UATP Is a Data Processor
Universal Air Travel Plan is the corporate travel payment network owned and issued by airlines around the world. As a data processor, UATP processes data on behalf of its business customers through its transaction processing system, by streamlining billing, and by providing travel managers with detailed activity reports that track a traveler’s carrier, destination and travel itinerary. In this capacity, UATP acts on the instructions of its business customers and does not own or have independent rights to control of the personal data it collects and/or processes on their behalf. For such data processing, UATP enters into agreements with its business customers in the EU and Switzerland, specifying that the EU or Swiss business customer recognizes that it (the customer) is a data controller or another data processor for the purpose of data protection legislation and is in compliance with the relevant Member State national law.
UATP Adheres to Privacy Shield Principles
UATP is committed to adhere to the principles of the EU-US and Swiss-US Privacy Shield frameworks with respect to personal data submitted by its customers in reliance on the Privacy Shield. UATP participates in the Privacy Shield Program and has certified that it adheres to the Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about these programs, and to view UATP’s certification, please visit www.privacyshield.gov .
Privacy Shield Principles
Notice and Choice
We may also use information we collect on our website to personalize the content, improve the content of our web page, and/or to provide you with product or service offers. We use “cookies” to operate the website (“essential cookies”) and other cookies to help us evaluate how our visitors use and navigate our web site on an aggregate basis, including the number and frequency of visitors to each web page and the length of their visits. You may indicate your consent to nonessential cookies by clicking where indicated on your first visit to this website and agree to each use of such information.
A cookie is a text-only string of information that a website transfers to the cookie file of the browser on your computer’s hard disk so that the website can remember who you are. A cookie will typically contain the name of the domain from which the cookie has come, the “lifetime” of the cookie, and a value, usually a randomly generated unique number.
EU and Swiss individuals have rights to access personal data about them and to limit use and disclosure of their personal data. With our Privacy Shield certification, UATP has committed to respect those rights. If you would like to request that we not continue to use information we collect about you for the marketing purposes described, please contact us at firstname.lastname@example.org.
You also have the ability to change your mind and accept or decline cookies at any time by modifying the settings in your browser. Information on how to do this should be provided in the web browser’s help/reference section. You can learn about how Google uses data by going to www.google.com/policies/privacy/partners/ and you can opt-out by downloading the Google Analytics opt-out browser add-on, available at https://tools.google.com/dlpage/gaoptout .
Where personal information is collected by UATP through means other than this website, the notice will be provided in clear and conspicuous language when you are first asked to provide such information. To the extent that UATP acts solely as a data processor when processing personal data on behalf of its business customers (EU or Swiss data controllers) UATP acts only on the instructions of such controllers and does not control or share such personal data without direction from the relevant data controller. In those instances, and to the extent provided for by applicable law, UATP may rely on its data controllers to satisfy the notice and consent principles under EU and EU Member State data protection law, and will only act on the instructions of that controller.
Accountability for Onward Transfers – Third Parties Who May Receive Personal Data.
UATP uses a limited number of third party service providers to assist us in providing our services to customers. These third party providers help us with certain technical operations, assist with the transmission of data, and provide data storage services. These third parties may process or store personal data in the course of providing their services. UATP maintains contracts with these third parties restricting their access, use, and disclosure of personal data in compliance with our Privacy Shield obligations. To the extent provided by the Privacy Shield principles, UATP remains responsible and liable under the Privacy Shield if a third party that UATP engages to process personal information on its behalf does so in a manner inconsistent with the Privacy Shield Principles, unless UATP proves that it is not responsible for the matter giving rise to the damage.
Security, Data Integrity and Purpose Limitation
UATP Handles EU and Swiss citizens’ personal data with appropriate care and safeguards. UATP has security measures in place to help protect personal data from loss, misuse, unauthorized access, disclosure, alteration, and destruction. UATP has a Privacy Administrator identified below who is responsible for the internal supervision of UATP’s privacy policies.
In addition, any data processing will be carried out with reasonable and appropriate security measures specified in the processing agreement between UATP and its customers. UATP will not disclose to third parties personal data processed, except as permitted or required by the agreement between UATP and the third party, the EU or Swiss Privacy Shield, or other applicable data protection law.
In addition, we may share information in the event of a bankruptcy, or a merger, acquisition, joint venture, or other business combination involving us.
Recourse and Enforcement
UATP’s commitments under the Privacy Shield are subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.
UATP makes a specific commitment to remedy any problems that may arise from an alleged failure of compliance with the above Principals. If you believe that UATP is not complying with the EU – U.S. and Swiss – U.S. Privacy Shield Principles or this policy, contact our company by mail, e-mail, or telephone at:
UATP will respond within 45 days. If our response does not address your concern, you may contact JAMS, an independent third-party dispute resolution body based in the United States. JAMS website is http://www.jamsadr.com/ and JAMS may be contacted via telephone at 1-800-352-5267. JAMS has committed to respond to complaints to provide recourse at no cost to you. If neither UATP nor JAMS resolves your complaint, you may have the possibility to engage in binding arbitration through the Privacy Shield Panel.
Updated: May 2018