ATPCO Privacy Policy

EFFECTIVE DATE: 29 October 2018

The privacy of personal data is important to ATPCO. This Privacy Policy describes how ATPCO collects, uses, and shares a customer’s personal data collected via our website, https://faremanager.atpco.net and any supporting applications or services.

Should you have any questions about this policy, our data collection process, or the usage of the collected data, please contact us at:
 

Manager, Enterprise Security Services
Privacy and Compliance
Airline Tariff Publishing Company
Washington Dulles International Airport
45005 Aviation Drive, Dulles, VA 20166
Tel: 703-661-7889
Email: privacy@atpco.net

 

ATPCO PRIVACY PRINCIPLES


Introduction

ATPCO is committed to protecting our users’ privacy. The ATPCO Privacy Policy is designed to inform our users about the manner in which ATPCO collects and uses personal data provided to ATPCO. By using our site, systems, or services, you agree that ATPCO can collect, use, and disclose such personal data in accordance with our Privacy Policy.

We may create anonymous data records from personal data by excluding information that makes the data personally identifiable to you. We reserve the right to use anonymous data for any purpose and disclose anonymous data to third parties in our sole discretion. “Anonymous data” means data that does not, by itself, permit the identification of individual persons and that is not associated with or linked to personal data.

For the avoidance of doubt, we may take airline pricing information that users provide, anonymize it, aggregate it with the anonymized data of other users, and then make such aggregated, anonymous data available to other users of our services.  Your personal data may be provided to us by our customers or business partners.  In such cases, we shall process such Personal Data as a data processor on behalf of those entities who use our services. In such instances, our customer’s or business partner’s privacy policy, rather than this Privacy Policy, will apply to our processing of your personal data.

We ask that you not send us, and you do not disclose, any sensitive personal data (e.g., social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or trade union membership) on or through the services or otherwise to us.

 

Consent to the ATPCO Privacy Policy

Use of ATPCO’s site, systems, and services confirms your consent to and acknowledgement of the ATPCO Privacy Policy. By using this site, you accede to the collection and use of the information as outlined in the Privacy Policy. For European Users, this includes your agreement that your personal data may be stored at locations outside the EEA. Wherever it is stored or processed, ATPCO will take all steps reasonably necessary to ensure that your personal data is treated securely and in accordance with this Privacy Policy. If you do not agree to our use of your personal data in line with this policy, you may not use our website. We will not be liable to you for any such use of our website.

This website uses information gathering tools such as cookies to provide you with a more personal and interactive experience on our websites.  Please refer to the “Use of Cookies” section of the ATPCO Privacy Policy for the types of cookies which will be used on the site and the purposes for which they will be used.

 

Participation in the Privacy Shield Framework
The Federal Trade Commission has jurisdiction over ATPCO compliance with the EU-US Privacy Shield principles.  ATPCO complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data transferred from the European Union to the United States.  ATPCO has certified to the Department of Commerce that it adheres to the Privacy Shield Principles.  If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.  To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

 

As described in the Privacy Shield Principles, ATPCO is accountable for personal data that it receives and subsequently transfers to third parties. If third parties that process personal data on our behalf do so in a manner that does not comply with the Privacy Shield Principles, we are accountable, unless we prove that we are not responsible for the event giving rise to the damage.

 

How to file a complaint regarding your Personal Data

In compliance with the Privacy Shield Principles, ATPCO commits to resolve complaints about our collection or use of your personal data. European Union individuals with inquiries or complaints regarding our Privacy Shield policy should first contact ATPCO at: privacy@atpco.net.

 

Dispute Resolution Process

ATPCO has further committed to refer unresolved Privacy Shield complaints to JAMS, a EU-US Privacy Shield Dispute Resolution service. If you do not receive timely acknowledgment of your complaint from us, or if we have not resolved your complaint, please contact or visit JAMS at https://www.jamsadr.com/eu-us-privacy-shield  for more information or to file a complaint. The services of JAMS are provided at no cost to you.

 

Individuals have the option, under certain circumstances, to invoke binding arbitration for complaints regarding Privacy Shield compliance not resolved by any other Privacy Shield mechanisms.  The procedure for invoking the binding arbitration process is accessible here:  https://www.privacyshield.gov/article?id=ANNEX-I-introduction

 

ATPCO Liability Toward Third Parties

If ATPCO transfers personal data to any other third parties outside of the EEA (other than to any other organization that participates in the Privacy Shield framework), we will implement standard contractual clauses. You can request a copy of these standard contractual clauses by contacting us as set out at the beginning of this Privacy Policy.

 

Information We Collect

ATPCO collects and stores the following information to facilitate business communications and to aid problem resolution:

  • First and last name
  • Organization
  • Employment category (employee or contractor)
  • Access authorizer name (the name of the person who last requested access on behalf of the recipient)
  • Address information (street, city/province, country, postal code)
  • Phone
  • E-mail address

This information is required when access is requested to ATPCO systems; subsequent updates are provided by either your organization’s access authorizer or you, the individual user.

 

If you provide us feedback or contact us via e-mail, we will collect your name and e-mail address, as well as any other content included in your e-mail to us, in order to send you a reply.

 

We may also collect personal data at other points in our site, systems, or services that state that personal data is being collected.

 

Information Collected via Technology
To make our site and services more useful to you, our servers (which may be hosted by a third-party service provider) collect information from you, including your browser type, operating system, Internet Protocol (“IP”) address (a number that is automatically assigned to your computer when you use the Internet, which may vary from session to session), domain name, and/or a date/time stamp for your visit.

 

As is true of most websites, we also gather certain information automatically and store it in log files. This information includes IP addresses, browser type, Internet service provider (“ISP”), referring/exit pages, operating system, date/time stamp, and clickstream data. We use this information to analyze trends, administer our site, track users’ movements around our site, gather demographic information about our user base as a whole, and better tailor our services to our users’ needs. Except as noted in this Privacy Policy, we do not link this automatically-collected data to personal data.

 

We also collect information through the use of technology such as Cookies, as further described in the section below entitled “Provisions Specific to European Users” except the data collection applies to individuals outside the EU as well.

 

In addition to the tracking technologies we place, other companies may set their own Cookies or similar tools when you visit our site. This includes third party analytics services, including but not limited to Google Analytics (“Analytics Services”), that we engage to help analyze how users use our site, as well as third parties that deliver content or offers. We may receive reports based on these parties’ use of these tools on an individual or aggregate basis. We use the information we get from Analytics Services only to improve our site and services. The information generated by the Cookies or other technologies about your use of our site and Services (the “Analytics Information”) is transmitted to the Analytics Services. The Analytics Services use Analytics Information to compile reports on user activity. The Analytics Services may also transfer information to third parties where required to do so by law, or where such third parties process Analytics Information on their behalf. Each Analytics Services’ ability to use and share Analytics Information is restricted by such Analytics Services’ Terms of Use and Privacy Policy. By using our site and services, you consent to the processing of data about you by Analytics Services in the manner and for the purposes set out above. For a full list of Analytics Services, please contact us at privacy@atpco.net.

 

Use of Personal Data
In general, personal data you submit to us is used either to respond to requests that you make, aid us in serving you better, and administer and improve our site, systems, and services; prevent potentially prohibited or illegal activities, comply with applicable law and enforce our terms of use; and for any other purposes disclosed to you at the time we collect your information or pursuant to your consent.

 

For the avoidance of doubt, any business, transaction or related data disclosed pursuant to a customer agreement between ATPCO and a customer is governed solely by the terms of the applicable customer agreement(s) and is not subject to this Privacy Policy.

 

Disclosure of Your Personal Data
We share anonymous data, including airline pricing information, with other users of our services as described in the Introduction section above.

 

We may share your personal data with third-party service providers that conduct quality assurance testing, facilitate creation of accounts, provide technical support, and/or provide other services to ATPCO.

 

We may share some or all of your personal data with our parent company, subsidiaries, joint ventures, or other companies under common control with ATPCO (“Affiliates”), in which case we will require our Affiliates to honor this Privacy Policy.

 

We may share some or all of your personal data in connection with or during negotiation of any merger, financing, acquisition or dissolution transaction or proceeding involving the sale, transfer, or divestiture of all or a portion of our business or assets. In the event of an insolvency, bankruptcy, or receivership, personal data may also be transferred as a business asset. If another company acquires our company, business, or assets, that company will possess the personal data collected by us and will assume the rights and obligations regarding your personal data as described in this Privacy Policy.

 

Regardless of any choices you make regarding your personal data, ATPCO may disclose personal data if it believes in good faith that such disclosure is appropriate (a) in connection with any legal investigation or proceeding; (b) to comply with relevant laws or to respond to subpoenas or warrants served on ATPCO; (c) to protect or defend the rights or property of ATPCO, its affiliates or its users; and/or (d) to investigate or assist in preventing any violation or potential violation of the law, this Privacy Policy, our terms of use, or any other contractual arrangement.

 

Data Retention Period
ATPCO will only retain your personal data for as long as reasonably required for you to use our system and applications, or to provide you with the requested services, or until you choose to close your account, or choose to no longer do business with ATPCO, unless a longer retention period is required or permitted by law.

 

Right to Access Personal Data
ATPCO will provide users reasonable access to the information collected from them and take reasonable steps to allow any inaccurate or incomplete information to be corrected, amended, or deleted. Users with ATPCO accounts will receive periodic requests to review and update their data. Users also have the option to review and update their data at will by logging into FareManager and clicking on the “Update User Information” link.

 

Changes to this Privacy Policy
ATPCO may update its Privacy Policy from time to time. When we amend the policy in a material way, a notice will be posted on the ATPCO website.

 
 

PROVISIONS SPECIFIC TO EUROPEAN USERS

ATPCO’s role as data processor in performing services for users
Where we process personal data (as defined below) that is controlled by our users in the performance of our services for them, for the purposes of Directive 95/46/EC of the European Parliament (the "EU Directive"), ATPCO is a data processor. ATPCO agrees that it will treat personal data processed by it on behalf of its users in accordance with applicable provisions of the EU Directive, this Policy, and our agreements with our users.

 

ATPCO’s role as a data controller
For the purposes of the EU Directive, ATPCO will be a data controller in respect of personal data (as defined below) it receives from its users directly (for example, information received directly via this website or that is linked to a user’s account on this site) which it controls and can determine the purposes for which, and the manner in which, that personal data is, or is to be, processed – i.e., it is not collecting and processing that personal data simply for and on behalf of its users.

 

What is Personal Data?
"Personal Data" means any data relating to EU-based individuals by which they can actually be identified or could be identifiable, whether simply from that information alone, or in combination with any other information which is in our control (including any “personal data”, as defined in the EU Directive). Where it meets the definition outlined above, each reference to personal data or collected information in this Privacy Policy, for users based in the European Economic Area (the "EEA"), shall be read as references to personal data.

 

We may store and process your data outside the EEA. The personal data that we collect and process may be transferred to, and stored at, a destination outside the EEA. It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff may be engaged in the provision of support services to you or subcontractors who help us process the personal data we process on your behalf.

 

Purposes For Collecting Personal Data

We will only process your personal data in accordance with applicable data protection and privacy laws. We need certain personal data in order to provide you with access to the Site. If you registered with us, you will have been asked to check a box indicating your agreement to provide this data in order to access our services or view our content. This consent provides us with the legal basis we require under applicable law to process your data. You maintain the right to withdraw such consent at any time. If you do not agree to our use of your personal data in line with this policy, please do not use our website.  When fulfilling our contractual obligations to our customers (i.e., the data controllers), we have a legitimate interest in processing certain personal data for such contractual purposes.

We do not use your personal data for the purposes of automated decision-making.  However, we may do so in order to fulfil obligations imposed by law, in which case we will inform you of any such processing and provide you with an opportunity to object. 

 

Links to other sites
Our websites may contain links to and from the websites of our partner networks and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

 

Use of Cookies
Cookies are small data files stored sent from a website and stored within a user’s web browser/hard drive. Cookies may contain session information or settings to enhance a user’s experience or may be necessary to utilize a website’s applications. ATPCO uses both session Cookies (which expire once Users close their web browser) and persistent Cookies (which stay on Users’ computers or devices until they delete them) to provide you with a more personal and interactive experience on our websites. This type of information is collected to distinguish different users.

 

Visitors to our site will typically be able to remove and reject Cookies from our website by changing their browser settings. Many browsers and devices are set to accept Cookies until you change your settings. Please note that if you do choose to remove or reject our Cookies, it will affect your usage of our site and applications. Our applications require the use of Cookies.

Our website uses the following types of cookies for the purposes set out below:

 

Type
of cookies

Purpose

Essential Cookies

These cookies are essential to provide you with services available through our website and to enable you to use some of its features.   Without these cookies, the services that you have asked for cannot be provided, and we only use these cookies to provide you with those services.

Functionality Cookies

These cookies allow our website to remember choices you make when you use our website.  The purpose of these cookies is to provide you with a more personal experience and to avoid you having to re-enter your preferences every time you visit our website.

Analytics and Performance Cookies

These cookies are used to collect information about traffic to our website.  The information gathered does not identify any individual visitor.  The information is aggregated and anonymous. We use this information to help operate our website more efficiently, to gather broad demographic information and to monitor the level of activity on our website. 

We use Google Analytics and other third party analytics services for this purpose. Google Analytics uses its own cookies.  It is only used to improve how our website works.  You can find out more information about Google Analytics cookies here: https://developers.google.com/analytics/resources/concepts/gaConceptsCookies.  You can find out more about how Google protects your data here: www.google.com/analytics/learn/privacy.html.

[You can prevent the use of Google Analytics relating to your use of our website by downloading and installing the browser plugin available via this link: http://tools.google.com/dlpage/gaoptout?hl=en-GB].

 

Social Media Cookies

These cookies are used when you share information using a social media sharing button or “like” button on our website or you link your account or engage with our content on or through a social networking website such as Facebook, Twitter, or Google+.  The social network will record that you have done this. 

 

ATPCO does not collect or maintain personally identifiable information within Cookies created or used by our websites.

 

Information Stored On Us-Based Servers
If you are outside the United States, you should know that any personal data entered into the network will be transferred out of your country and into other countries, including, but not limited to the United States, where data protection and privacy regulations may not offer the same level of protection as in other parts of the world. By using our Site, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this policy. By using the ATPCO systems, you consent to such transfer, and are representing that you have the right to transfer such information outside your country.

We will only retain your personal data as long as reasonably required for you to use the Site and/or to provide you with the Services unless a longer retention period is required or permitted by law (for example, for regulatory purposes).

 

Data Subject Requests

1.    Access to and Amending of your Personal Data
Where we act as a data controller of any personal data (see above), the EU Directive gives you the right to access information we hold about you. Such requests are called subject access requests (“SARS”).  Most data we house originates via an access request from your employer or data partner. Once your access is established, you have the ability to view or modify the data provided by your employer or data partner.

Much of this data is available to view or update on https://faremanager.atpco.net via the “Update User Information” link.

2.    Right to Erasure
EU individuals have the right, in certain circumstances, to request that the company erases their EU personal data.  When such a request is made, ATPCO will, unless there is an exemption under applicable law, erase the EU personal data without undue delay, if, the EU personal data are no longer necessary in relation to the purpose for which it was collected.  If the company is not going to respond to the request, it shall inform the EU individual of the reasons for not taking action and of the possibility of lodging a complaint with the data protection authority in their country.
 

3.    Opt-out
You may contact us at any time to opt-out of (i) any new processing of your personal data that we may carry out beyond the original purpose; or (ii) the transfer of your personal data outside the EEA. Further, if you do not want ATPCO to store any of your personal data identified in this Privacy Policy, you will need to relinquish your access to ATPCO’s systems where a login is required. Contact your organization’s access authorizer to request removal of your access to ATPCO systems and services.

 

Data Subject Requests

If you wish to formally request access to personal data we hold about you, entered by you on various internet forms within our systems, you may do so in accordance with your rights under the EU Directive. Any such request may be subject to a fee of US $10 to meet reasonable costs in providing you with details of the information we hold about you. In your request, please make clear: (i) what personal data is concerned; and (ii) which of the above rights you would like to enforce. For your protection, we may only implement requests with respect to the personal data associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request. We will try to comply with your request as soon as reasonably practicable and in any event, within one month of your request. Please note that we may need to retain certain information for recordkeeping purposes prior to requesting such change or deletion. If you wish to make such a request, please contact privacy@atpco.net with any questions or concerns.

 

Employee Personal Data

ATPCO commits to cooperate with the panel established by the EU data protection authorities (DPAs) and comply with the advice given by the EU DPA with regard to human resources data transferred from the EU in the context of the employment relationship. Please contact us at privacy@atpco.net to be directed to the relevant DPA contacts.