PRIVACY POLICY

Updated December 7, 2022

At AmTrav, we know that everybody says, “We take privacy very seriously.” So ultimately what matters is not what we say, but what we do. And we’re out to demonstrate that, with respect to privacy, we will do everything in our power to do right by our customers.

We’ll start by explaining our privacy policy as clearly as we can, in plain English, written by a non-attorney.

We Collect Information About You

If you’re using our site, chances are we’re collecting information about you. Usually, this is information that we ask you to provide like your name or your email address or where you want to travel. In these cases, the information we collect comes directly from you.

If you are an employee of a company that manages their travel through AmTrav, your employer may also provide information about you. Your employer can provide information to us about you by having a designated Travel Administrator or Travel Coordinator use the “Users & Travelers” section on our web site; through a bulk data upload; via an Application Programmer’s Interface (API); or through a Single Sign On hand off (SSO).

There are other pieces of information that we gather less explicitly, through your browser or browser “cookies”, without directly asking you for it. This includes information about the computer or device you are using or your geolocation (where you are).

What we Store

We store most of the information we collect. Some of it we only store for brief periods, like for the duration of the time you are on our site, but most we store on a more long-term basis, for as long as there continues to be a business need for it.

The following is of list of things we store, but only when they are provided to us directly by yourself or your employer:

  • Your name
  • Your contact information (like an address, phone number, or email address)
  • Your password
  • Your date of birth, gender, and passport number
  • Certain Transportation Security Administration (TSA) numbers like a “known traveler number” or “redress number.”
  • Credit card numbers
  • Loyalty/membership numbers (e.g. airline frequent flyer numbers)
  • Travel preferences (like a preferred airline or that you prefer to stay in 4-star hotels)

We also store transaction data that we gather from searches you perform on our site or bookings that you complete. This data includes:

  • Booking details like what flights, hotels, and rental cars you have booked
  • Search details like what travel itineraries you have searched for
  • Pricing information for bookings made
  • Whether or not your booking adhered to your company’s travel policy and, if not, the reason you provided

Finally, we store other information that we collect about your session like:

  • Your IP address which identifies the computer or device you are contacting us from
  • The type of device and browser you are viewing our site from
  • Logs of your actions and requests while using our site
How We Use It

The information you provide us enables us to:

  • Book travel on your behalf by providing the travel supplier (e.g. an airline or hotel) with the information they need to create a booking
  • Generate reports for your employer on spend and patterns
  • Optimize your experience within our site
  • Communicate with you important information about your booking(s)
  • Evaluate the performance of our site and the quality of our products so that we can continually enhance our offering
How We Will NOT Use It

We will not use your personal information to market products or services to you without your explicit consent except for:

  • If you are a prospective customer who completes a form on our website asking for information about AmTrav, we will use the contact information you provided to contact you to discuss our services.
  • Within our site and while you are already logged on and using it, we will provide shortcuts to “add on” a product or service that relates to another you have booked. For instance, if you book a flight, we will offer a hotel at your destination.
Who We Share It With

From time to time it is necessary to share some of the information we collect with third parties. These include:

  • Suppliers like airlines, hotels, car rental companies with whom we share details necessary for bookings like your name and possibly phone number, email address, gender, date of birth, credit card information, membership program numbers, etc.
  • Third Party Vendors like credit card processors, Global Distribution Systems or other reservation system aggregators, who we use to facilitate bookings or payments.
  • Service Providers who you have authorized us to share information with, like Expense Management companies or Duty of Care providers.

Please understand that, although we select our partners very carefully with deep consideration of their privacy and security practices, we ultimately do not have control over how they operate. They are each subject to the laws and regulations that apply in their jurisdictions.

Under no circumstances, do we sell your personal data or offer it to third parties for commercial or marketing purposes.

Where We Keep It

Our platform is intended for use in the United States and we store information in the United States. If you use our site, we will assume you are acknowledging that and consenting to it.

How We Protect It

We go to really great lengths to protect your data from unauthorized access.

We encrypt all communications that involve your data using the latest encryption standards. Our team members have access to data only on a “need to know” basis and all such accesses are logged.

We are Payment Card Industry (PCI) Level One compliant (the most stringent level). Annually, we submit to an onsite audit and internal and external penetration test. In addition, we run internal and external vulnerability scans on our network at least once per quarter.

If we become aware of a security systems breach that may have compromised your personal data, we will notify you promptly in accordance with applicable laws.

When & Why We Contact You

We ask for your contact information like your email address and, in some cases, phone number because sometimes it’s necessary for us or a supplier to contact you about a booking you have made for yourself or others. We promise not to abuse that trust. When we communicate with you it’s because:

  • We are confirming a purchase that you made or an action that you took on our site
  • There is an issue with a purchase you made that we need to make you aware of (e.g. your credit card declined or your flight was canceled)
  • You have asked us, and ayour employer has authorized us, to contact you to approve certain transactions made by others in accordance with your company travel policy
  • We are responding to an inquiry that you made or are asking for feedback on our service

We will not send any other types of communications without consent from you or your employer.

What Your Rights Are

As a user of our service or visitor of our website, you have the following rights:

  • You can see and update the profile data we are storing about you by logging in and clicking “My Profile”
  • You can edit or remove information within your profile, or you can request that we do it for you (see “How You Can Reach Us”)
  • You can request that any other of your personal data that we are storing be removed, although removing certain transactional records would require your employer’s consent as doing so may impact the accuracy of their travel reports
  • You can opt out of any communications you do not wish to receive, with the exception of “transactional” emails that are triggered by something you did or bought on our site
  • You can disable cookies in your browser and/or turn off geo-location services on your device to limit what we can collect
How You Can Reach Us

We want you to be confident that your data is secure. If you have any concerns or objections regarding privacy or our use of your personal data, please contact us. You can reach out to your AmTrav account manager or you can send an email to privacy@AmTrav.com whose distribution group includes our CEO and our CIO, who is also our Data Protection Officer.