (“DPIA“) on the impact of the processing on the protection of Processed Data; and
(D) consult the relevant Supervisory Authority prior to any processing where a DPIA indicates that the processing would result in a high risk in the absence of measures taken by the Customer to mitigate the risk;
(e) notify the Customer without undue delay on becoming aware of a Personal Data Breach in respect of Processed Data processed under this Agreement;
(f) shall make available to the Customer all information reasonably required by the Customer to demonstrate Tristar’s compliance with its obligations set out in this clause and allow and co-operate with any data protection audits and inspections conducted by the Customer or another auditor mandated by the Customer, provided that reasonable prior notice is provided, and no more than one such audit or inspection is conducted during any 12-month period unless mandated by a Supervisory Authority;
(g) taking into account the nature of and risks associated with the type of personal data collected or used in connection with the Services, shall have in place appropriate technical and organizational measures to ensure a level of security appropriate to the risks that are presented by the processing of personal data by or on behalf of Tristar including where appropriate data protection by default and/or by design measures, and all other such measures as may be agreed between the parties; and
(h) at the written direction of the Customer, delete or return Processed Data and copies thereof to the Customer on termination of this agreement unless required by applicable law and/or permitted under applicable Data Protection Legislation to store the Processed Data.
1.34 The provision of the Services may require the transfer of personal data to countries outside the EEA from time to time. Subject to clause 1.35, Tristar and its sub-processors shall not, without the prior written consent of the Customer, transfer any Processed Data to a country or territory outside the EEA unless adequate contractual or other assurances have first been put in place such as will enable each party to comply with the requirements of the Data Protection Legislation.
1.35 Customer hereby grants to Tristar general authorisation for sub-processing (including, without limitation, Group Members), provided that, from the date the GDPR enters into legal force and effect in the United Kingdom: (a) Tristar and the sub-processor enter into a contract on terms substantially as protective as this clause; (b) Tristar shall keep Customer informed of all sub-processors engaged in the provision of the Services by way of the following link: https://www.addisonlee.com/subcontractors/ ; (c) Tristar shall notify Customer of any intended changes concerning the addition or replacement of sub-processors, giving Customer the opportunity to object to such changes on reasonable grounds of non-compliance or material risk of non-compliance by the Customer with Data Protection Legislation, provided that the Customer shall notify Tristar of its objections in writing within 7 calendar days of Tristar’s notification; and (d) Tristar shall remain fully liable to the Customer for the performance of the sub-processor’s obligations.
1.36 The parties acknowledge that the types of personal data processed pursuant to this Agreement (i.e. Processed Data) (including the subject matter, duration, nature and purpose of the processing and the categories of data subject) are as described in Annex 1.
1.37 If and to the extent, Tristar is a data controller in relation to personal data collected under this Agreement, Tristar shall comply with the applicable provisions of the Data Protection Legislation.
1.38 The Customer may provide Tristar with staff personal data for the purpose of on-boarding such staff to allow them access to the Service. The Customer warrants that it shall have the appropriate lawful basis for obtaining and providing such staff personal data to Tristar.
1.39 The Customer warrants, that in relation to all Processed Data, the Customer will have all necessary consents of the relevant data subject for their personal data to be shared with Tristar and, if relevant, any of the Fulfilment Partners.
For the purposes of clauses 1.30-1.39 (inclusive), the parties set out below a description of the Processed Data being processed under this agreement and further detail required pursuant to the GDPR.
Types of personal data
Personal details (title, first name, last name), position, contact information including email address and mobile phone number, location data, employer, passport, driver’s licence, goods and services provided, financial information (bank or credit/debit card details), internet protocol address.
Duration of processing
Until the latest of (a) termination of this agreement in accordance with its terms; or (b) the date upon which processing is no longer necessary for the purposes of either party performing its respective obligations under this agreement (to the extent applicable) or (c) processing for the purpose of compliance with Applicable Law and/or regulatory requirements.
Nature of processing
Collection, storage, duplication, electronic viewing, deletion and destruction.
Purpose of processing
The provision of ground transportation services and to communicate directly with data subjects for the purpose of providing and promoting the Services, to process personal data to communicate directly to data subjects for the purpose of promoting consumer services, and to process personal data to communicate directly with data subjects for the purpose of requesting that data subjects participate in surveys to improve customer experience.
Categories of data subject
Customers, officers, employees and temporary staff of Customer and its Group Members and partners, complainants, correspondents, enquirers, suppliers, advisers, consultants and professional experts.
Last updated: 25 May 2018
The Addison Lee Group (“we”, “our”, “us”) is committed to protecting and respecting your privacy.
Addison Lee Limited is a limited liability company established in England with a registered office at 35-37 William Road, London, NW1 3ER (“Addison Lee”);
Project Tristar Limited is a limited liability company established in England with a registered office at Unit 1, Horton Road, West Drayton, UB7 8BQ (“Tristar UK”);
American Limousine LLC is a limited liability corporation established in the United States of America which has its principal place of business at 90 McKee Drive, Mahwah, New Jersey, 07430 and its registered office at 820 Bear
Tavern Road, West Trenton, New Jersey, 08628 (“American Limousine”); and
Tristar Services US Inc is a company registered in the United States which has its principal place of business at 100 Cummings Centre, Suite 220-G, Beverly, MA 01915 and its registered office at Corporation Trust Centre, 1209 Orange Street, Wilmington, Delaware, 19801 (“Tristar US”), and for the purpose of the General Data Protection Regulation (the “GDPR”), if you book services as a passenger in England, the data controller is Addison Lee or Tristar UK (as set out in your booking confirmation) and if you book services in the USA, the data controller is American Limousine or Tristar US (as set out in your booking confirmation).
This policy sets out the basis on which we will process any personal data or usage information we collect from you, or that you provide to us, in connection with your use of our websites at www.addisonlee.com, http://uk.tristarworldwide.com/ and https://www.flytetymelimo.com (the “Websites”), our mobile apps (the “Apps”) or our services. Please read this notice carefully so that you understand your rights in relation to your personal data, and how we will collect, use and process your personal data. If you do not agree with this Privacy Notice in general or any part of it, you should not access the Websites, the Apps or use our services.
What types of information do we collect and how do we use it?
Information you give us. You may provide information by contacting us via our Websites, Apps or by email, telephone, social media or otherwise, or by signing up for our newsletters or alerts, or by creating an account and then using our services.
CCTV information. Some of our vehicles are fitted with outward-looking dashboard cameras. These dashboard cameras do not film inside the vehicles, and they do not record audio, but your image may be picked up by them when you enter or exit the vehicle.
If you use our services through your company, information provided to us by your employer. In the case of our corporate customers only, your employer may provide us with information about you when it signs up to use our services, for example your name and business email address.
Information provided to us by a third party and/or collected from public records in the case of fraud or suspected fraud. In the case of fraud or suspected fraud, we may obtain information from third parties and from public records to prevent and detect fraud.
To perform our contract with you, we will use your information:
- to communicate with you;
- to provide you with ground transportation and/or courier services;
- to create records of bookings and to send you booking acknowledgments, confirmations, receipts and invoices; and
- to maintain records of lost property.
As it is in our legitimate interests to be responsive to you and to ensure the proper functioning of our services and organisation, we will use your information:
- to detect and prevent fraud and crime;
- for reporting and data analysis purposes;
- to administer our membership and loyalty scheme(s);
- for insurance purposes;
- to comply with our legal and regulatory obligations imposed by Transport for London and any other licensing authority where we provide services;
- to meet customer service requirements and for complaint handling and feedback;
- to monitor and assess the quality of our service;
- to host events for our customers;
- to pass on feedback such as ratings or compliments about our drivers;
- to sign you up for our newsletters or alerts;
- to contact you via telephone, email, SMS or via our Apps;
- to identify our users;
- to personalise our services for you, for example, to provide you with an accessible vehicle where you request such a vehicle and if you have opted in to marketing, to send you promotions and offers tailored to your use of the services, for example, discounts on airport bookings where you frequently make airport bookings;
- to enforce our terms and conditions;
- if you have opted in to marketing, to communicate with you about products, services, promotions, events and other news and information we think will be of interest to you; or
- to provide third parties with statistical information about our users (but those third parties will not be able to identify any individual user from that information)
- Technical usage information. When you visit our Websites or use our Apps, we automatically collect the information sent to us by your computer, mobile phone, or other access device. This information includes:
your IP address;
- device information including, but not limited to, identifier, name, and type of operating system (including versions);
- mobile network information;
- standard web information, such as your browser type and the pages you access on our Websites;
- mobile device UUID (Unique Download ID) and/or mobile device fingerprint; and
- hardware models, software, file names and versions, preferred languages, unique device identifiers, advertising identifiers, serial numbers and device motion information.
As it is in our legitimate interests to process your data to provide effective services and useful content to you we collect this information in order to:
- personalise our Websites and Apps to ensure content from our Websites and Apps is presented in the most effective manner for you and your device;
- monitor and analyse trends, usage and activity in connection with our Websites, Apps and services and to improve our services;
- administer our Websites and Apps, and for internal operations, in order to conduct troubleshooting, data analysis, testing, research, statistical and survey analysis;
- keep our Websites and Apps safe and secure; or
- measure and understand the effectiveness of the content we serve to you and others.
- We receive information from other sources, such as from our group companies, from fraud prevention tools in the case of fraud or suspected fraud, from analytics companies in the case of in car wifi data usage and in the case of telematics data (including crash/impact detection, GPS location data, vehicle usage/driving style data and odometer readings), from third party data validation tools such as Experian and from publicly accessible data such as Companies House, the Land Registry, the Electoral Register and information you post online.
Fraud prevention: We use risk screening tools to ensure that customer profiles are not fraudulent. To do this, we match the personal data provided by customers against data fields such as name, email address, mobile phone number, and we use this to accept or decline bookings. This is an automated process.
Marketing: We manually carry out customer segmentation for marketing purposes based on journey history. We use this to make our advertisements more relevant for market segments, such as promoting relevant journey types.
If you would like details of the information we used to create your profile, please contact firstname.lastname@example.org. You can request a manual review of our automated processes or object to profiling, including profiling for marketing purposes by contacting email@example.com.
We use Google Analytics, which is a web analytics tool that helps us understand how users engage with our Websites.
Like many services, Google Analytics uses first-party cookies to track user interactions, as in our case, where they are used to collect information about how users use our site. This information is used to compile reports and to help us improve our Website. The reports disclose website trends without identifying individual visitors. You can opt out of Google Analytics without affecting how you visit our site – for more information on opting out of being tracked by Google Analytics across all websites you use, visit this Google page: https://tools.google.com/dlpage/gaoptout.
How do we share your personal data?
We do not sell, rent or lease your personal information to others except as described in this Privacy Notice. We share your information with selected recipients. These categories of recipients include:
- cloud storage providers located in the UK, and where you use our services in the USA, located in the USA and where you use our services in Hong Kong, located in Singapore and which store your personal data in England, the USA and Singapore, to store the personal data you provide and for disaster recovery services, as well as for the performance of any contract we enter into with you;
- provided you have consented, advertisers and e-marketing companies located in the UK and the USA and which store your personal data in the UK and the USA that require the data to select and serve relevant marketing and adverts to you and others;
- IT Services providers that provide us with SaaS services, including Salesforce, who we use to store our customer relationship management information;
- analytics and search engine providers located in the UK and the USA that assist us in the improvement and optimisation of the Websites and Apps; merchant acquirers located in the UK and USA and which store your personal data in the UK and the USA for the purpose of processing payments;
- fraud prevention tools located in the UK and the USA for the purposes of preventing fraud;
- Partner drivers based in the territory in which you request services. A list of territories in which we provide services is set out at https://www.addisonlee.com/services/global/ and a list of partner drivers is set out at https://www.addisonlee.com/partners/;
- IT support service providers who support and maintain our booking platform and have access at our premises working on a secure server; and
- Our insurance company and claims handling companies, for the purpose of investigating and settling any insurance claims.
We will share your information with law enforcement agencies, public authorities or other organisations if legally required to do so, or if we have a good faith belief that such use is reasonably necessary to:
- comply with a legal obligation, process or request;
- enforce our terms and conditions and other agreements, including investigation of any potential violation thereof;
- detect, prevent or otherwise address security, fraud or technical issues; or
- protect the rights, property or safety of us, our users, a third party or the public as required or permitted by law (exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction).
We will also disclose your information to third parties:
- in the event that we sell any business or assets, in which case we will disclose your data to the prospective buyer of such business or assets; or
- if we or substantially all of our assets are acquired by a third party, in which case information held by us about our users will be one of the transferred assets.
- Where do we store your personal data?
The information that we collect from you will be transferred to, and stored at/processed outside of the EEA in the USA, Hong Kong and any other territory where you request that we provide services as set out at https://www.addisonlee.com/services/global/. Your personal data is also processed by staff operating outside the EEA who work for us or for one of our suppliers or partner drivers. Such staff are engaged in, among other things, the fulfilment of your booking, the processing of your payment details and the provision of support services. We will take all steps reasonably necessary to ensure that your personal data is treated securely and in accordance with this policy.
We export your personal data outside of the EEA to whitelisted countries (considered to provide an adequate level of protection for personal data by the European Commission). We will also export your personal data if required by a contract with you (in which case your personal data will be sent to the country where you request that services are provided in order to fulfil your booking). Otherwise, we make sure that the personal data that we collect from you will be transferred to, and stored at/processed outside of the EEA, under the Commission’s model contracts for the transfer of personal data to third countries (i.e., the standard contractual clauses), pursuant to Decision 2001/497/EC, 2004/915/EC, and/or 2010/87/EU. Please contact firstname.lastname@example.org, if you would like to see a copy of the Model Clauses.
The security of your personal data
Unfortunately, the transmission of information via the internet or email is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your information transmitted through the Websites, Apps, over email or via our contact centres; any transmission is at your own risk. Once we have received your information, we will take appropriate technical and organisational measures to safeguard your personal data against loss, theft and unauthorised use, access or modification.
We will, from time to time, host links to and from the websites of our affiliates or third parties. If you follow a link to any of these websites, these websites will have their own privacy policies and we do not accept any responsibility or liability for these policies. Please check these policies before you submit any information to those websites.
How long do we store your personal data?
To determine the retention period of your personal data, we consider several criteria to make sure that we do not keep your personal data for long than is necessary or appropriate. These criteria include:
- the purpose for which we hold your personal data;
- our legal and regulatory obligations in relation to that personal data, for example any financial reporting obligations and our regulatory obligations to Transport for London and other local licensing authorities;
- whether our relationship with you is ongoing, for example, you have an active account with one or more of our brands, you continue to receive marketing communications, or you regularly browse or purchase off our Websites/Apps);
- whether you are no longer actively participating or engaging with our brands, for example, you do not open our emails, visit our Websites, or share user generated content;
- any specific requests from you in relation to the deletion of your personal data; and
- our legitimate business interests in relation to managing our own rights, for example the defence of any claims.
- we will retain your information as follows:
- your customer profile and account information (including your technical usage data), for 7 years after you last use our services;
- if you contact us via email we will keep your data for 5 years;
- records of bookings, lost property and complaints for a minimum of 12 months (we are required to retain such data to comply with our regulatory requirements).
- After you have terminated your use of our services, we will store your information in an aggregated and anonymised format.
You have rights in relation to the personal data we hold about you. Some of these only apply in certain circumstances. We have described these situations below, as well as how you can exercise your rights. To exercise any of your rights, please contact us at email@example.com
Access: You have the right to ask us to access the personal data we hold about you and be provided with certain information about how we use your personal data and who we share it with.
Correction: You also have the right to ask us to correct your personal data where it is inaccurate or incomplete.
Portability: Where you have provided your personal data to us under contract, you have the right to ask us to share (port) this data to another data controller in a structured, commonly used and machine-readable format.
Erasure: In certain circumstances, you have the right to ask us to delete the personal data we hold about you.
Restriction: In certain circumstances, you have the right to ask us to restrict (stop any active) processing of your personal data, save for storage.
Objection: In certain circumstances, the right to restrict or object to our processing of your personal information (e.g. where you request correction or erasure, you also have a right to restrict processing of your applicable data while your request is considered). You can object to our processing of your personal data based on our legitimate interests and we will no longer process your personal data unless we can demonstrate an overriding legitimate ground.
In addition, you have the right to complain to the Information Commissioner’s Office or other applicable data protection supervisory authority.
Please note that these rights are limited, for example, where fulfilling your request would adversely affect other individuals or company trade secrets or intellectual property, where there are overriding public interest reasons or where we are required by law to retain your personal data.
Objection to Marketing
At any time you have the right to object to our processing of data about you in order to send you marketing communications, including where we build profiles for such purposes, and we will stop processing the data for that purpose. You can change your marketing preferences at any time using the preference centre within your account which can be reached via www.addisonlee.com or via our UK App.
In the event that you wish to make a complaint about how we process your personal data, please contact us in the first instance at firstname.lastname@example.org and we will endeavour to deal with your request as soon as possible. This is without prejudice to your right to launch a claim with the Information Commissioner’s Office or the data protection supervisory authority in the EU country in which you live or work where you think we have infringed data protection laws.
Any changes we will make to this policy in the future will be posted on this page. Please check back frequently to see any updates or changes to this policy.
Questions, comments and requests regarding this policy are welcomed and should be addressed to email@example.com. You can also write to our Data Protection Officer at Addison Lee Limited, 35-37 William Road, London, NW1 3ER, firstname.lastname@example.org or by telephoning +44 203 910 3470.