Requests for Personal Data
Introduction
To comply with the Data Protection Act 2018, the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR), and the Swiss Federal Act on Data Protection (FADP), ExperienceBank (a TrekkSoft AG product) provides the following information regarding your personal data.
Data Controller Information
If you have provided your personal data via ExperienceBank or app.experiencebank.io, the Data Controller is:
TrekkSoft AG
Hauptstrasse 15, 3800 Matten b. Interlaken, Switzerland
Email: privacy@experiencebank.travel
Purpose of Data Collection
The data you provide will be used solely for the following purposes:
- Responding to your personal data requests (e.g., Subject Access Requests).
- Facilitating the exercise of your data protection rights.
- Ensuring compliance with applicable data protection laws.
What Personal Data Do We Collect?
We may collect and process the following types of personal data from you:
- Identity Data: Name, title, and company position.
- Contact Data: Email address, business or home address, and phone number.
- Request Details: Information specific to your data request, such as proof of identity or details required to identify your records.
How Do We Use Your Personal Data?
Your personal data will be used to:
- Verify your identity to ensure the security of your information.
- Process your Subject Access Requests or any other data-related inquiries.
- Communicate with you regarding the status of your request.
Data Sharing and Transfers
We may share your data internally within TrekkSoft AG or with relevant departments to address your request efficiently. In certain cases, your data may be shared with:
- External Advisors: Legal, regulatory, or compliance consultants.
- Data Protection Authorities: If required for regulatory compliance or in response to a complaint.
Your data will not be transferred to third parties or outside the UK, Switzerland, or the EU without your explicit consent, unless legally required.
Retention of Your Data
We will retain your personal data for as long as necessary to process your request and in line with legal retention requirements:
- Travelers: Personal data related to booking inquiries will be retained for 60 days following the last interaction related to your request.
- Business Partners: Data will be kept for the duration of our commercial relationship and for an additional 7 years post-termination, in compliance with Swiss financial retention laws.
Your Rights as a Data Subject
As a data subject, you are entitled to several rights under the EU GDPR, UK GDPR, and Swiss FADP. These rights allow you to control how your personal data is processed, but each right can only be exercised under specific conditions. Below is a detailed overview of your rights, the conditions for exercising them, and the steps required to make a request.
- Right of Access
You have the right to request access to the personal data we hold about you. This right is typically exercised to:- Confirm whether we are processing your personal data;
- Obtain a copy of your personal data; and
- Understand how and why we are using your data.
Conditions: This right can be exercised at any time. You must allow up to 30 for the company to produce you data. - How to exercise: Submit a written request to [privacy@experiencebank.travel] specifying that you are making a “Data Subject Access Request.” You may be required to verify your identity.
- Right to Rectification
If any of the personal data we hold about you is inaccurate or incomplete, you have the right to request its correction.
Conditions: This right can be exercised when you identify inaccuracies in your personal data. In some cases, we may ask you to provide evidence to support the correction.
How to exercise: Contact [privacy@experiencebank.travel] with details of the data that needs correcting and, if applicable, provide supporting documents. - Right to Erasure (Right to be Forgotten)
You can request that we delete your personal data in certain situations, such as when:- The data is no longer necessary for the purposes for which it was collected;
- You withdraw your consent (where consent was the legal basis for processing);
- You object to the processing, and there are no overriding legitimate grounds;
- The data has been unlawfully processed; or
- We are required to erase the data to comply with legal obligations.
Conditions: This right applies under specific circumstances, such as those listed above. We may refuse your request if we need the data for legal compliance or to establish, exercise, or defend legal claims.
How to exercise: Send a written request to [privacy@experiencebank.travel] specifying that you are requesting data erasure. We may ask you to confirm the specific circumstances that justify erasure.
- Right to Object to Processing
You have the right to object to the processing of your personal data when:- We rely on legitimate interests as the legal basis for processing, and you believe your rights and freedoms are being negatively impacted; or
- We may process your data for direct marketing purposes.
Conditions: In most cases, your right to object can be exercised at any time. However, if we demonstrate compelling legitimate grounds for the processing, we may be able to continue processing despite your objection.
How to exercise: To object, send a written request to [privacy@experiencebank.travel] specifying the grounds for your objection and the processing activity you are concerned about.
- Right to Restrict Processing
You can request the restriction of your personal data processing in the following scenarios:- You contest the accuracy of your data, and we are verifying it;
- Our processing is unlawful, but you prefer restriction over erasure;
- You need us to retain your data for legal claims, even though we no longer need it for processing; or
- You have objected to our processing, and we are verifying whether we have overriding legitimate grounds.
Conditions: Restriction can only be requested under the specific scenarios above. During the restriction period, we will not process your data except to store it or use it for legal claims.
How to exercise: Submit a restriction request to [privacy@experiencebank.travel] detailing the relevant scenario for restricting your data processing.
- Right to Data Portability
You can request that we transfer your personal data to you or a third party in a structured, commonly used, machine-readable format. This right applies when:- You provided the personal data to us;
- The legal basis for processing was your consent or performance of a contract; and
- The processing is carried out by automated means.
Conditions: This right is limited to specific types of data (i.e., data you provided to us) and only applies to automated processing.
How to exercise: Contact [privacy@experiencebank.travel] to request data portability. Be prepared to provide details of the data to be transferred and the third party you want to receive the data.
How to Exercise Your Rights
To exercise any of your rights, please contact us at [privacy@experiencebank.travel]. In most cases, we will require you to submit your request in writing and may ask for proof of identity to ensure we are dealing with the correct individual. Some rights, such as erasure or restriction, may also require you to provide additional information about your specific circumstances.
We will respond to your request within one month of receiving it. If your request is particularly complex, or if you have made several requests, we may need extra time to respond, in which case we will inform you of the delay and the reasons for it.
Right to Withdraw Consent
If we rely on your consent to process your personal data, you have the right to withdraw that consent at any time. Withdrawing consent will not affect the lawfulness of any processing carried out before you withdraw your consent.
- Conditions for Withdrawal:
You can withdraw your consent whenever we are processing your personal data based on your explicit consent. This may include situations where you have agreed to receive marketing communications, newsletters, or other non-essential services. However, withdrawing your consent may affect our ability to provide certain products or services that rely on consent for processing. In such cases, we will inform you if withdrawing consent limits our ability to deliver these products or services. - How to Withdraw Consent:
To withdraw your consent:- Contact us directly by sending a request to [privacy@experiencebank.travel].
- Clearly specify the processing activity or service for which you are withdrawing consent (e.g., “I withdraw my consent for receiving marketing emails”).
- We may ask for identity verification to ensure that we are acting on the correct request.
Once we receive your withdrawal request, we will promptly stop processing your personal data for the relevant purposes. Please note that withdrawing consent does not affect the lawfulness of any processing that took place before the withdrawal.
- Impact of Withdrawal:
If you withdraw your consent for processing activities necessary to deliver certain services, such as personalized recommendations or marketing communications, we may no longer be able to provide those services. We will notify you of any service impacts at the time of your withdrawal.
Automated Decision-Making and Profiling
ExperienceBank does not use your personal data for automated decision-making or profiling.
How We Protect Your Data
We are committed to ensuring the security of your data. We have implemented technical and organizational measures to protect your personal information from unauthorized access, loss, or misuse.
If third-party processors are engaged to handle your data, they are bound by confidentiality obligations and required to implement appropriate security measures.
How to Make a Subject Access Request
To request access to your personal data, please email privacy@experiencebank.travel with the following details:
- Your full name and contact information.
- Proof of identity (e.g., a government-issued ID).
- Specific details of the data you wish to access or any other request.
Upon receiving your request, we will acknowledge it and aim to respond within one month. In complex cases, we may need additional time, and we will inform you of any delays.
Right to Lodge a Complaint
If you believe we have not complied with your data protection rights, you have the right to lodge a complaint with the relevant Data Protection Authority:
- UK: Information Commissioner’s Office (ICO) – Website
- EU: Contact your local Data Protection Authority. A full list is available here.
- Switzerland: Federal Data Protection and Information Commissioner (FDPIC) – Website
We encourage you to reach out to us first to resolve any concerns.
Changes to This Privacy Notice
We reserve the right to update this Privacy Notice periodically. Any changes will be communicated via our website or through other appropriate channels.
For further information, please contact our Data Protection Officer at privacy@experiencebank.travel.