PRIVACY POLICY

{Play}

Last updated: November 1, 2021

Hickory Global Partners, LLC (“HGP,” “we,” “us,” “our,” or the “Company”), is a New York limited liability company operating a global corporate travel alliance consisting of over 2,500 Member corporate agencies, corporate travel departments (“CTDs”) and corporations. We bridge the gap between our Members and worldwide travel suppliers through our air, hotel, and other supplier programs.

We understand the importance of maintaining the privacy and security of your personal information (“Personal Information”). Personal Information is commonly defined as any data that can be used to identify a specific individual. Under the California Consumer Privacy Act (“CCPA”), the definition of Personal Information is expanded to include “information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.” Although the CCPA only applies to protect the privacy rights of California residents, our Privacy Policy is intended to protect your Personal Information as broadly defined by the CCPA everywhere in the United States.

We have created this Privacy Policy to inform you about what Personal Information we collect and use in the provision of our services and through your use of our website, how and why it is collected and used, how and why it is disclosed or shared with third parties, how we safeguard it, and your choices and available methods for limiting the use and disclosure of your Personal Information.

PLEASE READ THIS PRIVACY POLICY CAREFULLY AND IN ITS ENTIRETY AS IT RELATES TO YOUR RIGHTS REGARDING THE PROCESSING OF YOUR PERSONAL INFORMATION.

CONTENTS

1. What Personal Information We Collect
2. How We Collect and Use Your Personal Information
3. Cookies, Web Beacons, and “Do-Not-Track” Signals
4. Who We Share Your Personal Information With and Why
5. Security and Storage of Your Personal Information
6. Your Choices for Limiting Use and Disclosure of Your Personal Information
7. Additional Disclosures for California Residents
8. European Union Privacy Notice
9. Children
10. Links to Third-Party Sites
11. Privacy Policy Changes
12. Contact Us

1. What Personal Information We Collect.

• Name;
• Business name & address;
• ARC/IATA Number;
• Number of branch offices;
• Member’s URL;
• If the Member is affiliated with ARC/IATA/BSP/True or CLIA;
• Global Distribution System (“GDS”) data, including Pseudo City Code (PCC) and name of GDS;
• Percentage of corporate, leisure and meeting/events;
• Annual hotel and air volume;
• If the Member is affiliated with another travel consortia group;
• Business title;
• Mobile number;
• Business telephone and fax numbers;
• Company and or personal Email address;
• W-9 for Members that take advantage of selected supplier commission programs;
• ACH form for CIBT to facilitate direct commission payments;
• Bank and payment data (corporate/personal credit cards, credit history and bank information);
• Total number of Travel Advisors including how many work in virtual environments;
• Tax ID;
• Travel arranger and emergency contact names and information;
• Traveler preferences and trip/meeting details (e.g., routings, class of service, seat preferences, frequent flyer data, meal preferences, hotel/rail/car and other ground transportation membership data and preferences, special accommodation requests, other personal data voluntarily supplied by you via your profile, surveys, or other requests);
• Travel documentation (e.g., passport/visa/national id/driver’s license number, TSA number, citizenship, date of birth, gender);
• Login credentials, user IDs, employee IDs, IP addresses, and browsing information.
• Arrival & departure dates;
• Name of the primary traveler;
• Hotel name and address;
• Travel Advisor’s username & source code;
• Employee and independent contractor data (e.g., Social Security and Employer Identification Numbers);
• Work history, including professional and employment-related information;
• Education and skills;
• Commercial information, including records of products or services purchased, obtained, or considered; and
• Social media account names.

2. How We Collect and Use Your Personal Information. We collect your Personal Information from a variety of sources, including:

• You, when you voluntarily and directly supply your Personal Information through our website, or by telephone, fax, email, or other channels of access;
• From third-party sources such as your Travel Advisor (e.g., your company representative when sending your company information on your behalf; from the network of websites and applications accessible through or utilized by our services);
• From third-party service providers and suppliers (e.g., airlines, hotels, rail/auto/other ground transportation suppliers and payment card providers);
• From other third-party partners and agents; and
• Automatically, from cookies and other similar technologies.

      We use your Personal Information to:

• Complete transactions requested by you or your company (e.g., booking travel reservations);
• Communicate with you by various means, including email, telephone, or fax;
• Manage your relationship with us (e.g., customer service, managing your account);
• Analyze your use of our website;
• Conduct surveys;
• Provide you with relevant marketing (e.g., information on services or products we think you may be interested in);
• Detect security incidents and to protect against and prosecute for malicious, deceptive, fraudulent, or illegal activity;
• Comply with legal requirements; and
• Serve your and our other legitimate business interests.

3. Cookies, Web Beacons, and “Do Not Track” Signals. A “cookie” is a small string of information that the website you visit transfers to your computer for anonymous identification purposes. We use cookies to follow your activity on our website, and to gain information about how you access and use our website and platform and about the device(s) you use to access our services. This information includes device ID or unique identifier, device type, browser type, Internet Service Provider, operating system, geolocation info, and computer and connection information. We also automatically collect information using cookies, web beacons, and similar technologies, to learn about the pages you view, the links you click, and other actions you take on our website and platform, the website from which you came and the website you are going to when you leave our website, your social media profiles, how frequently you access our website and platform and how long you use them, and whether you open, view, and click on any links in emails that we send you. That information helps us to understand your preferences and improve and personalize your website experience. Cookies are also used for such activities as remembering your username and password.

You can turn off all cookies in the event you prefer not to receive them. You can also have your computer warn you whenever cookies are being used, giving you a chance to decide whether or not to accept them. Please be aware, however, that when you choose to reject cookies, you may lose access to certain features of our website. Most cookies are “session cookies” which means that they are automatically deleted at the end of each session. Most browsers are initially set to accept cookies.

A web beacon is an invisible pixel-sized graphic image on a web page, web-based document, or e-mail message. It helps us do things like view the URL of the page on which the beacon appears and the time the service, document or email in question is viewed. They can be used to confirm the receipt of, and response to, our emails, including those that you forward to friends and family; and they help deliver a more personalized online experience.

We respect your privacy, but we do not alter the information we collect or change our services upon receiving “Do-Not-Track” (“DNT”) signals, as the term appears in Cal. Bus. & Prof. Code §22575(b)(5).  For more information about DNT signals, please visit http://allaboutdnt.com.

4. Who We Share Your Personal Information With and Why.  We do not sell your Personal Information. We share your Personal Information with the following third parties for the following reasons, where applicable:

• Advisers and financial institutions (legal, tax, auditors, risk and compliance, notaries, and business continuity support services);
• Travel-related service providers as necessary for travel fulfillment and related services, such as:

Airlines, cruise lines, hotels, ground transportation providers, and other travel suppliers;

IT providers for various types of technical travel-related and non-travel-related assistance;

Global Distribution Systems (“GDSs”) for booking and ticketing purposes;

Industry reporting authorities (e.g., Airlines Reporting Corporation) for clearinghouse functions;

Visa and passport providers;

Credit card  companies;

Payment collectors & processors;

• Your company and the third parties to whom it or you request disclosure for various reasons (e.g., travel fulfillment, travel-based reporting, cost accounting, auditing, and tracking);
• Support service providers (e.g., for storage, statistical analytics, marketing support, provision of software, credit history, risk reduction and fraud prevention);
• Where permitted by applicable laws, with third parties should there be any future corporate restructuring, sale, transfer or assignment of assets or business, merger, divestiture, or other changes to the Company’s control or financial status; and
• Government bodies and law enforcement organizations to comply with licensing and other legal obligations.

In the future, if we need to share your Personal Information for any other purpose, you will be informed in advance and have the opportunity to opt-out.

In some instances, service providers will be controllers in their own right, and will be directly responsible to you for their use of your Personal Information. They may be obliged under information protection legislation to provide you with additional information regarding the Personal Information that they hold about you and how and why they process that information. Further information may be provided to you in a separate notice or may be obtained from such service providers directly, for example, via their websites.

Our services may, from time to time, contain links to and from third-party websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for their policies. Please check the individual policies before you submit any information to those websites.

5. Security and Storage of Your Personal Information. The security of your Personal Information is important to us but no method of transmission over the Internet, or method of electronic storage, is 100% secure. Your Personal Information is only accessible, on a need to know basis, by a limited number of employees who have special permissions. While we use commercially acceptable technical and organizational measures to protect your Personal Information from loss, misuse, alteration, or unintentional destruction, we cannot guarantee its absolute security.

Personal Information relating to travel is generally stored in a profile in a GDS. We will only retain your Personal Information for as long as necessary to fulfill the purposes we collected it for, including for the purposes of our legitimate business interests and satisfying any legal or reporting requirements. In addition, we may retain Personal Information from closed accounts to comply with applicable law, prevent fraud, collect any fees owed, resolve disputes, troubleshoot problems, assist with any investigation, enforce our Terms and Conditions and take other actions permitted or required by applicable law. After it is no longer necessary for us to retain your Personal Information, we dispose of it in a secure manner.

To determine the appropriate retention period for Personal Information, we consider the amount, nature, and sensitivity of the Personal Information, the potential risk of harm from unauthorized use or disclosure of your Personal Information, the purposes for which we process your Personal Information, and applicable legal requirements.

6. Your Choices for Limiting Use and Disclosure of Your Personal Information. Under applicable data privacy protection laws, including the CCPA, and our policies, you have several basic rights regarding the Personal Information that we process about you. Here are your specific rights:

• Right to Access. The right to access the Personal Information we process about you.
• Right to Transfer. The right to receive the Personal Information we process about you in a commonly used format and to have it transferred to another data controller based on your consent.
• Right to Correct. The right to correct your Personal Information without undue delay where that Personal Information is inaccurate or incomplete.
• Right to Deletion. The right to have your Personal Information deleted without undue delay in certain circumstances.
• Right to Restriction. The right to restrict our processing of some or all of your Personal Information in certain circumstances.
• Right to Opt-Out. You have the right to opt-out of our processing or sale of your Personal Information.
• Right to Close Your Account. The right to request that we close your account.
• Right to Non-Discriminatory Treatment. You have the right not to be discriminated against for exercising any of the rights listed above.

If you wish to exercise any of these rights, please contact us at privacy@hickoryglobalpartners.com or by calling us at 1-877-353-0291. We will honor the requests you make related to your rights as the law allows, which means, in some cases, there may be legal or other legitimate reasons that we may not be able to address the specific request you make. You do not have to pay any fees to exercise your rights. We will respond to your request within 45 days. We will verify your request using the information associated with your account or other information that is held by us, including your email address. 

Please note, before we will be able to process your request for access to or deletion of your Personal Information, we will need to properly verify your identity for security purposes. Where you have an account with us, you can exercise your rights while logged-in to your account. Otherwise, if you do not have an account, but we possess appropriate Personal Information about you on file (e.g., name, phone number, email/physical address), we will attempt to verify your identity using that Personal Information. If it is not reasonably possible to identify you adequately, we may not be able to respond to your request.

You may also designate an authorized agent to exercise these rights on your behalf by following the procedure outlined below for California residents to designate an authorized agent to act on their behalf..

Under the CCPA, if you are a California resident, you may designate an authorized agent to make a request related to your Personal Information on your behalf.  In order to allow an authorized agent to make a request on your behalf, please email us at privacy@hickoryglobalpartners.com to provide your written request and consent to an authorized agent. When your authorized agent makes a request related to your Personal Information, we will require the agent to provide the above written permission. We may also require that you verify your own identity directly with us at the time such a request is made.

If you no longer want to receive our emails or other announcements, you may unsubscribe by writing to us at privacy@hickoryglobalpartners.com or following the instructions provided or the “unsubscribe” link at the bottom of our emails. Please note that you cannot unsubscribe from certain correspondence from us, including transactional messages relating directly to your account.

7. Additional Disclosures for California Residents. In addition to the rights described above in Section 6, which include the privacy rights of California residents under the CCPA, this Section describes how we collect, use, disclose, and/or “sell” (as defined under California law) Personal Information of California residents, and additional disclosures required by the CCPA. These additional disclosures are intended to supplement this Privacy Policy.

The CCPA requires us to disclose the Personal Information we may have collected about California residents in the past 12 months and from where we collected it. That information is in Sections 1 and 2, above.

We collect the Personal Information of California residents as further described in Section 2, to operate, manage, and maintain our business, to provide our products and services, and to accomplish our business purposes and objectives.

We may share such Personal Information with the third parties listed in Section 4, above. The CCPA also requires that we provide California residents with additional information about the categories of disclosures to such third parties within the past 12 months, particularly, where the disclosure involves monetary or other consideration. California treats these disclosures as “sales” of information, even where no money is exchanged. We do not “sell” data as the word “sell” is generally defined and commonly understood.

We may, however, have disclosed, in the past 12 months, the following categories of Personal Information to the following third parties for our operational “business purposes” as defined by California law:

• Personal Identifiers:

Advisers and financial institutions  

Service providers

Government bodies

• Internet or other electronic network activity information:

Service providers 

• Professional or employment-related information:

Service providers

• Geolocation information:

Service providers

• Education and skills:

Service providers

• Characteristics of protected classifications, including age, nationality, gender, disability, marital status, ethnicity/race:

Service providers

• Visual, audio, electronic and other similar information:

Service providers

• Commercial information:

Service providers

• Inferences drawn from any information to create a profile:

Service providers

We do not sell, or have actual knowledge of any sale of, the Personal Information of minors under 16 years of age.

As noted above, we do not sell your Personal Information.

8. European Union Privacy Notice. The information in this Section is intended to supplement this Privacy Policy with additional disclosures required by the General Data Protection Regulation 2016/679 (“GDPR”). The GDPR is a regulation that requires personal data (“Personal Data”) protection and privacy for natural persons who are present within the European Union (“EU”) or the European Economic Area (“EEA”). It also addresses the transfer of Personal Data outside the EU and EEA.

Under the GDPR, Personal Data is information that relates to an identified or identifiable individual. What identifies an individual could be as simple as a name or a number or could include other identifiers such as an IP address or a cookie identifier, or other factors.

Although we are based in the United States and do not have a physical business location within the EU or the EEA, if you are a natural person who is present within the EU or the EEA and we collect your Personal Data when you use our website, we are the controller of your Personal Data for purposes of the GDPR.

The GDPR states that data controllers can only process Personal Data when there is a legal ground for it. The acceptable legal grounds are:

• Consent, (e.g., before application of cookies, before sending marketing materials by electronic means, or before selling a data subjects Personal Data to a third party); or when processing is necessary for:
• The performance of a contract which the data subject is part of;
• Compliance with legal obligations to which the data controller is subject;
• To protect the vital interest of the data subject or of another natural person;
• Performance carried out in the public interest or within the official authority vested in the data controller; or
• For the legitimate interest of the data controller when this does not override the fundamental rights of the data subject.

There is no comparable requirement for legal bases under the CCPA.

Following are disclosures and information regarding your Personal Data required by the GDPR that may be essentially the same, in addition to, or somewhat different than our preceding Privacy Policy disclosures and information.

• The right to be informed: As with the CCPA, under the GDPR, you have a right to notice, upon collection, of the Personal Data collected and the purpose(s) for which it will be used. If your consent is the legal basis for collecting it, your consent must be explicitly given by an affirmative act. If you have affirmatively given your consent to the collection of your Personal Data, you have the right to revoke that consent at any time (See the right to object to processing, below).
• The right to access: You have the right to receive responses to your data access requests without undue delay and in any event within one (1) month of our receipt of your request;
• The right to rectification: You have the right to request that we correct any information you believe is inaccurate. You also have the right to request that we complete any information you believe is incomplete.
• The right to erasure (aka the right to be forgotten): You have the right to request that we erase your Personal Data, under certain conditions.
• The right to restrict processing: You have the right to request that we restrict the processing of your Personal Data, under certain conditions.
• The right to object to processing:  You have the right to object to our processing of your Personal Data, under certain conditions. If your consent is our legal basis for collecting your Personal Data, you have the right to revoke that consent at any time.
• The right to data portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
• The right to know about automated decision making and profiling: If we use automation to profile or make decisions about you from your Personal Data, you have the right to be informed of the details beforehand.
• The right to complain: You also have the right to lodge a complaint to your local data protection authority. Information about how to contact your local data protection authority is available at ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.

One main difference between the CCPA vs. GDPR is that the GDPR requires your affirmative prior consent to the collection and use of your Personal Data whereas the CCPA does not. In fact, according to the CCPA, a business does not need prior consent from a user before processing their data, nor does a website need prior consent from a user before selling their data to third parties. Both the GDPR and the CCPA provide for you to opt-out or withdraw from collection and use.

Where the GDPR requires all websites, companies and businesses to have a legal basis for processing the Personal Data of subjects in the EU or EEA, the CCPA does not have any such requirement. The CCPA only applies to for-profit business controllers and processors of Personal Information of California residents.

For an extensive comparison between the rights of the CCPA vs GDPR, have a look at page 26 in FPF’s privacy law comparison.

9. Children. We are committed to protecting the online privacy of children. We do not knowingly collect Personal Information from children under 16. We take children’s privacy seriously and encourage parents to play an active role in their children’s online experience at all times. If you have questions or concerns about the Internet and privacy for your child, we encourage you to check out http://www.consumer.ftc.gov/articles/0031-protecting-your-childs-privacy-online.

10. Links to Third-Party Sites. In an attempt to provide increased value to our visitors, we may choose various third-party websites (e.g., our business partners, social media networks) to link to within the website. We have no control over these linked sites, each of which has its own separate privacy and data collection practices that are independent from us. As such, we have no responsibility or liability for these independent policies or actions and are not responsible for the privacy practices or the content of any such websites. These linked sites are only for your convenience and you therefore access them at your own risk and should review each of their privacy policies before using them.

11. Privacy Policy Changes. We reserve the right to update and improve the provisions of this Privacy Policy at our discretion for such purposes as keeping up with legal, technological, and other business requirements. If we provide such modifications in the future, they will be effective upon being posted to this website, so you should check this website and the Last Updated date above periodically. Your continued use of our services after we post any modifications will constitute your acknowledgement and consent to abide and be bound by the changed Privacy Policy. If we make any material changes to this Privacy Policy, in addition to changing the Last Updated date above, we will notify you either through the email address you have provided to us or by placing a prominent notice on this website.
12. Contact Us. If you have any questions or concerns about this Privacy Policy, please contact us at privacy@hickoryglobalpartners.com or by calling us at 1-877-353-0291.

Hickory Global Partners, LLC

1625 S. Congress Avenue, Suite 100

Delray Beach, FL 33445

USA