PRIVACY POLICY

Thanks for visiting ACCESS Destination Services’s Privacy Policy. This Privacy Policy (“Policy”) is effective as of May 25, 2018.

Who We Are
ACCESS Destination Services (together with its and their parents, subsidiaries, affiliates, agents, representatives, consultants, employees, officers, and directors — collectively, “ACCESS,” “we,” or “us”) provides destination management services (the “Services”).

Changes to our Policy
We may update this Policy from time to time. If we do, we’ll let you know about any material changes, either by notifying you on our site at www.accessdmc.com (the “Site”) or by sending you an email. New versions of this Policy will never apply retroactively — we’ll tell you the exact date they go into effect. Any update to this policy will be effective from the time it is communicated, provided that any change that relates to why we collect, use, or disclose Personal Data will not apply to persons in the EU, where consent is required to such collection, use, or disclosure, until we have obtained consent to such change.

How This Policy Applies
This Policy describes the information we collect from you, how we use that information and our legal basis for doing so. It also covers whether and how that information may be shared and your rights and choices regarding the information you provide to us. We use cookies and similar technologies, as described in our Cookie Policy below.

For the purposes of this Policy, Personal Data is information, including Sensitive Data, that is: (i) about an identified or identifiable individual, (ii) received by us, and (iii) recorded in any form. Personal Data does not include anonymous or non-personal information (i.e., information that cannot be associated with or tracked back to a specific individual). “Sensitive Data” means Personal Data specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, sex life, the commission or alleged commission of any offense, any proceedings for any offense committed or alleged to have been committed by the individual or the disposal of such proceedings, or the sentence of any court in such proceedings.

This Policy applies to the Personal Data of individuals or entities who seek to be, are, or were customers of ACCESS (collectively “Customers”) and also includes individuals and entities who seek to be, are, or were service providers, suppliers, subcontractors or agents of ACCESS (“Service Providers”), including any Personal Data of individuals collected, used, or disclosed while using the ACCESS websites (“Site Visitors”). By using the Services offered by ACCESS or contracting with ACCESS, you’re acknowledging you have read and understood this Policy and our Cookie Policy.

What We Collect and Receive
Depending on your use of the Services, we may collect and maintain Personal Data as reasonably required for our business purposes including complying with our legal obligations, services functionality, and marketing. Information collected may include:

Your Internet Protocol (“IP”) address, information from your web browser (such as browser type and browser language), and the actions you take on our website (such as the web pages viewed and the links clicked);
Information you provide by completing forms on ACCESS including your name, email and postal addresses, telephone number, country of residence, login, and password details. We may ask for this information if you register as a user of our Services, subscribe to our newsletters, upload or submit content through ACCESS, or if you contact us;
Information you provide for identity verification purposes when launching a project, including your legal name, business name and Tax ID for business entities, and date of birth. In some cases, our payment processor will request that you provide a secure upload of an identity document (such as your passport, driver’s license or other government-issued ID) to ACCESS;
Details of any requests or transactions you make through the Services. ACCESS partners with other companies for payment processing, and the payment information you submit is collected and used by them in accordance with their privacy policies. ACCESS doesn’t store your payment information apart from the last four digits of your credit card or bank account (as applicable), expiration date, and country, which we require for tax, government regulatory, and security purposes;
Information about the ways people visit and interact with our Site, in the form of traffic analytics. We utilize Google Analytics, you can opt out of being included in Google Analytics by clicking here. For more information about our use of data analytics to protect and improve our Services, see our Cookie Policy;
Communications you send to us (for example, when you ask for support, send us questions or comments, or report a problem);
Information that you submit on or to ACCESS in the form of comments, contributions to discussions, or messages to other users; and
You may decline to provide us with your information. However, this will limit your ability use our Services.

How We Use This Information
We use the information we collect for the following purposes:

We use cookies to make your interactions with the ACCESS Services and website easy and helpful. When you visit our website, our servers send a cookie to your device. For more information on how ACCESS uses cookies, please see the below Cookies Policy.
We may use web beacons alone or in conjunction with cookies to compile information about Customers, Service Providers, and Site Visitors’ use of the ACCESS website and interaction with emails from ACCESS. Web beacons are transparent pixel images that are used in collecting information about website usage, e-mail response and tracking.
We collect information about our Site Visitors’ utilization and navigation of our website. This information helps us to design our website to better suit our Site Visitors’ needs. We may also use your IP address to help diagnose problems with our server and to administer our website, analyze trends, track Site Visitor movements, and gather broad demographic information that assists us in identifying Site Visitor preferences.
We use aggregated data as a statistical measure and not in a manner that would identify you personally. Aggregated data enables us to determine how often certain parts of our website or the Services are used so that we can improve them. We may make use of, or make such aggregated data available to, third parties, in any manner in our sole discretion. ACCESS may engage third parties to track and analyze usage and volume statistical information from Site Visitors.
Our website may allow you to connect with social media networks, such as Facebook (facebook.com), Linkedin (linkedin.com), and Twitter (twitter.com) (“Social Media”). Such Social Media may collect your IP address and which page you are visiting on our website, and may set a cookie to enable the Social Media to function properly. You may be given the option by such Social Media to post information about your activities on our website to your profile page on the Social Media network in order to share with others within your network.
We may contract with third-party advertising networks that collect IP addresses and other information from our website, from emails, and on third-party websites. Ad networks follow your online activities over time by collecting information through automated means, including through the use of cookies. They use this information to provide advertisements about products and services tailored to your interests. You may see these advertisements on other websites. This process also helps us manage and track the effectiveness of our marketing efforts. We may also partner with third parties to provide certain features on our websites or to display advertising based upon your web browsing activity.
What Types of Third Parties May Receive Your Personal Data and for What Purposes?
Service Providers

We may share Personal Data with ACCESS’s contracted Service Providers, such as payment processors, etc., so that these Service Providers can provide services on your behalf. We may also share Personal Data with our Service Providers to ensure the quality of information provided. Unless described in this Policy, we do not share, sell, rent, or trade any information with third parties for their promotional purposes.
ACCESS Affiliates

We may share Personal Data with other members, other ACCESS offices, and affiliates of the ACCESS group or the ACCESS Cooperative, Inc. in order to work with them, including affiliates of the ACCESS group. For example, ACCESS may need to share Customer Information for customer relationship management purposes.
Partners and Affiliated Businesses Not Controlled by ACCESS

We may partner with other companies to jointly offer products or services. If you purchase or specifically express interest in a jointly offered product or service from us, we may share Personal Data collected in connection with your purchase or expression of interest with our partners. We do not control our partners’ use of the Personal Data, and their use of the information will be in accordance with their own privacy policies. If you do not wish for your information to be shared in this manner, you may choose not to purchase or specifically express interest in a jointly offered product or service.
Billing

We may use a third-party Service Provider to manage credit card processing. This Service Provider is not permitted to store, retain, or use financial information except for the sole purpose of credit card processing on our behalf.
Compelled Disclosure
It may be necessary for us to disclose your Personal Data, either by law, legal process, litigation, and/or requests from public and governmental authorities within or outside your country of residence. We may also disclose information about you if we determine that for purposes of national security, law enforcement, or other issues of public importance, disclosure is necessary or appropriate. We may also disclose Personal Information about you if we determine that disclosure is reasonably necessary to enforce our terms and conditions or protect our operations or users.
Relevant information also may be found in notices pertaining to specific data processing activities.

European Union Users
Data protection law in Europe requires a “lawful basis” for collecting and retaining personal information from citizens or residents of the European Economic Area. Our lawful bases include:

Performing the contract we have with you: In certain circumstances, we need your Personal Data to comply with our contractual obligation to deliver the Services.

Legal compliance: Sometimes the law says we need to collect and use your Personal Data. For example, tax laws require us to retain records of payments made through our Services.

Legitimate interests: This is a technical term in data protection law which essentially means we have a good and fair reason to use your data and we do so in ways which do not hurt your interests and rights. We sometimes require your data to pursue our legitimate interests in a way that might reasonably be expected as part of running our business and that does not materially impact your rights, freedom or interests.

For example, we use identity, device, and location information to prevent fraud and abuse and to keep the Services secure.

We analyze how users interact with our Site so we can understand better what elements of the design are working well and which are not working so well. This allows us to improve and develop the quality of the online experience we offer all our users.

When we have your unambiguous consent. If we decide to process Personal Data for purposes other than what is necessary to provide services to you, we will provide notice as stated below in our EU Notice and Consent statement.

Information that isn’t shared publicly
The following data will not be publicly displayed or revealed to other users:

Any payment information you provide;

Your password details;

Your IP address;

Your phone number;

Your date of birth and other identity verification documentation (for creators);

Private profile information, in accordance with your preferences; and

Communications you send to us (for example, when you ask for support, send us questions or comments, or report a problem).

Choice / Opt-In
We offer Site Visitors, Customers and Service Providers who provide contact information the means to choose how we use the information provided. You may manage your receipt of marketing and non-transactional communications by clicking on the “unsubscribe” link located on the bottom of ACCESS’s marketing emails. Additionally, you may send a request specifying your communications preferences to Privacy@accessdmc.com. Customers cannot opt out of receiving transactional emails related to their account with ACCESS or the Services.

ACCESS honors Do Not Track (DNT) headers and allows its users to opt‐out of having their personal information collected by ACCESS. The behavior of utag.js can be altered to track only analytic data and not track individual visitors. ACCESS’s website honors DNT and is compliant with California Assembly Bill 370.

Individuals have a right to choose whether their Personal Data may be disclosed to third-party controllers or used for a purpose that is materially different from the purposes for which the information was originally collected or subsequently authorized by the individual. To the extent required, ACCESS obtains opt-in consent for certain uses and disclosures of Sensitive Data. You have a right to withdraw such consent at any time. If we decide to use Personal Data for a purpose other than those that are materially the same as those indicated in this Policy, individuals shall be offered the opportunity to opt-in to the use. We shall make reasonable efforts to accommodate individual privacy preferences.

Such opt-In notices will be clear, conspicuous, and readily available to affected Customers, Service Providers, and Site Visitors. A notice will require an unambiguous, affirmative, opt-in consent to the particular use or processing of the Customer’s, Service Provider’s, or Site Visitor’s Personal Data.

Exceptions. We may disclose your Personal Data without offering an opportunity to opt out, when (i) we retain third-party processors to perform services on our behalf and pursuant to our instructions, (ii) required by law or legal process, or (iii) responding to lawful requests from public authorities, including to meet national security, public interest or law enforcement requirements. We may also transfer Personal Data in the event of an audit or if we sell or transfer all or a portion of our business or assets (including in the event of a merger, acquisition, joint venture, reorganization, dissolution, or liquidation).

Retention
We will retain your information, as necessary to provide you with the Services or as otherwise set forth in this Policy. We will also retain and use this information as necessary for the purposes set out in this Policy and to the extent necessary to comply with our legal obligations, resolve disputes, enforce our agreements and protect ACCESS’s legal rights.

We also collect and maintain aggregated, anonymized or pseudonymized information which we may retain indefinitely to protect the safety and security of our Site, improve our Services or comply with legal obligations.

Data Transfers
Because ACCESS is a US-based company, your information will be collected and processed in the United States. The United States has its own laws governing data protection and government access to information. The rules that protect your personal information under United States law may be different than in your home country. If you choose to use the Services, you need to agree to our Terms of Use or master service agreement (“MSA”), which set out the contract between ACCESS and its users.

Your Rights
Users residing in certain countries, including the EU, are afforded certain rights regarding their personal information. Except where an exception or exemption applies, these rights include the ability to access, correct, and request deletion of your personal information.

You can request a downloadable copy of your personal data from ACCESS by contacting us. We may retain certain information as required by law or as necessary for our legitimate business purposes.

EU Notice and Consent
If we decide to process Personal Data for purposes other than what is necessary to provide services to you or where we believe that your interests may override ours, affected EU Customers, Service Providers and Site Visitors will receive a notice detailing:

Type of Personal Data to be processed;
the purpose for the processing and a description of how the processing is based on legitimate interests;
the categories of recipients of disclosures of the Personal Data;
the period for which the Personal Data will be stored or the criteria for determining the period;
how Customers and Site Visitors can exercise the rights of access, correction, erasure, objection, and the right to withdraw consent;
the right to file a complaint with a Data Protection Authority;
whether the Customer or Site Visitor is obliged to provide the data by statute, contract, or for another reason, and the possible consequences of failing to provide the data; and
whether the Personal Data will be subject to automated processing and, if so, the logic and the consequences of the processing for the data subject.
Such notices will be clear, conspicuous, and readily available to affected EU Customers and Site Visitors. A notice will require an unambiguous, affirmative, opt-in consent to the particular use or processing of the Customer’s or Site Visitor’s Personal Data.

CCPA Compliance
ACCESS is compliant with the California Consumer Privacy Act of 2018.  The law requires us to provide California residents with the right to:

– Know what personal information is being collected and how it is being used:
All information we collect and how we use it is outlined in “How We Use This Information” above.

– Know whether and to whom their personal information is sold or disclosed, and to opt-out of its sale:
ACCESS does not sell or make available any consumer data to any third party.  We do work with a third-party email marketing service named Predictive Response that facilitates the collection and storage of consumer data.  Predictive Response is also CCPA Compliant.

– Access their personal information:
You may request a copy of your consumer data from us at any time by contacting us.

Third-Party Processor Transfers
With respect to transfers of your Personal Data to third-party data processors, we will:

enter into a contract with each relevant data processor,
transfer Personal Data to each such data processor only for limited and specified purposes,
ascertain that the data processor is obligated to provide the Personal Data with at least the same level of privacy protection as ACCESS,
take reasonable and appropriate steps to ensure that the data processor effectively processes the Personal Data in a manner consistent with ACCESS’s obligations under this Policy,
require the data processor to notify ACCESS if the data processor determines that it can no longer meet its obligation to provide the same level of protection as is required by this Policy,
upon notice, including under (e) above, take reasonable and appropriate steps to stop and remediate unauthorized processing of the Personal Data by the data processor.
Data Breach
If a breach of Personal Data occurs, we will notify the relevant Data Protection Authorities within 72 hours, subject to likelihood of risk to the Customer, Service Provider, or Site Visitor. Affected Customers, Service Providers, or Site Visitors will also be notified regarding the breach.

Email Notifications
We want to communicate with you only if you want to hear from us. We try to keep emails to a minimum and give you the ability to opt in to any marketing communications we send.

We will send you email relating to your transactions on ACCESS. You may also elect to receive certain marketing email communications, in accordance with your preferences, and from which you may opt out at any time by adjusting your notification settings.

We’ll also send you Service-related announcements when it’s necessary to do so.

Security
We take security seriously, and the security of your personal data is important to us. We follow industry-standard practices to protect the data we collect and maintain as it travels over the internet. No method of transmission over the internet or electronic storage is completely secure, so ACCESS cannot guarantee its absolute security.

We have a Security Incident Response Team (SIRT) and protocol in place in the event of a data breach. We encourage the responsible disclosure of vulnerabilities of our Services by emailing security@accessdmc.com, and we will invite valid disclosures to our bug bounty program.

Data Protection Officer
To contact our Data Protection Officer, please email security@accessdmc.com.

You can contact us in writing at:

ACCESS
1650 Hotel Circle North, Suite #110
San Diego, CA 92108
USA

Children
People under 18 (or the legal age in your jurisdiction) are not permitted to use ACCESS on their own. ACCESS does not knowingly collect any personal information from children under the age of 13 and children under 13 are not permitted to register for an account or use our Services.

If you believe that a child has provided us with personal information, please contact us at security@accessdmc.com. If we become aware that a child under age 13 has provided us with personally identifiable information, we’ll delete it.

Cookie Policy
This policy explains our use of cookies and other technologies to understand, improve and protect ACCESS. If you see a capitalized word that is not defined, it’s defined in our Terms of Use or MSA.

What they are
Cookies are small data files that are issued to your device when you visit a website and that store information about your use of a service. Pixel tags (which are also called clear GIFs, web beacons, or pixels) are little snippets of code or tiny images embedded on websites and in email that help us learn how you interact with our site and emails.

Why we use them
ACCESS uses cookies and these other technologies to help recognize you as a repeat visitor and, to improve the quality of our Services.

How they work
When you visit ACCESS, our web server sends a cookie to your device, which allows us to recognize your device (but not the specific person using it). By associating the identification numbers in the cookies with other account information when, for example, you log in to our Services, we know that the cookie information relates to your user account. Similarly, pixel tags on ACCESS and in email communications help us identify how your device is being used to interact with ACCESS content. Some of the tags and cookies used by our Services are served by us, and some are served by trusted partners who are delivering services on our behalf.

Some examples of the types of cookies and other technologies ACCESS uses:
Authentication
ACCESS uses authentication cookies and similar technologies to tell us when you’re logged in to ACCESS. This lets us show you personalized views related to your interests and connect you with projects like those you may already have backed.

Security
Cookies also help keep ACCESS secure by facilitating security features and allowing us to detect activity that might violate our rules and Terms of Use.

These cookies help protect your account from being accessed by anyone other than you, alert you and us when your account is accessed, and provide capabilities that allow us to disable any active sessions you have (for example, when you log out or change your password).

Localization
Some cookies help us provide localized experiences — for example, by making sure you see ACCESS in your preferred language.

Site features and services
ACCESS uses cookies that provide functionality and help us deliver our products and Services — for instance, by storing your preferences or by pre-filling the username field when you log in.

Performance
Performance cookies help us route traffic between servers and understand how ACCESS is performing, so we can provide you with the best experience possible. We may use third party software development kits (SDK) in our mobile apps to collect information about activity in the app, the type of device and operating system it is running on and how the app is functioning. For example an SDK may send us a report if the app crashes, and reports on which features of the app are used more than others.

Analytics and research
Cookies and other technologies also help us to understand, improve, and research features and content on the ACCESS site. For example, we may use cookies to understand how you are discovering projects or to determine which types of browsers or devices are accessing ACCESS. You can opt-out of being included in Google Analytics by clicking here.

Social Media Platforms
Cookies and other technologies make interacting with social media platforms more seamless. For example, when you’re signed into social media accounts while you use our Services, these technologies enable you to share content with your social network or, in some cases, log in using your social media credentials. These features are usually controlled by the social media platform you are using and are governed by its separate privacy policies and the preferences you set with that service.

Marketing
Cookies help us deliver targeted advertisements on social media platforms, based on your activity on ACCESS, including the projects you’ve backed or creators you’ve followed on ACCESS, and to track the performance of those ads. This is sometimes referred to as online behavioral advertising. In some cases, our partners may use cookies to provide us with information about your interactions with their services.

Certain choices you make are both browser- and device-specific.
You can control certain cookies
Your browser may give you the ability to control cookies. How you do so depends on the type of cookie. Certain browsers can be set to reject browser cookies. Blocking or deleting cookies may prevent you from using most of our Services. To find out more about how to enable, disable, or delete cookies from your web browser, please visit here. To control flash cookies, which may be used on certain websites from time to time, you can go here. Why? Because flash cookies cannot be controlled through your browser settings.

Our Do Not Track Policy
Some browsers have “do not track” features that allow you to tell a website not to track you. These features are not all uniform. We do not currently respond to those signals. If you block cookies, certain features on our sites may not work. If you block or reject cookies, not all of the tracking described here will stop.

Certain options you select are browser- and device-specific.

Questions?

If you have questions or suggestions, please contact us.