Keep Your Information Safe: Privacy Policy for Itinerary | Last Updated March 2024

PURPOSE

We are committed to maintaining the accuracy, confidentiality, and security of our users’ personal information. This Privacy Policy describes the personal information that we collect from or about our users, how we use that information, and to whom it is disclosed.

This Policy is designed to comply with the privacy requirements established by the General Data Protection Regulation (“GDPR”), as well as with all applicable laws around the world that are intended to protect an individual’s privacy. It supports our need to collect information from our users as necessary for our performance of business services and functions, while also recognizing a user’s right to have their information handled in a way that protects the privacy of their personal information. You may learn more about the GDPR here: https://www.eugdpr.org/

For purposes of this Policy, a user may also be referred to as “you,” “your,” or “data subject.”

COMMENCEMENT

This Policy will commence from August 2018. It replaces all other policies relating to the use of a user’s personal data, whether such a policy was made in writing or oral.

APPLICATION

Legal requirements may vary from country to country. This Policy applies to all users of our website, even those who access our site from a location outside of the European Union.

DEFINITIONS

We find the below terms relevant and important to the understanding and execution of this Policy. The following terms may be used or referenced in this Policy and can be further defined pursuant to Article 4 of the GDPR:

Personal Data: any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

Controller: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

Processor: a natural or legal person, public authority, agency or other bodies which processes personal data on behalf of the controller.

Recipient: a natural or legal person, public authority, agency, or other bodies, to which the personal data are disclosed, whether a third party or not.

Third-Party: a natural or legal person, public authority, agency, or body other than the data subject, controller, processor, or persons who, under the direct authority of the controller or processor, are authorized to process personal data.

Processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.

Profiling: any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular, to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, relatability, behavior, location, or movements.

Filing System: any structured set of personal data which are accessible according to specific criteria, whether centralized, decentralized or dispersed on a functional or geographical basis.

INFORMATION COLLECTED

We only collect information that is necessary for one or more of our legitimate business functions or activities. The information we collect from our users may include:

Personal identification data, including, but not limited to, your name, gender, date of birth, nationality, and military status, if applicable.

Personal identification data is considered “special” by nature, including, but not limited to, your race, ethnicity, religion, sexual orientation, or disability status.

Contact information, including, but not limited to, your permanent address, mailing address, telephone number(s), and email address;

Account login information including, but not limited to, your login credentials.

Network traffic data including, but not limited to, your IP address, identification numbers, location data, cookies, online identifiers, language settings, and device identification.

The financial information provided by you including, but not limited to, bank account and credit card information.

Information you voluntarily share with us, including, but not limited to, suggestions, reviews, opinions, and feedback.

Images, documents, or videos you voluntarily share with us, including, but not limited to, photographs and documents shared with us regarding your business for sale or provided in your profile account.

Social media links or content you voluntarily share with us, including, but not limited to, images, contacts, and written content.

We may also collect information from third party channels, including, without limitation, factual research our employees perform on you or your business or from your interactions with our employees.

The information collected is considered “personal data” as defined by Article 4(1) of the GDPR.

SHARED INFORMATION

We will never sell your personal information, although it may be shared from time to time, and only when necessary to perform a legitimate business function.

We may provide your information data that we have collected on our website to third-party service providers to help us deliver and promote products, information, services, marketing, or other legitimate business functions. We will have a written agreement with each third party confirming on what basis they will use your personal information, and we will ensure that there are adequate safeguards and processes in place to protect your data.

HOW INFORMATION IS USED

We collect and process personal information from our users so that we may perform our business functions and provide services to the user. We will collect and process your data in compliance with the GDPR. We may use a user’s personal information to perform the following:

To facilitate billing and payment collection for our services, if applicable.

To market relevant services to you based on your preferences selected during the creation or use of your profile account or services contract.

To send electronic communications including, but not limited to, email newsletters or push notifications (you have the option to unsubscribe to these).

To allow our employees or representatives to provide business services in accordance with your contract.

To facilitate customer feedback and support, which allows us to improve our services and site designs and/or functionality.

To comply with legal obligations arising out of the performance of our business services to you.

To perform background checks as permitted or required by applicable law.

To defend any legal claims to which we are subject.

Any other legitimate business functions or activities.

RETENTION OF PERSONAL DATA

In compliance with Article 5(1)(e) of the GDPR, we keep your personal information data for the period necessary to fulfill the purposes for which it has been collected. We may retain and use your data to inform you of new businesses for sale based on your preferences, in the event you have consented to us doing so.

SECURITY

We take precautions to protect your personal information; however, we cannot always guarantee the security of your personal information. Transmissions over wireless networks, including the Internet, can, at times, be defective, falsified, or tampered with. You acknowledge and agree that such circumstances are out of our control, and we cannot be held responsible or liable any limitation, failure, or breach of any transmission of your personal information over wireless networks.

YOUR RIGHTS

The GDPR was created to protect your privacy rights. You have the right to access, rectify, object to, or erase the data maintained by us pursuant to Articles 12 – 23 of the GDPR. You may request a change to your data by contacting us by telephone, email, or mail correspondence.

GetItinerary d/b/a getitinerary.com
Vancouver, British Columbia, V6A 2K9, Canada
info@getitinerary.com

If you believe our processing of your data infringes data protection laws, you have a legal right to initiate a complaint with a supervisory authority responsible for data protection in accordance with Article 77 of the GDPR.

COOKIES

Our service providers use cookies, and those cookies may be stored on your computer when you visit our website. Most browsers allow you to refuse and delete cookies. You can find more information regarding cookies here: http://www.allaboutcookies.org/

DATA PROTECTION OFFICER

If you have questions or concerns regarding this Policy, your personal information, or how we may use it, please contact us by writing to our “Data Protection Officer” at the previously stated address or email. Our data protection officer is responsible for overseeing this Policy and privacy notice.

AMENDMENTS

We may update this Policy from time to time by publishing a new version on its website. We will alert you about any changes by updating the “Last Updated” date of this Policy.

Privacy Policy Last updated (January 2020)