Your California Privacy Rights
Effective January 1, 2020
This policy applies to all of ATA’s divisions and brands, including CET Academic Programs and Professionals Abroad.
The information we collectATA collects two kinds of information from you when you visit any of our websites (academic-travel.com and cetacademicprograms.com) and CET’s online account management system. First, we automatically collect information from you any time you visit an ATA webpage. This information is non-personally identifiable and may include data about your hardware devices, geographic location based on IP address, browser type, use of our website, and referring third party websites. Second, we collect the information that you provide when you:
- Interact with a promotional email,
- Submit any form—either hardcopy or electronic, or
- Either send to us, or ask a third party to send to us, any information we request. When completing our hardcopy forms or the electronic forms on our websites or online account management system, you may disclose to us:
- Personal and contact information, such as name, postal address, telephone number, and email address.
- Travel information, such as flight, hotel and vehicle reservation information, as well as confirmation codes and e-ticket numbers.
- Identity information, such as passport number, birth date, and gender.
- Financial information, such as credit card number and expiration date.
- Health information (such as dietary requests, wheelchair use during travel, or other medical needs).
- Governmental identifiers, such as Transportation Security Administration (TSA) Redress Number and Known Traveler Number.
- Information about your educational background, performance and goals.
- Other information necessary for participation in an ATA program.
- Job applications: Information about your education, work and military history, citizenship or legal work eligibility status, and other information relevant to specific jobs for which you wish to apply, such as whether you are at least 18 years of age.
How we use the information we collect within ATAATA may use the information you provide to:
- Provide our services.
- Process, evaluate, and respond to your requests, inquiries, and applications.
- Contact you (such as by text message, email, prerecorded or automated phone calls, live phone calls, mail, push notifications, or messages on third-party platforms).
- Provide transactional information (such as updates about purchased travel and tours).
- Send you marketing communications, offers, and invitations to events, which may be based upon previous interactions with our sites, services and modelling of your personal information.
- Tailor our products, services, and advertising for you, including anticipating your likely preferences based on information concerning your previous travel with us, previous transactions, or communications with us, any of which we may combine with other information we have about you, and which may be based on our modelling of your personal information.
- Determine appropriate advertising channels and venues and to place ads on such channels and venues, including social networking sites, and to promote ATA products through those channels.
- Measure and manage the effectiveness of our advertising and marketing.
- Conduct surveys, and perform market research and data analytics.
- Operating, evaluating, and improving our business in other ways, including through analysis and research.
- Create aggregated or otherwise anonymized data, which we may use and disclose without restriction.
- Verify your identity, protecting against and preventing fraud, unauthorized activity, claims and other liabilities, and managing risk exposure.
- Maintain the operational availability and reliability of our IT systems with infrastructure backups and testing (which may use a copy of live data where test data is not practical).
- Understand the way our websites and online account management system are used, and the way our products are selected.
- Assess your suitability for an ATA, Professionals Abroad, or CET program and/or CET scholarship award.
- Prepare ATA staff for your participation in an ATA program.
- Evaluate your job application and contacting you regarding possible employment.
- For any other purpose described in this Privacy Notice.
The information we may share with othersWe do not rent or sell our mailing list, and we do not share information with third parties for their direct marketing purposes with the exception of sharing the information of high school and pre-college program participants with Dickinson College. We share student information with Dickinson College to facilitate the credit-granting process. Dickinson College may also use this information to market to students. ATA may also share select information with partner institutions solely for the purpose of processing a transcript through that institution to award credit to you. We do not distribute information about you to third parties, with the following exceptions:
- We may provide information to our service providers, including but not limited to other travel, transportation and hospitality companies, host and partner organizations, tour providers and insurance providers, so that these third-party organizations can perform the services we request of them.
- We may share health and dietary information with service providers such as hotels and bus companies to help meet your needs and preferences while traveling.
- We may share health information with service providers such as insurers and health providers as needed to provide you with medical treatment, especially in an emergency.
- We may post some information about you, including but not limited to your name, your home institution or a photo/video/blog post/film that includes or references you, to our websites or otherwise use it to promote ATA products in print, online or in person. Consult the Terms and Conditions for your program or tour for details on opting out of the use of your image in promotional materials.
- We may provide information to US embassies overseas, foreign consulates and/or foreign law enforcement organizations in order to obtain visas or visa documentation and/or register individuals in the host city for safety purposes.
- We reserve the right to share information about our customers and/or website users to any other third party when such disclosure is necessary to comply with the law.
- We may disclose personal data about you (i) if we are required to do so by laws or legal process, (ii) to law enforcement authorities under appropriate circumstances, or (iii) when we believe disclosure is necessary or appropriate for health and safety of any person, to prevent harm or loss or in connection with an investigation of suspected or actual illegal activity.
- We share personal data with companies that assist us with the uses and disclosures of personal data described in this policy. Examples include data backup companies and email service providers.
- We may transfer personal data in connection with a corporate transaction, business sale, merger, consolidation, divesture, change in control, transfer of substantial assets, bankruptcy, liquidation or reorganization, or as part of pre-transaction review in relation to these transactions. Whether the recipient of data in these cases will handle the data pursuant to this Privacy Notice depends on applicable law and other factors.
- Some third parties’ embedded content, pixels, or plugins on websites and in our emails, such as third party analytics and ad tech companies, Facebook “Like” buttons on our websites or apps, may allow their operators to use cookie IDs, device IDs, IP address, and other technology to learn that you have visited or interacted with us and how, they may use this information to create inferences about you, and they may combine this information with other, identifiable information they have collected about your visits to other websites or online services. These third parties may handle this information, and other information they directly collect through their content, pixels, and plugins, pursuant to their own privacy policies.
Our use of website cookies
We use internal cookies for session maintenance when you provide information to an ATA website or online account management system. A “cookie” is a small string of text that is sent to your computer hard drive or device that can collect data regarding your operating system, browser type, device type, mobile device ID, screen resolution, IP address and other technical information. Cookies can also enable us to track and target the interests of our users to enhance their experience on our site. Cookies, by themselves, do not personally identify users unless you choose to provide that information. Cookies do identify a user’s computer. Any information that is obtained through a cookie is information that you have voluntarily submitted through the site.
You may accept or decline cookies. Most web browsers automatically accept cookies, but you can typically modify browser settings to decline them. Declining cookies will result in being unable to fully utilize the interactive features of ATA’s websites and online account management system.
International transfer of personal dataATA is based in the United States and has locations in other countries. The recipients of the personal data disclosures described in the “How we share your personal data” section above may be located in the United States or elsewhere in the world. Privacy laws in these foreign countries may not provide protections equivalent to those of your country of residence, and your government may or may not deem such protections adequate. Our legal basis for handling your personal data The laws in some jurisdictions require companies to tell you about the legal ground they rely on to use or disclose your personal data. To the extent those laws apply, our legal grounds are as follows:
- To honor our contractual commitments to you: Much of our processing of personal data is to meet our contractual obligations to our customers, or to take steps at customers’ request in anticipation of entering into a contract with them. For example, we handle personal data on this basis for some of our travel, tour, education, reservation, and ticketing operations.
- Consent: Where required by applicable law, and in some other cases, we handle personal data on the basis of your implied or express consent.
- Legitimate interests: In many cases, we handle personal data on the ground that it furthers our legitimate interests in commercial activities such as the following in ways that are not overridden by the interests or fundamental rights and freedoms of the affected individuals: a) Providing a safe and enjoyable travel and educational experience b) Customer service c) Marketing d) Protecting our customers, personnel and property e) Analyzing and improving our business f) Processing job applications g) Managing legal issues
- We may also process personal data for the legitimate interests of our service providers, and business partners.
- Legal compliance: We need to use and disclose personal data in certain ways to comply with our legal obligations (such as our obligation to share data with the TSA).
- To protect the vital interests of the individual or others: For example, we may collect or share personal data to help resolve an urgent medical situation.
How you may change your information or opt out of ATA communications
You can request that ATA edit, provide a copy, or delete your information through the Data Subject Request page on ATA’s website (https://www.academic-travel.com/privacy-center/). CET students can also update their personal information at any time by logging in to their account. You have a right not to receive discriminatory treatment by ATA for the exercise of your privacy rights conferred by the law. Any marketing communications that you receive from ATA will include an unsubscribe feature. You can elect not to receive marketing emails without affecting your ability to participate in an ATA program. Opting out of all ATA communications will prevent your participation on an ATA program in most cases, and you may forfeit payment if applicable according to the payment terms for your program.
You may request that ATA purge information about you that we hold. In some cases, ATA is required to retain information about accidents or adverse circumstances to protect our company, our customers, and our partners. However, upon request, we will either delete or anonymize information held about you to the greatest extent possible through use of our data collection systems and while still complying with our legal obligations. Please also note that asking to have your data removed may prevent you from participating on an ATA program.
Do not track
ATA does not track its customers over time and across third party websites to provide targeted advertising and therefore does not respond to Do Not Track (DNT) signals. However, some third-party sites do keep track of your browsing activities when they serve you content, which enables them to tailor what they present to you.
Our website is not intended for use by children under the age of 13, and we do not knowingly collect personal information from children under the age of 13. Any information required for children under the age of 13 to participate on an ATA program should be submitted and managed by a verified parent or guardian.
A consumer may use an authorized agent to submit a request to know or a request to delete information. When a consumer uses an authorized agent to submit a request to know or a request to delete, ATA may require that the consumer: provide the authorized agent written permission to do so; and verify their own identity directly with the business. ATA may deny a request from an agent that does not submit proof that they have been authorized by the consumer to act on their behalf.
For California residents: If you want an authorized agent to submit a “Delete My Personal Information” or “Access My Personal Information” request on your behalf, the authorized agent must provide proof of their registration with the California Secretary of State, as well as proof that you gave the authorized agent written permission to submit the request(s) on your behalf. We may also require you to verify your identity with us. Likewise, if you want an authorized agent to submit a “Do Not Sell My Personal Information” instruction on your behalf, the authorized agent must provide proof of their registration with the California Secretary of State, as well as proof that you gave the authorized agent written permission to submit the instruction on your behalf.
For residents of all locations outside of California: To act on a data subject request, ATA requires a notarized power of attorney for information about adults, or for requests about the information of minors, a notarized birth certificate or other official document proving the requester’s relationship to the minor. Additional proof of identity and relationship to the data subject may also be required.
Third parties and linked websites
How we abide by the law
Our main office is located in the United States. Information collected in the United States will be held in compliance with United States law. The privacy and data protection laws in the United States may not be equivalent to the laws in others countries. Where applicable, such as within the European Union, data collected about you outside of the United States will be held in a manner compliant with local regulations.
ATA will share information with law enforcement agencies outside the United States as required to legally operate in those countries and to safeguard our travelers, students and partners while operating in those countries.
How we keep data secure
We take precautions to protect your information, and have in place physical, electronic, and managerial procedures to protect the information we collect.
We use encryption to protect sensitive information transmitted online. You can verify that information transmitted to us electronically is secured by looking for a closed lock icon at the top of your web browser, or by looking for “https” at the beginning of the address of the web page.
Offline, the computers/servers on which we store personally identifiable information are kept in a secure environment, and only employees who need the information to perform a specific task are granted access to personally identifiable information.
However, as effective as these measures are, no security system is impenetrable. We cannot guarantee the security of your data, nor can we guarantee that the information you supply will not be intercepted while being transmitted to us over the Internet.
How to contact us
Any request you make to the Data Privacy Office must include your name, email address, phone number, mailing address and any other information that may identify you, such as the booking reference (e.g., confirmation number or record locator number), the dates on which the travel took place, and any other relevant information that will assist us to identify you. For certain requests, you must also provide a photocopy of your passport or driver’s license so we can verify your identity.
To exercise your rights under applicable privacy law, to raise a privacy concern, or to make a data-related request, please submit your request to our Data Privacy Office at https://www.academic-travel.com/privacy-center/, by calling 800.556.7896, or at the mailing address below:
Data Privacy Office
Academic Travel Abroad, Inc.
1155 Connecticut Avenue NW, Suite 300
Washington, DC 20036
For basic requests (like a change of address), you can also reach our customer care representatives at 800.556.7896.
How we may make changes to this policy