ADARA’s View of GDPR and FAQ

10 April 2018


Data privacy is at the core of ADARA’s business, in how we collect, store and process data. We understand our compliance obligations under the new GDPR regulation and ensure compliance with all Privacy and Data Protection laws and we have taken steps to ensure our data partners and clients can continue to work with us. ADARA applies a “Privacy by Design” approach to our technology and platform, ensuring that we put the privacy requirements of our partners and clients, and by extension, the consumer, first.

These FAQs set out more information on the GDPR and what ADARA is doing to ensure its compliance with the regulations.



The General Data Protection Regulation (GDPR) is a new European Union regulation intended to strengthen and unify data protection for all individuals within the European Union (EU). It takes effect on May 25th, 2018, replacing the old law (Directive 95/46/EC) in place since 1995. The new GDPR aims to protect individuals regarding the processing of personal data and on the free movement of such data. It also changes the way companies access, acquire, use, share, store and provide individuals with access to their personal data.



ADARA has built a platform that ensures all industry standard privacy regulations are met. And being compliant with GDPR is no different. We have carried out a comprehensive analysis of the company’s present data privacy and protection policies and processes; including analysis of how data is collected, used and shared by our platform. We are actively moving toward GDPR compliance in our practices, policies and documentation in time for May 2018.

ADARA is also working with all our partners, clients and vendors to ensure we all fulfil our GDPR compliance obligations. We have reviewed and will make the necessary updates to our privacy policy and data privacy practices, and are putting in place the relevant contractual provisions with our partners, clients and vendors. These FAQs are designed to give you a firmer understanding as to how the GDPR applies to ADARA and how ADARA achieves compliance with it.



What is personal data?

The GDPR redefines the scope of personal data to extend it to any collected data that could directly or indirectly identify an individual, including unique identifiers (i.e. the use of an identifier to link an individual to personal data albeit without a “name” in the traditional sense) and data to which a unique identifier refers to (e.g. online activity such as travel intent). 

This unique identifier is a sequence of numbers or numbers and letters used as a kind of “label” that indicates to systems we, or our partners use, that the data in question (e.g. websites visited and viewed online) relates to the same individual. It is used to identify the data without the need to refer to a name or address (for example).

ADARA’s collection of personal data

At the core of our technology is the ADARA Recognized Traveler which gathers travel data from our trusted data partners and fuels every product and capability on the ADARA Platform. ADARA Recognized Traveler is broken down into three trusted data sources about the travelers:

  1. “Pseudonymous” data and technical identifiers;