At Corporate Travel Management (CTM), we value your privacy and have always taken our data protection obligations seriously. You own your data, and we are committed to ensuring it is kept safe and secure.

As part of our commitment to earning and maintaining our customers’ trust, it is important to keep you informed of any changes to our Privacy Policy.


From May 25, 2018, new legislation will have an effect on how companies collect, store and use personal data belonging to European Union (EU) residents irrespective of their geographical location. The General Data Protection Regulation (GDPR) is designed to give individuals better control over their personal data and allow them to manage their consent.

Businesses of any size may need to comply with the GDPR if they have an establishment in the EU, if they offer goods and services in the EU, or if they monitor the behaviours of individuals in the EU. To find out more about the GDPR, click here.


CTM respects the laws of all the jurisdictions in which we operate. In light of the new GDPR legislation, we have updated our Privacy Policy, which outlines the type of information we collect, why we collect it from you, what we do with that information, and how it’s shared.

The GDPR legislation reinforces CTM’s approach to data privacy, compliance and transparency, which we have had in place for many years. You can view the CTM Privacy Policy here.


CTM is used to working with customers whose businesses demand confidentiality and robust security. We have long had the processes and systems to provide you with the required comfort that your data is in good hands.

In order to achieve GDPR readiness, and comply with the new regulations effective 25th May, 2018 Corporate Travel Management have appointed a dedicated Information Security and Data Protection Officer who has been working in our business since November 2017. Our DPO is implementing a 12 point plan based on the ICO’s “Preparing for the GDPR” We are engaging with suppliers to finalise our plans, implementing in good time.

We are rolling out an internal training program, updating our policies and privacy notices, and reviewing contracts with suppliers to ensure that customer requirements are met. Work is underway to ensure that all data subject rights can be fulfilled by our systems, and incident reporting procedures are being updated to GDPR standards.

Corporate Travel Management has PCI DSS Level 3 and is actively pursuing certification to ISO/IEC 27001:2013. We undertake regular penetration testing and ensure that all our staff are trained and aware of privacy and security policy.

Corporate Travel Management (CTM) take their Data Protection obligations seriously. In order to achieve GDPR readiness, and comply with the new regulation effective 25th May, CTM appointed a dedicated Data Protection Officer in 2017. We are drawing to a completion of our 12 point plan based on the ICO’s “Preparing for the GDPR”.


CTM take their Data Protection obligations seriously. In order to achieve GDPR readiness, and comply with the new regulation effective 25th May, CTM appointed a dedicated Data Protection Officer in 2017. We achieved our 12 point plan based on the ICO’s “Preparing for the GDPR”.

1. Awareness

CTM drew up customised GDPR eLearning material relevant to Travel Management Companies and rolled this out for all personnel. This training will be amended to new circumstances, and forms the basis of mandatory, regular training. Top management also receive the training to inform decision making.

2. Information you hold

CTM has detailed catalogues of its data streams, and a summary “Customer Data Processing Activities” document appropriate for client needs.

3. Communicating privacy information

CTM reworked its own privacy notices to GDPR compliance for 25 May 2018, and will co-operate with customers in delivering any privacy notices they wish to communicate.

4. Individuals’ rights

CTM have adopted a “Data Subject Rights Policy”, which covers the rights expressed in Articles 15 to 22. The policy specifies co-operation with clients in fulfilling requests, and co-ordination along the supply chain.

5. Subject access requests

Dealing with Subject Access Requests is lain out in our Data Subject Rights Policy.

6. Lawful basis for processing personal data

CTM has reviewed its legal justification for the data processing it does on behalf of customers, and in all cases it is “Performance of Contract” as specified in Article 6 para 1 (b).

7. Consent

CTM does not carry out any personal data processing for customers based on individuals’ consent.

8. Children

  1. CTM does not accept direct bookings from children, bookings are always made by an adult on a child’s behalf.
  2. Hence our processing of children’s data is carried out under the booking contract. If a child’s consent is required for processing, that must be obtained by the Data Controller (client).
  3. We fulfil all children’s Data Subject rights as we do for adults.
  4. We do not market to children.
  5. Our privacy notices are for adults. Should children need extra explanation it must be provided by the Data Controller (we will provide assistance on this if required).
  6. We do not carry out any fully automated processing on children’s data that has legal or similarly significant effects on them.
  7. Any risk to children’s data in new developments is picked up in Data Protection Impact Assessments.
  8. Given the above, we do not involve children in designing our systems.

9. Data breaches

CTM updated its Information Security Incident Management Plan to improve responses to personal data breaches, in accordance with the guidelines in ISO/IEC 27005:2011. The plan is developed with CTM globally, and addresses possible breaches due to customer and supplier actions, as well as our own systems.

10. Data Protection by Design and Data Protection Impact Assessments

New projects at CTM are screened to assess whether they require a DPIA.

CTM’s Projects team have taken Data Protection by Design principles on board, as have SABStt (the developers of our Lightning UK series of Online Booking Tools). CTM will continue to assess its systems with regards to their ability to meet Data Subject rights.

11. Data Protection Officers

CTM has appointed a full-time Data Protection Officer.

12. International

As a Travel Management Company, CTM obviously sends personal information abroad, including to countries who are not the subject of an “Adequacy Decision” from the European Commission. As many Travel Management Companies do, CTM makes extensive use of Sabre’s Global Distribution System, which is based in the United States. CTM and Sabre exchange information under European Commission provided Model Clauses (Standard Contractual Clauses), and this will also be CTM’s approach with other organisations outside the EEA. The situation is complicated and evolving, and CTM will take necessary measures to adapt and remain compliant.

Continuing GDPR Assurance

CTM is incorporating the controls in ISO/IEC 29151:2017 into its upcoming ISO 27001:2013 accreditation.

Terms & Conditions


1. Important Notice
The information on this page is not part of the Prospectus. You must read this important notice before you attempt to access the electronic version of the Prospectus on this website, and indicate your agreement or otherwise at the bottom of this notice. If you agree to these conditions, you will be given access to the electronic Prospectus.

2. Date and Duration of Offer
Corporate Travel Management Limited ACN 131 207 611 (CTM) lodged a Prospectus inviting investors to subscribe for 21.78 million shares in CTM with the Australian Securities & Investments Commission on 3 November 2010. The Prospectus details the terms of the offer. The offer is expected to close at 5.00pm (AEST) on 7 December 2010. CTM reserves the right to change this date without notice.

3. Exposure Period
3.1 Application for CTM’s shares under the Prospectus will not be accepted by CTM during the period of seven days after the date of the Prospectus, or such other period (not exceeding fourteen days), as ASIC may require (Exposure Period).
3.2 Applications may only be made on the Application Form attached to or accompanying the Prospectus (including the electronic copy of the Prospectus). Applications will not be processed until after the expiry of the Exposure Period. No preference will be conferred on Applications received during the Exposure Period.

4. Jurisdiction
4.1 Access to the Prospectus is only available to persons resident in Australia with a registered address in Australia, from within Australia. The distribution of this Prospectus in jurisdictions outside of Australia may be restricted by law and persons in such jurisdictions who come into possession of the Prospectus should seek advice on and observe any such restrictions. Any failure to comply with such restrictions may constitute a violation of applicable securities laws. The Prospectus does not constitute an offer or an invitation in any jurisdiction in which, or to any person to whom, it would not be lawful to make such an offer or invitation. The Offer is being made only to persons receiving this Prospectus in Australia. No action has been taken to register the Prospectus or otherwise permit a public offering of CTM’s Shares in any jurisdiction outside Australia.
4.2 The Prospectus provided on the CTM website is available to persons accessing this website from within Australia only. If you are accessing this site from anywhere outside Australia do not download, print or view the Prospectus accessible through this web page. By accessing the Prospectus, you acknowledge and confirm that you are accessing this website from within Australia.
4.3 There is an Employee Priority Offer being made to employees in Australia and New Zealand who are eligible employees pursuant to the terms of the Prospectus (Eligible Employees). The offer to Eligible Employees in New Zealand is subject to, and in accordance with, the New Zealand Securities Act (Overseas Employee Share Purchase Schemes) Exemption Notice 2002. Eligible Employees who access the Prospectus from New Zealand and are resident in New Zealand are the only exception to clauses 4.1 and 4.2.
4.4 The Prospectus does not constitute an offer to sell, or a solicitation of an offer to buy, securities in the United States or to any US person (as defined in Regulation S under the US Securities Act of 1933, as amended (US Securities Act), and is not available to persons in the United States or to US persons. The securities in the offering have not been and will not be registered under the US Securities Act or the securities laws of any state of the United States and may not be offered or sold in the United States or to US persons, except pursuant to an exemption from, or in a transaction not subject to, the registration requirements of the US Securities Act and applicable state securities laws.

5. Acceptance Forms
5.1 Following the Exposure Period CTM will accept paper copies of the application form made using a print-out of the electronic application form or from the paper copy of the Prospectus. CTM will not accept an application form submitted electronically. To obtain a paper copy of the Prospectus free of charge during the Offer Period, please contact CTM on (07) 3210 3307.
5.2 CTM will not accept a completed application form if it is has reason to believe that:
(a) the applicant has not received a complete paper copy or the electronic copy of the Prospectus; or
(b) the application form or electronic copy of the Prospectus has been altered or tampered with in any way.
5.3 The full Prospectus has 95 pages. The electronic copy of the full Prospectus is in Adobe Portable Document format (PDF). The size of the full Prospectus is approximately 3 Mb. You should ensure that any copy you view or print is complete.

6. Investors Should Seek Advice
Nothing contained on this website or in the Prospectus constitutes investment, legal, business, tax or other advice. In particular, the information on this website and in the Prospectus is not tailored to your investment objectives, financial situation or particular needs. In making an investment decision, you must rely on your own examination of CTM, the securities and the terms of the offering, including the merits and risks involved. You should consult your professional adviser for legal, business or tax advice.

7. Acceptance of Conditions
By proceeding, I agree to the above statements, and confirm that I am a resident of Australia accessing this website from Australia (or an Eligible Employee from Australia or New Zealand). In addition, I represent, warrant and agree that I am not a resident of the United States or currently located in the United States, nor am I acting for the account or benefit of any person in the United States, a US person or any other foreign person, and that I will not make a copy of the Prospectus available to, or distribute a copy of the Prospectus to, any such non-Australian resident person

I accept the terms and conditions.