Mileslife Pte Ltd (‘we’, ‘us’, ‘our’ or ‘Mileslife’) complies with applicable privacy and data protection laws when dealing with personal data. Personal data means data about an individual who can be identified from that data. This policy sets out how Mileslife will collect, use, disclose and protect personal data that you provide to us when you access and use this website, the Mileslife mobile application and any services offered by us through this website or mobile application. If you are based in the European Union and use our website and/or services, the additional GDPR terms set out below (‘GDPR Terms’) apply to you. This policy does not limit or exclude any of your rights under applicable laws.
We may change this policy by uploading a revised policy onto this page. The change will apply from the date that we upload the revised policy. This policy was last updated on 25 May 2018.
We collect personal data about you from:
Whenever you access or make use of this website, the Mileslife mobile application or any of our services, we may collect the following types of personal data from you:
(a) personal data that you provide directly to us, including:
(b) personal data collected during the course of your use of this website and/or our services, including:
(a) We use the personal data provided directly by you:
(b) We use information generated by your access or use of the Mileslife mobile application or our services:
(c) We may also use your personal data:
We may disclose research and statistical analysis on an anonymised basis derived from your personal data to third parties.We may also disclose information we hold about you if we believe that such disclosure is necessary to:
A business that supports our services and products may be located outside the European Economic Area (‘EEA’). This may mean your personal data is held and processed outside the EEA. Please see the GDPR Terms for further information about personal data transfers from the EEA.
We take reasonable steps to keep your personal data safe from loss, unauthorised activity, or other misuse. We implement appropriate technical and organisational measures to ensure a level of security appropriate to risks inherent in processing personal data. You can play an important role in keeping your personal data secure by maintaining the confidentiality of any password used in relation to our products and services. Please do not disclose your password to third parties. Please inform us immediately if there is any unauthorised use of your account or any other breach of security.
Subject to certain grounds for refusal set out in the applicable law, you have the right to access your readily retrievable personal data that we hold and to request a correction to your personal data. Before you exercise this right, we will need evidence to confirm that you are the individual to whom the personal data relates. In respect of a request for correction of personal data, if we believe the correction is reasonable and we are reasonably able to amend the personal data, we will make the amendment. If we do not make the amendment, we will take reasonable steps to note on the personal data that you requested the amendment. If you want to exercise either of the above rights, email us at firstname.lastname@example.org. Your email should provide evidence of who you are and set out the details of your request (e.g. the personal data or the correction that you are requesting).
For the purposes of the GDPR we are the data controller (as defined in the GDPR) when processing personal data collected by us when you use the Mileslife mobile application or our services.
These GDPR Terms was drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of our collection and use of personal data. However, we are happy to provide any additional information or explanation needed. Any requests for further information should be sent to email@example.com.
Despite the above, we may process any of your personal data where such processing is necessary for compliance with applicable laws.
You do not have to provide us with certain information that is automatically collected when you use any of this website or services, e.g cookies. However, you must provide us with your name, email address and phone number when using our services. For booking of car rentals you must also provide us your nationality, and for bookings of flights you must also provide your passport number, nationality, and date of birth. The consequence of not providing the aforementioned personal details is that we will not be able to complete your booking of the respective travel product.
Your rights in relation to your personal data under the GDPR include:
Where personal data is processed for the purposes of direct marketing, you have the right to object to such processing, including profiling related to direct marketing. If you would like to exercise any of your above rights, please contact us at firstname.lastname@example.org. If you are not satisfied by the way your query is dealt with by us, you may refer your query to your local data protection supervisory authority.
People under the legal age in your jurisdiction are not permitted to use Mileslife on their own. We do not collect personal data from children aged under 16 unless it is required to complete the reservation process of the respective travel-related product and has been provided by their legal representative (e.g. parents, legal guardian, etc.). If you have reason to believe that a child under the age of 16 has provided personal data to us through our mobile application and/or by using our services, please contact us at email@example.com. Mileslife does not knowingly collect any personal information from children under the age of 13 and children under 13 are not permitted to register for an account or use our Services. If you believe that a child has provided us with personal information, please contact us at firstname.lastname@example.org. If we become aware that a child under age 13 has provided us with personally identifiable information, we will delete it. We do not knowingly process data of EU residents under the age of 16 without parental consent. If we become aware that we have collected data from an EU resident under the age of 16 without parental consent, we will take reasonable steps to delete it as quickly as possible. We also comply with other age restrictions and requirements in accordance with applicable local laws.
The personal data we collect through the Mileslife mobile application and/or the provision of our services may be transferred to, and stored in, a country operating outside the European Economic Area (‘EEA’). Under the GDPR, the transfer of personal data to a country outside the EEA may take place where the European Commission has decided that the country ensures an adequate level of protection. In the absence of an adequacy decision, we may transfer personal data provided appropriate safeguards are in place.
The personal data we collect may be processed by third party processors, including Mileslife partners, merchants and suppliers. As such, your personal data may be transferred and processed outside of your home country and outside of the European Economic Area. We transfer your data responsibly and have taken steps to ensure that your personal data receives an adequate level of protection in the jurisdictions in which it is processed. For personal data processed in the United States, the European Commission has determined that the United States ensures an adequate level of protection for personal data transferred from the EU to organisations in the United States under the EU-U.S. Privacy Shield. We have verified that our United States-based data processors have self-certified under the EU-US Privacy Shield framework. For data held outside the EU or the United States. we have entered into Standard Contractual Clauses as published by the European Commission with our third party processors. The Standard Contractual Clauses provide specific guarantees around transfers of personal data and we rely on the Standard Contractual Clauses in transferring personal data to such third party processors.
The personal data that we collect and process will not be kept longer than necessary for the purposes for which it is collected, or for the duration required for compliance with applicable law, whichever is longer.