Last updated: May 22, 2018
Your privacy is extremely important to us. This Policy states the principles and practices that apply to our collection and use of information that you, our clients and prospective clients (hereinafter referred to as “you” and “your”) provide to us, whether in person, by telephone, mail or e-mail, or through our website www.atlastravelandtechnology.com, including all directly related corporate business websites; http://www.atlastravel.com and https://www.primenumberstechnology.com/ (referred to as “Site”) and applications that display or link to this Policy. Once you leave such Site and applications for others, the privacy policies of the other websites or applications shall apply.
We encourage you to read this Policy carefully and in its entirety as it relates to your rights regarding the processing of your personal data. As a user of our Services, you understand and agree that we collect, use, and disclose your personal data in accordance with this Policy.
We need to collect, use and disclose personal information in order to perform our Services, business functions and activities, including making and managing travel bookings on behalf of our customers. We are firmly committed to protecting the privacy and confidentiality of personal information and to maintaining various physical, electronic and procedural safeguards to protect personal information in our care.
ATTG is a business travel management and technology company headquartered in Marlborough, MA where we provide business managed travel, business travel consulting, meetings and events, leisure and technology services (hereinafter collectively, the “Services”).
For purposes of the GDPR, when processing personal data of European Union (EU) residents that you provide to us in connection with our relationship we will process as follows:
- Both ATTG and the Client Company of ATTG (“Client”, “Company” or “Customer”) (the employer of the natural person (employee) whose data is collected, hereafter referred to as the Data Subject) will be the Data Controller when, under a written contract, the Client passes personal data of their employees to ATTG to manage travel on behalf of those employees in connection with their business and where ATTG will act on the instructions of the Client and will subsequently use that personal data to facilitate travel arrangements for the Data Subject. It is this contract which forms the “Legal Basis” for the processing of personal data carried out by ATTG in these circumstances.
- ATTG is a Data Controller if it collects additional personal data directly from a Data Subject. In these circumstances ATTG will be acting under a “Legitimate Interest” to legally process the data for the management of travel for the Data Subject and to fulfil the contractual requirements for its Client.
- ATTG is a Data Controller for any personal data held regarding its own employees, and legally processes this data under its Contract of Employment with those Data Subjects.
- When ATTG processes as a technology company, and under a written contract with a Customer, we are a Data Processor and will only process data, on behalf of and under the instruction of, a Data Controller. It is this contract which forms the “Legal Basis” for the processing of personal data carried out by ATTG in these circumstances.
As a Data Subject you have rights under the GDPR. These rights can be seen below. ATTG will always fully respect your rights regarding the processing of your personal data, and has provided below contact information if you have any concerns or questions regarding how we process your data, or if you wish to exercise any rights you have under the GDPR.
3. Purpose of this Policy
This Policy describes what personal data we collect about you, how we collect it, how we use it, with whom we may share it, and what choices you have regarding our use of your personal data. We also describe the measures we take to protect the security of your personal data and how to contact us.
In addition, this Policy provides mandatory information as required under Articles 13 and 14 of the GDPR regarding the transparency of personal data processing.
4. What personal information do we collect?
Personal information has the meaning given under your local data protection law, and, where the GDPR applies, the meaning of personal data given under the GDPR. Personal information generally means information which relates to a living individual who can be identified from that information, or from that information and other information in a person’s possession, including any expression of opinion, whether true or not, and whether recorded in material form or not, about an identified or reasonably identifiable individual, and any indication of intention in respect of an individual.
Generally, the type of personal information we collect about you is the information that is needed to facilitate your travel arrangements and bookings and to arrange travel related services and/or products on your behalf.
We therefore typically process the following types of personal information about you:
- Names and contact information (work and home/mobile phone, fax, email, address);
- Traveler/attendee arranger and emergency contact names and information;
- Traveler/attendee preferences and trip/meeting details (e.g. routings, class of service, seat preferences, frequent flyer data, meal preferences, hotel/rail/car and other ground transportation membership data and preferences, special accommodation requests, other personal data supplied by you via your profiles, surveys, or other requests);
- Travel documentation (e.g. passport/visa/driver’s license number, TSA number, citizenship, date of birth, gender);
- Information about your dietary requirements and health issues (if any);
- Payment data (corporate/personal credit cards) and bank information;
- Logins, user IDs, employee IDs, passwords, IP addresses, and browsing information; and
- Other details relevant to your travel arrangements or required by the relevant travel service provider(s) (e.g. airlines and accommodation or our providers).
When you make contact with us for other purposes, we may also collect personal information about you in relation to those purposes. For example, we may collect your personal information so we can contact you about a competition you have entered (e.g. if you win) or to respond to an enquiry or feedback you have sent to us. We also collect information that is required for use in the business activities of ATTG and our related entities, including for example, financial details necessary in order to process various transactions, video surveillance footage used for security purposes, and other relevant personal information you may elect to provide to us.
In some circumstances, we may collect personal information from you which may be regarded as sensitive information under your local data protection laws. Sensitive information may include (without limitation) your racial or ethnic origin, philosophical or religious beliefs or affiliations, sexual preferences or practices, criminal record and the alleged commission of an offence, membership of political, professional or trade associations, biometric and genetic information, passwords and financial information and health information. We will only collect sensitive information in compliance with your local data protection laws, with your explicit consent and where it is reasonably necessary for, or directly related to, one or more of Our functions or activities (e.g. to make travel arrangements), unless we are otherwise required or authorized to do so by law. To the extent permitted or required under your local data protection laws, you consent to us using and disclosing your sensitive information for the purpose for which it was collected, unless we subsequently receive your consent to use it for another purpose. For example, if you provide health information to us in connection with a travel insurance application you would like to make, you consent to us using and disclosing that health information in connection with arranging that travel insurance on your behalf. A further example is if you disclose your religious beliefs to us because you are interested in, for example, certain holiday packages, in which case you consent to us using and disclosing that information in connection with facilitating your request. We will not use sensitive information for purposes other than those for which it was collected, unless we subsequently receive your consent to use it for another purpose.
5. How do we collect personal information?
We will only collect personal information in compliance with your local data protection laws. We usually collect your personal information from the information you submit during the course of your relationship with us. We will collect this information directly from you unless it is unreasonable or impracticable to do so.
Generally, this collection will occur:
- when you deal with us either in person, by telephone, letter, email;
- when you visit any of Our websites; or
- when you connect with us via social media.
We may collect personal information about you:
- when you purchase or make enquiries about travel arrangements or other products and services;
- when you enter competitions or register for promotions;
- when you subscribe to receive marketing from us (e.g. e-newsletters);
- when you request brochures or other information from us;
- when you provide information, or use Our services, on social media; or
- From other sources, for instance the company which you are an employee of or are otherwise traveling or attending a meeting on behalf of (“Company”), including such Company’s third parties who may send us your personal data on your or your Company’s behalf.
Unless you choose to do so under a pseudonym or anonymously, we may also collect your personal information (other than sensitive information) when you complete surveys or provide us with feedback.
In some circumstances, it may be necessary for us to collect personal information about you from a third party. This includes where a person makes a travel booking on your behalf which includes travel arrangements to be used by you (e.g. a family or group booking or a travel booking made for you by your employer). Where this occurs, we will rely on the authority of the person making the travel booking to act on behalf of any other traveler on the booking.
Where you make a travel booking on behalf of another person (e.g. a family or group booking or a travel booking made for an employee), you agree you have obtained the consent of the other person for ATTG to collect, use and disclose the other person's personal information in accordance with this Policy and that you have otherwise made the other person aware of this Policy.
You should let us know immediately if you become aware that your personal information has been provided to us by another person without your consent or if you did not obtain consent before providing another person's personal information to us.
We make every effort to maintain the accuracy and completeness of your personal information which we store and to ensure all of your personal information is up to date. However, you can assist us with this considerably by promptly contacting us if there are any changes to your personal information or if you become aware that we have inaccurate personal information relating to you (see section 18 below). We will not be responsible for any losses arising from any inaccurate, inauthentic, deficient or incomplete personal information that you, or a person acting on your behalf, provide to us.
6. How do we use your personal information?
ATTG collects and uses your personal data for specified, explicit, and legitimate purposes as described in this Policy and does not process your personal data further in a manner that is incompatible with those purposes. We will only use personal data to:
- Provide its Services and fulfill its obligations to your Company and travelers/attendees (e.g. complete and administer travel/meeting reservations, assist in managing the travel/meeting, provide reporting, provide notices about your account and the Services, inform you of updates to our websites and applications and other changes to our products or Services).
- Communicate with you, for instance by email, post, and phone or via ATTG’s websites or applications and to provide you with customer service.
- Understand how our websites and applications are used and provide a customized experience as you use our Services, such as by providing interactive or personalized elements on our Services and providing you with content based on your interests (see our “Cookies” policy for more information).
- Fulfill a request made by you or your Company (e.g. reporting, questions, or other requests about your personal data).
- Send you newsletters, marketing emails, and other information or materials that may interest you, as well as showing personalized advertisements. Where required, we will obtain your consent before sending such marketing messages or showing personalized advertisements.
- Generate pseudonymized or aggregated profiles and use such data for reporting and analytic purposes.
- Carry out our obligations and enforce your, our, or other’s rights as we believe reasonably necessary (e.g. billing and collection, fraud prevention, comply with legal obligations, and respond to legal proceedings or requests from legal authorities and law enforcement or other third parties).
Where you contact us in relation to a travel booking or query, the purpose for which we collect your personal information is generally to provide you with travel advice and/or to assist you with booking travel and/or travel related products and services. However, the purpose for collection may differ depending on the particular circumstances as disclosed in this Policy (e.g. collection of your personal information for the purpose of your participation in a competition, provision of feedback, etc.).
When you book or otherwise arrange travel related products and services through us, we usually act as an agent for the relevant travel service providers (e.g. for a hotel). In this case, we process your personal information as necessary so as to provide the services you requested from us. This usually includes collecting personal information about you both for our internal purposes as described in this Policy and for the travel service provider for whom we act as agent (e.g. to provide you with the booked services). For example, if you book a flight through us, then we use your personal information to enable your flight to be booked and disclose it to the airline to enable the airline to provide the flight service to you.
We act as agent for or on behalf of many travel service providers around the world, so it is not possible for us to set out in this Policy all of the travel service providers for whom we act or their locations.
If you have any concerns regarding the transfer of your personal information to a travel service provider, or for further information, please contact us as provided in this Policy.
The purposes for which we collect personal information further include:
- providing you with services and tools you choose to use (for example, saving travel preferences on our websites or saving personal information to allow for pre-population of online forms);
- identification of fraud or error;
- regulatory reporting and compliance;
- developing and improving our products and services and those of our related entities;
- servicing our relationship with you by, among other things, creating and maintaining a customer profile to enable our brands to service you better or presenting options on our website we think may interest you based on your browsing and preferences;
- involving you in market research, gauging customer satisfaction and seeking feedback regarding our relationship with you and/or the service we have provided;
- to facilitate your participation in loyalty programs;
- for research and analysis in relation to our business and services, including but not limited to trends and preferences in sales and travel destinations and use of our websites;
- internal accounting and administration;
- to comply with our legal obligations and any applicable customs/immigration requirements relating to your travel; and
- other purposes as authorized or required by law (e.g. to prevent a threat to life, health or safety, or to enforce Our legal rights).
If you are a prospective customer, the personal information we collect, and use is necessary for our legitimate interest in providing you with information about the services we offer, and about which you have expressed an interest or that we believe will be of benefit to you. Where appropriate, we will obtain your consent at the time we communicate with you.
Where permitted by local data protection laws, we may use your personal information to send you targeted marketing activities relating to Our products and services (and those of third parties) that we think may interest you, unless you have requested not to receive such information. These may include, but are not limited to, mail outs, electronic marketing and notifications as described below, and telephone calls). We will only use your personal information to send electronic marketing materials to you (including e-newsletters, email, SMS, MMS and iM) if you have opted-in to receive them. You can subscribe to receive e-newsletters and other electronic promotional/marketing materials by following the relevant links on our website or through the implementation process of corporate services.
Should you no longer wish to receive promotional/marketing material from us, participate in market research or receive other types of communication from us, please refer to the "Feedback / Complaints / Contact" section below (section 14). You can unsubscribe from receiving electronic marketing materials by following the unsubscribe prompt in your email, SMS, MMS, iM or other form of electronic marketing. Please also see the "Your rights" section of this Policy to learn about your ability, at any time, to opt out or limit the use of your browsing behavior for online behavioral advertising purposes (section 9 below).
7. Who do we disclose personal data to and why?
We do not and will not sell, rent out or trade your personal information. We will only disclose your personal information to third parties in the ways set out in this Policy and, in particular, as set out below, and in accordance with your local data protection laws. Note that, in this Policy, where we say "disclose", this includes to transfer, share (including verbally and in writing), send, or otherwise make available or accessible your personal information to another person or entity.
Personal data collected is shared with or disclosed to:
- ATTG and its related companies, brands, affiliates, subsidiaries, joint ventures, partners, subcontractors, and agents as necessary to fulfill and support the Services, including emergency bookings and assistance, ticket issuance, responding to requests, and assessing or offering promotions.
- Companies ATTG uses to support its business who provide ancillary services (e.g. fulfillment, surveys, storage, statistical analysis, technology, development, credit checks (as applicable)).
- Your Company for reporting, auditing, tracking and other purposes as necessary with your Company, including those of its personnel they request we send or make personal data available to.
- External business advisers (such as lawyers, accountants, auditors);
- Freight services, courier services
- Third party service providers you or your Company request we send personal data to (e.g. providers who secure compensation for delayed, canceled, or overbooked flights on behalf of travelers; safety and tracking information providers; companies providing weather information, travel alerts, and destination content through solutions and tools; entities who collect travel information on behalf of airline carriers for the purpose of such entities forwarding it on to certain airlines for tracking of negotiated fares between airlines and your Company; successor organizations and other travel management companies).
- Third party service providers to complete travel and attendee arrangements and reservations and fulfill the Services (e.g. Global Distribution Systems (GDSs); airlines, trains, rental car and other ground transportation companies, hotels, cruise lines, destination management companies, tour operators and other related travel suppliers for booking/ticketing purposes; industry reporting authorities; equipment and technology vendors, including, without limitation, online booking tool providers, event and expo organizers, meeting registration software providers (including onsite and mobile event management solution providers), and audio visual companies; visa and passport providers; credit card companies and payment collection and processing companies).
- A person making your travel booking on your behalf, where you are travelling on a booking made on your behalf by another person (for example, a family member, friend or work colleague);
- Your employer, where you are an employee of one of our corporate, business or government clients and you are participating in an event or travelling for work purposes;
- A person who can verify to us that they have a relationship with you (e.g. a family member) where you are not contactable, the person correctly answers our required security questions and the request is, in our opinion, in your interest (for example, where the person is concerned for your welfare or needs to undertake action on your behalf due to unforeseen circumstances);
- Customs and immigration to comply with our legal obligations and any applicable customs/immigration requirements relating to your travel;
Data consolidation companies may also be used by ATTG or your Company for the purpose of creating reports and related statistics for benchmarking or other related purposes, including, without limitation, utilizing cumulative statistical data, which may incorporate data acquired from your Company for ordinary business purposes customary in our industry and the Services we provide, but without identifying, directly or indirectly, you or your Company.
ATTG may be acquired, merge with another business, sell, or liquidate its assets, acquire, or buy other businesses or assets. In such transactions, personal data is generally one of the transferred business assets. In the event of an acquisition, sale, liquidation, or merger, your personal data and non-personal identifying information may be automatically assigned by us in our sole discretion to a third party.
Other than the above, we will not disclose your personal information without your consent unless we reasonably believe that disclosure is necessary to lessen or prevent a threat to life, health or safety of an individual or to public health or safety or for certain action to be undertaken by an enforcement body (e.g. prevention, detection, investigation, prosecution or punishment of criminal offences), or where such disclosure is authorized or required by law (including applicable privacy / data protection laws).
8. Does ATTG disclose personal data across borders?
When sharing with or disclosing personal data to other parties, including to ATTG’s related companies, affiliates, subsidiaries, joint ventures, partners, subcontractors, and agents who provide Services and maintain facilities, your personal data may be transferred to countries with data protection laws providing a lower standard of protection for your personal data than your country.
We will transfer your personal data in compliance with applicable data protection laws, including having adequate mechanisms in place to protect your personal data when it is transferred internationally (e.g. EU Standard Contractual Clauses, data protection agreements).
o ATTG has adopted a Privacy Shield Policy to establish and maintain an adequate level of Personal Data privacy protection. This Policy applies to the processing of Personal Data that ATTG obtains from Customers located in the EU and Switzerland. Please see Our "Privacy Shield Policy" at at www.atlastravelandtechnology.com.
If you have questions or wish to obtain more information about the international transfer of your personal data or the implemented safeguards, please contact us as provided in this Policy.
9. How do we store and protect personal data?
Typically, ATTG stores personal data on its servers managed internally and with third party storage providers.
ATTG uses appropriate technical and organizational security measures to protect the personal data ATTG holds on its network and systems from unauthorized access, disclosure, destruction, and alteration. We conduct periodic reviews of our data collection, storage, processing, and security measures to verify we are only collecting, storing, and processing personal data that is required for our Services and to fulfill our contractual obligations. While we make every effort to protect the integrity and security of our network and systems, we cannot guarantee, ensure, or warrant that our security measures will prevent illegal or unauthorized activity related to your personal data. When using our Services, you should be aware that no data transmission over the Internet can be guaranteed as totally secure. Although we strive to protect your personal data, we do not warrant the security of any data and information that you transmit to us over the Internet and you do so at your own risk.
In order to protect your personal data, we kindly ask you to not send us credit card information or other similar personal data to us via email. We also encourage you to keep your password confidential and not disclose it to any other person. If you are sharing a computer with anyone you should log out before leaving a site or service to protect access to your password and personal data from subsequent users. Please alert us immediately if you believe your password or any of your personal data has been misused. Please note, we will never ask you to disclose your password or credit card information in an unsolicited phone call or email.
10. How long you keep my personal data?
11. What about ATTG applications?
12. What about links to third party websites and services?
13. How do we handle “Cookies” and “do not track” requests and other similar technologies?
14. Does ATTG collect personal data of children?
Our website is not intended for or targeted at individuals under the age of 18, nor should individuals under the age of 18 use our Services to submit any personal data about themselves. ATTG will never knowingly collect or request personal information for anyone under the age of 18 without requesting parental consent.
15. What are my rights with respect to my personal data?
You may choose what personal data (if any) you wish to provide to us. However, if you choose not to provide certain details, your experience with some or all of our Services may affect our ability to provide services to you or negatively impact the services we can provide to you. For example, most travel bookings must be made under the traveler’s full name and must include contact details and appropriate identification (e.g. passport details). We cannot make bookings for you without that information.
To the extent required by applicable law, you have the right to access your personal data and confirm the processing of your personal data. Also, where applicable, you have the right to rectify inaccuracies or errors, erase, restrict the processing, object to processing, and withdraw consent to processing of your personal data, and where applicable, the right to data portability of your personal data. ATTG will handle such requests in the time specified by applicable law and where permitted by applicable law, may charge a reasonable administrative fee to cover the costs of responding to any such request.
You must always provide accurate information and you agree to update it whenever necessary. You also agree that, in the absence of any update, we can assume that the information submitted to us is correct, unless we subsequently become aware that it is not correct.
In any of the situations listed above, we may request that you prove your identity by providing us with a copy of a valid means of identification in order for us to comply with our security obligations and to prevent unauthorized disclosure of personal information.
16. Social Media Integrations
Our websites and mobile applications may use social media features and widgets (such as "Like" and "Share" buttons/widgets) ("SM Features"). These are provided and operated by third party companies (e.g. Facebook) and either hosted by a third party or hosted directly on our website or mobile application. SM Features may collect information such as the page you are visiting on our website/mobile application, your IP address, and may set cookies to enable the SM Feature to function properly.
If you are logged into your account with the third party company, then the third party may be able to link information about your visit to and use of our website or mobile application to your social media account with them. Similarly, your interactions with the SM Features may be recorded by the third party. In addition, the third party company may send us information in line with their policies, such as your name, profile picture, gender, friend lists and any other information you have chosen to make available, and we may share information with the third party company for the purposes of serving targeted marketing to you via the third party social media platform. You can manage the sharing of information and opt out from targeted marketing via your privacy settings for the third party social media platform.
When you access our website, use any of our mobile applications or open electronic correspondence or communications from us, our servers may record data regarding your device and the network you are using to connect with us, including your IP address. An IP address is a series of numbers which identify your computer, and which are generally assigned when you access the internet.
We may use IP addresses for system administration, investigation of security issues and compiling anonymized data regarding usage of our website and/or mobile applications.
18. How can I exercise my rights or make complaints?
If you have any questions about this Policy or wish to exercise any of your rights as described in this Policy, please contact us as follows:
Post: Atlas Travel & Technology Group
Attn: Security and Compliance
200 Donald Lynch Boulevard – Suite 323
Marlborough, MA 01752
ATTG will respond to your requests to the email address or phone number that you have registered with us or we otherwise have on file for you or any other suitable method. Depending on your request, we may review the request with you and/or your Company to assist in resolving and responding to the request.
We are committed to working with you to obtain a fair resolution of any complaint or concern you may have about our use of your personal data. If, however, you believe that we have not been able to assist with your complaint or concern, you may have the right to make a complaint to the data protection authority in your country (if one exists in your country).