Last Updated May 14, 2018
1. The Information that We Collect:
There are three basic categories of information we collect: (1) User-provided information, (2) automatically collected information, and (3) information collected from third parties.
a. User-provided Information:
User-provided information is information that you share with us when you use the Services. Without this information, we may not be able to provide you with all the requested Services. This information may include:
- Account Information. When you use the TripActions Services or create an account in the Services (“Account”), you may provide and we may collect what is generally called “personally identifiable” information, such as your name, e-mail address, mailing address, mobile phone number, demographic information, date of birth, and gender. For example, you may provide us with personally identifiable information when you register for an Account, use the Services, update Customer Data, or send us customer service related requests. We may also request information on your travel preferences.
- Payment Information. We collect your financial information (such as your bank account or credit card information) if you make a payment using the Services in order to process payments in accordance with applicable law.
- Travel Companion Information. When you make a reservation for someone else through the Services, we will request personal information and travel preferences about that individual. You should obtain the consent of other individuals prior to providing us with their personal information and travel preferences, as any access to view or change their information will be available only through your Account. You may also choose to enter the contact information of another individual manually to access certain features of the Services, such as inviting them to use TripActions.
- Communications with TripActions. When you communicate with TripActions we collect information about your communication and any information you choose to provide.
- Other Information. You may choose to provide us with additional personal information in order to obtain a better user experience when using TripActions. This additional information will be processed based on your consent. This information may include information you choose to provide us when you fill in a form, conduct a search, update or add information to your Account, respond to surveys, post, participate in promotions, or use other features of the TripActions Services.
b. “Automatically Collected” Information:
When you use the Services or open one of our HTML e-mails, we may automatically and record information, including personal information, about how you use our Services. This information is necessary for the adequate performance of the contract between you and us, to enable us to comply with legal obligations and given our legitimate interest in being able to provide and improve the functionalities of the TripActions Services. This information may include:
- Log Data and Device Information. We automatically collect log data and device information when you access and use the Services. That information includes, among other things: details about how you’ve used the Services (including if you clicked on links to third party applications), Internet Protocol (IP) address, access dates and times, hardware and software information, device information, device event information, unique identifiers, crash data, web browser, the pages you use on the Services, search terms, links clicked on the Services, the page from which you accessed the Services, and cookie data (collectively “Log Data”). This information is gathered for all users. We also may collect information about your online activity, such as trips viewed and bookings made. Our goals in collecting this automatic information include helping customize and enhance your user experience and inhibiting fraud. We analyze (and may engage third parties to analyze) Log Data to improve, customize and enhance our Services by expanding their features and functionality and tailoring them to our User’s needs and preferences. We may use a person’s IP address to generate aggregate, non-identifying information about how our Services are used.
- Geo-location Information. When you use certain features of the Services, we may collect information about your precise or approximate location as determined through data such as your IP address or mobile device’s GPS to offer you an improved user experience, such as to identify nearby hotels or airports. Most mobile devices allow you to control or disable the use of location services for applications in the device’s settings menu. TripActions may also collect this information even when you are not using the App if this connection is enabled through your settings or device permissions.
- Usage Information. We collect information about your interactions with the Services such as the pages or content you view, your searches for travel, bookings you have made, and other actions on the Services.
- Third Party Web Beacons. “Web Beacons” (also known as Web bugs, pixel tags or clear GIFs) are tiny graphics with a unique identifier that may be included on a service for several purposes, including to deliver or communicate with Cookies, or to track and measure the performance of the service. Unlike Cookies, which are stored on the user’s hard drive, Web Beacons are typically embedded invisibly on web pages (or in an e-mail). We may implement third party content that allows the third party content provider to use Web Beacons in order to read and write Cookies to your browser in connection with your viewing of the third party content on the Services or may otherwise allow such third party to collect information about you. This information is collected directly by the third party, and TripActions does not participate in that data transmission. Information collected by a third party in this manner is subject to that third party’s own data collection, use, storage and disclosure policies. We may also allow our business partners to use these tracking technologies on the Services, or engage others to track your behavior on our behalf.
- Payment Transaction Information. If you make a payment via the Services, we collect information related to your payment transactions through the Services, including the payment instrument used, date and time, payment amount, payment instrument expiration date and billing postcode, IBAN information, your address and other related transaction details. This information is necessary for the adequate performance of the contract between you and TripActions and to allow the provision of the Services.
- Error Reporting. The Services will also send us error-reporting information in the event that it crashes or hangs. This enables us to investigate the error and to improve the stability of the Services for future releases. As part of these error reports, the Services sends us information about the mobile device type and version, the devices unique ID, the time the error occurred, the feature being used and the state of the application when the error occurred. We do not use this information for any purpose other than investigating and remedying the error.
c. Information Collected from Third Parties:
- Social Media Account. In addition, if you sign up for TripActions using your social media account, link your Account to your social media account, or use certain other social media features via the Services, we may access information about you via that social media provider in accordance with the provider’s policies. The information may include your name, email address, profile picture, gender, list of friends, and other information that you authorize us to receive. Depending on the privacy settings of you and your friends, we may access information that you provide to a social media provider regarding your respective locations (“Location Data“) to provide you with relevant content. Please note that your Location Data may also be shared with your friends on a social media provider in accordance with your privacy settings for that social media provider. The information provided by the applicable social media account varies and is controlled by that service or as authorized by you via your privacy settings at that service.
- Feedback. To the extend you choose to provide any personally identifiable information with the feedback, suggestions, recommendations and/or comments with respect to our Services (“Feedback”), we will collect such information.
- Other Sources. To the extent permitted by applicable law, we may receive additional information about you, such as demographic data or fraud detection information, from third party service providers and/or partners, and combine it with information we have about you. For example, we may receive background check results or fraud warnings from service providers like identity verification services for our fraud prevention and risk assessment efforts. We may receive information about you and your activities on and off the Services through partnerships, or about your experiences and interactions from our partner ad networks.
2. How We Use the Information We Collect:
Your information is an integral part of our operations, and we used it in a variety of ways in providing and improving the Services, administering your use of the Services (including, if applicable, your Account), operating our business, and complying with our legal obligations. For example:
a. Providing, Improving, and Developing the Services. We use the information that you provide or that we collect, to operate, maintain, enhance and provide all of the features of the Services; to provide you with travel confirmation and updates, to manage your Account, including processing bills and providing travel notifications; to communicate with you in response to customer service requests; to send you service or support messages, updates, security alerts, and account notifications, to respond to your questions and comments;; to otherwise customize your experience with the Services (such as making booking suggestions or ranking search results and including by profiling based on your interactions with the Services); to reward you as part of a Rewards Program; or troubleshoot problems, and to process the information as otherwise described to you and authorized by you at the point of collection. We may use “automatically collected” information to: (a) personalize our services, such as remembering your information so that you will not have to re-enter it during your visit or the next time you visit the Services; (b) provide customized third party advertisements, content, and information; (c) monitor and analyze the effectiveness of Services and third party marketing activities; and (d) monitor aggregate site usage metrics such as total number of visitors and pages viewed.
b. Improving and Developing the Services. We use the information that you provide or that we collect to improve and optimize the Services and user experience, such as by performing analytics and conducting research, including to create new features and functionality, For customized and efficient use of the Services, we may keep track of the websites and pages you visit within the Services, what features and algorithms you use and how frequently. We use this information to maintain and improve the content, design, usability and quality of the Services; to improve your user experience; to generate and provide statistics regarding use of the Services to deliver customized content and advertising to users whose behavior indicated that they are interested in a particular subject area, and to develop new product and service offerings.
c. Contacting Users. We may use your e-mail address or other personal information (a) to contact you for administrative purposes such as customer service, to address intellectual property infringement, right of privacy violations or defamation issues related to Customer Data posted on the Services, (b) to send you promotional messages related to the Services and the activities of third parties we work with, or (c) to contact you via surveys to conduct research about your opinion of current Services features or of potential new services. Generally, you have the ability to opt-out of receiving any such communications, either through links provided in the messages or by updating your Account preferences through the Services. For more information, see “Opt-Out” below.
d. Processing Payment. We use sensitive billing information (such as cardholder name, credit card number, and expiration date) for the purpose of completing the travel bookings you conduct through the Services and to process your payment for use of the Services.
e. Maintaining the Security of the Services and Complying with Applicable Law. We may use the information to prevent potentially prohibited or illegal activities, to detect and prevent fraud, spam, abuse, security incidents, and other harmful activity, to conduct security investigations and risk assessments, comply with our legal obligations, resolve any disputes with any of our users and enforce our agreements with third parties, and to enforce our Agreement and other policies. In connection with the activities above, we may conduct profiling based on your interactions with the Services, your profile information and other content you submit to the Services, and information obtained from third parties. In limited cases, automated processes may restrict or suspend access to the Services if such processes detect a user or activity that we think poses a safety or other risk to the Services, other users, or third parties. We may review, scan, or analyze your communications on the Services for fraud prevention, risk assessment, regulatory compliance, investigation, product development, research, and customer support purposes. For example, as part of our fraud prevention efforts, we scan and analyze messages to mask contact information and references to other websites. In some cases, we may also scan, review, or analyze messages to debug, improve, and expand product offerings. We use automated methods where reasonably possible. However, occasionally we may need to manually review some communications, such as for fraud investigations and customer support, or to assess and improve the functionality of these automated tools. We will not review, scan, or analyze your communications to send third party marketing messages to you, and we will not sell reviews or analyses of these communications.
f. Advertising and Marketing. We may use your information with your consent to send you promotional messages, marketing, advertising, and other information that may be of interest to you based on your preferences (including information about TripActions or partner campaigns and services). We may also use your information to personalize, measure, and improve our advertising, to administer referral programs, rewards, surveys, sweepstakes, contests, or other promotional activities or events sponsored or managed by TripActions or its third party partners, and to conduct profiling on your characteristics and preferences (based on the information you provide to us, your interactions with the Services, information obtained from third parties, and your search and booking history) to send you promotional messages, marketing, advertising and other information that we think may be of interest to you. You can opt-out of receiving marketing communications from us by following the unsubscribe instructions included in our marketing communications or changing your notification settings within your Account.
We process this information given our legitimate interest in (i) improving the Services and our users’ experience with it, (ii) protecting the Services, (iii) measuring the adequate performance of our contract with you and where it is necessary to process such data for adequate performance of the contract with you, (iv) undertaking marketing activities to offer you products or services that may be of interest to you, subject to your request to opt out of such marketing activities, and (iv) complying with applicable laws. Please review “Your Rights and Choices” below.
3. When We Disclose Information:
We disclose your personally identifiable information in a variety of circumstances in connection with providing the Services and the operation of our business. For example:
a. With Your Consent. Where you have provided consent, we share your information, including personal information, as described at the time of consent, such as when you authorize a third party application or website to access your Account or when you participate in promotional activities conducted by TripActions partners or third parties.
b. Public Information. Any information, including personally identifiable information, that you voluntarily choose to include in a publicly accessible area of the Services will be available to anyone who has access to that content, including other users. Information you share publicly on the Services may be indexed through third party search engines. In some cases, you may opt-out of this feature in your Account settings. If you change your settings or your public-facing content, these search engines may not update their databases. We do not control the practices of third party search engines, and they may use caches containing your outdated information.
c. Employers. If a booking is designated as being for business purposes and made by a user affiliated with a company or other organization enrolled in the Services or TripActions’ Reward Program (either or both an “Employer”), we may disclose information related to the booking to the Employer, such as the name of the user, pricing, booking details, and other related information, to the extent necessary for the adequate performance of the Services. In the event of a dispute, emergency, or similar situation involving a booking identified as being for business purposes, TripActions may also share additional relevant information it believes is necessary to safely and quickly address the situation. The Employer may also access information about you to the extent you are an employee of such Employer, including information related to your travel bookings, travel status, and other analytical tools in order to manage their corporate travel.
e. Business Partners. We may disclose information to business partners with whom we may jointly offer products or services, or whose products or services may be offered on our website. You can tell when a third party is involved in a product or service you have requested because their name will appear, either alone or with ours. If you choose to access these optional services, we may share information about you, including your personal information, with those partners. Please note that we do not control the privacy practices of these third-party business partners.
f. Compliance with Law, Responding to Legal Requests, Preventing Harm and Protection of Our Rights. We reserve the right to disclose your information that we believe, in good faith, is appropriate or necessary to take precautions against liability; to protect TripActions, Inc. and others from fraudulent, abusive, or unlawful uses or activity; to investigate and defend ourselves against any third party claims or allegations; to assist government enforcement agencies; to protect the security or integrity of the Services; to enforce or administer the Agreement or other agreements with users, to protect the rights, property, or personal safety of TripActions, Inc. our users, or others; or otherwise as required by law, court order, judicial or government subpoena or warrant, or to cooperate with law enforcement activity. In such cases we reserve the right to raise or waive any legal objection or right available to us. Where appropriate, we may notify users about legal requests unless: (i) providing notice is prohibited by the legal process itself, by court order we receive, or by applicable law, or (ii) we believe that providing notice would be futile, ineffective, create a risk of injury or bodily harm to an individual or group, or create or increase a risk of fraud upon TripAction’s property, its users and the Services. In instances where we comply with legal requests without notice for these reasons, we will attempt to notify that user about the request after the fact where appropriate and where we determine in good faith that we are no longer prevented from doing so.
i. Aggregated Data. We may also share aggregate information (information about our users that we combine together so that it no longer identifies or references an individual user) and other anonymized information with third parties, including advertisers and investors, for regulatory compliance, industry and marketing analysis, demographic profiling, marketing and advertising, and other business purposes. This information does not contain any personal information and is used to develop content and services we hope you will find of interest.
j. Reward Program. If you are a member of a TripActions Rewards Program, information related to your bookings will be shared with your Employer. This information may include the name of the person booking travel; destination; travel dates; relevant suppliers, including hotels and airlines; and itinerary number. It will not include credit card numbers, passport numbers, or frequent flier numbers. The foregoing information may also be shared with your Employer’s designated administrators via the Employer account, which is used by the Employer to analyze their corporate travel.
k. Social Media Platforms. Where permissible according to applicable law we may use certain limited personal information about you, such as your email address, to hash it and to share it with social media platforms, such as Facebook or Google, to generate leads, drive traffic to our websites or otherwise promote our products and services or the Services. These processing activities are based on our legitimate interest in undertaking marketing activities to offer you products or services that may be if your interest. The social media platforms with which we may share your personal data are not controlled or supervised by TripActions. Therefore, any questions regarding how your social media platform service provider processes your personal data should be directed to such provider. Please note that you may, at any time ask TripActions to cease processing your data for these direct marketing purposes by sending an e-mail to [email protected]
Other than as set out above, you will be notified when personal information about you will be shared with third parties, and you will have an opportunity to choose not to have us share such information.
4. Your Rights and Choices:
You may, of course, decline to share certain personally identifiable information with us, in which case we may not be able to provide to you some of the features and functionality of the Services. You may exercise any of the rights described in this section before by sending an email to [email protected] Please note that we may ask you to verify your identity before taking further action on your request.
a. Modifying your Information. You may access, update, correct, or delete your profile information and preferences at any time by accessing your Account preferences page through the Services. Please note that while your changes are reflected promptly in active user databases, we may retain all information you submit for a variety of purposes, including backups and archiving, prevention of fraud and abuse, and analytics. If you want us to delete your personally identifiable information and your Account, please contact us at [email protected] with your request. We will take steps to delete your information as soon as we can, but some information may remain in archived/backup copies for our records or as otherwise required by law. You are responsible for keeping your personal information up-to-date. If you have chosen to connect your Account to a third-party application, like Facebook or Google, you can change your settings and remove permission for the app by changing your Account settings. You further have the right to ask us to correct inaccurate or incomplete personal information concerning you (and which you cannot update yourself within your Account).
b. Data Access and Portability. In some jurisdictions, applicable law may entitle you to request copies of your personal information held by us. You may also be entitled to request copies of personal information that you have provided to us in a structured, commonly used, and machine-readable format and/or request us to transmit this information to another service provider (where technically feasible).
c. Data Retention and Erasure. We generally retain your personal information for as long as is necessary for the performance of the contract between you and us and to comply with our legal obligations. If you no longer want us to use your information to provide the Services to you, you can request that we erase your personal information and close your Account. Please note that if you request the erasure of your personal information:
- We may retain some of your personal information as necessary for our legitimate business interests, such as fraud detection and prevention and enhancing safety. For example, if we suspend an Account for fraud or safety reasons, we may retain certain information from that Account to prevent that Member from opening a new Account in the future.
- We may retain and use your personal information to the extent necessary to comply with our legal obligations. For example, TripActions may keep some of your information for tax, legal reporting and auditing obligations.
- Information you have shared with others (e.g., Reviews, forum postings) may continue to be publicly visible on the Services, even after your Account is cancelled. However, attribution of such information to you will be removed. Additionally, some copies of your information (e.g., log records) may remain in our database, but are disassociated from personal identifiers.
- Because we maintain the Services to protect from accidental or malicious loss and destruction, residual copies of your personal information may not be removed from our backup systems for a limited period of time.
d. Withdrawing Consent and Restriction of Processing. Where you have provided your consent to the processing of your personal information by TripActions you may withdraw your consent at any time by changing your Account settings or by sending a communication to TripActions specifying which consent you are withdrawing. Please note that the withdrawal of your consent does not affect the lawfulness of any processing activities based on such consent before its withdrawal. Additionally, in some jurisdictions, applicable law may give you the right to limit the ways in which we use your personal information, in particular where (i) you contest the accuracy of your personal information; (ii) the processing is unlawful and you oppose the erasure of your personal information; (iii) we no longer need your personal information for the purposes of the processing, but you require the information for the establishment, exercise or defense of legal claims; or (iv) you have objected to the processing pursuant to Section 4(e) and pending the verification whether the legitimate grounds of TripActions override your own.
e. Objection to Processing. In some jurisdictions, applicable law may entitle you to require TripActions not to process your personal information for certain specific purposes (including profiling) where such processing is based on legitimate interest. If you object to such processing TripActions will no longer process your personal information for these purposes unless we can demonstrate compelling legitimate grounds for such processing or such processing is required for the establishment, exercise or defense of legal claims.
f. Opt-Out of Commercial Emails. You will be given the opportunity to unsubscribe from commercial emails in any such message that we send you. If you are a registered member, you can also modify your choice at any time in your Account. Please note that we reserve the right to send you other communications, including service announcements, administrative messages, and surveys relating either to your Account or to your transactions on this App, without offering you the opportunity to opt out of receiving them. Where your personal information is processed for direct marketing purposes, you may, at any time ask TripActions to cease processing your data for these direct marketing purposes by sending an e-mail to [email protected]
g. Travel Alerts. You may have the opportunity through the Services to provide a mobile number in order to receive day-of-travel flight alerts (“Travel Alerts”). You may discontinue the Travel Alerts at any time by replying “STOP”.
h. Lodging Complaints. You have the right to lodge complaints about the data processing activities carried out by TripActions before the competent data protection authorities.
5. Third Party Services:
The Services may contain features or links to websites and services provided by third parties. Any personally identifiable information you provide on third party sites or services is provided directly to that third party and is subject to that third party’s policies, if any, governing privacy and security, even if accessed through the Services. TripActions does not own or control these third parties or websites, and is not responsible for the content or privacy and security practices and policies of third party sites or services to which links or access are provided through the Services. To protect your information, we recommend that you carefully examine the privacy statements posted on such third-party websites to understand their procedures for collecting, using, and disclosing personal information.
6. Our Commitment to Children’s Privacy:
Protecting the privacy of young children is especially important. For that reason, we do not allow children under 13 years-of-age (or such age required by applicable law) (“Child” or “Children”) to use the Services or knowingly collect or maintain personally identifiable information from Children, and no part of the Services is directed to Children. If you are a Child, then please do not use or access Services at any time or in any manner. If we learn that personally identifiable information has been collected on the Service from Children and without verifiable parental consent, then we will take the appropriate steps to delete this information. If you are a parent or guardian and discover that your Child has obtained an Account on the Services, then you may alert us at [email protected] and request that we delete that Child’s personally identifiable information from our systems.
Due to the nature of our Services, we may collect travel information, which may include personal information, about Children when it is required to comply with the law, including federal aviation or security regulations, or as otherwise required to provide transportation needs and services. We may retain personal information when required to provide transportation and related services to a Child. TripActions does not knowingly collect personal information directly from Children other than when required to comply with the law or for safety and security reasons.
If you are a parent or guardian of a Child who has provided personal information without your knowledge and consent, you may request we remove this Children’s information by emailing [email protected]
7. Our Commitment to Data Security:
We are committed to protecting the information we collect. We use reasonable administrative, physical, managerial, electronic, and technical safeguards that are designed to improve the integrity and security of your personally identifiable information and to protect such information from unauthorized access, use, or disclosure. For example, only authorized employees are permitted to access personal information, and they may only do so for permitted business functions. In addition, we use encryption when transmitting your sensitive personal information between your system and ours, and we employ web application firewall and other industry standard security systems and measures to help prevent unauthorized persons from gaining access to your information. Please be aware, however, that no method of transmitting information over the Internet, or storing information is completely secure. Accordingly, we cannot, ensure or warrant the security of any information you transmit to us or store on the Services and you do so at your own risk. We also cannot guarantee that such information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards.
If we learn of a security systems breach, then we may attempt to notify you electronically so that you can take appropriate protective steps. We may post a notice through the Services if a security breach occurs. Depending on where you live, you may have a legal right to receive notice of a security breach in writing. To receive a free written notice of a security breach you should notify us at [email protected]
8. Privacy Settings
Although we may allow you to adjust your privacy settings to limit access to your information, please be aware that no security measures are perfect or impenetrable. We cannot control the actions of other users with whom you may choose to share your information. Therefore, we cannot and do not guarantee that information you post on the Services will not be viewed by unauthorized persons. We are not responsible for circumvention of any privacy settings or security measures contained on the App. You understand and acknowledge that, even after removal, copies of information that you have posted may remain viewable in cached and archived pages or if other users have copied or stored such information.
9. International Transfer
10. California Privacy Rights:
Under California law, California residents are entitled to, once a year, free of charge, request a notice describing what categories of personal information we shared with third parties (if any) for their direct marketing purposes during the preceding calendar year. The notice will identify the categories of personal information shared with third parties, as well as the name and address of the third parties that receive such personal information. If you are a California resident and want to obtain a copy of this notice, please submit a written request to the following address: 409 Sherman Ave, Palo Alto, CA 94306, or send us an email at [email protected] with “California Privacy Rights” in the subject line. TripActions does not share personal information with third parties for their own direct marketing purposes without your prior consent. Accordingly, you can prevent disclosure of your personal information to third parties for their direct marketing purposes by withholding consent.
11. EU-US Privacy Shield.
12. Google Maps/Earth.
13. Linking Third Party Accounts.
You may link your Account with your account at a third party social networking service. Your contacts on these third party services are referred to as “Contacts.” When you create this link:
- some of the information you provide to us from the linking of your accounts may be published on your Account profile;
- your activities on the Services may be displayed to your Contacts on the Services and/or that third party site;
- a link to your public profile on that third party social networking service may be included in your TripActions public profile;
- other users may be able to see any common Contacts that you may have with them, if applicable;
- other users may be able to see any schools, hometowns or other groups you have in common with them as listed on your linked social networking service;
- the information you provide to us from the linking of your accounts may be stored, processed and transmitted for fraud prevention and risk assessment purposes; and
- the publication and display of information that you provide to TripActions through this linkage is subject to your settings and authorizations on the Services and the third party site.
We only collect your information from linked third party accounts to the extent necessary to ensure the adequate performance of our contract with you, or to ensure that we comply with applicable laws, or with your consent.
15. Our Contact Information:
409 Sherman Ave,
Palo Alto, CA 94306