Datalex is dedicated to the security and privacy of information provided to us. We take our obligations to protect the security and privacy of all information provided to us by our customers very seriously. Datalex is a data processor, which means that we do not consider the information transmitted to us from our customers or through their web-sites to be the property of Datalex. We treat it as customer confidential information and do not use it for any purpose not requested by our customer.

During the course of our business, Datalex receives, processes, stores and transmits information provided by end users to our customers. Datalex generally receives information as a step in an end-users process of purchasing our customer products or services. These are usually travel-related products such as airline tickets and hotel and car reservations. Typical information received includes traveler name, address, telephone number, age, credit card number, itinerary, personal travel preferences (e.g. meal or seating preference) and frequent flyer information.

This information is processed and formatted by Datalex and passed on to the internal or third-party reservation and ticketing systems, such as airline, car and hotel reservation systems, insurance providers, payment processors, and other service providers designated by our customer for further processing and fulfillment of your travel booking. Datalex follows our customer instructions regarding the processing, transmission and storage of this information and will not transmit any information to a third party unless explicitly instructed to do so by our customer.

Datalex is highly sensitive to the security of information provided to us. We employ physical security to prevent unauthorized access to the hardware on which data is store and processed. We maintain physical security, logical security and authentication to maintain data confidentiality within our networks and facilities. The specifications for our security are maintained in the Datalex Security Posture handbook. These are updated regularly as new threats are identified and new security measures are developed.

In general, information received by Datalex is received from you, through our customer, processed and re-transmitted within minutes. Datalex does maintain traveler profile information for some customers for a longer period of time. This data is usually accessible to you at the time of booking to ensure it is correct, or at other times to change, correct or update through our customer’s web-site. The most effective method of limiting the use and disclosure of your personal data is to use the tools provided on the website of your travel provider as we hold the data and process it on their instructions. If you are unable to get a response from your travel provider, contact Datalex at privacy@datalex.com and we will investigate your request.

Datalex complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States. Datalex has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/. Datalex is subject to the investigatory and enforcement powers of the Federal Trade Commission.

EU residents have a right to access data held by may access personal information held by Datalex by contacting the airline or other travel service provider who collected the information. In compliance with the Privacy Shield Principles, Datalex commits to resolve complaints about our collection or use of your personal information. EU individuals who are unable to access their personal information held by Datalex through their travel provider or who have inquiries or complaints regarding our Private Shield policy should first contact Datalex at privacy@datalex.com.

Datalex has further committed to cooperate with EU data protection authorities (DPAs) with regard to unresolved Privacy Shield complaints. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact the EU DPAs for more information or to file a complaint. The services of EU DPAs are provided at no cost to you.

Datalex designates the EU DPA panel as the body to address complaints regarding Datalex processing of personal information and to provide redress. In the United States Datalex is subject to the Department of Commerce. Individual complainants may invoke binding arbitration regarding any privacy dispute. Datalex will cooperate with public authorities when lawfully required to disclose personal information. Datalex will be liable for the improper transfer of personal information to third parties not including recipients designated by the data controller.

This policy specifically covers the activities of all Datalex group companies including Datalex (USA), Inc. and Datalex Tokenization, Inc.