Site Privacy Policy

Site Privacy Policy

Airlines Reporting Corporation ("ARC") is committed to providing excellent service to all of our customers and visitors to the ARC Website, including respecting your concerns about privacy. This privacy policy applies to information ARC collects, receives and holds relating to individuals, including information provided by visitors to our website. This Privacy Policy applies to ARC's corporate website ( and all websites controlled by ARC.

This Policy should answer your questions about:

  • The types of information we collect;
  • How information is used by ARC and shared with others;
  • What security measures we take to safeguard information;

Types Of Information We Collect

In order to facilitate interactions with ARC and manage the business operations of ARC and its related entities, ARC may collect and maintain information about individuals from different sources, including, for example:

  • When you voluntarily provide us with information;
  • From your browser, when you visit our Web sites and your browser interacts with our site;
  • Your transactions with ARC, including the use of ARC's products and services; and
  • Other sources, in connection with the processing of travel related transactions.

"Personally Identifiable Information" (also referred to as "Personal Data") is any information that identifies you personally, either alone or in combination with other information available from ARC. Personally Identifiable Information ("PII") does not include information that does not identify an individual. On some ARC sites, you may be able to register for and/or order ARC products or services, participate in surveys, request information, or apply for a position, which may require that you provide PII.

"Non-personally identifiable information" includes data that does not identify a specific individual. For example, when you use ARC's web sites, we may collect non-personally identifiable information such as your browser type, Internet Protocol (IP address) the type of operating system you use, the name of your Internet Service provider and pages visited on our site. This information is collected for site administration purposes such as to monitor and evaluate how visitors use the sites, analyze usage trends and statistics, and enhance the functionality and usability of the site to better tailor the site, products and services to visitors' needs. ARC may use a third party tracking service that uses cookies and other technologies to track such non-personally identifiable information about visitors to the site. Non-personally identifiable information may be aggregated for reporting about ARC websites' usability and effectiveness. We may also use information collected at this site to personalize the content, improve the content, and/or to provide product or service offers.

Back to Top


Cookies are identifiers which a web site can send to your browser to keep on your computer to facilitate your next visit to that websites. You can set your browser to notify you when you are sent a cookie, giving you the option to decide whether or not to accept it. A cookie file can contain information such as a user ID that the site uses to track the pages you've visited, but the only PII a cookie can contain is information you supply yourself. A cookie cannot read hard disk or read cookie files placed by others. ARC uses cookies on its websites and may place ads on other websites that may use cookies. We do not link the information we store in cookies to any PII you submit on our site. The information collected by cookies helps us develop customized content for the site, and also allows us to statistically monitor how many people are using our site and for what purpose.

Back to Top


Airlines Reporting Corporation (ARC) occasionally uses third-party advertising networks, such as AdRoll, to collect visitor information on our site then serve targeted display ads to you on other sites. AdRoll uses technology such as pixel tags and cookies to collect this information. For more information or to opt-out of this type of advertising, please visit the AdRoll Service Privacy Notice.

Back to Top

Social Media

Airlines Reporting Corporation (ARC) occasionally uses third-party advertising networks on social media platforms—such as LinkedIn, Twitter, Facebook and Instagram—to collect visitor information on social media platforms to then pass over visitor information to ARC. Visitor information is used for ARC communications; including but not limited to email, further advertising and direct mail. For more information or to opt-out of this type of advertising, please visit the various social media platforms.

Back to Top

Individuals Under 13

ARC does not knowingly collect PII from children under the age of 13 and ARC does not target its Web sites to children under 13.

Back to Top

How Information May Be Used

Personally Identifiable Information (PII) received or collected by ARC is used primarily to complete transactions, fulfill requests, and also to facilitate performance of contracts between ARC and participants in ARC's programs and services (e.g., ARC accredited travel agents, CTDs, participating Carriers and other ARC participants (collectively "Participants")) or as otherwise required by ARC's business practices or needs. PII is made available to ARC employees in the customary exercise of their duties. Additionally, ARC may contract with third party service providers, contractors and suppliers to conduct surveys or provide products, services, event registration, or other customer solutions to you based upon and using the information ARC gathers and receives. ARC contractors may have access to PII in the course of assisting in ARC's business operations and providing services to you (e.g., ARC Marketplace). ARC endeavors to limit access to Personally Identifiable Information by such third parties to that which is necessary for the contractor to perform its designated functions. Although we use all reasonable means to ensure that the information you provide is not used by such third parties for purposes other than described in this policy, ARC is not responsible for any improper use of PII that is beyond our reasonable control.

ARC compiles a list (the ARC List aka Agency List) of ARC participants and other travel professionals which includes, but is not limited to company name, address, email address, phone number and type of entity, etc., that may be shared with or marketed to suppliers or other entities for product information, promotions or other messages.

ARC processes information related to airline carrier transactions (airline tickets, refunds, exchanges, etc.) and retains such information for a period deemed reasonable to facilitate the processing and settlement of the transactions and during which disputes between the parties to the transactions (e.g., the passenger, the travel professional who issued the transaction and the carrier) are likely to arise and with respect to which PII associated with the transaction will continue to be relevant. ARC also prepares and publishes aggregated or consolidated transactional data.

Back to Top

Keeping Information Secure

To reduce the likelihood of unauthorized access, disclosure, alteration or destruction of information, to maintain data accuracy, to safeguard and secure the information in the database, ARC has put in place physical, electronic, and managerial procedures that ARC believes to be reasonable. ARC currently uses the Secure Socket Layers (SSL) protocol to help protect information in transit over the Internet. ARC employs firewalls to reduce the likelihood of unauthorized access via the Internet.

You can also help to keep information secure. Create secure passwords (i.e., difficult for someone else to figure out). Use a combination of special characters, number and upper and lower case letters. Change passwords frequently and do not share usernames and passwords or give your password to anyone.

Back to Top

Disclosure Of PII for Legal Reasons

We may disclose personally identifiable information in response to legal process such as a court order or a subpoena. We also may disclose such information in situations such as the following: response to law enforcement agency's requests, compliance with government order, or matters relating to national security and/or where we believe it is necessary to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our terms of use, to comply with legal requirements, or as otherwise required by law.

Back to Top

Additional Notice to CA Residents

Subject Access Requests

Pursuant to the California Consumer Privacy Act (CCPA), you may submit to ARC a request for disclosure of any of the following (“Subject Access Request,” or “SAR”):

  • The categories of personal information we have collected about you, and/or that we have sold or disclosed for a business purpose;
    • We will provide disclosures about personal information sold in a list separately from disclosures about personal information disclosed for a business purpose.
  • The categories of sources from which the personal information is collected;
  • The business or commercial purpose for collecting or selling personal information;
  • The categories of third parties with whom we share personal information; and
  • Specific pieces of personal information we collect about you;

You may also submit a SAR for any of the following purposes:

  • Deletion of personal information we have collected about you;
    • We may be unable to delete certain personal information if it is necessary for us to maintain the personal information in order to:
      • Complete the transaction for which the personal information was collected, provide a good or service requested by you, or reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform a contract between ARC and you;
      • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity;
      • Debug to identify and repair errors that impair existing intended functionality;
      • Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law;
      • Comply with the California Electronic Communications Privacy Act pursuant to Chapter 3.6 (commencing with Section 1546) of Title 12 of Part 2 of the Penal Code;
      • Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when our deletion of the information is likely to render impossible or seriously impair the achievement of such research, if you have provided informed consent;
      • To enable solely internal uses that are reasonably aligned with your expectations based on your relationship with the business;
      • Comply with a legal obligation; or
      • Otherwise use your personal information, internally, in a lawful manner that is compatible with the context in which you provided the information.
  • Opting out of any sales of your personal information to third parties by clicking “Do Not Sell My Personal Information,” which is also located on our website homepage;
    • You may authorize another person solely to opt-out of the sale of your personal information on your behalf.
  • Opting out of sales of personal information about children age 16 or under

Please submit any SAR using this form, by email to, or by postal mail to 3000 Wilson Blvd., Ste. 300, Arlington, VA 22201. You may also submit an SAR by contacting the following toll-free number: (855) 933-4272. If not submitted using the web form, each SAR must include the following information pertaining to the request:

  1. Name;
  2. Address of residence in CA
  3. Preferred contact information, such as telephone number or email address;
  4. The basis of the SAR, which may include any of the reasons described above;
  5. Any other information you deem relevant to the SAR and/or ARC’s ability to respond appropriately.

We will attempt to verify your identity using any of your personal information that is already in our possession, such as information pertaining to a password-protected account you have created with us. However, we may need to request additional personal information in order to verify your identity. Though not required, you may wish to provide the last four digits of the credit card that you used to purchase air travel through a travel agency, in order to assist us in verifying your identity. We will not use additional personal information you provide for verification for any other purposes, and we will promptly delete any such information once the verification process is complete.

Any SAR submitted without the above information may result in a delay of ARC’s response.

In responding to the SAR, ARC will adhere to the following guidelines:

  1. Responding without delay, and in any event no later than 45 days from the date we receive the SAR. We may need to extend the response period by up to 45 days where requests are complex, numerous, and/or incomplete. In such circumstance, ARC will inform you within the initial 45-day period and explain why an extension is necessary.
  2. Providing you a response at no cost
  3. Providing information that will cover the 12-month period preceding our receipt of the SAR
  4. Providing written information in a portable and, to the extent technically feasible, in a readily useable format that allows you to transmit this information to another entity without hindrance
  5. Delivering the response through your account with us, if you maintain an account with the business, or by mail or electronically at your option if you do not maintain an account with us (however, we will not require you to create an account with us to make an SAR)
  6. Although not required, making best efforts to provide personal information requested more than twice in a 12-month period
  7. Withholding certain information as required by applicable law. For example, we may withhold information that could identify someone else, meaning it would not be reasonable to disclose that information to you. As another example, we may withhold information if you are being investigated for a crime or other legal violation, and the investigation would be prejudiced if you had access to the information

Notice of Non-Discrimination

ARC will not discriminate against you because you exercised any of your rights under the CCPA, including, but not limited to, by the following activities:

  1. Denying you goods or services;
  2. Charging different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties;
  3. Providing you a different level or quality of goods or services; or
  4. Suggesting that you will receive a different price or rate for goods or services or a different level or quality of goods or services.

Note: we may charge a consumer a different price or rate, or from providing a different level or quality of goods or services to the consumer, if that difference is reasonably related to the value provided to the consumer by the consumer’s data.

We may offer financial incentives, including payments to consumers as compensation, for the collection of personal information, the sale of personal information, or the deletion of personal information. We may also offer a different price, rate, level, or quality of goods or services to the consumer if that price or difference is directly related to the value provided to the consumer by the consumer’s data. If we offer any financial incentives, we will provide prior notice on our website to consumers. We will only enter you into a financial incentive program if you provide prior opt-in consent which clearly describes the material terms of the financial incentive program, and which may be revoked by you at any time. We will not use financial incentive practices that are unjust, unreasonable, coercive, or usurious in nature.

Back to Top

Payment Card Industry (PCI) Data Security Standards

PCI Security Standards Council Participating OrganizationThe PCI Data Security Standards are a set of best practices developed by the credit card payment industry and used to protect card holder data. There are 12 core data security requirements.

ARC was very pleased to be the first level 1 entity in the travel industry to be certified as PCI Compliant, and we actively participate in the PCI Security Standards Council. Level 1 merchants and processors with more than 6 million transactions must go through a yearly on-site audit by a qualified security assessor and perform quarterly scans to maintain compliance with PCI standards.

We all share a common interest to keep credit card information secure. Please click on the link for information about PCI and protection of credit card information.

Back to Top

Links To Non-ARC Web sites

ARC websites may provide links to third party companies' websites for your convenience and information. If you access such links, you leave ARC's website. ARC does not control such sites or their privacy policies or practices.

Back to Top


ARC reserves the right to change this policy at any time and will notify users of any material changes by updating the policy here. Visitors to the site are responsible for consulting this posting for any changes. The effective date will be noted to indicate the last time modifications were made. You may review the policy at any time by clicking on Privacy Policy at the bottom of all ARC Web site pages.

Back to Top


Your use of the ARC site and its services indicates you understand this policy and agree to the collection and use of the information discussed herein.

Back to Top

Contact Information

Airlines Reporting Corporation
Customer Support Center
3000 Wilson Boulevard, Suite 300
Arlington VA 22201-3862

Back to Top

Last Revised December 13, 2019