TheClub.Travel, LLC (“TCT,” “we,” “us,” “our,” or the “Company”), is a Delaware limited liability company operating a Network marketing company whose primary business activity is selling a travel club product.
1. What Personal Information We Collect
2. How We Collect and Use Your Personal Information
3. Cookies, Web Beacons, and “Do-Not-Track” Signals
4. Who We Share Your Personal Information With and Why
5. Security and Storage of Your Personal Information
6. Your Choices for Limiting Use and Disclosure of Your Personal Information
7. Additional Disclosures for California Residents
8. European Union Privacy Notice
10. Links to Third-Party Sites
12. Contact Us
• Business name & address;
• ARC/IATA Number;
• Number of branch offices;
• Member’s URL;
• If the Member is affiliated with ARC/IATA/BSP/True or CLIA;
• Global Distribution System (“GDS”) data, including Pseudo City Code (PCC) and name of GDS;
• Percentage of corporate, leisure and meeting/events;
• Annual hotel and air volume;
• If the Member is affiliated with another travel consortia group;
• Business title;
• Mobile number;
• Business telephone and fax numbers;
• Company and or personal Email address;
• W-9 for Members that take advantage of selected supplier commission programs;
• ACH form for CIBT to facilitate direct commission payments;
• Bank and payment data (corporate/personal credit cards, credit history and bank information);
• Total number of Travel Advisors including how many work in virtual environments;
• Tax ID;
• Travel arranger and emergency contact names and information;
• Traveler preferences and trip/meeting details (e.g., routings, class of service, seat preferences, frequent flyer data, meal preferences, hotel/rail/car and other ground transportation membership data and preferences, special accommodation requests, other personal data voluntarily supplied by you via your profile, surveys, or other requests);
• Travel documentation (e.g., passport/visa/national id/driver’s license number, TSA number, citizenship, date of birth, gender);
• Login credentials, user IDs, employee IDs, IP addresses, and browsing information.
• Arrival & departure dates;
• Name of the primary traveler;
• Hotel name and address;
• Travel Advisor’s username & source code;
• Employee and independent contractor data (e.g., Social Security and Employer Identification Numbers);
• Work history, including professional and employment-related information;
• Education and skills;
• Commercial information, including records of products or services purchased, obtained, or considered; and
• Social media account names.
2. How We Collect and Use Your Personal Information. We collect your Personal Information from a variety of sources, including:
• You, when you voluntarily and directly supply your Personal Information through our website, or by telephone, fax, email, or other channels of access;
• From third-party sources such as your Travel Advisor (e.g., your company representative when sending your company information on your behalf; from the network of websites and applications accessible through or utilized by our services);
• From third-party service providers and suppliers (e.g., airlines, hotels, rail/auto/other ground transportation suppliers and payment card providers);
• From other third-party partners and agents; and
• Automatically, from cookies and other similar technologies.
We use your Personal Information to:
• Complete transactions requested by you or your company (e.g., booking travel reservations);
• Communicate with you by various means, including email, telephone, or fax;
• Manage your relationship with us (e.g., customer service, managing your account);
• Analyze your use of our website;
• Conduct surveys;
• Provide you with relevant marketing (e.g., information on services or products we think you may be interested in);
• Detect security incidents and to protect against and prosecute for malicious, deceptive, fraudulent, or illegal activity;
• Comply with legal requirements; and
• Serve your and our other legitimate business interests.
You can turn off all cookies in the event you prefer not to receive them. You can also have your computer warn you whenever cookies are being used, giving you a chance to decide whether or not to accept them. Please be aware, however, that when you choose to reject cookies, you may lose access to certain features of our website. Most cookies are “session cookies” which means that they are automatically deleted at the end of each session. Most browsers are initially set to accept cookies.
A web beacon is an invisible pixel-sized graphic image on a web page, web-based document, or e-mail message. It helps us do things like view the URL of the page on which the beacon appears and the time the service, document or email in question is viewed. They can be used to confirm the receipt of, and response to, our emails, including those that you forward to friends and family; and they help deliver a more personalized online experience.
We respect your privacy, but we do not alter the information we collect or change our services upon receiving “Do-Not-Track” (“DNT”) signals, as the term appears in Cal. Bus. & Prof. Code §22575(b)(5). For more information about DNT signals, please visit http://allaboutdnt.com.
4. Who We Share Your Personal Information With and Why. We do not sell your Personal Information. We share your Personal Information with the following third parties for the following reasons, where applicable:
• Advisers and financial institutions (legal, tax, auditors, risk and compliance, notaries, and business continuity support services);
• Travel-related service providers as necessary for travel fulfillment and related services, such as:
Airlines, cruise lines, hotels, ground transportation providers, and other travel suppliers;
IT providers for various types of technical travel-related and non-travel-related assistance;
Global Distribution Systems (“GDSs”) for booking and ticketing purposes;
Industry reporting authorities (e.g., Airlines Reporting Corporation) for clearinghouse functions;
Visa and passport providers;
Credit card companies;
Payment collectors and processors;
• Your company and the third parties to whom it or you request disclosure for various reasons (e.g., travel fulfillment, travel-based reporting, cost accounting, auditing, and tracking);
• Support service providers (e.g., for storage, statistical analytics, marketing support, provision of software, credit history, risk reduction and fraud prevention);
• Where permitted by applicable laws, with third parties should there be any future corporate restructuring, sale, transfer or assignment of assets or business, merger, divestiture, or other changes to the Company’s control or financial status; and
• Government bodies and law enforcement organizations to comply with licensing and other legal obligations.
In the future, if we need to share your Personal Information for any other purpose, you will be informed in advance and have the opportunity to opt-out.
In some instances, service providers will be controllers in their own right, and will be directly responsible to you for their use of your Personal Information. They may be obliged under information protection legislation to provide you with additional information regarding the Personal Information that they hold about you and how and why they process that information. Further information may be provided to you in a separate notice or may be obtained from such service providers directly, for example, via their websites.
Our services may, from time to time, contain links to and from third-party websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for their policies. Please check the individual policies before you submit any information to those websites.
5. Security and Storage of Your Personal Information. The security of your Personal Information is important to us but no method of transmission over the Internet, or method of electronic storage, is 100% secure. Your Personal Information is only accessible, on a need-to-know basis, by a limited number of employees who have special permissions. While we use commercially acceptable technical and organizational measures to protect your Personal Information from loss, misuse, alteration, or unintentional destruction, we cannot guarantee its absolute security.
Personal Information relating to travel is generally stored in a profile in a GDS. We will only retain your Personal Information for as long as necessary to fulfill the purposes we collected it for, including for the purposes of our legitimate business interests and satisfying any legal or reporting requirements. In addition, we may retain Personal Information from closed accounts to comply with applicable law, prevent fraud, collect any fees owed, resolve disputes, troubleshoot problems, assist with any investigation, enforce our Terms and Conditions and take other actions permitted or required by applicable law. After it is no longer necessary for us to retain your Personal Information, we dispose of it in a secure manner.
To determine the appropriate retention period for Personal Information, we consider the amount, nature, and sensitivity of the Personal Information, the potential risk of harm from unauthorized use or disclosure of your Personal Information, the purposes for which we process your Personal Information, and applicable legal requirements.
6. Your Choices for Limiting Use and Disclosure of Your Personal Information. Under applicable data privacy protection laws, including the CCPA, and our policies, you have several basic rights regarding the Personal Information that we process about you. Here are your specific rights:
• Right to Access. The right to access the Personal Information we process about you.
• Right to Transfer. The right to receive the Personal Information we process about you in a commonly used format and to have it transferred to another data controller based on your consent.
• Right to Correct. The right to correct your Personal Information without undue delay where that Personal Information is inaccurate or incomplete.
• Right to Deletion. The right to have your Personal Information deleted without undue delay in certain circumstances.
• Right to Restriction. The right to restrict our processing of some or all of your Personal Information in certain circumstances.
• Right to Opt-Out. You have the right to opt-out of our processing or sale of your Personal Information.
• Right to Close Your Account. The right to request that we close your account.
• Right to Non-Discriminatory Treatment. You have the right not to be discriminated against for exercising any of the rights listed above.
If you wish to exercise any of these rights, please contact us at email@example.com. We will honor the requests you make related to your rights as the law allows, which means, in some cases, there may be legal or other legitimate reasons that we may not be able to address the specific request you make. You do not have to pay any fees to exercise your rights. We will respond to your request within 45 days. We will verify your request using the information associated with your account or other information that is held by us, including your email address.
Please note, before we will be able to process your request for access to or deletion of your Personal Information, we will need to properly verify your identity for security purposes. Where you have an account with us, you can exercise your rights while logged-in to your account. Otherwise, if you do not have an account, but we possess appropriate Personal Information about you on file (e.g., name, phone number, email/physical address), we will attempt to verify your identity using that Personal Information. If it is not reasonably possible to identify you adequately, we may not be able to respond to your request.
You may also designate an authorized agent to exercise these rights on your behalf by following the procedure outlined below for California residents to designate an authorized agent to act on their behalf.
Under the CCPA, if you are a California resident, you may designate an authorized agent to make a request related to your Personal Information on your behalf. In order to allow an authorized agent to make a request on your behalf, please email us at firstname.lastname@example.org to provide your written request and consent to an authorized agent. When your authorized agent makes a request related to your Personal Information, we will require the agent to provide the above written permission. We may also require that you verify your own identity directly with us at the time such a request is made.
If you no longer want to receive our emails or other announcements, you may unsubscribe by writing to us at email@example.com or following the instructions provided or the “unsubscribe” link at the bottom of our emails. Please note that you cannot unsubscribe from certain correspondence from us, including transactional messages relating directly to your account.
The CCPA requires us to disclose the Personal Information we may have collected about California residents in the past 12 months and from where we collected it. That information is in Sections 1 and 2, above.
We collect the Personal Information of California residents as further described in Section 2, to operate, manage, and maintain our business, to provide our products and services, and to accomplish our business purposes and objectives.
We may share such Personal Information with the third parties listed in Section 4, above. The CCPA also requires that we provide California residents with additional information about the categories of disclosures to such third parties within the past 12 months, particularly, where the disclosure involves monetary or other consideration. California treats these disclosures as “sales” of information, even where no money is exchanged. We do not “sell” data as the word “sell” is generally defined and commonly understood.
We may, however, have disclosed, in the past 12 months, the following categories of Personal Information to the following third parties for our operational “business purposes” as defined by California law:
• Personal Identifiers:
Advisers and financial institutions
• Internet or other electronic network activity information:
• Professional or employment-related information:
• Geolocation information:
• Education and skills:
• Characteristics of protected classifications, including age, nationality, gender, disability, marital status, ethnicity/race:
• Visual, audio, electronic and other similar information:
• Commercial information:
• Inferences drawn from any information to create a profile:
We do not sell, or have actual knowledge of any sale of, the Personal Information of minors under 16 years of age.
As noted above, we do not sell your Personal Information.
Under the GDPR, Personal Data is information that relates to an identified or identifiable individual. What identifies an individual could be as simple as a name or a number or could include other identifiers such as an IP address or a cookie identifier, or other factors.
Although we are based in the United States and do not have a physical business location within the EU or the EEA, if you are a natural person who is present within the EU or the EEA and we collect your Personal Data when you use our website, we are the controller of your Personal Data for purposes of the GDPR.
The GDPR states that data controllers can only process Personal Data when there is a legal ground for it. The acceptable legal grounds are:
• Consent, (e.g., before application of cookies, before sending marketing materials by electronic means, or before selling a data subjects Personal Data to a third party); or when processing is necessary for:
• The performance of a contract which the data subject is part of;
• Compliance with legal obligations to which the data controller is subject;
• To protect the vital interest of the data subject or of another natural person;
• Performance carried out in the public interest or within the official authority vested in the data controller; or
• For the legitimate interest of the data controller when this does not override the fundamental rights of the data subject.
There is no comparable requirement for legal bases under the CCPA.
• The right to be informed: As with the CCPA, under the GDPR, you have a right to notice, upon collection, of the Personal Data collected and the purpose(s) for which it will be used. If your consent is the legal basis for collecting it, your consent must be explicitly given by an affirmative act. If you have affirmatively given your consent to the collection of your Personal Data, you have the right to revoke that consent at any time (See the right to object to processing, below).
• The right to access: You have the right to receive responses to your data access requests without undue delay and in any event within one (1) month of our receipt of your request;
• The right to rectification: You have the right to request that we correct any information you believe is inaccurate. You also have the right to request that we complete any information you believe is incomplete.
• The right to erasure (aka the right to be forgotten): You have the right to request that we erase your Personal Data, under certain conditions.
• The right to restrict processing: You have the right to request that we restrict the processing of your Personal Data, under certain conditions.
• The right to object to processing: You have the right to object to our processing of your Personal Data, under certain conditions. If your consent is our legal basis for collecting your Personal Data, you have the right to revoke that consent at any time.
• The right to data portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
• The right to know about automated decision making and profiling: If we use automation to profile or make decisions about you from your Personal Data, you have the right to be informed of the details beforehand.
• The right to complain: You also have the right to lodge a complaint to your local data protection authority. Information about how to contact your local data protection authority is available at ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
One main difference between the CCPA vs. GDPR is that the GDPR requires your affirmative prior consent to the collection and use of your Personal Data whereas the CCPA does not. In fact, according to the CCPA, a business does not need prior consent from a user before processing their data, nor does a website need prior consent from a user before selling their data to third parties. Both the GDPR and the CCPA provide for you to opt-out or withdraw from collection and use.
Where the GDPR requires all websites, companies and businesses to have a legal basis for processing the Personal Data of subjects in the EU or EEA, the CCPA does not have any such requirement. The CCPA only applies to for-profit business controllers and processors of Personal Information of California residents.
For an extensive comparison between the rights of the CCPA vs GDPR, have a look at page 26 in FPF’s privacy law comparison.
9. Children. We are committed to protecting the online privacy of children. We do not knowingly collect Personal Information from children under 16. We take children’s privacy seriously and encourage parents to play an active role in their children’s online experience at all times. If you have questions or concerns about the Internet and privacy for your child, we encourage you to check out http://www.consumer.ftc.gov/articles/0031-protecting-your-childs-privacy-online.
10. Links to Third-Party Sites. In an attempt to provide increased value to our visitors, we may choose various third-party websites (e.g., our business partners, social media networks) to link to within the website. We have no control over these linked sites, each of which has its own separate privacy and data collection practices that are independent from us. As such, we have no responsibility or liability for these independent policies or actions and are not responsible for the privacy practices or the content of any such websites. These linked sites are only for your convenience, and you therefore access them at your own risk and should review each of their privacy policies before using them.
8745 Gary Burns Drive