Business to Business
Business to Business [ExperienceBank (Trekksoft) to Partners, marketplaces and any other business we have a commercial relationship with].
ExperienceBank (A TrekkSoft AG product) has collected or may collect your personal details to facilitate business with you or your organization and to keep you informed of ongoing services.
If you have facilitated personal data via https://experiencebank.travel, app.experiencebank.io the Data Controller of this data is Trekksoft AG with the following contact details:
TrekkSoft AG
Hauptstrasse 15, 3800 Matten b. Interlaken
Switzerland
privacy@trekksoft.com
In cases where personal data has been provided through any of our business partners using ExperienceBank, Trekksoft AG remains the Data Processor, or Data Sub-Processor.
To comply with the Data Protection Act 2018, the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR), and the Swiss Federal Act on Data Protection (FADP), we must provide you with the following information about the personal data you give to us or that we receive from third parties as recommendations.
What Information Do We Collect?
Personal data, or personal information, refers to any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data) or data relating to a corporate entity.
We may collect, use, store, and transfer different kinds of personal data about you, which we have grouped together as follows:
- Identity Data includes first name, last name, title, company position.
- Contact Data includes business or home address, email address(es), telephone number(s), and fax number(s).
- Marketing and Communications Data includes your preferences in receiving marketing from us or other third parties and your communication preferences.
What If You Don’t Provide Personal Data?
Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with our products or services). In this case, we may have to suspend or cancel a product or service you have with us, but we will notify you if this is the case at the time.
How Do We Collect Your Personal Data?
We use different methods to collect data from and about you, including:
- Direct interactions: You may give us your Identity, Contact, Profile, Marketing, and Communications Data by filling in forms or by corresponding with us by post, phone, email, social media, or otherwise.
- Automated technologies or interactions: As you interact with our website, we may automatically collect Technical or Usage Data about your equipment, browsing actions, and patterns. We collect this personal data by using cookies and other similar technologies. Please see our Cookie Policy.
- Third parties or publicly available sources: We may receive information about you from various other third parties and public sources such as Identity and Contact Data from individuals recommending, in a business-to-business context.
Why Do We Process Personal Data?
ExperienceBank (a TrekkSoft product) processes this information to communicate with you for business reasons, which may include procurement and undertaking business with you or your organization. This may include purchasing goods and services or providing services to us.
Most commonly, we will use your personal data in the following circumstances:
- Performance of Contract: Fulfill orders.
- Legitimate Interest: Customer communications, data/security breaches, Terms of Service.
Who Do We Share Your Personal Data With?
We may have to share your personal data with the following parties:
- Internal Third Parties such as other companies within the TrekkSoft AG group, which includes subsidiaries and the ultimate holding company and its subsidiaries.
- IT service providers, our client businesses (booking management platforms) and their customers (activity suppliers), based in Switzerland, the UK, the European Economic Area (EEA), or other countries (covered by Standard Contractual Clauses)
- Professional advisers including lawyers, bankers, auditors, and insurers based in Switzerland, the UK, and the EEA who provide consultancy, legal, banking, accounting, and insurance services.
- Regulatory and governmental authorities such as HM Revenue & Customs, the Swiss Federal Data Protection and Information Commissioner (FDPIC), or other relevant regulators, law enforcement bodies, police, and other authorities based in Switzerland, the UK, and the EEA, who require reporting of processing activities in certain circumstances (such as criminal activity, suspected or actual fraud, or tax evasion).
- Marketing and PR providers where you have agreed to a publication or article with us.
- Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, the new owners may use your personal data in the same way as set out in this privacy policy.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
We do not process your personal data in any country outside the European Economic Area (EEA), Switzerland, or the UK unless adequate protection standards are in place through a SCC (Standard Contractual Clauses).
How Do We Protect Data?
We take the protection of your data seriously. We have internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused, or disclosed, and is not accessed except by our employees in the performance of their duties.
Where we engage third parties to process personal data on our behalf, we do so based on written instructions, and such third parties are under a duty of confidentiality and are obliged to implement appropriate technical and organizational measures to ensure the security of data.
How Long Will We Keep Your Data?
ExperienceBank/TrekkSoft will continue to hold your personal data for the duration of the business relationship or the duration of the contract and will hold your information for a further 7 years in line with our retention policy. Name, address and contact details will be held for this period because of the obligation by Swiss authorities to hold financial details for seven years. Contact details will be held for the same period for the purpose of settling any financial disputes during the mandated retention period.
Your Rights as a Data Subject
As a data subject, you are entitled to several rights under the EU GDPR, UK GDPR, and Swiss FADP. These rights allow you to control how your personal data is processed, but each right can only be exercised under specific conditions. Below is a detailed overview of your rights, the conditions for exercising them, and the steps required to make a request.
- Right of Access
You have the right to request access to the personal data we hold about you. This right is typically exercised to:- Confirm whether we are processing your personal data;
- Obtain a copy of your personal data; and
- Understand how and why we are using your data.
Conditions: This right can be exercised at any time. You must allow up to 30 for the company to produce you data. - How to exercise: Submit a written request to [privacy@experiencebank.travel] specifying that you are making a “Data Subject Access Request.” You may be required to verify your identity.
- Right to Rectification
If any of the personal data we hold about you is inaccurate or incomplete, you have the right to request its correction.
Conditions: This right can be exercised when you identify inaccuracies in your personal data. In some cases, we may ask you to provide evidence to support the correction.
How to exercise: Contact [privacy@experiencebank.travel] with details of the data that needs correcting and, if applicable, provide supporting documents. - Right to Erasure (Right to be Forgotten)
You can request that we delete your personal data in certain situations, such as when:- The data is no longer necessary for the purposes for which it was collected;
- You withdraw your consent (where consent was the legal basis for processing);
- You object to the processing, and there are no overriding legitimate grounds;
- The data has been unlawfully processed; or
- We are required to erase the data to comply with legal obligations.
Conditions: This right applies under specific circumstances, such as those listed above. We may refuse your request if we need the data for legal compliance or to establish, exercise, or defend legal claims.
How to exercise: Send a written request to [privacy@experiencebank.travel] specifying that you are requesting data erasure. We may ask you to confirm the specific circumstances that justify erasure.
- Right to Object to Processing
You have the right to object to the processing of your personal data when:- We rely on legitimate interests as the legal basis for processing, and you believe your rights and freedoms are being negatively impacted; or
- We may process your data for direct marketing purposes.
Conditions: In most cases, your right to object can be exercised at any time. However, if we demonstrate compelling legitimate grounds for the processing, we may be able to continue processing despite your objection.
How to exercise: To object, send a written request to [privacy@experiencebank.travel] specifying the grounds for your objection and the processing activity you are concerned about.
- Right to Restrict Processing
You can request the restriction of your personal data processing in the following scenarios:- You contest the accuracy of your data, and we are verifying it;
- Our processing is unlawful, but you prefer restriction over erasure;
- You need us to retain your data for legal claims, even though we no longer need it for processing; or
- You have objected to our processing, and we are verifying whether we have overriding legitimate grounds.
Conditions: Restriction can only be requested under the specific scenarios above. During the restriction period, we will not process your data except to store it or use it for legal claims.
How to exercise: Submit a restriction request to [privacy@experiencebank.travel] detailing the relevant scenario for restricting your data processing.
- Right to Data Portability
You can request that we transfer your personal data to you or a third party in a structured, commonly used, machine-readable format. This right applies when:- You provided the personal data to us;
- The legal basis for processing was your consent or performance of a contract; and
- The processing is carried out by automated means.
Conditions: This right is limited to specific types of data (i.e., data you provided to us) and only applies to automated processing.
How to exercise: Contact [privacy@experiencebank.travel] to request data portability. Be prepared to provide details of the data to be transferred and the third party you want to receive the data.
How to Exercise Your Rights
To exercise any of your rights, please contact us at [privacy@experiencebank.travel]. In most cases, we will require you to submit your request in writing and may ask for proof of identity to ensure we are dealing with the correct individual. Some rights, such as erasure or restriction, may also require you to provide additional information about your specific circumstances.
We will respond to your request within one month of receiving it. If your request is particularly complex, or if you have made several requests, we may need extra time to respond, in which case we will inform you of the delay and the reasons for it.
Right to Withdraw Consent
If we rely on your consent to process your personal data, you have the right to withdraw that consent at any time. Withdrawing consent will not affect the lawfulness of any processing carried out before you withdraw your consent.
- Conditions for Withdrawal:
You can withdraw your consent whenever we are processing your personal data based on your explicit consent. This may include situations where you have agreed to receive marketing communications, newsletters, or other non-essential services. However, withdrawing your consent may affect our ability to provide certain products or services that rely on consent for processing. In such cases, we will inform you if withdrawing consent limits our ability to deliver these products or services. - How to Withdraw Consent:
To withdraw your consent:- Contact us directly by sending a request to [privacy@experiencebank.travel].
- Clearly specify the processing activity or service for which you are withdrawing consent (e.g., “I withdraw my consent for receiving marketing emails”).
- We may ask for identity verification to ensure that we are acting on the correct request.
Once we receive your withdrawal request, we will promptly stop processing your personal data for the relevant purposes. Please note that withdrawing consent does not affect the lawfulness of any processing that took place before the withdrawal.
- Impact of Withdrawal:
If you withdraw your consent for processing activities necessary to deliver certain services, such as personalized recommendations or marketing communications, we may no longer be able to provide those services. We will notify you of any service impacts at the time of your withdrawal.
Source of Data if Not Collected from the Data Subject:
Automated Decision-Making and Profiling:
At ExperienceBank, we do not use the personal data of Data Subjects for automated decision-making or profiling.
Right to Lodge a Complaint
If you believe we have not complied with this privacy notice or your data protection rights, you have the right to file a complaint with the relevant Data Protection Authority. We encourage you to reach out to us first to resolve any concerns.
- In the UK: Contact the Information Commissioner’s Office (ICO) here.
- In the EU: Contact your local Data Protection Authority. A full list of EU authorities and their contact details can be found here.
- In Switzerland: Contact the Federal Data Protection and Information Commissioner (FDPIC) here.
If you have any questions or concerns about our handling of your personal data or about our privacy practices, please reach out to our Data Protection Officer (DPO) at privacy@experiencebank.travel.
Changes to This Privacy Notice
We reserve the right to change this notice policy at any time as we may deem necessary or as required by law. We will provide you with a new privacy notice when we make any substantial changes. We may also notify you in other ways from time to time about the processing of your personal data.