Via TRM PRIVACY POLICY

Version 2: Updated September 2025

We are Project Travel, LLC and we do business as Via TRM (together with our subsidiaries and affiliates, “Via TRM”, “we”, “us” or “our”). We know that you care about how your personal information is collected, used and shared, and we take your privacy seriously. This privacy policy (“Policy”) explains how we collect, use, and share your personal information in connection with our platform (the “Platform”), available through our websites located at www.viatrm.com and www.via-trm.com and any other websites operated by Via TRM that link to this Policy (collectively, the “Site”), and our related online and offline services, events, social media pages, and email and other electronic communications (which, together with the Site and Services (defined below), are incorporated into the Platform for purposes of this Policy). Our online travel relationship management services (the “Services”) enable students and interested travelers to connect and interact with their educational organization or institution (each, an “Institution”) and third parties authorized by the Institution that facilitate travel or travel programs of any kind (each, a “Provider Program”).

In some circumstances, the Services may be private-labeled under the Institution’s name. This Policy does not apply to such private-labeled sites or to websites, applications, or services linked to from our Platform that we do not own or control. Further, this Policy does not apply to personal information that we may store or maintain on behalf of our Institution customers, where applicable.

Please read this Policy carefully to understand our policies and practices regarding your personal information and how we will treat it. This Policy may change from time to time as described below and your continued use of our Site or the Services after we make changes is deemed to be acknowledgement of those changes, so please check the Policy periodically for updates.

This Policy covers the following topics:

• Personal Information We Collect and How We Collect It

• How We Use Personal Information We Collect

• Sharing of Personal Information We Collect

• Security of Your Personal Information

• International Transfers of Personal Information

• Your Choices

• Children’s Information

• Third-Party Websites

• Do Not Track

• Additional Notice to California Residents (Shine the Light)

• Additional Notice to Nevada Residents

• Additional Notice to Residents of the European Economic Area (EEA), United Kingdom, and Switzerland

• Changes to This Policy

• Contact Us

Personal Information We Collect and How We Collect It

Personal Information Collected

Depending on how you interact with the Platform, we may collect the following categories of personal information about you: 

• Identifying information, such as your first and last name, email address, phone number, mailing address (current and permanent), home Institution, student ID number, government-issued identifiers (such as passport number), and social media handle.
• Demographic information, such as date and place of birth, sex/gender, citizenship and residency status, race, ethnicity, disability, and veteran status. 
• Academic information, such as home Institution, year in school, GPA, major/minor, and other information related to academic performance. 
• Account information, such as your username and password when you create an account to log in to our Services (“Account”) so that we may provide access to you to your Account, provide you with the features and content of our Services, monitor users’ compliance with our policies and terms, and for other purposes described in this Policy or at the time of collection. 
• Profile information, such as travel history and experience, spoken languages, potential funding sources, potential barriers to travel, preferred program type and location, and related information through your answers, comments and other information you provide to assist with your Via TRM experience, deliver content and features that we believe will be of interest to you, improve our content and Services, and for other purposes described in this Policy or at the time of collection. 
• Itinerary information if you choose to submit this information to the Services, such as flight and hotel information, location and dates of your program, and your geolocation (city/region) if you opt-in to SafeCheck and manually push a “check-in”.
• Communications, such as when you provide us feedback or contact us via email, we will collect your name and email address, as well as any other content included in the communication, in order to send you a reply. We and our service provider may also record or monitor any call or web chat you have with us for quality control or training purposes, or to enforce our rights.
• Survey responses if you choose to participate, such as additional profile information to improve our content and Services, and for other purposes described in this Policy or at the time of collection.
• Other types of personal information that you provide to us voluntarily, such as any information you provide to us if you contact us regarding support for our Services in order for us to respond to your support request or provide to us in person at an event (either manually or electronically).
• Submissions in a sweepstakes, contest, or giveaway on our Platform, such as your email address, physical address, and home or mobile telephone number (to notify you if you win or not). We may also ask for the first and last names, and sometimes post-office addresses, to verify your identity. In some situations, we may need additional information as part of the entry process, such as a prize selection choice. All of this information enables us to conduct the sweepstakes, context, or giveaway, improve our future promotional activities, and comply with applicable law. These sweepstakes and contests are voluntary. We recommend that you read the rules for each sweepstakes and contest that you enter.
• Online activity information, such as the website you visited before browsing to the Platform, pages or screens you viewed, how long you spent on a page or screen, navigation paths between pages or screens, information about your activity on a page or screen, access times, and duration of access.
• Device information, such as your computer or mobile device operating system type and version number, wireless carrier, manufacturer and model, browser type, screen resolution, IP address, unique identifiers, and general location information such as city, state, or geographic area.

We may also collect other personal information that is not specifically listed here at such other points on our Site or Services that state that personal information is being collected so that we may provide the features or functionality for which we collected the personal information and for other purposes described in this Policy or at the time of collection.

We obtain personal information from a variety of sources, including the following sources:

Information You Provide to Us

We collect personal information when you voluntarily submit it to us, such as when you fill out a form on the Site, sign up for our newsletter, register for an account, participate in a survey or sweepstakes, or communicate with us.

Information Collected Automatically by Technology

When you visit our Site or use our Services, we and our service providers and advertising partners may collect information automatically, such as the online activity and device information described above, through the use of log files, cookies or other now known or later developed technologies :

• Log Files. As is true of most websites, we gather certain information automatically and store it in log files. This information includes IP addresses, browser type, Internet service provider (ISP), referring/exit pages, device information (including type, unique device identifier, specifications, settings, and operating system), geographic location (including GPS information, if you have authorized it), date/time stamp, and clickstream data. We use this information to analyze trends, administer the Site and Services, track users’ movements around the Site and Services, gather demographic information about our user base as a whole, and better tailor our Site and Services to our users’ needs.
• Cookies. Like many online services, we use cookies to collect information. “Cookies” are small pieces of information that a website sends to your computer’s hard drive while you are viewing the website. We may use both session Cookies (which expire once you close your web browser) and persistent Cookies (which stay on your computer until you delete them) to provide you with a more personal and interactive experience on our Site and Services. This type of information is collected to make the Site and Services more useful to you and to tailor the experience with us to meet your special interests and needs. Please view the “Your Choices” section below if you wish to limit, block or delete cookies from our Site or Services (or any other website). For more information about our use of cookies, please read our Cookie Policy.
• Web Beacons (tracking pixels). Web beacons (also known as tracking pixels) are bits of data that count the number of users who access a website or open an email and can also allow us to see if a cookie has been activated. Web beacons used on web pages or in emails allow us to see how successful an article has been, or whether an email message was successfully delivered and read in a marketing campaign. We also use web beacons to learn if you have clicked on any links contained in emails. We may use this information to help us identify which emails are more interesting to you and to inform third parties how many people have clicked on their links (the information shared with third parties is aggregated and does not identify you individually).

Information Obtained from Third Parties

We may receive personal information from third parties, such as our service providers, advertising partners, data analytics partners, your home Institution, operating systems and platforms, social media platforms, event sponsors, or publicly available sources. We may merge or combine such personal information with the personal information we collect from you directly or automatically.

Information Obtained through Referrals

Users of the Services may have the opportunity to refer contacts to us and share their contact information, such as those of individuals at other educational institutions or travel programs. Please do not provide us with someone’s contact information unless you have their permission to do so.

How We Use Personal Information We Collect

In addition to the uses described above or at the time of collection, we may use the information we collect from you as set forth below.

To Provide the Platform, including:

• to operate our Platform and business;
• to understand you and your preferences to enhance your experience and enjoyment using our Platform;
• to improve the content of our Site and Services;
• to customize the content and layout of our Site and Services for individual users;
• to process and deliver contest or other promotional entries and rewards;
• to respond to your comments and questions and provide customer service;
• to provide and deliver products and services you request;
• to send you related information, including confirmations, invoices, technical notices, updates, security alerts, and support and administrative messages; 
• to link or combine it with other personal information we get from third parties, to help understand your needs and provide you with better service;
• to carry out our obligations and enforce our rights arising from any contracts entered into between you and us;
• for identity management, security, and auditing; and
• for any other purpose for which you provide personal information.

Direct Marketing: We use personal information to send you targeted messages about new contests, promotions, rewards, upcoming events, and other news about products and services offered by Via TRM and our selected partners. You may opt-out of our promotional email communications as described in the “Your Choices” section below.

To Comply with Laws and Regulations: We will use personal information as we believe necessary or appropriate to comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities.

For Compliance, Fraud Prevention, and Safety: We may use personal information and disclose it to law enforcement, government authorities, and private parties as we believe necessary or appropriate to: (a) maintain the safety, security, and integrity of the Services and our products and services, business, databases, and other technology assets; (b) protect our, your, or others’ rights, privacy, safety or property (including by making and defending legal claims); (c) audit our internal processes for compliance with legal and contractual requirements and internal policies; (d) enforce the terms and conditions that govern the Services; and (e) prevent, identify, investigate, and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.

With Your Consent: We will disclose your personal information in accordance with your prior direction or, in some cases, we may specifically ask you for your consent to collect, use, or share your personal information, such as when required by law.

Research and Development: We use personal information for research and development purposes, including to study and improve the Platform and our business, understand and analyze the usage trends and preferences of our users, and develop new features, functionality, products, and services. As part of these activities, we may create anonymized data (data that is not associated with or linked to your personal information) records from personal information by excluding information (such as your name, email address, personal identification numbers) that makes the data personally identifiable to you. We reserve the right to use anonymized data for any purpose and to disclose anonymized data to third parties for our lawful business purposes.

Sharing of Personal Information We Collect

In addition to the specific situations discussed elsewhere in this Policy or at the point of collection, Via TRM may share your personal information with the following entities or persons: 

Home Institution. We share your personal information submitted to the Services, such as profile information, with authorized users of your home Institution.

Provider Programs. We share your personal information with those Provider Programs designated by you so that you may be considered for and, as applicable, be provided services by, those programs.

Service Providers. We may provide your personal information to service providers or contractors to perform functions on our behalf, including, but not limited to, communicating news; performing Site or Services development or maintenance; providing functionality or other services for our Site and our Services; sending postal mail, email or other communications; removing outdated and repetitive information from our lists; analyzing our data; developing, enhancing, marketing or providing any of our services; processing payments; or assisting us with other marketing and support functions. These third-party providers only use your personal information to provide the services requested by Via TRM.

We may also disclose your personal information:

• to a person who in our reasonable judgment is seeking the information as an agent of the individual or company;
• if, in our reasonable judgment, it is necessary enforce compliance with our internal policies, terms of use, or the agreement for our Services;
• to protect the rights, property, and safety of Via TRM and our agents, customers, members, or others;
• in situations where sharing or disclosing your information is required in order to provide you with information that you have requested;
• in connection with a legal action or other proceeding, including without limitation, in response to a valid request by public authorities (e.g., a court order, a subpoena, or request by a government agency);
• in response to a law enforcement agency’s request;
• to comply with applicable law;
• in connection with or during negotiation of any merger, financing, acquisition, or dissolution, transaction, or proceeding involving sale, transfer, divestiture, or disclosure of all or a portion of our business or assets to another company;
• to another entity as part of a merger, bankruptcy, insolvency, receivership, a sale of assets or all or part of a business, or any other corporate change or re-organization; or
• to a third party or parties, where you consent to such disclosure or disclosure is required or permitted by law.

Security of Your Personal Information

Via TRM is committed to protecting the security of your personal information. Although we maintain commercially reasonable safeguards to maintain the security and privacy of personal information, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, Via TRM cannot guarantee the absolute security of your personal information. 

International Transfers of Personal Information

Via TRM is based in the United States, and we have service providers in the United States and potentially other countries. Your personal information may be collected, used, and stored in these countries or other locations outside of your home country. Privacy laws in the locations where we handle your personal information may not be as protective as the privacy laws in your home country. By providing your personal information, where applicable law permits, you specifically and expressly consent to such transfer and processing and the collection, use, and disclosure set forth herein.

Users located in Europe can view more information about cross-border transfers in the section below titled “Additional Notice to Residents of the European Economic Area (EEA), United Kingdom, and Switzerland.” 

Your Choices

Promotional Emails. You may opt out of receiving promotional emails from us by following the instructions in those emails. If you opt out, we may still send you non-promotional emails, such as emails about your accounts or our ongoing business relations. 

Review and Request Changes to Account Information. All users may review, update, correct, or delete the personal information in their Account by clicking on the “Profile” button and following the directions therein or by contacting us at the email listed at the end of this Policy. We will use commercially reasonable efforts to honor your request. We may retain an archived copy of your records as required by law or for legitimate business purposes.

SafeCheck Text and Geolocation. Travelers can enroll a valid mobile number in SafeCheck to ensure that authorized users of their home Institution can reach them via text message while traveling. This SMS check-in service is provided through our service provider and allows authorized users of your home Insitution to send communications regarding safety, wellness, and itinerary updates via text message or email, and to request location check-ins from travelers. To stop receiving these communications, unenroll in SafeCheck. 

Cookies. Most browsers let you remove and/or stop accepting cookies from the websites you visit. To do this, follow the instructions in your browser’s settings. Many browsers accept cookies by default until you change your settings. If you do not accept cookies, however, you may not be able to use all functionality of the Services and our Site may not work properly. For more information about cookies, including how to see what cookies have been set on your browser and how to manage and delete them, visit www.allaboutcookies.org.  

Analytics. The Site and Services uses Google Analytics to help us analyze how the Site and Services are being accessed and used. You can learn more about Google Analytics cookies by clicking here and about how Google protects your data by clicking here. To opt-out of Google Analytics, you can download and install the Google Analytics Opt-out Browser Add-on, available here. 

Children’s Information

Our Platform is not intended for children under the age of 16. In particular, we do not knowingly solicit or collect personal information on our Platform from children under the age of 16. If we learn that a child under the age of 16 has submitted personal information to us, we will take reasonable measures to delete such information from our records and to not use such information for any purpose (except where necessary to protect the safety of the child or others as required by law).

Third-Party Websites

This Policy applies solely to information collected by us. This Policy does not apply to other websites or online services that are accessible through our Platform. Please be aware that third-party websites and online services that are accessible through our Platform (including social media websites) may have their own privacy and data collection policies and practices. We are not responsible for the privacy practices of such sites or services and will not be responsible for any actions or policies of such third parties. We encourage our users to be aware when they leave our Platform and to read the privacy statements of each and every website or online service that you visit.

Do Not Track

Some web browsers have a “Do Not Track” feature. This feature lets you tell websites you visit that you do not want to have your online activity tracked. Our Site and Services are not currently set up to respond to “Do Not Track” or similar signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com. 

Additional Notice to California Residents (Shine the Light)

Under California Civil Code sections 1798.83-1798.84, California residents who have an established business relationship with Via TRM are entitled to ask us for a notice describing what categories of personal information we share with third parties for the third parties’ direct marketing purposes. If you are a California resident and would like a copy of this notice, please submit your request to us using the contact information listed at the end of this Policy with “Shine the Light” in the subject line. 

Additional Notice to Nevada Residents

Nevada Revised Statutes Chapter 603A allows Nevada residents to opt-out of the “sale” of certain types of personal information. Subject to several exceptions, Nevada law defines “sale” to mean the exchange of certain types of personal information for monetary consideration to another person. If you are a Nevada resident who wishes to exercise your “sale” opt-out rights, you may submit a request to us using the contact information listed at the end of this Policy with “Nevada Opt-Out” in the subject line.

Additional Notice to Residents of the European Economic Area (EEA), United Kingdom, and Switzerland

The information provided in this section applies only to individuals in the European Economic Area, the United Kingdom, and Switzerland (collectively, “Europe”). Except as otherwise specified, references to “personal information” in this Policy are equivalent to “personal data” governed by European data protection legislation. 

The controller of your personal information covered by this Policy for purposes of European data protection legislation is Project Travel, LLC DBA Via TRM, Franklin Park Court, Franklin, MI 48025 US. Legal Bases for Processing of Personal Information as Controller

Our processing of your personal information is supported by a number of legal bases depending on the specific context in which we process it. Set out below are the most relevant ones. Please note that while we may rely on one legal basis for a particular activity, if that is no longer applicable or available then we may be able to rely on another basis. We rely on our legitimate interests as our legal basis only where those interests are not overridden by the impact on you (unless we have your consent or our processing is otherwise required or permitted by law). If you have questions about the legal basis of how we process your personal information, contact us at the email address listed at the end of this Policy.

We may use your personal information for reasons not described in this Policy where permitted by law and the reason is compatible with the purpose for which we collected it. If we need to use your personal information for an unrelated purpose, we will notify you and explain the applicable legal basis. Retention of Personal Information

We will keep your personal information for as long as necessary to fulfill the purposes for which it was collected and processed, including for the purposes of satisfying any legal, regulatory, accounting, or reporting requirements, to establish and defend legal claims, for fraud prevention purposes, or as long as required to meet our legal obligations.

To determine the appropriate retention period for your personal information, we will consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process it (and whether we can achieve those purposes through other means), and the applicable legal requirements. 

In some circumstances we may anonymize your personal information so that it can no longer be associated with you, in which case it is no longer personal information.

Upon expiration of the applicable retention period we will securely destroy or anonymize your personal data in accordance with applicable laws and regulations.

Your Rights

For personal information that we hold about you, European data protection laws may give you the right (subject to exceptions allowed by law) to:

• request access to your personal information;
• request we correct any inaccurate personal information;
• request we delete any personal information;
• restrict the processing of personal information;
• object to our reliance on our legitimate interests as the basis of the processing of personal information; and/or
• receive a copy of your personal information in a structured and commonly used machine-readable format or have such personal information transmitted to another company.

You may submit these requests by contacting us at the email address listed at the end of this Policy. We may ask you for additional information to confirm your identity and for security purposes before disclosing personal information requested. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions. If you would like to submit a complaint about our use of your personal information or our response to your requests regarding your personal information, you may contact us or submit a complaint to the data protection regulator in your jurisdiction. In the European Economic Area, you can find your data protection regulator here. In the United Kingdom, you can find your data protection regulator here.

Transfer of Personal Information

If we transfer your personal information to a country outside of Europe such that we are required to apply additional safeguards to your personal information under European data protection laws, we will do so. Please contact us at the email address listed at the end of this Policy for further information about any such transfers or the specific safeguards applied.

Changes to This Policy

This Policy is subject to occasional revision, and if we make any material changes in the way we use your personal information, we will notify you by posting the updated Policy on this page. In some cases, we may notify you about an update by sending you an email to the last email address you provided to us and/or by posting notice of the changes on our Services, or other means as may be required by applicable law. In all cases, continued use of our Services or Platform following notice of such changes shall indicate your acknowledgement of such changes. Please review this Policy periodically to keep up to date on our most current policies and practices.

Contact Us

Questions regarding this Policy should be directed to Via TRM:

• through the Contact link at the bottom of our Site
• or by sending an email to privacy@via-trm.com.

GDPR EU – Representative, questions can be directed to:

• the Reporting Link 
• or by sending an email to contact@gdprlocal.com
• EU Dublin Address
  • Instant EU GDPR Representative Limited 
  • Office 2 12A Lower Main Street, Lucan Co. Dublin K78 X5P8 Ireland

GDPR UK – Representative, questions can be directed to:

• the Reporting Link 
• or by sending an email to contact@gdprlocal.com
• UK Address
  • GDPRLocal Ltd. 
  • 1st Floor Front Suite 27-29 North Street, Brighton England BN1 1EB