Privacy & Cookie Policy

Last update: 01/04/25

Business to Business [ExperienceBank (Trekksoft) to Partners, marketplaces and any other business we have a commercial relationship with].
ExperienceBank (A TrekkSoft AG product) has collected or may collect your personal details to facilitate business with you or your organization and to keep you informed of ongoing services.

If you have facilitated personal data via https://experiencebank.travel, app.experiencebank.io the Data Controller of this data is Trekksoft AG with the following contact details:

TrekkSoft AG
Hauptstrasse 15, 3800 Matten b. Interlaken
Switzerland
info@experiencebank.travel

In cases where personal data has been provided through any of our business partners using ExperienceBank, Trekksoft AG remains the Data Processor, or Data Sub-Processor.

To comply with the Data Protection Act 2018, the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR), and the Swiss Federal Act on Data Protection (FADP), we must provide you with the following information about the personal data you give to us or that we receive from third parties as recommendations.

What Information Do We Collect?
Personal data, or personal information, refers to any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data) or data relating to a corporate entity.

We may collect, use, store, and transfer different kinds of personal data about you, which we have grouped together as follows:

Identity Data includes first name, last name, title, company position.
Contact Data includes business or home address, email address(es), telephone number(s), and fax number(s).
Marketing and Communications Data includes your preferences in receiving marketing from us or other third parties and your communication preferences.

What If You Don’t Provide Personal Data?

Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with our products or services). In this case, we may have to suspend or cancel a product or service you have with us, but we will notify you if this is the case at the time.

How Do We Collect Your Personal Data?
We use different methods to collect data from and about you, including:

Direct interactions: You may give us your Identity, Contact, Profile, Marketing, and Communications Data by filling in forms or by corresponding with us by post, phone, email, social media, or otherwise.
Automated technologies or interactions: As you interact with our website, we may automatically collect Technical or Usage Data about your equipment, browsing actions, and patterns. We collect this personal data by using cookies and other similar technologies. Please see our Cookie Policy.
Third parties or publicly available sources: We may receive information about you from various other third parties and public sources such as Identity and Contact Data from individuals recommending, in a business-to-business context.

Why Do We Process Personal Data?

ExperienceBank (a TrekkSoft product) processes this information to communicate with you for business reasons, which may include procurement and undertaking business with you or your organization. This may include purchasing goods and services or providing services to us.

Most commonly, we will use your personal data in the following circumstances:

Performance of Contract: Fulfill orders.
Legitimate Interest: Customer communications, data/security breaches, Terms of Service.

Who Do We Share Your Personal Data With?

We may have to share your personal data with the following parties:

Internal Third Parties such as other companies within the TrekkSoft AG group, which includes subsidiaries and the ultimate holding company and its subsidiaries.

IT service providers, our client businesses (booking management platforms) and their customers (activity suppliers), based in Switzerland, the UK, the European Economic Area (EEA), or other countries (covered by Standard Contractual Clauses)
Professional advisers including lawyers, bankers, auditors, and insurers based in Switzerland, the UK, and the EEA who provide consultancy, legal, banking, accounting, and insurance services.

Regulatory and governmental authorities such as HM Revenue & Customs, the Swiss Federal Data Protection and Information Commissioner (FDPIC), or other relevant regulators, law enforcement bodies, police, and other authorities based in Switzerland, the UK, and the EEA, who require reporting of processing activities in certain circumstances (such as criminal activity, suspected or actual fraud, or tax evasion).
Marketing and PR providers where you have agreed to a publication or article with us.

Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, the new owners may use your personal data in the same way as set out in this privacy policy.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

We do not process your personal data in any country outside the European Economic Area (EEA), Switzerland, or the UK unless adequate protection standards are in place through a SCC (Standard Contractual Clauses).

How Do We Protect Data?
We take the protection of your data seriously. We have internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused, or disclosed, and is not accessed except by our employees in the performance of their duties.

Where we engage third parties to process personal data on our behalf, we do so based on written instructions, and such third parties are under a duty of confidentiality and are obliged to implement appropriate technical and organizational measures to ensure the security of data.

How Long Will We Keep Your Data?
ExperienceBank/TrekkSoft will continue to hold your personal data for the duration of the business relationship or the duration of the contract and will hold your information for a further 7 years in line with our retention policy. Name, address and contact details will be held for this period because of the obligation by Swiss authorities to hold financial details for seven years. Contact details will be held for the same period for the purpose of settling any financial disputes during the mandated retention period.

Your Rights as a Data Subject

As a data subject, you are entitled to several rights under the EU GDPR, UK GDPR, and Swiss FADP. These rights allow you to control how your data is processed, but each right can only be exercised under specific conditions. Below is a detailed overview of your rights, the conditions for exercising them, and the steps required to make a request.

Right of Access
You have the right to request access to the personal data we hold about you. This right is typically exercised to:
Confirm whether we are processing your personal data;

• Obtain a copy of your personal data; and
• Understand how and why we are using your data.

Conditions: This right can be exercised at any time. You must allow up to 30 for the company to produce you data.
How to exercise: Submit a written request to [info@experiencebank.travel] specifying that you are making a “Data Subject Access Request.” You may be required to verify your identity.

Right to Rectification

If any of the personal data we hold about you is inaccurate or incomplete, you have the right to request its correction.
Conditions: This right can be exercised when you identify inaccuracies in your personal data. In some cases, we may ask you to provide evidence to support the correction.
How to exercise: Contact [info@experiencebank.travel] with details of the data that needs correcting and, if applicable, provide supporting documents.

Right to Erasure (Right to be Forgotten)

You can request that we delete your personal data in certain situations, such as when:

• The data is no longer necessary for the purposes for which it was collected;
• You withdraw your consent (where consent was the legal basis for processing);
• You object to the processing, and there are no overriding legitimate grounds;
• The data has been unlawfully processed; or
• We are required to erase the data to comply with legal obligations.
• Conditions: This right applies under specific circumstances, such as those listed above. We may refuse your request if we need the data for legal compliance or to establish, exercise, or defend legal claims.

How to exercise: Send a written request to [info@experiencebank.travel] specifying that you are requesting data erasure. We may ask you to confirm the specific circumstances that justify erasure.

Right to Object to Processing

You have the right to object to the processing of your personal data when:
We rely on legitimate interests as the legal basis for processing, and you believe your rights and freedoms are being negatively impacted; or
We may process your data for direct marketing purposes.
Conditions: In most cases, your right to object can be exercised at any time. However, if we demonstrate compelling legitimate grounds for the processing, we may be able to continue processing despite your objection.
How to exercise: To object, send a written request to [info@experiencebank.travel] specifying the grounds for your objection and the processing activity you are concerned about.

Right to Restrict Processing

You can request the restriction of your personal data processing in the following scenarios:
You contest the accuracy of your data, and we are verifying it;
Our processing is unlawful, but you prefer restriction over erasure;
You need us to retain your data for legal claims, even though we no longer need it for processing; or
You have objected to our processing, and we are verifying whether we have overriding legitimate grounds.
Conditions: Restriction can only be requested under the specific scenarios above. During the restriction period, we will not process your data except to store it or use it for legal claims.
How to exercise: Submit a restriction request to [info@experiencebank.travel] detailing the relevant scenario for restricting your data processing.
Right to Data Portability
You can request that we transfer your personal data to you or a third party in a structured, commonly used, machine-readable format. This right applies when:

• You provided the personal data to us;
• The legal basis for processing was your consent or performance of a contract; and
• The processing is carried out by automated means.

Conditions: This right is limited to specific types of data (i.e., data you provided to us) and only applies to automated processing.
How to exercise: Contact [info@experiencebank.travel] to request data portability. Be prepared to provide details of the data to be transferred and the third party you want to receive the data.

ExperienceBank (A TrekkSoft AG product) respects your privacy and is committed to protecting your personal data.

In compliance with the UK Data Protection Act 2018, the UK General Data Protection Regulation (UK GDPR), the Swiss Federal Data Protection Act, and the EU General Data Protection Regulation (GDPR), we provide you with the following information about the personal data you provide to us or that we receive from third parties. This privacy notice explains how we collect, use, and protect your personal data when you visit our website (www.experience bank.travel) or engage with us regarding our products and services. It also informs you of your privacy rights and how the law protects you.

If you have facilitated personal data via experience bank.travel, the Data Controller of this data is Trekksoft AG with the following contact details:

TrekkSoft AG
Hauptstrasse 15, 3800 Matten b. Interlaken
Switzerland
info@experiencebank.travel

Please read this privacy notice along with our Cookie Policy, and any other specific privacy notices we provide when collecting or processing your personal data. This privacy notice supplements other notices and is not intended to override them.

To ensure the personal data we hold about you is accurate and current, please inform us of any changes during your relationship with us.

Third-Party Links and Connections
Our website may contain links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy policies. We encourage you to read the privacy policy of every website you visit.

By accessing and continuing to use our website, you accept the terms of this privacy notice.

What Information Do We Collect?
Personal data, or personal information, refers to any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data) or data relating to a corporate entity.

We may collect, use, store, and transfer different kinds of personal data about you, which we have grouped together as follows:

Identity Data: First name, last name, title, and company position.
Contact Data: Business or home address, email addresses, and telephone numbers.
Technical Data: IP address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system, platform, and other technology on the devices you use to access this website or our software.
Usage Data: Information about how you use our website.
Marketing and Communications Data: Your preferences for receiving marketing communications from us or our clients, and your communication preferences.
Aggregated Data: We may also collect, use, and share aggregated data such as statistical or demographic data. Aggregated data may be derived from your personal data but is not considered personal data as it does not reveal your identity. If we combine aggregated data with your personal data in a way that identifies you, we treat it as personal data in accordance with this privacy notice.

Why Do We Process Personal Data?

We process your personal data under the following lawful bases:

Performance of a Contract: Processing your personal data is necessary to perform a contract or to take steps at your request before entering into such a contract.
Legitimate Interest: Processing is necessary for our legitimate interests (or those of a third party), provided that your interests and fundamental rights do not override those interests.
Consent: When you provide your consent for specific purposes, such as receiving newsletters or marketing materials.
Compliance with Legal Obligations: Processing is necessary to comply with a legal or regulatory obligation.

How Do We Collect Your Personal Data?
We collect personal data through various methods:

Direct Interactions: You provide your personal data when you:

• Request a demo of our software.
• Arrange a callback from our sales team.
• Contact our support team.
• Subscribe to our newsletter.
• Provide feedback.

Automated Technologies or Interactions: We may collect technical and usage data as you interact with our website. This may include using cookies and similar technologies. Please refer to our Cookie Policy for more details.
Third Parties or Publicly Available Sources: We may receive personal data about you from third parties, such as analytics providers (e.g., Google) and individuals recommending us to you in a business-to-business context.
How Do We Use Your Personal Data?
We will use your personal data only for the purposes for which we collected it unless we reasonably consider that we need to use it for another reason that is compatible with the original purpose. If you need an explanation as to how the new purpose is compatible with the original purpose, please contact us.

If we need to use your personal data for an unrelated purpose, we will notify you and explain the legal basis for doing so. We may process your personal data without your knowledge or consent when required or permitted by law.

Sharing Your Data
We may share your personal data with:

Internal Third Parties: Companies within the ExperienceBank (TrekkSoft) group.
Service Providers: Companies providing IT, system administration, and other services.
Professional Advisers: Including lawyers, bankers, auditors, and insurers.
Regulators and Authorities: To comply with legal obligations or regulatory requirements.
Third-Party Integrations: With your consent, we may share data with third-party platforms integrated into our services.
Data Transfers Outside the EU/UK/Switzerland
We do not transfer your personal data outside the UK, Switzerland, or the EU without appropriate safeguards in place to ensure the security of your data.

How Do We Protect Data?
We take the protection of your data seriously. We have internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused, or disclosed, and is not accessed except by our employees in the performance of their duties.

Where we engage third parties to process personal data on our behalf, we do so based on written instructions, and such third parties are under a duty of confidentiality and are obliged to implement appropriate technical and organizational measures to ensure the security of data.

How Long Will We Keep Your Data?
ExperienceBank/TrekkSoft will continue to hold your personal data for the duration of the business relationship or the duration of the contract and will hold your information for a further 7 years in line with our retention policy. Name, address and contact details will be held for this period because of the obligation by Swiss authorities to hold financial details for seven years. Contact details will be held for the same period for the purpose of settling any financial disputes during the mandated retention period.

Your Rights as a Data Subject

As a data subject, you are entitled to several rights under the EU GDPR, UK GDPR, and Swiss FADP. These rights allow you to control how your personal data is processed, but each right can only be exercised under specific conditions. Below is a detailed overview of your rights, the conditions for exercising them, and the steps required to make a request.

Right of Access
You have the right to request access to the personal data we hold about you. This right is typically exercised to:
Confirm whether we are processing your personal data;
Obtain a copy of your personal data; and
Understand how and why we are using your data.
Conditions: This right can be exercised at any time. You must allow up to 30 for the company to produce you data.
How to exercise: Submit a written request to [info@experiencebank.travel] specifying that you are making a “Data Subject Access Request.” You may be required to verify your identity.

Right to Rectification

If any of the personal data we hold about you is inaccurate or incomplete, you have the right to request its correction.
Conditions: This right can be exercised when you identify inaccuracies in your personal data. In some cases, we may ask you to provide evidence to support the correction.

How to exercise: Contact [info@experiencebank.travel] with details of the data that needs correcting and, if applicable, provide supporting documents.

Right to Erasure (Right to be Forgotten)
You can request that we delete your personal data in certain situations, such as when:
The data is no longer necessary for the purposes for which it was collected;
You withdraw your consent (where consent was the legal basis for processing);
You object to the processing, and there are no overriding legitimate grounds;
The data has been unlawfully processed; or
We are required to erase the data to comply with legal obligations.
Conditions: This right applies under specific circumstances, such as those listed above. We may refuse your request if we need the data for legal compliance or to establish, exercise, or defend legal claims.
How to exercise: Send a written request to [info@experiencebank.travel] specifying that you are requesting data erasure. We may ask you to confirm the specific circumstances that justify erasure.

Right to Object to Processing
You have the right to object to the processing of your personal data when:
We rely on legitimate interests as the legal basis for processing, and you believe your rights and freedoms are being negatively impacted; or
We may process your data for direct marketing purposes.
Conditions: In most cases, your right to object can be exercised at any time. However, if we demonstrate compelling legitimate grounds for the processing, we may be able to continue processing despite your objection.
How to exercise: To object, send a written request to [info@experiencebank.travel] specifying the grounds for your objection and the processing activity you are concerned about.

Right to Restrict Processing
You can request the restriction of your personal data processing in the following scenarios:
You contest the accuracy of your data, and we are verifying it;
Our processing is unlawful, but you prefer restriction over erasure;
You need us to retain your data for legal claims, even though we no longer need it for processing; or
You have objected to our processing, and we are verifying whether we have overriding legitimate grounds.
Conditions: Restriction can only be requested under the specific scenarios above. During the restriction period, we will not process your data except to store it or use it for legal claims.
How to exercise: Submit a restriction request to [info@experiencebank.travel] detailing the relevant scenario for restricting your data processing.

To comply with the Data Protection Act 2018, the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR), and the Swiss Federal Act on Data Protection (FADP), ExperienceBank (a TrekkSoft AG product) provides the following information regarding your personal data.

Data Controller Information
If you have provided your personal data via ExperienceBank or app.experiencebank.io, the Data Controller is:

TrekkSoft AG
Hauptstrasse 15, 3800 Matten b. Interlaken, Switzerland
Email: info@experiencebank.travel

Purpose of Data Collection
The data you provide will be used solely for the following purposes:

Responding to your personal data requests (e.g., Subject Access Requests).
Facilitating the exercise of your data protection rights.
Ensuring compliance with applicable data protection laws.

What Personal Data Do We Collect?

We may collect and process the following types of personal data from you:

Identity Data: Name, title, and company position.
Contact Data: Email address, business or home address, and phone number.
Request Details: Information specific to your data request, such as proof of identity or details required to identify your records.
How Do We Use Your Personal Data?
Your personal data will be used to:

Verify your identity to ensure the security of your information.
Process your Subject Access Requests or any other data-related inquiries.
Communicate with you regarding the status of your request.

Data Sharing and Transfers

We may share your data internally within TrekkSoft AG or with relevant departments to address your request efficiently. In certain cases, your data may be shared with:

External Advisors: Legal, regulatory, or compliance consultants.
Data Protection Authorities: If required for regulatory compliance or in response to a complaint.
Your data will not be transferred to third parties or outside the UK, Switzerland, or the EU without your explicit consent, unless legally required.

Retention of Your Data
We will retain your personal data for as long as necessary to process your request and in line with legal retention requirements:

Travelers: Personal data related to booking inquiries will be retained for 60 days following the last interaction related to your request.
Business Partners: Data will be kept for the duration of our commercial relationship and for an additional 7 years post-termination, in compliance with Swiss financial retention laws.

Your Rights as a Data Subject

As a data subject, you are entitled to several rights under the EU GDPR, UK GDPR, and Swiss FADP. These rights allow you to control how your personal data is processed, but each right can only be exercised under specific conditions. Below is a detailed overview of your rights, the conditions for exercising them, and the steps required to make a request.

Right of Access
You have the right to request access to the personal data we hold about you. This right is typically exercised to:
Confirm whether we are processing your personal data;

• Obtain a copy of your personal data; and
• Understand how and why we are using your data.

Conditions: This right can be exercised at any time. You must allow up to 30 for the company to produce you data.
How to exercise: Submit a written request to [info@experiencebank.travel] specifying that you are making a “Data Subject Access Request.” You may be required to verify your identity.

Right to Rectification

If any of the personal data we hold about you is inaccurate or incomplete, you have the right to request its correction.
Conditions: This right can be exercised when you identify inaccuracies in your personal data. In some cases, we may ask you to provide evidence to support the correction.

How to exercise: Contact [info@experiencebank.travel] with details of the data that needs correcting and, if applicable, provide supporting documents.

Right to Erasure (Right to be Forgotten)

You can request that we delete your personal data in certain situations, such as when:

• The data is no longer necessary for the purposes for which it was collected;
• You withdraw your consent (where consent was the legal basis for processing);
• You object to the processing, and there are no overriding legitimate grounds;
• The data has been unlawfully processed; or
• We are required to erase the data to comply with legal obligations.

Conditions: This right applies under specific circumstances, such as those listed above. We may refuse your request if we need the data for legal compliance or to establish, exercise, or defend legal claims.
How to exercise: Send a written request to [info@experiencebank.travel] specifying that you are requesting data erasure. We may ask you to confirm the specific circumstances that justify erasure.

Right to Object to Processing

You have the right to object to the processing of your personal data when:
We rely on legitimate interests as the legal basis for processing, and you believe your rights and freedoms are being negatively impacted; or
We may process your data for direct marketing purposes.
Conditions: In most cases, your right to object can be exercised at any time. However, if we demonstrate compelling legitimate grounds for the processing, we may be able to continue processing despite your objection.
How to exercise: To object, send a written request to [info@experiencebank.travel] specifying the grounds for your objection and the processing activity you are concerned about.

Right to Restrict Processing

You can request the restriction of your personal data processing in the following scenarios:
You contest the accuracy of your data, and we are verifying it;
Our processing is unlawful, but you prefer restriction over erasure;
You need us to retain your data for legal claims, even though we no longer need it for processing; or
You have objected to our processing, and we are verifying whether we have overriding legitimate grounds.
Conditions: Restriction can only be requested under the specific scenarios above. During the restriction period, we will not process your data except to store it or use it for legal claims.
How to exercise: Submit a restriction request to [info@experiencebank.travel] detailing the relevant scenario for restricting your data processing.

Right to Data Portability

You can request that we transfer your personal data to you or a third party in a structured, commonly used, machine-readable format. This right applies when:

• You provided the personal data to us;
• The legal basis for processing was your consent or performance of a contract; and
• The processing is carried out by automated means.
• Conditions: This right is limited to specific types of data (i.e., data you provided to us) and only applies to automated processing.
• How to exercise: Contact [info@experiencebank.travel] to request data portability. Be prepared to provide details of the data to be transferred and the third party you want to receive the data.

How to Exercise Your Rights

To exercise any of your rights, please contact us at [info@experiencebank.travel]. In most cases, we will require you to submit your request in writing and may ask for proof of identity to ensure we are dealing with the correct individual. Some rights, such as erasure or restriction, may also require you to provide additional information about your specific circumstances.

We will respond to your request within one month of receiving it. If your request is particularly complex, or if you have made several requests, we may need extra time to respond, in which case we will inform you of the delay and the reasons for it.

Right to Withdraw Consent
If we rely on your consent to process your personal data, you have the right to withdraw that consent at any time. Withdrawing consent will not affect the lawfulness of any processing carried out before you withdraw your consent.

Conditions for Withdrawal:
You can withdraw your consent whenever we are processing your personal data based on your explicit consent. This may include situations where you have agreed to receive marketing communications, newsletters, or other non-essential services. However, withdrawing your consent may affect our ability to provide certain products or services that rely on consent for processing. In such cases, we will inform you if withdrawing consent limits our ability to deliver these products or services.

How to Withdraw Consent:

To withdraw your consent:
Contact us directly by sending a request to [info@experiencebank.travel].
Clearly specify the processing activity or service for which you are withdrawing consent (e.g., “I withdraw my consent for receiving marketing emails”).
We may ask for identity verification to ensure that we are acting on the correct request.
Once we receive your withdrawal request, we will promptly stop processing your personal data for the relevant purposes. Please note that withdrawing consent does not affect the lawfulness of any processing that took place before the withdrawal.

Impact of Withdrawal:
If you withdraw your consent for processing activities necessary to deliver certain services, such as personalized recommendations or marketing communications, we may no longer be able to provide those services. We will notify you of any service impacts at the time of your withdrawal.
Automated Decision-Making and Profiling
ExperienceBank does not use your personal data for automated decision-making or profiling.

How We Protect Your Data
We are committed to ensuring the security of your data. We have implemented technical and organizational measures to protect your personal information from unauthorized access, loss, or misuse.

If third-party processors are engaged to handle your data, they are bound by confidentiality obligations and required to implement appropriate security measures.

How to Make a Subject Access Request
To request access to your personal data, please email info@experiencebank.travel with the following details:

Your full name and contact information.
Proof of identity (e.g., a government-issued ID).
Specific details of the data you wish to access or any other request.
Upon receiving your request, we will acknowledge it and aim to respond within one month. In complex cases, we may need additional time, and we will inform you of any delays.

Right to Lodge a Complaint
If you believe we have not complied with your data protection rights, you have the right to lodge a complaint with the relevant Data Protection Authority:

UK: Information Commissioner’s Office (ICO) – Website
EU: Contact your local Data Protection Authority. A full list is available here.
Switzerland: Federal Data Protection and Information Commissioner (FDPIC) – Website
We encourage you to reach out to us first to resolve any concerns.

Changes to This Privacy Notice
We reserve the right to update this Privacy Notice periodically. Any changes will be communicated via our website or through other appropriate channels.

For further information, please contact our Data Protection Officer at info@experiencebank.travel.

ExperienceBank [A TrekkSoft AG product] collects, holds, and processes certain personal data about our Partners, their Customers (“data subjects”), Employees, and Suppliers (“data controllers”). As a data subject, you have the legal right, under applicable data protection laws (including the UK Data Protection regulation(UK GDPR), Swiss Federal Act on Data Protection (FADP), and the EU General Data Protection Regulation (EU GDPR)), to find out about our use of your personal data. This includes:

• Confirmation that your personal data is being processed by us.
• Access to your personal data.
• Details on how we use your personal data and the reasons for its use.
• Information on any sharing or transfers of your personal data.
• Retention Periods: How long we hold your personal data.

Your Rights under applicable data protection laws, including the right to withdraw your consent to our use of your personal data at any time and/or to object to our processing of it.