GDPR Affects All Atlas Republic Travel Websites. What you need to know.

Note* This article is focused helping users with an Atlas Republic hosted travel website understand the changes we’re making to make sure their in compliance. If you’re using your own hosting an analytics, you’ll want to take steps to ensure your travel website is in compliance with GDPR.

Am I impacted by GDPR if I have a travel website hosted on Atlas Republic?

Since, by default, your Atlas Republic travel website collects personal data via our analytics system using javascript tracking scripts, the answer is yes. That means your travel website is impacted by the GDPR – especially if you do business with, or have visitors that reside in the EU.

What is GDPR?

The GDPR message can be summed up as this: EU-based consumer information deserves to remain private.

How, specifically, is your Atlas Republic website affected?

This new law affects travel websites on Atlas Republic in the following scenarios:

We collect IP addresses and, according to GDPR, IP addresses are personal data.
This means that for EU visitors,  we will have to anonymize them unless you receive explicit consent from the visitor. As of today, we have anonymized all IP Addresses.

Atlas Republic Analytics uses Cookies and, According to GDPR, cookies are personal data too.
For visitors from the EU, you will need to require user consent for using cookies. See #4 below on how we plan to offer a plugin for your website.

If a visitor converts on your Atlas Republic-hosted travel website, we associate their historical usage data with a User ID.
This ID allows us to help you keep track of user behavior on your website. However, this will no longer be allowed under the new law for EU-based visitors.

If a visitor converts on your Atlas Republic-hosted travel website, We collect extra personal data (if provided).
For example, we may collect first names, last names, e-mail address, travel preferences and more. We collect this data using custom dimensions & custom variables.

 

What GDPR rules are we are helping you comply with as your travel analytics and website hosting company?

We will help you respect the following EU citizens rights under the new GDPR law:

1) Allowing EU residents the possibility to view the data you collected on them

To meet this obligation, you will have to export all the data on the requested user. This means, if a user is requesting it, you will have to export the data linked to his IP address(es) – which can be easily exported as a .csv file.

In order to do that, contact our support team and we’ll get the process started for you. We’ll then create a segment according to the IP address of the user who requested it and then export the “Visitor log” report and send the information to you to disseminate to the requester.

2) Allowing EU residents the possibility to rectify their data or to delete their data when they request it

The data edit and deletion process on Atlas Republic currently requires you to contact us with the request. We are planning to develop a new atlas republic analytics plugin for GDPR compliance. This plugin will let you edit and easily delete data of a particular user yourself.

3) Adding a privacy notice for any users under our managed plans

For any sites under our managed plans, we’ll automatically add or update your privacy notice to reflect the fact that you collect personal data. If you’re not on a managed plan, please refer to the ICO documentation in order to learn how to write a privacy notice. You may also import a templated privacy policy as a starting point. Also, Make sure that a privacy policy link is always available on your website.

4) Allowing you to add a privacy notice and opt-out to your website

To ensure compliance with all our members, we implemented small popup that will give users notice of your site’s tracking intent and the option to opt-out. We have officially launched that plugin today with more information on how to customize it forthcoming.

5) Respecting DoNotTrack preferences by default

Do Not Track is a browser-based technology policy that allows internet users to opt out of tracking by websites they do not visit, including analytics services, advertising networks, and social platforms. By default, Atlas Republic will respects users preference and will not track visitors which have specified “I do not want to be tracked” in their web browsers. For more information about DoNotTrack, check out donottrack.us.

6) Implementing a 72-Hour Data Breach Reporting Window

With GDPR, there’s a 72-hour window to disclose data breaches. With this in mind,  we now have a service-level agreement with all Atlas Republic members that any data breaches will be reported to you within a 24 hour period of our discovery. Along with the notice, We’ll also provide you the following:

  • Description of the nature of the personal data breach including, where possible, the categories and an approximate number of data points and the number of personal data records concerned.
  • Communication of the name and contact details of the data protection officer or another contact point where more information can be obtained regarding the breach
  • Description of the likely consequences of the personal data breach ( if known)
  • Description of the measures taken or proposed measures to be taken by us to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects.
  • A templated announcement for you to send out to your website users.

In closing, while we love helping you become smarter travel marketers, we take all laws regarding privacy seriously and will do all we can to make this transition seamless.

Posted in

Mikiah Fender

Before founding Atlas Republic, I spent eight years working at the luxury travel network, Virtuoso, helping them understand and attract modern luxury travelers. I’ve also helped hundreds of travel agencies, dozens of tour operators, and a handful of small ship cruise lines over the years with their digital advertising, web development, and overall digital strategies. I have a passion for web development, design and making marketing feel less like marketing and more like something people actually find value in.

We Create Highly-Effective Travel Websites For Tour Operators & Travel Agencies

We pour years of experience and love into every travel site we build.