Effective Date: 08/25/2020
Last Updated: 08/25/2020
This policy details your right to choose some of the ways we collect, use, and disclose your data. Through your use of our Website, you may be asked to indicate your choice to opt out of receiving “cookies” or unsubscribe to our mailing list.
This policy applies to any information collected on this Website and information you provide to us offline, including, but not limited to, information you provide via phone and email.
The Children’s Online Privacy Protection Act (COPPA), enforced by the Federal Trade Commission, sets forth requirements of websites and online services to protect children’s safety and privacy. If you are under the age of 13, do not send us any personal information. We encourage parents to continually monitor their children’s internet usage. If we learn that we have unknowingly collected or received personal information from a minor under the age of 13, we will delete this information, and/or attempt to obtain parental consent. If you have any reason to believe we may have unknowingly collected data from a minor under the age of 13, please let us know by contacting us at firstname.lastname@example.org.
When you visit our Website, join our email list, contact us through our Website, interact with us on social media, and make purchases on our Website, we collect different types of information from you.
This may include the collection of personal data by which you may be identified personally like your name, email address, telephone number, postal address, demographic information (age, gender, education level etc.), and any other identifying information.
Data collected may also include financial data that is transmitted when you order, purchase, exchange, or return a product or service from our Website or any mobile apps. This data may include credit card or bank details related to your payment method, which is transferred to our third-party payment processors, PayPal, Stripe, etc. You should review the privacy policies of these third-party payment processors.
We may also collect derivative data when you visit and use our Website including your IP address, the date and time of your visit, your country of origin, and the type of browser you used. Furthermore, if you access our Website via a mobile device or app, we may collect information from your device such as location information, model and manufacturer, and device ID.
Through social networking websites and apps, like Facebook, Twitter, Instagram, and other social networking sites, we may access publicly available information such as your name, account username, profile photo, email address, age, location, gender, and any other publicly displayed information. You may limit this access by changing your privacy settings on each social networking site.
If you provide us with additional information to participate in a survey or giveaway, that information will also be subject to the terms of this policy.
Through your consent, we collect information that you provide to us manually. For example, if you join our email list through opting in for a free resource or otherwise subscribing, based on your consent to receive direct marketing materials, all emails you receive from us will state the sender of the email clearly and give you instructions on how to unsubscribe from our email list or contact us with any questions or concerns to ensure compliance with the CAN-SPAM Act. Our legal basis for collecting this information is your consent.
We may also collect or send standard “cookies” to identify your browser or device information from time to time and collect information through Automatic Data Collection Technology. We may use session cookies that expire when you close your browser and persistent cookies that remain on your computer until you delete them. You can accept or decline cookies in your web browser settings. No personal identifiable information will be included in cookies and, other than the methods described above, we will not use any other mechanisms to capture data on our website. Our legal basis for collecting this information is our legitimate interests in monitoring and improving our website, business operations, marketing efforts, and proper protection of our business against risks.
To obtain statistical data and provide you with relevant information, we may also collect data on the way you use our website including your browsing activity, browsing patterns, IP address, device information, internet connection, and other actions via Google Analytics and Facebook Pixels. We may also receive personal data from other third-parties like Google, PayPal, and other third-party payment processing companies. We use these technologies in compliance with all policies of the third-party providers. Our legal basis for collecting this information is our legitimate interests in monitoring and improving our website, business operations, marketing efforts, and proper protection of our business against risks.
The personal data we collect is used to create and administer your account, generate a personalized profile for you, compile statistics on site use, analyze trends, correspond with you, interact on social media with you, deliver targeted advertising, process payment, refunds, deliver any goods or services you purchased, communicate new products and services we think you might be interested in, updated you on products and services, request feedback from you, resolve and troubleshoot disputes and problems, prevent fraudulent use of our website, and assist law enforcement when necessary. Our legal basis for collecting this information is our legitimate interests in monitoring and improving our website, business operations, marketing efforts, and proper protection of our business against risks.
We use reasonable measures to ensure that your information remains confidential. Personal information is stored through a data management system. For as long as you choose to remain on our email list, we will retain a minimum amount of personal information including your name, email address, and your behavior on our Website. Any additional personal information will be retained as long as necessary to fulfill legal obligations, resolve disputes, or as reasonably determined.
We use commercially reasonable methods to safeguard the personal data you provide to us and the personal data we collect automatically. We use reasonable online security measures and reputable third-party vendors that are compliant with generally accepted security and safety measures including a Secure Sockets Layer (SSL) on our website to help secure information. Please note that we cannot guarantee that all information transferred will be secure and, if we become aware of a data breach, we will notify the necessary parties in a timely manner of all the information we have.
By using our website, you agree that, should your information be intercepted in this way without our knowledge, consent, or permission, you will hold harmless [business name], including a release of any and all claims related to use of such information by such an unauthorized party.
Due to the nature of our business and information collection activities, we have determined that we do not process sensitive data on a large scale, nor do our core activities involve processing operations that require regular or systematic monitoring of data subjects. For these reasons, we have concluded it is not necessary to appoint a Data Protection Officer.
For very limited purposes, like legal assistance, accounting, or technical support, we may we share your confidential information with necessary third parties and any parties who access your information will keep your information confidential. To the best of our ability, we will not share your personal data with any unnecessary parties. If, in good faith, we determine that disclosure of your information is necessary to protect the rights of our business or comply with the law, prevent or mitigate a crime, or protect the rights or safety of our other website users, we may do so. We may also disclose necessary information in the event of a sale of [business name].
We are not responsible for the policies or information handling of third-party websites or third-party apps.
Pursuant to this policy and applicable laws, you have certain rights when it comes to controlling and protecting your private data:
You have a right to request that your information be deleted and no longer retained. Upon your request, we will remove your information from our database.
You have a right to “unsubscribe” by hitting the “unsubscribe” button at the bottom of any email we send you at any time.
You may also contact us to request access to information that bookitbox TRAVEL retains about you be updated, edited, or deleted from our database at any time.
You have the right to contact us about information on how your data is collected, stored, or used, and request a copy of the data we have.
You may also contact us to restrict how we process your data in certain circumstances.
You have the right to be forgotten, which means you can withdraw your consent to give us your personal information by clicking the “unsubscribe” button at the end of any email you receive from us.
In compliance with CANSPAM, we agree to allow users to unsubscribe using a link provided at the bottom of every email, honor opt-out requests, monitor compliance of third-party email services, not use false or misleading email addresses or email subjects, identify advertisements in a reasonable manner, and provide the physical address of our business.
If you are a California resident, once a year and free of charge, you have the right to obtain from us: information about what data we disclose to third-party marketers, and the names and addresses of each third-party we disclose your personal data to.
If you are a California resident under the age of 18, you have the right to request that we remove any data that you publicly post on our Website. Note that we may not be able to completely remove that data from our systems.
You may use the contact information listed above to make such requests.
To comply with the European Union’s General Data Protection Regulation (“GDPR”), we confirm that we have lawful grounds for processing the information we collect from you and a legitimate interest to respond to user inquiries. At any time, you may request that your information be deleted or edited. No sensitive personal data is collected. To the best of our ability, we have researched and concluded that all third-party data processors we use have advised us they are compliant with the General Data Protection Regulations as well.
Our Website is hosted by servers located in the United States. Appropriate safeguards, namely the EU-US Privacy Shield, protect the transfer of data internationally from individuals residing in the European Union to our servers in the United States. If you reside in the EU, we collect and transfer your personal data to the U.S. only with your consent, to perform a contract with you, or to fulfill a compelling legitimate interest of [your business name]. Whenever appropriate and feasible, we enter into model clauses and data processing agreements with vendors to protect your privacy.
Art. 6(1) lit. (a) of the GDPR serves as the legal basis for processing data for which we have obtained your consent to process.
Art. 6(1) lit. (b) of the GDPR serves as the legal basis for processing your personal data when it is necessary to fulfill a contract or a contract-like relationship with you.
Art. 6(1) lit. (c) of the GDPR serves as the legal basis for processing your personal data to fulfill a legal obligation.
Art. 6(1) lit. (f) of the GDPR serves as the legal basis for processing your personal data when it is necessary to safeguard our or a third-party’s legitimate business interests, or your fundamental rights, freedoms, or interests that do not require the protection of your personal data.
The servers and parties that make this Website available are located within the United States. Any matters relating to the Website will be governed by the laws of the United States and the State of [insert], as well as the General Data Protection Regulation (GDPR), as it applies to residents of the European Union.