Privacy Policy
Last updated: April 26, 2024
Balboa Travel operates as both a global travel management company and a leisure travel agency.
As a global travel management company, Balboa Travel collects, compiles, and analyzes global data on behalf of its clients. In this capacity, Balboa Travel clients are business entities. Accordingly, it makes travel reservations for its client’s employees or other authorized travelers (e.g. independent contractors, job candidates, consultants, etc.). As a travel management company, Balboa Travel collects, compiles, and analyzes data on behalf of its clients. And as part of these activities, it sometimes receives data that originates from the European Union, European Economic Area, or Switzerland.
In turn, it delivers such data to its clients and other third parties (as appropriate) by: (i) sending consolidated data and reports directly to its client, (ii) publishing client-specific data in its web-based reporting platform, or (iii) sending files of such data (e.g. an onward transfer) to authorized and necessary recipients (e.g., a client’s online booking tool or risk management provider), pursuant to a client’s written instructions.
In this capacity, a written contractual relationship is established between Balboa Travel and each client that states how we may collect and use Personal Data. As such, Balboa Travel only acts on the specific written instructions provided by the client, not the client’s employees. However those instructions must be aligned with the Privacy Protection Principles contained in this document.
Client employees who have questions or concerns about the collection and use of their Personal Data should contact their employer (i.e. Balboa Travel’s client). However, they may also use the mechanisms detailed below and Balboa Travel will forward their communications to their employer on their behalf.
The Privacy Protection Principles contained in this document also pertain to Balboa Travel leisure clients who are using Balboa Travel to make personal travel arrangements and as such they have the right to limit the use or disclosure of their Personal Data by using the mechanisms detailed below.
Privacy Principles
Because your privacy is important to us, Balboa Travel conducts business under the following privacy principles:
Principle 1 - Your Information is Secure
All of the information we compile about your travel arrangements and personal information that we collect about you is considered confidential. This information is protected by usernames and passwords. Where you have been given access to information via our website, you should keep your password and user name confidential. We have implemented industry standard security mechanisms to protect this information from loss, misuse and unauthorized access, disclosure, alteration and destruction. Our security mechanisms also include limited access, firewalls, complex passwords, intrusion detection systems (IDS), use of non standard ports, and use of Virtual Private Networks (VPN) and Secure Sockets Layer (SSL) encryption to protect transmission of data. Our software and hardware are configured to provide effective security.
Given the nature of the travel industry, some third parties whom Balboa Travel does not control may have access to customer data that is deemed necessary to complete the reservation and fulfillment of travel services. The primary third parties accessing your information through Balboa Travel are Amadeus North America, LLC and Sabre, Inc. Pursuant to the agency's policies, and written data protection agreements with them, Amadeus and Sabre will not sell or give the personal information individuals provide through the use of any Amadeus or Sabre product or service to any unaffiliated party other than those involved in providing the requested transportation or service without the individual's permission, except when required by law or when data is requested by government or law enforcement authorities or in the unlikely event of a sale of the business or transfer of assets.
Other third parties that access your information include but are not limited to airlines, hotels, car rental agencies, cruise lines, and tour operators. Balboa Travel also has links on its website to various travel related entities. Balboa Travel cannot guarantee the privacy of information you provide to those sites.
Furthermore, Balboa employees who have access to customer information have signed confidentiality agreements for data made available to them during their course of employment at Balboa Travel. They also attend an annual recurrent training program on Personal Data protection.
Balboa Travel is liable for appropriate onward transfers of personal data to third parties.
Principle 2 – Balboa Travel Limited Use of your Information
Balboa Travel will not divulge the statistical information we compile for your company except for the express purpose of generating reports which have been authorized by your company or otherwise agreed to by your company in the normal course of our assisting your company in managing your travel spending, or unless acting under a good faith belief that such action is necessary to: (1) conform to legal requirements or comply with legal process; (2) protect and defend the rights or property of Balboa Travel; (3) enforce our agreements with customers. We may also compile statistics from IP addresses accessing our website.
As a leisure client of Balboa Travel, your Personal Data will only be used to make personal travel arrangements and to provide you information on promotions and specials available through Balboa Travel.
Balboa Travel will not sell any customer specific information to any third party.
Principle 3 – Disclosure of Traveler Specific Data
Balboa Travel will not divulge to any third party, traveler specific information unless in the ordinary course of conducting business for the benefit of customers which may include confirming reservations, upgrades, frequent flyer status or for purposes of accommodating a change in travel plans.
Please be aware that Balboa Travel may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.
Principle 4 - Data Collection Methods
The collection of travel data for reporting purposes and customer billing is an industry standard, and many travel management companies use this information to provide useful features for their customers including web access to reporting and ability to modify traveler profiles online. This data may also be provided to suppliers with your consent to benchmark market share and revenue production for the sole purpose of analyzing spending patterns in accordance with your pre-existing or pending contracts. Customers wishing to opt-out of having their information shared with third parties for the purpose of analysis may do so by submitting a request to:
Balboa Travel,
Attn: Data Protection Officer
5414 Oberlin Drive, Suite 300
San Diego, CA 92121
or sending an email to:
Principle 5 - Personal Information
Before a traveler takes their first trip we will request specific personal information to insure a high service level for each trip. Such personal information may include but is not limited to:
Passenger First Name
Passenger Last Name
Passenger Middle Initial
Passenger Salutation
Passenger Home Phone Number
Passenger Work Phone Number
Passenger Cell Phone Number
Passenger Fax Phone Number
Passenger Passport and Visa Number
Passenger Birth Date
Passenger Airline Frequent Flyer Number
Passenger Rental Car Loyalty Program Number
Passenger Hotel Loyalty Program Number
Passenger Office Address
Passenger Email Address
Employee Identification Number
Ticket/Document Number
Credit Card Number
Credit Card Expiration Date
We collect and process this personal information so that we can complete a reservation with an airline carrier, a hotel, a car rental agency, or other supplier named on a traveler’s itinerary.
We also may collect this data from other travel management companies/travel agencies for data consolidation purposes. In the course of doing so, we share this data with (a) the client that requested the consolidation of such data for management reporting purposes, and (b) it’s client’s vendors that are not Travel Suppliers (e.g., a credit card company for reconciliation or a risk management company) upon written instructions from the client.
When you submit comments and questions on our services via our website, we also ask for your e-mail address. This is to allow us to contact you with questions about your feedback. You are also provided the option to sign up for our newsletters and promotional materials on our website.
In addition to the uses for the information you submit to us, we may use Personal Data about you to:
- Contact you when necessary for additional information necessary to process or fulfill your travel request; determine if you are satisfied with our service; inform you that an upgrade is available; send travel warnings and updates; verify the status of a non-refundable booking; inform you of the status of your trip.
- Send or contact you with information or special offers available from Balboa Travel
Balboa Travel takes steps to protect the confidentiality, privacy and security of personal information that is communicated to us.
Like many companies that accept payment by credit card, Balboa Travel may share customers' personal information with qualified third parties in order to process your order.
Principle 6 – Access to Personal Information Stored by Balboa Travel
All customers have the right to access the personal information about them that Balboa Travel holds in a secure database. All individuals (including EU and Swiss individuals) have the right to access their information to review, update, edit and/or delete it. Through the web-based Traveler Profile or other online booking tools that we offer, customers can correct this information where it is inaccurate. Customers may also correct this information through their account manager or travel advisor. As another alternative, customers may request, review, update, edit or delete their personal information by submitting a request to:
Balboa Travel,
Attn: Data Protection Officer,
5414 Oberlin Drive, Suite 300
San Diego, CA 92121
or sending an email to:
Principle 7 – Ownership of Data
All data and personal information is the property of our customers, as such, customers may request transfer of this data to them if they are no longer contracting to use Balboa Travel services.
Additional Information
EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF
Balboa Travel complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Balboa Travel has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Balboa Travel has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov.
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Balboa Travel commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU and UK individuals and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF should first contact Balboa Travel at dpo@balboa.com, or write to us at:
Balboa Travel
Attn: Data Protection Officer
5414 Oberlin Drive, Suite 300
San Diego, CA 92121
The U.S. Department of Transportation has jurisdiction over Balboa Travel’s compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF).
Balboa Travel has further committed to refer unresolved privacy complaints under the DPF Principles to an independent dispute resolution mechanism, Data Privacy Framework Services, operated by BBB National Programs. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/programs/all-programs/dpf-consumers/ProcessForConsumers for more information and to file a complaint. This service is provided free of charge to you.
If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/s/article/G-Arbitration-Procedures-dpf?tabset-35584=2