PRIVACY POLICY

Last Updated: May 6, 2025
Effective Date: May 6, 2025
Version: 2.0 (Replaces January 1, 2021 version)

1. INTRODUCTION

This Privacy Policy describes how the United States Travel Insurance Association ("USTIA," "we," "our," or "us") collects, uses, and discloses information about you when you visit our website, register for membership, attend conferences, purchase reports, or otherwise use our services (collectively, the "Services"). This Privacy Policy is incorporated into and subject to our Terms and Conditions.

By accessing or using our Services, you acknowledge that you have read and understand this Privacy Policy.

2. INFORMATION WE COLLECT

2.1 Personal Information

We collect various types of Personal Information, including:

  • Contact information (name, email address, phone number, mailing address)
  • Professional information (company name, job title, industry sector)
  • Account information (username, password)
  • Payment information (credit card details, billing address)
  • Conference registration details
  • Membership application information

For Members, we may collect additional information related to your organization, travel insurance products, and market presence to facilitate industry reports and membership benefits.

2.2 Log Data

Like many site operators, we collect information that your browser sends whenever you visit our Site ("Log Data"). This Log Data may include:

  • Your computer's Internet Protocol ("IP") address
  • Browser type and version
  • Pages of our Site that you visit
  • Time and date of your visit
  • Time spent on those pages
  • Other statistics and technical information
2.3 Cookies and Similar Technologies

Cookies are files with small amounts of data, which may include an anonymous unique identifier. We and our service providers use cookies and similar technologies (such as web beacons, pixels, and tags) to:

  • Keep track of your preferences
  • Understand how you use our Services
  • Personalize your experience
  • Improve our Services
  • Provide targeted advertising

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Services.

We use the following types of cookies:

  • Essential cookies: Required for basic site functionality
  • Functional cookies: Enable enhanced features and personalization
  • Analytics cookies: Help us understand how visitors interact with our Services
  • Advertising cookies: Used to deliver relevant advertisements
2.4 Information from Third-Party Services

We may use third-party services such as Google Analytics that collect, monitor, and analyze user data to help us understand how our Services are used. These third-party service providers have their own privacy policies addressing how they use such information.

3. HOW WE USE YOUR INFORMATION

We use your Personal Information for the following purposes:

  • To provide and maintain our Services
  • To process membership applications and payments
  • To organize conferences and training programs
  • To send administrative information
  • To respond to inquiries and offer support
  • To conduct research and analysis
  • To improve our Services
  • To send marketing communications, including newsletters and promotional materials
  • To comply with legal obligations
  • To protect against fraud and unauthorized transactions
  • To enforce our Terms and Conditions

4. LEGAL BASIS FOR PROCESSING

We process your Personal Information on the following legal grounds:

  • Performance of the contract when you purchase memberships, register for conferences, or use our Services
  • Your consent when you opt in to marketing communications
  • Our legitimate interests in operating, improving, and securing our Services
  • Compliance with legal obligations applicable to the travel insurance industry

5. INFORMATION SHARING AND DISCLOSURE

We may share your Personal Information with:

  • Service providers who assist in website hosting, payment processing, email delivery, and analytics
  • Conference venues and partners when necessary for event management
  • Legal authorities when required by law or to protect our rights
  • Other Members through our membership directory, only with your consent

We do not sell your Personal Information to third parties. Any third parties that receive your information are bound by confidentiality agreements and restricted from using your data for purposes other than providing services to USTIA.

6. DATA RETENTION

We retain your Personal Information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. We will retain and use your information as necessary to comply with legal obligations, resolve disputes, and enforce our agreements.

  • Membership information is retained for the duration of your membership plus 3 years
  • Payment information is retained as required for financial record-keeping (typically 7 years)
  • Marketing preferences are retained until you opt-out or request deletion

7. YOUR RIGHTS

Depending on your location, you may have certain rights regarding your Personal Information, including:

  • Access to your Personal Information
  • Correction of inaccurate or incomplete data
  • Deletion of your Personal Information
  • Restriction of processing
  • Data portability
  • Withdrawal of consent
  • Objection to processing

To exercise these rights, please contact us at privacy@ustia.org. We will respond to your request within 30 days.

8. REGULATORY COMPLIANCE

Our Privacy Policy and practices comply with applicable data protection regulations, including:

  • California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)
  • General Data Protection Regulation (GDPR), where applicable
  • Other state and federal privacy laws
8.1 California Residents

California law permits residents to request certain details about how their information is shared with third parties for direct marketing purposes. If you are a California resident and would like to make such a request, please contact us at privacy@ustia.org.

California residents have the right to:

  • Know what personal information is being collected
  • Know whether personal information is sold or disclosed and to whom
  • Say no to the sale of personal information
  • Access their personal information
  • Request deletion of personal information
  • Not be discriminated against for exercising their privacy rights
8.2 European Economic Area (EEA) Residents

If the GDPR applies to our processing of your Personal Information, you have certain rights including:

  • The right to be informed about our data collection practices
  • The right to access and receive a copy of your data
  • The right to data rectification and correction
  • The right to erasure (the "right to be forgotten")
  • The right to restrict processing
  • The right to data portability
  • The right to object to processing
  • Rights related to automated decision making and profiling

9. SECURITY

The security of your Personal Information is important to us, but remember that no method of transmission over the Internet, or method of electronic storage, is 100% secure. We implement appropriate technical and organizational measures to protect your Personal Information, including:

  • Encryption of sensitive data
  • Regular security assessments
  • Access controls and authentication requirements
  • Employee training on data protection
  • Incident response procedures

In the event of a data breach that affects your Personal Information, we will notify you in accordance with applicable laws.

10. INTERNATIONAL DATA TRANSFERS

As a US-based organization, we primarily process and store data in the United States. If we transfer your information to service providers in other countries, we ensure appropriate safeguards are in place to protect your information, such as standard contractual clauses or participation in recognized privacy frameworks.

11. CHILDREN'S PRIVACY

Our Services are not directed to individuals under the age of 16. We do not knowingly collect Personal Information from children. If you believe we have inadvertently collected information from a child, please contact us immediately, and we will take steps to delete such information.

12. COMMUNICATIONS

We may use your Personal Information to contact you with newsletters, marketing or promotional materials, and other information that we feel is relevant to your interests. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe instructions provided in any email we send or by contacting us directly.

13. CHANGES TO THIS PRIVACY POLICY

We reserve the right to update or change our Privacy Policy at any time. Any material changes will be effective immediately after being posted on this page.

We will notify you of any material changes through:

  • A notice on our website
  • An email to the address you've provided us
  • Other methods consistent with applicable law

Your continued use of the Service after we post any modifications to the Privacy Policy will constitute your acknowledgment of the modifications and your consent to abide and be bound by the modified Privacy Policy.

14. THIRD-PARTY LINKS

Our Services may contain links to third-party websites or services that are not owned or controlled by USTIA. We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party websites or services. We strongly advise you to review the privacy policy of every site you visit.

15. CONTACT US

If you have questions about this Privacy Policy or our privacy practices, please contact us at:

United States Travel Insurance Association
1300 Piccard Drive, LL 14
Rockville, MD 20850
240-342-3816
info@ustia.org
www.ustia.org

Data Protection Officer contact: info@ustia.org