Trust and Compliance

In the leadup to the General Data Protection
Regulation (GDPR) coming into effect on the
25th of May 2018, Flight Centre Travel Group
(FCTG) adopted the position that we were a
data processor for the processing operations
undertaken by our corporate travel business,
FCM Travel Solutions (FCM). This decision
was based on the information and advice
available to FCTG at the time, and we were
confident with this initial conclusion.

The defined terms used in this Data Privacy Addendum shall be read as having the meanings set forth in
the Agreement. If a term is defined both in this Data Privacy Addendum and elsewhere in the Agreement
then, for purposes of this Data Privacy Addendum, the definition in this Data Privacy Addendum shall
prevail.
In this Data Privacy Addendum, references to any Applicable Privacy Laws and to terms defined therein
shall be replaced with or incorporate (as the case may be) references to any Applicable Privacy Laws
replacing, amending, extending, re-enacting, or consolidating such Applicable Privacy Laws and the
equivalent terms defined in such Applicable Privacy Laws once in force and applicable.

FCM has embraced the General Data Protection Regulation (“GDPR”) as
a baseline standard for its operations globally. Similar to existing legal
requirements, compliance with the GDPR requires a partnership between FCM
and our corporate customers in their use of our services.
As a data controller, FCM applies its Data Processing Addendum (“DPA”) when
providing travel services, enabling clients to transfer data to FCM with confidence.
FCM’s DPA describes the roles and responsibilities of FCM and our clients, the
scope of data processing,cooperation and assistance requirements, data security,
transfer mechanisms and the technical and organisational measures used in the
delivery of our services.

This statement is presented based on ISO/IEC
27001 which is the leading international standard for
information security management systems (ISMS).
Worldwide, organisations implement and maintain
an Information Security Management System (ISMS)
to protect data that is crucial to their businesses,
mitigate risk and ensure stable operations, and to
provide confidence to stakeholders and customers. The
standard is grouped based on Control Sets, which are
the topics contained within it.

Compliance with data protection laws requires close cooperation between
FCM and each of our partners. As a global brand, FCM has implemented an
integrated global programme to ensure a robust and consistent approach to
information protection across our network.

Flight Centre Travel Group is one of the world’s largest travel agency groups. We need to collect, use
and disclose personal information in order to perform our business functions and activities, including
making and managing travel bookings on behalf of our customers. We are firmly committed to protecting
the privacy and confidentiality of personal information and to maintaining various physical, electronic
and procedural safeguards to protect personal information in our care.

The broad scope of the GDPR means that it will also impact businesses outside of Europe. As part of the global Flight Centre Travel
Group, we have appointed global and regional data protection officers to provide an integrated approach to data security