This site uses cookies. Some are essential while others improve your browsing experience and allow us to advertise. For more info visit the privacy policy page.
Your preferences have been updated.
This site uses cookies. Some are essential while others improve your browsing experience and allow us to advertise.
Your preferences have been updated.
If you have a MyAruba account, please login before requesting a data export.
Please complete the form below request your data to be erased.
Request successfully submitted.
Please complete the form below to request restriction on processing.
Request successfully submitted.
This Privacy Policy (“Policy”) provides information on the personal data processing by the Aruba Tourism Authority (“A.T.A.”) (hereinafter individually and collectively referred to as: “A.T.A.”).
A.T.A. can be reached via the following contact details:
L.G. Smith Boulevard 8
P.O. Box 1019, Oranjestad, Aruba
Telephone number: (297) 5823777
Email address: support@aruba.com
DPO: DPO@aruba.com
Customer Support: support@aruba.com
This Policy applies to all personal data processed by A.T.A. and/or on behalf of A.T.A., which identify or may identify a natural person (“Personal Data”). These persons involved are hereinafter collectively referred to as data subjects (“Data Subjects”, “you” or “user”).
A.T.A. reserves the right to review and/or alter the Policy periodically, in order to comply with (local and/or European) legislation, and for any other purpose deemed reasonably necessary by A.T.A. If A.T.A. decides to modify the privacy policy, A.T.A. will notify the Data Subjects by e-mail or via the homepage of the Website.
Policy changes will apply to the information collected from the date A.T.A. post the revised Policy on the Website, as well as to existing information held by A.T.A. If any proposed change is unacceptable to you, you may request that A.T.A. removes your Personal Data from the records, using the privacy control tools set out in this privacy policy or by contacting the Data Protection Officer at: dpo@aruba.com.
For inquiries about this Policy, please contact the Data Protection Officer at: dpo@aruba.com.
This Policy sets out the elements necessary for A.T.A.’s compliance with applicable privacy legislation, principles and practice, including but not limited to the General Data Protection Regulation (GDPR) (“Applicable Laws”).
The Policy is an external policy, and is directed towards Data Subjects whose Personal Data are being processed by A.T.A. for the purpose of producing and delivering products and services. Such data is being collected through the following sources: (online) Embarkation and Disembarkation (ED) card, newsletter sign up, My Aruba preferences, trade and consumer shows, marketing e-mails, Aruba Forum online, Short cut to Happiness, 360 map, Social Media, surveys, sales calls, webinars, travel agents, campaigns, sweepstakes, conference, A.T.A.- sponsored events, FAM trips, Free Wifi Airport, Free Wifi Nodes and media. This Policy applies to the processing of Personal Data, in which A.T.A. acts as the data controller or as a data processor within the meaning of the Applicable Laws. A.T.A. acts as a data controller when A.T.A. determines the purpose for and the means for the processing of Personal Data of Data Subjects within the purposes of this policy. A.T.A. acts as a data processor when A.T.A. process Personal Data on behalf of another controller. This is the case when Personal Data is being processed via the (online) ED card, in which IASA is the controller.
For business purposes, Data Subjects may be asked to provide their Personal Data. If this is the case, A.T.A. and its partners shall be required to keep such information confidential.
Personal Data mentioned herein and defined by A.T.A. refers to information of all kinds related to each Data Subject -- their name, address, email address, mobile phone number, and so on -- that are transmitted to A.T.A. by Data Subjects.
The categories of Personal Data that A.T.A. processes are:
A.T.A. also processes non-identifiable information. Non-identifiable information is information that (i) is aggregated where the information of a population is represented instead of single individuals, (ii) where the identity of the individual is not known, (iii) where the identity of the individual cannot be inferred from the obtained information unless it is linked with Personal Data, and (iv) where this information cannot be combined with other available (non-identifiable) information in a way that a natural personal can be singled out (e.g. because of an unique combination of information). A.T.A. shares non-identifiable (demographic) information about A.T.A.’s user base with partners (local and international), A.T.A. external reps/offices and A.T.A.’s agencies Sharing this information permits partners, external reps/office and agencies to target A.T.A.’s services to a specific demographic (for example, any unmarried, over-40-year-old scuba divers who would like to visit Aruba for a diving vacation).
A.T.A. does not (knowingly) collect Personal Data from anyone under the age of 18. Registration is available to individuals below the age of 18 only with prior consent from a parent or legal guardian. In the event a person under the age of 18 years submits a question to A.T.A. on the website and identifies his or her age, A.T.A. may use the person’s e-mail address for the sole purpose of responding to the person’s question on a one-time-only basis. However, A.T.A. will not knowingly use the person’s e-mail address to re-contact the person and A.T.A. will delete the information from the records after responding to the question. If A.T.A. becomes aware that Personal Data is unknowingly collected from a person under the age of 18, A.T.A. will make reasonable efforts to delete such information from the records.
The purposes of the processing of Personal Data by A.T.A. are:
A.T.A. is obligated to process the Personal Data in accordance with these purposes and in compliance with the Applicable Laws. The data processed by A.T.A. is necessary for operating activities, for which the Data Subject has given its explicit consent, or for the purposes of a legitimate interest pursued by A.T.A. (see Annex 1). The Data Subject has the right to withdraw a given consent at any time. The legitimate interests for which A.T.A. processes Personal Data are: national tourism policy, direct marketing, improving customer experience, offering newsletters, customer support, conducting research, promotional and cross-selling activities and identification. The IP addresses of Data Subjects recorded in the system may be used, in order to explore the cause of or solution to any problem arising in its servers, or to administer the Website.
A.T.A. will not use and store Personal Data longer than necessary to fulfil the abovementioned purposes, and shall remove the collected Personal Data after the necessary period to achieve the purposes described in this Policy has passed, or to comply with contractual obligations or as permitted or required by the Applicable Laws. In Annex 1 you find the retention periods for Personal Data that A.T.A. processes and in Annex 3 you find the retention periods for the cookies used by A.T.A.
The Personal Data may only be processed to the extent necessary for the described purposes. Personal Data may in principle not be processed for other purposes other than that for which the Personal Data were collected. If there is a necessity or need to process Personal Data for other purposes, it shall be investigated by A.T.A. whether the purpose of the intended data processing is compatible with the original purpose. A.T.A. shall provide the Data Subject prior to that further processing with information on that other purpose.
A.T.A. handles Personal Data carefully and confidentially, and uses all suitable physical, managerial, and technical safeguards to preserve the integrity and security of your Personal Data.
A.T.A. follows generally accepted industry standards to protect the personal information submitted to A.T.A., both during transmission and once A.T.A. receives it. Be advised, however, that no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, while A.T.A. strives to use all commercially acceptable means to protect your Personal Data as much as possible, A.T.A. cannot guarantee its absolute security.
If you choose to contact A.T.A. through Aruba.com, Arubaconventionbureau.com, Media.aruba.com, Arubainsight.com or the Aruba.com forum (collectively: “the Website”), you should be aware that any information transmitted electronically might not be secure. Apart from the legal obligations under the Applicable Laws, A.T.A. assumes no liability for the loss of any information that you transmit to A.T.A. electronically. In communicating with you, A.T.A. may send e-mail in an unencrypted form because A.T.A. is aware that most persons cannot readily process encrypted e-mail. This is done for your convenience, but with the security concern that, if misrouted or intercepted, it could be read more easily than encrypted e-mail.
Personal Data is being accessed or transferred by A.T.A. and other third parties such as service providers, agencies (hired by the A.T.A.), business partners, A.T.A. representatives, eCRM & Data base agency, website developer/ management agency, customer support agencies, social media, data analytics, companies that personalize the Website, digital registration tools (Customer support registration tool), Website analytics agency, companies that make customer service accessible via social media. These third parties are listed in Annex 4 of this Policy.
A.T.A. further discloses Personal Data in case such disclosure is mandatory under Applicable Laws or is reasonably judged to be essential in order to protect and safeguard the rights, property and safety of other parties, A.T.A. itself, and/or A.T.A.'s affiliates. In certain circumstances, it is possible that Personal Data may be subject to disclosure pursuant to judicial or other government subpoenas, warrants, or orders.
ATA may transfer Personal Data to a third country or international organisations outside of the European union/European Economic Area (“EU/EEA”), which shall take place only in compliance with the Applicable Laws, and where appropriate safeguards are in place that ensure the level of protection of Data Subjects as required by the Applicable Laws (e.g. transfers on the basis of an adequacy decision or standard EU Model clauses).
With respect to storage, A.T.A. uses various applications for obtaining and storing certain data. To guarantee your privacy, these applications are subject to strict regulations. Most data and the Website is stored within the European Union. In respect of data that is forwarded to non-EU countries, A.T.A. only uses companies that provide sufficient protection in line with European legislation (e.g. a ‘Privacy Shield’ certification or signing the EU Model Clauses). For the purposes of forwarding data to other countries and parties, A.T.A. enters into Data Processing Agreements with EU Model Clauses attached. If you wish to see such a contract, feel free to contact: dpo@aruba.com.
Data Subjects have the right of information, access, rectification, addition and erasure of Personal Data, and the right to object against or restrict the processing of Personal Data (or withdraw an earlier given consent), as well as the right to data portability. The procedure of A.T.A. that enable Data Subjects to exercise these rights, is described below.
Data Subjects may file a request for access with A.T.A., and A.T.A. shall respond as soon as possible, and in any event within one (1) month, about:
After a Data Subject has accessed the Personal Data, he/she may request A.T.A. to restrict, amend, add, erase and/or transport the Personal Data. A.T.A. informs the Data Subject within one (1) month after receiving the request whether the request shall be complied with (in time), and if not, accompanied with the reasons for the delay or rejection. Data Subjects can also change certain information on the Website from the online Aruba profile at any time.
Information provided shall be free of charge. Data Subjects can exercise these rights at reasonable intervals. Data Subjects can exercise their rights by contacting the Data Protection Officer in writing (see address above) or per e-mail at: dpo@aruba.com.
A.T.A. will comply with a legitimate request of a Data Subject for correction, restriction or erasure, if the Personal Data are factually incorrect, incomplete, or irrelevant for the purpose(s) of the data processing, or otherwise processed in violation with the Applicable Laws.
With regard to a request to erase Personal Data, it should be taken into account that A.T.A. shall not comply with such request, if it is incompatible with any legal obligations of A.T.A.
If a request is allowed, A.T.A. shall execute the decision to correct, amend, erase and/or transport the Personal Data as soon as possible.
Data Subjects can at any time opt out of receiving newsletters from A.T.A. to which they have subscribed, via the privacy control tools as described in the ‘cookie policy’ or via e-mail at support@aruba.com.
In the event of concerns about the handling of Personal Data, Data Subjects also have the right to lodge a complaint with a local supervisory authority (in the Netherlands: Autoriteit Persoonsgegevens).
When using the website Aruba.com, Arubaconventionbureau.com, Media.aruba.com, Arubainsight.com or the Aruba.com forum (collectively: "the Website"), your Personal Data may be processed. A.T.A. is committed to safeguarding your privacy in that respect. This paragraph describes the types of (personal) data A.T.A. process in relation to the use of the Website, how A.T.A. uses the data and with whom A.T.A. shares it.
As a general policy, no Personal Data is automatically collected from your visit to this Site. However, in certain circumstances, such as when you register for the Site, you may be asked to provide us with specific information about yourself in order to use certain features on this Site or to take advantage of certain opportunities that the A.T.A. may offer through this Site. Please find in Annex 1 of the Personal Data the A.T.A. collects by using these features, the purpose for processing these Personal Data and retention time.
The Website contains links to other websites that are not owned or controlled by A.T.A. Please be aware that A.T.A. is not responsible for the content or privacy practices of other websites. When you leave the Website, realize that you should read the privacy statement of the website that you have linked to.
A.T.A. never collects your social security number on the Website. Please do not provide your social security number or any other sensitive data on the Website, or to any party that says it is from the Webite.
The legal process may require A.T.A. to disclose or allow access to personal information such as your account, billing, payment and postings. A.T.A. also uses or discloses Personal Data about you without your consent to protect other customers, employees, or property; to enforce A.T.A.’s rights in court or elsewhere, or directly with you, for violations of service terms, conditions or policies, and/or as otherwise required by law, for example, as part of a regulatory proceeding.
Annex 1 describes the processing activities, the personal data processed, the purposes of the processing, the legal basis and the retention periods in more detail.
Annex 2 describes the specific uses of the information collected on the Website.
A.T.A. shares your Personal Data with external parties but never sells your Personal Data to any external party. Additionally, A.T.A. automatically ties data that is not personally identifiable (such as analytics and other aggregate data sources) with data that is part of your Personal Data to improve your customer experience (for example, cross-referencing your location data with demographic and aggregated data sources to personalize your experience on the Website). A.T.A. also uses the same cross-referencing technique to evaluate advertisement strategies.
In Annex 4 you find an overview of all third parties with whom A.T.A. shares Personal Data with.
A 'cookie' is a small unit of information which can be passed to your browser while you are using the Website and/or another website. In most cases, cookies are used to ensure an efficient use of the Website. If you do not want websites to use cookies with your browser, you may deny the cookies (this only applies for cookies for which an explicit consent is required) for the Website, and/or change the settings on your internet browser so that the cookies are deleted or deactivated.
The Website automatically generates log files that register the use by you and other parties of the Website. A.T.A. maintains user data, such as source addresses of pages requested, IP (internet protocol) addresses and domain names, dates and times of page requests, links from other websites and other parameters in the URLs (universal resource locators). These log files and data will be used, on an anonymous basis, for statistical purposes and for improving the services offered via the Website.
Cookies enable A.T.A. to recognize your web browser. This is useful because you do not need to repeatedly input your data, specify choices, put products in your shopping basket, or modify your settings. It also means that A.T.A. can improve the performance of the Website and better understand visitor behavior on the Website, and other parties can learn about your surfing behavior so that they can show personalized advertisements across several websites and omit non-relevant advertisements, and such enhancing your online experience online.
If you log on to your ‘MY ARUBA’ environment on Aruba.com or if you visit Aruba.com via a link in your e-mail, A.T.A. will link your search behavior on Aruba.com to your profile.
Cookies on the Website are placed by first, second, and third parties. They can be placed directly or through mechanisms called pixels or web beacons. For certain countries or regions, such as the European Union, A.T.A. have control tools that allow the user to adjust what type of cookies are allowed to be placed.
While A.T.A. does not store Personal Data in cookies, A.T.A. may process Personal Data with other data from cookies. For example, cookies that contain your ID used for personalization can be (automatically) tied with Personal Data from after you've registered on the Website. This would be primarily used for enhancing the personalization engine in real time or secondarily for occasional data analysis.
Functional cookies are needed to ensure the Website works effectively. They ensure, for example, that you are shown the information you are looking for quickly and correctly, every time you visit the Website. It is not necessary to seek your permission to create functional cookies.
Analytical cookies provide A.T.A. with great insight on how the Website visitors experience Aruba.com. Based on these insights A.T.A. is able to improve the Website for a more seamless experience for you and future visitors. Through analytical cookies, A.T.A. gets a better understanding which pages are visited the most, how long the visitors stay on average on a page, and how you have come to visit the Website (from social media, a newsletter, other website, online banner, etc.). If the analytical cookies do not have any impact on privacy, then it is not necessary to ask your permission. Otherwise, your prior permission is needed.
These are cookies able to follow your surfing behavior on the Website. They enable A.T.A. and advertisers to show personalized online advertisements and customized content based on your surfing behavior. A.T.A. will ask you for permission to create these cookies.
Social media plug-in cookies are used to show social media content on the Website. A.T.A. will ask you for permission to create these cookies.
Cookies are kept on the relevant device for the periods described in Annex 3.
For certain geographical locations (such as Member States of the European Union) cookie policy controls are visible (also above in this privacy policy). These can be used to manage your provided consent. In case these controls are not visible for your particular geographical location you can clear these cookies through your browser. You can instruct your browser, by editing its options, to stop accepting cookies or prompt you before accepting a cookie from the Sites you visit. In some cases this action will log you out of services such as myAruba. In case you forgot your password, you can always request to reset your password on the myAruba login form.
Annex 3 shows which pixels or cookies are placed on the Website. More specifically, it provides information on who, what, for what purpose and when the cookies expire.
A.T.A. stores the information they collect through cookies, log files, clear gifs, and/or third parties sources to create a profile of the Data Subjects preferences. A.T.A. links the Personal Data in order to provide tailorded promotions and marketing offers and to improve the content of the Website.
For queries and inquiries about this Policy of A.T.A., please contact the Data Protection Officer at: dpo@aruba.com.
Activity |
Personal Data |
Purpose |
Legal Basis |
Retention Period |
myAruba: save items, create and share itineraries |
First & last name, email |
Authentication, customer experience |
Consent |
36 months |
Forum / Bulletin board: post messages |
First & last name, email |
Authentication |
Consent |
36 months |
Newsletters |
First & last name, email |
Authentication, customer experience |
Legitimate interest |
36 months |
Contests |
First & last name, email |
Identification |
Consent |
36 months after contest |
Customer Support |
First & last name (if necessary), email |
Identification, customer support |
Legitimate interest |
36 months |
On island customer support |
First & last name (if necessary), email, if applicable survey data |
Identification |
Consent |
|
Surveys or Focus Groups |
First & last name (if necessary), email, Survey data (data collected through the survey) |
Classification, identification |
Consent |
36 months |
Send to A Friend |
Friend's first and last name (if appropriate), email |
Identification |
Legitimate interest |
36 months |
Campaign opt in |
Identification |
Consent |
36 months |
|
ED-CARD |
First & last name, date of birth, country of birth, address, email |
Identification |
Legitimate interest |
10 years |
Activity |
Information Uses |
Special Offers and Newsletters |
We will occasionally send you information on products, services, special deals, and promotions. You can at any time opt out of receiving these promotional emails (for which you have opted in before) using the privacy controls or via email at support@aruba.com. |
Reservation-Related Communications |
We will communicate with you concerning (prospective) reservations made on the Website, and other reservation-related activity, including promotional and cross-selling opportunities. |
Welcoming Service |
We will send you a welcoming email to verify your user name and password upon registration, based on the information that you provide to us. |
Customer Support |
When you contact customer support, we collect contact information (for example first name, email or telephone number) as necessary to assist you. |
Profile |
We store the information that we collect through cookies, log files, clear gifs, and/or third party sources to create a “profile” of your preferences. We tie your Personal Data in order to provide tailored promotions and marketing offers and to improve the content of the Website. |
Supplementation of Information |
In order to provide certain services to you, we may on occasion supplement the personal information you submitted with information from third party sources (See Annex 4). For example, we may purchase marketing data from third parties and add it to our user database, to better target our advertising and to provide pertinent offers in which we think you would be interested. To enrich our user profiles, we tie this information to the Personal Data they have provided to us. |
Vendor / Domain |
Language |
Pixel/Cookie name |
Purpose |
Expiration Date |
---|---|---|---|---|
www.aruba.com |
ALL |
ATA.gdpr.analytics |
Remember Consent for Analytics |
180 days |
www.aruba.com |
ALL |
ATA.gdpr.location |
Remember your country |
During session |
www.aruba.com |
ALL |
ATA.gdpr.personalization |
Remember Personalization Consent |
180 days |
www.aruba.com |
ALL |
ATA.gdpr.popup |
Determine Cookie Banner Visibility |
180 days |
www.aruba.com |
ALL |
ATA.gdpr.tracking |
Remember Advertisement Consent |
180 days |
www.aruba.com |
ALL |
ATA.lang |
Remember Last Language Site You Visited |
5 years |
Google / .aruba.com |
ALL |
_dc_gtm_UA-.... |
Remember Associated Google Analytics Property ID and DoubleClick |
1 day |
Google / .aruba.com |
ALL |
_ga |
ID number of Google Analytics on aruba.com |
2 years |
Google / .aruba.com |
ALL |
_gid |
Unique ID for every page visit |
2 days |
Bloomreach / www.aruba.com |
ALL |
_visitor |
ID number for Personalization |
2 years |
Bloomreach / .aruba.com | ALL | __exponea_etc__ | Customer's Bloomreach Engagement generated client-side cookie | 7 days - 3 years |
Bloomreach / api.us1.exponea.com | ALL | xnpe_[project-token] | Customer's Bloomreach Engagement generated server-side cookie | 3 years |
Bloomreach / .aruba.com | ALL | __exponea_time2__ | Timestamp offset between browser and server time | 60 minutes |
Bloomreach / .aruba.com | ALL | __exponea_ab_[ABTestName]__ | Variant name returned for an A/B test | 7 days - 3 years |
Taboola |
US |
USIM - Taboola - Video - All Bookings and Downloads |
Track Booking Intent and Downloads |
During session |
Taboola |
US |
USIM - Taboola - Retargeting |
Retargeting Advertisement |
During session |
Taboola |
US |
USIM - Taboola - Outbound Links |
Track Outbound Link Clicks |
During session |
Taboola |
US |
USIM - Taboola - Downloads |
Track Downloads |
During session |
Taboola |
US |
USIM - Taboola - All Bookings |
Track Booking Intent |
During session |
Quantum11 |
US |
USIM - Quantum11 - Retargeting - Hyperfocus |
Retargeting Advertisement |
During session |
Quantum11 |
US |
USIM - Quantum11 - Outbound Links |
Track Outbound Link Clicks |
During session |
Quantum11 |
US |
USIM - Quantum11 - Downloads |
Track Downloads |
During session |
Quantum11 |
US |
USIM - Quantum11 - All Bookings |
Track Booking Intent |
During session |
Quantcast |
US |
USIM - Quantcast - All Pages |
Audience Measurement |
During session |
Pixability |
US |
USIM - Pixability 2018 - Retargeting - All Pages |
Retargeting Advertisement |
During session |
Pixability |
US |
USIM - Pixability 2018 - Outbound Links |
Track Outbound Link Clicks |
During session |
Pixability |
US |
USIM - Pixability 2018 - Downloads |
Track Downloads |
During session |
Pixability |
US |
USIM - Pixability 2018 - All Bookings |
Track Booking Intent |
During session |
Liquid Audience |
US |
USIM - Liquid Audience - Outbound Links |
Track Outbound Link Clicks |
During session |
Liquid Audience |
US |
USIM - Liquid Audience - Facebook - All Pages |
Retargeting Advertisement |
During session |
Liquid Audience |
US |
USIM - Liquid Audience - Downloads |
Track Downloads |
During session |
Liquid Audience |
US |
USIM - Liquid Audience - All Bookings |
Track Booking Intent |
During session |
Adara |
US |
USIM - Adara Impact - All Pages |
Audience Measurement |
During session |
Type of data |
Party |
Category |
Opt out mechanism |
---|---|---|---|
Personal |
Immigration Department Aruba, Government of Aruba |
Government or law enforcement |
Not applicable |
Personal |
fame creative lab (Germany), NBTC Holland Marketing (Sweden), BeauVue Marketing (United Kingdom), Global Tourist Consulting (Italy). |
ATA representation offices |
|
Personal |
Ansira Partners LLC, Sigma International Consulting Ltd. |
Email processors |
|
Personal |
LogMeIn, Inc. |
Customer support |
|
Non-identifiable |
USIM, MullenLowe Profero, Dept |
Media agencies and advertising partners |
Aruba.com cookie policy controls (not available in all countries) |
Non-identifiable |
Facebook Inc., Twitter Inc., Pinterest Inc. |
Social media |
Aruba.com cookie policy controls (not available in all countries) |
Non-identifiable |
Google Inc., Adara |
Data analytics |
Aruba.com cookie policy controls (not available in all countries) |
- Version 5. Effective Date Sept 17 2018 -
Updated August 6th 2021 to include Tracedock.
Updated January 19th 2024 to remove vendor.
We’re just getting started with the amazing effects Aruba has to offer. Dig into your trip details below to unlock a Caribbean experience that will fill you with sunshine and send you home with a happy afterglow that never fades.
myAruba planner
Save your favorite places and experiences to a custom itinerary you can manage while you're visiting the island: Start Planning