ITA Group, Inc. – Privacy Policy

Last updated: January 22, 2026

Approved by: Jason Katcher, Chief Information Officer and Lou Ebinger, Chief Legal Officer

ITA Group, Inc. (“ITA Group,” “we,” “our,” or “us”) and its domestic subsidiaries International Travel Associates, Inc., Chadwick Martin Bailey, Inc., and Hartmann Studios, Inc. have a strong commitment to respecting your concerns about privacy.

We understand you may have questions about whether and how we collect and use information. We have prepared this Privacy Policy to inform you of the privacy principles governing our website and our products and services. We encourage you to read this Privacy Policy carefully as it will help you make informed decisions about sharing your personal information with us.

If you are unable to access this policy due to a disability or any physical or mental impairment, please contact us using the contact details in the “How Do I Contact ITA Group” Section and we will arrange to supply you with the information you need in an alternative format that you can access.

The rights discussed in certain sections of this Privacy Policy may be subject to exemptions or other limitations under applicable law.  Please review this Privacy Policy carefully to understand what we do in regards to your personal information. If you are a California resident, please review the below Section 13, “Additional Disclosures for California Consumers” for additional disclosures, our Notice at Collection, and a description of your rights under the California Consumer Privacy Act (as amended by the California Privacy Rights Act, along with any implementing regulations and as may be amended, the “CCPA”).

1. What does ITA Group do?

ITA Group creates and manages events, incentives and recognition programs that help to align and motivate our clients and their people.  ITA Group is headquartered in West Des Moines, Iowa, United States, with clients all around the world.  For more details see itagroup.com/what-we-do.

2. What information does ITA Group collect about me?

(a) Information collected through our products and services

In the course of using our products and services, you may need to provide ITA Group with certain personal information. For example, when we organize events or arrange travel on your behalf, details such as your name, address, contact details, company name, job title, date of birth and payment information may be required. We may also need information like your social security number, passport details and proof of citizenship in certain cases. However, we will only collect such information for the purposes of providing the services to you, and when we do so, we will act only in accordance with your instructions or those of our client (typically your employer or otherwise in line with this Privacy Policy).  Please note that some of this information may be considered sensitive personal information under applicable law.

You can always choose not to provide your personal information to ITA Group in this way, but it may mean that we are unable to provide our services to you or that some features of our products and services will be unavailable.

(b) Information collected through our website and other means

We may also collect personal information when you visit our website; for example, when you submit details about your name, title, company, address and other contact details through our website forms. We may also collect personal information by other means, such as when you correspond with us by post, email or telephone, or complete our surveys or attend ITA Group events.

In addition, when you visit our website, our servers will automatically log certain information such as your IP address, browser type, files requested and domain name. This information is collected primarily to improve our website through internal analytics, maintain security and to better meet our client's needs.

Some of this information will be collected through cookies and similar technologies. You can find out more about this in the Cookies section below.

3. Does ITA Group collect information about me from others?

There are limited circumstances in which we may receive information about you from others. For example, our clients may provide personal information about others (such as their employees, agents, suppliers or customers) in the course of using our products and services for the purposes of managing aspects of their business, or organizing events or incentive programs. In such cases, we are collecting the information purely on behalf of our client, on their instructions, and we rely on our clients to only provide your information where lawfully entitled to.  We do not have control over their privacy policies and practices and suggest you read them if you have any concerns.

We may receive personal information about you from third-party sources to help us identify potential customers and improve our marketing efforts. These sources include:

• Lead Generation Partners and Data Brokers: We may obtain your name, business contact details, and professional information from companies that compile and sell business contact lists.
• Marketing Affiliates and Referral Partners: If you have interacted with one of our partners and consented to share your information, they may provide us with your details.
• Publicly Available Sources: We may collect information from public websites, social media platforms, and business directories.

We may use this information to contact you about our products and services, tailor marketing communications to your interests, and maintain accurate and up-to-date business records.

4. How does ITA Group use my personal information?

We will use your personal information to deliver our products and services to you.  For example, to deliver the requested event, incentive or recognition program.  We also use your personal information to manage your client account, for general business administration, to respond to communications, and to provide technical or client support.  We provide information about ITA Group products and services you may find of interest in line with your consent preferences and measure the effectiveness of our advertising.

We will only process personal information in ways that are compatible with the purposes for which we have collected it, or for purposes that you later authorize.

We may also use aggregated anonymized data for internal business purposes – such as for analytical/statistical purposes and for business forecasting – and to help improve our products and services.

5. Does ITA Group disclose my personal information to third parties?

There are only a limited number of parties with whom we share your personal information – these may include disclosures:

• to our group companies (list available here) and other subsidiaries part-owned by ITA Group who will use your personal information only for the purposes that are disclosed in this Privacy Policy;

• to our clients on whose behalf we organise events or operate incentive and recognition programs (for example, we share your attendance at an event or participation in a reward program with the relevant client in line with your consent preferences);

• to our third party services providers and partners who provide data processing services to us or who otherwise support the operation of our business and services (for example, to venue providers, and travel and accommodation providers, in order to enable your participation in an event, or fulfilment partners who help us to deliver awards when you redeem points through the incentive and recognition programs for operate for clients), or who otherwise process personal information for purposes that are described in this policy or notified to you when we collect your personal information.  We only disclose to service providers the information necessary to perform the relevant service on our behalf and have put contractual controls in place as required by law;

• to any competent law enforcement body, regulatory, government agency, court or similar third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person; where notice or your consent to share with a government body is required by law, you will be notified or your consent will be obtained pursuant to applicable law;

• to an actual or potential buyer (and its agents and advisers) in connection with any actual or proposed purchase, merger or acquisition of any part of our business, provided that we inform the buyer it must use your personal information only for the purposes disclosed in this Privacy Policy; and

• to any other person with your consent to the disclosure.

Please note that for purposes of this Section 5 (“Does ITA Group disclose my personal information to third parties?”) “sharing” does not mean “sharing” as defined under the CCPA. For additional disclosures and information on our CCPA practices, please review  Section 13 “Additional Disclosures for California Consumers” below.

To the extent not required by law or contract, you have the opportunity to choose (opt out) whether your personal information is disclosed to third parties. Requests to opt out can be made by sending an email to privacy@itagroup.com or using the contact information in Section 17 below.

6. How does ITA Group keep my information secure?

We implement appropriate technical and organisational security measures to protect the personal information we collect and use about you. When you are asked to provide personal information (as part of our products or services or on our corporate website), a "secure session" will first be established using SSL. This technology encodes information as it is being sent over the Internet between your computer and our secure servers. That helps ensure the information remains secure. You will know when a secure session is taking place and when it is not. Your browser uses a symbol – typically a key or padlock – as an indicator. When your session is secure, an unbroken key may appear; when your session is not secure, a broken key symbol may appear. Each time you visit our site, you should see an unbroken key.

PCI data and other more sensitive information – such as a credit/debit card number, Social Security Number, or Passport number – is only collected when necessary to fulfill the services requested. This type of information is stored securely on our servers. ITA Group, Inc. is compliant with the Payment Card Industry Data Security Standard (PCI DSS).  We contract with a PCI Approved Scanning Vendor (ASV) to provide regular security scanning of our cardholder data environment to maintain the integrity of our security measures. 

Please however keep in mind that we cannot guarantee that the internet itself is 100% secure. Although we will do our best to protect your personal information, transmission of personal information to and from our site is at your own risk. You should only access our website and services within a secure environment.

7. Where does ITA Group store and process my information?

ITA Group's servers are located in the USA. If you are a non-US resident, this means that your personal information will be transferred to the USA.  We have taken the following appropriate safeguards to ensure that the personal information of residents of the EU/EEA, the United Kingdom, and Switzerland will be protected when transferred to the USA in accordance with this Privacy Policy.

Data Privacy Framework

ITA Group, Inc. and International Travel Associates Inc. participate and comply with the EU-US Data Privacy Framework ("EU-US DPF"), the UK Extension to the EU-US DPF, and the Swiss-US Data Privacy Framework ("Swiss-US DPF"), as set forth by the US Department of Commerce. We have certified to the US Department of Commerce that we commit to comply with the EU-US DPF Principles with regards to the processing of personal information received from the European Union in reliance on the EU-US DPF, and from the United Kingdom in reliance on the UK Extension to the EU-US DPF. We have also certified to the US Department of Commerce that we commit to comply with the Swiss-US DPF Principles with regards to the processing of personal information received from Switzerland in reliance on the Swiss-US DPF (collectively, the "DPF Principles"). If there is any conflict between the terms in this privacy policy and the DPF Principles, the DPF Principles shall govern.

To learn more about the DPF, and to view our certification, please visit: https://www.dataprivacyframework.gov/.

Our compliance with the DPF Principles is subject to the investigatory and enforcement authority of the US Federal Trade Commission ("FTC").

If we receive your personal information in the US and subsequently transfer that information to a third party acting as our agent, and such third party agent processes your personal information in a manner inconsistent with the DPF Principles, then we will remain liable unless we can prove we are not responsible for the event giving rise to the damage.

If you have any questions or complaints about our DPF certification, you can contact us by using the contact details in Section 17 below.

We will investigate and attempt to resolve any DPF-related complaints or disputes within forty-five (45) days of receipt.

We have further committed to cooperate and comply with the panel of European Data Protection Authorities (EU DPAs), the UK Information Commissioner's Office (ICO), and the Swiss Federal Data Protection and Information Commissioner (Swiss FDPIC) as our designated independent recourse mechanisms. As such, if you have a DPF-related complaint which you believe we have not addressed or resolved to your satisfaction, please contact your local EU DPA, the UK ICO, or the Swiss FDPIC, as applicable. These services are provided free of charge to you. The contact details of the EU DPAs, the UK ICO, and the Swiss FDPIC can be found here respectively:
https://edpb.europa.eu/about-edpb/about-edpb/members_en;
https://ico.org.uk/global/contact-us/contact-us-public/; and https://www.edoeb.admin.ch/edoeb/en/home/deredoeb/kontakt/kontaktformular_uebrige.html.

If neither ITA Group nor the EU DPAs, UK ICO or Swiss FDIC (as applicable) can resolve your complaint, you may also have the option to invoke binding arbitration for the resolution of your complaint under certain circumstances. To find out more about the DPF's binding arbitration scheme, please see https://www.dataprivacyframework.gov/s/article/How-to-Submit-a-Complaint-Relating-to-a-Participating-Organization-s-Compliance-with-the-DPF-Principles-dpf.  

Standard Contractual Clauses

In addition to our participation and compliance with the DPF Frameworks, we have implemented the European Commission Standard Contractual Clauses ("SCCs") as an additional data transfer mechanism for transfers between ITA Group companies, or from clients based in the European Economic Area ("EEA"), which require all group companies to protect personal information from the EEA in accordance with EU law.  More details are available on request.

8. Marketing emails

Where it is in accordance with your marketing preferences, the e-mail address you provide when requesting services or information from us may be used to communicate future information, including news and announcements, and information about our products and services. Any marketing related communications sent by ITA Group have an automatic opt-out link at the bottom of each communication. You may elect to remove yourself from further informational communications by selecting and confirming the opt out link.

9. Legal basis (EEA and UK visitors only)

In most cases we are acting on the instructions of its clients, who determine the legal basis.

Where we collect personal information on our own behalf and where you are a visitor from the EEA or UK, our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it.

We will normally collect personal information from you only where we have your consent to do so, where we need the personal information to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of another person.

If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, or for more details on our legitimate interests, please contact us using the contact details provided in the "How do I contact ITA Group" section below.

10. What rights do I have in relation to my personal information?

Depending on your location, your jurisdiction, and subject to applicable law, you may have certain rights with regard to the personal information we control about you. We will respond to your requests within the appropriate timeline under applicable law.

Where we process personal information on behalf of our clients as part of the services we provide, we are not responsible for their use of the data and cannot control their data collection and privacy practices. Any individual who seeks to exercise their rights should direct their query to the client in question. For example, if your employer has uploaded your personal information in the course of using our services, you should contact your employer directly.  We will respond to requests from clients in accordance with applicable law and our service agreement with the relevant client.

Where we collect personal information on our own behalf (and not on behalf of our clients), ITA Group will grant individuals their rights, where required under the DPF or applicable law. California consumers should see the section below "Additional Disclosures for California Consumers" for more detailed information.  Residents of certain other states may have rights under applicable law; see the section below “Additional Disclosures for Other State Consumers” for more detailed information.

If the processing of personal information about you is subject to EU, UK, or Swiss data protection law, you have certain rights with respect to that data.

GDPR

The General Data Protection Regulation (“GDPR”) provides EU data subjects several privacy rights. Those rights include the following:

a)     The Right to Access: Allows you to request information from us about your personal information, including what data we have and how and why it is being processed.

b)     The Right to Rectification: Allows you to correct or supplement your personal information where it is inaccurate or incomplete.

c)     The Right to Erasure: Allows you to request that we erase personal information about you that we have in our possession.

d)     The Right to Restriction of Processing: Allows you to restrict our use of your personal information so that it is only processed with your consent.

e)     The Right to Object to Processing: Allows you to object to our processing of your personal information carried out on the basis of its legitimate interests, to carry out tasks in the public interest, or to exercise official authority.

f)      The Right to Data Portability: Allows you to request from us a copy of your personal information that it has on file and to transfer that information to someone else without any interference from us. In some cases, you may be able to request that we transfer your personal information directly to a third party on your behalf.

In addition, to the extent that we process any of your personal information on the basis of your consent, you have the right to withdraw that consent at any time, without affecting the lawfulness of processing that was based on your consent before its withdrawal. Please note that each of these rights may be subject to limitations or exceptions under applicable law. Please note that requests to access your personal information may be subject to a fee specified by applicable law. .Consult your legal counsel for information about what rights are available to you and under what circumstances they apply. Please contact us using the contact information in Section 17 below for assistance in exercising your rights.

If you are a natural person residing in the EU and at any time you believe we have violated one of your rights listed above, or if you believe we are in violation of one or more of the provisions of the GDPR, you have the right to lodge a complaint with a Data Protection Authority. More information about the Data Protection Authorities can be found at https://commission.europa.eu/law/law-topic/data-protection/reform/what-are-data-protection-authorities-dpas_en   

Additional Countries (other than EU and US)

Some additional countries, including the UK and Switzerland, may provide their citizens with rights similar to the rights granted to EU citizens under the GDPR.  This may include rights to:

a)     Confirm whether we process their personal information.

b)     Access and delete certain personal information.

c)     Correct inaccuracies in their personal information, taking into account the information's nature processing purposes.

d)     Data portability.

e)     Opt-out of personal data processing for:

                         i.         targeted advertising;

                        ii.         sales; or

                       iii.         profiling in furtherance of decisions that produce legal or similarly significant effect.

f)      Either limit (opt-out of) or require consent to process sensitive personal data.

The exact scope of these rights may vary by country. To exercise any of these rights please contact us by one of the methods set forth in Section 17 below.

11. How long does ITA Group retain my data?

We will only keep your personal information for as long as we require it for the purposes set out in this policy. However, we may also keep some of your personal information for a specified period of time under our data retention policy, and as required by certain laws – for example those relating to corporate governance, money laundering and financial reporting legislation – or, where your personal information is controlled by our clients, in accordance with our clients' instructions.

12. Does ITA Group use cookies? 

Yes, we do. Cookies are small data files that are placed on your computer or mobile device when you visit a website or use online services. Many websites – including this one – use cookie technology to help users navigate efficiently and simplify the browsing experience as well as provide analytics information to help us improve our website and services.

Cookies set by the website owner (in this case, ITA Group) are called "first party cookies".  Cookies set by parties other than the website owner are called "third party cookies".  Third party cookies enable third party features or functionality to be provided on or through the website (e.g. like advertising, performance monitoring, interactive content and analytics). 

Controlling cookies

You can change your settings in our Cookie Consent Manager.  Alternatively, you can set or amend your web browser controls to accept or refuse cookies. If you choose to reject cookies, you may still use our Website and Services though your access to some functionality and areas of our sites may be restricted.   As the means by which you can refuse cookies through your web browser controls vary from browser-to-browser, you should visit your browser's help menu for more information. Here are the current relevant information pages for the main browsers:

• Microsoft Internet Explorer: http://www.microsoft.com/info/cookies.htm 
• Google Chrome: https://support.google.com/accounts/answer/61416
• MozillaFirefox: http://www.mozilla.org/projects/security/pki/psm/help_21/using_priv_help.html  
• Apple Safari:  Blocks cookies by default and accepts cookies only from your current domain.  To change, click Safari, Preferences, Security, and choose your preference.

In addition, most advertising networks offer you a way to opt out of targeted advertising.  If you would like to find out more information, please visit http://www.aboutads.info/choices/, http://www.networkadvertising.org/choices/ or http://youronlinechoices.com/.

Do Not Track

“Do not track” refers to how Internet web browsers may request that a web application turn off tracking through the use of an HTTP header. ITA Group does not make use of this header. However, tracking that is done by cookies may be managed within your browser settings, as explained above.

Cookies on Other Websites Managed by ITA Group

Where we manage a website on behalf of a client, we do not use all the cookies listed above.  Instead, we may utilize session-based cookies, such as:  

• strictly necessary, for operation of the site (served by ITA Group, Microsoft)
• performance cookies (served by ITA Group, Microsoft)
• application monitoring or analytics (served by ITA Group, Google, Cisco AppDynamics)

Sites hosted by ITA Group for clients do not contain marketing cookies. Such site and cookie specifications will be governed by the applicable site terms and conditions and the service agreement with the relevant client.

13. Additional Disclosures for California Consumers

California law requires that we provide California residents with some additional information regarding how we collect, use, and disclose your "personal information" (as defined in the California Consumer Protection Act, as modified by the California Privacy Rights Act (together, the "CCPA")). Throughout this Privacy Policy, we discuss in detail the specific pieces of information we collect from you or your device and discuss how we use and share such information. The rights described in this section are subject to exemptions and other limitations under applicable law.

Terms used in this section have the meaning ascribed to them in the CCPA.  We are a “business.” 

(a) Notice at Collection and Use of Personal Information

Information We Collect

As described in detail in Section 2 (“What information does ITA Group collect about me?”) above, in the last 12 months we may have collected the following categories of information about you through the ITA products and services or when you visit our sites:

• Identifiers, such as name and contact information;
• Customer Records information;  
• Device identifiers, such as IP address;
• Internet or other network or device activity, such as browsing history or app usage;
• Geolocation information; and other information that identifies or can be reasonably associated with your device;
• Commercial information, such as transaction data;
• Professional or other employment related information, such as where you work and your title;
• Financial information, such as credit card and payment data; and
• Certain information that may qualify as “sensitive personal information” under the CCPA, including passport number, driver’s license, and state identification card.

Purpose for Collection and Use of Information

We also may collect and use personal information from California resident clients for the purposes described above in Section 4 (“How does ITA Group use my personal information?”).

Sale or Sharing of Personal Information

We do not sell  your personal information (as “sell” is  defined under the CCPA).

We do share your personal information (as “share” is defined under the CCPA) through use of the advertising cookies on itagroup.com described above in Section 12 (“Does ITA Group use cookies?”).  In the preceding 12 months, the following categories of personal information were shared with the following categories of third parties:

Categories of personal Information: Name, email, IP address, company name and web visit activity

Categories of third parties: social media companies, third-party advertising companies, marketing automation service provider.

How Long We Keep Information

We retain your personal information as described above in the Section 11 (“How long does ITA Group retain my data?”).

For more information about our privacy practices, please review our entire Privacy Policy, which is available here.

(b) Our Collection, Use, and Disclosure of Personal Information and Sensitive Personal Information

What Information We Have Collected and Our Purpose for Collecting the Information

In the preceding 12 months, depending on how you interact with us, we may have collected the categories of personal information listed above in the section, Section 2 ("What information does ITA Group Collect About Me"), We may collect all or a few of these categories of personal information for the business or commercial purposes identified in Section 4 (“How does ITA Group use my personal information?”).

Sources of Personal Information

The categories of sources from which we collect personal information are those described in Sections 2 ("What information does ITA Group Collect About Me"), and Section 3 (" Does ITA Group collect information about me from others?") of this Privacy Policy.

Our Disclosure of Personal Information

We do not sell your personal information (as ”sell” is defined under the CCPA).  We do not knowingly sell or share the personal information of California Residents under 16 years old. In the preceding 12 months, we may have disclosed for a business purpose the categories of personal information listed above in Section 13(a) under “Information We Collect” to the third parties listed in Section 5 (“5. Does ITA Group disclose my personal information to third parties?”). We may disclose personal information to all of the third parties listed above to comply with our legal obligations or for the business or commercial purposes identified above Section 4 (“How does ITA Group use my personal information?”).

In addition, we may disclose and in the preceding 12 months, may have disclosed for all of the categories of personal information identified in Section 2 ("What information does ITA Group Collect About Me"), to the following categories of third parties:  (i) judicial courts, regulators, or other government agents purporting to have jurisdiction over us, our subsidiaries or our affiliates, or opposing counsel and parties to litigation; and (ii) other third parties as may otherwise be permitted by law. We may disclose the categories of personal information identified in Section 2 ("What information does ITA Group Collect About Me") for the business or commercial purposes identified above in Section 4 (“How does ITA Group use my personal information?”). Additionally, we may disclose your personal information to third parties upon your request, at your direction, or with your consent.

We may also disclose your personal information or otherwise make it available to our service providers such as our CRM providers, other entities that have agreed to limitations on the use of your personal information, or entities that fit within other exemptions or exceptions in, or as otherwise permitted by, the CCPA.

As noted in Section 2 ("What information does ITA Group Collect About Me"), under the CCPA, certain personal information we collect and process may be considered “sensitive personal information.”  The CCPA requires that we provide you with a right to limit our use or disclosure of such sensitive personal information if we use such information beyond the permitted purposes allowed under the CCPA.  Currently, we are not using or disclosing your sensitive personal information  beyond the limited permitted purposes allowed under the CCPA, and therefore California residents cannot request that we further limit such processing..                                                                                                       

(c) California Residents’ Rights under the CCPA

The CCPA, provides California residents with the following rights to their personal information, including the right to:

• Know the categories of personal information we have collected about you, and the categories of sources from which the personal information was collected, the business or commercial purpose for collecting, and the categories of third parties to whom we disclosed personal information.
• Request access to, or for a copy of the personal information we have collected, used, disclosed, and sold about you over the past twelve (12) months (“Request to Know”).
• Request that we delete certain personal information we have collected from you (“Request to Delete”).
• Opt-out of the “sale” (as that term is defined in the CCPA) of your personal information if a business sells your personal information (we do not).
• Opt-out of the “sharing” (as that term is defined in the CCPA) of your personal information if a business shares your personal information with third parties.
• Limit the use and disclosure of sensitive personal information where required by the CCPA (“Right to Limit”) (please note that we are not using your sensitive personal information for purposes that would require that we provide you with a Right to Limit).
• Correct inaccurate personal information (“Request to Correct”).
• To not receive discriminatory treatment for the exercise of your CCPA privacy rights.

The CCPA does not restrict our ability to do certain things like comply with other laws or comply with regulatory investigations.  We also reserve the right to retain, and not to delete, certain personal information after receipt of a Request to Delete from you where permitted by the CCPA or another law or regulation.

(d) How to Submit a Request Under the CCPA

You may submit a Request to Know, Request to Correct or Request to Delete (“Consumer Rights Request”), as described above, through the following toll-free telephone number +1 (800) 257-1985  or by e-mailing us at privacy@itagroup.com or refer to our contact details in Section 17 of this Privacy Policy.  To limit the sharing of your personal information, you can also click the “do not share my personal information” link on our homepage: Do Not Share My Information.

Please note that to protect your personal information, we will verify your identity by a method appropriate to the type of request you are making. Such information may include, at a minimum, depending on the sensitivity of the information you are requesting and the type of request you are making, your name and email address.  Any information gathered as part of the verification process will be used for verification purposes only. You may also submit a request via your authorized agent.  We may also request that your authorized agent have written permission from you to make requests on your behalf, and we may also need to verify your authorized agent's identity to protect your personal information.

As mentioned above, ITA Group may provide third parties with certain personal information to provide or improve our products and services, for example to deliver products or services at your request. In such cases, we require those third parties to handle the information in accordance with applicable laws and regulations.

14. Additional Disclosures for Other State Law Consumers

Nevada Residents

Nevada residents who wish to exercise their sale opt-out rights under Nevada Revised Statutes Chapter 603A may submit a request to this designated address: privacy@itagroup.com. However, please know we do not sell data triggering that statute's opt-out requirements.

Residents of Virginia, Colorado, Nevada, Connecticut, Utah, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas and Other States with Similar Privacy Laws.

Eligible residents of Virginia, Colorado, Nevada, Connecticut, Utah, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, and states with other similar laws that may be applicable (“Covered States”) also have rights with respect to the Personal Information that we collect about you. This section supplements this Privacy Notice and applies solely to eligible residents of Covered States.

Any terms not defined in this section have the same meaning as defined under applicable Covered State privacy law, including the Virginia Consumer Data Protection Act, Colorado Privacy Act, Nevada Privacy of Information Collected on the Internet from Consumers Act, Connecticut Data Privacy Act, Utah Consumer Privacy Act, Delaware Personal Data Privacy Act, Indiana Consumer Data Protection Act, Iowa Consumer Data Protection Act, Kentucky Consumer Data Privacy Act, Maryland Online Data Privacy Act, Minnesota Consumer Data Privacy Act, Montana Consumer Data Privacy Act, Nebraska Data Privacy Act,  New Hampshire Data Privacy Act, New Jersey Data Privacy Law, Oregon Consumer Data Privacy Act, Rhode Island Data Transparency and Privacy Protection Act, Tennessee Information Protection Act, and Texas Data Privacy and Security Act (“Covered State Laws”). Subject to certain exceptions, if you are an eligible resident of one of these states and the Covered State Law of your state of residency applies to us, you have certain privacy rights which may include, depending on your state of residency:

Right to Access: You have the right to confirm whether we process your personal information and access such personal information. You also have the right to obtain your personal information in a portable, and to the extent reasonable feasible, readily usable format that you can transmit without hinderance.

Right to Delete: You have the right to request that we delete the personal information you have provided to us or that we have otherwise obtained about you.

Right to Correct: You have the right to request that we correct inaccuracies in your personal information, taking into account the nature of the personal information and the purposes of the processing of your personal information.

Right to Opt Out: You have the right to opt out of the processing of your personal information for the purposes of (i) targeted advertising, (ii) the sale of your personal information and (iii) profiling in furtherance of decisions, including, for eligible residents of Connecticut, solely automated decisions, that produce legal or similarly significant effects. We do not “sell” your information as defined in Covered State Laws.

Right to Appeal: You have the right to appeal our decision with regard to your request to exercise any rights described herein.

We are registered with the State of Iowa as ITA Group, Inc. and have the following domestic affiliates: International Travel Associates, Inc., Chadwick Martin Bailey, Inc., and Hartmann Studios, Inc.  

To exercise the rights described above, please submit a consumer request to us by email at privacy@itagroup.com or contacting us via US Mail or telephone at the contact information set forth below.

15. Underage Persons

Our website, products, and services are intended for use by persons who are at least 13 years of age. If you are younger than 13, you may not access, attempt to access, or use our website, products, and services.  We do not knowingly collect or allow the collection of personal information from persons under the age of 13. If we learn that we have collected the personal information of someone under the age of 13, we will take appropriate steps to delete this information. If you are a parent or guardian of someone under the age of 13 and discover that your child has submitted personal information, you may contact us via one of the methods set forth in Section 17 and ask us to remove your child’s personal information from our systems.

16. Amendments to this Policy

ITA Group, Inc. may amend this policy from time to time and will post the updated policy on this site. You can see when it was last updated at the top of this policy. Please try to check on this page from time to time so that you can keep up to date with any changes.

If we make any material changes, we will take appropriate measure to inform you, consistent with the significance of the change, for example, posting a prominent notice on the website, and/or notifying you via email or through our services.

You can choose to withdraw your permission for us to use your personal information if at any time it will be used for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by you. You can withdraw your permission by sending an email to privacy@itagroup.com or by using the contact details in Section 17 below.

17. How do I contact ITA Group with questions or comments about this Policy?

If you have any questions about this policy or our privacy practices generally (including our DPF certification), please contact our Privacy team at privacy@itagroup.com or at our postal address:

ITA Group, Inc.
Privacy Team
Attention: Chief Legal Officer

7000 Vista Drive

West Des Moines, Iowa 50266

Tel: +1 (800) 257-1985

EEA or UK visitors: where we process information on behalf of our clients, the data controller is the relevant client (typically your employer or group leader); where we process information on our own behalf, the data controller is ITA Group Inc.