Privacy Statement

Data ownership PRISM affirms that the data transferred to PRISM are the exclusive property of the client company and that PRISM will follow the company's direction in the treatment of the data.

Restricted use PRISM agrees that it will not use client data for any unauthorized purpose, including but not limited to benchmarking, consulting, or reselling the data to unauthorized third parties.

Confidentiality PRISM agrees that all data are confidential. PRISM will take every reasonable precaution to safeguard the privacy of the data from unauthorized use. PRISM does not store credit card numbers.

Data De-identification The client company authorizes PRISM to correct data, including inaccurate and incomplete data, to ensure the completeness and quality of data for the company's own use. PRISM will mask data provided to the company's designated airline as defined in a Data Release Authorization (DRA).

Transfer of Data PRISM will transfer the data to the client company’s designee only upon receiving a written Data Release Authorization (DRA) from the company. Data transferred to airlines adheres to the Airline Data Transfer Protocol established by PRISM. PRISM does not store data which can be used by PRISM to identify a natural person.

Notice PRISM acts as an agent for the collection of data. Data are provided to designated airlines at the direction of those airlines’ customers. All data transfers occur only upon written direction of the airlines’ customers as expressed in a Data Release Authorization (DRA).

Choice PRISM serves as a third-party data consolidator for an airline, data consolidation requirements have been agreed upon between the airline and its customer.

Sensitive Information Sensitive information, such as credit card numbers and personal data including traveler name, contact details, passport or national identification information, is not stored by PRISM. PRISM does not store data that would enable it to identify a natural person.

Onward Transfer Data consolidated by PRISM are transferred only at the written direction of the company that owns the data through a Data Release Authorization. Otherwise, all data remain exclusively under PRISM’s control and are transferred for no other purpose.

Security PRISM maintains reasonable measures to protect data from loss, misuse, and unauthorized access, disclosure, alteration and destruction. PRISM maintains documented policies for data protection and information security including policies and controls for asset management, passwords, encryption and remote access. Only authorized users have access to the data stored by PRISM.

Data Integrity PRISM collects data only when authorized by the customer. Where PRISM is directed to transfer data to an airline, PRISM follows the data de-identification and confidentiality provisions specified in PRISM’s Airline Data Transfer Protocol.