Project Travel, LLC doing business as: Via TRM
We are Project Travel, LLC and we do business as Via TRM (“Via TRM”, “we”, “us” or “our”). Please read this Policy carefully to understand our policies and practices regarding your information and how we will treat it. When you access or use our website or Services, you are agreeing to the policies and practices set out in this Policy. If you do not agree with our policies and practices, you should not use our website or our Services. This Policy may change from time to time as described below and your continued use of our website or the Services after we make changes is deemed to be acceptance of those changes, so please check the Policy periodically for updates.
Information We Collect and How We Collect It
Information You Provide To Us
We collect personal information you provide to us:
- We collect identifying information, such as your name, email address, phone number, and password when you create an account to log in to our network (“Account”) so that we may provide access to you to your account, provide you with the features and content of our Services, monitor users’ compliance with our website and Services policies, and for other purposes described in this Policy.
- When you create an Account, we may also collect your answers, comments and other information you provide to assist with your Via TRM experience, deliver content and features that we believe will be of interest to you, improve our content and Services, and for other purposes described in this Policy.
- We also indirectly collect your personal information in the form of Service Data as further described under “Personal Information We Process on Organizations’ Behalf” below.
- If you provide us feedback or contact us via email, we will collect your name and email address, as well as any other content included in the email, in order to send you a reply.
- When you participate in one of our surveys, we may collect additional profile information to improve our content and Services, and for other purposes described in this Policy.
- We also collect other types of personal information that you provide to us voluntarily, such as any information you provide to us if you contact us regarding support for our Services in order for us to respond to your support request or provide to us in person at an event (either manually or electronically).
- If you participate in a sweepstakes, contest, or giveaway on our Services, we may ask you for your email address, physical address, and home or mobile telephone number (to notify you if you win or not). We may also ask for the first and last names, and sometimes post office addresses, to verify your identity. In some situations we may need additional information as part of the entry process, such as a prize selection choice. All of this information enables us to conduct the sweepstakes, context, or giveaway, improve our future promotional activities, and comply with applicable law. These sweepstakes and contests are voluntary. We recommend that you read the rules for each sweepstakes and contest that you enter.
- We also collect personal information at such other points on our Services that state that personal information is being collected so that we may provide the features or functionality for which we collected the personal information and for other purposes described in this Policy.
- We may receive personal information about users from Organizations that provide our Services by way of a co-branded or private-labeled website. We may add the information provided by these Organizations to the information we have already collected from users via our Services in order to improve the Services we provide.
- To the extent we are able to do so, we may link your non-personally identifiable information with your personally identifiable information and we may also link information collected online with information we collect offline or information collected online by third parties.
Information Collected By Technology
When you visit our Services, we may collect information, that by itself typically cannot be used to identify or contact you, through the use of log files, cookies or other now known or later developed technologies to assist us in observing the behavior of users visiting our website or using our Services:
- Log Files. As is true of most websites, we gather certain information automatically and store it in log files. This information includes IP addresses, browser type, Internet service provider (ISP), referring/exit pages, device information (including type, unique device identifier, specifications, settings, and operating system), geographic location (including GPS information, if you have authorized it), date/time stamp, and clickstream data. We use this information to analyze trends, administer the Services, track users’ movements around the Services, gather demographic information about our user base as a whole, and better tailor our Services to our users’ needs. Except as noted in this Policy, we do not link this automatically-collected data to personal information.
- Web Beacons (tracking pixels). Web beacons (also known as tracking pixels) are bits of data that count the number of users who access a website or open an email and can also allow us to see if a cookie has been activated. Web beacons used on web pages or in emails allow us to see how successful an article has been, or whether an email message was successfully delivered and read in a marketing campaign. We also use web beacons to learn if you have clicked on any links contained in emails. We may use this information to help us identify which emails are more interesting to you and to inform third parties how many people have clicked on their links (the information shared with third parties is aggregated and does not identify you individually).
How We Use Personal Information We Collect
In addition to the uses described above, we may use the information we collect from you:
- to operate and improve our Services and products;
- to understand you and your preferences to enhance your experience and enjoyment using our Services;
- to improve the content of our website or our Services;
- to customize the content and layout of our website or our Services for individual users;
- to process and deliver contest entries and rewards;
- to respond to your comments and questions and provide customer service;
- to provide and deliver products and services you request;
- to send you related information, including confirmations, invoices, technical notices, updates, security alerts, and support and administrative messages;
- to send you targeted messages about new contests, promotions, rewards, upcoming events, and other news about products and services offered by Via TRM and our selected partners;
- to use third-party service providers to send and distribute e-mail and to perform other marketing and support functions on our behalf or otherwise to assist us in providing our Services to you;
- to link or combine it with other personal information we get from third parties, to help understand your needs and provide you with better service;
- to carry out our obligations and enforce our rights arising from any contracts entered into between you and us;
- for identity management, security, and auditing;
- for any other purpose for which you provide it; or
- in any other way we may describe when you provide the information.
We may create anonymized data (data that is not associated with or linked to your personally identifiable information) records from personal information by excluding information (such as your name, email address, personal identification numbers) that makes the data personally identifiable to you. We use this anonymized data to analyze request and usage patterns so that we may enhance the content of our products and services and improve Services navigation. We reserve the right to use anonymized data for any purpose and to disclose anonymized data to third parties in our sole discretion.
Sharing of Personal Information We Collect
Except as disclosed in this Policy, we do not share, rent, or sell personally identifiable information you have given us to any third party without your permission. As described under “Personal Information We Process on Organizations’ Behalf” below, we do share, with your consent, your personal information with those third-party educational travel programs designated by you so that you may be considered for and, as applicable, be provided services by, those programs.
We may provide your personal information to service providers or contractors to perform functions on our behalf, including, but not limited to, communicating news; performing website or Services development or maintenance; providing functionality or other services for our website and our Services; sending postal mail, email or other communications; removing outdated and repetitive information from our lists; analyzing our data; developing, enhancing, marketing or providing any of our Services; processing payments; or assisting us with other marketing and support functions. These third party providers are required not to use your personal information other than to provide the services requested by Via TRM.
During the course of our business we may also share with third parties aggregated demographic and statistical information that is not personally identifiable.
We may also disclose your personal information:
- to a person who in our reasonable judgment is seeking the information as an agent of the individual or company;
- to protect the rights, property, and safety of Via TRM and our agents, customers, members, or others;
- in situations where sharing or disclosing your information is required in order to provide you with information that you have requested;
- in connection with a legal action or other proceeding, including without limitation, in response to a court order or a subpoena;
- in response to a law enforcement agency’s request;
- to comply with applicable law;
- in connection with or during negotiation of any merger, financing, acquisition, or dissolution, transaction, or proceeding involving sale, transfer, divestiture, or disclosure of all or a portion of our business or assets to another company;
- to another entity as part of a merger, bankruptcy, insolvency, receivership, a sale of assets or all or part of a business, or any other corporate change or re-organization; or
- to a third party or parties, where you consent to such disclosure or disclosure is required or permitted by law.
Personal Information We Process on Organizations’ Behalf
Information Collected by Organizations. Organizations, through their use of the functionality of our Services, collect personal information from students and interested travelers who are affiliated, engaged or otherwise working with those Organizations to pursue or participate in travel programs (“Service Data”). Please note that, while Organizations may utilize our Services functionality to collect Service Data that we store and process, we are not responsible for the privacy and data security practices of those Organizations and you should look to their privacy and data security policies for information and those Organizations to address your questions or concerns.
How We Use Service Data. We process Service Data through the functionality of our Services in accordance with the instructions provided to us by Organizations when they use that functionality (or by you when you interact with the functionality of our Services that are made available to you by an Organization). For example, when you register as a user through our Services as provided by an Organization, the Service Data you voluntarily enter or authorize the Organization to import into our Services, is stored and processed by our Services.
Sharing of Service Data. We may provide access to your Service Data to service providers or contractors to perform functions on our behalf in connection with our Services. You (or Organizations that you have permitted on your behalf) may authorize, through the use of our Services, the sharing of your Service Data with third parties who provide travel programs in which you have expressed an interest. When you direct the Organization to share your Service Data with a third party, that Organization may invite the third party as a user on the Services to access your Service Data or the Organization may export your Service Data out of the Services and deliver it to third party by separate means. You may also choose to be contacted by a third party, in which case the third party will receive your name and contact information for the purpose of following up with you. We may also notify the Organization that you have expressed interest in a particular third party’s program. We may also share Service Data with the types of third parties and for the reasons described in “Sharing Personal Information We Collect” above.
Security of Your Personal Information
Via TRM is committed to protecting the security of your personal information. We maintain commercially reasonable safeguards to maintain the security and privacy of personal information that you provide to us. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, while Via TRM uses reasonable efforts to protect your personal information, Via TRM cannot guarantee its absolute security. After you have submitted your information online to us, we recommend that you end your browser session before leaving your computer.
Your Information Choices & Changes
You may opt out of receiving promotional emails from us by following the instructions in those emails. If you opt out, we may still send you non-promotional emails, such as emails about your accounts or our ongoing business relations. All users may review, update, correct, or delete the personal information in their Account by clicking on the “Profile” button and following the directions therein or by contacting us at the email listed below. We will use commercially reasonable efforts to honor your request. We may retain an archived copy of your records as required by law or for legitimate business purposes.
Our website and our Services are not intended for children under the age of 16. In particular, we do not knowingly solicit or collect personal information on our website or through our Services from children under the age of 16 without prior verifiable parental consent. If we learn that, despite these measures, a child under the age of 16 has submitted personally identifiable information to us through our website or our Services, we will take reasonable measures to delete such information from our records and to not use such information for any purpose (except where necessary to protect the safety of the child or others as required by law).
This Policy applies solely to information collected by us. This Policy does not apply to other websites that are accessible through our website. Please be aware that third-party websites that are accessible through our website or our Services (including social media websites) may have their own privacy and data collection policies and practices. We are not responsible for the privacy practices of such sites and will not be responsible for any actions or policies of such third parties. We encourage our users to be aware when they leave our website and to read the privacy statements of each and every website that you visit.
Do Not Track
Some web browsers have a “Do Not Track” feature. This feature lets you tell websites you visit that you do not want to have your online activity tracked. These features are not yet uniform across browsers nor is there a common agreement about how to implement these features or interpret user intent. Our Services are not currently set up to respond to those signals.
Additional Notice to Residents of the European Economic Area (EEA) and Switzerland
Legal Bases for Collection and Processing of Information as Controller
Our collection and processing of your personally identifiable information is supported by a number of legal bases. Set out below are the most relevant ones. Please note that while we may rely on one legal basis for a particular activity, if that is no longer applicable or available then we may be able to rely on another basis.
To Fulfill a Contract: We collect and process some of your personally identifiable information because we need to do so either to enter into or fulfill a contract we have with you. For example, we process your personally identifiable information when we provide products to you that you have purchased on our website.
For a Legitimate Interest: We may process your personally identifiable information where we or a third party have a legitimate interest in doing so. For example, we have a legitimate interest in understanding how people are using our Services, both to improve them and to market them more effectively. Therefore, we may use your personally identifiable information to understand and analyze your use of our Services. When we rely on our legitimate interest, we will carry out a balancing test between our legitimate interests and your privacy rights. Our legitimate interests include: understanding how our audience interacts with our content, our marketing and promotions, and our Services; learning about our audience in order to improve our Services for them; developing, delivering, and maintaining relevant and engaging content and promotional information; supporting the dissemination of information on topics of interest to individuals and the community; supporting individuals’ rights to receive information; and conducting our business activities and achieving our business goals.
To Comply with Legal Obligations: We will process your personally identifiable information when necessary to comply with legal and regulatory obligations or defend claims. For example, we may share your personally identifiable information in response to a court order, subpoena, or law enforcement agency’s request.
Retention of Information
We will only keep your personally identifiable information for as long as necessary to fulfill the purposes for which it was collected and processed, including for the purposes of satisfying any legal, regulatory, accounting, or reporting requirements.
To determine the appropriate retention period for your personally identifiable information, we will consider the amount, nature, and sensitivity of the personally identifiable information, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process it (and whether we can achieve those purposes through other means), and the applicable legal requirements. The retention of Service Data is determined by the Organizations that collect it from you through the use of our Services.
In some circumstances we may anonymize your personally identifiable information so that it can no longer be associated with you, in which case it is no longer personally identifiable information.
Upon expiration of the applicable retention period we will securely destroy your personal data in accordance with applicable laws and regulations.
Access, Correction and Deletion of Information We Collect
For personally identifiable information that we hold about you, you may have the right (subject to exceptions allowed by law) to:
- request access to your personally identifiable information;
- request we correct any inaccurate personally identifiable information;
- request we delete any personally identifiable information;
- restrict the processing of personally identifiable information;
- object to the processing of personally identifiable information; and/or
- receive a copy of your personally identifiable information in a structured and commonly used machine-readable format or have such personally identifiable information transmitted to another company.
We may ask you for additional information to confirm your identity and for security purposes, before disclosing information requested to you. If we store, use, or process your Service Data, please contact the Organization that collected your Service Data if you would like to access, correct, or delete your Service Data, restrict or object to processing of your Service Data, or receive a copy of your Service Data. We will work with the Organization on whose behalf we store, use, or process your Service Data to respond to your request within a reasonable time.
Transfer of Information
We are located in the United States and your personally identifiable information that we collect is processed and stored in the United States (except for Service Data related to an Organization in New Zealand, in which case your Service Data is processed and stored in New Zealand). We rely on derogations for specific situations as set forth in Article 49 of the General Data Protection Regulation (“GDPR”). In particular, we collect and transfer to the United States personally identifiable information with your consent; to perform a contract with you; or to fulfill a compelling legitimate interest of ours in a manner that does not outweigh your rights and freedoms. The United States has not sought nor received a finding of “adequacy” from the European Union under Article 45 of the GDPR. Given the lack of a finding of “adequacy”, there may be a risk that the supervisory authority and/or data processing principles and/or data subject rights in the United States might not be sufficiently appropriate or comprehensive safeguards from the perspective of the EU. We strive, however, to apply suitable safeguards to protect the privacy and security of your personally identifiable information and only to use it consistent with your relationship with us and the practices described in this Privacy Notice. Our vendors and others with whom we share your personal information in accordance with this Policy are either certified to the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks or we use contractual clauses in our agreements with them that are designed to protect the privacy and security of your personally identifiable information.
Changes to This Policy
This Policy is subject to occasional revision, and if we make any material changes in the way we use your personal information, we will notify you by sending you an email to the last email address you provided to us and/or by posting notice of the changes on our Services. Any changes to this Policy will be effective upon the earlier of thirty (30) calendar days following our dispatch of an email notice to you or thirty (30) calendar days following our posting of notice of the changes on our Services. These changes will be effective immediately for new users of our Services. Please note that at all times you are responsible for updating your personal information to provide us with your most current email address. In the event that the last email address that you have provided us is not valid, or for any reason is not capable of delivering to you the notice described above, our dispatch of the email containing such notice will nonetheless constitute effective notice of the changes described in the notice. Continued use of our Services or service following notice of such changes shall indicate your acknowledgement of such changes and agreement to be bound by the terms and conditions of such changes.
Questions regarding this Policy should be directed to Via TRM:
- through the Contact link at the bottom of our website
- or by sending an email to firstname.lastname@example.org