Skip to content

Privacy Policy

Last updated: February 7, 2025

ATA Freight Line Ltd. (“ATA,”"we," "us," or "our") is committed to protecting your Personal Data. We take the collection of Personal Data from our consumers seriously and are committed to protecting your Personal Data in accordance with this Privacy Policy. Please read below to learn how we collect, use, store, and disclose ("process" or “processing”) Personal Data when you use our services ("Services"), such as when you:

  • Visit our website at [URL of new site], or any website or portal of ours that links to this privacy policy (“Site”)
  • Engage with us in other related ways, including any sales, marketing, or events
  • Download and use our mobile application, or any other application of ours that links to this privacy policy

If after reviewing this Privacy Policy you do not agree with our policies and practices, please discontinue your visit to our Site and do not use our Services. By visiting our Site and using our Services, including through submitting information through a Site, you acknowledge and agree that ATA may process your Personal Data as described in this Privacy Policy. 

Questions or concerns? If you have any questions that aren’t answered in this Privacy Policy, you can always contact us at legal@ata.com 

What Types of Information We Collect

We collect information that identifies, relates to, is reasonably capable of being associated with a particular living person or household (“Personal Information”). Privacy laws around the world describe Personal Information using a number of different terms, including personal data, personal information, and personally identifiable information. In this Privacy Policy, we use the term Personal Information to mean the same thing as these other terms. Where a specific type of personal data has its own definition, we will provide that definition and use that name specifically (such as Sensitive Personal Information). 

The following table shows the categories of Personal Information we collect, the sources of those categories of Personal Information, and the types of consumers affected.

Category of Personal Information

Examples

Sources of Information

Types of Consumers Affected

Identifiers

First and last name (or initials), postal address, Internet Protocol (IP) address, email address, account name, payment information, Social Security Number, or other similar identifiers.
  • Directly from you.
  • From third parties on your behalf, such as when they provide your name and address. 
  • Indirectly from you, such as through automated collection technologies.
  • From our Affiliates, service providers, or contractors.
  • Site users
  • Customers
  • Contractors (and their employees)
  • Service providers (and their employees)
  • Job applicants and employees

Personal Information under California Civil Code Section 1798.80(e)

Name, signature, Social Security Number, address, telephone number, bank account name and number, other financial information, insurance policy number, health insurance information, and other information described under this law. 

Note that some Personal Information described in this category overlaps with other categories.
  • Directly from you.
  • From our Affiliates, service providers or contractors.
  • Site users (if you provide this information to us)
  • Customers (if you provide this information to us)
  • Contractors (and their employees)
  • Service providers (and their employees)
  • Job applicants and employees

Protected Classification Characteristics

Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).
  • Directly from you.
  • From our Affiliates, service providers or contractors.
  • Job applicants and employees

Account Information

Bank account or payment card details
  • Directly from you.
  • Customers (if you provide this information to us)
  • Contractors (and their employees)
  • Service providers (and their employees)
  • Job applicants and employees

Commercial Information

Records of products or services purchased or considered, or other purchasing history or tendencies.
  • Directly from you.
  • From our Affiliates, service providers or contractors.
 Site users

Internet or Other Similar Network Activity

Browsing history, search history, information on a consumer’s interaction with the Site, or advertisements.
  • Indirectly from you, such as through automated collection technologies.
  • From service providers or contractors.
  • Site users
  • Customers
  • Job applicants and employees

Geolocation Data

Physical location or movements.
  • Directly from you.
  • Indirectly from you, such as through automated collection technologies.
  • From our Affiliates, service providers or contractors.
  • Site users
  • Customers
  • Contractors (and their employees) if permitted or required by applicable contract
  • Service providers (and their employees) if permitted or required by applicable contract

Professional or Employment-Related Information

Current or past job history or performance evaluations.
  • Directly from you.
  • From service providers or contractors.
  • Job applicants and employees

Non-Public Education Information

Education records related to a student maintained by an educational institution or a party action on its behalf, such as grades, transcripts, class lists, schedules, financial information, or disciplinary records.
  • Directly from you.
  • Job applicants and employees

Inferences

Profile information reflecting a consumer’s preferences, characteristics, behavior, attitudes, or other similar information.
  • We generate this information internally.
  • From our Affiliates, service providers or contractors.
  • Site Users
  • Job applicants and employees

Sensitive Personal Information

Social Security Number, driver’s license, state identification card, or passport number, racial or ethnic origin, union membership, information related to a consumer’s citizenship or immigration status.
  • Directly from you.
  • Job applicants and employees

 

Please note that there are places on our Site where a third party can provide your Personal Data (or you can provide a third party’s Personal Data). If you provide a third party’s Personal Data through the use of these features, you are making a representation that you have that third party’s permission to provide their Personal Data and that they have agreed to the terms of this Privacy Policy. Where such features are made available, we will only use that information for the purpose for which it is given and does not otherwise store or use that information.

A Note about Location Data. We collect location data such as information about your device's location, which can be either precise or imprecise. How much information we collect depends on the type and settings of the device you use to access the Services. For example, we may use GPS and other technologies to collect geolocation data that tells us your current location (based on your IP address). You can opt out of allowing us to collect this information either by refusing access to the information or by disabling your Location setting on your device. However, if you choose to opt out, you may not be able to use certain aspects of the Services.

Our use of Sensitive Personal Information. 

We only use the sensitive personal information that we collect as necessary to perform the services the average person would reasonably expect when requesting those services or for legal compliance purposes. We limit the use of Sensitive Personal Information to detecting security incidents, to maintaining the quality of our services, or for other purposes not granted the right to opt out under the California Consumer Privacy Act. ATA does not infer characteristics from the sensitive personal information that we collect.

If you do not provide personal data

Where we need to collect personal information by law or pursuant to a contract with you and you do not provide the requested data, we may not be able to perform the contract we have entered into or are trying to enter into with you. In this case, we will inform you at that time and we reserve the right to cancel a service you have contracted with us.

Usage Data

When you access our Site and use our Services, we may automatically collect certain information through the use of cookies or other similar tracking technologies.  This information does not reveal your specific identity (like your name or contact information) but may include device, internet traffic and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Services, and other technical information. This information is primarily needed to maintain the security and operation of our Services, and for our internal analytics and reporting purposes.

A cookie is a piece of data contained in a very small text file that is stored in your browser or elsewhere on your hard drive. Cookies allow us to identify your device as you navigate our Site or your account. This makes navigating and interacting with our Site or your account more efficient, easy, and meaningful for you.  Cookies do not, by themselves, identify you, but they recognize your web browser.  If you have also otherwise identified yourself to us, such as signing in to your account, then we would have that information.  We use both session and persistent cookies. Session cookies are cookies that disappear from your computer or browser when you turn off your computer. Persistent cookies stay on your computer even after you’ve turned it off. To learn more about our use of cookies, please see our <<Cookie Policy>>.

The information we collect includes:

  • Log and Usage Data. Log and usage data is service-related, diagnostic, usage, and performance information our servers automatically collect when you access or use our Services and which we record in log files. Depending on how you interact with us, this log data may include your IP address, device information, browser type, and settings and information about your activity in the Services (such as the date/time stamps associated with your usage, pages and files viewed, searches, and other actions you take such as which features you use), device event information (such as system activity, error reports (sometimes called "crash dumps"), and hardware settings).
  • Device Data. We collect device data such as information about your computer, phone, tablet, or other device you use to access the Services. Depending on the device used, this device data may include information such as your IP address (or proxy server), device and application identification numbers, location, browser type, hardware model, Internet service provider and/or mobile carrier, operating system, and system configuration information.

 You have the option of using your browser settings to opt-out of most categories of cookies other than Strictly Necessary Cookies.  Global Privacy Control (GPC) is a technical specification that you can use to inform websites of your privacy preferences in regard to ad trackers. To set up GPC, you can visit the Global Privacy Control "About” page at <https://globalprivacycontrol.org/>. If you do choose to set up GPC, we will automatically turn off all non-required cookies on our Sites for you. Please note that this may impact the functionality of our Sites.

Information We Receive from Third Parties

We may receive Personal Information from our Affiliates within our group of companies. We may also receive Personal Information if you use any of the other websites we operate or other services we provide. We may also receive information from third parties (such as advertising networks and analytics providers) and from other sources, including business directories and other commercially or publicly available sources

How We Process Your Personal Information

We process your Personal Information for a variety of reasons, depending on how you interact with our Services.  The table below shows the purposes for which we use your information and the legal basis upon which we rely for such processing, including:

Purpose/Activity

Data Type

Legal basis for processing, including legitimate interest

To facilitate account creation and authentication and otherwise manage user accounts. We may process your information so you can create and log in to your account, as well as keep your account in working order.

(a) Identifiers

(b) Personal Information under California Civil Code Section 1798.80(e)

(c) Account Information

(d) Commercial Data

(e) Internet or Similar network activity

(f) Geolocation Data

(g) Usage Data

 

Performance of a contract with you

Consent

To provide and perform our services to the user, including processing of orders and purchases, pick up, delivery, and tracking of shipments. We may process your information to provide you with the requested service.

(a) Identifiers

(b) Personal Information under California Civil Code Section 1798.80(e)

(c) Account Information

(d) Commercial Data

(e) Geolocation Data

(f) Usage Data

Performance of a contract with you

Consent

To personalize the shipments and live tracking information that users receive.

(a) Identifiers

(b) Personal Information under California Civil Code Section 1798.80(e)

(c) Commercial Data

(d) Geolocation Data

(e) Usage Data 

Performance of a contract with you

Consent

To receive payments from users and/or make payments to users in accordance with a separate agreement if applicable

(a) Identifiers

(b) Personal Information under California Civil Code Section 1798.80(e)

(c) Account Information

(d) Commercial Data

(e) Usage Data

Performance of a contract with you

Consent

To respond to user inquiries/offer support to users. We may process your information to respond to your inquiries and solve any potential issues you might have with the requested service.

(a) Identifiers

(b) Personal Information under California Civil Code Section 1798.80(e)

(c) Commercial Data

(d) Geolocation Data

(e) Usage Data 

Performance of a contract with you

Consent

To send administrative information to you. We may process your information to send you details about our products and services, changes to our terms and policies, and other similar information.

(a) Identifiers

(b) Personal Information under California Civil Code Section 1798.80(e)

(c) Commercial Data

(d) Internet or Similar network activity

(e) Geolocation Data

(f) Usage Data

Performance of a contract with you

Consent

Legitimate Interests

To request feedback. We may process your information when necessary to request feedback and to contact you about your use of our Services.

(a) Identifiers

(b) Personal Information under California Civil Code Section 1798.80(e)

(c) Commercial Data

(d) Geolocation Data

(e) Usage Data

(f) Inferences

Legitimate Interests

To send you marketing and promotional communications. We may process the Personal Information you send to us for our marketing purposes, if this is in accordance with your marketing preferences. We may also send you surveys and questionnaires, such as for market research or customer satisfaction purposes.

You can opt out of our marketing emails at any time. For more information, see "WHAT ARE YOUR PRIVACY RIGHTS?" below.

Where you have given your consent, we may permit selected third parties to provide you with information about services we feel may interest you. 

(a) Identifiers

(b) Personal Information under California Civil Code Section 1798.80(e)

(c) Commercial Data

(d) Internet or Similar network activity

(e) Geolocation Data

(f) Usage Data

(g) Inferences

Legitimate Interests

Consent

To publish testimonials on our Site, Apps, or social networking pages. We may publish your user experience with our services with your consent.

(a) Identifiers

(b) Personal Information under California Civil Code Section 1798.80(e)

(c) Commercial Data

Consent

To deliver targeted advertising to you. We may process your information to develop and display personalized content and advertising tailored to your interests, location, and more.

(a) Identifiers

(b) Personal Information under California Civil Code Section 1798.80(e)

(c) Commercial Data

(e) Internet or Similar network activity

(f) Geolocation Data

(g) Usage Data

(h) Inferences

Legitimate Interests

To administer our Site and for internal operations.  We may process your information as part running and maintaining our Site, including for troubleshooting, data analysis, testing, research, statistical and survey purposes.

(a) Identifiers

(b) Personal Information under California Civil Code Section 1798.80(e)

(c) Account Information

(d) Commercial Data

(e) Internet or Similar network activity

(f) Geolocation Data

(g) Usage Data

(h) Inferences

Legitimate Interests

To manage your application and employment relationship with us. We may process your information to evaluate an employment opportunity, establish an employment contract; for payroll, HR and other legal obligations.

(a) Identifiers

(b) Personal Information under California Civil Code Section 1798.80(e)

(c) Professional or Employment-related Information

(d) Non-public Education Information

(e) Sensitive Personal Information

Legitimate Interests

To improve and to protect our Services. We may process your information as part of our efforts to keep our Services safe and secure, including fraud monitoring and prevention.

(a) Identifiers

(b) Personal Information under California Civil Code Section 1798.80(e)

(c) Commercial Data

(d) Internet or Similar network activity

(e) Geolocation Data

(f) Usage Data

(g) Inferences

Legitimate Interests

To identify usage trends. We may process information about how you use our Services to better understand how they are being used so we can improve them.

(a) Identifiers

(b) Personal Information under California Civil Code Section 1798.80(e)

(c) Commercial Data

(d) Internet or Similar network activity

(e) Geolocation Data

(f) Usage Data

(g) Inferences

Legitimate Interests

To determine the effectiveness of our marketing and promotional campaigns. We may process your information to better understand how to provide marketing and promotional campaigns that are most relevant to you.

(a) Identifiers

(b) Personal Information under California Civil Code Section 1798.80(e)

(c) Commercial Data

(d) Internet or Similar network activity

(e) Geolocation Data

(f) Usage Data

(g) Inferences

Legitimate Interests

To comply with legal obligations, to administer our agreements and terms, to enforce or defend our legal rights or to respond to legal process. 

(a) Identifiers

(b) Personal Information under California Civil Code Section 1798.80(e)

(c) Account Information

(d) Commercial Data

(e) Internet or Similar network activity

(f) Geolocation Data

(g) Usage Data

(h) Inferences

Legitimate Interests

In the event of a sale of part or all of our company or any affiliate, or of any of our assets or those of any affiliated company, in which case the Personal Information held by us may be one of the transferred assets.  We may share your Personal Information with the third party in connection of such sales. 

(a) Identifiers

(b) Personal Information under California Civil Code Section 1798.80(e)

(c) Account Information

(d) Commercial Data

(e) Internet or Similar network activity

(f) Geolocation Data

(g) Usage Data

(h) Inferences

(i) Professional or Employment-related Information

(j) Non-Public Education Information

(k) Sensitive Personal Information

Legitimate Interests

 

Where the legal basis for processing your Personal Information is our legitimate interests, those interests are to use Personal Information to conduct and develop our business activities with users and with others in order to support our reputation and increase our revenues, while limiting the use of Personal Information to those purposes that strictly support the conduct and development of our business within the reasonable expectation of the individuals concerned.

Limitation or Change of Purpose

We will only use your Personal Information for the purposes for which we collected it or another purpose which we disclose to you that is compatible with the original purpose. If you would like an explanation of the compatibility of the processing for the new purpose with the original purpose, please contact us.

If we need to use your Personal Information for incompatible purposes, we will notify you to either get your consent or to explain the legal basis that allows us to do so.

Please note that if we are required to or permitted by law, we may process your Personal Information without your knowledge or consent, in accordance with the above rules.

Disclosure of Your Personal Information

We may disclose your Personal Information to a third party for a business purpose. When we disclose Personal Information for a business purpose, such as when our service providers need to process your Personal Information, we enter into a contract with the third party recipient that describes the purpose and requires them to both keep that Personal Information confidential and not use it for any purpose except performing the contract.

We share your Personal Information with the following categories of third parties:

  • Entities in our corporate group of companies, including our subsidiaries, ultimate holding company and their subsidiaries, and/or our affiliates;
  • Service providers or contractors, including payment processors, hosting providers, auditors, advisors, consultants, customer service providers, support providers, and internet cookie data recipients (e.g. Google Analytics);
  • Our business partners;
  • Government entities, including judicial and regulatory authorities or law enforcement authorities, or other organizations pursuant to lawful requests;
  • Successors (or potential successors) to all or part of our business;
  • Any third party if you have consented or directed us to do so.

In the past twelve (12) months, we have shared Personal Information with the following categories of third party entities.

  • Entities in our corporate group of companies, including our subsidiaries, ultimate holding company and their subsidiaries, and/or our affiliates;
  • Service providers or contractors, including internet cookie data recipients, such as Google Analytics.

 

We do not sell or share your Personal Information to third parties, including for their direct marketing purposes unless we have your explicit and informed consent.

We reserve the right to disclose any de-identified or aggregate information about users, which do not include personally identifiable information, with third parties. 

Where We Store Your Personal Data

The information that we collect from you (including Personal Information) may be transferred to, and stored at, a destination outside of the country in which you initial provided or we collected it. It may also be processed by staff operating outside your country who work for us, for one of our suppliers or one of our business partners. By submitting your information, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your information is treated securely and in accordance with this policy.

How Long Do We Retain Your Personal Data

We will retain your Personal Information for as long as reasonably necessary to fulfil the purposes for which we collected it, including to meet any legal, regulatory, tax, accounting or reporting requirements. For example, we may retain your Personal Information as long as your user account remains open.  In general, we will retain relevant Personal Information of Site users for up to three (3) years from the date of our last interaction with you and in compliance with our obligations under applicable laws. In general, we will retain relevant Personal Information of our customers for up to five (5) years from the date of termination of the relevant agreement with you.

In the event we reasonably believe that we may need your Personal Data to enforce or defend our legal rights, we may retain your Personal Data for a longer period of time.  

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes by other means, as well as applicable legal, regulatory, tax, accounting or other obligations.

How Do We Keep Your Information Safe 

We have implemented appropriate and reasonable technical and organizational security measures designed to protect the security and integrity of any Personal Information we process. In addition, we limit access to your Personal Information to employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Information on our instructions and are subject to a duty of confidentiality. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Although we will do our best to protect your personal information, transmission of personal information to and from our Services is at your own risk. You should only access the Site and use the Services within a secure environment.

What Are Your Privacy Rights

You have rights under certain US state data protection laws. However, these rights are not absolute, and in certain cases, we may decline your request as permitted by law.

If you are a California resident

As modified by the California Privacy Rights Act, the California Consumer Privacy Act ensures that California consumers have the following rights with respect to the collection, use, sharing, sale, and other processing of their Personal Information:

  • The right to know what Personal Information has been collected about you, including the categories of Personal Information, the categories of sources from which the Personal Information is collected, the business or commercial purpose for collecting, selling, or sharing persona information, the categories of third parties to whom we disclose Personal Information, and the specific pieces of Personal Information we have collected about you;
  • The right to access the Personal Information, including to obtain a copy that can easily be sent to another data controller;
  • The right to request the deletion of your Personal Information, subject to certain exceptions;
  • The right to correct inaccurate Personal Information;
  • The right to opt-out of the sale or sharing of your Personal Information;
  • The right to request the limitation of the use and disclosure of your Sensitive Personal Information;
  • The right to opt-in to sale or sharing of your Personal Information (if you have previously affirmatively opted-out); and,
  • The right not to be discriminated against for exercising any of your rights with respect to your Personal Information.

We will not discriminate against you for exercising any of your California privacy rights. Unless permitted by applicable law, we will not: 

  • Deny you goods or services;
  • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties;
  • Provide you a different level or quality of goods or services; or,
  • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

To exercise your California privacy rights, please see the section below on How to Exercise State Consumer Privacy Rights.

Other California Privacy Rights

California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our Websites that are California residents to request certain information regarding our disclosure of Personal Information to third parties for their direct marketing purposes. To make such a request, please send an email to [legal@ata.com] or contact us using the information provided in the “Contact Us” section.

If you are a Texas Resident

The Texas’ Data Privacy and Security Act provides you with the following consumer rights: 

  • Right to Access – you may ask us to confirm whether we are processing your personal information and to access the personal information;
  • Right to Correct – you may ask us to correct any inaccuracies in your personal information;
  • Right to Delete – you may ask us to delete personal information that was provided by you or that we obtained about you;
  • Right to Data Portability – you may request a copy of your personal data in a readily usable format;  
  • Right to Opt-Out of Sale, Targeted Advertising, or Profiling in furtherance of a decision – you may opt-out of the processing of your personal information for sale, targeted advertising or profiling in furtherance of a decision that produces a legal or similar significant effect concerning you. 

How to exercise state consumer privacy rights

You may request to exercise your consumer rights twice a calendar year.  You may exercise your respective state privacy rights by either calling us at +1 781.995.3855or submitting a request by email to legal@ata.com. 

While it is our policy not to sell your Personal Information, if you would like to register an email address with ATA to request that we not sell your Personal Information now or in the future, please submit your request via email to [legal@ata.com].  We will only use the information you provide in connection with your request to process that request. Because of the on-going nature of your right not to have your Personal Information sold under the applicable state law, we will retain the information provided in this request until you withdraw the request.

In order to act upon your request, we will need to verify your identity to a reasonable degree of certainty considering the sensitivity of the Personal Information and the risk of harm to you by unauthorized disclosure, deletion, or correction.  We may therefore ask you to provide three points of Personal Information which you have previously provided to us that we can use to match against our records to verify your identity. In addition, we may require you to submit a signed declaration under penalty of perjury stating you are the individual whose Personal Information is subject to the request.  We may not be able to respond your request if you decline to provide the verifying details or if any of the details are incorrect.

In general and unless otherwise stated in the above sections describing your rights, we will respond to your request within forty-five (45) days.  If necessary, we may extend the time to respond by a further forty-five (45) days.  If for any reason we decide to decline to respond to your request, we will notify you and provide our explanation and any appeal process that may be available to you.  We will provide this notice within the first forty-five (45) days after receiving your request. 

Children’s Information

Our Site is not directed to or targeted towards those who are under 18 years of age. We do not intentionally allow users under the age of 18 to access our Site or use our Services, and we do not have actual knowledge that we have collected the Personal Data of anyone under the age of 16.  If we learn that we a user under 16 has submitted Personal Data to us, or if we learn that the Personal Data is from one who is under 16, we will attempt to delete that Personal Data as soon as possible. 

If you believe that we may have any Personal Data from a child under 16, please contact us at [legal@ata.com].

Links To Other Sites

If we have provided a link to any other website or location, it is for your convenience and does not signify our endorsement of such other website or location or its contents. Once you leave our Sites or are redirected to a third-party website or application, you are no longer governed by this Privacy Policy or our Site’s Terms of Use. We have no control over, do not review, and cannot be responsible for these outside websites or their content. Please be aware that the terms of our Privacy Policy do not apply to these outside websites.  We encourage you to read their privacy statements so that you are aware of their privacy practices.

Privacy Policy Updates

We reserve the right to amend this Privacy Policy at our discretion and at any time. If we change the way we collect, use, or disclosure your Personal Data that require us to make changes to this Privacy Policy, we will post a notice on this page and update the Privacy Policy’s effective date. Your continued use of our Site following any posted updates to the Privacy Policy constitutes your acceptance of such changes. If you object to any of the changes to our Privacy Policy, you must stop using the Site. 

Contact Us

If you have any questions, comments, complaints or requests regarding this Privacy Policy, including any requests to exercise your rights, please let us know at the following address:

ATA Freight Line Ltd.

Address: 1325 Franklin Avenue, Suite 500 Garden City, N.Y. 11530 U.S.A. 

Email Address: legal@ata.com

Attention: Legal Department 

Telephone No.: +1 718 995-3855

Supplemental Information for Users Accessing the Site From Europe

Data controller

ATA Freight Line Ltd., with our global headquarters at 400 Garden City Plaza, Suite 404, Garden City, NY 11530, is the controller of any Personal Data collected from you on the website or otherwise for the purpose of conducting or developing our business with you. Where processing of Personal Data is undertaken by our affiliated companies, they are joint controllers with ATA of your Personal Data.

We have appointed a Data Protection Officer (DPO) who is responsible for overseeing matters relating to this Privacy Policy. If you have any questions about this Privacy Policy, including any request to exercise your rights, please contact the DPO, whose contact details are set out below.

Contact details:

Full Name: Burak Toygan

Email: b.toygan@ata.com

 

International Transfers of Your Personal Data

We are headquartered in the United States, a country that the European Commission has deemed to not provide an adequate level of data protection.  Further, our affiliates and our third party service providers having access to Personal Data may be located outside of the European Economic Area (“EEA”), and not always in a country that is recognized as having an adequate level of protection for Personal Data.  Personal Data may therefore be transferred outside of the EEA.  These transfers are necessary to perform our agreement with you or implement pre-contractual measures at your request. In some cases, the transfer is necessary to conclude or perform a contract in your interest, such as to provide services.

We ensure that a similar level of protection as that you enjoy in the EEA is given to your Personal Data by requiring that transfers to an Affiliate or service provider located outside of the EEA are covered by an appropriate transfer mechanism, including the EU Standard Contractual Clauses approved by the European Commission.  Please contact us if you would like further information about the specific mechanism we use when transferring your Personal Data out of the EEA.  You have the right to obtain a copy of the contract under which your Personal Data is transferred outside of the EEA.  To do so, please reach out to us by contacting our DPO or at legal@ata.com. 

 

Data Subject Rights

The General Data Protection Regulation provides you, the data subject, with certain rights.  These include:

  • The Right to Access to your Personal Data (commonly referred to as a "data subject access request"). This allows you to receive a copy of the Personal Pata we hold about you and to verify that we are lawfully processing it.
  • The Right to Rectification of your Personal Data. This allows you to have incomplete or inaccurate data we hold about you amended or corrected.  Please note that we must verify the accuracy of the new data you provide to us.
  • The Right to Object to the Processing of your Personal Data where we are relying on a legitimate interest (or those of a third party) and there is an element of your particular situation that causes you to object to processing on that ground, as you believe it has an impact on your fundamental rights and freedoms. You also have the right to object where we process your Personal Data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information that override your rights and freedoms.
  • The Right to Erasure of your Personal Data (commonly referred to as the “right to be forgotten”). You can ask us to erase or delete Personal Data when we have no valid reason to continue processing it. You also have the right to ask us to erase or delete your Personal Data where you have successfully exercised your right to object to processing (above), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Please note, however, that we may not always be able to comply with your request for erasure for specific legal reasons.  If that is the case, we will notify you of those legal reasons at the time of your request. 
  • The Right to Request the Restriction of the Processing of your Personal Data. You may ask us to suspend the processing of your personal data in the following scenarios: 
  • If you want us to establish the accuracy of the data.
  • When our use of the data is unlawful but you do not want us to erase it.
  • When you need us to keep the data even if we no longer need it because you need it to establish, exercise or defend legal claims.
  • You have objected to our use of your data, but we need to check whether we have overriding legitimate grounds for using it.
  • The Right to Request the Transfer of your Personal Data to you or a third party (commonly referred to as the right to data portability).  We will provide you, or a third party you choose, with your Personal Data in a structured, commonly used and machine-readable format. Note that this right only applies to automated information that you initially consented to us using or where we used that information to perform a contract with you. 
  • The Right to Object to Direct Marketing (including profiling). You may object to our use of your Personal Data (including profiling) for direct marketing purposes, such as when we use your Personal Data to invite you to our promotional events.
  • The Right to Withdraw your consent at any time where we rely on it to process your Personal Data. However, please note that withdrawing your consent will not affect the lawfulness of any processing that was carried out before you withdrew your consent. If you withdraw your consent, we may not be able to provide you with certain products or services. We will inform you if this is the case at the time you withdraw your consent.

Please note that some of these rights may be limited, such as where we have an overriding interest or legal obligation to continue to process the data.

 

Exercising Your Rights

If you wish to exercise any of the rights set out above, please contact us by email and use the subject line “GDPR DSAR.” We will generally respond to your request within thirty (30) days.  Where the request is more complex or if you have made multiple requests, we may extend our response time by another thirty (30) days for a total of sixty (60) days.  If this is the case, we will inform you before the expiration of the first thirty (30) days.

 

No fees are generally charged

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is manifestly unfounded, repetitive or excessive. We may also refuse to comply with your request in these circumstances.

 

What we may need from you

We may ask you for specific information to help us confirm your identity and ensure your right to access your personal data (or exercise any of your other rights). This is a security measure to ensure that personal data is not communicated to a person who does not have the right to receive it. We may also contact you to request additional information in connection with your request in order to expedite our response.

 

Right to Lodge Complaint

Finally, you have the right to lodge a complaint with the data protection supervisory authority if you believe that your Personal Data is being processed in violation of the GDPR.  You may lodge a complaint with the supervisory authority in the Member State of your residence, your place of work, or where the alleged infringement occurred.  However, we would appreciate it if you could give us the opportunity to process your requests in advance.