a.    Airline passenger reservation and other travel information, such as frequent flyer or hotel reservation information and special handling needs, such as meals to meet religious requirements or physical assistance, may be transferred to organizations located outside the EU in several different circumstances.  Under Article 26 of the Directive, personal data may be transferred “to a third country which does not ensure an adequate level of protection within the meaning of Article 25(2)” on the condition that it (i) is necessary to provide the services requested by the consumer or to fulfill the terms of an agreement, such as a “frequent flyer” agreement; or (ii) has been unambiguously consented to by the consumer.  U.S. organizations subscribing to the Privacy Shield provide adequate protection for personal data and may therefore receive data transfers from the EU without meeting these conditions or other conditions set out in Article 26 of the Directive.  Since the Privacy Shield includes specific rules for sensitive information, such information (which may need to be collected, for example, in connection with customers’ needs for physical assistance) may be included in transfers to Privacy Shield participants.  In all cases, however, the organization transferring the information has to respect the law in the EU Member State in which it is operating, which may inter alia impose special conditions for the handling of sensitive data.