Personal Information We Collect About You and How We Use It
Information you provide us:
If you choose to use or access any of the Services, you must provide personal information in order to do so including your name, mailing address, email address, telephone number, known traveler identification number, passport number, other contact information, and travel itinerary data. This information is used to: (i) provide login information to the Website and carry out processing functions and the Services DEI has been contracted to provide by its Client, (ii) communicate with you by responding to your requests, comments and questions, (iii) improve the Website, and (iv) perform various account functions provided by DEI. The GDPR legal basis for processing this information is: (a) the legitimate interest in communicating with you and improving the Website, and (b) the contractual obligation to perform the Services.
Email & Email Updates
When you contact us by email we collect your first name, last name and email address in order to respond to your request. When you sign up for email updates, we collect your email address in order to provide updates. When you opt-in to receive promotional emails, we will add you to our list to send you promotional, commercial and informational emails. The GDPR legal basis for processing this information is the legitimate interest in communicating with you and answering your questions.
Tracking Technologies & Cookies
When you visit the Website, we collect your IP address, and we use session “cookies” — a piece of information stored on your computer — to allow us to uniquely identify your browser while you are logged in and to enable us to process your online transactions. Session cookies also help us confirm your identity and are required in order to log into your account. Users who disable their web browsers’ ability to accept cookies will be able to browse the Website but will not be able to access or take advantage of the Services. We also use web beacons to monitor your browsing behavior if you link to another Website. The GDPR legal basis for processing this information is the contractual obligation to the Client to perform the Services.
You can log into the Website using sign-in services made available to you by the applicable Client or other service providers. These sign-in services will authenticate your identity and provide you the option to share certain Personal Information with us such as your name and email address to log-in to the Website. The GDPR legal basis for processing this information is the contractual obligation to the Client to perform the Services.
If you have any questions about specific Website settings, what information DEI has been authorized by Client to process, or its privacy practices, you may contact the applicable Client administrator. If you no longer wish to have your Personal Information used by one of our Clients that use the Services, please contact your Client administrator. The GDPR legal basis for processing this information is the contractual obligation to the Client to perform the Services.
Rights Related to Your Personal Information
In addition to the lawful transfer, processing and storage of your Personal Information, the GDPR gives certain European Union members additional rights over our use of your Personal Information. DEI respects your control over your information and, in the event that you have provided Personal Information to us in your use of the Website, we will provide you with information about whether we hold any of your personal information as detailed below. You may access, correct, or request deletion of your Personal Information by contacting us at email@example.com. We will respond to your request within a reasonable timeframe.
When acting as a service provider, DEI may have no direct relationship with the individuals whose Personal Information is provided to DEI for processing while providing the Services. An individual who is employed by or maintains a membership with one of our Clients and seeks access to, or who seeks to correct, amend, delete, or object to the processing of their Personal Data should direct the query to their the applicable Client’s DEI administrator if they are unable to make the appropriate changes via access to the Website. If the Client request DEI to delete the data, we will respond to their request within 30 business days. If a user contacts us directly with such a request, we will notify the proper DEI Client.
If you are located in the European Economic Area (“EEA”), you have the following rights regarding your Personal Information we control:
Access. You can request details of your Personal Information we hold. We will confirm whether we are processing your Personal Information and we will disclose additional information including the types of Personal Information, the sources it originated from, the purpose and legal basis for the processing, the expected retention period, and the safeguards regarding data transfers to non-EEA countries, subject to the limitations set out in applicable laws and regulations. We will provide you free of charge with a copy of your Personal Information, but we may charge you a fee to cover our administrative costs if you request further copies of the same information.
Correction. At your request, we will correct incomplete or inaccurate parts of your Personal Information, although we may need to verify the accuracy of the new information provided to us.
Deletion. At your request, we will delete your Personal Information if: (i) it is no longer necessary for us to retain your Personal Information, (ii) you withdraw consent which formed the legal basis for the processing of your Personal Information, (iii) you object to the processing of your Personal Information and there are no overriding legitimate grounds for such processing, (iv) the Personal Information was processed illegally, (v) the Personal Information must be deleted for us to comply with our legal obligations. We will decline your request for deletion if processing of your Personal Information is necessary: (i) for us to comply with our legal obligations, (ii) for the establishment, exercise, or defense of legal claims, or (iii) for the performance of a task in the public interest.
Restrict Processing. At your request, we will restrict the processing of your Personal Information if: (i) you dispute the accuracy of your Personal Information, (ii) your Personal Information was processed illegally and you request a limitation on processing rather than the deletion of your Personal Information, (iii) we no longer need to process your Personal Information, but you need your Personal Information in connection with the establishment, exercise or defense of a legal claim, or (iv) you object to the processing of your Personal Information pending verification as to whether an overriding legitimate ground for such processing exists. We may continue to store your Personal Information to the extent required to ensure your request to restrict processing is respected in the future.
Data Portability. At your request, we will provide you free of charge with your Personal Information in a structured, commonly used and machine-readable format, if: (i) you provide us with your Personal Information, (ii) the processing of your Personal Information is required for the performance of a contract, or (iii) the processing is carried out by automated means.
Object. Where we rely on our legitimate interests (or that of a third party) to process your Personal Information, you have the right to object to this processing on grounds related to your particular situation if you feel it impacts your fundamental rights and freedoms. We will comply with your request unless we have compelling legitimate grounds for the processing which override your rights and freedoms, or where the processing is in connection with the establishment, exercise, or defense of legal claims. We will always comply with your objection to the processing of your Personal Information for direct marketing purposes.
Not to be subject to decisions based solely on automated processing. You will not be subject to decisions with a legal or similarly significant effect (including profiling) that are based solely on the automated processing of your Personal Information unless you have given us your explicit consent or where they are necessary for the performance of contract with us.
Withdraw consent. You have the right to withdraw consent you may have previously given us at any time. In order to exercise your right to withdraw consent we may ask you for certain identifying information to ensure the security of your Personal Information.
Please contact us at info@aedetravel,com to make a request to exercise any of the above rights. We will respond to your request within 30 days or otherwise provide you with reasons for the delay. If we refuse your request, we will notify you of the relevant reasons. Typically, we will not charge any fees in connection with the exercise of your rights; however, if your request is manifestly unfounded or excessive (for example, because of its repetitive character) we may charge a reasonable fee, taking into account the administrative costs of dealing with your request.
Kindly note that if you decide to exercise some of your rights, we may be unable to perform the actions necessary to achieve the purposes set out above or you may not be able to use or take full advantage of the Services.
If you are not satisfied with our response, you have the right to complain or seek advice from a supervisory authority and/or bring a claim against us in any court of competent jurisdiction.
How, and With Whom, Your Information Is Shared
Email communications with us:
As part of the Services, we may send you promotional, commercial, and informational emails. You may opt out from receipt of these emails and unsubscribe by clicking “unsubscribe” at the bottom of the emails you receive from us. You have the right to object to the use of your Personal Information for direct marketing purposes, on a going forward basis, by emailing us at firstname.lastname@example.org.
Information shared with the applicable Client:
For users of the www.aedetravel.com we disclose information to the applicable Client such as your travel behavior, redemption behavior and year-end redemption reporting for tax purposes.
Information shared with our service providers and Sub-Processors:
Third Party Services:
Information disclosed pursuant to business transfers:
If our assets are merged with or purchased by a third party, your Personal Information will be transferred to that third party.
Information disclosed for our protection and the protection of others:
We may also release your information when we believe release is appropriate to comply with the law, enforce our Privacy Policies, detect or prevent fraud, security or technical issues, or protect our or others’ rights, property, or safety. This includes exchanging information with other companies and organizations for fraud protection and spam/malware prevention. Because our servers that store your information are located in the U.S.A., your information may be available to U.S. government entities or agencies under a lawful court order or other legal process in the U.S.
Information we share with your consent:
How long do we retain your information?
When acting as a service provider, we will retain your Personal Information, which we process on behalf of our Clients for as long as needed to provide services to our Client, for as long as your account is active, or as needed to provide you services. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. We retain your Personal Information for up to sixty (60) days after your account is closed.
How do we protect your information?
We will take reasonable precautions to protect Personal Information from loss, misuse, unauthorized access, disclosure, alteration and destruction. We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once we receive it. For example, our Services sit on secure servers operated by Oracle Cloud Infrastructure. We use a method endorsed by the National Institute of Standards and Technology to protect your passwords (PBKDF2 algorithm with a SHA256 hash for password stretching). All of the data transfer is over secure http protocol (https) and we deploy TLS1.2 for transport layer security. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, we cannot guarantee its absolute security.
International transfer of your Personal Information:
Given that the Internet operates in a global environment and that, if you operate outside of the United States, transfer of your data is necessary for you to use any of our Services or request information from us, using the Internet to collect and process Personal Information necessarily involves the transmission of data on an international, or cross-border, basis. By accessing any of the Services, and/or communicating with us by email, you acknowledge and voluntarily provide your express consent to our collection, processing, and disclosure of your Personal Information in this way, including our disclosure to Sub-Processors and third parties located in the US and other locations outside the EU.
European Data Privacy
International Transfer of Personal Information: Privacy Shield, and Contractual Terms
Certain European Union residents have additional privacy rights as provided in the GDPR. For such residents, DEI will collect, process, and store your personal information strictly in accordance with the GDPR. The GDPR further governs the transfer of subject personal information from certain European Area countries outside of the European Union. DEI is based in the U.S., the Website and Website servers are hosted in the U.S., and many of DEI’s suppliers and Sub-Processors are also based in the U.S. or otherwise outside of the European Union. In providing your Personal Information to DEI e, your Personal Information will be sent to the U.S. (or otherwise outside of the European Union). In such cases, DEI will transfer such data in accordance with the GDPR and the following transfer mechanisms:
The EU-U.S. and Swiss-U.S. Privacy Shield Frameworks were designed by the U.S. Department of Commerce, and the European Commission and Swiss Administration, respectively, to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States in support of transatlantic commerce.
DEI is responsible for the processing of personal data it receives, under each Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. DEI complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.
With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, DEI is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
In compliance with the Privacy Shield Principles, DEI commits to resolve complaints about our collection or use of your personal information. European Union and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact DEI at email@example.com. DEI commits to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner, as applicable, and comply with the advice given by the panel or Commissioner, as applicable, with regard to data transferred from the EU and Switzerland, as applicable. If you have an unresolved privacy or data use concern that We have not addressed satisfactorily and you are a European Union or Swiss individual, please contact the panel established by the EU data protection authorities (DPAs) or the Swiss Federal Data Protection and Information Commissioner, as applicable. For more information, see Privacy Shield’s informative website here.
Under certain conditions, more fully described on the Privacy Shield website https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.
DEI may also enter into European Union Model Contractual Clauses, also known as Standard Contractual Clauses, with its Clients to meet the adequacy, privacy, and security requirements for Our Clients that operate in the European Union, and other international transfers of Client data.
California Data Privacy
California residents have certain privacy rights as specified under California law, including the California Consumer Privacy Act of 2018 (“CCPA”). If you are a resident of California, you have the right to know what personal information has been collected about you, and to access that information. You have the right to request deletion of your personal information, though exceptions under the CCPA may allow DEI to retain and use certain personal information notwithstanding your deletion request.
DEI collects various categories of personal information when you or the applicable Client use the Website or Services, including travel itinerary location information and personal information related to your business travel bookings. A more detailed description of the information DEI collects and how we use it is provided above in the sections entitled: Personal Information We Collect About You and How We Use It, Rights Related to Your Personal Information, and How, and With Whom, Your Information Is Shared.
In addition to Our collection of your Personal Information, DEI may engage certain third parties to perform a function or provide services to you on behalf of DEI including hosting and maintenance, error monitoring, debugging, performance monitoring, billing, customer and account relationship management, database storage and management, and direct marketing campaigns. DEI may share your Personal Information with these third parties, but only to the extent necessary to perform these functions and provide such services. DEI requires these third parties to maintain the privacy and security of the Personal Information they process on our behalf.
DEI does not sell your Personal Information when you use the Website or when you use a Service and will not do so in the future without providing you with notice and an opportunity to opt-out of such sale as required by law. DEI does not offer financial incentives associated with the collection, use, or disclosure of your personal information.
DEI will not discriminate against you for exercising any of your CCPA rights. To this end, unless permitted by the CCPA, DEI will not:
Deny you access to the Website or Services;
Charge you a different price or rate for the Website or Services, including the granting of discounts or other incentives;
Provide a different or downgraded Website or Service
Suggest that you may receive a different price or rate for the Website or its Services or a different or downgraded Website or Service;
In certain cases, DEI collects and processes your personal information at the contractual obligation of the applicable Client. In order to respond to a verified request, DEI may be required to provide notice to the applicable Client of your request, and to follow the applicable Client’s instructions as they relate to carrying out your request. DEI cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm that the personal information relates to you. Making a verifiable request does not require you to create an account, but we may ask you to verify your request by logging into your account if you have one. We will only use personal information provided by a verifiable consumer request to verify the requestor’s identity or authority to make the request.
To exercise your rights under the CCPA please submit a verifiable consumer request to DEI by calling our number +1 (917) 520-5453 or emailing us firstname.lastname@example.org. Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf may make a verifiable consumer request related to your personal information. You may only make a verifiable consumer request for access to your data twice within a twelve (12) month period. Your verifiable consumer request must: (i) be made by a natural person, (ii) provide sufficient information to allow DEI to reasonably verify your identity and that you are the person about whom we collected personal information, or you are an authorized representative, and (iii) describe your request with sufficient detail that allows DEI to properly understand, evaluate, and respond to your request.
We do not knowingly collect any information from anyone under 13 years of age. The Services are directed to people who are at least 13 years old or older. If you believe your child has provided Personal Information through the Services, please contact us as described below.
By post: Discovery Expeditions, Inc PO Box 7661 Charlottesville, VA 22906
By email: email@example.com