Customer Personal Data Privacy Statement
Aspire Lifestyles and its group of companies (collectively “Aspire Lifestyles”) are committed to protecting the privacy of our customers’ personal data and we encourage you to read this privacy statement.
- Describes the personal data that we collect;
- How we collect data and why;
- How data will be used and who we can disclose or transfer data to and why;
- How data can be corrected or deleted;
- The measures that we take to protect data; and
- The process and contact information that customers can use to raise enquiries, concerns and complaints.
Commitment to Personal Data Protection
Aspire Lifestyles is committed to safeguarding our customers’ personal data by adherence to the following obligations:
- The Aspire Lifestyles Data Protection Policy, the Information Security Policy and the related policies;
- The Binding Corporate Rules approved by the European Community’s data protection authorities;
- The relevant local data protection laws and regulations; and
- The contractual commitments to our customers.
The Data Protection Policy and the related policies can be accessed through this link.
To Whom this Statement Applies
What Information is Collected and How is it Collected?
Aspire Lifestyles collects personal data about you when you purchase, use or benefit from Aspire Lifestyles’ services or products. We may also receive information about you from other sources when this data is given to Aspire Lifestyles by third parties, such as banks, insurance companies, financial institutions, private medical insurers, assistance companies, medical service providers, travel agencies and similar companies, that are permitted to share this personal data.
“Personal data” includes information that will allow someone to identify or contact you, including, for example, your full name, address, telephone number (professional & home) or email address, gender, date of birth, nationality, family status (dependent), industry sector information related to professional activity, status (expatriate or traveller) and destinations.
Personal data does not include aggregated data or data that, by itself, does not permit the identification of individual persons, such as statistics on the number of end-users that are eligible in a client company to receive Concierge services or the number of people visiting the Aspire Lifestyles website each month.
You provide certain personal data to Aspire Lifestyles when, for example, you: (a) call our Concierge call centers; seek recommendations or referrals from our Concierge personnel; (b) order services and products from Aspire Lifestyles websites; (c) submit forms through our web sites; (d) access services through a downloadable electronic application for mobile devices (“App”), if applicable; (e) attend our events or courses; or (f) make enquiries, requests or complaints.
Subject to your agreement to the applicable terms and conditions, you may access services through the App (if applicable), including but not limited to travel, health, lifestyle information and other services which may be added by Aspire Lifestyles from time to time.
The App provides personal information including your Aspire Lifestyles Membership Number (where applicable), as well as the email address of your mobile device. To enable location-specific services, the App also collects and divulges your location. The App also periodically provides information concerning your usage of particular App features.
When you choose to pay for Aspire Lifestyles services or products by credit card directly from the Aspire Lifestyles website, you will be required to provide Aspire Lifestyles with the name of your credit card issuer, credit card number, expiration date and other security information. When you choose to pay for Aspire Lifestyles services or products by other means, we may ask you for your credit card details, contact details and bank account details.
You also provide information to us when you choose to email data to us, or you participate in marketing and sales initiatives.
Aspire Lifestyles will only gather data that is relevant for the purposes for which it will be used and will not gather excessive or unnecessary data.
Aspire Lifestyles shall take reasonable steps to ensure that data is reliable, accurate, complete, and current, bearing in mind its intended use. You have a responsibility to keep the data you provide to us updated and we will take reasonable steps to facilitate this.
Acceptance and Links to other Websites
This Aspire Lifestyles website may contain links to other websites, which are provided solely as a convenience to you and not as an endorsement by Aspire Lifestyles of the contents of other web sites. The other web sites may have their own policies, which Aspire Lifestyles does not control, and thus are not addressed or controlled by this statement or the Aspire Lifestyles Data Protection Policy.
How the Personal Data will be used
Aspire Lifestyles will use your personal data to provide you with services and products that: (a) you purchase; (b) are part of services provided through an insurance program or as part of financial services that are provided to you.
Aspire Lifestyles may collect or you may provide to Aspire Lifestyles, data about your travel plans to enable Aspire Lifestyles to provide you with recommendations on your Concierge requests, banking or credit card information to enable Aspire Lifestyles to purchase or make a booking on your behalf.. We may also gather your personal data to assist us in managing services or products provided to you.
The personal information collected from the App (where applicable) enables Aspire Lifestyles to provide better and more relevant services. Location information collected by the App is used to provide the best assistance center number for you to call as well as to provide alerts and other information relevant to your location. The usage information is used to help Aspire Lifestyles better understand how you make use of the App, in order to make improvements to it.
Your personal data may be transferred to companies within the Aspire Lifestyles group or to service providers that are performing services for Aspire Lifestyles or acting as Aspire Lifestyles’ agents. Aspire Lifestyles will require that any such service providers agree to keep your personal data secure and confidential, use it only for the purposes for which the personal data is transferred and use it only in accordance with Aspire Lifestyles’ directions.
With your consent and in compliance with relevant personal data protection and privacy laws, for similar purposes as those outlined above, your personal data may also be transferred to: your insurance company; or private medical insurer; or credit card company or other financial institution; or the association or other institution or company that purchased the Aspire Lifestyles services or products on your behalf or under which you receive the benefit of such services or products.
Your personal data may be transferred to Government authorities, agencies and institutions as required or permitted by applicable laws and regulations.
Aspire Lifestyles shall not collect, use, disclose or transfer your personal data except as described in this Statement unless you give us your permission to collect, use, disclose or transfer it for other purposes.
Data Protection for Children
Aspire Lifestyles does not knowingly collect any information on persons who have not attained the age of 18 years through the online services and the Aspire Lifestyles website.
What Choices are Available to Users Regarding Collection, Use, Storage, Disclosure or Transfer of the Personal Data?
You are given the opportunity to choose or ‘opt-in’ to have sensitive personal data (such as medical data) collected, used, stored, disclosed or transferred for purposes of providing services and products at the point where we ask you for the sensitive personal data.
You may also ‘opt-out’ of receiving our services and products.
You may sign-up to receive email or newsletter from us. If you would like to discontinue receiving this information, you may update your email preferences by replying to the email or clicking the “unsubscribe” link found in emails we send to you.
We may collect your personal data from you or from other sources with your permission. We may disclose that data to other companies in the Aspire Lifestyles group of companies and to service providers that provide Concierge related services, in order to manage the services and products that we provide.
You will also be given the choice to prohibit Aspire Lifestyles from disclosing your personal data to a third party or for purposes other than to provide services and products.
If you are receiving services as a member of an association or institution, as a credit card holder or the recipient of other financial services, the company, association or institution that has contracted for our services and products on your behalf will determine the method and means by which you can opt-out and opt-in.
Note that if you choose to ‘opt-out’, withhold, block or request that we delete your personal data, you may not be able to receive the benefit of Aspire Lifestyles’ services and products.
How Can Users Correct Inaccuracies in their Personal Data?
You can review the personal data that Aspire Lifestyles has collected from you by contacting our: Concierge call center; customer service personnel; or sales person; or by using your password to access your records through our website (where applicable).
Upon request Aspire Lifestyles will provide you with information about whether we hold any of your personal information. In order to update, delete, amend or block any personal information that we create and that we are able to change, contact us using the following e-mail address: [email@example.com] or through the contact link on our website. Should you need our assistance to access or make changes to your personal information, please submit your request to us. Corrections or deletions of data resulting solely from errors by Aspire Lifestyles or our service providers shall be paid for by Aspire Lifestyles.
If you do not wish to contact Aspire Lifestyles through our website, you may contact our Data Protection Administrators who are also our Country General Managers, responsible for the country in which you are residing or receiving products or services. You can contact our Data Protection Officers at the following email address: firstname.lastname@example.org
In making your request to review, update, amend or block data, you will be required to provide Aspire Lifestyles with details of the data requested and the reasons why the data needs correction. Aspire Lifestyles will ask for proof of your identity. Aspire Lifestyles may ask you to assist in verifying the accuracy of the updates and the amendments to the personal data.
Aspire Lifestyles may ask you to cover the reasonable cost of accessing and providing copies of your personal data if this is not provided through the Aspire Lifestyles website.
Aspire Lifestyles will strive to address your request as soon as practicable and no later than thirty (30) calendar days from the date your request is received and understood.
If Aspire Lifestyles is asked to destroy the personal data, Aspire Lifestyles shall use means that prevents its recreation and Aspire Lifestyles shall take reasonable care to ensure that there is no unauthorised disclosure during the destruction of the data.
What Kind of Security Procedures are Used to Protect the Loss, Misuse, or Alteration of Your Personal Data under Aspire Lifestyles’s Control?
Aspire Lifestyles takes precautions to protect its users’ information. Aspire Lifestyles has implemented policies that forbid its employees from using or disclosing personal data in an inappropriate or unlawful manner and maintains security measures to safeguard the personal data that it maintains from unauthorized access, misuse, alteration, loss or destruction. If you have any questions about the security of your personal information, you can contact us at email@example.com.
Information Collected by Electronic Means
When you provide Aspire Lifestyles with personal data through online forms and other electronic methods, the data is protected using industry-standard encryption.
The Information Security Policy, Procedures and Processes
All Aspire Lifestyles employees are required to follow the Information Security Policy. The policy is implemented through the Information Security procedures and processes. These are periodically reviewed and updated, as the information security landscape is in a constant state of flux. All new employees are required to sign a written confirmation that they have read and understood the Information Security Policy and a confidentiality agreement. Employees also have confidentiality obligations in their contracts of employment with Aspire Lifestyles.
Security of Premises and Other Physical Security Measures
Physical access to all Aspire Lifestyles offices, Concierge call centers, and other facilities are security controlled which include locks that are opened by keys and by using security cards and security card readers that record the identity of employees and visitors entering or leaving the facilities. Registers of visitors are kept and sign-in sheets are used in locations that require additional security. All employees are given unique ID photo badges which they are required to wear and clearly display at all times in Aspire Lifestyles facilities.
Information systems containing sensitive information and communications equipment are placed in secure areas and protected by additional physical security measures that permit access only to the employees who need access, operational processes, environmental controls and fire detection and suppression systems to safeguard against accidental loss, theft or unauthorized removal, misuse, damage or unauthorized access.
- Laptops are required to be secured with cables and combination locks.
- Security against unauthorised electronic access and viruses
- All gateways to the internet are protected by a firewall and access to both internal and external networks are restricted and controlled.
- IDS is deployed at key sites.
- All servers are hardened based on security hardening standards to protect against network threats.
- Endpoint security is constantly being reviewed to protect the network against unauthorized access, data loss or destruction.
- Access to computer services and information is on a ‘roles and responsibility’ basis and is restricted and controlled based on the business requirements to reduce the risks associated with misuse, such as alteration, destruction and unauthorised dissemination of data.
- Access to information services is through a secure login process with a unique identifier.
- Access to and release of voice recordings is subject to review and approval by 3 management levels
- User access to our main case management system and essential network services are controlled using a user rights management system that utilises employees’ roles in assigning user access rights, especially to the case management system.
- All remote access is given on a needs basis and is via a two-factor authentication mechanism.
- Key personnel laptops have full disk encryption software. The software is configured with a system lock-out feature enabled after a certain number of incorrect password entries.
- Mobile devices have password policy controls and remote device hardware reset features enabled to protect against lost or stolen devices.
- Changes to production systems and network follow a change management process flow to ensure that changes are owner authorized, assessed for risk and operational impacts, before being approved by the change management board.
- The security of information assets, including those entrusted to Aspire Lifestyles by third parties, are audited and reviewed for compliance against company policies and legal requirements. The information security team conducts regular site-level information security audits.
- Critical servers are scanned using network and system vulnerability scanners. Web applications are also scanned by automated penetration tools for application level security vulnerabilities that may be susceptible to hacking.
- External vulnerability scanning on our internet facing sites is performed monthly to ensure that these sites are secure. These are done via in-house vulnerability scanning tools and third party services.
- Penetration tests are also performed on our key internet applications prior to production or major upgrades.
- Aspire Lifestyles engages external consultants to conduct security review of our environment. These reviews help us to understand the security gaps and ensure that our infrastructure and applications are able to meet and mitigate new network and Internet security threats and risks.
How do I Resolve Disputes with Aspire Lifestyles Relating to Personal Data?
If you are unsatisfied with the manner in which your question or concern was addressed, in respect of our online services, you may contact Aspire Lifestyles at firstname.lastname@example.org. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
If you do not wish to make a complaint through our online services, you may direct all enquiries, concerns or complaints regarding the collection, use, storage, correction, deletion, blocking, disclosure or transfer of personal data to the Data Protection Administrator who is also the Aspire Lifestyles Country General Manager, in the country in which you reside or are receiving services using the contact details attached to this statement.
If you do not receive a satisfactory response from the Data Protection Administrator you may contact the Aspire Lifestyles Chief Data Protection Officer, who is also the General Counsel of Aspire Lifestyles using the contact details attached to this statement.
The Chief Data Protection Officer has overall responsibility at Aspire Lifestyles for protecting personal data.
Aspire Lifestyles will investigate all concerns and complaints and will address them expeditiously. An acknowledgement of the identity of the employee addressing the complaint and the approximate length of time that will be taken to review the complaint will be provided no later than five (5) business days from the date the complaint is received and understood. Regular updates shall be given to you on the progress of the review if the review is likely to take longer than seven (7) business days.
You have the right at any time, to raise your issues with a data protection authority or to take your case to a court.
If you receive services from Aspire Lifestyles through an association or institution, or an insurance or financial services program and your personal information has been improperly collected, used, stored, disclosed, amended, destroyed, blocked or transferred as a result of the actions or inactions of the employer, association or institution, insurance company or financial services company, then you will be directed by Aspire Lifestyles to such association or institution, insurance company or financial services company. Aspire Lifestyles will not be liable for resolving disputes between you and such companies, associations or institutions.
Changes to this Statement
Aspire Lifestyles reserves the right to change this policy at any time by notifying users through its website of the existence of a new privacy statement prior to the change becoming effective. This statement and the policies outlined herein are not intended to and do not create any contractual or other legal rights. We encourage you to periodically review this page for the latest information on our privacy practices.
Updated: October, 2018