This Privacy Policy was last modified on April 15, 2026.
1. Overview
The following Privacy Policy (this "Policy") governs the data collection and handling practices for the Cooleaf mobile applications/apps (the "Cooleaf App") and the Cooleaf platform web site located at login.cooleaf.com (the "Cooleaf Site"), owned and managed by ITA Group, Inc.("ITA Group", "we", "us" or "our"). The Cooleaf App, the Cooleaf Site and the related content, applications, tools, technology and services that that we offer through them, are referred to collectively as the "Cooleaf Platform" or the "Platform". References to "you" and your" mean any individual who accesses, uses, or interacts with the Platform, including users, participants, or other authorized individuals.
This Policy describes:
- The types of information we may collect or that you may provide when you download, register with, access, or use the Platform.
- Our practices for collecting, using, maintaining, protecting, disclosing, and retaining that information.
2. Scope of this Policy
This Policy applies only to information we collect on or through the Platform. This Policy DOES NOT apply to information that we collect outside of the Platform, or that you provide to or is collected by any third party, which may have their own privacy policies that we encourage you to read before providing your information on or through them (see "Third-Party Information Collection" below).
Please read this Policy carefully to understand our policies and practices regarding your information and how we will treat it. In using the Platform, you agree to be bound by this Policy. If you do not accept the terms of this Policy you may not access or use the Platform and you should discontinue your use of it.
This Policy may change from time to time (see "Amendments to this Policy" below). Your continued use of the Platform after we revise this Policy means you accept those changes, so please check this Policy periodically for updates.
3. How We Collect Information
We collect information from and about users of the Platform:
-From your employer, when they request our services.
- Directly from you when you provide it to us.
- Automatically when you use the Platform.
However, we will only collect such information for the purposes of providing the services to you, and when we do so, we will act only in accordance with your instructions or those of our client (typically your employer or otherwise in line with this Privacy Policy).
3.1 Information You Provide Directly to Us
When you download, register with, access, or use any aspect of the Platform, we may ask you to provide the following types of information:
- Information by which you may be personally identified, including but not limited to, your name, postal address, email address, and telephone number ("personal information").
- Payment information, including but not limited to, credit card information.
This information may be provided by you in the following ways:
- Filling in forms on the Platform. This includes information that you may provide when downloading, registering with, accessing, or using any aspect of the Platform, when requesting further services, and when reporting problems with the Platform.
- Contacting us. This includes information you may provide when you correspond with us, including, but not limited to, email addresses and phone numbers.
- Participating in surveys. This includes information you may provide when you respond to surveys that we might ask you to complete for research purposes.
- Carrying out transactions. Details of transactions you carry out through the Platform and of the fulfillment of your orders. You may be required to provide financial information before placing an order through the Platform.
- Searching within the Platform. This includes information you may provide when you perform search queries on the Platform.
If you provide information for publication or display ("Posted") on public areas of the Platform or websites you access through the Platform (collectively, "User Contributions"), then your User Contributions are Posted and transmitted to others at your own risk. Additionally, we cannot control the actions of third parties with whom you may choose to share your User Contributions. Therefore, we cannot and do not guarantee that your User Contributions will not be viewed by unauthorized persons.
3.2 Automatic Information Collection and Tracking
When you download, register with, access, or use any aspect of the Platform, the Platform may use technology to automatically collect:
- Usage Details. When you access and use the Platform, we may automatically collect certain details of your access to and use of the Platform, including traffic data, location data, logs, and other communication data and the resources that you access and use on or through the Platform.
- Device Information. We may collect information about your mobile device and internet connection, including the device's unique device identifier, IP address, operating system, browser type, mobile network information, and the device's telephone number.
- Stored Information and Files. The Platform may also access metadata and other information associated with other files stored on your device. This may include, at the user's election, for example, photographs to upload a profile photo to the Platform.
If you do not want us to collect any of the above information, then you may decide not to use the Platform or not to download the mobile application, or delete the mobile application from your device. For more information, see "Your Choices About Our Collection, Use, and Disclosure of Your Information" below.
The technologies we use for automatic information collection may include:
- Cookies (or mobile cookies). A cookie is a small file placed on your smartphone or your internet browser. It may be possible to refuse to accept mobile cookies by activating the appropriate setting on your smartphone or browser. However, if you select this setting you may be unable to access certain parts of our App as the Platform uses only strictly necessary cookies
- Web Beacons. The Platform and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit Cooleaf, for example, to count users who have visited those pages or opened an email and for other related app statistics (for example, recording the popularity of certain app content and verifying system and server integrity).
3.3 Third-Party Information Collection
When you use the Platform or its content, a third party named Pendo may use automatic information collection technologies to collect information about your activity on the Platform. This information is used only to solve any issues you may have with the Platform, and is not shared with other parties.
4. Step Data (Apple HealthKit and Google Fit)
The Platform offers its users option to voluntarily make a connection with their Apple HealthKit or Google Fit data to participate in step challenges, subject to the user's explicit permission. With users' consent, the Platform communicates with the HealthKit or Google Fit to collect only a user's step count.
Step data is used only in administering the step challenge program. We do not use your step count for advertising or similar services, and we'll never share your data with any third-party vendor. Apple HealthKit data is handled in accordance with Apple HealthKit guidelines, and Google Fit data is handled in accordance with Google Fit's Developer and User Data Policy. For more information, please see Apple's and Google's respective privacy documentation.
Step data may be considered consumer health data in some states and may be considered sensitive personal information. We do not collect or process your step data to uniquely identify you. However, step data may be combined with other personal information to provide you with the features, services, and benefits of the Platform. If step data and personal information is combined, some states may consider this to be sensitive personal information, therefore we will not collect step data without your express permission. If you choose not to enable step data functionality, some features and services of the Platform may be unavailable to you. Step data is accessed only after you grant permission and you can revoke the Platform's permission to access your data in HealthKit or Google Fit by adjusting your sharing settings within Apple Health or Google Fit at any time.
We will not share your step data with third-parties unless: (1) it is necessary to complete the services; (2) you give us express permission to do so; and (3) the third party receiving the step data also provided a health, fitness, or medical research service. We will not sell your step data.
5. How We Use Your Information
We use information that we collect about you or that you provide to us, including any personal information, to:
- Provide you with the Platform and its contents, and any other information, products, or services that you or your employer request from us.
- Fulfill any other purpose for which you provide it.
- Carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection.
- Notify you when updates for the Platform are available, and of changes to any products or services we offer or provide though it.
The usage information we collect helps us to improve the Platform and to deliver a better and more personalized experience by enabling us to:
- Estimate our audience size and usage patterns.
- Store information about your preferences, allowing us to customize the Platform according to your individual interests.
- Speed up your searches.
- Recognize you when you use the Platform.
We may also use your information to contact you about goods and services that may be of interest to you, including our own good and services. For more information, see "Your Choices About Our Collection, Use, and Disclosure of Your Information" below.
6. Disclosure of Your Information
We may disclose aggregated information about our users, and information that does not identify any individual without restriction.
In addition, we may disclose personal information that we collect or you provide:
To our subsidiaries and affiliates.
- To contractors, service providers, and other third parties we use to support our business.
- For any other purpose disclosed by us when you provide the information.
- With your consent.
- To comply with any court order, law, or legal process, including to respond to any government or regulatory request.
- To enforce our rights arising from any contracts entered into between you and us and for billing and collection.
- If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of ITA Group, our customers, or others.
7. Your Choices About Our Collection, Use, and Disclosure of Your Information
This section describes mechanisms that we provide for you to control certain uses and disclosures of your information.
7.1 Tracking Technologies. You can set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent. However, if you disable or refuse cookies or block the use of other tracking technologies, some parts of the Platform may then be inaccessible or not function properly as the cookies embedded in the Platform are strictly necessary.
7.2 Promotion by the Platform. You can opt-out of receiving promotional materials by logging into the Platform and adjusting your user preferences in your account profile or by selecting "unsubscribe" in emails we send to you.
California residents may have additional personal information rights and choices. Please see "Additional Disclosures for California Consumers" below for more information.
8. Accessing and Correcting Your Personal Information
You can review and change your personal information by logging into the Platform and visiting your account profile page.
You may also send us an email at privacy@itagroup.com to request access to, correct, or delete any personal information that you have provided to us. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.
If you delete your User Contributions from the Platform, copies of your User Contributions may remain viewable in cached and archived pages, or might have been copied or stored by other Platform users.
California residents may have additional personal information rights and choices. Please see "Additional Disclosures for California Consumers" below for more information.
9. Additional Disclosures for California Consumers
California law requires that we provide California residents with some additional information regarding how we collect, use, and disclose your "personal information" (as defined in the California Consumer Protection Act, as modified by the California Privacy Rights Act (together, the "CCPA")). Throughout this Privacy Policy, we discuss in detail the specific pieces of information we collect from you or your device and discuss how we use and share such information. The rights described in this section are subject to exemptions and other limitations under applicable law.
Terms used in this section have the meaning ascribed to them in the CCPA. We are a "business."
9.1 Notice at Collection and Use of Personal Information
Information We Collect
As described in detail in the "How We Collect Information" section above, in the last 12 months we may have collected the following categories of information about you through the Platform:
Geolocation data and step data may be combined with other personal information to create "precise geolocation data," or uniquely identifiable consumer health data, which is considered sensitive personal information under Section 1798.140(ae) of the California Consumer Privacy Act. We collect this information only with your express consent to provide certain features of the Platform, including the step challenge program. We will not sell this data, and may only share this data with your express consent.
Please see the "How We Collect Information" section of our Policy to learn more about the types of information we collect and how we collect them.
Purpose for Collection and Use of Information
We also may collect and use personal information from California resident clients for the purposes described above in the "How We Use Your Information" section.
Sale or Sharing of Personal Information
We do not sell your personal information (as "sell" is defined under the CCPA).
We also do not share your personal information (as "share" is defined under the CCPA) through use of the Platform. In the preceding 12 months, the following categories of personal information were disclosed to the following categories of third parties:
Categories of personal Information: Name, email, IP address, company name, mailing address.
Categories of third parties: third party suppliers who assist in performing the services, for example, shipping or fulfillment partners.
How Long We Keep Information
We retain your personal information as described above in the "How long does ITA Group retain my data?" section.
9.2 Our Collection, Use, and Disclosure of Personal Information and Sensitive Personal Information
What Information We Have Collected and Our Purpose for Collecting the Information
In the preceding 12 months, depending on how you interact with us, we may have collected the categories of personal information listed above in the "How We Use Your Information" section. We may collect all or a few of these categories of personal information for the business or commercial purposes identified in the "How We Use Your Information" section.
Sources of Personal Information
The categories of sources from which we collect personal information are those described in the "Information We Collect" and the "Third-Party Information Collection" sections of this Privacy Policy.
Our Disclosure of Personal Information
As stated above, we do not sell or share your personal information (as "sell" and "share" are defined under the CCPA). Accordingly, we also do not sell or share the personal information of California Residents under 16 years old. In the preceding 12 months, we may have disclosed for a business purpose the categories of personal information listed above in the "Information We Collect" section to the third parties listed in the "Disclosure of Your Information" section. We may disclose personal information to all of the third parties listed above to comply with our legal obligations or for the business or commercial purposes identified above in the "How We Use Your Information" section.
In addition, we may disclose and in the preceding 12 months, may have disclosed for all of the categories of personal information identified in the "Information We Collect" section, to the following categories of third parties: (i) judicial courts, regulators, or other government agents purporting to have jurisdiction over us, our subsidiaries or our affiliates, or opposing counsel and parties to litigation; and (ii) other third parties as may otherwise be permitted by law. We may disclose the categories of personal information identified in the "How We Collect Information" section for the business or commercial purposes identified above in the "Disclosure of Your Information" section. Additionally, we may disclose your personal information to third parties upon your request, at your direction, or with your consent.
We may also disclose your personal information or otherwise make it available to our service providers such as our CRM providers, other entities that have agreed to limitations on the use of your personal information, or entities that fit within other exemptions or exceptions in, or as otherwise permitted by, the CCPA.
As noted in the "How We Collect Information" and "Step Data" sections, under the CCPA, certain personal information we collect and process may be considered "sensitive personal information." The CCPA requires that we provide you with a right to limit our use or disclosure of such sensitive personal information if we use such information beyond the permitted purposes allowed under the CCPA. Currently, we are not using or disclosing your sensitive personal information beyond the limited permitted purposes allowed under the CCPA, and therefore California residents cannot request that we further limit such processing.
9.3 California Residents' Rights under the CCPA
The CCPA, provides California residents with the following rights to their personal information, including the right to:
The CCPA does not restrict our ability to do certain things like comply with other laws or comply with regulatory investigations. We also reserve the right to retain, and not to delete, certain personal information after receipt of a Request to Delete from you where permitted by the CCPA or another law or regulation.
9.4 How to Submit a Request Under the CCPA
You may submit a Request to Know, Request to Correct or Request to Delete ("Consumer Rights Request"), as described above, through the following toll-free telephone number +1 (800) 257-1985 or by e-mailing us at privacy@itagroup.com or refer to our contact details in the "How do I contact ITA Group with questions or comments about this Policy?" of this Privacy Policy.
Please note that to protect your personal information, we will verify your identity by a method appropriate to the type of request you are making. Such information may include, at a minimum, depending on the sensitivity of the information you are requesting and the type of request you are making, your name and email address. Any information gathered as part of the verification process will be used for verification purposes only. You may also submit a request via your authorized agent. We may also request that your authorized agent have written permission from you to make requests on your behalf, and we may also need to verify your authorized agent's identity to protect your personal information.
As mentioned above, ITA Group may provide third parties with certain personal information to provide or improve our products and services, for example to deliver products or services at your request. In such cases, we require those third parties to handle the information in accordance with applicable laws and regulations.
10. Additional Disclosures for Other State Law Consumers
Nevada Residents
Nevada residents who wish to exercise their sale opt-out rights under Nevada Revised Statutes Chapter 603A may submit a request to this designated address: privacy@itagroup.com. However, please know we do not sell data triggering that statute's opt-out requirements.
Residents of Virginia, Colorado, Nevada, Connecticut, Utah, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas and Other States with Similar Privacy Laws.
Eligible residents of Virginia, Colorado, Nevada, Connecticut, Utah, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, and states with other similar laws that may be applicable ("Covered States") also have rights with respect to the Personal Information that we collect about you. This section supplements this Privacy Notice and applies solely to eligible residents of Covered States.
Any terms not defined in this section have the same meaning as defined under applicable Covered State privacy law, including the Virginia Consumer Data Protection Act, Colorado Privacy Act, Nevada Privacy of Information Collected on the Internet from Consumers Act, Connecticut Data Privacy Act, Utah Consumer Privacy Act, Delaware Personal Data Privacy Act, Indiana Consumer Data Protection Act, Iowa Consumer Data Protection Act, Kentucky Consumer Data Privacy Act, Maryland Online Data Privacy Act, Minnesota Consumer Data Privacy Act, Montana Consumer Data Privacy Act, Nebraska Data Privacy Act, New Hampshire Data Privacy Act, New Jersey Data Privacy Law, Oregon Consumer Data Privacy Act, Rhode Island Data Transparency and Privacy Protection Act, Tennessee Information Protection Act, and Texas Data Privacy and Security Act ("Covered State Laws"). Subject to certain exceptions, if you are an eligible resident of one of these states and the Covered State Law of your state of residency applies to us, you have certain privacy rights which may include, depending on your state of residency:
Right to Access: You have the right to confirm whether we process your personal information and access such personal information. You also have the right to obtain your personal information in a portable, and to the extent reasonable feasible, readily usable format that you can transmit without hinderance.
Right to Delete: You have the right to request that we delete the personal information you have provided to us or that we have otherwise obtained about you.
Right to Correct: You have the right to request that we correct inaccuracies in your personal information, taking into account the nature of the personal information and the purposes of the processing of your personal information.
Right to Opt Out: You have the right to opt out of the processing of your personal information for the purposes of (i) targeted advertising, (ii) the sale of your personal information and (iii) profiling in furtherance of decisions, including, for eligible residents of Connecticut, solely automated decisions, that produce legal or similarly significant effects. We do not "sell" your information as defined in Covered State Laws.
Right to Appeal: You have the right to appeal our decision with regard to your request to exercise any rights described herein.
We are registered with the State of Iowa as ITA Group, Inc. and have the following domestic affiliates: International Travel Associates, Inc., Chadwick Martin Bailey, Inc., and Hartmann Studios, Inc.
To exercise the rights described above, please submit a consumer request to us by email at privacy@itagroup.com or contacting us via US Mail or telephone at the contact information set forth below.
Complaints
If you have any complaint about use of the Platform, you may contact us by email at privacy@itagroup.com or by postal mail at 7000 Vista Drive, Suite 370, West Des Moines, Iowa 50266. In accordance with California Civil Code Section 1789.3, California residents may also file complaints with the Complaint Assistance Unit, Division of Consumer Services, California Department of Consumer Affairs by postal mail at 1625 North Market Road, Suite N112, Sacramento, CA 95834 or by telephone at 800-952-5210.
Changes to Our California Notice
We reserve the right to amend this California Notice at our discretion and at any time. When we make changes to this California Notice, we will post the updated California Notice on the Platform and update the California Notice's effective date. Your continued use of our Platform following the posting of changes constitutes your acceptance of such changes.
11. How long does ITA Group retain my data?
We will only keep your personal information for as long as we require it for the purposes set out in this policy. However, we may also keep some of your personal information for a specified period of time under our data retention policy, and as required by certain laws - for example those relating to corporate governance, money laundering and financial reporting legislation - or, where your personal information is controlled by our clients, in accordance with our clients' instructions.
12. How does ITA Group keep my information secure?
We implement appropriate technical and organisational security measures to protect the personal information we collect and use about you. When you are asked to provide personal information (as part of our products or services or on our corporate website), a "secure session" will first be established using SSL. This technology encodes information as it is being sent over the Internet between your computer and our secure servers. That helps ensure the information remains secure. You will know when a secure session is taking place and when it is not. Your browser uses a symbol - typically a key or padlock - as an indicator. When your session is secure, an unbroken key may appear; when your session is not secure, a broken key symbol may appear. Each time you visit our site, you should see an unbroken key.
PCI data and other more sensitive information - such as a credit/debit card number, Social Security Number, or Passport number - is only collected when necessary to fulfill the services requested. This type of information is stored securely on our servers. ITA Group, Inc. is compliant with the Payment Card Industry Data Security Standard (PCI DSS). We contract with a PCI Approved Scanning Vendor (ASV) to provide regular security scanning of our cardholder data environment to maintain the integrity of our security measures.
Please however keep in mind that we cannot guarantee that the internet itself is 100% secure. Although we will do our best to protect your personal information, transmission of personal information to and from our site is at your own risk. You should only access our website and services within a secure environment.
13. Where does ITA Group store and process my information?
ITA Group's servers are located in the USA. If you are a non-US resident, this means that your personal information will be transferred to the USA. We have taken the following appropriate safeguards to ensure that the personal information of residents of the EU/EEA, the United Kingdom, and Switzerland will be protected when transferred to the USA in accordance with this Privacy Policy.
Data Privacy Framework
ITA Group, Inc. and International Travel Associates Inc. participate and comply with the EU-US Data Privacy Framework ("EU-US DPF"), the UK Extension to the EU-US DPF, and the Swiss-US Data Privacy Framework ("Swiss-US DPF"), as set forth by the US Department of Commerce. We have certified to the US Department of Commerce that we commit to comply with the EU-US DPF Principles with regards to the processing of personal information received from the European Union in reliance on the EU-US DPF, and from the United Kingdom in reliance on the UK Extension to the EU-US DPF. We have also certified to the US Department of Commerce that we commit to comply with the Swiss-US DPF Principles with regards to the processing of personal information received from Switzerland in reliance on the Swiss-US DPF (collectively, the "DPF Principles"). If there is any conflict between the terms in this privacy policy and the DPF Principles, the DPF Principles shall govern.
To learn more about the DPF, and to view our certification, please visit: https://www.dataprivacyframework.gov/.
Our compliance with the DPF Principles is subject to the investigatory and enforcement authority of the US Federal Trade Commission ("FTC").
If we receive your personal information in the US and subsequently transfer that information to a third party acting as our agent, and such third party agent processes your personal information in a manner inconsistent with the DPF Principles, then we will remain liable unless we can prove we are not responsible for the event giving rise to the damage.
If you have any questions or complaints about our DPF certification, you can contact us by using the contact details in the "How do I contact ITA Group with questions or comments about this Policy?" section below.
We will investigate and attempt to resolve any DPF-related complaints or disputes within forty-five (45) days of receipt.
We have further committed to cooperate and comply with the panel of European Data Protection Authorities (EU DPAs), the UK Information Commissioner's Office (ICO), and the Swiss Federal Data Protection and Information Commissioner (Swiss FDPIC) as our designated independent recourse mechanisms. As such, if you have a DPF-related complaint which you believe we have not addressed or resolved to your satisfaction, please contact your local EU DPA, the UK ICO, or the Swiss FDPIC, as applicable. These services are provided free of charge to you. The contact details of the EU DPAs, the UK ICO, and the Swiss FDPIC can be found here respectively:
https://edpb.europa.eu/about-edpb/about-edpb/members_en;
https://ico.org.uk/global/contact-us/contact-us-public/; and https://www.edoeb.admin.ch/edoeb/en/home/deredoeb/kontakt/kontaktformular_uebrige.html.
If neither ITA Group nor the EU DPAs, UK ICO or Swiss FDIC (as applicable) can resolve your complaint, you may also have the option to invoke binding arbitration for the resolution of your complaint under certain circumstances. To find out more about the DPF's binding arbitration scheme, please see https://www.dataprivacyframework.gov/s/article/How-to-Submit-a-Complaint-Relating-to-a-Participating-Organization-s-Compliance-with-the-DPF-Principles-dpf.
Standard Contractual Clauses
In addition to our participation and compliance with the DPF Frameworks, we have implemented the European Commission Standard Contractual Clauses ("SCCs") as an additional data transfer mechanism for transfers between ITA Group companies, or from clients based in the European Economic Area ("EEA"), which require all group companies to protect personal information from the EEA in accordance with EU law. More details are available on request.
14. Marketing emails
Where it is in accordance with your marketing preferences, the e-mail address you provide when requesting services or information from us may be used to communicate future information, including news and announcements, and information about our products and services. Any marketing related communications sent by ITA Group have an automatic opt-out link at the bottom of each communication. You may elect to remove yourself from further informational communications by selecting and confirming this link.
15. Legal basis (EEA and UK visitors only)
In most cases we are acting on the instructions of its clients, who determine the legal basis.
Where we collect personal information on our own behalf and where you are a visitor from the EEA or UK, our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it.
We will normally collect personal information from you only where we have your consent to do so, where we need the personal information to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of another person.
If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, or for more details on our legitimate interests, please contact us using the contact details provided in the "How do I contact ITA Group" section below.
16. What rights do I have in relation to my personal information?
Depending on your location, your jurisdiction, and subject to applicable law, you may have certain rights with regard to the personal information we control about you. We will respond to your requests within the appropriate timeline under applicable law.
Where we process personal information on behalf of our clients as part of the services we provide, we are not responsible for their use of the data and cannot control their data collection and privacy practices. Any individual who seeks to exercise their rights should direct their query to the client in question. For example, if your employer has uploaded your personal information in the course of using our services, you should contact your employer directly. We will respond to requests from clients in accordance with applicable law and our service agreement with the relevant client.
Where we collect personal information on our own behalf (and not on behalf of our clients), ITA Group will grant individuals their rights, where required under the DPF or applicable law. California consumers should see the section below "Additional Disclosures for California Consumers" for more detailed information. Residents of certain other states may have rights under applicable law; see the section below "Additional Disclosures for Other State Consumers" for more detailed information.
If the processing of personal information about you is subject to EU, UK, or Swiss data protection law, you have certain rights with respect to that data.
GDPR
The General Data Protection Regulation ("GDPR") provides EU data subjects several privacy rights. Those rights include the following:
In addition, to the extent that we process any of your personal information on the basis of your consent, you have the right to withdraw that consent at any time, without affecting the lawfulness of processing that was based on your consent before its withdrawal. Please note that each of these rights may be subject to limitations or exceptions under applicable law. Please note that requests to access your personal information may be subject to a fee specified by applicable law. Consult your legal counsel for information about what rights are available to you and under what circumstances they apply. Please contact us using the contact information in the "How do I contact ITA Group with questions or comments about this Policy?" section below for assistance in exercising your rights.
If you are a natural person residing in the EU and at any time you believe we have violated one of your rights listed above, or if you believe we are in violation of one or more of the provisions of the GDPR, you have the right to lodge a complaint with a Data Protection Authority. More information about the Data Protection Authorities can be found at https://commission.europa.eu/law/law-topic/data-protection/reform/what-are-data-protection-authorities-dpas_en
Additional Countries (other than EU and US)
Some additional countries, including the UK and Switzerland, may provide their citizens with rights similar to the rights granted to EU citizens under the GDPR. This may include rights to:
The exact scope of these rights may vary by country. To exercise any of these rights please contact us by one of the methods set forth in the "How do I contact ITA Group with questions or comments about this Policy?" section below.
17. Underage Persons
Our website, products, and services are intended for use by persons who are at least 13 years of age. If you are younger than 13, you may not access, attempt to access, or use our website, products, and services. We do not knowingly collect or allow the collection of personal information from persons under the age of 13. If we learn that we have collected the personal information of someone under the age of 13, we will take appropriate steps to delete this information. If you are a parent or guardian of someone under the age of 13 and discover that your child has submitted personal information, you may contact us via one of the methods set forth in the "How do I contact ITA Group with questions or comments about this Policy?" section below and ask us to remove your child's personal information from our systems.
18. Amendments to this Policy
ITA Group, Inc. may amend this policy from time to time and will post the updated policy on this site. You can see when it was last updated at the top of this policy. Please try to check on this page from time to time so that you can keep up to date with any changes.
If we make any material changes, we will take appropriate measure to inform you, consistent with the significance of the change, for example, posting a prominent notice on the website, and/or notifying you via email or through our services.
You can choose to withdraw your permission for us to use your personal information if at any time it will be used for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by you. You can withdraw your permission by sending an email to privacy@itagroup.com or by using the contact details in the "How do I contact ITA Group with questions or comments about this Policy?" section below.
19. How do I contact ITA Group with questions or comments about this Policy?
If you have any questions about this policy or our privacy practices generally (including our DPF certification), please contact our Privacy team at privacy@itagroup.com or at our postal address:
ITA Group, Inc.
Privacy Team
Attention: Chief Legal Officer
7000 Vista Drive
West Des Moines, Iowa 50266
Tel: +1 (800) 257-1985
EEA or UK visitors: where we process information on behalf of our clients, the data controller is the relevant client (typically your employer or group leader); where we process information on our own behalf, the data controller is ITA Group Inc.