While we strive to protect the security and integrity of the information provided to us, due to the inherent nature of the Internet as an open global communications vehicle, we cannot guarantee that information, during transmission through the Internet or while stored on our system or otherwise in our care, will be absolutely safe from intrusion by others, such as hackers.
In the unlikely event that we believe that the security of your information in our possession or control may have been compromised, we may seek to notify you of that development. If a notification is appropriate, we would endeavor to do so as promptly as possible under the circumstances, and, to the extent we have your e-mail address, we may notify you by e-mail. Unless you provide us with another method to notify you in this situation, you consent to our use of e-mail as a means of such notification.
Third-party 'Linked-to' Websites
Our website may contain links, banners, or widgets that lead to other sites. We are not responsible for these other sites, and so their posted privacy policies will govern the collection and use of your information on them. We encourage you to read the privacy statements of sites you visit after leaving our website to learn about how your information is treated.
Terms & Conditions
This document describes our policy regarding information received about you during visits to our web site. The amount and type of information received depends on how you use our site.
Normal Web Site Usage
You can visit the our web site to read product and company information without telling us who you are and without revealing any personal information. We do collect some general information during normal web site usage, like the name of your Internet service provider, the web site that referred you to us, the pages you request and the date and time of those requests. We use this information to generate statistics and measure site activity to improve the usefulness of customer visits. During normal web site usage we do not collect or store personally identifiable information such as name, mailing address, email address, phone number or social security number.
Collection of Personally Identifiable Information
There are instances where we request personally identifiable information to provide you with a service or correspondence (promotions and mailed brochures). This information is collected and stored in a manner appropriate to the nature of the data. If you tell us that the information should not be used as a basis for further contact, we will respect your request. The information you provide is used to improve the services we provide you. It is never provided to any other company for that company’s independent use.
EU-U.S. and Swiss-U.S. Privacy Shield Policy (v.2.0)
World Travel, Inc. recognizes that the United States and the European Union, and the United States and Switzerland, take different approaches to privacy. As a global travel management company, World Travel, Inc. collects, compiles, and analyzes global data on behalf of its clients. World Travel, Inc.’s clients are business entities. Accordingly, it makes travel reservations for its client’s employees or other authorized travelers (e.g., independent contractors, job candidates, etc.). Due to the global reach of its services, World Travel, Inc. receives data that originates from the European Union, European Economic Area, or Switzerland. In turn, it delivers such data to its clients and other third parties (as appropriate) by: (i) sending consolidated data directly to its client, (ii) publishing client-specific data in its web-based reporting platform, WorldReports™ or by delivering reports directly to a client1, or (iii) sending files of such data (e.g., an onward transfer) to authorized recipients (e.g., a client’s risk management provider), pursuant to a client’s request2. While this policy is aimed at meeting the requirements of the Privacy Shield, it is fair to state that whenever practicable World Travel, Inc. applies this policy to any personal information it imports from foreign countries; provided, however, that such application is not contrary to applicable laws, rules, or regulations.
Knowing that data privacy and security are very important to all of its clients, World Travel, Inc. has elected to voluntarily participate in the EU-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield3 (each a “Privacy Shield”) and certify its adherence to the Privacy Shield and its Principles, including the Supplemental Principles (collectively, the “Principles”). World Travel, Inc. understands and acknowledges that while certification may be voluntary, effective compliance is compulsory. Accordingly, it has agreed to subject its compliance to the full breadth of regulatory enforcement of the U.S. Department of Transportation (“DOT”), the Federal Trade Commission (“FTC”), or any other statutory body empowered to enforce compliance with the Principles4.
In accordance with the Privacy Shield, World Travel, Inc. self-certifies its adherence to the Privacy Shield Principles, including the sixteen binding supplemental principles, with the U.S. Department of Commerce.
This policy supplements, but does not replace, all other polices, practices, and procedures including any applicable confidentiality or non-disclosure agreement. World Travel, Inc. has implemented this policy effective August 1, 2016 and revised on April 28, 2017. World Travel, Inc. recognizes that the Principles apply to it immediately upon certification. A copy of this policy can be found at: http://corporate.worldtravelinc.com/legal#EU-U.S.+Privacy+Shield+Policy.
Any questions regarding this policy can be directed to email@example.com or the company’s EVP & Corporate Counsel, Maribeth L. Minella, at 484-348-6665 or firstname.lastname@example.org.
World Travel, Inc.’s Eligibility to Participate in Privacy Shield
Because World Travel, Inc. is a ticketing agent that falls within the jurisdiction of the U.S. Department of Transportation, it is eligible for participation in the Privacy Shield.
Proof of Participation
World Travel, Inc. will only display its EU-U.S. Privacy Shield or Swiss-U.S. Privacy Shield certification marks or make other references to its compliance when it is in complete compliance with each Principle. Evidence of World Travel, Inc.’s participation can be found at: https://www.privacyshield.gov/list.
Questions and Inquiries
Any party, including individuals, may direct questions, inquiries, or complaints about World Travel, Inc.’s participation in and compliance with the Privacy Shield to email@example.com. Complaints about World Travel, Inc.’s adherence to the Principles may also be directed to the U.S. Department of Transportation (www.dot.gov).
“Personal Data” includes personal information and means data about an identified or identifiable individual that is within the scope of Directive 95/46/EC of 24 October 1995 (the “Directive”). An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to the individual’s physical, physiological, mental, economic, cultural or social identity.
“Processing” of Personal Data means any operation or set of operations that is performed upon Personal Data, whether or not by automated means, such as collection, recording, organization, storage, adaption or alteration, retrieval, consultation, use, disclosure, or dissemination, and erasure or destruction.
“Controller” means a person or organization which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data. The “Data Exporter” means the Controller who transfers Personal Data. The “Data Importer” means the Controller who agrees to receive data from the Data Exporter for Processing.
“Processor” means a person or organization that Processes Personal Data on behalf of a Controller.
• Notice; Choice
1. World Travel, Inc. will inform its customers and business partners (e.g., vendors and other third parties) that it participates in the Privacy Shield. It will provide such notice in a variety of manners as may be appropriate, such as, language in its contracts with customers, clear notification on its website (www.worldtravelinc.com), and a specific link to this policy that can be easily found.
2. World Travel, Inc. collects and processes Personal Data so that it can provide travel management reporting to its clients. World Travel, Inc. primarily collects Personal Data that is necessary to complete a reservation with an airline carrier, hotelier, car rental agency, or other supplier named on a traveler’s itinerary (a “Travel Supplier”). Upon a client’s request, World Travel, Inc. may also collect human resources-like data such as employee identification, department number, or cost center. The specific elements of Personal Data that World Travel, Inc. Processes are:
- Passenger First Name
- Passenger Last Name
- Passenger Middle Initial
- Passenger Salutation
- Employee Identification Number/Employee ID
- Ticket/Document Number
- Original Issue Ticket/Document Number
- Conjunctive Ticket Number (First)
- Conjunctive Ticket Number (Second)
- Conjunctive Ticket Number (Third)
- Credit Card Code
- Credit Card Number
- Credit Card Expiration Date
- Electronic Ticket Indicator
- Refundable Ticket Indicator
- Passenger Name Record (PNR) Reference
It collects this data as a Data Importer that receives data, including Personal Data, from other travel management companies/travel agencies. World Travel, Inc. shares this data with: (a) the client that requested the consolidation of such data for management reporting purposes, and (b) its clients’ vendors that are not Travel Suppliers (e.g., a credit card company for reconciliation, a risk management company). (The latter is considered an onward transfer.)
3. Individuals may access their Personal Data by contacting their employer (i.e., World Travel, Inc.’s client) or by submitting a request to firstname.lastname@example.org. In the event World Travel, Inc. receives an individual’s request for access to his/her Personal Data, World Travel, Inc. will notify that individual’s employer (i.e., World Travel, Inc.’s client).
4. In the event an individual desires to limit the use or disclosure of their Personal Data, including requests to “opt out,” they must contact their employer (i.e., World Travel, Inc.’s client). If World Travel, Inc. receives a similar request from an individual, it will duly notify its client and seek instruction from its client. Because World Travel, Inc. provides travel management reporting for its clients, and collects Personal Data at a client’s request, it does not have the power to simply eliminate an individual’s Personal Data from the data it processes. Instead, World Travel, Inc. must take direction from its client about the inclusion or exclusion of Personal Data. Nonetheless, individuals may submit opt-out requests to email@example.com.
5. World Travel, Inc. will respond to inquiries directed to firstname.lastname@example.org within forty-five (45) calendar days.
6. World Travel, Inc. is registered with JAMS as its alternative dispute resolution (ADR) provider based in the U.S. for the Directive and the Swiss Federal Act of Data Protection. Accordingly, JAMS is the independent dispute resolution body designated by World Travel, Inc. to address complaints and provide appropriate recourse without cost to the individual. World Travel, Inc. is not opposed to individual’s electing to invoke binding arbitration for the resolution of complaints. Individuals may contact Kathleen A. Pierz, Practice Development Manager, Global at email@example.com, to confirm World Travel, Inc.’s enrollment with JAMS. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit https://www.jamsadr.com/eu-us-privacy-shield for more information or to file a complaint. Under certain conditions, more fully described on the Privacy Shield website, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted. .
7. As a participant in the Privacy Shield, World Travel, Inc. agrees to be subject to the investigatory and enforcement powers of the DOT and FTC. Accordingly, World Travel, Inc. may be required to disclose Personal Data to DOT, FTC, or other applicable U.S. government agencies in response to, e.g., national security needs, law enforcement requirements, or World Travel, Inc.’s liability for onward transfers.
8. World Travel, Inc. understands that the notices contained herein must be provided in clear and conspicuous language when individuals are first asked to provide personal information to it. Because World Travel, Inc. is collecting Personal Data pursuant to a client’s request, World Travel, Inc. will rely upon its clients to provide individuals (e.g., employees) with appropriate notice and to obtain any necessary consent.
• Accountability for Onward Transfer
1. In the event World Travel, Inc. is required to transfer Personal Information to a third party acting as a controller (e.g., a client’s risk management provider) it will comply with the Notice and Consent principles set forth above. It will also enter into a binding written agreement with the recipient that provides that such data may only be processed for limited and specified purposes consistent with the consent provided by an individual (as applicable), and that the recipient will provide the same level of protection as set forth in the Principles.
2. Furthermore, World Travel, Inc. will: (a) transfer such data only for limited and specified purposes, (b) ascertain that the recipient is obligated to provide the same level of privacy protection as required by the Principles, (c) take reasonable and appropriate steps to ensure that the recipient effectively processes the Personal Data transferred in a manner consistent with the organization’s obligations under the Principles, (d) upon notice, take reasonable and appropriate steps to stop and remediate unauthorized processing, and (e) provide a summary or a representative copy of the relevant privacy provisions of its contract upon request.
• Security; Integrity; Purpose Limitation
1. World Travel, Inc. will take reasonable steps and appropriate measures to protect Personal Data from loss, misuse, and unauthorized access, disclosure, alternation and destruction, taking into due account the risks involved and the nature of Personal Data.
2. World Travel, Inc. will only process Personal Data for the limited purposes of providing travel management reporting to its clients and any requested onward transfer. It will not process Personal Data for any purpose inconsistent with these limited purposes.
3. To the extent practicable, World Travel, Inc. will take reasonable steps to ensure that Personal Data is reliable for its intended use, accurate, complete, and current. Because World Travel, Inc. processes data that has been shared with Travel Suppliers it is not always reasonable for World Travel, Inc. to permit individuals to correct, amend, or delete this information. In fact, the burden to make such changes is disproportionate to the services that World Travel, Inc. provides to its clients. Therefore, it will not, unless the circumstances are truly extraordinary, make any changes based up in an individual’s request, nor will World Travel, Inc. allow individuals to have access to their data for this purpose.
• Recourse, Enforcement and Liability
1. World Travel, Inc. acknowledges that effective privacy protection must include robust mechanisms for assuring compliance with the Principles, recourse for individuals who are affected by non-compliance with the Principles, and consequences if it does not follow the Principles. Accordingly, it has put the following mechanisms in place:
a. Individual complaints can be addressed, without cost to the individual, by: (i) contacting JAMS (www.jamsadr.com), (ii) by sending a detailed, written complaint to the individual’s employer, or (iii) by sending a detailed, written compliant to firstname.lastname@example.org. Damages for World Travel, Inc.’s actual non-compliance may be awarded by JAMS or where applicable law so provides.
b. Individuals or others who wish to verify that the attestations made in this policy are true and correct may send inquiries to email@example.com. Such inquires will be directed to World Travel, Inc.’s Executive Vice President & Corporate Counsel.
c. World Travel, Inc. agrees to be subjected to the jurisdiction and enforcement powers of the DOT, the FTC, or the U.S. Department of Commerce, as applicable.
2. As set forth above, World Travel, Inc. will respond to any inquiry directed to firstname.lastname@example.org within forty-five (45) calendar days. Any inquiry directed to it by another means will be responded to expeditiously.
3. World Travel, Inc. agrees to be subject to binding arbitration regarding compliance of non-compliance lodged by individuals. For clarity, allegations of non-compliance made by World Travel, Inc.’s clients will be handed in accordance with the binding legal agreement between World Travel, Inc. and its client.
4. In the event World Travel, Inc. becomes subject to a U.S. court order or other order based on non-compliance with the Principles, World Travel, Inc. shall make public any relevant sanctions or other findings.
• Adherence to the Supplemental Principles
World Travel, Inc. acknowledges that it must also adhere to the following Supplemental Principles:
1. Sensitive Data. World Travel, Inc. does not, and will not, Process Sensitive Data.
2. Journalistic Exceptions. World Travel, Inc. does not engage in journalistic activity such that the exception applies to it.
3. Secondary Liability. World Travel, Inc. is not an Internet Service Provider (“ISP”) or telecommunication carrier, nor does it merely transmit data as a conduit. Therefore, the Supplemental Principle regarding secondary liability does not apply.
4. Performing Due Diligence and Conducting Audits. World Travel, Inc. is not an investment banker, law firm, auditor or other firm that would normally be engaged in audits and due diligence.
5. The Rule of Data Protection Authorities (DPA). World Travel, Inc. has set forth above the details on its adherence to the Principles, including providing a recourse for individuals whose Personal Data is processed by World Travel, Inc. and mechanisms for individuals to follow-up on World Travel, Inc.’s adherence to the Privacy Shield. In the event a DPA commences an investigation regarding World Travel, Inc.’s adherence to the Privacy Shield (directly or indirectly), World Travel, Inc. will cooperate with such investigation. Moreover, World Travel, Inc. will comply with advice given by a DPA, or DPA panel, where the finder of fact takes the view that World Travel, Inc. must take specific action to comply with the Principles, including remedial or corrective actions, or compensatory measures for the benefit of individuals affected by non-compliance.
6. Self-Certification. World Travel, Inc. will apply for its Privacy Shield certification in accordance with the applicable Department of Commerce’s protocol.
7. Verification. World Travel, Inc. will verify its statements about its adherence to the Privacy Shield and its Principles on its own. As part of its verification, World Travel, Inc. makes the following representations:
a. This policy is accurate, compressive, and implemented as of August 1, 2016.
b. This policy will be prominently displayed at http://corporate.worldtravelinc.com/legal#EU-U.S.+Privacy+Shield+Policy. In addition, copies of this policy may be obtained by submitting a request to email@example.com.
c. This policy conforms to the Privacy Shield and all of its Principles, including the Supplemental Principles.
d. Individuals may obtain information about how to file complaints by reading this policy. Additional information for European businesses and individuals in Europe can be found at: www.privacyshield.com.
e. World Travel, Inc. will provide its personnel with training on this policy no later than September 15, 20166.
f. World Travel, Inc. has mechanisms in place to periodically audit its compliance with the Principles. To the extent practicable, World Travel, Inc. will include an audit of its compliance with the Privacy Shield with its annual Service Organization Controls (SOC) 2, Type 2 audit.
8. Access. World Travel, Inc. understands that the right of access is fundamental to privacy protection. Accordingly, individuals may: (a) obtain from World Travel, Inc. confirmation of whether or not it processes their Personal Data, (b) cooperate with World Travel, Inc. to determine the accuracy and lawfulness of World Travel, Inc.’s processing of Personal Data, and (c) have the data corrected, amended or deleted where it is inaccurate, but only to the extent practicable. Inquires about access should be directed to firstname.lastname@example.org. Due to the nature of the services World Travel, Inc. provides to its clients, it is overly burdensome for World Travel, Inc. to provide a high level of access to individuals. Individuals are therefore encouraged to contact their employer before contacting World Travel, Inc.
9. Human Resources Data. World Travel, Inc. will not import human resources data in the context of an employment relationship. World Travel, Inc. may however have access to human resources-like data as a necessary component of the travel management services it provides to its clients.
10. Obligatory Contracts for Onward Transfers. World Travel, Inc. shall ensure that a contract is in place between it and any entity that participates in an onward transfer. Such contracts will comply with the Directive and the Privacy Shield. World Travel, Inc. will: (a) act only in instructions from and in coordination its client regarding such onward transfer, (b) provide adequate technical and organizational measures to protect Personal Data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, and (c) take into account the nature of data processing and assist with resolution of individuals exercising their rights under the Privacy Shield and its Principles.
11. Dispute Resolution and Enforcement. World Travel, Inc. meets its obligations for dispute resolution and enforcement by enrolling with JAMS for ADR and by cooperating with the DOT, the FTC, and the U.S. Department of Commerce. As set forth herein, World Travel, Inc. will also cooperate with any DPA or DPA panel, as may be necessary. In the event World Travel, Inc. is subject to any enforcement effort, it will cooperate quickly and fully.
12. Choice – Timing of Opt-Out. Due to the nature of the services it provides to its clients, it is difficult for World Travel, Inc. to provide individuals the option to opt-out. World Travel, Inc. therefore encourages individuals to first request to opt-out with their employer (i.e., World Travel, Inc.’s client). In support of the opt-out concept and World Travel, Inc.’s commitment to the principle of choice, individuals who desire to exclude their Personal Data from the processing World Travel, Inc. performs, they may send a request to email@example.com. World Travel, Inc. will forward such request to its client and together they will determine the best course of action.
13. Travel Information. Because World Travel, Inc. only interacts with individual consumers at the request of their employer, the exceptions for travel information do not apply to the services World Travel, Inc. provides to its clients. World Travel, Inc.’s services are not necessary to provide services requested by a consumer in the traditional sense. When World Travel, Inc. acts as a Data Importer, it does so in the posture of a data aggregator, not, for example, as a travel agency making reservations for a leisure traveler. Likewise, World Travel, Inc.’s services are not necessary to fulfill a consumer agreement, like a frequent flyer agreement.
14. Pharmaceutical and Medical Products. This principle does not apply to World Travel, Inc. because it is not engaged in any processing with respect to pharmaceutical or medial products or services.
15. Public Record and Publically Available Information. Due to the nature of the information it collects, World Travel, Inc. will not make such information available as part of any public record.
16. Access Requests by Public Authorities. Upon request, World Travel, Inc. will make available reports on requests for Personal Data it receives by public authorities, such as law enforcement agencies.
World Travel, Inc. is committed to ensuring that its clients’, and in turn their travelers’, Personal Data is handled confidentially, privately, and appropriately. World Travel, Inc. has therefore made the voluntary election to participate in the Privacy Shield, and to be subject to the compliance and enforcement powers of the DOT, FTC, and other U.S. governmental authorities. Information about World Travel, Inc.’s commitment to and compliance with the Privacy Shield may be obtained by submitting a written request to firstname.lastname@example.org.
1WorldReports™ is only available to authorized client representatives, such as a client’s travel manager. In addition, all access to WorldReports is controlled by confidential user names and passwords that are managed by World Travel, Inc. in accordance with its Information Security Policy.
2For clarity, World Travel, Inc. does not need to apply the Principles to any human resource data, because it does not transfer any of its own human resource data out of the European Union or European Economic Area. All of World Travel, Inc.’s employees are located in the United States.
3Details about the EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield can be found at www.privacyshield.gov.
4For more information about enforcement of an organizations failure to comply with the Principles see, e.g., 15 U.S.C. § 45(a).
5Out of an abundance of caution, all inquiries directed to the address SafeHarbor@worldtravelinc.com, will be redirected to email@example.com until January 1, 2017.
6Because World Travel, Inc. follows the principle of least privilege, only personnel who may have access to Personal Data have been or will be trained on this policy.