At TravelBank your privacy is important to us, so we strive to be transparent about how we collect, use and share information about you. This policy is intended to help you understand:
- WHAT INFORMATION WE COLLECT
- HOW WE USE INFORMATION
- HOW WE SHARE INFORMATION
- HOW WE STORE INFORMATION
- HOW TO ACCESS AND CONTROL YOUR INFORMATION
- HOW WE TRANSFER INFORMATION INTERNATIONALLY
- ADDITIONAL IMPORTANT PRIVACY MATTERS
- HOW TO CONTACT US
- WHAT INFORMATION WE COLLECT
We require certain information to provide our services to you. For example, you must have an account in order to purchase or interact with the Services. When you choose to share the information below with us, we collect and use it to operate our Services. “Personal Data” means data that allows someone to identify or contact you, including, for example, your name, address, telephone number, e-mail address, travel preferences, specific expenses, as well as any other non-public information about you that is associated with or linked to any of the foregoing data. “Anonymous Data” means data that is not associated with or linked to your Personal Data; Anonymous Data does not permit the identification of individual persons. We collect Personal Data and Anonymous Data, as described below.
Information You Provide.
When you use the Services, you will provide information that could be Personal Data, such as your username, first and last names, password, billing addresses, telephone numbers, business contact information, payment card and financial account information and identifiers of devices used to access our services.
Tools. The Services may include tools such as a budget or travel planning applications. When you use such tools, you may provide your Personal Data or that of another individual.
User Content. The Services may include publicly accessible blogs, community forums, or private messaging features. The Services may also contain links and interactive features with various social media platforms (e.g., widgets). If you already use these platforms, their cookies may be set on your device when using our Services or other services. You should be aware that Personal Data which you voluntarily include and transmit online in a publicly accessible blog, chat room, social media platform or otherwise online, or that you share in an open forum may be viewed and used by others without any restrictions. We are unable to control such uses of your information when interacting with a social media platform, and by using such services you assume the risk that the Personal Data provided by you may be viewed and used by third parties for any number of purposes.
Images for App Functionality. Our website and application may collect user-generated images for various purposes, such as content submission. Further, certain Services may require you to provide images of your receipts and/or other documentation to substantiate your expense submission. Please be aware that any images submitted to our platform may be stored on our servers for future use or as required by law. By submitting an image to our platform, you acknowledge and consent to our collection and storage of your image.
Company Submitted Information. Some uses of the Service may allow an administrator at your company to provide us with your Personal Data.
Information We Collect Automatically
We automatically receive and record information from your use of the Services, including but not limited to: app usage, your IP address browser type, Internet service provider, referring/exit pages, operating system, date/time stamp, clickstream data, and cookie information. This information is used to optimize your user experience. Generally, the Services automatically collect usage information, such as the number and frequency of users of the Services. We may use this data in aggregate form, that is, as a statistical measure, but not in a manner that would identify you personally. This type of aggregate data enables us and third parties authorized by us to figure out how often individuals use parts of the Services so that we can analyze and improve them.
Pixel Tags. Pixel Tags (also referred to as clear Gifs, Web beacons, or Web bugs). Pixel Tags are tiny graphic images with a unique identifier, similar in function to Cookies, that are used to track online movements of Web users. In contrast to Cookies, which are stored on a user’s computer hard drive, Pixel Tags are embedded invisibly in Web pages. Pixel Tags also allow us to send e-mail messages in a format users can read, and they tell us whether e-mails have been opened to ensure that we are sending only messages that are of interest to our users. The use of a pixel allows us to record, for example, that a user has visited a particular web page or clicked on a particular advertisement. Advertisements served through the Services may be targeted to users who fit a certain general profile category may be based on Anonymous Data inferred from information provided to us by a user, may be based on the Services usage patterns of particular users, or may be based on your activity on Third Party Services. We currently do not provide Personal Data to any ad networks for use outside of the Services. To increase the effectiveness of ad delivery, we may deliver a file pixel tag from an ad network to you through the Services. These pixel tags allow ad networks to provide anonymized, aggregated auditing, research and reporting for us and for advertisers. Web beacons also enable ad networks to serve targeted advertisements to you when you visit other websites. Because your web browser must request these advertisements and pixel tags from the ad network’s servers, these companies can view, edit or set their own cookies, just as if you had requested a web page from their site.
Mobile Services. We may also collect Anonymous Data from your mobile device if you have downloaded our application(s). This information is generally used to help us deliver the most relevant information to you. Examples of information that may be collected and used include your geographic location, how you use the Application(s), and information about the type of device you use. In addition, in the event our Application(s) crash on your mobile device, we will receive information about your mobile device model software version and device carrier, which allows us to identify and fix bugs and otherwise improve the performance of our Application(s). This information is sent to us as aggregated information and is not traceable to any individual and cannot be used to identify an individual.
Other People’s Data. If you decide to invite a third party to participate in the Services, or to create an account, we will collect your and the third party’s names and e-mail addresses in order to send an e-mail and follow up with the third party. We rely upon you to obtain whatever consents from the third party that may be required by law to allow us to access and upload the third party’s name and e-mail address as required above. You or the third party may contact us at firstname.lastname@example.org to request the removal of this information from our database. The e-mail that is sent to the third party will come from your e-mail address so that the third party will know that you want to invite him or her to the Services.
- HOW WE USE THE INFORMATION
While we consider the collection and processing of your information to be in our legitimate business interests we take your privacy rights seriously. We use information about you for a number of purposes. Below are the specific purposes for which we use the information we collect about you.
To provide the Services and personalize your experience. We use information about you to provide the Services to you, including to process payment transactions with you, authenticate you when you log in, provide customer support, and operate and maintain the Services.
For research and development. We are always looking for ways to make our Services smarter, faster, more secure, integrated and useful to you. To that end, we use collective learnings about how people use our Services and feedback provided directly to us to troubleshoot and to identify trends, usage, activity patterns and areas for integration and improvement of the Services.
To communicate with you about the Services. We use your contact information to send transactional communications via email or chat and within the Services, including confirming your purchases, reminding you of subscription expirations, ensuring accurate and timely payments are processed, responding to your comments, questions and requests, providing customer support, and sending you technical notices, product updates, security alerts, and administrative messages.
To market, promote, and drive engagement with the Services. We use your contact information and information about how you use the Services to send promotional communications that may be of specific interest to you, including by email and by displaying ads on other companies’ websites and applications, as well as on platforms like Facebook and Google. These communications are aimed at driving engagement and maximizing what you get out of the Services, including information about new features, survey requests, events and other information we think may be of interest to you. We also communicate with you about new product offers, promotions and contests.
Conducting surveys and collecting feedback about our Services. We do this to pursue our legitimate interests to understand if the Services are helpful to you and to evaluate the effectiveness of any updates we provide.
Customer support. We use your information to resolve technical issues you encounter, to respond to your requests for assistance, to analyze crash information, and to repair and improve the Services. We also use your information to provide requested assistance (either originated from you, or a person acting legitimately on your behalf) and to offer proactive support in case of itinerary changes.
For safety and security. We use information about you and your Service use to verify accounts and activity, to monitor suspicious or fraudulent activity and to identify violations of Service policies.
To protect our legitimate business interests and legal rights. Where required by law, where we believe it is in our legitimate business interest, or where it is necessary to protect our legal rights, interests and the interests of others, we use information about you in connection with legal claims, compliance, regulatory, and audit functions, and disclosures in connection with the acquisition, merger or sale of a business.
With your consent. We use information about you where you have given us consent to do so for a specific purpose not listed above. For example, we may publish testimonials or featured customer stories to promote the Services, with your permission.
Additional purposes. We may process your information for any other purpose disclosed to you in connection with our Services from time to time. If we intend to process your personal data for a purpose other than that set out above, we will provide you with information prior to such processing and will obtain your consent where necessary.
Legal basis for processing (for EEA users): If you are an individual in the European Economic Area (EEA), we collect and process information about you only where we have legal bases for doing so under applicable EU laws. The legal bases depend on the Services you use and how you use them. This means we collect and use your information only where: We need it to provide you the Services, including to operate the Services, provide customer support and personalized features and to protect the safety and security of the Services; It satisfies a legitimate interest (which is not overridden by your data protection interests), such as for research and development, to market and promote the Services and to protect our legal rights and interests; You give us consent to do so for a specific purpose; or We need to process your data to comply with a legal obligation.
If you have consented to our use of information about you for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing that has already taken place. Where we are using your information because we or a third-party (e.g. your employer) have a legitimate interest to do so, you have the right to object to that use though, in some cases, this may mean no longer using the Services.
EU Purpose and Legal Basis for Using Personal Information
If the personal information we process about you is subject to EU data protection law, we rely on one or more of the following EU lawful legal bases:
- Data subject has given consent to the processing of his or her personal data for one or more specific purposes
- Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract
- Processing is necessary for compliance with a legal obligation to which the controller is subject
- Processing is necessary in order to protect the vital interests of the data subject or of another natural person
- Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
- Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
Personal information is or may be used for the following purposes:
- To provide and improve our Service.
- To administer your use of the Service
- To recommend follow-up reminders, assign tasks, or personalize the service,
- To provide or offer software updates and product announcements.
- To ensure our legal compliance obligations.
- HOW WE SHARE INFORMATION
We may share your information with our third-party service providers, to comply with legal obligations, to protect and defend our rights and property, or with your permission. Below are the specific ways we share information we collect about you.
Communications with Us. As part of the Services, you may occasionally receive text, email and other communications from us, such as communications relating to your Account. In the event that we communicate with you through text, standard messaging rates apply.
User Profile Information. User profile information including your username and other information you enter may be displayed to other users to facilitate user interaction within the Services. We will not directly reveal user email addresses to other users.
Company. In the event that you use the Services in connection with a company, we may share your Personal Data with the company and the company administrator(s).
Information Shared with Our Agents. We employ and contract with people and other entities that perform certain tasks on our behalf and who are under our control (our “Agents”). We may need to share Personal Data with our Agents in order to provide products or services to you. Unless we tell you differently, our Agents do not have any right to use Personal Data or other information we share with them beyond what is necessary to assist us. You hereby consent to our sharing of Personal Data with our Agents.
Information Shared with Our Technical Partners. We leverage certain technologies from third party partners that perform key tasks for us. An example would be optical scanning of receipt images submitted for expenses.
Aggregate Information. We share Aggregate Information with our partners, service providers and other persons with whom we conduct business. We share this type of statistical data so that our partners can understand how and how often people use our Services and their services or websites, which facilitates improving both their services and how our Services interface with them. In addition, these third parties may share with us non-private, aggregated or otherwise non-Personal Data about you that they have independently developed or acquired.
Interest-Based Advertising. We may allow third-party advertising partners to set tracking tools (e.g., cookies) to collect information regarding your activities (e.g., your IP address, page(s) visited, time of day). We may also share such de-identified information as well as selected Personal Data (such as demographic information and past purchase history) we have collected with third-party advertising partners. These advertising partners may use this information (and similar information collected from other websites) for purposes of delivering targeted advertisements to you when you visit other websites within their networks. This practice is commonly referred to as “interest-based advertising” or “online behavioral advertising. We may allow access to other data collected by the Site to facilitate transmittal of information that may be useful, relevant, valuable or otherwise of interest to you.
Information Disclosed Pursuant to Business Transfers. In some cases, we may choose to buy or sell assets. In these types of transactions, user information is typically one of the transferred business assets. Moreover, if we, or substantially all of our assets, were acquired, or if we go out of business or enter bankruptcy, user information would be one of the assets that is transferred or acquired by a third party. You acknowledge that such transfers may occur, and that any acquirer of us or our assets may continue to use your Personal Data as set forth in this policy.
Information Disclosed for Our Protection and the Protection of Others. We also reserve the right to access, read, preserve, and disclose any information as it reasonably believes is necessary to (i) satisfy any applicable law, regulation, legal process or governmental request, (ii) enforce these Terms of Service, including investigation of potential violations hereof, (iii) detect, prevent, or otherwise address fraud, security or technical issues, (iv) respond to user support requests, or (v) protect our rights, property or safety, our users and the public. This includes exchanging information with other companies and organizations for fraud protection and spam/malware prevention.
Information We Share with Your Consent: We will share your Personal Data with any relevant party you have granted us permission to share with.
Information Shared with Authorities. We may also need to disclose Personal Data in response to lawful requests by public authorities, for law enforcement or national security reasons, or when such action is necessary to comply with a judicial proceeding or court order, or when otherwise required by law. We do not offer an opportunity to opt out from this category of disclosure.
Information Sharing and Disclosure by Us (Do Not Sell My Information). We do not sell directly identifiable personal information to third parties.
- HOW WE STORE AND SECURE INFORMATION
Keeping your information secure is a top priority for us. To that end we comply with industry-standard best practices to secure your information. We use data hosting service providers in the United States to host the information we collect, and we use technical measures to secure your data. While we implement safeguards designed to protect your information, no security system is impenetrable and due to the inherent nature of the Internet, we cannot guarantee that data, during transmission through the Internet or while stored on our systems or otherwise in our care, is absolutely safe from intrusion by others. How long we keep information we collect about you depends on the type of information, as described in further detail below. After such time, we will either delete or anonymize your information or, if this is not possible (for example, because the information has been stored in backup archives), then we will securely store your information and isolate it from any further use until deletion is possible.
Account Information. We retain your personal information only as long as necessary to accomplish the business purpose for which it was collected or to comply with our legal and contractual obligations, plus 1 year, and then securely dispose of that information. We also retain some of your information as necessary to comply with our legal obligations, to resolve disputes, to enforce our agreements, to support business operations and to continue to develop and improve our Services. Where we retain information for Service improvement and development, we take steps to eliminate information that directly identifies you, and we only use the information to uncover collective insights about the use of our Services, not to specifically analyze personal characteristics about you.
Information You Share on the Services If your account is deactivated or disabled, some of your information and the content you have provided will remain.
Marketing information If you have elected to receive marketing emails from us, we retain information about your marketing preferences unless you specifically ask us to delete such information. We retain information derived from cookies and other tracking technologies for a reasonable period of time from the date such information was created.
- HOW TO ACCESS AND CONTROL YOUR INFORMATION
You have the right to request a copy of your information, to object to our use of your information (including for marketing purposes), to request the deletion or restriction of your information, or to request your information in a structured, electronic format. Below, we describe the tools and processes for making these requests.
Access and Update Your Information. Our Services and related documentation give you the ability to access and update certain information about you from within the Service. You can update your profile information within your profile settings and modify content that contains information about you using the editing tools associated with that content.
Deactivate Account. You can deactivate your access to the Services at any time.
Delete Your Information. Our Services and related documentation give you the ability to delete certain information about you from within the Service. Please note, however, that we may need to retain certain information for record keeping purposes, to complete transactions or to comply with our legal obligations.
Request That We Stop Using Your Information. In some cases, you may ask us to stop accessing, storing, using and otherwise processing your information where you believe we don’t have the appropriate rights to do so. For example, if you believe a Services account was created for you without your permission or you are no longer an active user, you can request that we delete your account as provided in this policy. Where you gave us consent to use your information for a limited purpose, you can contact us to withdraw that consent, but this will not affect any processing that has already taken place at the time. You can also opt-out of our use of your information for marketing purposes by contacting us, as provided below. When you make such requests, we may need time to investigate and facilitate your request. If there is a delay or dispute as to whether we have the right to continue using your information, we will restrict any further use of your information until the request is honored or the dispute is resolved, provided your administrator does not object (where applicable). If you object to information about you being shared with a third-party app, please disable the app or contact your administrator to do so.
Opt Out of Communications. You may opt out of receiving promotional communications from us by using the unsubscribe link within each email, updating your email preferences within your Service account settings menu, or by contacting us as provided below to have your contact information removed from our promotional email list or registration database. Even after you opt out from receiving promotional messages from us, you will continue to receive transactional messages from us regarding our Services. You can opt out of some notification messages in your account settings.
Send “Do Not Track” Signals. Some browsers have incorporated “Do Not Track” (DNT) features that can send a signal to the websites you visit indicating you do not wish to be tracked. We support Do Not Track (“DNT”). Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked. You can enable or disable Do Not Track by visiting the Preferences or Settings page of your web browser.
Data portability. Data portability is the ability to obtain some of your information in a format you can move from one service provider to another (for instance, when you transfer your mobile phone number to another carrier). Depending on the context, this applies to some of your information, but not to all of your information. Should you request it, we will provide you with an electronic file of your basic account information and the information you create on the spaces under your sole control.
- HOW WE TRANSFER DATA INTERNATIONALLY
To bring you our services, we operate globally. Where the laws of your country allow you to do so, you authorize us to transfer, store, and use your data in the United States. In some of the countries to which we transfer personal data, the privacy and data protection laws and rules regarding when government authorities may access data may vary from those of your country.
When we transfer personal data outside of the European Union or EFTA States, we ensure an adequate level of protection for the rights of data subjects based on the adequacy of the receiving country’s data protection laws, contractual obligations placed on the recipient of the data (model clauses may be requested by inquiry as described below), or EU-US and Swiss-US Privacy Shield principles.
We comply with the EU-US and Swiss-US Privacy Shield principles (the “Principles”) regarding the collection, use, sharing, and retention of personal data from the European Union and Switzerland. A full copy of the Privacy Shield can be found here: https://www.privacyshield.gov. Privacy Shield participants are subject to the investigatory and enforcement powers of the US Federal Trade Commission and other authorized statutory bodies. Under certain circumstances, participants may be liable for the transfer of personal data from the EU or Switzerland to third parties outside the EU and Switzerland.
In compliance with the Privacy Shield Principles, we commit to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact us at:
ATTN: Data Protection Officer
1100 Sullivan Ave
Daly City, CA 94015
We have further committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints concerning data transferred from the EU and Switzerland, and for any issues originating from residents outside the United States.
If you have any questions or concerns, please write to us at the address listed above. We will investigate and attempt to resolve complaints and disputes regarding use and disclosure of Personal Data in accordance with the Privacy Shield Principles.
A binding arbitration option may also be available to you in order to address residual complaints not resolved by any other means. We are subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (“FTC”).
- ADDITIONAL IMPORTANT PRIVACY MATTERS
Minimum Age. The Services are not directed to individuals under 16. We do not knowingly collect Personal Data from children under 16. If we become aware that a child under 16 has provided us with Personal Data, we will take steps to delete such information. If you become aware that a child has provided us with Personal Data, please contact our support services.
California Privacy Rights. California law permits users who are California residents to request and obtain from us once a year, free of charge, a list of the third-parties to whom we have disclosed their Personal Data (if any) for their direct marketing purposes in the prior calendar year, as well as the type of Personal Data disclosed to those parties.
California Privacy Rights
If you are a California resident and the processing of personal information about you is subject to the California Consumer Privacy Act (“CCPA”), you have certain rights with respect to that information. Please visit our TravelBank’s California Consumer Privacy page for detailed information on your rights.
- CONTACT US
Contacting us: If you have any questions, please don’t hesitate to contact us at:
ATTN: Data Protection Officer
1100 Sullivan Ave
Daly City, CA 94017
Please include your name, address, and/or email address when you contact us.
Our EU Representative for Article 27 of the GDPR is:
VeraSafe Ireland Ltd.
Unit 3D North Point House
North Point Business Park
New Mallow Road
Should you wish to file a complaint regarding our use of your personal data, the supervisory authority for the UK is the Information Commissioner’s Office and can be reached at https://ico.org.uk
Effective Date: March 15, 2023