2. The personal information we collect We collect and process the following personal information about you:
2.1 Information that you give us.
2.1.1 This includes information you give us so we can provide you with access to the Platform or Services. The information collected is not limited to and includes your name, address, e-mail address, and phone number.
2.1.2 When using the Platform or Service, you provide us with personal information about you and your employees so we can provide the Services.
2.2 Information that we collect automatically. We automatically collect the following information from your use of the Platform:
2.2.1 technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information (if applicable), browser type and version, browser plug-in types and versions, operating system and platform; and
2.2.2 information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from the Platform (including date and time); products you viewed or searched for; page response times, length of visits to certain pages, and methods used to browse away from the page and any phone number used to call our customer service number.
2.3 Information that we receive from third parties. We work closely with certain third parties to help us provide our Services to you and to otherwise conduct our business (including, for example, business partners, resellers, sub-contractors in technical and payment services, advertising networks, analytics providers and search information providers) and receive information from them.
3. Why we collect personal information and what we do with it
3.1 When you provide your personal information to us, or we received your personal information through a contractual relationship with your employer, we will make reasonable efforts to ensure that the purpose for which you are providing that personal information is clear and honored.
3.2 Depending on who you are and your relationship with us, we will process your personal information as follows:
3.2.1 to carry out our obligations to you from your use of our Platform, the Services or under another agreement with you;
3.2.2 to administer your account with us;
3.2.3 to provide you with information about our products, the Platform, the Services and any other services we provide;
3.2.4 to administer the Platform and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
3.2.5 to allow you to participate in interactive features of the Platform or Service, when you choose to do so;
3.2.6 internally, to inform decisions about our business operations and strategy; and
3.2.7 to contact you from time to time to market any other services we provide and we think to be of interest to you.
4. Who we share your personal information with
4.1 In the course of normal business, we disclose your personal information to the following entities:
4.1.1 to business partners, suppliers and sub-contractors for the performance of any contract we or you enter into with them or to fulfill our Services to you;
4.1.2 to our customers in order to allow them to use our Service;
4.1.3 in the event that we sell or transfer any part of our business or assets (whether by merger, asset sale or otherwise), in which case we reserve the right to disclose and transfer your personal information to the prospective buyer of such business or assets;
4.1.4 in the event we are under a duty to disclose or share your personal information in order to comply with any legal or regulatory obligation or request; and
4.1.5 to third parties to enforce agreements between us or to investigate suspected breaches of those agreements or to protect the rights, property or safety of our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.
5. Security Measures for the Platform
5.3 We implement a variety of technical, administrative and organizational security measures for the Platform and Services that we believe are commercially reasonable to help us maintain the safety of your personal information when you place an order or enter, submit or access your personal information. These security measures include using one or more servers for the Platform and Services that are secured by commercially reasonable measures.
5.4 You are responsible for keeping confidential your access credentials for the Platform or Service, including password(s) and you should not share your password(s) with anyone.
5.5 Notwithstanding the above, you should be aware that the transmission of information via the Internet is not completely secure. Although we will use commercially reasonable measures to protect your personal information, we cannot guarantee the security of your information transmitted using the Services or the Platform, and as a result, any transmission of personal information is at your own risk.
6.2 A cookie is a small file that a site or its service provider transfers to the hard drive of your computer or other device through your Web browser and enables the site or service provider systems to recognize your browser and capture information for use during your visit to our Platform and for future visits to our Platform.
6.3 We use the following cookies:
6.3.1 Strictly necessary cookies. These are cookies that are required for the operation of the Platform. They include, for example, cookies that enable you to log into secure areas of the Platform, use a shopping cart or session tracking.
6.3.2 Analytical/performance cookies. They allow us to recognize and count the number of visitors and to see how visitors move around the Platform when they are using it. This helps us to improve the way the Platform works, for example, by ensuring that users are finding what they are looking for easily.
6.3.3 Functionality cookies. These are used to recognize you when you return to the Platform. This enables us to personalize our content for you, greet you by name and remember your preferences.
6.3.4 Targeting cookies. These cookies record your visit to the Platform, the pages you have visited and the links you have followed. We also share this information with third parties that assist us with our Platform and fulfilling our Services for you.
6.4 You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you will not be able to access all or parts of the Platform and use the Services. In addition, if you delete any Platform cookies on a given visit, you would need to block them again in subsequent visits to our Platform.
7. Children’s Privacy and Age Limitations for the Platform
7.1 The Platform is intended for use by persons aged 18 or older. We do not knowingly collect personally identifiable information from persons under the age of 18. If we discover or are made aware that we have received personally identifiable information from an individual who indicates that he or she is, or whom we otherwise have reason to believe is, under the age of 18, we will delete such information from our systems. If you are a parent or guardian of a child under the age of 18 and believe he or she has disclosed personally identifiable information to us, please contact us as provided below. In any such event, a parent or guardian of a child under the age of 18 may review and request deletion of such child’s personally identifiable information as well as prohibit the use thereof.
8. Additional Notices to California Residents
8.1 California Do-Not-Track Disclosure. At this time, the Platform is not set up to honor web browser do-not-track settings.
8.2 Information on Marketing Disclosures. California Civil Code Section 1798.83 permits our users who are California residents to request and obtain from us once a year, free of charge, information about the personal information (if any) we disclosed to third parties for direct marketing purposes in the preceding calendar year. If applicable, this information would include a list of the categories of personal information that was shared and the names and addresses of all third parties with which we shared information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us at Travel Incorporated, 4355 River Green Parkway, Duluth, Georgia 30096 or at firstname.lastname@example.org.
9. Links to Other Websites
11. General Information to Contact Us
12.1 Overview of Consumer Rights Under the CCPA Under the CCPA, California consumers have certain rights regarding their personal information, including:
* The right to know the categories of personal information that the Company has collected and the categories of sources from which we obtained such information.
* The right to know the Company’s business purposes for sharing personal information.
* The right to know the categories of third parties with whom the Company shared personal information.
* The right to access the specific pieces of personal information that the Company has collected and the right to delete your personal information.
* The right to not be discriminated against if a California consumer exercise their rights under the CCPA. The provisions below of this California Notice provide further details about these rights and how you may exercise them.
12.2 Information We Collect We collect information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California consumer, household or device (collectively, “personal information”). Personal information does not include:
* Publicly available information from government records.
* De-identified or aggregated California consumer information.
* Information excluded from the CCPA’s scope, including:
• Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data; and
• Personal information covered by certain other laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.
We have collected the following categories of personal information from California consumers within the last twelve (12) months:
|A. Identifiers||An individual’s name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number or other similar identifiers|
|B. Personal information categories described in Cal. Civ. Code § 1798.80(e)||A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information|
|C. Protected classification characteristics under California or federal law||Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information)|
|D. Commercial information||Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies|
|E. Biometric information||Genetic, physiological, behavioral and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, face prints and voice prints, iris or retina scans, keystroke, gait or other physical patterns, and sleep, health or exercise data|
|F. Internet or other similar network activity||Browsing history, search history, information on a California consumer’s interaction with a website, application, or advertisement|
|G. Geolocation data||Physical location or movements|
|H. Sensory data||Audio, electronic, visual, thermal, olfactory or similar sensory-related information|
|I. Professional or employment-related information||Current or past job history or performance evaluations|
|J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g; 34 C.F.R. Part 99))||Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information or student disciplinary records|
|K. Inferences drawn from other personal information||Examples include a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities and aptitudes|
12.3.1. Directly From You. For example, from forms you complete or products and services you purchase or from communications with you such as when you contact the Company (whether in person, by mail, by phone, online, via electronic communication or by other means) including our customer support service.
12.3.2. Indirectly From You. For example, from observing your actions on our Platform or from products or services that you have purchased from the Company, if you have enabled such functionality, such as telemetry services.
12.3.3. From Others.
* From third party service providers. For example, if you choose to make an electronic payment directly to the Company, or through a linked website or app, or through an affiliate of ours, the Company may receive personal information about you from third parties such as payment services providers, for the purposes of that payment.
* From affiliates. We may collect personal information about you from our affiliates or others acting on their behalf.
12.3.4. From Public Sources. For example, we may collect information from public records.
12.4.1. To fulfill the reason that you provided the information. For example, if you share your name and contact information to request a price quote, request to be contacted by an affiliate, or ask a question about our products or services, we will use that personal information to respond to your inquiry. If you provide your personal information to purchase a product or service, we may use that information to process your payment and facilitate delivery. We may also save your information to facilitate new product or service orders or to process returns.
12.4.2. To perform services such as customer service, order fulfillment, payment processing, financing and advertising, marketing or analytic services.
12.4.3. To advance our commercial or economic interests, such as by helping you to buy, rent, lease, join, subscribe to, provide, or exchange products, information, or services, or enabling or effecting, directly or indirectly, a commercial transaction.
12.4.4. To verify or maintain quality or safety standards or improve or upgrade a product or service provided or controlled by or for us.
12.4.5. To provide, support, personalize and develop our Platform, products and services such as to perform warranty related services or other post-sale activities such as product or service monitoring or repairs.
12.4.6. To create, maintain, customize and secure your account with us.
12.4.7. To process your requests, purchases, transactions and payments and prevent transactional fraud.
12.4.8. To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses.
12.4.9. To personalize your Platform experience and to deliver content and product and service offerings relevant to your interests, including targeted offers and ads through our Platform, third-party sites and via mail, email or text message (with your consent, where required by law).
12.4.10. To help maintain the safety, security and integrity of our Platform, products and services, databases and other assets and business.
12.4.11. For testing, research and analysis purposes, including to develop and improve our Platform, products and services.
12.4.12. To respond to law enforcement requests and as required by applicable law, court order or governmental regulations.
12.4.13. As described to you when collecting your personal information or as otherwise set forth in the CCPA or applicable law.
12.4.14. To send you information relevant to your past purchases and interests, subject to compliance with applicable laws regarding direct marketing.
12.4.15. To otherwise use as reasonably necessary and proportionate to achieve our operational or notified purpose for collecting personal information and as compatible with the context in which we collected the information.
12.4.16. To perform services on behalf of a CCPA-covered business or its service provider, such as customer service, order fulfillment, payment processing, financing and advertising, marketing, or analytic services.
12.4.17. To review and audit our business interactions with you.
12.4.18. To detect or prevent security incidents or other illegal activity.
12.4.19. To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of a bankruptcy, liquidation, or similar proceeding, in which personal information held by us about our Platform users, including California consumers, is among the assets transferred. We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated or incompatible purposes without providing you notice.
12.5 Sharing Personal Information We may disclose your personal information to a third party for a business purpose. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract.
12.5.1. Disclosures of Personal Information for a Business Purpose In the preceding twelve (12) months, the Company has disclosed the following categories of personal information for a business purpose:
Category A: Identifiers
Category B: Personal information categories described in Cal. Civ. Code § 1798.80(e)
Category C: Protected classification characteristics under California or federal law
Category D: Commercial information
Category E: Biometric information
Category F: Internet or other similar network activity
Category G: Geolocation data
Category H: Sensory data
Category I: Professional or employment-related information
Category J: Non-public education information
Category K: Inferences drawn from other personal information
The categories of third parties to which we may disclose personal information collected by us include the following:
* Service providers
12.5.2. Sales of Personal Information The Company does not sell personal information to third parties.
12.6. Exercising Your CCPA Rights and Choices The sections below describe how you may exercise your rights under the CCPA.
12.6.1. Access to Specific Information and Data Portability Rights
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past twelve (12) months. Once we receive and confirm your verifiable consumer request (see “Exercising Access, Data Portability and Deletion Rights” below), we will disclose to you:
- The categories of personal information we collected about you.
- The categories of sources for the personal information we collected about you.
- Our business or commercial purpose for collecting that personal information.
- The categories of third parties with whom we share that personal information.
- The specific pieces of personal information we collected about you (also called a data portability request).
- If we disclosed your personal information for a business purpose, a list disclosing:
- the personal information categories that each category of recipient obtained.
As allowed by the CCPA, we do not provide these access and data portability rights (i) for business-to-business personal information or (ii) as to personal information collected from the Company’s California-based employees, job applicants or contractors when provided or collected in such employee, job applicant or contractor capacities.
12.6.2. Deletion Request Rights
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (see “Exercising Access, Data Portability and Deletion Rights” below), we will delete (and direct our service providers to delete) your personal information from our (and service provider) records, unless an exception applies.
We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
- Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products or services to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another California consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with California consumer expectations based on your relationship with us, such as future field campaigns or product safety issues.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
As allowed by the CCPA, we do not provide these deletion rights (i) for business-to-business personal information or (ii) as to personal information collected from the Company’s California-based employees, job applicants or contractors when provided or collected in such employee, job applicant or contractor capacities.
12.6.3. Exercising Access, Data Portability and Deletion Rights
To exercise the access, data portability and deletion rights described above, you should submit a verifiable consumer request to us by one of the following methods:
- Calling us at toll free at: (855) 874-6603
- Emailing us at: email@example.com
- Visiting the following page on our Platform: www.travelinc.com
- By postal mail at: Travel Incorporated, 4355 River Green Parkway, Duluth, Georgia 30096
- Accessing an online account that you maintain with us
Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of a minor child for whom you are a parent or legal guardian.
You may only make a verifiable consumer request for access or data portability twice within a twelve (12) month period. The verifiable consumer request must:
- Provide sufficient information that allows us to reasonably verify that you are the person about whom we collected personal information or an authorized representative, which may include:
- Your name
- Your address
- Additional information depending upon the type of request and the sensitivity of the information involved with such request
- Describe your request with sufficient detail to enable us to properly understand, evaluate and respond to such request.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or your authority to make the request and confirm that the personal information involved with the request relates to you.
Making a verifiable consumer request does not require you to create an account with us. However, we will consider requests made through a password-protected online account that you maintain with us to be sufficiently verified when the request relates to personal information associated with that online account, provided such online account functionality is then made available by us on the Platform.
We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
12.6.4. Response Timing and Format
We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time, we will inform you of the reason and extension period in writing.
If you have an online account with us, we may deliver our written response to that online account, provided that such online account functionality is then made available by us on the Platform. If you do not have an online account with us, or such functionality is not available for your online account we will deliver our written response by mail or electronically, at your option.
Any disclosures we provide will only cover the twelve (12) month period immediately preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily usable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA or other applicable law, we will not as a result of you exercising any of your rights under the CCPA:
- Deny you goods or services;
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties;
- Provide you a different level or quality of goods or services; or
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
However, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your personal information’s value and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt in consent, which you may revoke at any time.
12.7. Other California Privacy-Related Disclosures
Sharing Personal Information for Direct Marketing Purposes
Before sharing personal information of California consumers with third parties for direct marketing purposes we will obtain opt-in consent from the applicable California consumers or provide such California consumers with a cost-free method to opt out.
California Do-Not-Track Disclosure
At this time, the Platform is not set up to honor web browser do-not-track settings. Do-not-track is a privacy preference that users can set in their web browsers. When a user activates the do-not-track settings in browsers that offer this setting, the browser sends a message to websites or applications requesting them not to track the user. For more information about do-not-track matters, please visit www.allaboutdnt.org.
Information on Marketing Disclosures
California Civil Code Section 1798.83 permits our users who are California residents to request and obtain from us once a year, free of charge, information about the personal information (if any) we disclosed to third parties for direct marketing purposes in the preceding calendar year. If applicable, this information would include a list of the categories of personal information that was shared and the names and addresses of all third parties with which we shared information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us at Travel Incorporated, 4355 River Green Parkway, Duluth, Georgia 30096.
Content Removal Requests for Platform Users Under 18 Years Old
If you have any complaint about use of the Platform, you may contact us by email at firstname.lastname@example.org, or by postal mail at Travel Incorporated, 4355 River Green Parkway, Duluth, Georgia 30096. In accordance with California Civil Code Section 1789.3, California residents may also file complaints with the Complaint Assistance Unit, Division of Consumer Services, California Department of Consumer Affairs by postal mail at 1625 North Market Road, Suite N112, Sacramento, CA 95834 or by telephone at 800-952-5210.
12.8. Changes to Our California Notice
We reserve the right to amend this California Notice at our discretion and at any time. When we make changes to this California Notice, we will post the updated California Notice on the Platform and update the California Notice’s effective date. Your continued use of our Platform following the posting of changes constitutes your acceptance of such changes.
13. Additional Notices to European Union Citizens
Persons who are residents of the member countries of the European Union (“EU”) or other data subjects covered by the EU’s General Data Protection Regulation, (EU) 2016/679 (the “GDPR”), have certain additional privacy rights under applicable law. The following provisions of this Section 13 provide an overview of these additional rights.
13.1 Legal Bases for Processing Personal Information of European Union Citizens
When processing your personal information, Travel Incorporated relies on one or more of the following legal bases (or other available legal grounds), depending on the circumstances:
(a) Legitimate Interests – Travel Incorporated processes your personal information where Travel Incorporated has a (legal reason to process) in such processing for managing, operating or promoting our business, and that legitimate interest is not overridden by your interests, fundamental rights or freedoms.
(b) Consent – Travel Incorporated processes your personal information where Travel Incorporated has obtained your consent to the processing.
(c)Contractual Necessity – Travel Incorporated processes your personal information where such processing is necessary in connection with any contract that Travel Incorporated has with you.
(d)Legal Requirements – Travel Incorporated processes your personal information where such processing is required by applicable law.
13.2 Disclosures to Third Parties
Travel Incorporated will also disclose any information (including personal information) relating to you to law enforcement authorities or any regulatory or government authority in response to any request including requests in connection with the investigation of any suspected illegal activities.
13.3 Security of Personal Information of European Citizens
Travel Incorporated has policies and technical and organizational measures in place which are intended to safeguard and protect your personal information against unauthorized access, accidental loss, improper use and disclosure. However, you should be aware that information transmitted over the internet is not inherently secure because of the nature of the internet and that systems and measures used to secure information are not flawless. For these reasons, although Travel Incorporated will use reasonable efforts to protect your personal information, Travel Incorporated does not warrant the security of personal information transmitted to Travel Incorporated or stored by Travel Incorporated, and personal information that is transmitted to Travel Incorporated by you electronically is done at your own risk.
13.4 Retention of Personal Information of European Citizens
Travel Incorporated’s policy is to retain your personal information only for as long as is necessary to fulfill the legal reason to process the personal information. In addition to the above, Travel Incorporated will obtain your personal information for the purposes of satisfying any professional, legal, accounting or reporting requirements to which Travel Incorporated is subject. To determine the appropriate retention period for personal information, Travel Incorporated considers the scope, nature and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of the personal information, the purposes for which Travel Incorporated collected and processed your personal information and whether Travel Incorporated can achieve those purposes through other means, and any applicable legal and professional requirements.
13.5 Location of Data Processing
All personal information that we process is processed in the United States.
13.6 Your Rights as a European Citizen
You have several rights concerning your personal information that Travel Incorporated holds and uses, including the following:
(a) Right of Access – You have the right to be informed about what personal information Travel Incorporated holds about you and to a copy of this personal information.
(b) Right to Rectification – You have the right to have any inaccurate or incomplete personal information which Travel Incorporated holds about you updated or corrected.
(c) Right to Erasure – In certain circumstances you have the right to request that Travel Incorporated delete the personal information that Travel Incorporated holds about you.
(d) Right to Complain – You have the right to lodge a complaint regarding the processing of your personal information to an applicable governmental or supervisory authority in your country.
(e) Right to Withdraw Consent – Where processing of personal information is based on your consent, you have the right to withdraw such consent at any time.
(f) Right to Object – Where Travel Incorporated relies on our legitimate interests to process your personal information, you have the right to object to such use and Travel Incorporated is required to discontinue such processing unless Travel Incorporated can demonstrate an overriding legitimate interest in such processing.
(g) Right to Restriction – You have the right to request that Travel Incorporated stop using your personal information in certain circumstances including if you believe that the personal information Travel Incorporated holds about you is inaccurate or that Travel Incorporated’s use of your personal information is unlawful. If you validly exercise this right, Travel Incorporated will store your personal information and will not carry out any other processing until the issue is resolved.
(h) Right to Data Portability – You have the right to receive your personal information, which you have provided to Travel Incorporated, in a structured, commonly used and machine-readable format and have the right, where technically feasible, to transmit that data to another data processor without hindrance.
(i) Automated Decision Making, Including Profiling. – You have the right to not be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you unless such processing is necessary for the performance of contractual obligations between you and Travel Incorporated.
Please submit any User Access Right’s requests, in writing, to Travel Incorporated’s Data Protection Officer (DPO).
13.7. Processors and Controllers
Depending upon the engagement and purposes Travel Incorporated and its Affiliates are either the Controllers, Data Processors or in some cases, Sub-Processors with respect to your Personal Data.
Our Data Protection Officer can be reached at Travel Incorporated, 4355 River Green Parkway, Duluth, Georgia 30096 or at email@example.com.
Travel Incorporated Privacy Shield Statement
TRAVEL INCORPORATED PRIVACY SHIELD STATEMENT
This Privacy Shield Statement was last updated on, and is effective as of, January 1, 2021.
- Privacy Shield/Enforcement
The Privacy Shield Statement is made on behalf of Travel Incorporated for itself and its affiliates and trade name entities, Group Travel Partners, DTI, and Travel Technology Solutions (collectively, “Travel Incorporated“). Travel Incorporated respects individual privacy and values the confidence of its customers, employees, vendors, business partners and others. Travel Incorporated strives to collect, use and disclose Personal Identifiable Information/Sensitive Personal Identifiable Information (“PII/SPII”) in a manner consistent with the laws of the countries in which it does business and has a tradition of upholding the highest ethical standards in its business practices. Travel Incorporated abides by the Privacy Shield Principles developed by the U.S. Department of Commerce and the European Commission and the Frequently Asked Questions (FAQs) issued by the Department of Commerce on August 1, 2016 (collectively the “U.S.-EU Privacy Shield Framework“). Travel Incorporated has certified that it adheres to the Privacy Shield Privacy Principles of notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access, recourse, enforcement and liability. This Privacy Shield Statement (the “Statement“) sets forth the privacy principles that Travel Incorporated follows with respect to transfers of PII/SPII from the European Economic Area (“EEA”) (which includes the twenty-seven member states of the European Union (EU) plus Iceland, Liechtenstein and Norway) to the United States. To learn more about the Privacy Shield program, and to view Travel Incorporated’s certification, please visit https://www.privacyshield.gov/.
Travel Incorporated has a Chief Privacy Officer who is responsible for Travel Incorporated’s compliance with and enforcement of this Statement and data security issues. Travel Incorporated educates its employees concerning compliance with this Statement and has self-assessment procedures in place to assure compliance. Travel Incorporated’s Chief Privacy Officer is available to any of its valued customers, employees, vendors, business partners and others who may have questions concerning this Statement or data security practices. Relevant contact information is provided herein.
This Statement applies to all PII/SPII received by Travel Incorporated in any format including electronic, paper or verbal, from the EEA. As an integral part of its business, Travel Incorporated collects and processes PII/SPII from its customers and potential customers in a variety of ways, including manually, via telephonic means (including facsimiles), electronic mail or its platform and services.
PII/SPII collected by Travel Incorporated from prospective customers and customers may be maintained at its data centers in Suwanee, Georgia and Irving, Texas. Travel Incorporated collects PII/SPII for, among other things, legitimate business reasons such as customer service, travel related reporting and records requirements, maintenance of accurate accounts payable and receivable records, and performance management, financial and sales data, and contact information. All PII/SPII collected by Travel Incorporated will be used for legitimate business purposes consistent with this Statement.
For purposes of this Statement, the following definitions shall apply:
“Agent” means any third party that uses PII/SPII provided by Travel Incorporated to perform tasks on behalf of or at the instruction of Travel Incorporated.
“Personal Identifiable Information” or “PII” means any information or set of information that identifies or could be used by or on behalf of Travel Incorporated to identify an individual. It does not include information that is encoded or anonymized, or publicly available information that has not been combined with non-public personal information.
“Sensitive Personal Identifiable Information or “SPII” means Personal Identifiable Information, which if lost, compromised, or disclosed without authorization, could result in substantial harm, embarrassment, inconvenience, or unfairness to an individual.
IV. Privacy Principles
The privacy principles in this Statement are based on the seven Privacy Shield Principles.
NOTICE: Where Travel Incorporated collects PII/SPII directly from individuals, it will inform them about the purposes for which it collects and uses that information about them, the types of non-agent third parties to which Travel Incorporated discloses that information, and the choices and means, if any, Travel Incorporated offers individuals the ability to limit the use and disclosure of their PII/SPII. Notice will be provided in clear and conspicuous language when individuals are first asked to provide PII/SPII to Travel Incorporated, or as soon as practicable thereafter, and in any event before Travel Incorporated uses the information for a purpose other than that for which it was originally collected. Travel Incorporated may disclose PII/SPII if required to do so by law or to protect and defend the rights or property of Travel Incorporated.
CHOICE: Travel Incorporated will offer individuals the opportunity to choose (opt-out) whether their PII/SPII is (a) to be disclosed to a non-Agent third party, or (b) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual.
For SPII information, Travel Incorporated will give individuals the opportunity to affirmatively and explicitly (opt-in) consent to the disclosure of the information to a non- Agent third party or to the use of the information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual.
Travel Incorporated will provide customers and other covered individuals with reasonable mechanisms to exercise their choices should requisite circumstances arise.
DATA INTEGRITY: Travel Incorporated will use PII/SPII only in ways that are compatible with the purposes for which it was collected or subsequently authorized by our customers. Travel Incorporated will take reasonable steps to ensure that PII/SPII is relevant to its intended use, accurate, complete, and current.
ONWARD TRANSFERS (INCLUDING TRANSFERS TO AGENTS): Travel Incorporated will obtain assurances from third parties (including its Agents) that they will safeguard PII/SPII consistently with this Statement. Examples of appropriate assurances that may be sought from such third parties and Agents include: a contract obligating the third party or Agent to provide at least the same level of protection as is required by the relevant Privacy Shield Principles, being subject to the relevant provisions of the EU General Data Protection Regulation, (EU) 2016/679 (the “GDPR”), Privacy Shield certification by the Agent, standard contractual clauses as specified in the GDPR, or being subject to another European Commission adequacy finding (e.g., companies located in Hungary and Switzerland). Where Travel Incorporated has knowledge that a third party or Agent is using or disclosing PII/SPII in a manner contrary to this Statement, Travel Incorporated will take reasonable steps to prevent or stop such use or disclosure. Travel Incorporated holds it Agents accountable for maintaining the trust its customers place in us. In addition, with respect to onward transfers of PII/SPII to third parties by Travel Incorporated, Travel Incorporated has responsibility for the processing of PII/SPII that it receives under the Privacy Shield and subsequently transfers to a third party acting as an Agent for Travel Incorporated. Because of this, Travel Incorporated shall remain liable under the Principles if its Agent processes such PII/SPII in a manner inconsistent with the Principles, unless Travel Incorporated proves that it is not responsible for the event giving rise to the applicable damages.
ACCESS AND CORRECTION: Upon request, Travel Incorporated will grant customers and other covered individuals reasonable access to PII/SPII that it holds about them. In addition, Travel Incorporated will take reasonable steps to permit customers and other covered individuals to correct, amend, or delete information that is demonstrated to be inaccurate or incomplete. Any customer or other individual covered by this Statement who desires to review, correct or delete their information can do so by contacting Travel Incorporated, Account Management, 4355 River Green Parkway, Duluth, GA 30096.
SECURITY: Travel Incorporated will take reasonable precautions to protect PII/SPII in its possession from loss, misuse and unauthorized access, disclosure, alteration and destruction. Security is designed to prevent unauthorized access to database equipment and hard copies of PII/SPII and to monitor access to its servers to provide protection from hacking or other unauthorized access.
Travel Incorporated limits access to PII/SPII and data to those persons in Travel Incorporated’s organization, or Agents of Travel Incorporated or other third parties, that have a specific business purpose for maintaining and processing such information and data. Individuals who have been granted access to PII/SPII by Travel Incorporated are made aware of their responsibilities to protect the security, confidentiality and integrity of that information.
ENFORCEMENT: Travel Incorporated will conduct reviews of its relevant privacy practices to verify adherence to this Statement and the US Department of Commerce Privacy Shield Principles. Any employee who Travel Incorporated determines is in violation of this policy will be subject to disciplinary action up to and including termination of employment. The U.S. Federal Trade Commission (“FTC”) has jurisdiction over Travel Incorporated’s compliance with the Privacy Shield.
V. Dispute Resolution
Any questions or concerns regarding the use or disclosure of PII/SPII should be directed to the Travel Incorporated Chief Privacy Officer at Travel Incorporated, 4355 River Green Parkway, Duluth, GA 30096. Travel Incorporated will investigate and attempt to resolve complaints and disputes regarding use and disclosure of PII/SPII in accordance with the principles contained in this Statement and shall be governed by, and construed in accordance with laws of the State of Georgia, USA. For complaints that cannot be resolved between Travel Incorporated and the complainant, Travel Incorporated has agreed to participate in the dispute resolution procedures of the panel established by the relevant European data protection authorities to resolve disputes pursuant to the Privacy Shield Principles. In addition, individuals covered by this Privacy Shield Statement may, under certain conditions, invoke binding arbitration to address complaints regarding Privacy Shield compliance that are not otherwise resolved by other mechanisms. More information about such binding arbitration may be found by accessing https://www.privacyshield.gov/article?id=ANNEX-I-introduction on the Department of Commerce’s official Privacy Shield website maintained by the Department of Commerce.
VI. Contact Information
Persons who wish to obtain access to their Personal Identifiable Information or Sensitive Personal Identifiable Information for purposes of access, correction, deletion or dispute should contact the following: Travel Incorporated, 4355 River Green Parkway, Duluth, GA 30096 or email firstname.lastname@example.org.
VII. Changes to this Privacy Shield Statement
The practices described in this Statement are current personal information protection policies as of the date set forth in the heading of this Statement. Travel Incorporated reserves the right to modify or amend this Statement at any time consistent with the requirements of the U.S.-EU Privacy Shield Framework.