Effective 5 October 2020
Should you have any questions about this policy, our data collection process, or the usage of the collected data, please contact us:
Enterprise Security Services
Privacy and Compliance
Airline Tariff Publishing Company
Washington Dulles International Airport
45005 Aviation Drive, Dulles, VA 20166
ATPCO privacy principles
We may create anonymous data records from personal data by excluding information that makes the data personally identifiable to you. We reserve the right to use anonymous data for any purpose and disclose anonymous data to third parties in our sole discretion. “Anonymous data” means data that does not, by itself, permit the identification of individual persons and that is not associated with or linked to personal data.
We ask that you not send us, and you do not disclose, any sensitive personal data (e.g., social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or trade union membership) on or through the services or otherwise to us.
Participation in the Privacy Shield Framework
As described in the Privacy Shield Principles, ATPCO is accountable for personal data that it receives and subsequently transfers to third parties. If third parties that process personal data on our behalf do so in a manner that does not comply with the Privacy Shield Principles, we are accountable, unless we prove that we are not responsible for the event giving rise to the damage.
How to file a complaint regarding your Personal Data
In compliance with the Privacy Shield Principles, ATPCO commits to resolve complaints about our collection or use of your personal data. European Union individuals with inquiries or complaints regarding our Privacy Shield policy should first contact ATPCO at: firstname.lastname@example.org.
Dispute resolution process
ATPCO has further committed to refer unresolved Privacy Shield complaints to JAMS, a EU-US Privacy Shield Dispute Resolution service. If you do not receive timely acknowledgment of your complaint from us, or if we have not resolved your complaint, please contact or visit JAMS at https://www.jamsadr.com/eu-us-privacy-shield for more information or to file a complaint. The services of JAMS are provided at no cost to you.
Individuals have the option, under certain circumstances, to invoke binding arbitration for complaints regarding Privacy Shield compliance not resolved by any other Privacy Shield mechanisms. The procedure for invoking the binding arbitration process is accessible here: https://www.privacyshield.gov/article?id=ANNEX-I-introduction
ATPCO liability toward third parties
Information we collect
ATPCO collects and stores the following information to facilitate business communications and to aid problem resolution:
- First and last name
- Employment category (employee or contractor)
- Access authorizer name (the name of the person who last requested access on behalf of the recipient)
- Address information (street, city/province, country, postal code)
- Email address
This information is required when access is requested to ATPCO systems; subsequent updates are provided by either your organization’s access authorizer or you, the individual user.
If you provide us feedback or contact us via email, we will collect your name and email address, as well as any other content included in your email to us, in order to send you a reply.
We may also collect personal data at other points in our site, systems, or services that state that personal data is being collected.
Information collected via technology
To make our site and services more useful to you, our servers (which may be hosted by a third-party service provider) collect information from you, including your browser type, operating system, Internet Protocol (“IP”) address (a number that is automatically assigned to your computer when you use the Internet, which may vary from session to session), domain name, and/or a date/time stamp for your visit.
We also collect information through the use of technology such as Cookies, as further described in the section below entitled “Provisions Specific to European Users” except the data collection applies to individuals outside the EU as well.
Use of Personal Data
Disclosure of your Personal Data
We share anonymous data, including airline pricing information, with other users of our services as described in the Introduction section above.
We may share your personal data with third-party service providers that conduct quality assurance testing, facilitate creation of accounts, provide technical support, and/or provide other services to ATPCO.
Data retention period
ATPCO will only retain your personal data for as long as reasonably required for you to use our system and applications, or to provide you with the requested services, or until you choose to close your account, or choose to no longer do business with ATPCO, unless a longer retention period is required or permitted by law.
Right to access Personal Data
ATPCO will provide users reasonable access to the information collected from them and take reasonable steps to allow any inaccurate or incomplete information to be corrected, amended, or deleted. Users with ATPCO accounts will receive periodic requests to review and update their data. Users also have the option to review and update their data at will by logging into FareManager and clicking on the “Update User Information” link.
Provisions specific to European users
ATPCO’s role as data processor in performing services for users
Where we process personal data (as defined below) that is controlled by our users in the performance of our services for them, for the purposes of Directive 95/46/EC of the European Parliament (the "EU Directive"), ATPCO is a data processor. ATPCO agrees that it will treat personal data processed by it on behalf of its users in accordance with applicable provisions of the EU Directive, this Policy, and our agreements with our users.
ATPCO’s role as a data controller
For the purposes of the EU Directive, ATPCO will be a data controller in respect of personal data (as defined below) it receives from its users directly (for example, information received directly via this website or that is linked to a user’s account on this site) which it controls and can determine the purposes for which, and the manner in which, that personal data is, or is to be, processed, i.e., it is not collecting and processing that personal data simply for and on behalf of its users.
What is Personal Data?
We may store and process your data outside the EEA. The personal data that we collect and process may be transferred to, and stored at, a destination outside the EEA. It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff may be engaged in the provision of support services to you or subcontractors who help us process the personal data we process on your behalf.
You should be aware that there may be additional risks to your personal data being stored outside EEA and UK, including but not limited to: differences in local data protection laws, potential government access to your personal data via national security agencies such as the NSA in the US, and the ability of infrastructure and service providers to continue to offer protections which are required under applicable data protection law and related regulations.
Purposes for collecting Personal Data
We will only process your personal data in accordance with applicable data protection and privacy laws. We need certain personal data in order to provide you with access to the Site. If you registered with us, you will have been asked to check a box indicating your agreement to provide this data in order to access our services or view our content. This consent provides us with the legal basis we require under applicable law to process your data. You maintain the right to withdraw such consent at any time. If you do not agree to our use of your personal data in line with this policy, please do not use our website. When fulfilling our contractual obligations to our customers (i.e., the data controllers), we have a legitimate interest in processing certain personal data for such contractual purposes.
We do not use your personal data for the purposes of automated decision-making. However, we may do so in order to fulfill obligations imposed by law, in which case we will inform you of any such processing and provide you with an opportunity to object.
Links to other sites
Our websites may contain links to and from the websites of our partner networks and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Cookies are small data files stored sent from a website and stored within a user’s web browser/hard drive. Cookies may contain session information or settings to enhance a user’s experience or may be necessary to utilize a website’s applications. ATPCO uses both session Cookies (which expire once Users close their web browser) and persistent Cookies (which stay on Users’ computers or devices until they delete them) to provide you with a more personal and interactive experience on our websites. This type of information is collected to distinguish different users.
Our website uses the following types of cookies for the purposes set out below:
|Type of Cookies||Purpose|
These cookies are essential to provide you with services available through our website and to enable you to use some of its features. Without these cookies, the services that you have asked for cannot be provided, and we only use these cookies to provide you with those services.
These cookies allow our website to remember choices you make when you use our website. The purpose of these cookies is to provide you with a more personal experience and to avoid you having to re-enter your preferences every time you visit our website.
Analytics and Performance Cookies
These cookies are used to collect information about traffic to our website. The information gathered does not identify any individual visitor. The information is aggregated and anonymous. We use this information to help operate our website more efficiently, to gather broad demographic information and to monitor the level of activity on our website.
We use Google Analytics and other third party analytics services for this purpose. Google Analytics uses its own cookies. It is only used to improve how our website works. You can find out more information about Google Analytics cookies here: https://developers.google.com/analytics/resources/concepts/gaConceptsCookies. You can find out more about how Google protects your data here: www.google.com/analytics/learn/privacy.html.
[You can prevent the use of Google Analytics relating to your use of our website by downloading and installing the browser plugin available via this link: http://tools.google.com/dlpage/gaoptout?hl=en-GB].
Social Media Cookies
These cookies are used when you share information using a social media sharing button or “like” button on our website or you link your account or engage with our content on or through a social networking website such as Facebook, Twitter, or Google+. The social network will record that you have done this.
ATPCO does not collect or maintain personally identifiable information within Cookies created or used by our websites.
Information stored on US-based servers
If you are outside the United States, you should know that any personal data entered into the network will be transferred out of your country and into other countries, including, but not limited to the United States, where data protection and privacy regulations may not offer the same level of protection as in other parts of the world. By using our Site, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this policy. By using the ATPCO systems, you consent to such transfer, and are representing that you have the right to transfer such information outside your country.
We will only retain your personal data as long as reasonably required for you to use the Site and/or to provide you with the Services unless a longer retention period is required or permitted by law (for example, for regulatory purposes).
Data subject requests
1. Access to and amending of your Personal Data
Where we act as a data controller of any personal data (see above), the EU Directive gives you the right to access information we hold about you. Such requests are called subject access requests (“SARS”). Most data we house originates via an access request from your employer or data partner. Once your access is established, you have the ability to view or modify the data provided by your employer or data partner.
Much of this data is available to view or update on https://faremanager.atpco.net via the “Update User Information” link.
2. Right to erasure
EU individuals have the right, in certain circumstances, to request that the company erases their EU personal data. When such a request is made, ATPCO will, unless there is an exemption under applicable law, erase the EU personal data without undue delay, if, the EU personal data are no longer necessary in relation to the purpose for which it was collected. If the company is not going to respond to the request, it shall inform the EU individual of the reasons for not taking action and of the possibility of lodging a complaint with the data protection authority in their country.
Data subject requests
If you wish to formally request access to personal data we hold about you, entered by you on various internet forms within our systems, you may do so in accordance with your rights under the EU Directive. Any such request may be subject to a fee of USD 10 to meet reasonable costs in providing you with details of the information we hold about you. In your request, please make clear: (i) what personal data is concerned; and (ii) which of the above rights you would like to enforce. For your protection, we may only implement requests with respect to the personal data associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request. We will try to comply with your request as soon as reasonably practicable and in any event, within one month of your request. Please note that we may need to retain certain information for recordkeeping purposes prior to requesting such change or deletion. If you wish to make such a request, please contact email@example.com with any questions or concerns.
Employee Personal Data
ATPCO commits to cooperate with the panel established by the EU data protection authorities (DPAs) and comply with the advice given by the EU DPA with regard to human resources data transferred from the EU in the context of the employment relationship. Please contact us at firstname.lastname@example.org to be directed to the relevant DPA contacts.