ALG Vacations Privacy Policy

Except as otherwise noted in this Privacy Policy (“Policy”), ALG Vacations Corporation (“ALGV”) is a data Controller, which means that we manage how and why the information you provide to us is Processed. This Policy may be amended or updated from time to time to reflect changes in our practices with respect to the Processing of your Personal Information, or changes in applicable law.

This Policy applies to the following ALGV brands: Apple Vacations®, BeachBound Vacations®, Blue Sky Tours®, CheapCaribbean® Vacations, Funjet Vacations®, and Travel Impressions®. This Policy does not apply however to United Vacations® Tour Program, and Trisept Solutions, LLC.

Please note the Apple Leisure Group of companies, including ALGV, are now subsidiaries of Hyatt Hotels Corporation. However, this Policy only applies to the Processing of personal information undertaken by ALGV. It does not apply to Processing by the Hyatt Group.

We encourage you to read this Policy carefully, and to regularly check this page to review any changes we might make.

Definitions:

“Personal Information” means information from which any individual is directly or indirectly identifiable.

“Process”, “Processing” or “Processed” means anything that is done with any Personal Information, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal Information.

“Processor” means a natural or legal person, public authority, agency or other body which Processes Personal Information on behalf of the Controller.

“Hyatt Group” means Hyatt Hotels Corporation, its direct and indirect subsidiaries (with the exception of the Apple Leisure Group companies), its affiliates, and the separate and distinct legal entities that manage, operate, franchise, license, own and/or provide services to the various locations operating under or in connection with a Hyatt brand.

Information We May Collect

We may Process the following categories of Personal Information about you:

  • Personal details: your name; username or log in details; password;
  • Demographic information: gender; age/date of birth; nationality; salutation;
  • Contact details: postal address; telephone and/or mobile number; email address;
  • Consent records: records of any consents you may have given, together with the date and time, means of consent and any related information (e.g., the subject matter of the consent).
  • Purchase and payment details: records of purchases and prices; invoice records; payment records; billing address; payment method; cardholder or accountholder name; payment amount; and payment date.

We may also collect:

  • Information about your use of the services, such as usage data and statistical information, which may be aggregated.
  • Searches for and interactions with e-commerce opportunities, such as merchants and offers contained in the services.
  • Non-precise information about the approximate physical location (for example, at the city or postal code level) of a user’s computer or device derived from the IP address of such computer or device (“GeoIP Data”).
    • Device identification (“ID”), which is a distinctive number associated with a smartphone or similar handheld device but is different than a hardware serial number.
  • Advertising ID, which is a unique, user-resettable identification number for advertising associated with a device (e.g., iOS uses the Identifier for Advertising (or “IDFA”) and Android uses Google Advertising ID).
  • Internet Protocol (“IP”) address, which is a unique string of numbers automatically assigned to your device whenever you access the Internet.
  • Internet connection means, such as internet service provider (“ISP”), mobile operator, WiFi connection, service set identifier (“SSID”), International Mobile Subscriber Identity (“IMSI”) and International Mobile Equipment Identity (“IMEI”).
  • Information collected through the use of cookies, eTags, Javascript, pixel tags, device ID tracking, anonymous identifiers and other technologies, including information collected using such methods and technologies about (i) your visits to, and interaction and engagement with, the services, content and ads on third party websites, applications, platforms and other media channels (“Channels”), and (ii) your interaction with emails including the content and ads therein (collectively, “Online Data”).
  • Device type, settings and software used.
  • Log files, which may include IP addresses, browser type, ISP referring/exit pages, operating system, date/time stamps and/or clickstream data, including any clicks on customized links.
  • Web Beacons, which are electronic files that allow a website to count users who have visited that page or to access certain cookies.
  • Pixel Tags, also known as clear GIFs, beacons, spotlight tags or web bugs, which are a method for passing information from the user's computer to a third-party website.
  • Local Shared Objects, such as Flash cookies, and Local Storage, such as HTML5.
  • Mobile analytics to understand the functionality of our mobile applications and software on your phone.

Sensitive Personal Information

There may be instances in which the Personal Information that you provide to us or that we collect is considered Sensitive Personal Information under the privacy laws of some territories/countries. Depending on the applicable law, “Sensitive Personal Information” can mean Personal Information from which we can determine or infer an individual's racial or ethnic origin, political opinions, religious beliefs or other beliefs of a similar nature, membership in a trade union or professional, religious, philosophical, or political association, physical or mental health or condition, medical treatment, genetic data, biometric information, and information about an individual's sexual orientation. In some very rare instances, financial records, credit card information and location data may constitute Sensitive Personal Information where you are located. If we rely on consent to Process your Sensitive Personal Information, you have the right to withdraw that consent at any time. We only Process Sensitive Personal Information in your jurisdiction if and to the extent permitted or required by applicable law (e.g., so that we can ensure we tailor our services to you accordingly in terms of food allergies and medical conditions, to ensure we can Process card payments). We will seek to protect such information rigorously using the security standards further described below.

Children

ALGV does not sell products or services for purchase by children, and we do not knowingly solicit or collect Personal Information from children. You may only buy our products or use our services if you are at least eighteen (18) years of age and can form legally binding contracts under applicable law. Our websites are not intended for and should not be used by minors. If you are under the age of eighteen (18) or unable to form legally binding contracts under applicable law, you may contact us directly at 1-866-ALG-DESK for assistance.

How We Collect Information

We may collect Personal Information about you from the following sources:

  • Data you provide: We may obtain your Personal Information when you provide it to us across our services (e.g., where you sign up for emails, newsletters, bulletins, webinars or white papers; register for site membership or create a profile or account on any part of the services; enter a sweepstakes, contest, competition or prize drawing; receive promotional information by SMS text message; participate in surveys; perform search queries through the services; contact us via email, telephone or by any other means; purchase a subscription, software license or product; or when you provide us with your business card, etc.).
  • Relationship data: We may collect or obtain your Personal Information in the ordinary course of our relationship with you (e.g., if you purchase a service from us).
  • Service data: We may collect or obtain your Personal Information when you visit, download, use or register to use any part of our service.
  • Content and advertising information: If you choose to interact with any third-party content or advertising services, we may receive Personal Information about you from the relevant third party.
  • Third party information: We may collect or obtain your Personal Information from third parties who provide it to us. This may include offline channels such as through telephone or direct mail efforts; from travel agents, customers, vendors, suppliers, third parties, commercially available or publicly-available sources (e.g., data brokers, data aggregators, public databases, etc.); third party affiliate network operators; referral sources; social network sites or services (e.g., Facebook, Twitter, LinkedIn, etc.). If you use a third party connection or log-in (e.g., Facebook Connect, Twitter, or Google+) to access the services, create a membership or profile on any part of the services, access our content or forward our content to another person, platform or service, we may also receive your username or email address for those third party services or other information available about you or collected from you on those services.

Video Surveillance

We always care about your safety. When you visit our facilities you will notice that we have implemented CCTV systems in order to register the activity in public areas. These video records will not be shared outside of ALGV unless there is a valid legal or government requirement to do so.

In all public areas that are being video recorded you will find a visible sign board that states you agree to be video recorded if you use our facilities.

Automatic Decision-Making Process

ALGV does not use automatic decision-making Processes. If we start using that technology to Process your Personal Information in the future, we will let you know and inform you of your rights.

Purposes for Which We May Process Your Data

The purposes for which we may Process Personal Information, subject to applicable law, include:

Accounts and Personalization: providing personalization for services from ALGV or its partners including (i) management of your account, (ii) posting of your personal reviews, testimonials or comments, (iii) offering of contests, as well as chat areas, forums and communities, and (iv) customer support and relationship management.

Offering and Improving the services: operating and managing the services for you; providing personalized content to you; communicating and interacting with you via the services; identifying issues with the services and planning improvements to or creating new services; and notifying you of changes to any of our services.

  • Surveys: engaging with you for the purposes of obtaining your views on our services.
  • Communications: communicating with you via any means (including via email, telephone, text message, social media, post or in person) regarding news items and other information in which you may be interested, subject to ensuring that such communications are provided to you in compliance with applicable law; maintaining and updating your contact information where appropriate; and obtaining your prior, opt-in consent where required. We may provide direct marketing to you.
  • Advertising: providing advertising based on your interests and interactions with the services and channels, including using Personal Information to serve you advertisements on the services and Channels.
  • User Engagement and Purchases: tracking purchase traffic and activity across the Service and on Channels, including review of your browsing history (if available); provision of analytics and measurement of cost of traffic against money being made.
  • Commerce Offerings: using cookies to track your browsing history and the amount of money spent at a particular third-party merchant's site to offer coupons and other offers that are relevant to your shopping experience; offering of coupons via SMS messages if a mobile phone number is provided.
  • Marketing to Customers: We may market to current and prospective customers who have indicated an interest in doing business with us, or have previously conducted business with us, in order to further generate and promote our business. Such efforts include sending marketing emails or conducting phone calls to drive the purchase of services.
  • IT Administration: compliance audits in relation to internal policies; identification and mitigation of fraudulent activity; and compliance with legal requirements.
  • Security: Cyber-security measures (including monitoring of login records and access details) to help mitigate the risk of and provide the ability to identify and rectify a security incident.
  • Legal Compliance: Subject to applicable law, we reserve the right to release information concerning any user of services when we have grounds to believe that the user is in violation of our Terms and Conditions or other published guidelines or has engaged in (or we have grounds to believe is engaging in) any illegal activity, and to release information in response to court and governmental orders, other requests from government entities, civil subpoenas, discovery requests and otherwise as required by law or regulatory obligations. We also may release information about users when we believe in good faith that such release is in the interest of protecting the rights, property, safety or security of ALGV, any of our users or the public, or to respond to an emergency.

When we Process your Personal Information as one of our customers or someone else with whom we do business, we do so in the legitimate interests of the purposes listed above, because of the legal compliance we are subject to, or because the information is required to fulfil contractual obligations to you.

Disclosures of Your Personal Information

We may have to share your Personal Information with the parties set out below for the purposes set out above.

Service Providers:

  • Other companies in the Apple Leisure Group or Hyatt Group acting as Processors or Controllers who provide the services that make up any booking of travel services that you make with us.
  • Suppliers of accommodation and travel services acting as Processors or Controllers who provide the services that you booked with us.
  • Marketing companies to send information and offers on our behalf.
  • Other companies that provide IT and System administration services.
  • Third Parties:
    • Professional advisers acting as Processors or joint Controllers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.
    • Regulatory and governmental bodies and other authorities acting as Processors or joint Controllers who require reporting of Processing activities in certain circumstances.
    • Third parties to whom we may choose to transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your Personal Information in the same way as set out in this Policy.
    • Apple Leisure Group and Hyatt Group. How Apple Leisure Group companies use your Personal Information is set out in the Apple Leisure Group Privacy Policy available here. How Hyatt Group uses your Personal Information is set out in the Hyatt Privacy Policies available here.
      • Businesses who we have a partnership with to provide related services to our customers.

We require all service providers and third parties to respect the security of your Personal Information and to treat it in accordance with the law.

We do not allow our third parties and service providers to use your Personal Information for their own purposes without your consent and only permit them to Process your Personal Information for specified purposes and in accordance with our instructions.

International Transfers of Information

Because of the international nature of our business, we may need to transfer your Personal Information within ALGV, and to third parties, in connection with the purposes set out in this Policy. For this reason, we may transfer your Personal Information to other countries that may have different laws and data protection compliance requirements to those that apply in the country in which you are located. Transfers of Personal Information almost always occur so that we may conclude a contract to provide you with services. Having a contractual relationship is a permissible reason for transferring Personal Information in all countries with privacy regulations.

In accordance with the above, we may send your Personal Information to the following countries where ALGV has operations, service providers, or in locations where you book. For a complete list, see the applicable ALGV brand website.

Where your Personal Information is shared with the Hyatt Group, your Personal Information may be shared with any of the locations in which an entity in that group operates a hotel where you or someone you are connected with has booked a stay (a list of these can be found by selecting “All” here) and their major business locations, which, in addition to those set out in the bullet point list above, includes locations in Hong Kong (SAR) and Germany. We have implemented appropriate technical security measures in order to protect Personal Information during international transfers, in compliance with applicable laws.

Where you have made a reservation for accommodation or travel arrangements which are located or otherwise due to be fulfilled outside your origin country, we will have to transfer your Personal Information to the suppliers fulfilling or providing those travel arrangements in order to make your booking and for those suppliers to be able to provide you with the travel arrangements you have booked.

Please contact us if you want further information on the specific mechanism used by us when transferring your Personal Information. Contact details can be found at the bottom of this Policy.

Data Security

Because the security of your Personal Information is important to us, we require Transport Layer Security (“TLS”) software to encrypt the Personal Information that you provide to us. When using TLS, your transmission of Personal Information to us online is encrypted. You can verify whether your Personal Information is transmitted using TLS encryption by confirming the symbol of a closed lock or solid key inside your browser address bar. You can also verify that your Personal Information will be encrypted using TLS encryption by making sure that the prefix for the web address listed for that page has changed from "http" to "https". If you do not see the appropriate symbol and/or the "https" prefix, you should not assume that the Personal Information that you are being asked to provide will be encrypted prior to transmission.

The Personal Information we collect from you online is stored by us and/or our service providers on databases protected through a combination of physical and electronic access controls, firewall technology and other reasonable security measures. Nevertheless, such security measures cannot prevent all loss, misuse or alteration of Personal Information and we are not responsible for any damages or liabilities relating to any such incidents to the fullest extent permitted by law. Where required under law, we will notify you of any such loss, misuse or alteration of Personal Information that may affect you so that you can take the appropriate actions for the due protection of your rights.

Data Accuracy

We take every reasonable step to ensure that your Personal Information that we Process is accurate and up to date. When you inform us that your Personal Information is inaccurate, we will correct or erase it.

See the How to Contact Us section at the bottom of this Policy for contact methods.

Know Your Rights

In accordance with different data protection regulations a person has the right to:

  • Access/Right to Know: Access a copy of your Personal Information in an electronic file
  • Correct/Update: Request we update/rectify your Personal Information
  • Deletion: Request deletion of your Personal Information
  • Opt-out of Processing: Request that we stop certain types of Processing with your Personal Information including Processing of Sensitive Personal Information
  • Opt-out of Sale or Sharing: Request to opt out of the sale or sharing of your Personal Information

See the How to Contact Us section at the bottom of this Policy for contact methods.

At any time, you can request us to delete your data but keep in mind that we might not be able to do so if there is a valid legal or business requirement to keep it.

Your information is required to provide you with products and services. Deletion or restriction of certain data may prevent us from providing the services you requested. You also have the right to file a complaint with the data protection authorities in your location of residence.

Data Retention

We take every reasonable step to ensure that your Personal Information is only Processed and stored for the minimum period necessary for business and legal requirements. We will only use your data for the reasons you provided it to us, and for legal reporting purposes.

Cookies and Other Tracking Technologies

We and other parties use cookies, pixels, beacons and other technologies on our websites, applications, and email and marketing messages. These technologies are used to improve our products and services, and for marketing, and they also allow us, advertising networks, social media companies, and other providers, to place and serve advertisements and customized content.

Some of our websites allow you to manage your cookie preferences by clicking on the Cookie Center link that may be in the footer of those websites. Additionally, you can opt out of certain uses of cookies for advertising purposes by visiting here and you can consult the user instructions for your Internet browser for additional controls relating to the use of cookies, including blocking certain cookies by adjusting the settings on your Internet browser. Choices you make regarding cookies are website, device, and browser specific, and are deleted whenever you clear your cookies or your browser's cache. This means you need to adjust your cookie preferences on each website, device, and browser you use. If you block cookies, you will not be able to use all the features of our websites, including the customization features associated with creating a user profile.

Further information about cookies and related technologies and how they work is available here.

We may connect information collected with information we already have about you to identify you as an ALGV guest, including from third parties or service providers (for example, Google Analytics) to whom you have given permission for this purpose.

United States and California Notice at Collection

For purposes of exercising the rights described in the Know Your Rights section above, please note the following additional details regarding how we collect and use your Personal Information as described in this policy:

  • Depending on the nature of our interactions with you, we may collect, and use for our business and commercial purposes, the following categories of Personal Information as set forth in applicable California law: Identifiers; California customer records (such as birthdate, contact information, and payment information); characteristics of protected classifications under California or federal law; commercial information; biometric information; Internet or other electronic network activity information; geolocation data; audio, electronic or visual information; Sensitive Personal Information (as described in the Sensitive Personal Information section above); and inferences.
  • We use the above categories of Personal Information for the business and commercial purposes described in Purposes for Which We May Process Your Data section above. We may use and disclose your Sensitive Personal Information for the purposes described in the Purposes for Which We May Process Your Data and the Sensitive Personal Information sections above.
  • We collect Personal Information from the following categories of sources, as more fully described in the How We Collect Information section above: directly from you, from the ordinary course of our relationship with you, from your devices, from third-party content or advertising services you choose to interact with, and from other third-parties who provide it to us which may include offline channels such as through telephone or direct mail efforts, from travel agents, customers, vendors, suppliers, third-parties, commercially available or publicly-available sources, third party affiliate network operators, referral sources, social network sties or services, and if you use third party connection or log-in to access the services, create a membership or profile on any part of the services, access our content or forward our content to another person, platform or service, we may also receive your username or email address for those third party services or other information available about you or collected from you on those services.
  • We may disclose each of these categories of Personal Information to the extent permitted by applicable law with the following categories of parties, as more fully described in the Disclosures or Your Personal Information section above: other companies in the Apple Leisure Group or Hyatt Group, service providers and suppliers of accommodation and travel services that you have booked with us, marketing companies, companies that provide IT and system administration services, professional advisers, regulatory and governmental bodies, potential acquirers or creditors, and businesses who we have a partnership with to provide related services to our customers.
  • We may “sell” (as defined in applicable state privacy laws) or “share” (as defined in applicable state privacy laws) for purposes of cross-context behavioral advertising the following categories of Personal Information: identifiers; customer records; demographic information; commercial information; website data or other electronic network activity; geolocation data; and inferences. We sell and share this Personal Information with advertisers, advertising networks, and social networks. We do not knowingly sell or share the Personal Information of consumers under 16 years of age.
  • We retain your Personal Information as described in the Data Retention above.

Where you are resident in the United States, depending on the privacy laws in your state of residence and to the extent required by such applicable privacy laws, you may also be able to make some or all of the following requests with respect to your Personal Information, all of which are subject to certain exceptions, specific definitions, and limitations under applicable law and regulation:

  • Access/Right to Know - You can request to confirm whether we Process Personal Information about you, and you can request that we disclose to you the categories of Personal Information collected about you (including Sensitive Personal Information), the categories of sources from which the Personal Information is collected, the categories of Personal Information sold, shared, or disclosed, the business or commercial purpose for collecting, selling or sharing the Personal Information, the categories of third parties (or, in certain states, a list of third parties as defined in applicable state law) to whom we disclosed the Personal Information, the specific pieces of Personal Information collected about you, and information about the logic involved in any automated decision-making Processes used by us (if applicable), as well as a description of the likely outcome of the Process with respect to you.
  • Deletion - You can request that we delete your Personal Information that we maintain about you, subject to certain exceptions.
  • Do Not Sell or Share My Personal Information for Behavioral Advertising - You can request to opt out of the sale (as such term may be defined in your applicable law in your jurisdiction of residence) of your Personal Information and the sharing (as such term may be defined in applicable law in your jurisdiction of residence) of your Personal Information for cross-context behavioral advertising. We and other parties use cookies and related technology for advertising purposes, which could constitute a “sale” or “sharing” of your Personal Information according to some privacy laws. If you would like to opt out of such cookie-based tracking for advertising purposes, you can update your cookie preferences on our websites by clicking on the “Cookie Center” link that may be in the footer of the page you are viewing or by broadcasting an opt-out preference signal recognized by ALGV, such as the Global Privacy Control signal, on a browser or browser extensions that support such a signal. Additionally, you can opt out of certain uses of cookies for advertising purposes by visiting aboutads.info/choices.

    Your opt-out of cookie-based tracking for advertising purposes is specific to the device, website, and browser you are using, and is deleted whenever you clear your browser's cache. This means you need to adjust your cookie preferences on each website, device, and browser you use.
  • Opt-Out of Targeted Advertising - We may use Personal Information obtained (or in some instances inferred) from your activities across unaffiliated sites to send more relevant advertising to you, including certain categories of Personal Information described in the Information We May Collection section above. You can request that we stop using your Personal Information for such targeted advertising by updating your cookie preferences by clicking on the “Cookie Center” link that may be in the footer of our websites, or broadcasting an opt-out preference signal recognized by ALGV, such as a Global Privacy Control signal, on the browser or browser extensions that support such a signal. Additionally, you can opt out of certain uses of cookies for advertising purposes by visiting here. Your opt-out of cookie-based tracking for advertising purposes is specific to the device, website, and browser you are using, and is deleted whenever you clear your cookies or your browser's cache. This means you need to adjust your cookie preferences on each website, device, and browser you use.
  • Correct or Update my Personal Information - You may request that we correct, update, or modify the Personal Information we maintain about you. If you have an account, you can also update your profile information any time by visiting the account settings page within your account.

As is the case for all consumers regardless of residency, we will not deny you any products or services, nor discriminate against you in any other manner, in response to you exercising any of these rights.

Eligible individuals can request to exercise these rights by emailing or calling us using the contact information below:

  • Email - TAdatarequest@triseptsolutions.com
  • Phone - 1-866-ALG-DESK

We may deny certain requests, or fulfil a request only in part, based on our legal rights and obligations. For example, we may retain Personal Information as permitted by law, such as for tax or other record-keeping purposes, to maintain an active account, and to Process transactions and facilitate customer requests. You may submit an appeal if you are not satisfied with the outcome of your request. To do so, please send us an email to datarequest@applelg.net with “Data Subject Request Privacy Appeal” in the subject line.

Please note that after you opt-out of sale sharing, or targeted advertising, your use of our websites may still be tracked by Hyatt and our service providers.

We will take reasonable steps to verify your identity prior to responding to your requests. The verification steps will vary depending on the sensitivity of the Personal Information, the nature of your request, and whether you have an account with us.

You may designate an authorized agent to make a request on your behalf. When submitting the request, please ensure the authorized agent is identified as an authorized agent and ensure the agent has the necessary information to complete the verification Process.

If you reside in California, you also have the right to ask us one time each year if we have shared Personal Information with third parties for their direct marketing purposes. To make a request, please write to us using the contact information provided under the How to Contact Us section below. Indicate in your correspondence that you are a California resident making a “Shine the Light” inquiry.

If you are a Nevada resident, you can request that we not “sell” your “covered information” (as defined in applicable Nevada law). To make such a request, email us using the information set forth in the How to Contact Us section below. Please use “Nevada Do Not Sell” in the subject line.

How to Contact Us

You may contact us by emailing TAdatarequest@triseptsolutions.com, calling us at 1-866-ALG-DESK or by emailing one of the following:

Apple Vacations: TAdatarequest@applevacations.com

BeachBound Vacations: datarequest@beachbound.com

Blue Sky Tours: TAdatarequest@blueskytours.com

CheapCaribbean Vacations: datarequest@cheapcaribbean.com

Funjet Vacations: TAdatarequest@funjet.com

Travel Impressions: TAdatarequest@travelimpressions.com

United Vacations: TAdatarequest@unitedvacations.com

ALG Vacations® is not responsible for errors or omissions. Bookings are subject to the applicable brand's current terms and conditions. ALG Vacations® materials (including, but not limited to, names, trademark, service marks, logos, marketing materials, etc.) shall not be used, reproduced, transmitted or distributed in any way, except with the express written consent of ALG Vacations®. CST #2139014-20.