Privacy Policy

Travel Incorporated Privacy Policy and Terms of Use

These Terms of Use were last updated on, and are effective as of, January 1, 2020.

TRAVEL INCORPORATED PRIVACY POLICY AND TERMS OF USE This Privacy Policy was last updated on, and is effective as of, January 1, 2020. UNLESS YOU ARE A RESIDENT OF THE EUROPEAN UNION OR OTHER DATA SUBJECT UNDER THE GDPR (AS DEFINED BELOW), WHEN YOU ACCESS THE PLATFORM OR USE OUR SERVICES YOU AGREE TO THIS PRIVACY POLICY. IF YOU DO NOT AGREE TO THIS PRIVACY POLICY, OR TO ANY CHANGES WE MAY SUBSEQUENTLY MAKE, YOU SHOULD STOP ACCESSING THIS PLATFORM OR USING THE SERVICE.

1. Overview

1.1 Purpose. Travel Incorporated, together with its affiliates and trade name entities, Group Travel Partners, DTI, and Travel Technology Solutions (collectively), (“Travel Incorporated,” “Company,” “we,” “us,” or “our”), operates this web site or application, as applicable (collectively, the “Platform”), and the services and other offerings available through the Platform (collectively, the “Services”). For purposes of this Privacy Policy, “you” or “your” means our customers and other persons who are authorized to use and access the Platform or Services or who otherwise provide personal information to us. Your privacy is important to us, which is why we have developed this Privacy Policy to explain our practices regarding the use and disclosure of personally identifiable information and other information that we obtain online from users of the Platform and Services.

1.2 Changes to Privacy Policy. We reserve the right to modify this Privacy Policy at any time, and any modifications made will be effective immediately upon posting, so you should check this page for any changes. We will post at the top of this Privacy Policy the date that modifications were last made, which will alert you to any changes since your last visit to the Platform. Your continued use of the Platform is your agreement to the revised Privacy Policy.

2. The personal information we collect We collect and process the following personal information about you:

2.1 Information that you give us.

2.1.1 This includes information you give us so we can provide you with access to the Platform or Services. The information collected is not limited to and includes your name, address, e-mail address, and phone number.

2.1.2 When using the Platform or Service, you provide us with personal information about you and your employees so we can provide the Services.

2.2 Information that we collect automatically. We automatically collect the following information from your use of the Platform:

2.2.1 technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information (if applicable), browser type and version, browser plug-in types and versions, operating system and platform; and

2.2.2 information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from the Platform (including date and time); products you viewed or searched for; page response times, length of visits to certain pages, and methods used to browse away from the page and any phone number used to call our customer service number.

2.3 Information that we receive from third parties. We work closely with certain third parties to help us provide our Services to you and to otherwise conduct our business (including, for example, business partners, resellers, sub-contractors in technical and payment services, advertising networks, analytics providers and search information providers) and receive information from them.

3. Why we collect personal information and what we do with it

3.1 When you provide your personal information to us, or we received your personal information through a contractual relationship with your employer, we will make reasonable efforts to ensure that the purpose for which you are providing that personal information is clear and honored.

3.2 Depending on who you are and your relationship with us, we will process your personal information as follows:

3.2.1 to carry out our obligations to you from your use of our Platform, the Services or under another agreement with you;

3.2.2 to administer your account with us;

3.2.3 to provide you with information about our products, the Platform, the Services and any other services we provide;

3.2.4 to administer the Platform and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;

3.2.5 to allow you to participate in interactive features of the Platform or Service, when you choose to do so;

3.2.6 internally, to inform decisions about our business operations and strategy; and

3.2.7 to contact you from time to time to market any other services we provide and we think to be of interest to you.

4. Who we share your personal information with

4.1 In the course of normal business, we disclose your personal information to the following entities:

4.1.1 to business partners, suppliers and sub-contractors for the performance of any contract we or you enter into with them or to fulfill our Services to you;

4.1.2 to our customers in order to allow them to use our Service;

4.1.3 in the event that we sell or transfer any part of our business or assets (whether by merger, asset sale or otherwise), in which case we reserve the right to disclose and transfer your personal information to the prospective buyer of such business or assets;

4.1.4 in the event we are under a duty to disclose or share your personal information in order to comply with any legal or regulatory obligation or request; and

4.1.5 to third parties to enforce agreements between us or to investigate suspected breaches of those agreements or to protect the rights, property or safety of our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.

5. Security Measures for the Platform

5.3 We implement a variety of technical, administrative and organizational security measures for the Platform and Services that we believe are commercially reasonable to help us maintain the safety of your personal information when you place an order or enter, submit or access your personal information. These security measures include using one or more servers for the Platform and Services that are secured by commercially reasonable measures.

5.4 You are responsible for keeping confidential your access credentials for the Platform or Service, including password(s) and you should not share your password(s) with anyone.

5.5 Notwithstanding the above, you should be aware that the transmission of information via the Internet is not completely secure. Although we will use commercially reasonable measures to protect your personal information, we cannot guarantee the security of your information transmitted using the Services or the Platform, and as a result, any transmission of personal information is at your own risk.

6. Cookies

6.1 The Platform uses cookies to distinguish you from other users of the Platform. This helps us provide you with a good experience when you browse the Platform and enables you to use the Service. The use of cookies also allows us to improve the Platform and the Service.

6.2 A cookie is a small file that a site or its service provider transfers to the hard drive of your computer or other device through your Web browser and enables the site or service provider systems to recognize your browser and capture information for use during your visit to our Platform and for future visits to our Platform.

6.3 We use the following cookies:

6.3.1 Strictly necessary cookies. These are cookies that are required for the operation of the Platform. They include, for example, cookies that enable you to log into secure areas of the Platform, use a shopping cart or session tracking.

6.3.2 Analytical/performance cookies. They allow us to recognize and count the number of visitors and to see how visitors move around the Platform when they are using it. This helps us to improve the way the Platform works, for example, by ensuring that users are finding what they are looking for easily.

6.3.3 Functionality cookies. These are used to recognize you when you return to the Platform. This enables us to personalize our content for you, greet you by name and remember your preferences.

6.3.4 Targeting cookies. These cookies record your visit to the Platform, the pages you have visited and the links you have followed. We also share this information with third parties that assist us with our Platform and fulfilling our Services for you.

6.4 You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you will not be able to access all or parts of the Platform and use the Services. In addition, if you delete any Platform cookies on a given visit, you would need to block them again in subsequent visits to our Platform.

7. Children’s Privacy and Age Limitations for the Platform

7.1 The Platform is intended for use by persons aged 18 or older. We do not knowingly collect personally identifiable information from persons under the age of 18. If we discover or are made aware that we have received personally identifiable information from an individual who indicates that he or she is, or whom we otherwise have reason to believe is, under the age of 18, we will delete such information from our systems. If you are a parent or guardian of a child under the age of 18 and believe he or she has disclosed personally identifiable information to us, please contact us as provided below. In any such event, a parent or guardian of a child under the age of 18 may review and request deletion of such child’s personally identifiable information as well as prohibit the use thereof.

8. Additional Notices to California Residents

8.1 California Do-Not-Track Disclosure. At this time, the Platform is not set up to honor web browser do-not-track settings.

8.2 Information on Marketing Disclosures. California Civil Code Section 1798.83 permits our users who are California residents to request and obtain from us once a year, free of charge, information about the personal information (if any) we disclosed to third parties for direct marketing purposes in the preceding calendar year. If applicable, this information would include a list of the categories of personal information that was shared and the names and addresses of all third parties with which we shared information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us at Travel Incorporated, 4355 River Green Parkway, Duluth, Georgia 30096 or at security@travelinc.com.

8.3 Content Removal Requests for Users Under 18 Years Old. If you are a user under 18 years of age and reside in California, you may request and obtain removal of, content or information that you have posted on the Platform. You may send us any such requests by one of the following methods: (i) by email (writing “Privacy Policy – Removal Request” in the subject line) at security@travelinc.com; or (ii) by writing to us at Travel Incorporated, 4355 River Green Parkway, Duluth, Georgia 30096. We will review the request and respond promptly. You should be aware that a request to remove content or information posted by you on the Platform does not ensure or require complete or comprehensive removal of such content or information from our databases.

9. Links to Other Websites

9.1 The Platform contains links to other websites, applications, products and services provided or maintained by us, our affiliates and/or by third parties that may not follow the same privacy policies as applicable to the Platform. These other websites, applications, products and services may use cookies, collect data and use the data in ways that are different from the way in which we use the information collected through the Platform. When linking to another website, you should read that website’s privacy policy. Our Privacy Policy only governs information collected on or through the Platform.

10. Assignment

10.1 We reserve the right to assign our rights and duties under this Privacy Policy, including, without limitation, our rights in information collected through the Platform, to any third party at any time without notice to you in connection with any sale, merger, acquisition, divestiture or liquidation of all or part of our business or assets related to the Platform, all or substantially all of our business or assets, or as part of any reorganization or restructuring of our business.

11. General Information to Contact Us

11.1 Questions, comments and requests regarding our Privacy Policy are welcomed and should be addressed to us at Travel Incorporated, 4355 River Green Parkway, Duluth, Georgia 30096 or at security@travelinc.com.

12. Additional Privacy Notices for California Residents The following additional privacy notices for California residents (the “California Notice”) supplement the information contained in the other portions of the Company’s Privacy Policy and apply solely to individuals who reside in the State of California (“California consumer” or “you”). The Company adopts this California Notice to comply with the California Consumer Privacy Act and its related regulations (the “CCPA”) and other applicable California laws.

12.1 Overview of Consumer Rights Under the CCPA Under the CCPA, California consumers have certain rights regarding their personal information, including:

* The right to know the categories of personal information that the Company has collected and the categories of sources from which we obtained such information.

* The right to know the Company’s business purposes for sharing personal information.

* The right to know the categories of third parties with whom the Company shared personal information.

* The right to access the specific pieces of personal information that the Company has collected and the right to delete your personal information.

* The right to not be discriminated against if a California consumer exercise their rights under the CCPA. The provisions below of this California Notice provide further details about these rights and how you may exercise them.

12.2 Information We Collect We collect information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California consumer, household or device (collectively, “personal information”). Personal information does not include:

* Publicly available information from government records.

* De-identified or aggregated California consumer information.

* Information excluded from the CCPA’s scope, including:

• Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data; and

• Personal information covered by certain other laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.

We have collected the following categories of personal information from California consumers within the last twelve (12) months:

Category Examples
A. Identifiers An individual’s name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number or other similar identifiers
B.   Personal information categories described in Cal. Civ. Code § 1798.80(e) A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information
C.   Protected classification characteristics under California or federal law Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information)
D.   Commercial information Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies
E.     Biometric information Genetic, physiological, behavioral and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, face prints and voice prints, iris or retina scans, keystroke, gait or other physical patterns, and sleep, health or exercise data
F.     Internet or other similar network activity Browsing history, search history, information on a California consumer’s interaction with a website, application, or advertisement
G.     Geolocation data Physical location or movements
H.   Sensory data Audio, electronic, visual, thermal, olfactory or similar sensory-related information
I.     Professional or employment-related information Current or past job history or performance evaluations
J.     Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g; 34 C.F.R. Part 99)) Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information or student disciplinary records
K.     Inferences drawn from other personal information Examples include a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities and aptitudes

12.3. Sources of Personal Information In addition to sources of personal information addressed elsewhere in this Privacy Policy, we obtain the categories of personal information listed above from the following categories of sources:

12.3.1. Directly From You. For example, from forms you complete or products and services you purchase or from communications with you such as when you contact the Company (whether in person, by mail, by phone, online, via electronic communication or by other means) including our customer support service.

12.3.2. Indirectly From You. For example, from observing your actions on our Platform or from products or services that you have purchased from the Company, if you have enabled such functionality, such as telemetry services.

12.3.3. From Others.

* From third party service providers. For example, if you choose to make an electronic payment directly to the Company, or through a linked website or app, or through an affiliate of ours, the Company may receive personal information about you from third parties such as payment services providers, for the purposes of that payment.

* From affiliates. We may collect personal information about you from our affiliates or others acting on their behalf.

12.3.4. From Public Sources. For example, we may collect information from public records.

12.4 Uses of Personal Information In addition to uses of personal information addressed elsewhere in this Privacy Policy, we may use or disclose the personal information we collect for one or more of the following business purposes:

12.4.1. To fulfill the reason that you provided the information. For example, if you share your name and contact information to request a price quote, request to be contacted by an affiliate, or ask a question about our products or services, we will use that personal information to respond to your inquiry. If you provide your personal information to purchase a product or service, we may use that information to process your payment and facilitate delivery. We may also save your information to facilitate new product or service orders or to process returns.

12.4.2. To perform services such as customer service, order fulfillment, payment processing, financing and advertising, marketing or analytic services.

12.4.3. To advance our commercial or economic interests, such as by helping you to buy, rent, lease, join, subscribe to, provide, or exchange products, information, or services, or enabling or effecting, directly or indirectly, a commercial transaction.

12.4.4. To verify or maintain quality or safety standards or improve or upgrade a product or service provided or controlled by or for us.

12.4.5. To provide, support, personalize and develop our Platform, products and services such as to perform warranty related services or other post-sale activities such as product or service monitoring or repairs.

12.4.6. To create, maintain, customize and secure your account with us.

12.4.7. To process your requests, purchases, transactions and payments and prevent transactional fraud.

12.4.8. To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses.

12.4.9. To personalize your Platform experience and to deliver content and product and service offerings relevant to your interests, including targeted offers and ads through our Platform, third-party sites and via mail, email or text message (with your consent, where required by law).

12.4.10. To help maintain the safety, security and integrity of our Platform, products and services, databases and other assets and business.

12.4.11. For testing, research and analysis purposes, including to develop and improve our Platform, products and services.

12.4.12. To respond to law enforcement requests and as required by applicable law, court order or governmental regulations.

12.4.13. As described to you when collecting your personal information or as otherwise set forth in the CCPA or applicable law.

12.4.14. To send you information relevant to your past purchases and interests, subject to compliance with applicable laws regarding direct marketing.

12.4.15. To otherwise use as reasonably necessary and proportionate to achieve our operational or notified purpose for collecting personal information and as compatible with the context in which we collected the information.

12.4.16. To perform services on behalf of a CCPA-covered business or its service provider, such as customer service, order fulfillment, payment processing, financing and advertising, marketing, or analytic services.

12.4.17. To review and audit our business interactions with you.

12.4.18. To detect or prevent security incidents or other illegal activity.

12.4.19. To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of a bankruptcy, liquidation, or similar proceeding, in which personal information held by us about our Platform users, including California consumers, is among the assets transferred. We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated or incompatible purposes without providing you notice.

12.5 Sharing Personal Information We may disclose your personal information to a third party for a business purpose. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract.

12.5.1. Disclosures of Personal Information for a Business Purpose In the preceding twelve (12) months, the Company has disclosed the following categories of personal information for a business purpose:

Category A: Identifiers

Category B: Personal information categories described in Cal. Civ. Code § 1798.80(e)

Category C: Protected classification characteristics under California or federal law

Category D: Commercial information

Category E: Biometric information

Category F: Internet or other similar network activity

Category G: Geolocation data

Category H: Sensory data

Category I: Professional or employment-related information

Category J: Non-public education information

Category K: Inferences drawn from other personal information

The categories of third parties to which we may disclose personal information collected by us include the following:

* Service providers

* Affiliates

12.5.2. Sales of Personal Information The Company does not sell personal information to third parties.

12.6. Exercising Your CCPA Rights and Choices The sections below describe how you may exercise your rights under the CCPA.

12.6.1.  Access to Specific Information and Data Portability Rights

You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past twelve (12) months. Once we receive and confirm your verifiable consumer request (see “Exercising Access, Data Portability and Deletion Rights” below), we will disclose to you: 

  • The categories of personal information we collected about you.
  • The categories of sources for the personal information we collected about you.
  • Our business or commercial purpose for collecting that personal information.
  • The categories of third parties with whom we share that personal information.
  • The specific pieces of personal information we collected about you (also called a data portability request).
  • If we disclosed your personal information for a business purpose, a list disclosing:
    • the personal information categories that each category of recipient obtained.

As allowed by the CCPA, we do not provide these access and data portability rights (i) for business-to-business personal information or (ii) as to personal information collected from the Company’s California-based employees, job applicants or contractors when provided or collected in such employee, job applicant or contractor capacities.

12.6.2.  Deletion Request Rights

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (see “Exercising Access, Data Portability and Deletion Rights” below), we will delete (and direct our service providers to delete) your personal information from our (and service provider) records, unless an exception applies.

We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:

  • Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with you.
  • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
  • Debug products or services to identify and repair errors that impair existing intended functionality.
  • Exercise free speech, ensure the right of another California consumer to exercise their free speech rights, or exercise another right provided for by law.
  • Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
  • Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
  • Enable solely internal uses that are reasonably aligned with California consumer expectations based on your relationship with us, such as future field campaigns or product safety issues.
  • Comply with a legal obligation.
  • Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

As allowed by the CCPA, we do not provide these deletion rights (i) for business-to-business personal information or (ii) as to personal information collected from the Company’s California-based employees, job applicants or contractors when provided or collected in such employee, job applicant or contractor capacities.

12.6.3. Exercising Access, Data Portability and Deletion Rights

To exercise the access, data portability and deletion rights described above, you should submit a verifiable consumer request to us by one of the following methods:

  • Calling us at toll free at:  (855) 874-6603
  • Emailing us at: security@travelinc.com
  • Visiting the following page on our Platform: www.travelinc.com
  • By postal mail at: Travel Incorporated, 4355 River Green Parkway, Duluth, Georgia 30096
  • Accessing an online account that you maintain with us

Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of a minor child for whom you are a parent or legal guardian.

You may only make a verifiable consumer request for access or data portability twice within a twelve (12) month period. The verifiable consumer request must:

  • Provide sufficient information that allows us to reasonably verify that you are the person about whom we collected personal information or an authorized representative, which may include:
    • Your name
    • Your address
    • Additional information depending upon the type of request and the sensitivity of the information involved with such request
  •  Describe your request with sufficient detail to enable us to properly understand, evaluate and respond to such request.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or your authority to make the request and confirm that the personal information involved with the request relates to you.

Making a verifiable consumer request does not require you to create an account with us. However, we will consider requests made through a password-protected online account that you maintain with us to be sufficiently verified when the request relates to personal information associated with that online account, provided such online account functionality is then made available by us on the Platform.

We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

12.6.4.  Response Timing and Format

We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time, we will inform you of the reason and extension period in writing.

If you have an online account with us, we may deliver our written response to that online account, provided that such online account functionality is then made available by us on the Platform. If you do not have an online account with us, or such functionality is not available for your online account we will deliver our written response by mail or electronically, at your option.

 

Any disclosures we provide will only cover the twelve (12) month period immediately preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily usable and should allow you to transmit the information from one entity to another entity without hindrance.

 

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request. 

12.6.5.  Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA or other applicable law, we will not as a result of you exercising any of your rights under the CCPA: 

  • Deny you goods or services;
  • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties;
  • Provide you a different level or quality of goods or services; or
  • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

 

However, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your personal information’s value and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt in consent, which you may revoke at any time.

 

12.7. Other California Privacy-Related Disclosures

Sharing Personal Information for Direct Marketing Purposes

Before sharing personal information of California consumers with third parties for direct marketing purposes we will obtain opt-in consent from the applicable California consumers or provide such California consumers with a cost-free method to opt out.

California Do-Not-Track Disclosure

At this time, the Platform is not set up to honor web browser do-not-track settings.  Do-not-track is a privacy preference that users can set in their web browsers. When a user activates the do-not-track settings in browsers that offer this setting, the browser sends a message to websites or applications requesting them not to track the user. For more information about do-not-track matters, please visit www.allaboutdnt.org.

 

Information on Marketing Disclosures

California Civil Code Section 1798.83 permits our users who are California residents to request and obtain from us once a year, free of charge, information about the personal information (if any) we disclosed to third parties for direct marketing purposes in the preceding calendar year. If applicable, this information would include a list of the categories of personal information that was shared and the names and addresses of all third parties with which we shared information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us at Travel Incorporated, 4355 River Green Parkway, Duluth, Georgia 30096.

 

Content Removal Requests for Platform Users Under 18 Years Old

If you are a Platform user under 18 years of age and reside in California, you may request and obtain removal of, content or information that you have posted on the Platform.    You may send us any such requests by one of the following methods: (i) by email (writing “Privacy Policy – Removal Request” in the subject line) at security@travelinc.com; or (ii) by writing to us at Travel Incorporated, 4355 River Green Parkway, Duluth, Georgia 30096.  We will review the request and respond promptly.  You should be aware that a request to remove content or information posted by you on the Platform does not ensure or require complete or comprehensive removal of such content or information from our databases.

 

Complaints

If you have any complaint about use of the Platform, you may contact us by email at security@travelinc.com, or by postal mail at Travel Incorporated, 4355 River Green Parkway, Duluth, Georgia 30096. In accordance with California Civil Code Section 1789.3, California residents may also file complaints with the Complaint Assistance Unit, Division of Consumer Services, California Department of Consumer Affairs by postal mail at 1625 North Market Road, Suite N112, Sacramento, CA 95834 or by telephone at 800-952-5210.

 

12.8.  Changes to Our California Notice

 

We reserve the right to amend this California Notice at our discretion and at any time. When we make changes to this California Notice, we will post the updated California Notice on the Platform and update the California Notice’s effective date. Your continued use of our Platform following the posting of changes constitutes your acceptance of such changes.

  

13.    Additional Notices to European Union Citizens

Persons who are residents of the member countries of the European Union (“EU”) or other data subjects covered by the EU’s General Data Protection Regulation, (EU) 2016/679 (the “GDPR”), have certain additional privacy rights under applicable law. The following provisions of this Section 13 provide an overview of these additional rights.

 

13.1 Legal Bases for Processing Personal Information of European Union Citizens

When processing your personal information, Travel Incorporated relies on one or more of the following legal bases (or other available legal grounds), depending on the circumstances:

 

(a) Legitimate Interests – Travel Incorporated processes your personal information where Travel Incorporated has a (legal reason to process) in such processing for managing, operating or promoting our business, and that legitimate interest is not overridden by your interests, fundamental rights or freedoms.

 

(b) Consent – Travel Incorporated processes your personal information where Travel Incorporated has obtained your consent to the processing.

 

(c)Contractual Necessity – Travel Incorporated processes your personal information where such processing is necessary in connection with any contract that Travel Incorporated has with you.

 

(d)Legal Requirements – Travel Incorporated  processes your personal information where such processing is required by applicable law.

13.2 Disclosures to Third Parties

Your personal information will not be disclosed to third parties except for where it is necessary for fulfillment of Travel Incorporated’s obligations to you or where Travel Incorporated is obliged or permitted to do so by law (including, without limitation, through the terms of any agreement Travel Incorporated may have with you), or where Travel Incorporated makes disclosures that are otherwise consistent with the uses described in this Privacy Policy.

 

Travel Incorporated will also disclose any information (including personal information) relating to you to law enforcement authorities or any regulatory or government authority in response to any request including requests in connection with the investigation of any suspected illegal activities.

 

Travel Incorporated reserves the right to transfer any personal information Travel Incorporated has about you in the event Travel Incorporated sells or transfers all or a portion of our business or assets, or merges with another organization. Should such a sale, transfer or merger occur, Travel Incorporated will use reasonable efforts seeking to require that the transferee uses personal information you have provided to Travel Incorporated in a manner that is consistent with this Privacy Policy and the GDPR.

 

Travel Incorporated will not sell, resell or lease your personal information to any third parties but Travel Incorporated may, if required for the purpose(s) for which your personal information was collected and processed, share it with Travel Incorporated partners and/or service providers to enable them to provide their services to Travel Incorporated or to you, as applicable. The foregoing is in addition to the other uses described elsewhere in this Privacy Policy.

 

 

13.3 Security of Personal Information of European Citizens

Travel Incorporated has policies and technical and organizational measures in place which are intended to safeguard and protect your personal information against unauthorized access, accidental loss, improper use and disclosure. However, you should be aware that information transmitted over the internet is not inherently secure because of the nature of the internet and that systems and measures used to secure information are not flawless. For these reasons, although Travel Incorporated will use reasonable efforts to protect your personal information, Travel Incorporated does not warrant the security of personal information transmitted to Travel Incorporated or stored by Travel Incorporated, and personal information that is transmitted to Travel Incorporated by you electronically is done at your own risk.

 

13.4  Retention of Personal Information of European Citizens

Travel Incorporated’s policy is to retain your personal information only for as long as is necessary to fulfill the legal reason to process the personal information. In addition to the above, Travel Incorporated will obtain your personal information for the purposes of satisfying any professional, legal, accounting or reporting requirements to which Travel Incorporated is subject. To determine the appropriate retention period for personal information, Travel Incorporated considers the scope, nature and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of the personal information, the purposes for which Travel Incorporated collected and processed your personal information and whether Travel Incorporated can achieve those purposes through other means, and any applicable legal and professional requirements.

 

13.5  Location of Data Processing

 

All personal information that we process is processed in the United States.

 

13.6   Your Rights as a European Citizen

You have several rights concerning your personal information that Travel Incorporated holds and uses, including the following:

(a) Right of Access – You have the right to be informed about what personal information Travel Incorporated holds about you and to a copy of this personal information.

(b) Right to Rectification – You have the right to have any inaccurate or incomplete personal information which Travel Incorporated holds about you updated or corrected.

(c) Right to Erasure – In certain circumstances you have the right to request that Travel Incorporated delete the personal information that Travel Incorporated holds about you.

(d) Right to Complain – You have the right to lodge a complaint regarding the processing of your personal information to an applicable governmental or supervisory authority in your country. 

(e) Right to Withdraw Consent – Where processing of personal information is based on your consent, you have the right to withdraw such consent at any time.

(f) Right to Object – Where Travel Incorporated relies on our legitimate interests to process your personal information, you have the right to object to such use and Travel Incorporated is required to discontinue such processing unless Travel Incorporated can demonstrate an overriding legitimate interest in such processing.

(g) Right to Restriction – You have the right to request that Travel Incorporated stop using your personal information in certain circumstances including if you believe that the personal information Travel Incorporated holds about you is inaccurate or that Travel Incorporated’s use of your personal information is unlawful. If you validly exercise this right, Travel Incorporated will store your personal information and will not carry out any other processing until the issue is resolved.

 (h) Right to Data Portability – You have the right to receive your personal information, which you have provided to Travel Incorporated, in a structured, commonly used and machine-readable format and have the right, where technically feasible, to transmit that data to another data processor without hindrance. 

(i) Automated Decision Making, Including Profiling. – You have the right to not be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you unless such processing is necessary for the performance of contractual obligations between you and Travel Incorporated.

Please submit any User Access Right’s requests, in writing, to Travel Incorporated’s Data Protection Officer (DPO).

13.7. Processors and Controllers

Depending upon the engagement and purposes Travel Incorporated and its Affiliates are either the Controllers, Data Processors or in some cases, Sub-Processors with respect to your Personal Data. 

 

Our Data Protection Officer can be reached at Travel Incorporated, 4355 River Green Parkway, Duluth, Georgia 30096 or at security@travelinc.com.

 

Travel Incorporated Privacy Shield Statement

This Privacy Shield Statement was last updated on, and is effective as of, January 1, 2020.

TRAVEL INCORPORATED PRIVACY SHIELD STATEMENT

This Privacy Shield Statement was last updated on, and is effective as of, January 1, 2020.

I. Privacy Shield/Enforcement

The Privacy Shield Statement is made on behalf of Travel Incorporated for itself and its affiliates and trade name entities, Premier Golf, LLC, Vacations by Travel Inc., Group Travel Partners, DTI, and Travel Technology Solutions (collectively, “Travel Incorporated“). Travel Incorporated respects individual privacy and values the confidence of its customers, employees, vendors, business partners and others. Travel Incorporated strives to collect, use and disclose Personal Identifiable Information/Sensitive Personal Identifiable Information (“PII/SPII”) in a manner consistent with the laws of the countries in which it does business and has a tradition of upholding the highest ethical standards in its business practices. Travel Incorporated abides by the Privacy Shield Principles developed by the U.S. Department of Commerce and the European Commission and the Frequently Asked Questions (FAQs) issued by the Department of Commerce on August 1, 2016 (collectively the “U.S.-EU Privacy Shield Framework“). Travel Incorporated has certified that it adheres to the Privacy Shield Privacy Principles of notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access, recourse, enforcement and liability. This Privacy Shield Statement (the “Statement“) sets forth the privacy principles that Travel Incorporated follows with respect to transfers of PII/SPII from the European Economic Area (“EEA”) (which includes the twenty-seven member states of the European Union (EU) plus Iceland, Liechtenstein and Norway) to the United States. To learn more about the Privacy Shield program, and to view Travel Incorporated’s certification, please visit https://www.privacyshield.gov/.

Travel Incorporated has a Chief Privacy Officer who is responsible for Travel Incorporated’s compliance with and enforcement of this Statement and data security issues. Travel Incorporated educates its employees concerning compliance with this Statement and has self-assessment procedures in place to assure compliance. Travel Incorporated’s Chief Privacy Officer is available to any of its valued customers, employees, vendors, business partners and others who may have questions concerning this Statement or data security practices. Relevant contact information is provided herein.

II.         Scope

 

This Statement applies to all PII/SPII received by Travel Incorporated in any format including electronic, paper or verbal, from the EEA. As an integral part of its business, Travel Incorporated collects and processes PII/SPII from its customers and potential customers in a variety of ways, including manually, via telephonic means (including facsimiles), electronic mail or its platform and services.

Travel Incorporated will not sell or share this information with third parties in ways different than what are disclosed in this Statement or in its related Privacy Policy.

PII/SPII collected by Travel Incorporated from prospective customers and customers may be maintained at its data centers in Suwanee, Georgia and Irving, Texas. Travel Incorporated collects PII/SPII for, among other things, legitimate business reasons such as customer service, travel related reporting and records requirements, maintenance of accurate accounts payable and receivable records, and performance management, financial and sales data, and contact information. All PII/SPII collected by Travel Incorporated will be used for legitimate business purposes consistent with this Statement.

III.        Definitions

 

For purposes of this Statement, the following definitions shall apply:

Agent” means any third party that uses PII/SPII provided by Travel Incorporated to perform tasks on behalf of or at the instruction of Travel Incorporated.

Personal Identifiable Information” or “PII” means any information or set of information that identifies or could be used by or on behalf of Travel Incorporated to identify an individual. It does not include information that is encoded or anonymized, or publicly available information that has not been combined with non-public personal information.

Sensitive Personal Identifiable Information or “SPII” means Personal Identifiable Information, which if lost, compromised, or disclosed without authorization, could result in substantial harm, embarrassment, inconvenience, or unfairness to an individual.

IV.        Privacy Principles

 

The privacy principles in this Statement are based on the seven Privacy Shield Principles.

NOTICE: Where Travel Incorporated collects PII/SPII directly from individuals, it will inform them about the purposes for which it collects and uses that information about them, the types of non-agent third parties to which Travel Incorporated discloses that information, and the choices and means, if any, Travel Incorporated offers individuals the ability to limit the use and disclosure of their PII/SPII. Notice will be provided in clear and conspicuous language when individuals are first asked to provide PII/SPII to Travel Incorporated, or as soon as practicable thereafter, and in any event before Travel Incorporated uses the information for a purpose other than that for which it was originally collected. Travel Incorporated may disclose PII/SPII if required to do so by law or to protect and defend the rights or property of Travel Incorporated.

CHOICE: Travel Incorporated will offer individuals the opportunity to choose (opt-out) whether their PII/SPII is (a) to be disclosed to a non-Agent third party, or (b) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual.

For SPII information, Travel Incorporated will give individuals the opportunity to affirmatively and explicitly (opt-in) consent to the disclosure of the information to a non- Agent third party or to the use of the information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual.

Travel Incorporated will provide customers and other covered individuals with reasonable mechanisms to exercise their choices should requisite circumstances arise.

DATA INTEGRITY: Travel Incorporated will use PII/SPII only in ways that are compatible with the purposes for which it was collected or subsequently authorized by our customers. Travel Incorporated will take reasonable steps to ensure that PII/SPII is relevant to its intended use, accurate, complete, and current.

ONWARD TRANSFERS (INCLUDING TRANSFERS TO AGENTS): Travel Incorporated will obtain assurances from third parties (including its Agents) that they will safeguard PII/SPII consistently with this Statement. Examples of appropriate assurances that may be sought from such third parties and Agents include: a contract obligating the third party or Agent to provide at least the same level of protection as is required by the relevant Privacy Shield Principles, being subject to the relevant provisions of the EU General Data Protection Regulation, (EU) 2016/679 (the “GDPR”), Privacy Shield certification by the Agent, standard contractual clauses as specified in the GDPR, or being subject to another European Commission adequacy finding (e.g., companies located in Hungary and Switzerland). Where Travel Incorporated has knowledge that a third party or Agent is using or disclosing PII/SPII in a manner contrary to this Statement, Travel Incorporated will take reasonable steps to prevent or stop such use or disclosure. Travel Incorporated holds it Agents accountable for maintaining the trust its customers place in us. In addition, with respect to onward transfers of PII/SPII to third parties by Travel Incorporated, Travel Incorporated has responsibility for the processing of PII/SPII that it receives under the Privacy Shield and subsequently transfers to a third party acting as an Agent for Travel Incorporated. Because of this, Travel Incorporated shall remain liable under the Principles if its Agent processes such PII/SPII in a manner inconsistent with the Principles, unless Travel Incorporated proves that it is not responsible for the event giving rise to the applicable damages.

ACCESS AND CORRECTION: Upon request, Travel Incorporated will grant customers and other covered individuals reasonable access to PII/SPII that it holds about them. In addition, Travel Incorporated will take reasonable steps to permit customers and other covered individuals to correct, amend, or delete information that is demonstrated to be inaccurate or incomplete. Any customer or other individual covered by this Statement who desires to review, correct or delete their information can do so by contacting Travel Incorporated, Account Management, 4355 River Green Parkway, Duluth, GA 30096.

SECURITY: Travel Incorporated will take reasonable precautions to protect PII/SPII in its possession from loss, misuse and unauthorized access, disclosure, alteration and destruction. Security is designed to prevent unauthorized access to database equipment and hard copies of PII/SPII and to monitor access to its servers to provide protection from hacking or other unauthorized access.

Travel Incorporated limits access to PII/SPII and data to those persons in Travel Incorporated’s organization, or Agents of Travel Incorporated or other third parties, that have a specific business purpose for maintaining and processing such information and data. Individuals who have been granted access to PII/SPII by Travel Incorporated are made aware of their responsibilities to protect the security, confidentiality and integrity of that information.

ENFORCEMENT: Travel Incorporated will conduct reviews of its relevant privacy practices to verify adherence to this Statement and the US Department of Commerce Privacy Shield Principles. Any employee who Travel Incorporated determines is in violation of this policy will be subject to disciplinary action up to and including termination of employment. The U.S. Federal Trade Commission (“FTC”) has jurisdiction over Travel Incorporated’s compliance with the Privacy Shield.

V.         Dispute Resolution

 

Any questions or concerns regarding the use or disclosure of PII/SPII should be directed to the Travel Incorporated Chief Privacy Officer at Travel Incorporated, 4355 River Green Parkway, Duluth, GA 30096. Travel Incorporated will investigate and attempt to resolve complaints and disputes regarding use and disclosure of PII/SPII in accordance with the principles contained in this Statement and shall be governed by, and construed in accordance with laws of the State of Georgia, USA. For complaints that cannot be resolved between Travel Incorporated and the complainant, Travel Incorporated has agreed to participate in the dispute resolution procedures of the panel established by the relevant European data protection authorities to resolve disputes pursuant to the Privacy Shield Principles. In addition, individuals covered by this Privacy Shield Statement may, under certain conditions, invoke binding arbitration to address complaints regarding Privacy Shield compliance that are not otherwise resolved by other mechanisms. More information about such binding arbitration may be found by accessing https://www.privacyshield.gov/article?id=ANNEX-I-introduction on the Department of Commerce’s official Privacy Shield website maintained by the Department of Commerce.

VI.        Contact Information

 

Persons who wish to obtain access to their Personal Identifiable Information or Sensitive Personal Identifiable Information for purposes of access, correction, deletion or dispute should contact the following: Travel Incorporated, 4355 River Green Parkway, Duluth, GA 30096 or email security@travelinc.com.

VII.      Changes to this Privacy Shield Statement

The practices described in this Statement are current personal information protection policies as of the date set forth in the heading of this Statement. Travel Incorporated reserves the right to modify or amend this Statement at any time consistent with the requirements of the U.S.-EU Privacy Shield Framework.