ITA Group, Inc. Privacy/Security Policy
Effective date: 09/13/2021

ITA Group, Inc. (“ITA Group”) and its domestic subsidiaries International Travel Associates, Inc., Chadwick Martin Bailey, Inc., and Hartmann Studios, Inc. have a strong commitment to respecting your concerns about privacy.

We understand you may have questions about whether and how we collect and use information. We have prepared this statement to inform you of the privacy principles governing our website and our products and services. We encourage you to read this policy carefully as it will help you make informed decisions about sharing your personal information with us.

If you are unable to access this policy due to a disability or any physical or mental impairment, please contact us using the contact details in the “How Do I Contact ITA Group” Section and we will arrange to supply you with the information you need in an alternative format that you can access.

 

1. What does ITA Group do?

ITA Group creates and manages events, incentives and recognition programs that help to align and motivate our clients and their people.  ITA Group is headquartered in West Des Moines, Iowa, United States, with clients all around the world.  For more details see https://www.itagroup.com/our-story

 

2. What information does ITA Group collect about me?

(a) Information collected through our products and services

In the course of using our products and services, you may need to provide ITA Group with certain personal information. For example, when we organize events or arrange travel on your behalf, details such as your name, address, contact details, company name, job title, date of birth and payment information may be required. We may also need information like your social security number, passport details and proof of citizenship in certain cases. However, we will only collect such information for the purposes of providing the services to you, and when we do so, we will act only in accordance with your instructions or those of our client (typically your employer or otherwise in line with this Privacy Notice).  

You can always choose not to provide your personal information to ITA Group in this way, but it may mean that we are unable to provide our services to you or that some features of our products and services will be unavailable.

(b) Information collected through our website and other means

We may also collect personal information when you visit our website; for example, when you submit details about your name, title, company, address and other contact details through our website forms. We may also collect personal information by other means, such as when you correspond with us by post, email or telephone, or complete our surveys or attend ITA Group events.

In addition, when you visit our website, our servers will automatically log certain information such as your IP address, browser type, files requested and domain name. This information is collected primarily to improve our website through internal analytics, maintain security and to better meet our client's needs.

Some of this information will be collected through cookies and similar technologies. You can find out more about this in the Cookies section below.

 

3. Does ITA Group collect information about me from others?

There are limited circumstances in which we may receive information about you from others. For example, our clients may provide personal information about others (such as their employees, agents, suppliers or customers) in the course of using our products and services for the purposes of managing aspects of their business, or organizing events or incentive programs. In such cases, we are collecting the information purely on behalf of our client, on their instructions, and we rely on our clients to only provide your information where lawfully entitled to.  We do not have control over their privacy policies and practices and suggest you read them if you have any concerns.

 

4. How does ITA Group use my personal information?

We will use your personal information to deliver our products and services to you.  For example, to deliver the requested event, incentive or recognition program.  We also use your personal information to manage your client account, for general business administration, to respond to communications, and to provide technical or client support.  We provide information about ITA Group products and services you may find of interest in line with your consent preferences and measure the effectiveness of our advertising.

We will only process personal information in ways that are compatible with the purposes for which we have collected it, or for purposes that you later authorize.

We may also use aggregated anonymized data for internal business purposes – such as for analytical/statistical purposes and for business forecasting – and to help improve our products and services.

 

5. Does ITA Group disclose my personal information to third parties?

There are only a limited number of parties with whom we share your personal information – these may include disclosures:

  • to our group companies (list available here) and other subsidiaries part-owned by ITA Group who will use your personal information only for the purposes that are disclosed in this Privacy Notice;
  • to our clients on whose behalf we organise events or operate incentive and recognition programs (for example, we share your attendance at an event or participation in a reward program with the relevant client in line with your consent preferences);
  • to our third party services providers and partners who provide data processing services to us or who otherwise support the operation of our business and services (for example, to venue providers, and travel and accommodation providers, in order to enable your participation in an event, or fulfilment partners who help us to deliver awards when you redeem points through the incentive and recognition programs for operate for clients), or who otherwise process personal information for purposes that are described in this policy or notified to you when we collect your personal information.  We only disclose to service providers the information necessary to perform the relevant service on our behalf and have put contractual controls in place as required by law;
  • to any competent law enforcement body, regulatory, government agency, court or similar third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person;
  • to an actual or potential buyer (and its agents and advisers) in connection with any actual or proposed purchase, merger or acquisition of any part of our business, provided that we inform the buyer it must use your personal information only for the purposes disclosed in this Privacy Notice; and
  • to any other person with your consent to the disclosure.

 

6. How does ITA Group keep my information secure?

We implement appropriate technical and organisational security measures to protect the personal information we collect and use about you.  When you are asked to provide personal information (as part of our products or services or on our corporate website), a "secure session" will first be established using SSL. This technology encodes information as it is being sent over the Internet between your computer and our secure servers. That helps ensure the information remains secure. You will know when a secure session is taking place and when it is not. Your browser uses a symbol – typically a key or padlock – as an indicator. When your session is secure, an unbroken key may appear; when your session is not secure, a broken key symbol may appear. Each time you visit our site, you should see an unbroken key.

PCI data and other more sensitive information – such as a credit/debit card number, Social Security Number, or Passport number – is only collected when necessary to fulfill the services requested. This type of information is stored securely on our servers. ITA Group, Inc. is compliant with the Payment Card Industry Data Security Standard (PCI DSS).  We contract with a PCI Approved Scanning Vendor (ASV) to provide regular security scanning of our cardholder data environment to maintain the integrity of our security measures. 

Please however keep in mind that we cannot guarantee that the internet itself is 100% secure. Although we will do our best to protect your personal information, transmission of personal information to and from our site is at your own risk. You should only access our website and services within a secure environment.

 

7. Where does ITA Group store my information?

ITA Group's servers are located in the USA. If you are a non-US resident, this means that your personal information will be transferred to the USA.  We have taken appropriate safeguards to ensure that your personal information will be protected in accordance with this Privacy Notice.

Standard Contractual Clauses

We have implemented the European Commission Standard Contractual Clauses for transfers between ITA Group companies or from clients based in the European Economic Area ("EEA"), which require all group companies to protect personal information from the EEA in accordance with EU law.  More details are available on request.

EU-US and Swiss-US Privacy Shield

We are aware that since July 2020 the Privacy Shield Frameworks have been declared invalid by the European Court of Justice as a transfer mechanism.  However, to demonstrate our commitment to the sound data governance principles it contains and to provide EEA and Swiss individuals with a simple complaint mechanism, we have decided to voluntarily maintain our certifications.

In relation to personal information we receive from the EU and Switzerland, ITA Group, Inc. and International Travel Associates Corporation participate and comply with the EU-US and Swiss-US Privacy Shield Frameworks as set forth by the US Department of Commerce.  We commit to apply the Privacy Shield Principles to all personal information received from the EU and Switzerland in reliance on the Shield. For more information about the Privacy Shield, and to view our certification on the Privacy Shield List, please see the Privacy Shield website at www.privacyshield.gov.

For the purposes of enforcing compliance with the Privacy Shield, we are subject to the investigatory and enforcement authority of the US Federal Trade Commission.

If we receive your personal information in the US and subsequently transfer that information to a third party acting as an agent, and such third party agent processes your personal information in a manner inconsistent with the Privacy Shield Principles, we will remain responsible unless we can prove we are not responsible for the event giving rise to the damage.

You can direct any questions or complaints about the Privacy Shield to us using the contact details in Section 11 below. We will investigate and attempt to resolve any Shield-related complaints or disputes within forty five (45) days of receipt.

We have further committed to cooperate and comply with the panel of European data protection authorities (EU DPAs) and the Swiss Federal Data Protection and Information Commissioner (Swiss FDPIC) in the resolution of any Privacy Shield complaints. If you have an unresolved Privacy Shield complaint that we have not addressed satisfactorily, please contact your local EU DPA or the Swiss FDPIC, as applicable.  The contact details of the EU DPAs can be found here.

You may also have the option to select binding arbitration for the resolution of your complaint under certain circumstances. To find out more about the Shield's binding arbitration scheme, please see https://www.privacyshield.gov/article?id=ANNEX-I-introduction.

 

8. Marketing emails

Where it is in accordance with your marketing preferences, the e-mail address you provide when requesting services or information from us may be used to communicate future information, including news and announcements, and information about our products and services. Any marketing related communications sent by ITA Group have an automatic opt-out link at the bottom of each communication. You may elect to remove yourself from further informational communications by selecting and confirming this link.

 

9. Legal basis (EEA and UK visitors only)

In most cases we are acting on the instructions of its clients, who determine the legal basis.

Where we collect personal information on our own behalf and where you are a visitor from the EEA or UK, our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it.

We will normally collect personal information from you only where we have your consent to do so, where we need the personal information to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of another person.

If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, or for more details on our legitimate interests, please contact us using the contact details provided in the "How do I contact ITA Group" section below.

 

10. What rights do I have in relation to my personal information?

Depending on your location, your jurisdiction, and subject to applicable law, you may have certain rights with regard to the personal information we control about you. We will respond to your requests within the appropriate timeline under applicable law.

 

Where we process personal information on behalf of our clients as part of the services we provide, we are not responsible for their use of the data and cannot control their data collection and privacy practices. Any individual who seeks to exercise their rights should direct their query to the client in question. For example, if your employer has uploaded your personal information in the course of using our services, you should contact your employer directly.  We will respond to requests from clients in accordance with applicable law and our service agreement with the relevant client.

Where we collect personal information on our own behalf (and not on behalf of our clients), ITA Group will grant individuals their rights, where required under the Privacy Shield or applicable law. California consumers should see the section below "Additional Disclosures for California Consumers" for more detailed information.

If the processing of personal information about you is subject to European Union data protection law, you have certain rights with respect to that data. Depending on your location, your rights may include: the right to access, correction or deletion, the right to object or to portability.  You may also object to direct marketing as detailed in section 8 above, and withdraw your consent (although this will not affect the lawfulness of any processing prior to withdrawal) These requests can be made by sending an email to privacy@itagroup.com or by using the contact details in Section 14 below. Please note that requests to access your personal information may be subject to a fee specified by applicable law. If you are a visitor from the EEA or UK, and you believe that we have not processed your personal information in accordance with the applicable provisions of the EU General Data Protection Regulation, you may lodge a complaint with the respective DPA.

 

11. Who long does ITA Group retain my data?

We will only keep your personal information for as long as we require it for the purposes set out in this policy. However, we may also keep some of your personal information for specified period of time under our data retention policy, and as required by certain laws – for example those relating to corporate governance, money laundering and financial reporting legislation – or, where your personal information is controlled by our clients, in accordance with our clients' instructions.

 

12. Does ITA Group use cookies? 

Yes, we do. Cookies are small data files that are placed on your computer or mobile device when you visit a website or use online services. Many websites – including this one – use cookie technology to help users navigate efficiently and simplify the browsing experience as well as provide analytics information to help us improve our website and services.

Cookies set by the website owner (in this case, ITA Group) are called "first party cookies".  Cookies set by parties other than the website owner are called "third party cookies".  Third party cookies enable third party features or functionality to be provided on or through the website (e.g. like advertising, interactive content and analytics). 

Type of cookies

Who serves these cookies

How to refuse

Essential website cookies: 

These cookies are strictly necessary to provide you with services available through our Website and Services and to use some of their features, such as the ability to sign in and access to secure areas. 

ITA Group

Because these cookies are strictly necessary to deliver the Website and Services to you, you cannot refuse them.

You can block or delete them by changing your browser settings however, as described below under the heading "Controlling cookies?".

 

Performance and functionality cookies:

These cookies are used to enhance the performance and functionality of our Website and Services but are non-essential to their use (e.g. to help us customize or localize content and features for you, to collect performance and error data). However, without these cookies, certain functionality may become unavailable. 

ITA Group

Marketo

To refuse these cookies, please follow the instructions below under the heading "Controlling cookies?"

Analytics cookies:

These cookies collect information that is used in aggregate form to help us understand how our Website and Services are being used or how effective are marketing campaigns are.

Marketo

CrazyEgg

Google Analytics

 

To refuse these cookies, please follow the instructions below under the heading "Controlling cookies?"

Alternatively, please click on the relevant opt-out link below:

 

 Advertising cookies:

These cookies are used to make advertising messages more relevant to you.  They provide interest-based advertisements and retarget our ads on third party websites you visit.

Adroll

To refuse these cookies, please change your settings in our Cookie Consent Manager

Alternatively, please click on the relevant opt-out link below:

 

Controlling cookies

You can change your settings in our Cookie Consent Manager.  Alternatively, you can set or amend your web browser controls to accept or refuse cookies. If you choose to reject cookies, you may still use our Website and Services though your access to some functionality and areas of our sites may be restricted.   As the means by which you can refuse cookies through your web browser controls vary from browser-to-browser, you should visit your browser's help menu for more information. Here are the current relevant information pages for the main browsers:

In addition, most advertising networks offer you a way to opt out of targeted advertising.  If you would like to find out more information, please visit http://www.aboutads.info/choices/http://www.networkadvertising.org/choices/ or http://youronlinechoices.com/.

 

Do Not Track

“Do not track” refers to how Internet web browsers may request that a web application turn off tracking through the use of an HTTP header. ITA Group does not make use of this header. However, tracking that is done by cookies may be managed within your browser settings, as explained above.

 

13. Additional Disclosures for California Consumers

California law requires us to provide California consumers with some additional information regarding how we collect, use, and share your "personal information" (as defined in the California Consumer Privacy Act ("CCPA")). Throughout this policy, we discuss in detail the specific pieces of information we collect from you or your device and discuss how we use and share such information.

As described in detail in Section 2 above we may collect the following categories of information about you through the ITA products and services or when you visit our sites:

  • Identifiers, such as name and contact information;
  • Customer Records information
  • Device identifiers, such as IP address;
  • Internet or other network or device activity, such as browsing history or app usage;
  • Geolocation information; and other information that identifies or can be reasonably associated with your device;
  • Commercial information, such as transaction data;
  • Professional or other employment related information, such as where you work and your title; and
  • Financial information, such as credit card and payment data.

The sources from which we collect personal information are described in Sections 2 ("What information does ITA Group Collect About Me"), and Section 3 (" Does ITA Group collect information about me from others?") of this Privacy Policy. The business and commercial purposes for which we collect this information are described in section 4 ("How Does ITA Group Use My Personal Information?") of this Privacy Policy. The categories of third parties to whom we "disclose" this information for a business purpose are described in section 5 ("How Does ITA Group Disclose My Personal Information to Third Parties?") of this Privacy Policy.

The CCPA, provides California residents with the following rights:

  • You may request access to, or for a copy of the personal information we have collected, used, disclosed, and sold about you over the past twelve (12) months.
  • You may also request that we delete certain personal information we have collected from you.
  • You have a right not to receive discriminatory treatment for the exercise of your CCPA privacy rights.

If you are a California resident seeking to exercise your CCPA rights, or if you are an authorized agent wishing to exercise CCPA rights on behalf of someone else, please e-mail us at privacy@itagroup.com or refer to our contact details in Section15 of this Privacy Policy.

Please note that to protect your personal information, we will verify your identity by a method appropriate to the type of request you are making. We may also request that your authorized agent have written permission from you to make requests on your behalf, and we may also need to verify your authorized agent's identity to protect your personal information.

As mentioned above, ITA Group may provide third parties with certain personal information to provide or improve our products and services, for example to deliver products or services at your request. In such cases, we require those third parties to handle the information in accordance with applicable laws and regulations. ITA Group does not sell personal information to third parties (pursuant to California Civil Code §§ 1798.100–1798.199, also known as the CCPA.  

 

14. Amendments to this Policy

ITA Group, Inc. may amend this policy from time to time and will post the updated policy on this site. You can see when it was last updated at the top of this policy. Please try to check on this page from time to time so that you can keep up to date with any changes.

If we make any material changes, we will take appropriate measure to inform you, consistent with the significance of the change, for example, posting a prominent notice on the website, and/or notifying you via email or through our services.

 

15. How do I contact ITA Group with questions or comments about this Policy?

If you have any questions about this policy or our privacy practices generally (including our Privacy Shield certification), please contact our Privacy team at privacy@itagroup.com or at our postal address:

ITA Group, Inc.
Privacy Team
Attention: General Counsel

4600 Westown Parkway
West Des Moines, Iowa 50266

Tel: +1 (800) 257-1985

EEA or UK visitors: where we process information on behalf of our clients, the data controller is the relevant client (typically your employer or group leader); where we process information on our own behalf, the data controller is ITA Group Inc.