Privacy Policy - Crewfare: Group Travel | Event, Festival and Staff Booking

Effective Date: December 23, 2023

This Privacy Policy explains how Crewfare®, Inc (“Crewfare,” “we,” “our,” or “us”) collects, uses, and discloses information relating to individuals (“Personal Data”) when you access or use our products and services (collectively, the “Services”). This Privacy Policy applies to all information collected through our website, mobile applications, and any other online or offline interactions you may have with Crewfare. We take your privacy seriously. If you are an administrator on behalf of an organization, your acceptance of this Privacy Policy indicates acceptance and compliance on behalf of the organization, including its employees.

We will update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, and other factors. If we do, we will update the “effective date” at the top. If we make a material update, we may provide you with notice prior to the update taking effect, such as by posting a conspicuous notice on our website or by contacting you directly, or where required under applicable law and feasible, seek your consent to these changes.

We encourage you to periodically review this Privacy Policy to stay informed about our collection, processing and sharing of your Personal Data.

A. PROCESSING ACTIVITIES COVERED

This Privacy Policy applies to the processing of Personal Data collected by us when you:

Visit our websites that display or link to this Privacy Policy;
Visit our branded social media pages;
Visit our offices;
Receive communications from us, including emails, phone calls, texts or fax;
Use our cloud products and services as an authorized user (for example, as an employee of one of our customers who provided you with access to our services) where we act as a controller of your Personal Data;
Register for, attend or take part in our events.

Processing of Personal Data is required for receiving certain products or services.

Our websites and services may contain links to other websites, applications, and services maintained by third parties. The information practices of other services, or of social media platforms that host our branded social media pages, are governed by their privacy policies/statements, which you should review to better understand their privacy practices.

B. COLLECTION OF INFORMATION

1. PERSONAL DATA WE COLLECT DIRECTLY FROM YOU

We collect information you provide directly to us. For example, we collect information when you sign up to receive updates, request information, fill out a form, communicate with us via third party social media sites, request support, send us an e-mail, or otherwise communicate with us. The types of information we may collect include identifiers, professional or employment-related information, financial account information, commercial information, visual information, internet activity information, and any other information you choose to provide. We collect this information to help better provide you services. We collect such information in the following situations:

If you express an interest in obtaining additional information about our services; request customer support (including accessing the Help & Chat options); use our “Contact Us” or similar features; register to use our websites; sign up for an event; or download certain content, we may require that you provide to us your contact information, such as your name, address, phone number, email address;
If you make purchases via our websites or register for an event, we may require that you provide to us your financial and billing information, such as billing name and address, credit card number or bank account information;
If you register for an online community that we host, we may ask you to provide a username, photo or other biographical information, such as your occupation, location, social media profiles, company name, areas of expertise and interests;
If you interact with our websites or emails, we automatically collect information about your device and your usage of our websites or emails (such as Internet Protocol (IP) addresses or other identifiers, which may qualify as Personal Data using cookies, web beacons, or similar technologies;
If you use and interact with our services, we automatically collect information about your device and your usage of our services through log files and other technologies, some of which may qualify as Personal Data;
If you communicate with us via a phone call from us, we may record that call;
If you voluntarily submit certain information to our services, such as filling out a survey about your user experience, we collect the information you have provided as part of that request; and
If you visit our offices, you may be required to register as a visitor and to provide your name, email address, phone number, company name and time and date of arrival, and to comply with any then-present health requirements.

In addition to the data we collect as listed, we may also gather demographic information such as age, gender, and preferences to better understand our customers and tailor our services. Also, we may collect your geolocation data, personal tastes, and preferences related to travel and entertainment, and images or videos where applicable.

We advise against sharing sensitive personal information, such as health details, unless explicitly required or consented to for the provision of our services.

We process your Personal Data based on various legal grounds, depending on the nature of the data and how we interact with you. This includes processing based on your consent, for fulfilling our contractual obligations to you, for compliance with our legal obligations, to protect your vital interests, or for our legitimate interests.

If you provide us or our service providers with any Personal Data relating to other individuals, you represent that you have the authority to do so, and where required, have obtained the necessary consent, and acknowledge that it may be used in accordance with this Privacy Policy. If you believe that your Personal Data has been provided to us improperly, or want to exercise your rights relating to your Personal Data, please contact us by using the information in the “Contact us” section below.

2. PERSONAL DATA WE COLLECT FROM OTHER SOURCES

We may also collect information about you from other sources including third parties from whom we may purchase Personal Data and from publicly available information. We may combine this information with Personal Data provided by you. We use the collected information to provide and improve our services, respond to your requests, and for marketing purposes, ensuring a customized experience for each user. This helps us update, expand, and analyze our records, identify new customers, and create more tailored advertising to provide services that may be of interest to you. The Personal Data we collect from other sources includes identifiers, professional or employment-related information, education information, commercial information, visual information, internet activity information, and inferences about preferences and behaviors. In particular, we collect such Personal Data from the following sources:

Third-party providers of business contact information, including mailing addresses, job titles, email addresses, phone numbers, intent data (or user behavior data), IP addresses, social media profiles, LinkedIn URLs and custom profiles, for purposes of targeted advertising, delivering relevant email content, event promotion and profiling, determining eligibility and verifying contact information; and
Another individual at your organization who may provide us with your business contact information for the purposes of obtaining services; and
Platforms such as GitHub to manage code check-ins and pull requests. If you participate in an open source or community development project, we may associate your code repository username with your community account so we can inform you of program changes that are important to your participation or relate to additional security requirements.
We may obtain personal information about you from third-party sources, including social media platforms, identity verification services, and publicly available sources.

3. DEVICES AND USAGE DATA

We use common information-gathering tools, such as tools for collecting usage data, cookies, web beacons, pixels, and similar technologies to automatically collect information that may contain Personal Data as you navigate our websites, our services, or interact with emails we have sent to you. We also collect information such as your device type, unique device identification numbers, and your interactions with our website or app, to enhance your user experience.

As is true of most websites, we gather certain information automatically when individual users visit our websites. This information may include identifiers, commercial information, and internet activity information such as IP address (or proxy server information), device and application information, identification numbers and features, location, browser type, plug-ins, integrations, Internet service provider, mobile carrier, the pages and files viewed, searches, referring website, app or ad, operating system, system configuration information, advertising and language preferences, date and time stamps associated with your usage, and frequency of visits to the websites. This information is used to analyze overall trends, help us provide and improve our websites, offer a tailored experience for website users, and secure and maintain our websites.

In addition, we may gather certain information automatically as part of your use of our cloud products and services, and through our live chat function. This information may include identifiers, commercial information, and internet activity information such as IP address (or proxy server), mobile device number, device and application identification numbers, location, browser type, Internet service provider or mobile carrier, the pages and files viewed, website and webpage interactions including searches and other actions you take, operating system and system configuration information and date and time stamps associated with your usage. This information is used to maintain the security of the services, to provide necessary functionality, to improve performance of the services, to assess and improve customer and user experience of the services, to review compliance with applicable usage terms, to identify future opportunities for development of the services, to assess capacity requirements, to identify customer opportunities, and for the security of Crewfare® generally (in addition to the security of our products and services). Some of the device and usage data collected by the services, whether alone or in conjunction with other data, could be personally identifying to you. Please note that this device and usage data is primarily used to identify the uniqueness of each user logging on (as opposed to specific individuals), apart from where it is strictly required to identify an individual for security purposes or as required as part of our provision of the services to our customers.

Information Collected by Cookies and Other Tracking Technologies

We use technologies such as web beacons, pixels, tags, and JavaScript, alone or in conjunction with cookies, to gather information about the use of our websites and how people interact with our emails.

When you visit our websites, we, or an authorized third party, may place a cookie on your device that collects information, including Personal Data, about your online activities over time and across different sites. Cookies allow us to track use, infer-browsing preferences, and improve and customize your browsing experience. Our use of cookies and tracking technologies includes but is not limited to, understanding user preferences, improving site performance, tailoring advertising, and ensuring data protection.

We use both session-based and persistent cookies on our websites. Session-based cookies exist only during a single session and disappear from your device when you close your browser or turn off the device. Persistent cookies remain on your device after you close your browser or turn your device off. To change your cookie settings and preferences for one of our websites, click the Cookie Preferences link in the footer of the page. You can also control the use of cookies on your device, but choosing to disable cookies on your device may limit your ability to use some features on our websites and services.

We also use web beacons and pixels on our websites and in emails. For example, we may place a pixel in marketing emails that notify us when you click on a link in the email. We use these technologies to operate and improve our websites and marketing emails. For instructions on how to unsubscribe from our marketing emails, please see below.

Advertising and Analytics Services Provided by Others

We may allow others to provide analytics services and serve advertisements on our behalf across the web and in mobile applications. These entities may use cookies, web beacons, device identifiers and other technologies to collect information about your use of the Services and other websites and applications, including your IP address, web browser, mobile network information, pages viewed, time spent on pages or in apps, links clicked, and conversion information. This information may be used to, among other things, analyze and track data, deliver advertising and content targeted to your interests with our Services, and better understand your online activity.

For more information about interest-based ads, or to opt out of having your web browsing information used for behavioral advertising purposes, please visit www.aboutads.info/choices. You can also change your browser settings to block cookies, although doing so may disable some features of our website and Services.

Internet-based ads

Cookies are also used to collect information about your interests and preferences for the purposes of what is called “interest-based advertising”. It is for companies to send you offers about products and services tailored to your inferred taste and needs. You may turn off these cookies; however, you may still receive advertisements, with the difference of these not being specifically tailored to you.

To understand and responsibly manage cookies that enable interested-based ads we strongly recommend that you go to the website of the Digital Advertising Alliance (DAA) or to the website of the Network Advertising Initiative (NAI).

To learn more, please visit https://youradchoices.com/ . Many of our third-party service providers that serve interest-based advertisements to you across our services are members of the Network Advertising Initiative (NAI), or they follow the DAA’s Self-Regulatory Principles for Online Behavioral Advertising. You can choose to opt-out directly from these third parties by visiting their opt-out pages on the NAI website (http://www.networkadvertising.org/choices/) and DAA website (http://www.aboutads.info/choices/). However, please note that if you “opt-out” you will keep seeing links and online advertisements; however, they will not be specifically

Opt-Out from the setting of cookies on your individual browser

Most web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser or device to remove or reject browser cookies. Please note that if you choose to remove or reject cookies, this could affect the availability and functionality of our Services.

While some internet browsers offer a “do not track” or “DNT” option that lets you tell websites that you do not want to have your online activities tracked, these features are not yet uniform and there is no common standard adopted by industry groups, technology companies, or regulators. Therefore, we do not currently commit to responding to browsers’ DNT signals with respect to our websites. Crewfare® takes privacy and meaningful choice seriously and will make efforts to continue to monitor developments around DNT browser technology and the implementation of a standard.

Please see the links below for guidance on how to modify your web browser’s settings on the most popular browsers:

Microsoft Edge
Internet Explorer
Mozilla Firefox
Google Chrome
Apple Safari
Opera
Netscape

Once you correctly block cookies on your browser, parts of the website may become unavailable to you or may otherwise not function properly. Social Media Features

Social Media Features

Our websites may use social media features, such as the Facebook “like” button, the “Tweet” button and other sharing widgets (“Social Media Features”). Social Media Features may allow you to post information about your activities on our website to outside platforms and social networks. Social Media Features may also allow you to like or highlight information we have posted on our website or our branded social media pages. Social Media Features are either hosted by each respective platform or hosted directly on our website. To the extent the Social Media Features are hosted by the platforms themselves, and you click through to these from our websites, the platform may receive information showing that you have visited our websites. If you are logged in to your social media account, it is possible that the respective social media network can link your visit to our websites with your social media profile.

Your interactions with Social Media Features are governed by the privacy policies of the companies providing them.

Telephony log information

If you use certain features of our services on a mobile device, we may also collect telephony log information (like phone numbers, time and date of calls, duration of calls, SMS routing information and types of calls), device event information (such as crashes, system activity, hardware settings, browser language), and location information (through IP address, GPS, and other sensors that may, for example, provide us with information on nearby devices, Wi-Fi access points and cell towers).

B. PURPOSES FOR WHICH WE PROCESS PERSONAL DATA AND THE LEGAL BASES ON WHICH WE RELY

Providing our websites and Services (including necessary functionality for both): We process your Personal Data to perform our services with you for the use of our websites and services and to fulfill our obligations under the applicable terms of use and service; if we have not entered into a contract with you, we base the processing of your Personal Data on our legitimate interest to operate and administer our websites and to provide you with content you access and request (e.g., to download content from our websites);
Promoting the security of our websites and services: We process your Personal Data by tracking use of our websites and services, creating aggregated non-personal data, verifying accounts and activity, investigating suspicious activity, and enforcing our terms and policies to the extent it is necessary for our legitimate interest in promoting the safety and security of the services, systems and applications and in protecting our rights and the rights of others;
Handling contact and user support requests: If you request user support, or if you contact us by other means including via a phone call, email, or online chat, we process your Personal Data to perform our services with you and to the extent it is necessary for our legitimate interest in fulfilling your requests and communicating with you;
Managing event registrations and attendance: We process your Personal Data to plan and host events for which you have registered or that you attend, including sending related communications to you, to perform our services with you;
Managing contests or promotions: If you register for a contest or promotion, we process your Personal Data to perform our services. Some contests or promotions have additional rules containing information about how we will process your Personal Data;
Managing payments: If you have provided financial information to us, we process your Personal Data to verify that information and to collect payments to the extent that doing so is necessary to complete a transaction and perform our services;
Developing and improving our websites and services: We process your Personal Data to analyze trends and to track your usage of and interactions with our websites and services to the extent it is necessary for our legitimate interest in developing and improving our websites and services and providing our users with more relevant content and service offerings, or where we seek your valid consent;
Assessing and improving user experience: We process device and usage data as described in Section B(3) above, which in some cases may be associated with your Personal Data, to analyze trends and assess and improve the overall user experience to the extent it is necessary for our legitimate interest in developing and improving the service offering, or where we seek your valid consent;
Reviewing compliance with applicable usage terms: We process your Personal Data to review compliance with the applicable usage terms in our customer’s contract or the provision of services to the extent that it is in our legitimate interest to ensure adherence to the relevant terms;
Assessing capacity requirements: We process your Personal Data to assess the capacity requirements of our Services to the extent that it is in our legitimate interest to ensure that we are meeting the necessary capacity requirements of our service offering;
Identifying customer opportunities: We process your Personal Data to assess new potential customer opportunities to the extent that it is in our legitimate interest to ensure that we are meeting the demands of our customers and their users’ experiences;
Displaying personalized advertisements and content: We process your Personal Data to conduct marketing research, advertise to you, provide personalized information about us on and off our websites and to provide other personalized content based upon your activities and interests to the extent it is necessary for our legitimate interest in advertising our websites or, where necessary, to the extent you have provided your prior consent (please see the “Your Rights Relating to your Personal Data” section, below, to learn how you can control how the processing of your Personal Data by Crewfare® for personalized advertising purposes);
Sending marketing communications: We will process your Personal Data or device and usage data, which in some cases may be associated with your Personal Data, to send you marketing information, product recommendations and other non-transactional communications (e.g., marketing newsletters, telemarketing calls, SMS, or push notifications) about us and our affiliates and partners, including information about our products, promotions or events as necessary for our legitimate interest in conducting direct marketing or to the extent you have provided your prior consent (please see the “Your Rights Relating to your Personal Data” section, below, to learn how you can control the processing of your Personal Data by Crewfare® for marketing purposes); and
Complying with legal obligations: We process your Personal Data when cooperating with public and government authorities, courts or regulators in accordance with our legal obligations under applicable laws to the extent this requires the processing or disclosure of Personal Data to protect our rights or is necessary for our legitimate interest in protecting against misuse or abuse of our websites, protecting personal property or safety, pursuing remedies available to us and limiting our damages, complying with judicial proceedings, court orders or legal processes, respond to lawful requests, or for auditing purposes.

If we need to collect and process Personal Data by law, or under a contract we have entered into with you or related to the provision of services, and you fail to provide the required Personal Data when requested, we may not be able to perform our contract with you or to provide such services.

D. SHARING OF INFORMATION

We may share information about you as follows or as otherwise described in this Privacy Policy:

Service Providers: With our contracted service providers, who provide services such as IT and system administration and hosting, credit card processing, research and analytics, marketing, customer support and data enrichment for the purposes and pursuant to the legal bases described above; such service providers comprise companies located in the countries in which we operate;
Customers With Whom You Are Affiliated: If you use our services as an authorized user, we may share your Personal Data with your affiliated customer responsible for your access to the services to the extent this is necessary for verifying accounts and activity, investigating suspicious activity, or enforcing our terms and policies;
Third party networks and websites: With third-party social media networks, advertising networks and websites, so that Crewfare can market and advertise on third party platforms and websites;
Third Parties Involved in a Corporate Transaction: If we are involved in a merger, reorganization, dissolution or other fundamental corporate change, or sell a website or business unit, or if all or a portion of our business, assets or stock are acquired by a third party. In accordance with applicable laws, we will use reasonable efforts to notify you of any transfer of Personal Data to an unaffiliated third party;
In response to a request for information if we believe disclosure is in accordance with, or required by, any applicable law or legal process, including lawful requests by public authorities to meet national security or law enforcement requirements;
When we believe in good faith that we are lawfully authorized or required to do so or that doing so is reasonably necessary or appropriate to comply with the law or legal processes or respond to lawful requests, claims or legal authorities, including responding to lawful subpoenas, warrants, or court orders;
If we believe your actions are inconsistent with the spirit or language of our policies, or to protect the rights, property, and safety of our staff or others;
For any other purpose disclosed by us when you provide your Personal Information; or
With your consent or at your direction.

We may also share anonymous or de-identified usage data with Crewfare’s service providers for the purpose of helping Crewfare® in such analysis and improvements. Additionally, Crewfare® may share such anonymous or de-identified usage data on an aggregate basis in the normal course of operating our business; for example, we may share information publicly to show trends about the general use of our services.

We share your personal data with trusted third-party service providers who assist us in delivering our services. This includes payment processors, marketing agencies, and cloud hosting services.

Our service providers are strictly prohibited from using your Personal Data for any purpose other than to perform the contracted services. They are also not allowed to use your Personal Data for their own marketing purposes or share it for marketing purposes.

For more information on the recipients of your Personal Data, please contact us by using the information in the “Contact us” section, below.

E. DATA RETENTION

We store the information we collect on you for as long as is necessary for the purpose(s) for which we originally collected it, or for other legitimate business purposes, including to meet our legal, regulatory or other compliance obligations. We determine the appropriate retention period for Personal Data on the basis of the amount, nature, and sensitivity of the Personal Data being processed, the potential risk of harm from unauthorized use or disclosure of the Personal Data, whether we can achieve the purposes of the processing through other means, and on the basis of applicable legal requirements (such as applicable statutes of limitation). We retain your Personal Data only as long as necessary for the purposes for which it was collected, to resolve disputes, or as required by law. After the expiration of the applicable retention periods, your Personal Data will be deleted. If there is any data that we are unable, for technical reasons, to delete entirely from our systems, we will implement appropriate measures to prevent any further use of such data.

For any questions, comments, or requests, please see the “Contact Us” section.

F. TRANSFER OF INFORMATION TO THE U.S.

We are based in the United States and process and store information in the United States. It is possible that non-U.S. residents may access and use the Services. If you are located outside the United States, we and our service providers may transfer your information to, or store or access to your information in, jurisdictions that may not provide equivalent levels of data protection as your home jurisdiction. By providing personal information, you consent to the transfer of your personal information to the United States and the use of your personal information, in accordance with this Privacy Policy. If we collect personal information from European Union residents, we strive to do so in a manner in compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 (the “GDPR”), which includes acknowledgment of European Union residents’ rights, including the following:

to withdraw your consent to the processing of personal information about you to which you have previously given consent;
to object to processing of personal information about you for the purpose of direct marketing; and
to have incorrect personal information about you corrected.

European Union residents also have the right to obtain a copy of the personal information we have about you, although we reserve the right to charge a fee for this.

For more information on our full GDPR policy, please see our full “GDPR Statment” below.

G. YOUR RIGHTS RELATING TO YOUR PERSONAL DATA

1. YOUR RIGHTS

You may have certain rights relating to your Personal Data, subject to local data protection laws. Depending on the applicable laws these rights may include the right to:

Access your Personal Data held by us;
Know more about how we processed your Personal Data;
Rectify inaccurate Personal Data and, taking into account the purpose of processing the Personal Data, ensure it is complete;
Erase or delete your Personal Data (also referred to as the right to be forgotten), to the extent permitted by applicable data protection laws;
Restrict our processing of your Personal Data, to the extent permitted by law;
Transfer your Personal Data to another controller, to the extent possible (right to data portability);
Object to any processing of your Personal Data. Where we process your Personal Data for direct marketing purposes or share it with third parties for their own direct marketing purposes, you can exercise your right to object at any time to such processing without having to provide any specific reason for such objection;
Opt out of certain disclosures of your Personal Data to third parties;
If you’re under the age of 16, opt in to certain disclosures of your Personal Data to third parties;
Not be discriminated against for exercising your rights described above;
Not be subject to a decision based solely on automated processing, including profiling, which produces legal effects (“Automated Decision-Making”). Automated Decision-Making currently does not take place on our websites or in our services; and
Withdraw your consent at any time (to the extent we base processing on consent), without affecting the lawfulness of the processing based on such consent before its withdrawal.

You have the right to opt out of marketing communications, control cookie settings, and make choices about how your data is used and shared. You may exercise your rights of access, rectification, erasure, and others by contacting us through the Contact section below. We will respond to your request as soon as possible.

2. YOUR RIGHTS RELATING TO CUSTOMER DATA

You may update and correct certain information you provide to us by emailing us at support@crewfare.com. If you wish to delete information we have collected from you, please email us at support@crewfare.com, but note that we may retain certain information as required by law or for legitimate business purposes. We may also retain cached or archived copies of information about you for as long as necessary for our business purposes.

As described above, we may also process Personal Data submitted by or for a customer to our cloud products and services. To this end, if not stated otherwise in this Privacy Policy or in a separate disclosure, we process such Personal Data as a processor on behalf of our customer (and its affiliates) who is the controller of the Personal Data. We are not responsible for and have no control over the privacy and data security practices of our customers, which may differ from those explained in this Privacy Policy. If your data has been submitted to us by or on behalf of a Crewfare® customer and you wish to exercise any rights you may have under applicable data protection laws, please inquire with them directly. Because we may only access a customer’s data upon their instructions, if you wish to make your request directly to us, please provide us the name of the Crewfare® customer who submitted your data to us. We will refer your request to that customer, and will support them as needed in responding to your request within a reasonable timeframe.

3. HOW TO EXERCISE YOUR RIGHTS

To exercise your rights, please contact us by using the information in the “Contact us” section, below. Your personal data may be processed in responding to these rights. We try to respond to all legitimate requests within one month unless otherwise required by law, and will contact you if we need additional information from you in order to honor your request or verify your identity. Occasionally it may take us longer than a month, taking into account the complexity and number of requests we receive. If you are an employee of a Crewfare® customer, we recommend you contact your employer’s system administrator for assistance in correcting or updating your information.

Some registered users may update their user settings, profiles, organization settings and event registrations by logging into their accounts and editing their settings or profiles.

To update your billing information, or request return or deletion of your Personal Data and other information associated with your account, please contact us by using the information in the “Contact us” section below.

H. YOUR CALIFORNIA PRIVACY RIGHTS

Under the California Consumer Privacy Act of 2018 (“CCPA”) and Cal. Civil Code § 1798.83, California residents have certain rights to know what information we collect, how we use that information, and rights and choices concerning that information. Under California’s “Shine the Light” laws, California residents have the right to request access to and deletion of their Personal Data, and to opt-out of the sale of their Personal Data. For requests, please contact us using the information in the Contact section below. This Section of the Privacy Policy applies solely to visitors, users, and others who reside in the State of California.

1. INFORMATION WE COLLECT

We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“personal information”). We have collected the following categories (as listed in Cal. Civ. Code § 1798.140(o)(1)) of personal information from consumers within the last twelve (12) months: A. Identifiers (e.g., email addresses), B. Personal information categories in Cal. Civ. Code § 1798.80(e) (e.g., names, credit card information, addresses), D. Commercial information (e.g., records and consuming histories), F. Internet information (e.g., information regarding a consumer’s interaction with a website), G. Geolocation data, I. Professional or employment-related information, and K. Inferences drawn from other Personal Information (e.g., profile reflecting your preferences, characteristics, and behavior.)

Personal Information does not include publicly available information from government records, de-identified or aggregated consumer information, and information excluded from the CCPA’s scope (such as information covered by the Health Insurance Portability and Accountability Act of 1996, the California Confidentiality of Medical Information Act, the Fair Credit Reporting Act, the Gramm-Leach-Bliley Act, the California Financial Information Privacy Act, the Driver’s Privacy Protection Act of 1994, etc.). We obtain the categories of personal information listed above from the following categories (as listed in Cal. Civ. Code § 1798.140(o)(1)) of sources:

Please see Section B, Uses of Personal Information, for more information on how the information is used.

2. SHARING PERSONAL INFORMATION

We may disclose your personal information to a third party for a business purpose. When we disclose personal information for a business purpose, we may enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract.

In the preceding twelve (12) months, we have disclosed the following categories of personal information for a business purpose to the following third parties:

In the preceding twelve (12) months, we have not sold any personal information of anyone (including California residents) to any third parties. Even though we do not sell personal information, if you are a California resident, you still may submit a verified request to opt out of the sales and/or disclosure and we will record your instructions and incorporate them in the future if our policy changes. If you are a California resident and would like to opt out of the sale or disclosure of your personal information, please contact us using the contact information at the bottom of this notice.

3. YOUR RIGHTS AND CHOICES

The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.

Right to Know

You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:

The categories of personal information we collected about you.
The categories of sources for the personal information we collected about you.
Our business or commercial purpose for collecting or selling that personal information.
The categories of third parties with whom we share that personal information.
The specific pieces of personal information we collected about you (also called a data portability request).
If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
- sales, identifying the personal information categories that each category of recipient purchased; and
- disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.

Deletion Request Rights

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain restrictions. We may deny your deletion request if retaining the information is necessary for us or our service providers to:

Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
Debug products to identify and repair errors that impair existing intended functionality.
Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).
Comply with a legal obligation.
Make other internal and lawful uses of that information.

Only you or a person registered with the California Secretary of State that you authorize to act on your behalf may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.

You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:

Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

Response Timing and Format

We endeavor to respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. You may be required to provide additional information to verify your identity and request before further action is taken.

4. CALIFORNIA NOTICE OF FINANCIAL INCENTIVE

We may also provide programs, such as sweepstakes, contests, or other similar promotional campaigns (these programs are referred to below as “Programs”). When you sign up for one of our Programs, we typically ask you to provide your name and contact information (such as email address and/or telephone number). Because our Programs involve the collection of personal information, they might be interpreted as a “financial incentive” program under California law. The value of your personal information to us is related to the value of the free or discounted products or services, or other benefits that you obtain or that are provided as part of the applicable Program, less the expense related to offering those products, services, and benefits to Program participants.

You may withdraw from participating in any of our programs at any time by reaching out to us using the information provided in our “Contact Us” section below.

5. ADDITIONAL INFORMATION

We will not discriminate against you for exercising any of your CCPA rights. We reserve the right to amend this concerning your California Privacy Rights at our discretion and at any time. When we make changes to this privacy notice, we will notify you through a notice on our website homepage. For any questions, comments, or requests, please Contact Us.

I. YOUR NEVADA PRIVACY RIGHTS

This Section applies solely to Nevada residents. Under Nevada law (NRS § 603A.300), Nevada residents can opt out of the sale of certain types of personal information. If you are a Nevada resident, you may submit a verified request to opt out of sales and we will record your instructions and incorporate them in the future. Opt-out requests may be sent using the contact information at the bottom of this notice.

We reserve the right to amend this Section concerning your Nevada Privacy Rights at our discretion and at any time.

CHILDREN

Our website and Services are not directed at children and we do not knowingly collect personal information directly from children (including information concerning a child or that child’s parents or guardians, any screen or user name that functions as online contact information for a child, any photograph, video, or audio file containing a child’s image or voice) directly from users under the age of thirteen (13) or from other web sites or services directed at children. Consistent with the Federal Children’s Online Privacy Protection Act of 1988 (“COPPA”), we will not knowingly request or collect personal information from any child under the age of thirteen (13) in the United States without obtaining the required consent from the appropriate parent or guardian. Children may access and browse our website and Services without disclosing any personal information. We will apply material changes to this Privacy Policy to conform with applicable law, including any applicable provisions of COPPA that require parental consent. Please visit www.ftc.gov/privacy/privacyinitiatives/childrens.html for information from the Federal Trade Commission about protecting children’s privacy online. If you have any reservations, questions or concerns about your child’s access to our website and Services or how information that your child provides is used by us, please contact us. Also, If you believe your child under 16 has provided us with personal data, please contact us using the information below for its removal.

California consumers: We will not sell the information of California consumers who are 16 years old or younger unless we have prior parental authorization. If a California consumer is under the age of 13, a parent or guardian must consent to the sale of such minor’s personal information. If the California consumer is between the ages of 13 and 16 years old, the minor may consent on an opt-in basis to the sale of their personal information. Our sites directed toward children will ask for age verification and will require appropriate consent.

EU residents: We do not collect or process personal information of data subjects in the EU under the age of 16 without explicit consent from a parent or guardian. Our sites directed toward children will ask for age verification and will require appropriate consent.

I. GDPR STATEMENT

This policy describes how Crewfare Inc collects and processes personal data with respect to data subjects covered by the EU General Data Protection Regulation. Depending on your geographic location, some parts of this statement may not apply to you. Except as described below, we are the data controller of personal data collected from our physical address 2678 Edgewater Court, Weston, FL 33332 and you may reach us by emailing support@crewfare.com. Our EU & UK Representatives can be contacted using the information below:

GDPR REPRESENTATIVE AND NOTICES

EU Representative:
Osano International Compliance Services Limited
ATTN: 4MKZ
3 Dublin Landings North Wall Quay
Dublin 1 D01C4E0

UK Representative:
Osano UK Compliance LTD
ATTN: 4MKZ
42-46 Fountain Street
Belfast Antrim BT1 – 5EF

1. GDPR Principles

The GDPR principles exist to aid companies to stay and remain within the boundaries of the regulation; they also help to understand its main objectives. Therefore, we comply with the contours and principles expressed to be the core of GDPR compliance, which are:

Lawfulness, fairness, and transparency. These first principles express the need to comply with the GDPR when required under this regulation due to our activities, as expressed in this Statement. We are to keep you as informed as possible regarding our GDPR compliance.
Purpose Limitation. As is determined in the text of the GDPR, all purposes for data processing and collection must remain specific, explicit, and legitimate. The controller must use such collected personal data for the particular purposes for which you have consented to its collection and processing.
Data minimization. We only collect the data which is necessary and relevant for our activities. The less personal information we collect or process, the better for every party involved.
Accuracy. We keep data as up-to-date as possible and try to ensure we erase inaccurate data or if we believe data is outdated.
Storage limitations. We keep personal information only as long as necessary for the purposes stated in our Privacy Policy
Integrity and confidentiality. We protect and secure all personal data we store and process and have methods to anonymize personal data.
Accountability. We keep committed to recording our activities and strategies, proving compliance with the GDPR, and constantly reviewing and improving the management of personal data.

2. Special Categories of Personal Data

We may collect personal data which is considered sensitive and is classified as a “special category” under the GDPR This may include:

Ethnicity.
Racial origin.
Cultural or social identity.
Religious and philosophical beliefs.
Trade union membership status.
Information about sexual orientation or sex life.
Health information.
Biometric data.
Genetic data.

3. How We Use Your Personal Information

We use your personal information for various purposes:

Providing our websites and Services
Promoting the security of our websites and services
Handling contact and user support requests
Managing event registrations and attendance
Managing contests or promotions
Managing payments
Developing and improving our websites and services
Assessing and improving user experience
Reviewing compliance with applicable usage terms
Assessing capacity requirements
Identifying customer opportunities
Displaying personalized advertisements and content
Sending marketing communications
Complying with legal obligations

We follow the directives of the GDPR in informing you about our uses, basis, and purposes for the collection and processing of your personal data. In the event that any such purpose changes, we will make sure to inform you about any changes to the purposes of why and what we collect and process your data for.

4. Legal Basis of Processing

We collect and process your Personal Data for the following purposes. Where required by law, we obtain your consent to use and process your Personal Data for these purposes. Otherwise, we rely on another authorized legal basis (including but not limited to the (a) performance of a contract or (b) legitimate interest) to collect and process your Personal Data. Under the GDPR, all companies must have a legal basis for processing personal information. We rely on the following legal bases for collecting and processing personal data:

- Consent. We process personal data based on your consent for specific purposes, such as marketing communications or personalized services.
- Contractual Necessity. We process personal data as necessary to enter into or perform our contract with you, including providing our services or customer support.
- Legal Obligation. Where we are legally required to process personal data, such as for compliance with tax or other government regulations.
- Legitimate Interests. We process personal data based on legitimate business interests, such as for research and development, to market and promote our services, and to protect our legal rights and interests.

5. International Data Transfer Mechanisms

Many US companies have commercial interests and businesses inside the EU and therefore handle the personal data of EU citizens directly protected by the GDPR. As a result, EU authorities, through the EU Commission, have determined the need for valid mechanisms for companies to make such data transfers without putting any personal data protected under the GDPR at risk of infringement. These are the most important of such mechanisms.

- - Standard Contractual Clauses. Also known as SCCs, these clauses are part of a contract between data controllers and processors for safe and responsible data transfers between EU and non-EU countries.
  - Adequacy Decision. The European Commission has made a finding that the country to which the data is being transferred provides a level of data protection that is equivalent to that provided by members of the European Union. When the international data transfer is based on an adequacy decision, it means that, although data is sent cross-border outside of the EU, the receiving country or territory can legally handle such information as it were within the EU.
  - Privacy Shield. EU-US and Swiss-US Privacy Shield frameworks were designed by the US Department of Commerce, the European Commission, and the Swiss Administration and aimed to create an alternative mechanism for international personal data transmission. Privacy Shield has been judged invalid as an adequate mechanism for international data transfer by the EU Commission and the Swiss administration. However, the US participants of Privacy Shields are still under the framework and must remain compliant with its directives.
  - Binding Corporate Rules. These are data protection policies made by companies with strict observation of GDPR and other privacy directives. Companies create BCR as a valid and legitimate mechanism for transferring personal data outside the EU within a group of companies or undertakings and enterprises. For the BCR to be compliant, it must be approved by a local Data protection authority.

6. Your Data Subject Rights

The GDPR has granted data subjects specific rights respecting their personal data. This applicability may depend on your nationality and geographic location. These are your rights:

- - Right of knowledge or confirmation. You have the right to obtain a confirmation of whether your personal data is being processed
  - Right of access. You may require from the controller free information about the storage of your personal information and also obtain a copy of this information. Additionally, you have a right to know the purposes of the processing of any personal information, the categories of personal information collected or processed and stored, and the recipients of the personal information, if any.
  - Right of rectification. You have the right to correct or request the correction of your personal information.
  - Right to be forgotten (erasure). You shall have the right to have your personal data erased without delay, provided that processing is unnecessary. The controller shall consider if such information is no longer necessary for the purposes it was collected for and that there are no overriding legitimate grounds for processing.
  - Right of restriction of processing. You have the right to request that processing of your personal data be restricted when:
    - The accuracy of personal data is contested;
    - The processing of personal information is unlawful, and you do not require its deletion;
    - The controller does not need the personal data any longer, but is required to keep it to fulfill a legal obligation or to pursue or defend a legal claim;
    - You have objected to processing their personal data during the time of verification by the controller.
  - Right of Data Portability. You have the right to receive their personal information in a structured and machine-readable format. You shall have the right to transmit the data to another controller without further observation by the original controller. You may also request that personal data be transferred directly from one controller to another.
  - Right to object. You have the right to object to the processing of your personal information, at any time.
  - Right not to be subject to automatic decision-making, including profiling. You have the right not to be subject to this kind of processing.
  - Right to withdraw consent. If you have consented to the collection or use of your personal information, you have the right to withdraw your consent at any time.

Additionally, if you feel we have failed to address any of your requests regarding your personal data, you may have the right to lodge a complaint with a Data Protection Authority. Here is a list of the contacts for them: https://edpb.europa.eu/about-edpb/about-edpb/members_en

To practice your aforementioned rights, please contact us at the physical or email address provided in our Privacy Policy. Before we grant or process any requests for your rights, we may require verification of your identity.

7. Subprocessors

For the purposes determined within this statement and to provide complete and compliant services to you, we engage and use data processors with which we may share some categories of your collected data. These subprocessors are under an agreement with us and may use your data for the specific purposes we require and in compatibility with this statement and our privacy policy.

NAME OF SUBPROCESSOR	SUBPROCESSING ACTIVITY	COUNTRY OF ORIGIN
Amazon Web Services, Inc.	Cloud Service Provider	Global
Freshworks Inc.	Customer support system and customer relationship management	Global
HubSpot, Inc.	Content Management System	United States
Slack Technologies, Inc.	Collaboration Tool	United States
Stripe, Inc.	Payment Processing Tool	United States
PayPal, Inc.	Payment Processing Tool	Global
Authorize.net	Payment Processing Tool	United States
SendGrid, Inc	Sending Emails	United States
ActiveCampaign	Marketing Emails	United States
Cloudflare, Inc.	Web Infrastructure Security	United States
Osano, Inc.	Cookie Consent and Privacy Compliance	United States
Google LLC or its affiliates	Email, Analytics & Location	Global
SiteGround Hosting Ltd.	Cloud & Hosting Service Provider	United Kingdom
Atlassian (JIRA / Confluence / Bitbucket)	Project Management Infrastructure	United States, Ireland
DynamoDB	Data Hosting	Global
Asana	Project management infrastructure	United States
ZenDesk	Customer support system and customer relationship management	Global

CONTACT US

If you have any questions or comments about our Privacy Policy, the ways in which we collect and use your Personal Data, your choices and rights regarding such use, or wish to exercise your rights regarding your Personal Data, please do not hesitate to contact us or, if applicable, submit a verifiable consumer request to us, by either:

Calling us at 786-400-2739; or

Emailing us at support@crewfare.com