Website Users and New Prospects
Privacy Notice for Website Users & New Prospects
ExperienceBank (A TrekkSoft AG product) respects your privacy and is committed to protecting your personal data.
In compliance with the UK Data Protection Act 2018, the UK General Data Protection Regulation (UK GDPR), the Swiss Federal Data Protection Act, and the EU General Data Protection Regulation (GDPR), we provide you with the following information about the personal data you provide to us or that we receive from third parties. This privacy notice explains how we collect, use, and protect your personal data when you visit our website (www.experience bank.travel) or engage with us regarding our products and services. It also informs you of your privacy rights and how the law protects you.
If you have facilitated personal data via experience bank.travel, the Data Controller of this data is Trekksoft AG with the following contact details:
TrekkSoft AG
Hauptstrasse 15, 3800 Matten b. Interlaken
Switzerland
privacy@trekksoft.com
Please read this privacy notice along with our Cookie Policy, and any other specific privacy notices we provide when collecting or processing your personal data. This privacy notice supplements other notices and is not intended to override them.
To ensure the personal data we hold about you is accurate and current, please inform us of any changes during your relationship with us.
Third-Party Links and Connections
Our website may contain links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy policies. We encourage you to read the privacy policy of every website you visit.
By accessing and continuing to use our website, you accept the terms of this privacy notice.
What Information Do We Collect?
Personal data, or personal information, refers to any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data) or data relating to a corporate entity.
We may collect, use, store, and transfer different kinds of personal data about you, which we have grouped together as follows:
- Identity Data: First name, last name, title, and company position.
- Contact Data: Business or home address, email addresses, and telephone numbers.
- Technical Data: IP address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system, platform, and other technology on the devices you use to access this website or our software.
- Usage Data: Information about how you use our website.
- Marketing and Communications Data: Your preferences for receiving marketing communications from us or our clients, and your communication preferences.
- Aggregated Data: We may also collect, use, and share aggregated data such as statistical or demographic data. Aggregated data may be derived from your personal data but is not considered personal data as it does not reveal your identity. If we combine aggregated data with your personal data in a way that identifies you, we treat it as personal data in accordance with this privacy notice.
Why Do We Process Personal Data?
We process your personal data under the following lawful bases:
- Performance of a Contract: Processing your personal data is necessary to perform a contract or to take steps at your request before entering into such a contract.
- Legitimate Interest: Processing is necessary for our legitimate interests (or those of a third party), provided that your interests and fundamental rights do not override those interests.
- Consent: When you provide your consent for specific purposes, such as receiving newsletters or marketing materials.
- Compliance with Legal Obligations: Processing is necessary to comply with a legal or regulatory obligation.
How Do We Collect Your Personal Data?
We collect personal data through various methods:
- Direct Interactions: You provide your personal data when you:
- Request a demo of our software.
- Arrange a callback from our sales team.
- Contact our support team.
- Subscribe to our newsletter.
- Provide feedback.
- Automated Technologies or Interactions: We may collect technical and usage data as you interact with our website. This may include using cookies and similar technologies. Please refer to our Cookie Policy for more details.
- Third Parties or Publicly Available Sources: We may receive personal data about you from third parties, such as analytics providers (e.g., Google) and individuals recommending us to you in a business-to-business context.
How Do We Use Your Personal Data?
We will use your personal data only for the purposes for which we collected it unless we reasonably consider that we need to use it for another reason that is compatible with the original purpose. If you need an explanation as to how the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and explain the legal basis for doing so. We may process your personal data without your knowledge or consent when required or permitted by law.
Sharing Your Data
We may share your personal data with:
- Internal Third Parties: Companies within the ExperienceBank (TrekkSoft) group.
- Service Providers: Companies providing IT, system administration, and other services.
- Professional Advisers: Including lawyers, bankers, auditors, and insurers.
- Regulators and Authorities: To comply with legal obligations or regulatory requirements.
- Third-Party Integrations: With your consent, we may share data with third-party platforms integrated into our services.
Data Transfers Outside the EU/UK/Switzerland
We do not transfer your personal data outside the UK, Switzerland, or the EU without appropriate safeguards in place to ensure the security of your data.
How Do We Protect Data?
We take the protection of your data seriously. We have internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused, or disclosed, and is not accessed except by our employees in the performance of their duties.
Where we engage third parties to process personal data on our behalf, we do so based on written instructions, and such third parties are under a duty of confidentiality and are obliged to implement appropriate technical and organizational measures to ensure the security of data.
How Long Will We Keep Your Data?
ExperienceBank/TrekkSoft will continue to hold your personal data for the duration of the business relationship or the duration of the contract and will hold your information for a further 7 years in line with our retention policy. Name, address and contact details will be held for this period because of the obligation by Swiss authorities to hold financial details for seven years. Contact details will be held for the same period for the purpose of settling any financial disputes during the mandated retention period.
Your Rights as a Data Subject
As a data subject, you are entitled to several rights under the EU GDPR, UK GDPR, and Swiss FADP. These rights allow you to control how your personal data is processed, but each right can only be exercised under specific conditions. Below is a detailed overview of your rights, the conditions for exercising them, and the steps required to make a request.
- Right of Access
You have the right to request access to the personal data we hold about you. This right is typically exercised to:- Confirm whether we are processing your personal data;
- Obtain a copy of your personal data; and
- Understand how and why we are using your data.
Conditions: This right can be exercised at any time. You must allow up to 30 for the company to produce you data. - How to exercise: Submit a written request to [privacy@experiencebank.travel] specifying that you are making a “Data Subject Access Request.” You may be required to verify your identity.
- Right to Rectification
If any of the personal data we hold about you is inaccurate or incomplete, you have the right to request its correction.
Conditions: This right can be exercised when you identify inaccuracies in your personal data. In some cases, we may ask you to provide evidence to support the correction.
How to exercise: Contact [privacy@experiencebank.travel] with details of the data that needs correcting and, if applicable, provide supporting documents. - Right to Erasure (Right to be Forgotten)
You can request that we delete your personal data in certain situations, such as when:- The data is no longer necessary for the purposes for which it was collected;
- You withdraw your consent (where consent was the legal basis for processing);
- You object to the processing, and there are no overriding legitimate grounds;
- The data has been unlawfully processed; or
- We are required to erase the data to comply with legal obligations.
Conditions: This right applies under specific circumstances, such as those listed above. We may refuse your request if we need the data for legal compliance or to establish, exercise, or defend legal claims.
How to exercise: Send a written request to [privacy@experiencebank.travel] specifying that you are requesting data erasure. We may ask you to confirm the specific circumstances that justify erasure.
- Right to Object to Processing
You have the right to object to the processing of your personal data when:- We rely on legitimate interests as the legal basis for processing, and you believe your rights and freedoms are being negatively impacted; or
- We may process your data for direct marketing purposes.
Conditions: In most cases, your right to object can be exercised at any time. However, if we demonstrate compelling legitimate grounds for the processing, we may be able to continue processing despite your objection.
How to exercise: To object, send a written request to [privacy@experiencebank.travel] specifying the grounds for your objection and the processing activity you are concerned about.
- Right to Restrict Processing
You can request the restriction of your personal data processing in the following scenarios:- You contest the accuracy of your data, and we are verifying it;
- Our processing is unlawful, but you prefer restriction over erasure;
- You need us to retain your data for legal claims, even though we no longer need it for processing; or
- You have objected to our processing, and we are verifying whether we have overriding legitimate grounds.
Conditions: Restriction can only be requested under the specific scenarios above. During the restriction period, we will not process your data except to store it or use it for legal claims.
How to exercise: Submit a restriction request to [privacy@experiencebank.travel] detailing the relevant scenario for restricting your data processing.
- Right to Data Portability
You can request that we transfer your personal data to you or a third party in a structured, commonly used, machine-readable format. This right applies when:- You provided the personal data to us;
- The legal basis for processing was your consent or performance of a contract; and
- The processing is carried out by automated means.
Conditions: This right is limited to specific types of data (i.e., data you provided to us) and only applies to automated processing.
How to exercise: Contact [privacy@experiencebank.travel] to request data portability. Be prepared to provide details of the data to be transferred and the third party you want to receive the data.
How to Exercise Your Rights
To exercise any of your rights, please contact us at [privacy@experiencebank.travel]. In most cases, we will require you to submit your request in writing and may ask for proof of identity to ensure we are dealing with the correct individual. Some rights, such as erasure or restriction, may also require you to provide additional information about your specific circumstances.
We will respond to your request within one month of receiving it. If your request is particularly complex, or if you have made several requests, we may need extra time to respond, in which case we will inform you of the delay and the reasons for it.
Right to Withdraw Consent
If we rely on your consent to process your personal data, you have the right to withdraw that consent at any time. Withdrawing consent will not affect the lawfulness of any processing carried out before you withdraw your consent.
- Conditions for Withdrawal:
You can withdraw your consent whenever we are processing your personal data based on your explicit consent. This may include situations where you have agreed to receive marketing communications, newsletters, or other non-essential services. However, withdrawing your consent may affect our ability to provide certain products or services that rely on consent for processing. In such cases, we will inform you if withdrawing consent limits our ability to deliver these products or services. - How to Withdraw Consent:
To withdraw your consent:- Contact us directly by sending a request to [privacy@experiencebank.travel].
- Clearly specify the processing activity or service for which you are withdrawing consent (e.g., “I withdraw my consent for receiving marketing emails”).
- We may ask for identity verification to ensure that we are acting on the correct request.
Once we receive your withdrawal request, we will promptly stop processing your personal data for the relevant purposes. Please note that withdrawing consent does not affect the lawfulness of any processing that took place before the withdrawal.
- Impact of Withdrawal:
If you withdraw your consent for processing activities necessary to deliver certain services, such as personalized recommendations or marketing communications, we may no longer be able to provide those services. We will notify you of any service impacts at the time of your withdrawal.
Right to Lodge a Complaint
If you believe we have not complied with this privacy notice or your data protection rights, you have the right to file a complaint with the relevant Data Protection Authority. We encourage you to reach out to us first to resolve any concerns.
- In the UK: Contact the Information Commissioner’s Office (ICO) here.
- In the EU: Contact your local Data Protection Authority. A full list of EU authorities and their contact details can be found here.
- In Switzerland: Contact the Federal Data Protection and Information Commissioner (FDPIC) here.
If you have any questions or concerns about our handling of your personal data or about our privacy practices, please reach out to our Data Protection Officer (DPO) at privacy@experiencebank.travel.
Changes to This Privacy Notice
We reserve the right to change this notice policy at any time as we may deem necessary or as required by law. We will provide you with a new privacy notice when we make any substantial changes. We may also notify you in other ways from time to time about the processing of your personal data.