EU/Swiss Privacy Shield Notice

FareHarbor builds and/or hosts websites on behalf of clients. FareHarbor may receive personal information from its clients when providing reservations, operations, and logistics, and fulfilling service contracts. If you are visiting our site or using our services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States. Any such transfers will comply with safeguards as required by applicable law. If you are a resident of the European Economic Area or Switzerland, the terms of this privacy statement and Privacy Shield notice supplement and, if in conflict, override our Privacy Policy.

Covered Entities

This notice covers the US entity, FareHarbor Holdings LLC.

PRIVACY SHIELD POLICY

FareHarbor complies with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information transferred from European Union and Switzerland to the United States, respectively. FareHarbor has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/.

For purposes of enforcing compliance with the Privacy Shield, we are subject to the investigatory and enforcement authority of the U.S. Federal Trade Commission.

This Privacy Shield Policy (this “Policy”) applies to personal information transferred to FareHarbor in the United States from organizations subject to data protection law in the European Economic Area (“EEA”) (which includes the member states of the European Union (“EU”) plus Iceland, Liechtenstein and Norway) and from Switzerland. This Policy sets out our practices for collecting, using, maintaining, protecting and disclosing that personal information. Please see our Privacy Policy for an explanation of how we collect, use, store, and disclose information about visitors to and subscribers of our websites.

Definitions

For purposes of this Policy, the following definitions shall apply:

“Agent” means any third party that collects or uses personal information under the instructions of, and solely for, FareHarbor or to which FareHarbor discloses personal information for use on FareHarbor’s behalf.

“Personal information” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Personal information does not include information that is anonymized or aggregated.

“Sensitive information” means any personal information that reveals race, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, information that concerns health or sex life, and information about criminal or administrative proceedings and sanctions.

Choice

Before we use your personal information for a purpose that is materially different than the purpose we collected it for or that you later authorized, we will provide you with the opportunity to opt out. An individual may opt-out of such uses of their personal data by contacting us at the address given below. We will not use sensitive personal information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual unless we have received the individual’s affirmative and explicit consent (opt-in). To contact us, please email privacy@fareharbor.com .

Data Integrity and Purpose Limitation

FareHarbor will use personal information only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual. We maintain reasonable procedures to help ensure that personal information is reliable for its intended use, accurate, complete, and current.

Transfers to Agents

We may transfer personal information to our Agents as described in our Privacy Policy. Where required by the Privacy Shield or applicable law, we enter into written agreements with those Agents requiring them to provide the same level of protection the Privacy Shield requires and limiting their use of the data to the specified services provided on our behalf. We take reasonable and appropriate steps to ensure that Agents process personal information we provide in accordance with our Privacy Shield obligations and to stop and remediate any unauthorized processing. Under certain circumstances, we may remain liable for the acts of our Agents who perform services on our behalf for their handling of personal information that we transfer to them, unless FareHarbor proves that it is not responsible for the event giving rise to the damages. FareHarbor does not transfer personal information to non-Agent third parties.

Under certain circumstances, we may be required to disclose your personal information in response to valid requests by public authorities, including to meet national security or law enforcement requirements.

Security

We maintain reasonable and appropriate security measures to protect personal information from loss, misuse, unauthorized access, disclosure, alteration, or destruction in accordance with the Privacy Shield and applicable law.

Individual Rights

If you would like to request access to, correction, amendment, or deletion of your personal information, you can submit a written request to the contact address provided below. These rights may not apply in some cases, including where providing access is unreasonably burdensome or expensive under the circumstances or where it would violate the rights of someone other than the individual requesting access. Please note: In order to verify your identity, we may require you to provide us with personal information prior to accessing any records containing information about you. In some circumstances we may charge a reasonable fee for access to your information.

Enforcement

FareHarbor will conduct compliance audits of its relevant privacy practices to verify adherence to this Policy. Any employee that FareHarbor determines is in violation of this policy will be subject to disciplinary action.

Dispute Resolution

You can direct any questions or complaints about the use or disclosure of your personal information to us at privacy@fareharbor.com. We will investigate and attempt to resolve any complaints or disputes regarding the use or disclosure of your personal information within 45 days of receiving your complaint. For any unresolved complaints, we have agreed to cooperate with the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you are unsatisfied with our resolution of your complaint, you may contact http://www.bbb.org/EU-privacy-shield/for-eu-consumers for further information and to file a complaint.

Binding Arbitration

Under the Privacy Shield you may have the option to select binding arbitration for the resolution of your complaint under certain circumstances, provided you have taken the following steps: (1) raised your compliant directly with us and provided us the opportunity to resolve the issue; (2) made use of the independent dispute resolution mechanism identified above; and (3) raised the issue through the relevant data protection authority and allowed the US Department of Commerce an opportunity to resolve the complaint at no cost to you. For more information on binding arbitration, see US Department of Commerce’s Privacy Shield Framework: Annex I.

Limitations & Changes

Adherence by FareHarbor to the EU-U.S. and Swiss-U.S. Privacy Shield Principles may be limited (a) by the exception for personal information that is gathered for publication, broadcast, or other forms of public communication of journalistic material as well as information found in previously published material disseminated from media archives; (b) to the extent required to respond to a legal obligation; (c) to the extent necessary to respond to requests by authorities; and (d) to the extent expressly permitted by an applicable law, rule or regulation.

We reserve the right to amend this statement and notice from time to time consistent with the Privacy Shield’s requirements and applicable law. The amended Policy will be made publicly available via FareHarbor’s website.

PRIVACY STATEMENT APPLICABLE TO USERS IN THE EUROPEAN UNION

Purposes of processing and legal basis for processing As explained in our Privacy Policy, we process personal data in various ways depending upon your use of our site or services. We process personal data on the following legal bases: (1) with your consent; (2) as necessary to perform our agreement to provide our services; and (3) as necessary for our legitimate interests in providing the site and services where those interests do not override your fundamental rights and freedom related to data privacy.

Right to lodge a complaint Residents of the EEA or Switzerland have the right to lodge a complaint about our data collection and processing actions with the supervisory authority concerned. Contact details for data protection authorities are available here.

Transfers Personal data we collect may be transferred to, and stored and processed in, the United States or any other country in which we or our affiliates or subcontractors maintain facilities. Upon the start of enforcement of the GDPR, we will ensure that transfers of personal data to a third country or an international organization are subject to appropriate safeguards as described in Article 46 of the GDPR.

Individual Rights If you are a resident of the EEA or Switzerland, you are entitled to the following rights once the GDPR becomes effective. Please note: In order to verify your identity, we may require you to provide us with personal data prior to accessing any records containing information about you.

The right to request data erasure. You have the right to have your personal data erased if the personal data is no longer necessary for the purpose for which it was collected, you withdraw consent and no other legal basis for processing exists, or your fundamental rights to data privacy and protection override our legitimate interest in continuing the processing.

The right to restrict or object to our processing. You have the right to restrict or object to our processing if we are processing your personal data based on legitimate interests or the performance of a task in the public interest as an exercise of official authority (including profiling); using your data for direct marketing (including profiling); or processing your data for purposes of scientific or historical research and statistics.

Contact Us If you have any questions about this privacy statement/notice or would like to request access to your personal data, please contact Zach Snow, Data Protection Officer at privacy@fareharbor.com. If you are a Supervisory Authority based in the European Union, please contact FareHarbor’s EU representative Max Valverde at privacy+inquiry@fareharbor.com.

Effective Date: April 12, 2018