Who We Are
ACCESS Destination Services (together with its and their parents, subsidiaries, affiliates, agents, representatives, consultants, employees, officers, and directors — collectively, “ACCESS,” “we,” or “us”) provides destination management services (the “Services”).
Changes to our Policy
We may update this Policy from time to time. If we do, we’ll let you know about any material changes, either by notifying you on our site at www.accessdmc.com (the “Site”) or by sending you an email. New versions of this Policy will never apply retroactively — we’ll tell you the exact date they go into effect. Any update to this policy will be effective from the time it is communicated, provided that any change that relates to why we collect, use, or disclose Personal Data will not apply to persons in the EU, where consent is required to such collection, use, or disclosure, until we have obtained consent to such change.
How This Policy Applies
For the purposes of this Policy, Personal Data is information, including Sensitive Data, that is: (i) about an identified or identifiable individual, (ii) received by us, and (iii) recorded in any form. Personal Data does not include anonymous or non-personal information (i.e., information that cannot be associated with or tracked back to a specific individual). “Sensitive Data” means Personal Data specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, sex life, the commission or alleged commission of any offense, any proceedings for any offense committed or alleged to have been committed by the individual or the disposal of such proceedings, or the sentence of any court in such proceedings.
What We Collect and Receive
Depending on your use of the Services, we may collect and maintain Personal Data as reasonably required for our business purposes including complying with our legal obligations, services functionality, and marketing. Information collected may include:
Your Internet Protocol (“IP”) address, information from your web browser (such as browser type and browser language), and the actions you take on our website (such as the web pages viewed and the links clicked);
Information you provide by completing forms on ACCESS including your name, email and postal addresses, telephone number, country of residence, login, and password details. We may ask for this information if you register as a user of our Services, subscribe to our newsletters, upload or submit content through ACCESS, or if you contact us;
Information you provide for identity verification purposes when launching a project, including your legal name, business name and Tax ID for business entities, and date of birth. In some cases, our payment processor will request that you provide a secure upload of an identity document (such as your passport, driver’s license or other government-issued ID) to ACCESS;
Details of any requests or transactions you make through the Services. ACCESS partners with other companies for payment processing, and the payment information you submit is collected and used by them in accordance with their privacy policies. ACCESS doesn’t store your payment information apart from the last four digits of your credit card or bank account (as applicable), expiration date, and country, which we require for tax, government regulatory, and security purposes;
Communications you send to us (for example, when you ask for support, send us questions or comments, or report a problem);
Information that you submit on or to ACCESS in the form of comments, contributions to discussions, or messages to other users; and
You may decline to provide us with your information. However, this will limit your ability use our Services.
How We Use This Information
We use the information we collect for the following purposes:
We may use web beacons alone or in conjunction with cookies to compile information about Customers, Service Providers, and Site Visitors’ use of the ACCESS website and interaction with emails from ACCESS. Web beacons are transparent pixel images that are used in collecting information about website usage, e-mail response and tracking.
We collect information about our Site Visitors’ utilization and navigation of our website. This information helps us to design our website to better suit our Site Visitors’ needs. We may also use your IP address to help diagnose problems with our server and to administer our website, analyze trends, track Site Visitor movements, and gather broad demographic information that assists us in identifying Site Visitor preferences.
We use aggregated data as a statistical measure and not in a manner that would identify you personally. Aggregated data enables us to determine how often certain parts of our website or the Services are used so that we can improve them. We may make use of, or make such aggregated data available to, third parties, in any manner in our sole discretion. ACCESS may engage third parties to track and analyze usage and volume statistical information from Site Visitors.
Our website may allow you to connect with social media networks, such as Facebook (facebook.com), Linkedin (linkedin.com), and Twitter (twitter.com) (“Social Media”). Such Social Media may collect your IP address and which page you are visiting on our website, and may set a cookie to enable the Social Media to function properly. You may be given the option by such Social Media to post information about your activities on our website to your profile page on the Social Media network in order to share with others within your network.
What Types of Third Parties May Receive Your Personal Data and for What Purposes?
We may share Personal Data with ACCESS’s contracted Service Providers, such as payment processors, etc., so that these Service Providers can provide services on your behalf. We may also share Personal Data with our Service Providers to ensure the quality of information provided. Unless described in this Policy, we do not share, sell, rent, or trade any information with third parties for their promotional purposes.
We may share Personal Data with other members, other ACCESS offices, and affiliates of the ACCESS group or the ACCESS Cooperative, Inc. in order to work with them, including affiliates of the ACCESS group. For example, ACCESS may need to share Customer Information for customer relationship management purposes.
Partners and Affiliated Businesses Not Controlled by ACCESS
We may partner with other companies to jointly offer products or services. If you purchase or specifically express interest in a jointly offered product or service from us, we may share Personal Data collected in connection with your purchase or expression of interest with our partners. We do not control our partners’ use of the Personal Data, and their use of the information will be in accordance with their own privacy policies. If you do not wish for your information to be shared in this manner, you may choose not to purchase or specifically express interest in a jointly offered product or service.
We may use a third-party Service Provider to manage credit card processing. This Service Provider is not permitted to store, retain, or use financial information except for the sole purpose of credit card processing on our behalf.
It may be necessary for us to disclose your Personal Data, either by law, legal process, litigation, and/or requests from public and governmental authorities within or outside your country of residence. We may also disclose information about you if we determine that for purposes of national security, law enforcement, or other issues of public importance, disclosure is necessary or appropriate. We may also disclose Personal Information about you if we determine that disclosure is reasonably necessary to enforce our terms and conditions or protect our operations or users.
Relevant information also may be found in notices pertaining to specific data processing activities.
European Union Users
Data protection law in Europe requires a “lawful basis” for collecting and retaining personal information from citizens or residents of the European Economic Area. Our lawful bases include:
Performing the contract we have with you: In certain circumstances, we need your Personal Data to comply with our contractual obligation to deliver the Services.
Legal compliance: Sometimes the law says we need to collect and use your Personal Data. For example, tax laws require us to retain records of payments made through our Services.
Legitimate interests: This is a technical term in data protection law which essentially means we have a good and fair reason to use your data and we do so in ways which do not hurt your interests and rights. We sometimes require your data to pursue our legitimate interests in a way that might reasonably be expected as part of running our business and that does not materially impact your rights, freedom or interests.
For example, we use identity, device, and location information to prevent fraud and abuse and to keep the Services secure.
We analyze how users interact with our Site so we can understand better what elements of the design are working well and which are not working so well. This allows us to improve and develop the quality of the online experience we offer all our users.
When we have your unambiguous consent. If we decide to process Personal Data for purposes other than what is necessary to provide services to you, we will provide notice as stated below in our EU Notice and Consent statement.
Information that isn’t shared publicly
The following data will not be publicly displayed or revealed to other users:
Any payment information you provide;
Your password details;
Your IP address;
Your phone number;
Your date of birth and other identity verification documentation (for creators);
Private profile information, in accordance with your preferences; and
Communications you send to us (for example, when you ask for support, send us questions or comments, or report a problem).
Choice / Opt-In
We offer Site Visitors, Customers and Service Providers who provide contact information the means to choose how we use the information provided. You may manage your receipt of marketing and non-transactional communications by clicking on the “unsubscribe” link located on the bottom of ACCESS’s marketing emails. Additionally, you may send a request specifying your communications preferences to Privacy@accessdmc.com. Customers cannot opt out of receiving transactional emails related to their account with ACCESS or the Services.
ACCESS honors Do Not Track (DNT) headers and allows its users to opt‐out of having their personal information collected by ACCESS. The behavior of utag.js can be altered to track only analytic data and not track individual visitors. ACCESS’s website honors DNT and is compliant with California Assembly Bill 370.
Individuals have a right to choose whether their Personal Data may be disclosed to third-party controllers or used for a purpose that is materially different from the purposes for which the information was originally collected or subsequently authorized by the individual. To the extent required, ACCESS obtains opt-in consent for certain uses and disclosures of Sensitive Data. You have a right to withdraw such consent at any time. If we decide to use Personal Data for a purpose other than those that are materially the same as those indicated in this Policy, individuals shall be offered the opportunity to opt-in to the use. We shall make reasonable efforts to accommodate individual privacy preferences.
Such opt-In notices will be clear, conspicuous, and readily available to affected Customers, Service Providers, and Site Visitors. A notice will require an unambiguous, affirmative, opt-in consent to the particular use or processing of the Customer’s, Service Provider’s, or Site Visitor’s Personal Data.
Exceptions. We may disclose your Personal Data without offering an opportunity to opt out, when (i) we retain third-party processors to perform services on our behalf and pursuant to our instructions, (ii) required by law or legal process, or (iii) responding to lawful requests from public authorities, including to meet national security, public interest or law enforcement requirements. We may also transfer Personal Data in the event of an audit or if we sell or transfer all or a portion of our business or assets (including in the event of a merger, acquisition, joint venture, reorganization, dissolution, or liquidation).
We will retain your information, as necessary to provide you with the Services or as otherwise set forth in this Policy. We will also retain and use this information as necessary for the purposes set out in this Policy and to the extent necessary to comply with our legal obligations, resolve disputes, enforce our agreements and protect ACCESS’s legal rights.
We also collect and maintain aggregated, anonymized or pseudonymized information which we may retain indefinitely to protect the safety and security of our Site, improve our Services or comply with legal obligations.
Users residing in certain countries, including the EU, are afforded certain rights regarding their personal information. Except where an exception or exemption applies, these rights include the ability to access, correct, and request deletion of your personal information.
You can request a downloadable copy of your personal data from ACCESS by contacting us. We may retain certain information as required by law or as necessary for our legitimate business purposes.
EU Notice and Consent
If we decide to process Personal Data for purposes other than what is necessary to provide services to you or where we believe that your interests may override ours, affected EU Customers, Service Providers and Site Visitors will receive a notice detailing:
Type of Personal Data to be processed;
the purpose for the processing and a description of how the processing is based on legitimate interests;
the categories of recipients of disclosures of the Personal Data;
the period for which the Personal Data will be stored or the criteria for determining the period;
how Customers and Site Visitors can exercise the rights of access, correction, erasure, objection, and the right to withdraw consent;
the right to file a complaint with a Data Protection Authority;
whether the Customer or Site Visitor is obliged to provide the data by statute, contract, or for another reason, and the possible consequences of failing to provide the data; and
whether the Personal Data will be subject to automated processing and, if so, the logic and the consequences of the processing for the data subject.
Such notices will be clear, conspicuous, and readily available to affected EU Customers and Site Visitors. A notice will require an unambiguous, affirmative, opt-in consent to the particular use or processing of the Customer’s or Site Visitor’s Personal Data.
Third-Party Processor Transfers
With respect to transfers of your Personal Data to third-party data processors, we will:
enter into a contract with each relevant data processor,
transfer Personal Data to each such data processor only for limited and specified purposes,
ascertain that the data processor is obligated to provide the Personal Data with at least the same level of privacy protection as ACCESS,
take reasonable and appropriate steps to ensure that the data processor effectively processes the Personal Data in a manner consistent with ACCESS’s obligations under this Policy,
require the data processor to notify ACCESS if the data processor determines that it can no longer meet its obligation to provide the same level of protection as is required by this Policy,
upon notice, including under (e) above, take reasonable and appropriate steps to stop and remediate unauthorized processing of the Personal Data by the data processor.
If a breach of Personal Data occurs, we will notify the relevant Data Protection Authorities within 72 hours, subject to likelihood of risk to the Customer, Service Provider, or Site Visitor. Affected Customers, Service Providers, or Site Visitors will also be notified regarding the breach.
We want to communicate with you only if you want to hear from us. We try to keep emails to a minimum and give you the ability to opt in to any marketing communications we send.
We will send you email relating to your transactions on ACCESS. You may also elect to receive certain marketing email communications, in accordance with your preferences, and from which you may opt out at any time by adjusting your notification settings.
We’ll also send you Service-related announcements when it’s necessary to do so.
We take security seriously, and the security of your personal data is important to us. We follow industry-standard practices to protect the data we collect and maintain as it travels over the internet. No method of transmission over the internet or electronic storage is completely secure, so ACCESS cannot guarantee its absolute security.
We have a Security Incident Response Team (SIRT) and protocol in place in the event of a data breach. We encourage the responsible disclosure of vulnerabilities of our Services by emailing firstname.lastname@example.org, and we will invite valid disclosures to our bug bounty program.
Data Protection Officer
To contact our Data Protection Officer, please email email@example.com.
You can contact us in writing at:
1650 Hotel Circle North, Suite #110
San Diego, CA 92108
People under 18 (or the legal age in your jurisdiction) are not permitted to use ACCESS on their own. ACCESS does not knowingly collect any personal information from children under the age of 13 and children under 13 are not permitted to register for an account or use our Services.
If you believe that a child has provided us with personal information, please contact us at firstname.lastname@example.org. If we become aware that a child under age 13 has provided us with personally identifiable information, we’ll delete it.
What they are
Cookies are small data files that are issued to your device when you visit a website and that store information about your use of a service. Pixel tags (which are also called clear GIFs, web beacons, or pixels) are little snippets of code or tiny images embedded on websites and in email that help us learn how you interact with our site and emails.
Why we use them
How they work
When you visit ACCESS, our web server sends a cookie to your device, which allows us to recognize your device (but not the specific person using it). By associating the identification numbers in the cookies with other account information when, for example, you log in to our Services, we know that the cookie information relates to your user account. Similarly, pixel tags on ACCESS and in email communications help us identify how your device is being used to interact with ACCESS content. Some of the tags and cookies used by our Services are served by us, and some are served by trusted partners who are delivering services on our behalf.
Some examples of the types of cookies and other technologies ACCESS uses:
ACCESS uses authentication cookies and similar technologies to tell us when you’re logged in to ACCESS. This lets us show you personalized views related to your interests and connect you with projects like those you may already have backed.
These cookies help protect your account from being accessed by anyone other than you, alert you and us when your account is accessed, and provide capabilities that allow us to disable any active sessions you have (for example, when you log out or change your password).
Some cookies help us provide localized experiences — for example, by making sure you see ACCESS in your preferred language.
Site features and services
Performance cookies help us route traffic between servers and understand how ACCESS is performing, so we can provide you with the best experience possible. We may use third party software development kits (SDK) in our mobile apps to collect information about activity in the app, the type of device and operating system it is running on and how the app is functioning. For example an SDK may send us a report if the app crashes, and reports on which features of the app are used more than others.
Analytics and research
Social Media Platforms
Cookies and other technologies make interacting with social media platforms more seamless. For example, when you’re signed into social media accounts while you use our Services, these technologies enable you to share content with your social network or, in some cases, log in using your social media credentials. These features are usually controlled by the social media platform you are using and are governed by its separate privacy policies and the preferences you set with that service.
Certain choices you make are both browser- and device-specific.
You can control certain cookies
Your browser may give you the ability to control cookies. How you do so depends on the type of cookie. Certain browsers can be set to reject browser cookies. Blocking or deleting cookies may prevent you from using most of our Services. To find out more about how to enable, disable, or delete cookies from your web browser, please visit here. To control flash cookies, which may be used on certain websites from time to time, you can go here. Why? Because flash cookies cannot be controlled through your browser settings.
Our Do Not Track Policy
Some browsers have “do not track” features that allow you to tell a website not to track you. These features are not all uniform. We do not currently respond to those signals. If you block cookies, certain features on our sites may not work. If you block or reject cookies, not all of the tracking described here will stop.
Certain options you select are browser- and device-specific.
If you have questions or suggestions, please contact us.