FORCH Travels — Privacy Notice

Effective Date: January 2020

FORCH Travels respects your privacy and is committed to protecting the trust placed in us by clients, partners, and employees. This Privacy Notice explains how we collect, use, and safeguard information that can identify an individual (“Personal Data”), and how we comply with applicable privacy laws.

Who we are

“Fare Tickets LLC” is a global travel services organization serving both corporate and individual clients.

Key definitions used in this Notice include:

“third party” means anyone who is not you or us.

For privacy questions, contact: privacy@forch-travels.com.

Personal Data We Collect

We collect Personal Data to provide travel and related services. You may give this data directly, via a tool or product, or through your employer for corporate bookings.

Corporate Business Travel Services

For corporate travel we typically collect:

• Full legal name
• Email address
• Postal address
• Phone number
• Payment details (credit card or other)

We may also collect travel identifiers (passport, driver’s license), date of birth, gender, itinerary details, frequent traveler numbers, TSA Known Redress or Global Entry numbers, ticket/document numbers, and related travel data. Employers or travel sponsors may provide additional work-related contact details when applicable.

Leisure Travel Services

For leisure travel we typically collect:

• Full legal name
• Contact and payment details
• Itinerary, accommodation and transportation details

We may also collect passport or government ID numbers, date of birth, gender, loyalty program numbers, insurance information, relevant medical details, and special requests (dietary, religious, accessibility) when needed to fulfil bookings.

Website Data Collection

When you use our website (contact forms, job applications, marketing signups), we may collect information such as:

• Name, job title, company and industry
• Phone number and email address
• Account login details (username)
• Travel preferences, comments, and testimonials
• Job application materials such as resumes

Information We Collect Through Automatic Data Collection Technologies

When you visit our site or view our ads, our systems (and service providers) may automatically collect information such as:

• Interaction data (links clicked, search terms, pages viewed)
• Device type and operating system
• IP address and referrer/exit URLs
• Cookie data and other identifiers
• Analytics metrics (time of visit, pages visited, time on page)

See the Cookie Policy section for more information on how we use cookies and similar technologies and how to manage your preferences.

Other sources of Personal Data

• We may use Personal Data from other sources, such as affiliates and 3^rd parties that supply information, retail partners and public registers
• Your insurance company, their agents and medical staff may exchange relevant Personal Data and special categories of Personal Data with us in circumstances where we/they need to act on your behalf or in the interest of other customers or in an emergency.
• If you log-in using your social network credentials to connect to our platforms and online services e.g. Facebook, Google+ and Twitter, you will agree to share your user details with us. For example, your name, email address, date of birth, location and any other information you choose to share with us.

How we use Personal Data

We use Personal Data to provide and manage travel services, process bookings and payments, communicate with you, support safety and security requirements, prevent fraud, and improve our services.

Legal Basis for Personal Data

We collect and use Personal Data where at least one of the following applies:

• Contract: Processing is necessary to perform a contract with you (e.g., manage bookings, cancellations, refunds).
• Legitimate interests: For fraud prevention, network security, and service improvements, balanced against your rights. You may have the right to object to some of this processing.
• Legal obligation: Compliance with laws or government requests (for example, secure flight data for travel screening).
• Vital interests: To protect someone’s life or safety in an emergency.
• Consent: Where you have given consent (for example, creating an account); you may withdraw consent at any time.

How we share Personal Data

We may disclose Personal Data to the following categories of recipients:

• Global distribution systems (GDS) used for travel reservations;
• Service providers and travel suppliers necessary to fulfil bookings;
• Affiliates, employees, agents, consultants and subcontractors who support our services;
• Clients who request travel data about their employees;
• Public authorities when required by law;
• Potential acquiring entities in the event of a business sale or transfer;
• Third parties in aggregated, non-identifying form for analytics.

We do not sell or share Personal Data to third parties for their independent marketing to you.

Sharing Personal Data with FORCH affiliates

This Notice applies to services offered by Fare Tickets LLC, except where an affiliate has its own privacy notice. We may share the minimum Personal Data necessary with affiliates to provide services, manage operations, contact you, or for permitted marketing and research purposes.

If we sell or transfer a business, your Personal Data may be transferred to the acquiring organization and used in accordance with the terms of that transaction.

Linked Sites

This Policy does not apply to unaffiliated websites linked from our site. We are not responsible for the privacy practices or content of those sites, and we recommend you review their privacy notices before providing Personal Data.

Social media features

Social media features (Facebook, Twitter, LinkedIn, Instagram) may be present on our sites and apps. These features are disabled by default; if you enable them, the social network may collect information according to its own policies. We are not responsible for the data practices of those networks, so please review their privacy notices before using their features.

Safeguarding Personal Data

We use appropriate technical and organizational measures to protect your Personal Data against unauthorized access, loss, or misuse and update protections as technology evolves. While we strive to protect data integrity and confidentiality, no system is completely secure.

You also play a role in security: keep your account credentials confidential and notify us if you suspect unauthorized access.

Data Retention

We retain Personal Data only as long as necessary to fulfil the purposes described in this Notice or to meet legal and regulatory obligations. When data is no longer needed, we securely delete or anonymize it. Data retained for analytics or historical purposes will be anonymized where possible.

Your Rights and Choices

Marketing Communications

If you receive marketing email from us, you may unsubscribe at any time by following the instructions contained within the email. You may also opt-out from receiving commercial email from us, and any other promotional communications that we may send to you from time to time, by sending your request by email to privacy@forch-travels.com

Please be aware that if you opt-out of receiving commercial email from us or otherwise modify the nature or frequency of promotional communications you receive from us, it may take up to ten business days for us to process your request, and you may receive promotional communications from us that you have opted-out from during that period. Additionally, even after you opt-out from receiving commercial messages from us, you will continue to receive administrative messages regarding travel services.

Information Collected by Automated Means

Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of our Site.

Please note that there is currently no uniform way in which to respond to Do Not Track signals, and at this time we do not respond to such signals.

Your European Privacy Rights and Choices

If you live in the EU or Switzerland, you have specific rights for your Personal Data under the European General Data Protection Regulation (GDPR). At FORCH we address your rights for:

• Data Access: You have a right to ask for a copy of the Personal Data we hold about you. You can write to us asking for a copy of other Personal Data we hold about you. Please include any details to help us identify and locate your Personal Data. Where we can provide data access, we will do so free of charge except where further copies are requested, in which case we may charge a reasonable fee based on administrative costs.
• Data Correction and Deletion: We want to make sure that the Personal Data we hold about you is accurate and up to date. If any of the details we hold appear to be incorrect, please let us know. We will update or erase your data, unless we have to keep it for legitimate business or legal purposes.
• Data portability: You have the right to be able to take with you the Personal Data you provided to us in certain circumstances.
• Right to object to use of Personal Data: You have the right, in certain circumstances, to object to FORCH processing your Personal Data.
• To opt out of marketing messages: If you no longer want to receive marketing messages from FORCH, you can choose to opt out at any time. If you’ve previously opted in to receive personalized content based on how and where you use our network, you can also opt out at any time.

FORCH will offer EU and Swiss individuals whose personal information has been transferred to us the opportunity to choose whether the personal information it has received is to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. An individual may opt-out of such uses of their personal information by contacting us at privacy@forch-travels.com.

If we intend to disclose it to a third party acting as a controller not previously identified, we will offer you the opportunity to opt-out of such uses and/or disclosures where it involves non-sensitive data or opt-in where Sensitive Personal Data is involved.

If we intend to use your Personal Data for a purpose that is materially different from the purposes listed in this Notice, or if we intend to disclose it to a third party acting as a controller not previously identified, we will offer you the opportunity to opt-out of such uses and/or disclosures where it involves non-sensitive data or opt-in where Sensitive Personal Data is involved.

Please note:

• We will not be able to delete information that is required to maintain our business purpose or that is required to facilitate your contract with us or to perform the services you have otherwise requested from us.
• We may ask you to verify your identity before we can act on your request or complaint. We may also ask you for more information to help ensure that you are authorized to make such a request or complaint when you contact us on behalf of someone else.

For more information or to exercise your rights, please submit a request via post or email to FORCH. We will respond to inquiries directed to us within thirty (30) calendar days. If the request pertains to data that was provided to us by your employer, please contact your employer (i.e. our client).

By email: privacy@forch-travels.com

Your California Privacy Rights

Access to Specific Information and Data Portability Rights

If you live in California, you have specific rights for your Personal Data under the California Consumer Privacy Act of 2018 (“CCPA”) and other California privacy laws. Any terms defined in the CCPA have the same meaning when used in this notice. This section describes your CCPA rights and explains how to exercise those rights.

You have the right to request that we disclose certain information to you about our collection and use of your personal data over the past 12 months. Once we receive and confirm your verifiableconsumer request, we will disclose to you:

• The categories of personal data we collected about you.
• The categories of sources for the personal data we collected about you.
• Our business or commercial purpose for collecting or selling that personal data.
• The categories of third parties with whom we share that personal data.
• The specific pieces of personal data we collected about you (also called a data portability request).
• If we sold or disclosed your personal data for a business purpose, two separate lists disclosing:
  • sales, identifying the personal data categories that each category of recipient purchased; and
  • disclosures for a business purpose, identifying the personal data categories that each category of recipient obtained.

In the preceding twelve (12) months, we have not sold any personal data.

Deletion Request Rights

You have the right to request that we delete any of your personal data that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and request our service providers to delete) your personal data from our records, unless an exception applies.

We may deny your deletion request if retaining the information is necessary for us or our service providers to:

• Complete the transaction for which we collected the personal data, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
• Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
• Debug products to identify and fix errors that impair existing intended functionality.
• Exercise free speech ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
• Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).
• Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
• Comply with a legal obligation
• Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

Access, Data Portability, and Information Deletion Rights

To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by either:

• Emailing us at privacy@forch-travels.com
• Writing to us at Fare Tickets LLC Attn: Data Privacy; 618 Thornton Rd, STE 3-116 Lithia Springs Georgia, 30122

Only you or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal data. You may also make a verifiable consumer request on behalf of your minor child.

You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:

• Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal data or an authorized representative.
• Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with personal data if we cannot verify your identity or authority to make the request and confirm the personal data relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use personal data provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

Response Time

We try to respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal data that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

• Deny you goods or services.
• Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
• Provide you a different level or quality of goods or services.
• Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

Do Not Track

The California Online Privacy Protection Act (“CalOPPA”) requires FORCH to disclose how it responds to Do Not Track Signals in your web browser. FORCH does not interpret or respond to Do Not Track Signals. You may set your web browser to not accept new cookies or web beacons or disable cookies altogether. Please note that doing so may hinder your experience on the Website. Please see the Help section of your browser for instructions on managing security preferences.

Privacy of Children’s Information

Our Site is not directed to children. We do not sell products or services for purchase by children. We will not knowingly collect Personal Data from children. If you are a parent or guardian of a child under the age of 13 and believe he or she has disclosed personally identifiable information to us, please contact us at this email address: privacy@forch-travels.com. A parent or guardian of a child under the age of 13 may review and request deletion of such child’s Personal Data, as well as prohibit the use of that information.

Arbitration

Fare Tickets LLC has further committed to refer unresolved Privacy Shield complaints to United States Council for International Business, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit United States Council for International Business for more information or to file a complaint. The services of United States Council for International Business are provided at no cost to you.

How to Contact us

Please contact us with any questions or comments about this Policy, your Personal Data, our privacy and information security practices, your consent choices or if you would like to exercise your rights.

Email at privacy@forch-travels.com

You may also write to us at:

Fare Tickets LLC
618 Thornton Rd,
STE 3-116 Lithia Springs Georgia, 30122

Changes to This Policy and Definitions

Policy Changes

This Notice replaces all previous versions. We may change the Notice at any time, so please check it regularly on our website(s) for any updates. You can tell when changes have been made to the Privacy Policy by referring to the “Last Updated” legend on top of this page. Any changes will be effective on the effective date stated in the revised Privacy Policy. Your continued use of the Site after we have posted a revised Privacy Policy indicates your agreement to the revisions.

Definitions

For purposes of this Policy, the following definitions shall apply:

“Affiliate” means any partner that FORCH has 15% or more ownership in.

“Agent” or “Processor” means any third party that collects or uses Personal Data under the instructions of, and solely for, Fare Tickets LLC or to which Fare Tickets LLC discloses Personal Data for use on Fare Tickets LLC’s behalf.

“CCPA“ or “California Consumer Privacy Act” also known as AB-375, is a bill intended to enhance privacy rights and consumer protection for residents of California, United States.

“Fare Tickets LLC” means Fare Tickets LLC, its affiliates under common control, predecessors, successors, subsidiaries, divisions and groups in the United States.

“GDPR” or “General Data Protection Regulation”, also known as Regulation (EU) 2016/679, is a European Union law drafted on April 27, 2016 and instituted on May 25, 2018 on data protection and privacy for all individual citizens of the European Union and the European Economic Area.

“Personal Data” means any information or set of information that identifies or could be used by or on behalf of Fare Tickets LLC to identify an individual. Personal Data does not include information that is encoded or anonymized, or publicly available information that has not been combined with non-public Personal Data.

“Sensitive Personal Data” or “Special Categories of Personal Data” This are categories of personal data revealing racial or ethnic origin; political opinions; religious or philosophical beliefs; trade union membership; genetic data, biometric data for the purpose of uniquely identifying a natural person; health data; and data concerning a natural person’s sex life or sexual orientation. In addition, Fare Tickets LLC will treat as sensitive Personal Data any information received from a third party where that third party treats and identifies the information as sensitive.

“Data Controller”: The data controller determines the purpose and manner in which personal data is used.

“Data Processor”: Processes Personal Data as instructed on behalf of a data controller

“European Economic Area (EEA)” consist of EU Member States plus Norway, Iceland and Lichtenstein.

“Online advertising” refer to Marketing messages that you may see on the internet.

“US Secure Flight Data”: The Transportation Security Administration (TSA) requires you to provide your full name, date of birth and gender for the purpose of watch list screening. You may also provide your Redress Number, if available. Failure to provide details may result in denial of transport or denial of authority to enter the boarding area. TSA may share information you provide with law enforcement or intelligence agencies or others under its published system of records notice. Please see the TSA website for more details.

PrivacyShield

We may transfer your Personal Data to countries other than the country where you are located, including to the United States where we are headquartered.

The EU-U.S. and Swiss-U.S. Privacy Shield Frameworks were designed by the U.S. Department of Commerce, and the European Commission and Swiss Administration, respectively, to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring Personal Data from the European Union and Switzerland to the United States in support of transatlantic commerce.

FORCH Travels complies with the EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Data transferred from the European Union and Switzerland to the United States. FORCH Travels has certified to the Department of Commerce that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement, and Liability. If there is any conflict between the terms of this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit www.privacyshield.gov.

Personal data, including data collected in the European Economic Area (“EEA”) or Switzerland, may be transferred, stored, and processed by us and our services providers, partners, and affiliates in the United States and potentially other countries whose data protection laws may be different to the laws of your country.

We will not transfer Personal Data originating in the EU or Switzerland to third parties unless such third parties have entered into an agreement in writing with us requiring them to provide at least the same level of privacy protection to your Personal Data as required by the Principles of the EU-US Privacy Shield Framework or the Swiss-US Privacy Shield Framework. We will only transfer data to our agents, affiliates, or third-party service providers (such as accountants, attorneys, consultants, and other service providers) who need the information in order to provide services to or perform activities on behalf of FORCH; including in connection with the delivery of services, FORCHs’ management, administration, or legal responsibilities. We shall remain liable under the Principles if its agent processes such personal information in a manner inconsistent with the Principles, unless we prove that we are not responsible for the event giving rise to the damage.

Dispute Resolution: In compliance with the Privacy Shield Principles, FORCH Travels commits to resolve complaints about our collection or use of your Personal Data. European Union or Swiss individuals with inquiries or complaints regarding this privacy policy should first contact FORCH at:

FORCH Travels
618 Thornton Rd,
STE 3-116 Lithia Springs Georgia, 30122

FORCH has further committed to refer unresolved privacy complaints under the EU-U.S. and Swiss-U.S. Privacy Shield Principles to an independent dispute resolution mechanism:

• for disputes involving all Personal Data received by our company from Switzerland, our company has agreed to cooperate with the Swiss FDPIC: https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/links/data-protection—international.html
• for disputes involving all Personal Data received by our company from EU countries, we commit to refer unresolved complaints under the Privacy Shield Principles to an independent dispute resolution panel established by European Union Data Protection Authorities. Please contact the Data Protection Authority in your country for your complaint: http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm

Under certain limited conditions, an individual may be able to invoke binding arbitration as provided under the Privacy Shield to address an otherwise unresolved complaint. For more details about this process, visit the Privacy Shield website https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint.

FORCH Travels is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC) and under certain conditions, individuals may invoke binding arbitration as well as learn more about our liability in cases of onward transfers to third parties at: https://www.privacyshield.gov/EU-US-Framework.

International Transfers of Personal Data

Personal data, including data collected in the European Economic Area (“EEA”) or Switzerland, may be transferred, stored, and processed by us and our services providers, partners, and affiliates in the United States and potentially other countries whose data protection laws may be different to the laws of your country.

We will not transfer Personal Data originating in the EU or Switzerland to third parties unless such third parties have entered into an agreement in writing with us requiring them to provide at least the same level of privacy protection to your Personal Data as required by the Principles of the EU-US Privacy Shield Framework or the Swiss-US Privacy Shield Framework. We will only transfer data to our agents, affiliates, or third-party service providers (such as accountants, attorneys, consultants, and other service providers) who need the information in order to provide services to or perform activities on behalf of FORCH; including in connection with the delivery of services, FORCHs’ management, administration, or legal responsibilities. We shall remain liable under the Principles if its agent processes such personal information in a manner inconsistent with the Principles, unless we prove that we are not responsible for the event giving rise to the damage.

Cookie Policy

We use or may use the data collected through cookies, log files, device identifiers, and clear GIFs to (a) remember information so in subsequent visits a user will not have to re-enter it; (b) provide custom, personalized content, and information; (c) monitor the effectiveness of our Services; (d) monitor aggregate metrics such as total number of visitors, traffic, and usage on our website and our Services; (e) diagnose or fix technology problems; and (f) help users efficiently access information after signing in.

Clear GIFs, pixel tags, and other technologies: Clear GIFs (also known as web beacons, web bugs or pixel tags) are tiny graphics with a unique identifier, similar in function to cookies. In contrast to cookies, which are stored on your computer’s hard drive, clear GIFs are embedded invisibly on web pages. We may use clear GIFs, in connection with Services to, among other things, track the activities of visitors, help us manage content, and compile statistics about site usage. We and our third-party service providers also use clear GIFs in HTML emails to our customers to help us track e-mail response rates, identify when our e-mails are viewed, and track whether our e-mails are forwarded.

Third-Party Analytics: We use automated devices, applications, and other means, such as Google Analytics to evaluate usage of our FORCH websites and Services. We use these tools to help us improve our Services, performance and user experiences. These entities may use cookies and other tracking technologies to perform their services. Third-party advertising networks are never allowed to collect information about the users of our websites or Services.