Legal and Privacy
Access to and use of the NYS site is subject to the following terms and conditions and the laws of England and Wales.
NYS is a specialist brand of Capita Travel and Events Limited, part of Capita plc. All rights reserved. All copyright and other intellectual property rights in all text, images, sounds, software and other materials on this site are owned by Capita plc and affiliated companies, or are included with permission of the relevant owner. References to affiliates or affiliated companies shall include all members of Capita plc.
You are permitted to browse this site and to reproduce extracts by way of printing, downloading to a hard disk and by distribution to other people but, in all cases, for non-commercial, informational and personal purposes only. No reproduction of any part of the site may be sold or distributed for commercial gain, nor shall it be modified or incorporated in any other work, publication or site. No other licence or right is granted.
NYS is a specialist brand of Capita Travel and Events Limited.
30 Berners Street
Registered in England no: 01094729
VAT no: 618184140
All trademarks displayed on this site are either owned or used under licence by Capita plc and affiliates.
No information on the site shall constitute an invitation to invest in Capita plc or any affiliate. The price of shares and the income derived from them can go down as well as up and investors may not get back the amount originally invested. Past performance is not necessarily a guide to future performance.
The information on this site has been included in good faith but is for general informational purposes only. It should not be relied on for any specific purpose and no representation or warranty is given as regards its accuracy completeness or fitness for any particular purpose or any site linked to it.
Save to the extent that such limitation is not permitted under English law neither Capita plc, nor any of its affiliates, nor employees shall be liable for any loss, damage or expense arising in contract, tort or otherwise out of any reliance on information contained in this site, access to or use of or inability to use this site or any site linked to it including, without limitation, any loss of profit, indirect, incidental or consequential loss.
Your information and activity on this site must not:
be false, inaccurate or misleading;
be in breach of any applicable laws, regulations, licences, or third party rights;
interfere in any way with the proper working of the site and in particular you must not circumvent security, tamper with, hack into or disrupt the operation of the site or surreptitiously intercept, access without authority or expropriate any system, data or personal information as defined in the Data Protection Act 1998.
This site is intended normally to be available 24 hours a day and 7 days a week. Neither NYS nor Capita Travel and Events will be liable for any failure to achieve this level of availability.
The site may be suspended temporarily and without notice in circumstances of system failure, maintenance or repair or for reasons beyond the control of Capita plc.
You agree to fully reimburse Capita plc in respect of all losses, costs, actions, claims, and liabilities incurred by Capita plc or its affiliates as a result of any breach or non-observance by you of these terms or any data submitted by you to us.
Capita plc will make all reasonable attempts to exclude viruses (and similar destructive devices) from the site but cannot guarantee the exclusion of viruses (and similar destructive devices) and you should take appropriate steps in respect of this risk.
At various points throughout the site you may be offered automatic links to other internet sites relevant to a particular aspect of this site. This does not indicate that Capita plc or affiliates are necessarily associated with any of these other sites or their owners. While it is the intention of Capita plc that you should find these other sites of interest, neither Capita plc nor affiliates nor their employees shall have any responsibility or liability of any nature for these other sites or information contained in them.
These terms shall be governed by and construed in accordance with English Law and each party to these terms submits to the exclusive jurisdiction of the English Courts.
This statement covers the activities of all businesses in all jurisdictions within the Capita plc group of companies, including NYS and is our Modern Slavery statement for the financial year ended 31 December 2017 required under the provisions of the Modern Slavery Act 2015 (the “Act”).
We take care to protect your privacy when using our website, or our company services. Here is an explanation of how we process information.
General Data Protection Regulation (GDPR)
GDPR is in effect from Friday 25 May 2018 and it replaces the Data Protection Act 1998. Significant and wide-reaching in scope, the GDPR brings a new approach to data protection and there are some important changes. It extends the rights of individuals to control how their personal information is collected and processed and places a range of new obligations on organisations to be more accountable for data protection. The GDPR requires that organisations be able to demonstrate compliance with the data protection principles.
This involves taking a risk-based approach to data protection, ensuring appropriate procedures and policies are in place to deal with the accountability, transparency and individuals’ rights provisions, whilst also developing a workplace culture of data privacy and security.
At NYS we process important, valuable and confidential data on behalf of our customers. We do this in a secure, transparent and appropriate way and have prepared this document to demonstrate our security commitment in the context of travel procurement, and the regulations on data protection, GDPR.
The business travel sector is highly complex in relation to reservation distribution channels that underpin it, and that power all travel management companies and business travel supply chains in the UK and globally.
NYS, acting as agent to the organisations we serve, has been working diligently within the broad supplier chains that make up the complex business travel and meetings eco-system, industry groups within the sector (including the GTMC – Guild of Travel Management Companies) and data protection experts to ensure readiness and enablement of customer compliance to the new regulations encompassed within GDPR.
NYS acts as a data processor when processing our customers’ personal data and will process it in accordance with the law and the contractual obligations in our contracts. This means only processing customer data in accordance with the written instructions of our customers, who are the data controllers.
For the purpose of providing travel and event services, NYS collects, uses, and discloses personal data. Personal data is any information that can be used to identify you or that we can link to you. Any user of the services, may be asked to provide certain personal data such as: name and contact information (work and home/mobile phone, fax, email, address); emergency contact names and information; preferences and trip/meeting details e.g. seat preferences, frequent flyer club membership, class of service, meal preferences, hotel/rail/car and other ground transportation membership, special accommodation requests, other personal data supplied by you via your login profiles Dependent upon the type of service taken you may also be asked to supply additional documentation such as passport/visa/driver’s licence number, and date of birth.
Each customer of NYS can be assured that NYS is taking the necessary steps with its suppliers (who are sub-processors of the personal data) to require them to comply with the GDPR using both contractual clauses and annual due diligence reviews. For the purpose of fulfilling the provision of travel and event services any personal data collected may be shared with or disclosed to NYS’ customer as the data controller, for the purpose of management information, auditing, tracking and other purposes as necessary. NYS and its related companies, partners, subcontractors, and agents as necessary to fulfil and support the Services, including facilitated bookings and assistance, responding to queries, ticket issue, responding to requests, and engagement in customer campaigns or supplier promotions. Third party service providers to fulfil contractual travel and events services (e.g. Global Distribution Systems (GDSs); trains, hotels, airlines, rental car / and other ground transportation companies, car parking facilities and other travel suppliers for booking purposes.
Additionally; technology platform providers, including, without limitation, online booking tool providers, meeting registration software providers (including onsite and mobile event management solution providers), visa and passport providers; credit card companies and payment collection and processing companies).
When sharing with or disclosing personal data to other parties, as stated above, personal data may be transferred to countries with data protection laws providing a lower standard of protection for your personal data than your country. We will transfer your personal data in compliance with applicable data protection laws, including having adequate mechanisms in place to protect your personal data when it is transferred internationally e.g. facilitating Model Clauses, data protection agreements, independently audited Privacy Shield (US).
NYS is governed by a comprehensive Information Security Policy set and regularly audited by Capita plc. Policies include data security, information technology, physical security, data protection and cyber defence.
A formal breach notification plan is in place detailing reporting lines and time frames for reporting internally through our incident management tool. Should an incident occur that affects any customers materially, we will notify in accordance with contractual obligations.
NYS is an ISO 27001 certified company and as such is subject to regular internal and external audit against these standards.
NYS uses appropriate technical and organisational security measures to protect the personal data of its customers. Typically, data is stored within our UK based datacentre which houses our internal systems. These are held on our own equipment with no additional access available to any datacentre staff. Physical security controls include 24x7 monitoring, visitor logs and entry passes. Environmental controls include redundant communications and uninterrupted power supplies (UPS).
As a company, NYS works with several third party providers to help provide the best service to our customers. We are putting in place updated terms and conditions with our suppliers to reflect the requirements of GDPR whilst also taking into account the requirements of our customers. We will also require each supplier to put in place equivalent terms and conditions with any sub-processor it may use. Whilst employing security measures to provide both data confidentiality, integrity and availability it should be noted that no transmission over the internet can be guaranteed as secure from illegal or unauthorised activity and so any personal data supplied is done so at your own risk.
Collection of personal information
The information which we collect and store during normal use of the site is used to monitor and analyse how parts of the site are used. Such use does not result in any personally identifiable data being collected or stored. 'Personal information' means information from which someone else would be able to identify you as an individual.
You have the option on certain pages within this site to submit personal information to NYS , a specialist brand of Capita Travel and events Limited, part of Capita plc in order that we might respond to you. In each case, we will only use the information about you for the purpose for which you provide it. Here is an overview of each scenario in which you can provide data, and what we do with it:
Say hello - If you submit information to say hello, the information is sent to our business development team. The team will use your information to contact you and respond to your query. We will only use the information you submit for the purpose of contacting you in relation to your request.
If you have submitted personal information through this website and wish to have your details removed, or stop receiving communications from NYS, please contact firstname.lastname@example.org.
Personal information you submit on NYS website is stored on secure servers
Occasionally, in order to complete your request as outlined above, we may need to transfer personal information you submit to us to countries or jurisdictions outside the EEA. In each case, we ensure that our suppliers provide adequate protection for the rights of data individuals in connection the transfer of their personal data.
Currently, we expect all suppliers to use the standard contractual clause approved by the European Union or be subject to the Privacy Shield scheme in the United States. We will never sell or share your personal information with other organisations for their direct marketing purposes.
Our company is hosted on the Wix.com platform. Wix.com provides us with the online platform that allows us to communicate products and services to you. Your data may be stored through Wix.com’s data storage, databases and the general Wix.com applications. They store your data on secure servers behind a firewall.
IP Addresses and log file data
NYS site does not automatically capture or store personal information, other than logging the user’s IP Address or the location of your computer or network on the Internet, for systems administration and troubleshooting purposes. (If you are connected to the Internet you have an IP address, for example, an IP address might read “220.127.116.11”). We also use IP addresses to track visitor pages in order to improve the quality of the site.
We use Google Analytics to collect information about visitor behaviour on our website. Google Analytics stores information about what pages you visit, how long you are on the site, how you got here and what you click on.
We have also implemented Google Analytics Demographics and Interest Reporting. This is used to gain an insight into the age, gender and interests of our users to help us make decisions on how to improve the website in the future. Users can opt out of this reporting by visiting Google Ads Settings.
You can find out more about Google’s position on privacy as regards its analytics service at https://support.google.com/analytics/answer/6004245?hl=en-GB
Visitors may choose to opt-out of Google Analytics tracking with the Google Analytics opt-out browser add-on.
Changes to our privacy policies
NYS reserves the right to revise, amend, or modify these privacy policies at any time and in any manner. When we post changes to them, we will amend the ‘Last updated’ date, and we encourage you to regularly check for changes.