ACCESS Destination Services (together with its and their parents, subsidiaries, affiliates, agents, representatives, consultants, employees, officers, and directors — collectively, “ACCESS,” “we,” or “us”) provides destination management services (the “Services”).
We may update this Policy from time to time. If we do, we’ll let you know about any material changes, either by notifying you on our site at www.accessdmc.com (the “Site”) or by sending you an email. New versions of this Policy will never apply retroactively — we’ll tell you the exact date they go into effect. Any update to this policy will be effective from the time it is communicated, provided that any change that relates to why we collect, use, or disclose Personal Data will not apply to persons in the EU, where consent is required to such collection, use, or disclosure, until we have obtained consent to such change.
For the purposes of this Policy, Personal Data is information, including Sensitive Data, that is: (i) about an identified or identifiable individual, (ii) received by us, and (iii) recorded in any form. Personal Data does not include anonymous or non-personal information (i.e., information that cannot be associated with or tracked back to a specific individual). “Sensitive Data” means Personal Data specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, sex life, the commission or alleged commission of any offense, any proceedings for any offense committed or alleged to have been committed by the individual or the disposal of such proceedings, or the sentence of any court in such proceedings.
Depending on your use of the Services, we may collect and maintain Personal Data as reasonably required for our business purposes including complying with our legal obligations, services functionality, and marketing. Information collected may include:
You may decline to provide us with your information. However, this will limit your ability use our Services.
We use the information we collect for the following purposes:
Partners and Affiliated Businesses Not Controlled by ACCESS
Relevant information also may be found in notices pertaining to specific data processing activities.
Data protection law in Europe requires a “lawful basis” for collecting and retaining personal information from citizens or residents of the European Economic Area. Our lawful bases include:
Performing the contract we have with you: In certain circumstances, we need your Personal Data to comply with our contractual obligation to deliver the Services.
Legal compliance: Sometimes the law says we need to collect and use your Personal Data. For example, tax laws require us to retain records of payments made through our Services.
Legitimate interests: This is a technical term in data protection law which essentially means we have a good and fair reason to use your data and we do so in ways which do not hurt your interests and rights. We sometimes require your data to pursue our legitimate interests in a way that might reasonably be expected as part of running our business and that does not materially impact your rights, freedom or interests.
For example, we use identity, device, and location information to prevent fraud and abuse and to keep the Services secure.
We analyze how users interact with our Site so we can understand better what elements of the design are working well and which are not working so well. This allows us to improve and develop the quality of the online experience we offer all our users.
When we have your unambiguous consent. If we decide to process Personal Data for purposes other than what is necessary to provide services to you, we will provide notice as stated below in our EU Notice and Consent statement.
The following data will not be publicly displayed or revealed to other users:
Any payment information you provide;
Your password details;
Your IP address;
Your phone number;
Your date of birth and other identity verification documentation (for creators);
Private profile information, in accordance with your preferences; and
Communications you send to us (for example, when you ask for support, send us questions or comments, or report a problem).
We offer Site Visitors, Customers and Service Providers who provide contact information the means to choose how we use the information provided. You may manage your receipt of marketing and non-transactional communications by clicking on the “unsubscribe” link located on the bottom of ACCESS’s marketing emails. Additionally, you may send a request specifying your communications preferences to Privacy@accessdmc.com. Customers cannot opt out of receiving transactional emails related to their account with ACCESS or the Services.
ACCESS honors Do Not Track (DNT) headers and allows its users to opt‐out of having their personal information collected by ACCESS. The behavior of utag.js can be altered to track only analytic data and not track individual visitors. ACCESS’s website honors DNT and is compliant with California Assembly Bill 370.
Individuals have a right to choose whether their Personal Data may be disclosed to third-party controllers or used for a purpose that is materially different from the purposes for which the information was originally collected or subsequently authorized by the individual. To the extent required, ACCESS obtains opt-in consent for certain uses and disclosures of Sensitive Data. You have a right to withdraw such consent at any time. If we decide to use Personal Data for a purpose other than those that are materially the same as those indicated in this Policy, individuals shall be offered the opportunity to opt-in to the use. We shall make reasonable efforts to accommodate individual privacy preferences.
Such opt-In notices will be clear, conspicuous, and readily available to affected Customers, Service Providers, and Site Visitors. A notice will require an unambiguous, affirmative, opt-in consent to the particular use or processing of the Customer’s, Service Provider’s, or Site Visitor’s Personal Data.
Exceptions. We may disclose your Personal Data without offering an opportunity to opt out, when (i) we retain third-party processors to perform services on our behalf and pursuant to our instructions, (ii) required by law or legal process, or (iii) responding to lawful requests from public authorities, including to meet national security, public interest or law enforcement requirements. We may also transfer Personal Data in the event of an audit or if we sell or transfer all or a portion of our business or assets (including in the event of a merger, acquisition, joint venture, reorganization, dissolution, or liquidation).
We will retain your information, as necessary to provide you with the Services or as otherwise set forth in this Policy. We will also retain and use this information as necessary for the purposes set out in this Policy and to the extent necessary to comply with our legal obligations, resolve disputes, enforce our agreements and protect ACCESS’s legal rights.
We also collect and maintain aggregated, anonymized or pseudonymized information which we may retain indefinitely to protect the safety and security of our Site, improve our Services or comply with legal obligations.
Users residing in certain countries, including the EU, are afforded certain rights regarding their personal information. Except where an exception or exemption applies, these rights include the ability to access, correct, and request deletion of your personal information.
You can request a downloadable copy of your personal data from ACCESS by contacting us. We may retain certain information as required by law or as necessary for our legitimate business purposes.
If we decide to process Personal Data for purposes other than what is necessary to provide services to you or where we believe that your interests may override ours, affected EU Customers, Service Providers and Site Visitors will receive a notice detailing:
Such notices will be clear, conspicuous, and readily available to affected EU Customers and Site Visitors. A notice will require an unambiguous, affirmative, opt-in consent to the particular use or processing of the Customer’s or Site Visitor’s Personal Data.
With respect to transfers of your Personal Data to third-party data processors, we will:
If a breach of Personal Data occurs, we will notify the relevant Data Protection Authorities within 72 hours, subject to likelihood of risk to the Customer, Service Provider, or Site Visitor. Affected Customers, Service Providers, or Site Visitors will also be notified regarding the breach.
We want to communicate with you only if you want to hear from us. We try to keep emails to a minimum and give you the ability to opt in to any marketing communications we send.
We will send you email relating to your transactions on ACCESS. You may also elect to receive certain marketing email communications, in accordance with your preferences, and from which you may opt out at any time by adjusting your notification settings.
We’ll also send you Service-related announcements when it’s necessary to do so.
We take security seriously, and the security of your personal data is important to us. We follow industry-standard practices to protect the data we collect and maintain as it travels over the internet. No method of transmission over the internet or electronic storage is completely secure, so ACCESS cannot guarantee its absolute security.
We have a Security Incident Response Team (SIRT) and protocol in place in the event of a data breach. We encourage the responsible disclosure of vulnerabilities of our Services by emailing firstname.lastname@example.org, and we will invite valid disclosures to our bug bounty program.
To contact our Data Protection Officer, please email email@example.com.
You can contact us in writing at:
1650 Hotel Circle North, Suite #110
San Diego, CA 92108
People under 18 (or the legal age in your jurisdiction) are not permitted to use ACCESS on their own. ACCESS does not knowingly collect any personal information from children under the age of 13 and children under 13 are not permitted to register for an account or use our Services.
If you believe that a child has provided us with personal information, please contact us at firstname.lastname@example.org. If we become aware that a child under age 13 has provided us with personally identifiable information, we’ll delete it.
Cookies are small data files that are issued to your device when you visit a website and that store information about your use of a service. Pixel tags (which are also called clear GIFs, web beacons, or pixels) are little snippets of code or tiny images embedded on websites and in email that help us learn how you interact with our site and emails.
When you visit ACCESS, our web server sends a cookie to your device, which allows us to recognize your device (but not the specific person using it). By associating the identification numbers in the cookies with other account information when, for example, you log in to our Services, we know that the cookie information relates to your user account. Similarly, pixel tags on ACCESS and in email communications help us identify how your device is being used to interact with ACCESS content. Some of the tags and cookies used by our Services are served by us, and some are served by trusted partners who are delivering services on our behalf.
ACCESS uses authentication cookies and similar technologies to tell us when you’re logged in to ACCESS. This lets us show you personalized views related to your interests and connect you with projects like those you may already have backed.
These cookies help protect your account from being accessed by anyone other than you, alert you and us when your account is accessed, and provide capabilities that allow us to disable any active sessions you have (for example, when you log out or change your password).
Some cookies help us provide localized experiences — for example, by making sure you see ACCESS in your preferred language.
Performance cookies help us route traffic between servers and understand how ACCESS is performing, so we can provide you with the best experience possible. We may use third party software development kits (SDK) in our mobile apps to collect information about activity in the app, the type of device and operating system it is running on and how the app is functioning. For example an SDK may send us a report if the app crashes, and reports on which features of the app are used more than others.
Cookies and other technologies make interacting with social media platforms more seamless. For example, when you’re signed into social media accounts while you use our Services, these technologies enable you to share content with your social network or, in some cases, log in using your social media credentials. These features are usually controlled by the social media platform you are using and are governed by its separate privacy policies and the preferences you set with that service.
Your browser may give you the ability to control cookies. How you do so depends on the type of cookie. Certain browsers can be set to reject browser cookies. Blocking or deleting cookies may prevent you from using most of our Services. To find out more about how to enable, disable, or delete cookies from your web browser, please visit here. To control flash cookies, which may be used on certain websites from time to time, you can go here. Why? Because flash cookies cannot be controlled through your browser settings.
Some browsers have “do not track” features that allow you to tell a website not to track you. These features are not all uniform. We do not currently respond to those signals. If you block cookies, certain features on our sites may not work. If you block or reject cookies, not all of the tracking described here will stop.
Certain options you select are browser- and device-specific.
If you have questions or suggestions, please contact us.