Data Protection & Security | Bigmedia24 Dynamics Ltd.

Learn how Bigmedia24 Dynamics Ltd. approaches data protection, privacy and security across its travel technology platforms, including GDPR compliance principles, technical and organisational measures, and handling of personal data for travellers and partners.

Bigmedia24 Dynamics Ltd. (“Bigmedia24”, “we”, “us”, “our”) is committed to protecting personal data and maintaining a high level of security across all our travel technology platforms, booking portals and partner services.

This page provides an overview of:

– how we approach data protection and privacy
– the principles that guide our processing of personal data
– the technical and organisational measures we implement
– how this relates to GDPR and other applicable regulations

This Data Protection & Security page is an information overview. It does not replace our Privacy Policy, GDPR-specific information or any data processing or partnership agreements you may have with us. For legal details, please also see:

– Privacy Policy: /privacy-policy/
– GDPR Information: /gdpr-information/
– Subprocessor List: /subprocessor-list/
– Terms of Use & Booking Conditions: /terms/

Bigmedia24 Dynamics Ltd. is an Irish travel technology company that operates and supports:

– consumer-facing booking websites and travel portals
– white-label OTA and booking solutions
– B2B platforms for hotels, property managers, OTAs, affiliates and other partners
– APIs and integrations with external systems such as PMS, channel managers and payment providers

In this context, we process personal data relating to:

– travellers and guests
– property owners, managers and staff
– partner contacts and representatives
– users of our platforms, APIs and tools

Our data protection and security approach is designed to align with:

– the EU General Data Protection Regulation (GDPR)
– relevant national legislation in Ireland and other applicable jurisdictions
– good industry practice in cloud and platform security

Bigmedia24 applies the core principles of data protection to all processing activities. In particular, we strive to ensure that personal data is:

– processed lawfully, fairly and in a transparent manner
– collected for specified, explicit and legitimate purposes
– limited to what is necessary in relation to the purposes for which it is processed (data minimisation)
– kept accurate and up to date where necessary
– stored no longer than necessary for the relevant purposes and legal obligations
– processed in a way that ensures appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage

These principles are reflected in our internal policies, system designs and operational processes.

Depending on the specific product and integration, Bigmedia24 may act as:

– an independent controller (for example in relation to our own booking portals, customer accounts and marketing)
– a joint controller together with partners, where both parties jointly determine purposes and means of processing
– a processor on behalf of a business customer (for example in certain white-label or API use cases)

The exact role for a given data flow is defined in:

– our contracts and partner agreements
– applicable data processing agreements (DPAs)
– specific “GDPR Information” and “Subprocessor List” documents

Internally, we assign responsibilities for:

– data protection governance and compliance
– security architecture and operations
– incident management and breach response
– training and awareness for staff

If we appoint a formal Data Protection Officer (DPO) or equivalent contact, the relevant details will be published in our Privacy Policy and GDPR Information page.

Bigmedia24 implements a range of technical and organisational measures to protect personal data, including but not limited to:

Access Control:
– role-based access to systems and data
– unique user accounts and authentication controls
– principle of least privilege for staff and administrators

Encryption & Network Security:
– use of encryption in transit (for example HTTPS/TLS) for data exchanges
– use of encryption at rest where appropriate for databases and storage
– network segmentation and firewalling for sensitive components

System & Application Security:
– secure development practices and code review processes
– regular patching and updates of operating systems and key components
– monitoring for unusual or suspicious activity

Resilience & Backup:
– regular backups of critical systems and data
– backup storage separated from primary systems
– tested procedures for restoration in the event of an incident

Organisational Measures:
– internal policies on data protection, information security and acceptable use
– confidentiality obligations for employees and contractors
– structured onboarding and offboarding processes for staff

These measures are reviewed and improved over time as our platform evolves and as best practices develop.

Our systems can involve several categories of personal data, including:

– traveller booking data (names, contact details, stay details)
– property and partner contact information (business contact details, roles)
– account and login information for our platforms
– communication data (support requests, chat history, email correspondence)
– technical usage data (IP addresses, device identifiers, log files)

The key system types include:

– booking engines and front-end portals
– partner and property management tools
– integration layers and APIs
– analytics and monitoring tools
– support and ticketing systems

We aim to implement data minimisation by collecting only the data necessary for each specific purpose, as described in our Privacy Policy and relevant contracts.

Bigmedia24 follows a “data protection by design and by default” approach, which means that:

– privacy and data protection are considered at an early stage when designing new products, features and integrations
– default settings are, where feasible, configured to minimise personal data collection and exposure
– access to data is limited to those functions and individuals who need it for clearly defined purposes
– new components or changes are evaluated from a security and privacy perspective before going live

Where appropriate, we conduct risk assessments and consider the need for Data Protection Impact Assessments (DPIAs) for higher-risk processing activities.

For processing activities that are likely to result in a high risk to the rights and freedoms of individuals, Bigmedia24:

– assesses the nature, scope, context and purposes of the processing
– evaluates potential risks to individuals
– reviews the effectiveness of planned safeguards and security measures

Where required by applicable law, we conduct formal Data Protection Impact Assessments and, if necessary, consult with relevant supervisory authorities.

The need for DPIAs is considered particularly in connection with:

– new large-scale or complex integrations
– advanced analytics or profiling activities
– introduction of significant new technologies or data flows

Under data protection laws such as the GDPR, individuals may have certain rights regarding their personal data, including:

– right of access
– right to rectification
– right to erasure (“right to be forgotten”)
– right to restriction of processing
– right to data portability
– right to object to certain types of processing
– right to withdraw consent where processing is based on consent

Bigmedia24 has internal processes to:

– receive and verify incoming rights requests
– coordinate internally and with relevant partners or processors
– respond within the timelines required by law, subject to applicable limitations

Individuals can exercise their rights by contacting us using the details provided in our Privacy Policy and on this page. In cases where Bigmedia24 acts as a processor, we will assist the relevant controller in handling the request, in line with contractual and legal obligations.

Bigmedia24 maintains procedures for identifying, assessing and responding to security incidents and potential personal data breaches, including:

– internal reporting channels for staff and key partners
– classification and impact assessment of incidents
– containment and remediation steps to minimise risk and damage
– documentation of incidents and measures taken

Where a personal data breach occurs and is likely to result in a risk to the rights and freedoms of individuals, we will:

– notify relevant controllers where we act as a processor
– notify supervisory authorities and, where required, affected individuals in accordance with applicable law and contractual obligations

We also evaluate incidents after resolution in order to improve our systems and processes.

We recognise that effective data protection depends on people as well as technology. Bigmedia24 therefore:

– provides training and guidance to employees on data protection, privacy and security
– promotes awareness of phishing, social engineering and other common threats
– reinforces confidentiality and responsible handling of personal data through policies and contracts
– updates training materials as laws and best practices evolve

These activities help ensure that staff understand the importance of data protection and know how to handle personal data responsibly.

Bigmedia24 uses carefully selected service providers and subprocessors to support our infrastructure and services, for example for:

– hosting and data centres
– payment processing
– analytics and monitoring
– communication and support tools

When engaging such providers, we:

– assess their security and data protection practices
– enter into data processing agreements where required by law
– ensure that appropriate contractual safeguards are in place

A current overview of key subprocessors used for personal data processing is provided in our Subprocessor List:

Subprocessor List:
/subprocessor-list/

We review our vendor landscape regularly and update the Subprocessor List when there are material changes.

Because Bigmedia24 serves customers and partners globally and uses infrastructure in multiple regions, personal data may be transferred to and processed in countries outside the European Economic Area (EEA) or the United Kingdom.

Where such transfers occur, we:

– assess the legal framework of the destination country
– implement appropriate safeguards, such as standard contractual clauses or equivalent mechanisms
– work with providers and partners that commit to robust data protection and security

Further details about international transfers and safeguards can be found in our GDPR Information page and Privacy Policy:

GDPR Information:
/gdpr-information/

Privacy Policy:
/privacy-policy/

Bigmedia24 maintains documentation and records relevant to data protection and security, including:

– descriptions of key processing activities (where required under GDPR Article 30)
– policies and procedures related to data protection and security
– records of incidents and remediation measures

From time to time, we may conduct internal or external reviews and audits of our data protection and security posture, particularly in connection with:

– changes in our infrastructure and architecture
– new product launches or large-scale integrations
– evolving legal and regulatory requirements

Findings from such reviews are used to improve our controls and processes over time.

If you have questions about data protection, privacy or security at Bigmedia24, you can contact us at:

Email:
support@bigmedia24.com

Postal Address:
Bigmedia24 Dynamics Ltd.
51 Bracken Road
Sandyford, D18 CV48
Dublin, Ireland

You can also reach us via the chat icon in the bottom-right corner of our websites. Please mention “Data Protection” or “Security” in your initial message so that we can route your enquiry appropriately.

For more detailed legal information, please also refer to:

– Privacy Policy: /privacy-policy/
– GDPR Information: /gdpr-information/
– Subprocessor List: /subprocessor-list/
– Terms of Use & Booking Conditions: /terms/