fbpx

EU-US Data Privacy Framework

Privacy Statement

ADTRAV is committed to protecting your privacy and developing technology that gives you the most powerful and safe online experience. This Policy applies to the processing of Personal Data that ADTRAV obtains from Customers located in the European Union, European Economic Area, and the United Kingdom (and Gibraltar). This policy applies to ADTRAV, RezDesk, and any relevant affiliates. By using the ADTRAV website, you consent to the data practices described in this statement.

ADTRAV complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and United Kingdom to the United States.  ADTRAV has certified to the Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF.  If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern.  To learn more about the Data Privacy Framework (DPF), and to view our certification, please visit https://www.dataprivacyframework.gov

All ADTRAV employees who handle Personal Data from Europe and the United Kingdom (Gibraltar) are required to comply with the Principles stated in this policy.

Scope

This Data Privacy Framework Policy Statement applies to all personal information received by ADTRAV in the United States from the EEA, United Kingdom (and Gibraltar), in any format, including electronic, paper or verbal.  This policy does not cover information from which individual persons cannot be identified.

Policy Management

ADTRAV has designated an internal information security team to maintain this privacy policy and to comply with the Data Privacy Framework program.  This team will conduct compliance audits of its relevant privacy practices to verify adherence to this Policy.  Any employee that ADTRAV determines is in violation of this policy will be subject to disciplinary action up to and including termination of employment. Any questions, concerns, or comments regarding this Policy may be directed to privacy@adtrav.com.

ADTRAV will renew its Data Privacy Framework certification annually or until it is no longer necessary.

 

Disclosures / Onward Transfers of Personal Data

ADTRAV does not sell, rent or lease its customer lists to third parties. ADTRAV discloses Personal Data only to third parties who reasonably need to know such data.  All such third parties must agree to abide by confidentiality obligations and are prohibited from using your personal information except to provide services related to ADTRAV.  All third parties are required to maintain the confidentiality of your information.

In cases of onward transfer to third parties of data of individuals received pursuant to the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, ADTRAV is potentially liable. ADTRAV’s liability under this agreement will be governed by the contract in place between Customer and ADTRAV.

Collection and use of Personal Data

ADTRAV collects and uses your personal information to deliver the services that customers have requested. ADTRAV also uses your personally identifiable information to inform you of other products or services available from ADTRAV and its affiliates. ADTRAV may also contact you via surveys to conduct research about your opinion of current services or of potential new services that may be offered.

ADTRAV does not use or disclose sensitive personal information, such as race, religion, or political affiliations, without your explicit consent.

ADTRAV keeps track of the Web sites and pages our customers visit within ADTRAV, in order to determine what ADTRAV services are the most popular. This data is used to deliver customized content and advertising within ADTRAV to customers whose behavior indicates that they are interested in a particular subject area.

ADTRAV Web sites will disclose your personal information, without notice, only if required to do so by law or in the good faith belief that such action is necessary to: (a) conform to the edicts of the law or comply with legal process served on ADTRAV or the site; (b) protect and defend the rights or property of ADTRAV; and, (c) act under exigent circumstances to protect the personal safety of users of ADTRAV, or the public.

Securing Personal Data

ADTRAV will take reasonable precautions to protect personal information in its possession from loss, misuse and unauthorized access, disclosure, alteration and destruction. ADTRAV secures the personally identifiable information you provide via servers that are in a controlled, secure environment, protected from unauthorized access, use or disclosure. For example, all electronic data is stored on secure networks protected by firewalls.  ADTRAV also limits employee access to Customer Personal Data via logical and physical restrictions.  ADTRAV may also employ encryption technology to protect certain types of personal data.

Rights to Access Data

As a customer of ADTRAV, you have the right to access your data at any time.  Upon reasonable request and as required by the DPF principles, ADTRAV allows Customers access to their Personal Data. You may request limitation on the use of your personal data specified in the agreement by contacting us at privacy@adtrav.com. Note that personal data shall be removed from ADTRAV systems permanently upon closure of Customer accounts, and in those cases, personal information is no longer accessible.

Choice

We always give you the choice to opt out of email communication, with the exception of system emails, such as digital receipts and password reset information. You can opt out of receiving further communications by contacting Privacy@adtrav.com. To honor your request, we will need the exact information you want changed, as well as information sufficient for us to identify the type of communication you received from us. Anytime you provide personal information to us, you determine whether or not we may disclose such information in a personally identifiable form to a third party or use it for the purposes different from the purposes for which it was originally collected or subsequently authorized.

Accountability for Onward Transfers

If we receive personal information subject to our certification under the DPF and then transfer such information to a third-party service provider acting as an agent on our behalf, we have certain liability under the DPF if the agent processes such information in a manner inconsistent with the DPF except when we are not responsible for the event giving rise to the damage.  If we transfer personal information outside the EEA or United Kingdom (and Gibraltar), we will implement appropriate and suitable safeguards to ensure that such data will be protected as required by applicable data protection law, including the DPF.  Depending on the circumstances, we may enter into standard contractual clauses with certain entities, including our service providers, or rely on the European Commission’s adequacy decisions.

Dispute Resolution

In compliance with the DPF, ADTRAV commits to resolve complaints about our collection or use of your personal information.  Individuals with inquiries or complaints regarding our privacy policy should first contact ADTRAV via the contact methods below:

Email: privacy@adtrav.com

ADTRAV Privacy Office
4555 Southlake Parkway
Birmingham AL 35244

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF ADTRAV has further committed to resolve DPF Principles-related complaints about our collection and use of your personal information. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, ADTRAV has agreed to participate in the following dispute resolution procedures in the investigation and resolution of complaints to resolve disputes pursuant to the DPF:

  • For disputes involving personal information received by ADTRAV from the EU or EEA, ADTRAV agrees to cooperate with the EU Data Protection Authorities (DPAs);
  • For disputes involving personal information received by ADTRAV from the UK (and Gibraltar), ADTRAV agrees to cooperate with the UK Information Commissioner’s Office (ICO) and the Gibraltar Regulatory Authority (GRA)

The Federal Trade Commission (FTC) has jurisdiction over ADTRAV’s compliance with the EU U.S DPF and the UK Extension to the EU-U.S. DPF.

Under certain conditions, more fully described on the Data Privacy Framework Website, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.

Limitation on Application of Principles

Adherence by ADTRAV to these DPF Principles may be limited (a) to the extent required to respond to a legal or ethical obligation; (b) to the extent necessary to meet national security, public interest or law enforcement obligations; and (c) to the extent expressly permitted by an applicable law, rule or regulation.

Contact Information

Questions or comments regarding this Policy should be submitted to the ADTRAV Privacy Office by email or standard mail to:

ADTRAV Privacy Office
4555 Southlake Parkway
Birmingham AL 35244

Email: privacy@adtrav.com

Changes to this Data Privacy Framework Policy

This Policy may be amended from time to time, consistent with the requirements of the Data Privacy Framework. A notice will be posted on the ADTRAV web page (www.adtrav.com) for 30 days whenever this Data Privacy Framework Policy is changed in a material way.