Categories of Personal Information We Collect
When you use Stabroek Travel or our associated services, we may collect the following kinds of personal information from you, as needed:
- Name, username, email address, telephone number, and home, business, and billing addressees (including street and postal code)
- Government issued Identification required for booking or identity verification, such as passport, driver’s license, and country of residence (for travel insurance purposes), and for vacation property owners, tax identification number,
- Payment information such as payment card number, expiration date, billing address, and financial account number
- Travel-related preferences and requests such as favorite destination and accommodation types, and special dietary and accessibility needs, as available
- Loyalty program and membership information
- Birth date and gender
- Images (including facial photographs), videos, and other recordings
- Social media account ID and other publicly available information
- Communications with us (such as recordings of calls with customer service representatives for quality assurance and training purposes)
- Searches you conduct, transactions, and other interactions with you on our online services and Apps
- Other communications that occur through the platform among partners and travelers,
and in-group chat and traveler-collaboration tools
- The searches and transactions conducted through the platform
- Data you give us about other people, such as your travel companions or others for whom you are making a booking
- Information we receive about you from other Stabroek companies and third parties such as our business and affiliate partners and authorized service providers which may include updated contact information, demographic information, interests, and purchase history, which we may add to your account or profile and use for market research and analysis
When you install any of our apps or use our platform, we automatically collect the following types of information from your device:
- IP address
- Device type
- Unique device identification numbers
- Internet browser-type (such as Firefox, Safari, Chrome, and Internet Explorer)
- Internet Service Provider
- Operating System
- Mobile carrier
- How your device has interacted with our online services, including the pages, accessed, links clicked, trips viewed, and features used, along with associated dates and times
- Details of any referring website or exit pages, as well as general geographic location (such as at the country or city-level)
When you download and use any of our mobile apps, we collect certain technical information from your device to enable the app to work properly and as otherwise described in this Privacy Statement. That technical information includes:
- Device and telephone connectivity information such as your carrier, network type, network operator, subscriber identity module ("SIM") operator, and SIM country
- Operating system and version
- Device model
- Performance and data usage
- Usage data, such as dates and times the app accesses our servers, the features and links clicked in the app, searches, transactions, and the data and files downloaded to the app
- Device settings selected or enabled, such as Wi-Fi, Global Positioning System ("GPS"), and Bluetooth (which may be used for location services, subject to your permission as explained below)
- Mobile device settings
- Other technical information such as app name, type, and version as needed to provide
you with services
Permissions for Location-Based Services:
Depending on your device’s settings and permissions and your choice to participate in certain programs, we may collect the location of your device by using GPS signals, cell phone towers, Wi-Fi signals, Bluetooth, or other technologies. We will collect this information, if you opt-in through the app or other program (either during your initial login or later) to enable certain location-based services available within the app (for example, locating available lodging closest to you). To disable the location capabilities of the app, you can log off or change your mobile device’s settings.
Use of Personal Information
We use your personal information for various purposes described below, which depend on the site you visit or the app you use.
Your Use of Online Sites, Apps, and Services:
- Book the requested travel or enable vacation property booking
- Provide services related to the booking and/or account
- Create, maintain, and update user accounts on our platform and authenticate you as a user
- Maintain your search and travel history, accommodation and travel preferences, and similar information about your use of Stabroek Travel’s platform and services, as otherwise described in this Privacy Statement
- Enable and facilitate acceptance and processing of payments, coupons, and other transactions
- Administer loyalty and rewards programs
- Collect and enable booking-related reviews
- Help you to use our services faster and easier through features like the ability to sign in using your account within the online services and sites of some of Stabroek Travel's companies
Communications and Marketing:
- Respond to your questions, requests for information, and process information choices
- Enable communication between you and the travel supplier like hotels and vacation property owners
- Contact you (such as by text message, email, phone calls, mail, push notifications, or messages on other communication platforms) to provide information like travel booking
confirmations and updates, for marketing purposes, or for other purposes as described in this Privacy Statement
- Market our products and services, optimize such marketing to be more relevant to you and measure and analyze the effectiveness of our marketing and promotions
- Administer promotions like contests, sweepstakes, and similar giveaways
Other Business Purposes and Compliance
- Conduct surveys, market research, and data analytics
- Maintain, improve, research, and measure the effectiveness of our sites and apps, activities, tools, and services
- Monitor or record calls, chats, and other communications with our customer service team and other representatives, as well as platform communications between or among partners and travelers for quality control, training, dispute resolution, and as described in this Privacy Statement
- Create aggregated or otherwise anonymized or de-identified data, which we may use and disclose without restriction where permissible
- Promote security, verify the identity of our customers, prevent and investigate fraud and
unauthorized activities, defend against claims and other liabilities, and manage other risks
- Comply with applicable laws, protect our and our users’ rights and interest, defend ourselves, and respond to law enforcement, other legal authorities, and requests that are part of a legal process
- Comply with applicable security and anti-terrorism, anti-bribery, customs and immigration, and other such due diligence laws and requirements
- Operate our business using lawful business purposes and as permitted by law
Lawful bases for processing:
We will collect personal information from you only (i) where the personal information is necessary to perform a contract with you (e.g., manage your booking, process payments, or create an account at your request), (ii) where the processing is in our legitimate interests and not overridden by your rights (as explained below), or (iii) where we have your consent to do so (e.g., sending you marketing communications where consent is required). In some cases, we will have a legal obligation to collect personal information from you such as where it is necessary to use your transaction history to complete our financial and tax obligations under the law.
If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences if you do not provide your personal information).
Certain countries and regions allow us to process personal information based on legitimate interests. If we collect and use your personal information in reliance on our legitimate interests (or the legitimate interests of any third party), this interest will typically be to operate or improve our platform and communicate with you as necessary to provide our services to you, for security verification purposes when you contact us, to respond to your queries, undertaking marketing, or to potentially detect or prevent illegal activities.
We may in some cases use automated decision-making, for example, about assessing fraudulent transactions or suspicious activity on our site. As part of this process, automated decisions may be made by putting your personal information into a system and the decision is calculated using automatic processes. If you pose a fraud risk, this may affect your ability to book on our site. You may have rights to automated decision-making, including the ability to request a manual decision-making process instead or contest a decision based solely on automated processing.
Sharing of Personal Information
We share your personal information as described below and in this Privacy Statement, and as permitted by applicable law.
- Stabroek Travel. We share your personal information within Stabroek Travel companies. Stabroek Travel companies share, access, and use your personal information as described in this Privacy Statement.
- Third-party service providers. We share personal information with third parties in connection with the delivery of services to you and the operation of our business (for example, to provide credit card processing, customer service, business analytics, and fraud prevention and compliance services, and to serve you with advertising tailored to your interests). These third-party service providers are required to protect the personal information we share with them and may not use any directly identifying personal information other than to provide services we contracted them for. They are not allowed to use the personal information we share for purposes of their direct marketing (unless you have separately consented with the third party under the terms provided by the third party).
- Travel suppliers. We share personal information with travel-related suppliers such as hotels, airlines, car rental companies, vacation rental property owners and managers, and where available, activity providers, rail, or cruise lines who fulfill your booking. Please note that travel suppliers may contact you to obtain additional information if and as required to facilitate your booking or to otherwise provide the travel or associated services.
- Business partners and offers. If we promote a program or offer a service or product in conjunction with a third-party business partner, we will share your information with that partner to assist in marketing or to provide the associated product or service. In most of those cases, the program or offer will include the name of the third-party business partner, either alone or with ours, or you will be redirected to the website of that business with notice. An example of such a business-partner relationship would be a third-party loyalty program for which you could earn points by completing a booking on our platform.
- Legal rights and obligations. We may disclose your personal information to enforce our policies, or where we are permitted (or believe in good faith that we are required) to do so by applicable law, such as in response to a request by law enforcement or governmental authority, in connection with actual or proposed litigation, or to protect and defend our property, people and other rights or interests. We may also share your personal information under a subpoena or other legal request, or as necessary to remit certain taxes in the course of processing payments as required by law or legal process.
- Corporate transactions. We may share your personal information in connection with a corporate transaction, such as a divestiture, merger, consolidation, assignment, asset sale, or the unlikely event of bankruptcy. In the case of any acquisition, we will inform the buyer it must use your personal information only for the purposes disclosed in this Privacy Statement.
Your Rights and Choices
You have certain rights and choices concerning your personal information, as described below:
- If you have an account with us, you may change your communication preferences by either (1) logging in and updating the information in your account or (2) contacting us at [email protected].
- You can control our use of certain cookies by following the guidance in our Cookie Statement in this Privacy Statement.
- You can access, amend or update the accuracy of your information at any time by either logging into your account or contacting us
- If you no longer wish to receive marketing and promotional emails, you may unsubscribe by clicking the ‘unsubscribe’ link in the email. You can also log into your account to change communication settings or contact us at [email protected].
- Please note that if you choose to unsubscribe from or opt-out of marketing emails, we may still send you important transactional and account-related messages from which you will not be able to unsubscribe
- For our mobile apps, you can view and manage notifications and preferences in the settings menus of the app and your operating system
- If we are processing your personal information based on consent, you may withdraw that consent at any time by contacting us. Withdrawing your consent will not affect the lawfulness of any processing that occurred before you withdrew consent and it will not affect our processing of your personal information that is conducted in reliance on a legal basis other than consent
Certain countries and regions provide their residents with additional rights relating to personal information. These additional rights vary by country and region and may include the ability to:
- Request a copy of your personal information
- Request information about the purpose of the processing activities
- Delete your personal information
- Object to our use or disclosure of your personal information
- Restrict the processing of your personal information
- Opt-out of the sale of your personal information
- Port your personal information
- Request information about the logic involved in our automated decision-making used in our fraud prevention practices and the result of such decisions
For questions about privacy, your rights, and choices, and to request to amend or update your information, please contact us at [email protected].
In addition to the above rights, you may have the right to complain to a data protection authority about our collection and use of your personal information. However, we encourage you to contact us first so we can do our best to resolve your concern. You may submit your request to us using the information in the Contact Us section. We respond to all requests we receive from individuals wanting to exercise their data protection rights by applicable data protection laws.
International Data Transfer
The personal information we process may be transmitted or transferred to countries other than the country in which you reside. Those countries may have data protection laws that
are different from the laws of your country.
The servers for our platform are located in the United States and Canada, and the Stabroek Travel companies and third-party service providers operate in many countries around the world. When we collect your personal information, we may process it in any of those countries.
We have taken appropriate steps and put safeguards in place to help ensure that your personal information remains protected by this Privacy Statement. For example, any data transfers between our group of companies are governed by our intra-group agreements which incorporate strict data transfer terms (including the European Commission's Standard Contractual Clauses, for transfers from the EEA) and require all group companies to protect the personal information they process by applicable data protection law. In addition, certain Stabroek Travel affiliates have certified with the EU-U.S. and Swiss-U.S. Privacy Shield, as explained below in the "Privacy Shield" section.
We also require that third-party service providers to whom a data transfer is made have appropriate safeguards in place to protect your personal information, in compliance with applicable data protection law. The particular measures used will depend on the service provider, and our agreements with them may include European Commission approved Standard Contractual Clauses, the service provider's certification under the EU-U.S. and/or Swiss-U.S. Privacy Shield certification, or reliance on the service provider's Binding Corporate Rules, as defined by the European Commission.
Certain Stabroek Group U.S. affiliates have certified to the EU-U.S. and Swiss-U.S. Privacy Shield frameworks and that we adhere to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfers, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement, and Liability for personal information from the EU, Switzerland, and the United Kingdom. Such Stabroek Group U.S. affiliates will continue to adhere to the Privacy Shield frameworks and Principles even though the CJEU determined in July 2020 that the EU-U.S. Privacy Shield framework is no longer an adequate transfer mechanism for the transfer of EU personal information to the U.S. In addition, Stabroek Group maintains intra-group Standard Contractual Clauses where applicable to cover the transfer of EU personal information to the U.S. Our certifications can be found here. For more information about the Privacy Shield principles, please visit www.privacyshield.gov.
APEC Cross Border Privacy Rules System Participation
Stabroek Travel’s privacy practices, described in this Privacy Statement, comply with the APEC Cross Border Privacy Rules System. The APEC CBPR system provides a framework for organizations to ensure the protection of personal information transferred among participating APEC economies. More information about the APEC framework can be found here.
We want you to feel confident about using our platform and all associated tools and services, and we are committed to taking appropriate steps to protect the information we collect. While no company can guarantee absolute security, we do take reasonable steps to implement appropriate physical, technical, and organizational measures to protect the personal information that we collect and process.
We will retain your personal information by all applicable laws, for as long as it may be relevant to fulfill the purposes outlined in this Privacy Statement unless a longer retention period is required or permitted by law. We will de-identify, aggregate, or otherwise, anonymize your personal information if we intend to use it for analytical purposes or trend analysis over longer periods.
The criteria we use to determine our retention periods include:
- The duration of our relationship with you, including any open accounts you may have with Stabroek Travel or recent bookings, or other transactions you have made on our platform
- Whether we have a legal obligation related to your personal information, such as laws requiring us to keep records of your transactions with us
- Whether there are any current and relevant legal obligations affecting how long we will keep your personal information, including contractual obligations, litigation holds, statutes of limitations, and regulatory investigations