Privacy/Security Policy

Effective date: 01/01/2020

ITA Group, Inc. and its subsidiaries ("ITA Group") have a strong commitment to respecting your concerns about privacy.

We understand you may have questions about whether and how we collect and use information. We have prepared this statement to inform you of the privacy principles governing our website and our products and services. We encourage you to read this policy carefully as it will help you make informed decisions about sharing your personal information with us.


1. What information does ITA Group collect about me?

(a) Information collected through our products and services

ITA Group creates and manages events, incentives and recognition programs that help to align and motivate our clients and their people.

In the course of using our products and services, you may need to provide ITA Group with certain personal information. For example, when we organize events or arrange travel on your behalf, details such as your name, address, contact details, company name, job title, date of birth and payment information may be required. We may also need information like your social security number, passport details and proof of citizenship in certain cases. However, we will only collect such information for the purposes of providing the services to you, and when we do so, we will act only in accordance with your instructions.

You can always choose not to provide your personal information to ITA Group in this way, but it may mean that we are unable to provide our services to you or that some features of our products and services will be unavailable.

(b) Information collected through our website and other means

We may also collect personal information when you visit our website; for example, when you submit details about your name, title, company, address and other contact details through our website forms. We may also collect personal information by other means, such as when you correspond with us by post, email or telephone, or complete our surveys or attend ITA Group events.

In addition, when you visit our website, our servers will automatically log certain information such as your IP address, browser type, files requested and domain name. This information is collected primarily to improve our website through internal analytics, maintain security and to better meet our customer's needs.

Like many businesses, we also collect information through cookies and similar technologies. You can find out more about this in the Cookies section below.

2. Does ITA Group collect information about me from others?

There are limited circumstances in which we may receive information about you from others. For example, our clients may provide personal information about others (such as their employees, agents, suppliers or customers) in the course of using our products and services for the purposes of managing aspects of their business, or organizing events or incentive programs. In such cases, we are collecting the information purely on behalf of our client, on their instructions, and we do not have control over their privacy policies and practices. You should contact the client directly if you wish to object.

If you are providing us with personal information about someone else, please ensure that you are fully authorized to disclose that information to us – this means making sure the individual concerned is aware of your use of their personal information, that you are lawfully entitled to disclose it to us and they are informed of their rights in respect of that information. If you cannot ensure that these requirements are met, please do not disclose the information to us.

3. How does ITA Group use my personal information?

We will use your personal information to deliver our products and services to you. For example, to deliver the requested event, incentive or recognition program, to manage your client account, for general business administration, to respond to communications, notify you about our services, and to provide technical or client support.

We will only process personal information in ways that are compatible with the purposes for which we have collected it, or for purposes that you later authorize. Before we use your personal information for materially different purposes, we will provide you with the opportunity to opt out.

We may also use aggregated anonymized data for internal business purposes – such as for analytical/statistical purposes and for business forecasting – and to help improve our products and services.

4. Does ITA Group disclose my personal information to third parties?

There are only a limited number of parties with whom we share your personal information – these may include disclosures:

  • to our group companies (list available here) who will use your personal information only for the purposes that are disclosed in this policy;
  • to our customers on whose behalf we organize events or operate incentive and recognition programs (for example, we share your attendance at an event or participation in a reward program with the relevant customer);
  • to our third party services providers and partners who provide data processing services to us or who otherwise support the operation of our business and services (for example, to venue providers, and travel and accommodation providers, in order to enable your participation in an event, or fulfilment partners who help us to deliver awards when you redeem points through the incentive and recognition programs for operate for customers), or who otherwise process personal information for purposes that are described in this policy or notified to you when we collect your personal information;
  • to any competent law enforcement body, regulatory, government agency, court or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person;
  • to an actual or potential buyer (and its agents and advisers) in connection with any actual or proposed purchase, merger or acquisition of any part of our business, provided that we inform the buyer it must use your personal information only for the purposes disclosed in this Privacy Notice;
  • to any other person with your consent to the disclosure.

5. How does ITA Group keep my information secure?

When you are asked to provide personal information (as part of our products or services or on our corporate website), a "secure session" will first be established using SSL. This technology encodes information as it is being sent over the Internet between your computer and our secure servers. That helps ensure the information remains secure. You will know when a secure session is taking place and when it is not. Your browser uses a symbol – typically a key – as an indicator. When your session is secure, an unbroken key may appear; when your session is not secure, a broken key symbol may appear. Each time you visit our site, you should see an unbroken key.

PCI data and other more sensitive information – such as a credit/debit card number, Social Security Number, or Passport number – is only collected when needed to fulfill the services requested. This type of information is stored securely on our servers. ITA Group, Inc. is compliant with the Payment Card Industry Data Security Standard (PCI DSS). We contract with a PCI Approved Scanning Vendor (ASV) to provide regular security scanning of our cardholder data environment to maintain the integrity of our security measures.

Please however keep in mind that we cannot guarantee that the internet itself is 100% secure. Although we will do our best to protect your personal information, transmission of personal information to and from our site is at your own risk. You should only access our website and services within a secure environment.

6. Where does ITA Group store my information?

ITA Group's servers are located in the USA. If you are a non-US resident, this means that your personal information will be transferred to the USA.

EU-US and Swiss-US Privacy Shield

In relation to personal information we receive from the EU and Switzerland, ITA Group, Inc. and International Travel Associates Corporation participate and comply with the EU-US and Swiss-US Privacy Shield Frameworks as set forth by the US Department of Commerce. We commit to apply the Privacy Shield Principles to all personal information received from the EU and Switzerland in reliance on the Shield. For more information about the Privacy Shield, and to view our certification on the Privacy Shield List, please see the Privacy Shield website at www.privacyshield.gov.

For the purposes of enforcing compliance with the Privacy Shield, we are subject to the investigatory and enforcement authority of the US Federal Trade Commission.

If we receive your personal information in the US and subsequently transfer that information to a third party acting as an agent, and such third party agent processes your personal information in a manner inconsistent with the Privacy Shield Principles, we will remain responsible unless we can prove we are not responsible for the event giving rise to the damage.

You can direct any questions or complaints about the Privacy Shield to us using the contact details in Section 11 below. We will investigate and attempt to resolve any Shield-related complaints or disputes within forty five (45) days of receipt.

We have further committed to cooperate and comply with the panel of European data protection authorities (EU DPAs) and the Swiss Federal Data Protection and Information Commissioner (Swiss FDPIC) in the resolution of any Privacy Shield complaints. If you have an unresolved Privacy Shield complaint that we have not addressed satisfactorily, please contact your local EU DPA or the Swiss FDPIC, as applicable. The contact details of the EU DPAs can be found here.

You may also have the option to select binding arbitration for the resolution of your complaint under certain circumstances. To find out more about the Shield's binding arbitration scheme, please see https://www.privacyshield.gov/article?id=ANNEX-I-introduction.

7. Marketing emails

Where it is in accordance with your marketing preferences, the e-mail address you provide when requesting services or information from us may be used to communicate future information, including news and announcements, and information about our products and services. Any marketing related communications sent by ITA Group have an automatic opt-out link at the bottom of each communication. You may elect to remove yourself from further informational communications by selecting and confirming this link.

8. What rights do I have in relation to my personal information?

Where we collect personal information on our own behalf (and not on behalf of our clients), ITA Group will grant individuals with access to personal information that it holds about them, or to correct, amend or delete information, where required under the Privacy Shield or applicable law. These requests can be made by sending an email to privacy@itagroup.com or by using the contact details in Section 11 below. Please note that requests to access your personal information may be subject to a fee specified by applicable law. If you are a visitor from the European Economic Area, and you believe that we have not processed your personal information in accordance with the applicable provisions of the EU General Data Protection Regulation, you may lodge a complaint with the respective EU DPA.

Where we process personal information on behalf of our clients as part of the services we provide, we are not responsible for their use of the data and cannot control their data collection and privacy practices. Any individual who seeks to access, amend or delete their personal information should direct their query to the client in question. For example, if your employer has uploaded your personal information in the course of using our services, you should contact your employer directly.

We will only keep your personal information for as long as we require it for the purposes set out in this policy. However, we may also keep some of your personal information for specified period of time under certain laws – for example those relating to corporate governance, money laundering and financial reporting legislation – or, where your personal information is controlled by our customers, in accordance with our customers' instructions.

9. Does ITA Group use cookies?

Yes, we do. Cookies are small data files that are placed on your computer or mobile device when you visit a website or use online services. Many websites – including this one – use cookie technology to help users navigate efficiently and simplify the browsing experience as well as provide analytics information to help us improve our website and services.

Cookies set by the website owner (in this case, ITA Group) are called "first party cookies". Cookies set by parties other than the website owner are called "third party cookies". Third party cookies enable third party features or functionality to be provided on or through the website (e.g. like advertising, interactive content and analytics).

Type of cookies Who serves these cookies How to refuse
Essential website cookies: These cookies are strictly necessary to provide you with services available through our Website and Services and to use some of their features, such as the ability to sign in and access to secure areas. ITA Group Because these cookies are strictly necessary to deliver the Website and Services to you, you cannot refuse them.
You can block or delete them by changing your browser settings however, as described below under the heading "Controlling cookies?".
Performance and functionality cookies: These cookies are used to enhance the performance and functionality of our Website and Services but are non-essential to their use (e.g. to help us customize or localize content and features for you, to collect performance and error data). However, without these cookies, certain functionality may become unavailable. ITA Group
Marketo		 To refuse these cookies, please follow the instructions below under the heading "Controlling cookies?"
Analytics cookies: These cookies collect information that is used in aggregate form to help us understand how our Website and Services are being used or how effective are marketing campaigns are. Marketo
CrazyEgg
Google Analytics
Ion Interactive		 To refuse these cookies, please follow the instructions below under the heading "Controlling cookies?"
Alternatively, please click on the relevant opt-out link below:
Advertising cookies: These cookies are used to make advertising messages more relevant to you. They provide interest-based advertisements and retarget our ads on third party websites you visit. Adroll To refuse these cookies, please follow the instructions below under the heading "Controlling cookies?"
Alternatively, please click on the relevant opt-out link below:

Controlling cookies

You can set or amend your web browser controls to accept or refuse cookies. If you choose to reject cookies, you may still use our Website and Services through your access to some functionality and areas of our sites may be restricted. As the means by which you can refuse cookies through your web browser controls vary from browser-to-browser, you should visit your browser's help menu for more information. Here are the current relevant information pages for the main browsers:

In addition, most advertising networks offer you a way to opt out of targeted advertising. If you would like to find out more information, please visit http://www.aboutads.info/choices/, http://www.networkadvertising.org/choices/ or http://youronlinechoices.com/.


Do Not Track

“Do not track” refers to how Internet web browsers may request that a web application turn off tracking through the use of an HTTP header. ITA Group does not make use of this header. However, tracking that is done by cookies may be managed within your browser settings, as explained above.

10. Amendments to this Policy

ITA Group, Inc. may amend this policy from time to time and will post the updated policy on this site. You can see when it was last updated at the top of this policy. Please try to check on this page from time to time so that you can keep up to date with any changes.

If we make any material changes, we will post a prominent notice on the website, and/or notify you via email or through our services.

11. How do I contact ITA Group with questions or comments about this Policy?

If you have any questions about this policy or our privacy practices generally (including our Privacy Shield certification), please contact our Privacy team at privacy@itagroup.com or at our postal address:

ITA Group, Inc.
Privacy Team
Attention: General Counsel

4600 Westown Parkway
West Des Moines, Iowa 50266

Tel: +1 (800) 257-1985

The Visa Prepaid Card is issued by The Bancorp Bank, N.A., pursuant to a license from Visa U.S.A. Inc. The Bancorp Bank, N.A.; Member FDIC. The Visa Prepaid Card may not be used everywhere Visa debit cards are accepted.