Privacy Statement

Updated: 12/31/2016

Effective Date: 1/1/2017

This privacy statement describes how Cornerstone Information Systems, Inc. (“Cornerstone Information Systems”) collects and uses the personal information you provide on our Web site:, and It also describes the choices available to you regarding our use of your personal information and how you can access and update this information.


EU-U.S. Privacy Shield

Cornerstone Information Systems (and its parent/subsidiary company(ies) participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework. Cornerstone Information Systems is committed to subjecting all personal data received from European Union (EU) member countries, in reliance on the Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List. []

Cornerstone Information Systems is responsible for the processing of personal data it receives, under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. Cornerstone Information Systems complies with the Privacy Shield Principles for all onward transfers of personal data from the EU, including the onward transfer liability provisions.

With respect to personal data received or transferred pursuant to the Privacy Shield Framework, Cornerstone Information Systems is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Cornerstone Information Systems may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at

Under certain conditions, more fully described on the Privacy Shield website [], you may invoke binding arbitration when other dispute resolution procedures have been exhausted.

U.S. – Swiss Safe Harbor Framework

Cornerstone Information Systems complies with the U.S. – Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use and retention of personal data from Switzerland. Cornerstone Information Systems has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view Cornerstone Information Systems certification, please visit

Information Collection and Use

Cornerstone Information Systems collects and stores information including in some cases personally identifiable information. The information processed is typically referred to or associated with “traveler profiles.” We obtain, collect, store, analyze and process this information from industry-standard travel databases on behalf of our business clients. As a data processor we can only handle personally identifiable information transferred out of the EU at the direction of the Data Controller, our clients.

The kinds of information we may collect includes full name, email, PNR information, flight record information, traveler profile information like addresses, credit card information.

In addition we collect and store on behalf of our clients some system administration contact information. Typically this involves our client’s employee’s contact information such as email address to notify users of pending trip approvals or service notifications.

Legal Disclosure

In certain situations, Cornerstone Information Systems may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. Cornerstone Information Systems reserves the right to disclose your personally identifiable information as required by law and when we believe that disclosure is necessary to protect our rights and/or to comply with a judicial proceeding, court order, or legal process served on our Web Site.

In the event Cornerstone Information Systems, Inc. goes through a business transition, such as a merger, acquisition by another company, or sale of all or a portion of its assets, your personally identifiable information will likely be among the assets transferred. You will be notified via email of any such change in ownership or control of your personal information.

Children’s Personal Information

Cornerstone Information Systems offers business related services and does not offer areas specifically designed for children.

Passive Collection

As is true of most websites, we gather certain information automatically. This information may include Internet protocol (IP) addresses, browser type, Internet service provider (ISP), referring/exit pages, the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system, date/time stamp, and/or clickstream data to analyze trends in the aggregate and administer the site.

Tracking Technologies

Cornerstone Information Systems and its partners use cookies or similar technologies to analyze trends, administer the website, track users’ movements around the website, and to gather demographic information about our user base as a whole. You can control the use of cookies at the individual browser level, but if you choose to disable cookies, it may limit your use of certain features or functions on our website or service.

To manage Flash cookies, please click here:


We do not share, sell, or rent user’s personally identifiable information to 3rd parties in ways other than disclosed in this privacy statement

We will share aggregated demographic information with our business partners. This is not linked to any personal information that can identify any individual person, nor is it linked to any client proprietary information. We partner with another party to provide specific services. When the user signs up for these services, we will share names, or other contact information that is necessary for the third party to provide these services. These parties are not allowed to use personally identifiable information except for the purpose of providing these services.

An example of the sharing of data would be that one of our customers has requested in writing that Cornerstone provide travel data to a supplier of the customers’ choosing, such as an emergency medical team for travelers at risk. Travel data transferred to the emergency medical team may include contact information.


This web site contains links to other sites. Please be aware that Cornerstone Information Systems is not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects personally identifiable information. This privacy statement applies solely to information collected by this web site.


This website takes every precaution to protect our users’ information. When our customers handle sensitive information via the website, information is protected both online and off-line.
Occasionally we have forms for sensitive information (such as credit card number and/or social security number). That information is encrypted and is protected with the best encryption software in the industry – SSL. While on a secure page, such as our order form, the lock icon on the bottom of Web browsers such as Netscape Navigator and Microsoft Internet Explorer becomes locked, as opposed to un-locked, or open, when you are just ‘surfing’. To learn more about SSL, follow this link

While we use SSL encryption to protect sensitive information online, we also do everything in our power to protect user-information off-line. All of our users’ information, not just the sensitive information mentioned above, is restricted in our offices. Only employees who need the information to perform a specific job are granted access to personally identifiable information.

Our employees must use password-protected screen-savers when they leave their desk. When they return, they must re-enter their password to re-gain access to your information.

Furthermore, ALL employees are kept up-to-date on our security and privacy practices. Every quarter, as well as any time new policies are added, our employees are notified and/or reminded about the importance we place on privacy, and what they can do to ensure our customers’ information is protected.

Finally, the servers that we store personally identifiable information on are kept in a secure environment and located in rooms that require security card access readers and cameras. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, we cannot guarantee its absolute security. If you have any questions about security on our Web site, you can contact us at

Supplementation of Information

In order for this website to properly fulfill its obligation to our clients, it is necessary for us to supplement the information we receive with information from 3rd party sources. As indicated above we collect some information from travel industry databases. This information is tied to an identifier that our clients use to run reports and analyze the data. It is possible for our clients to then also be able to append more of their own data to it.

Site and Service Updates

From time to time we send clients site and service announcement updates. These announcements contain important information about the service, therefore are required as part of the service. Generally, you may not opt-out of these required communications as they are necessary to receive the service. If you wish to stop receiving these communications, please see the “Choice/Opt-out” section below for instruction. We communicate with the user to provide requested services and in regards to issues relating to their account via email or phone.

Correction/Updating Personal Information

Upon request Cornerstone Information Systems will provide you with information about whether we hold, or process on behalf of a third party, any of your personal information. If a client’s personally identifiable information changes (such as your zip code) we provide a way to correct, update or remove that user’s personal data provided to us. This can usually be done at the system administration information page or by emailing our Customer Support. We handle client data as a data processor. Consequently, access requirements are handled by them, though we will cooperate with any requests made by our data controller clients having to do with their end users. The data controller clients can expect a response to their request with 10-20 business days.

We will retain your information for as long as your account is active or as needed to provide you services. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.


We handle client data as a data processor. Consequently, choice requirements are handled by the administrator assigned by the client. If you wish to stop receiving site and service announcements or trip notifications, please contact your system administrator.

Notification of Changes

If we decide to change our privacy policy, we will post those changes on our Homepage so our users are always aware of what information we collect, how we use it, and under circumstances, if any, we disclose it. If at any point we decide to use personally identifiable information in a manner materially different from that stated at the time it was collected, we will notify users by way of an email or prominent posting on the website. Users will have a choice as to whether or not we use their information in this different manner. We will use information in accordance with the privacy policy under which the information was collected.

Enforcement of this Privacy Statement

If you have questions regarding this statement, you should contact Cornerstone Information Systems at: You may also contact Cornerstone Information Systems by telephone (812-330-4361) or postal mail. Please mail correspondence to:

Cornerstone Information Systems
300 W. Sixth Street
Bloomington, IN 47404