EU-U.S. PRIVACY SHIELD POLICY – COMMITMENT TO YOUR PRIVACY

Travel and Transport (“Travel and Transport”) respects individual privacy and values the confidence of its customers, employees, business partners and others.  Not only does Travel and Transport strive to collect, use and disclose Personal Information in a manner consistent with the laws of the countries in which it does business, but it also has a tradition of upholding the highest ethical standards in its business practices.  This EU-U.S. Privacy Shield Policy (this “Policy”) sets forth the privacy principles Travel and Transport follows with respect to transfers of Personal Information from the European Economic Area (“EEA”) (which includes the twenty-seven member states of the European Union (“EU”) plus Iceland, Liechtenstein and Norway) to the United States.

 

EU-U.S. PRIVACY SHIELD PRINCIPLES

The United States Department of Commerce and the European Commission have agreed on a set of data protection principles to enable U.S. companies to satisfy the requirement under European Union law that adequate protection be given to Personal Information transferred from the EEA to the United States (the “EU-U.S. Privacy Shield”). The EEA also has recognized the EU-U.S. Privacy Shield as providing adequate data protection (Decision C (2016) 4176 final, 12.7.2016, Article 1 (1)).  Consistent with its commitment to protect personal privacy, Travel and Transport complies with the principles set forth in the EU-U.S. Privacy Shield (the “Privacy Shield Principles”) and has certified to the Department of Commerce that it adheres to the Privacy Shield Principles.  If there is any conflict between the terms contained this Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.  To learn more about the EU-U.S. Privacy Shield, and to view our certification, please visit https://www.privacyshield.gov.

 

SCOPE

This Policy applies to all Personal Information, including the employee information described below, received by Travel and Transport in the United States from the EEA, in any format, including electronic, paper or verbal.

 

DEFINITIONS

For purposes of this Policy, the following definitions shall apply:

“Agent” means any third party that collects or uses Personal Information under the instructions of, and solely for, Travel and Transport or to which Travel and Transport discloses Personal Information for use on Travel and Transport’s behalf.

“Personal Information” and “Personal Data” means data about an identified or identifiable individual that are within the scope of the EU-U.S. Privacy Shield, received by an organization in the United States from the EU, and recorded in any form.

“Processing” of Personal Data means any operation or set of operations which is performed upon Personal Data, whether or not by automated means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure or dissemination, and erasure or destruction.

“Travel and Transport” means Travel and Transport, Inc., its predecessors, successors, subsidiaries, divisions and groups in the United States.

EMPLOYEE INFORMATION

Travel and Transport collects Personal Information from and about contingent workers, employees, former employees and prospective employees.  Such Personal Information can include a person’s name, contact information, social security or government-issued identification number, financial information, education and employment history, information about one’s family (spouse and dependents, for example), and job performance and development.  The primary purpose for collecting such Personal Information is to carry out the employment relationship, including, without limitation, payment, compensation planning and related transactions, providing and managing benefits, performance management, career development, training, staffing, considering candidates for open positions, personnel security issues, and statistical analysis.

PRIVACY PRINCIPLES

The privacy principles in this Policy have been developed based on the Privacy Shield Principles.

NOTICE: Where Travel and Transport collects Personal Information directly from individuals in the EEA, it will inform them about the purposes for which it collects and uses Personal Information about them, the types of third parties to which Travel and Transport discloses that information, the choices and means, if any, Travel and Transport offers individuals for limiting the use and disclosure of Personal Information about them, and how to contact Travel and Transport.  Notice will be provided in clear and conspicuous language when individuals are first asked to provide Personal Information to Travel and Transport, or as soon as practicable thereafter, and in any event before Travel and Transport uses or discloses the information for a purpose other than that for which it was originally collected.

Where Travel and Transport receives Personal Information from its subsidiaries, affiliates or other entities in the EEA, it will use and disclose such information in accordance with the notices provided by such entities and the choices made by the individuals to whom such Personal Information relates.

ACCOUNTABILITY FOR ONWARD TRANSFER: Travel and Transport uses a limited number of third party service providers or Agents to assist us in providing our services to customers and/or Travel and Transport employees.  Travel and Transport will obtain assurances from said entities that they will safeguard Personal Information consistently with this Policy.  Examples of appropriate assurances that may be provided by said entities include: a contract obligating the entity to provide at least the same level of protection as is required by the relevant Privacy Shield Principles, being subject to EU Directive 95/46/EC (the EU Data Protection Directive), EU-U.S. Privacy Shield certification by the entity, or being subject to another European Commission adequacy finding (e.g., companies located in Canada).  Where Travel and Transport has knowledge that an entity is using or disclosing Personal Information in a manner contrary to this Policy, Travel and Transport will take reasonable steps to prevent or stop the use or disclosure.  Travel and Transport acknowledges its potential liability in cases of its onward transfer of Personal Information to third parties that do not meet the standards set forth in this paragraph.

SECURITY:  Travel and Transport will take reasonable precautions to protect Personal Information in its possession from loss, misuse and unauthorized access, disclosure, alteration and destruction.

DATA INTEGRITY AND PURPOSE LIMITATION:  Travel and Transport will use Personal Information only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual. Travel and Transport will take reasonable steps to ensure that Personal Information is relevant to its intended use, accurate, complete and current.  Travel and Transport will only collect and store Personal Information that is relevant to fulfill the purpose of the request and will retain such information no longer than appropriate to fulfill the purpose of the request.

ACCESS:  Upon request, Travel and Transport will grant individuals reasonable access to Personal Information that it holds about them and to request limitations on how Travel and Transport uses or discloses Personal Information about you.  In addition, Travel and Transport will take reasonable steps to permit individuals to correct, amend or delete information that is demonstrated to be inaccurate or incomplete.

RECOURSE, ENFORCEMENT AND LIABILITY:  Travel and Transport will conduct compliance audits of its relevant privacy practices to verify adherence to this Policy.  Any employee that Travel and Transport determines is in violation of this policy will be subject to disciplinary action up to and including termination of employment.

DISPUTE RESOLUTION:  In compliance with the Privacy Shield Principles, Travel and Transport commits to resolve complaints about our collection or use of your Personal Information.  Individuals in the European Union with inquiries or complaints that do not involve employee Personal Information should first contact Travel and Transport’s General Counsel at the address given below.  If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.

If you have a complaint involving employee Personal Information as described above, you may contact the EU data protection authority (DPA) in your country.  The list of EU DPAs can be found at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.

Travel and Transport agrees to cooperate with the EU DPAs and comply with the advice of such authorities with regard to employee Personal Information transferred from the EU in the context of the employment relationship.

As a last resort, privacy complaints that remain unresolved after pursuing these and other channels may be subject to binding arbitration before the Privacy Shield Panel as described in the Privacy Shield Agreement, Annex I, to be created jointly by the U.S. Department of Commerce and the European Commission.

U.S. FEDERAL TRADE COMMISSION ENFORCEMENT:  Travel and Transport’s commitments under the EU-U.S. Privacy Shield are subject to the investigatory and enforcement powers of the United States Federal Trade Commission.

LIMITATION ON APPLICATION OF PRINCIPLES

Adherence by Travel and Transport to these Privacy Shield Principles may be limited (a) to the extent required to respond to a legal or ethical obligation; (b) to the extent necessary to meet national security, public interest or law enforcement obligations; and (c) to the extent expressly permitted by an applicable law, rule or regulation.

CONTACT INFORMATION

Questions or comments regarding this Policy should be submitted to Travel and Transport’s General Counsel by mail to:

General Counsel

Travel and Transport, Inc.

2120 S. 72nd Street

Suite 700

Omaha, Nebraska  68124

Or by e-mail to the Travel and Transport Privacy Office.

CHANGES TO THIS EU-U.S. PRIVACY SHIELD POLICY

This Policy may be amended from time to time, consistent with the requirements of the Privacy Shield Principles. A notice will be posted on the Travel and Transport web page (www.tandt.com) for 60 days whenever this Privacy Shield Policy is changed in a material way.

EFFECTIVE DATE: September 14, 2016