Podcast: Scaling a TMC built on modern infrastructure
Spotnana Privacy Notice
Last Updated: 13 February 2024
This Privacy Notice is provided by Spotnana Technology, Inc. and its affiliates (“Spotnana,” or “we”).
Background: Our Customers are business entities such as corporations, that make our Services available (either directly or indirectly through other companies) to individual human Users and Travelers. The Users and Travelers will often be employees of our Customer, or of a customer of our Customer. One of our primary Services is providing access to our booking tool Platform, that Users and Travelers use to buy Travel Services from Travel Service Providers on behalf of the Customer, so that the Travelers can conduct business travel to carry out the objectives of the Customer.
Our “Customer”: A business or enterprise to which Spotnana provides our Service, either directly, or indirectly through one of our resellers. Our Customers are not individual human people, but the companies with which we do business.
Our “Services”: We provide an online booking tool (the “Platform”) and perform related administration and support services to enable our Customers to provide their designated users with the ability to plan, book, and purchase travel services such as transportation, lodging, automobile hire/rental, and related and ancillary services (“Travel Services”) for themselves and for others.
A “Traveler” is an individual human consumer of travel services; such as an employee, an independent contractor, an interview candidate, or a guest of one of our Customers.
A “User” is an individual human who accesses our Services in order to book travel for a Traveler. In many cases the User and the Traveler will be the same person, but they may be different people (for example, if one of our Customer’s employees arranges travel for a different employee, or for a non-employee).
“You” may be a Traveler, or you may be a family member or other emergency contact of a Traveler. You may also be a representative or an employee of one of our Customers, but you personally are not a Customer; our Customers are business entities.
“Personal Information” is information that is about a specific, identifiable individual human being or household, or that identifies a specific individual human being or household.
Our Services are provided to you according to the terms of our agreement with our Customer (who may be, for example, your employer) or a reseller of our Services which has agreed to provide the Services to your employer. Our Service is provided to our Customers (typically, but not always, your employer); and is provided by our Customer to you to enable you to effect Travel Services transactions with Travel Service Providers. Spotnana does not itself provide such Travel Services, either directly or indirectly; and your purchase and use of such Travel Services, and their use of Traveler data, is subject to your agreement(s) (including your data protection agreement(s)) with these Travel Service Providers for the purchase of Travel Services.
“Travel Services” are the transportation and other travel-related service offerings of independent common carriers and other entities such as airlines, rail carriers, hotelkeepers, or automobile rental (car hire) agencies. We call the entities offering these services “Travel Service Providers.”
As used in this Notice, a Travel Service “transaction” refers not only to a fully consummated purchase, but to any interaction or communication with a Travel Service Provider, including any subpart or portion of the entire ticketing/booking flow, e.g., search, bookings or reservations (whether confirmed or unconfirmed), Passenger Name Record (PNR) generation, invoice or folio generation, reconciliation, or payment, addition of fare data, and/or hotel or car segment to PNR, or ticketing.
This Privacy Notice describes the way that we use Your Personal Information in providing our Services to our Customers, and how your Personal Information is shared, your rights and choices, and how you can contact us about them. This Privacy Notice applies only to the ways in which we use your data in the course of providing the Services as described herein, including via the online booking tool Platform that we make accessible to you through our web app (accessible via the URL app.spotnana.com), and our mobile app. These Services require authentication (“login”) to a Traveler or User account associated with one of our Customers.
Spotnana also operates a public-facing website (“Public Website”), accessible by any member of the public at www.spotnana.com. We have issued a separate Privacy Notice that applies to the services we provide on the Public Website; please refer to the Privacy Notice provided on the Public Website for information about how we collect and use personal information on that site. This Privacy Notice does not apply to the Website, and the Website Privacy Notice does not apply to our use of Personal Information in connection with the Platform or the Services described herein.
Our Role; Our Relationship with our Customer, and with You
For most purposes, our Customer is the legal “controller” of your data with respect to EU’s General Data Protection Regulation (similarly, if our Customer is subject to the California Consumer Privacy Act, our Customer is the “business” for purposes of that Act). When you use our Services to effect Travel Services transactions, we collect, use, and disclose Personal Information about the Travelers who will be using the Travel Services on behalf of our controller Customer as a data “processor” (under the EU General Data Protection Regulation; or as a California Consumer Privacy Act “service provider”/“contractor”). In this capacity we process your Personal Information pursuant to the business purposes set forth in our agreement with the Customer and the Customer’s lawful direction.
This Notice describes both data we process as a data processor on behalf of our Customer; as well as your personal information that we process in our capacity as a controller when we can do so legally.
As the data controller, our Customer (which frequently will be your employer) is responsible for complying with many data protection obligations that pertain to your Personal Information. Accordingly, you should consult any information pertaining to the processing of your Personal Information supplied to you by the Customer who arranged for/invited you to use the Services. If our Customer supplies us with a privacy policy/notice document or other disclosure pertaining to your data protection rights, we will endeavor to make it available to you in conjunction with your access to the Services. With respect to our processing activities that we undertake at the direction of our Customer, in the event of a conflict between any data protection disclosure that you receive from our Customer (whether directly or indirectly) and this Notice, our Customer’s data protection disclosures shall govern the treatment of your Personal Information, except to the extent that we specifically advise you that our disclosure controls.
In the course of using our Services, in order to effect your selected Travel Services transactions, we will disclose your Personal Information to unaffiliated Travel Service Providers. For purposes of data protection laws such as the EU GDPR, these Travel Service Providers operate as “independent controllers;” and the use of your Personal Information by these Travel Service Providers is not governed by this Privacy Notice. Before using our Services to initiate a Travel Services transaction with a Travel Service Provider, you should review the data protection disclosures of the independent Travel Service Providers in question. You will be able to find the data protection disclosures for many passenger airlines via this third-party page: https://www.iatatravelcentre.com/privacy.htm#index; for other Travel Service Providers such as other air carriers, rail carriers, hotelkeepers, and car rental agencies, please consult the website of the Travel Service Provider in question.
How We Collect and Use Your Personal Information
Your Personal Information that We Receive from Others
We collect Personal Information about you from our Customer in the form of profile information that our Customer provides to us to facilitate the creation of a Traveler or other User account for your use on behalf of our Customer. When our Customer establishes a Traveler account for your use on our Platform (or otherwise directs or invites you to establish a Traveler account), we collect Personal Information necessary to effect Travel Services transactions, including your full name, your email address, postal address, and telephone number; and potentially also including your payment card information and billing address, date of birth, and gender. We may also collect a subset of this information to identify you if our Customer establishes for your use on our Platform a User Account that is not a Traveler Account. We also collect information about Users and Travelers from Customers, when Users and Travelers arrange Travel Services for Travelers on behalf of our Customer. If as a User of our Services you provide Personal Information about another User or Traveler, you agree to do this only with the permission of the person who the Personal Information pertains to, or at the direction of the data controllers.
We may also receive information about you from third parties from our business partners, Travel Service Providers, payment services providers, identity verification services, consumer reporting agencies, government records or agencies, or other publicly available information in conjunction with our fraud detection and prevention activities, or as otherwise necessary to confirm your identity in conjunction with your use of our Services or your exercise of data protection rights.
Your Personal Information that We Receive from You
In Providing Services. We collect Personal Information that you or another User provides directly to us on behalf of our Customer in the course of using our Services, such as when you use our Platform to purchase Travel Services from third-party Travel Service Providers.
We may also process optional information that you or another User may choose to provide on behalf of our Customer which are not generally necessary in order to use the Services, effect Travel Services transactions, or use Travel Services; such as your emergency contact information, if you choose to provide it. If our Customer permits you to use the Services to purchase Travel Services for your personal use, we may collect on behalf of our Customers Personal Information such as your personal payment card information, billing address, and your personal email address. You may customize your Traveler profile by providing additional Personal Information, such as identification or travel document data, Known Traveler Number, Redress Number, Travel Service Provider loyalty program membership information, and other travel preferences. You may also provide to us certain dietary preferences related to meal choice requests that may be offered by Travel Service Providers, or in connection with your requests for accommodations or assistance that may be offered by Travel Service Providers. If you provide such Personal Information to Spotnana, we will process such information solely for the specified purpose; and you consent to our processing and transferring such Personal Information to your selected Travel Service Providers for the purpose of the fulfillment of your requests.
When you contact us for support in the use of our Platform or in purchasing Travel Services, or if you provide feedback or suggestions about your experience, such as by telephone or through our Platform chat feature, we collect Personal Information to provide the requested assistance, and when necessary, to verify your identity. In addition, we may record and store these communications for training and quality assurance purposes.
Information We Automatically Collect
In addition to the information that you enter as you use our Services on behalf of our Customer, and the information that we collect in connection with the transactions you enter with Travel Service Providers using our Services; we also automatically collect information about how you and your devices interact with our Services. We use this information to improve the experience of Travelers and Users, and to improve value and insights for Customers. We log User and Traveler activity together with information about your devices, their software, app usage data, and your computer networks including your IP and MAC addresses, and employ strictly functional cookies and other browser storage, and use other technologies to process personal data to the extent necessary and proportionate to ensure the network and information security of our Services, to prevent unauthorized access to our networks, and to prevent malicious code distribution, denial of service attacks, and damage to computer and communications systems.
- Cookies, and Your Rights to Opt-Out. In providing the Services, Spotnana may use certain cookies in order to make the Services work with your computer. Because these cookies are only used for essential purposes, are strictly necessary cookies, and it is not possible to disable the placement of these cookies without negatively impacting the functionality of the Services, we do not provide any way to opt-out of the placement of the cookies we use with the Apps. You can avoid the placement of these cookies only by not using the Services. Similarly, even if we were a “business” under the CCPA, because we do not “sell” or “share” your personal information obtained or used in connection with the Services for purposes of the California Consumer Privacy Act, we do not provide means for you to opt-out, that is, to direct us not to do those things with your personal information that we already don’t do.
How We Use Personal Information
We use the information we collect from you and others to provide our Services, to communicate with you, and to improve and promote our Services.
To Provide Our Services to Our Customers. As described above, Spotnana acts as a data processor (or CCPA “service provider” or “contractor”) to our Customers acting in their role as data controllers (or CCPA “businesses”). Accordingly, we use your Personal Data in accordance with applicable law, and with the written arrangements with our Customers. These written arrangements provide for our use of your Personal Information for the purpose of providing our Services to our Customers:
- Account Information: In the creation and maintenance of User and Traveler accounts and profiles;
- Travel Services Transactions: To effect Travel Services transactions (according to the granular meaning of “transaction” we apply in this document);
- Services Communications:
- Customer support communications with you regarding our Services to verify that you have authority to act for a Customer, User, or Traveler, and to access information pertaining to your inquiries/provide responsive information;
- Communications regarding Travel Services transactions, including payment transactions and account status messages; and messages regarding updates, changes, and cancellations to Travel ServicesWith the express written authorization of the original controller of your data, our Customer (which may be your employer), Spotnana may use your Personal Information in ways that are not specifically directed by the original controller. In conducting this processing, we rely on our legitimate interest in operating our Services and business, and in complying with our legal obligations, balanced against your interests, or your fundamental rights and freedoms. These processing activities may include the following:
- In Conducting Financial and Security Monitoring and Audits. We may use your data to verify that our internal processes work as they are meant to, and to comply with accounting requirements. We may also use your data in order to protect the safety and integrity of our Customers’ data and the Personal Information of our Users and Travelers, using techniques to automatically monitor, detect, and prevent fraud or theft or computer attacks, or other unauthorized or illegal use of our Services.
- Other Financial and Legal Compliance. We use personal data obtained from you, from our Customers, and from third parties in order to verify the identity of our Customers, Users, and Travelers Customers in order to comply with laws and our reasonable commercial obligations (including payment processor standards and rules) associated with financial reporting as well as crime and fraud prevention and detection.
- Marketing, and Events and Development-Related Communications. When you use our Services, we may use your Personal Data to send you communications about the range of Services we make available to our Customers, and other news about Spotnana. These communications may contain information about upcoming Customer events, product demos, beta launches, or user experience surveys. We will engage in marketing activities with your consent, or where we have a legitimate interest; you may opt-out of these communications using the unsubscribe information included in the communication, or by contacting us at privacy@spotnana.com.
- Aggregated and De-Identified Personal Information. We may aggregate and/or de-identify Personal Information to the extent that it is no longer considered Personal Information. This processing is based on our legitimate interest; by making it so that the data involved no longer comprises personal information, this minimizes the impact on the rights and freedoms of data subjects. We do so to generate other data for our use. As this new data no longer identifies you or any other individual, we may use and disclose this data for any purposes that are compatible with the initial processing, except as limited by the authority granted by our Customer. Our commercial objectives in doing so may include:
- Analysis of usage trends/user behavior patterns in order to improve our Services, to provide quality and user assurance, and ensure the security and integrity of our systems, and to develop new products and services;
- Determining the effectiveness of our user and customer materials and collateral, so that we can adapt these writings to the interests and needs of our Customers and their users.
Consent. We may use Personal Information for other purposes that are clearly disclosed to you at the time you provide Personal Information or with your expressed, explicit consent following disclosure of all pertinent facts and circumstances.
Special Category and Sensitive Information
The use of our Services does not require the disclosure any GDPR special category personal information (e.g., information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health, or a person’s sex life or sexual orientation. (Note that this is a more limited definition than the CCPA definition of “sensitive personal information;” while no sensitive personal information is required to use our Services, certain CCPA sensitive personal information, such as passport number, may be required in order to purchase certain international Travel Services).
We process GDPR special category data following the user’s voluntary disclosure of the information to Spotnana as attendant to travel accommodation requests (e.g., a request for one of more types of travel assistance (e.g., physical, mobility, sensory, or other assistance), seating or lodging accommodation; or health-related dietary restrictions reflected in meal code choice; or revealed religious or philosophical beliefs related to meal code choice. We process such special category data solely for such specified purpose, and provide such special category data to the user’s selected carrier/other travel provider solely to the extent necessary to fulfill the request. By providing this information to Spotnana by your submission of an accommodation or meal choice request to Spotnana, or by indicating these preferences in your Traveler profile, you consent to the processing of this information as described herein, and to our provision of this information to Travel service providers in order to attempt to effect your requests, even if those selections are not supported or are otherwise unavailable from the Travel Service Provider to which we provide the information.
We process additional Personal Information on behalf of our Customers that is California Consumer Privacy Act ”sensitive personal information,” and we disclose this information in a manner that is reasonably necessary and proportionate for the purposes for which we collect it: we collect your passport number (for international travel, or where a suitable alternative national ID isn’t available). We disclose this information to Travel Service Providers in order to facilitate your purchase of Travel Services where a passport is required for travel. We believe that this purpose for disclosure is integral to performing the Services as reasonably expected by an average consumer who requests these services.
We also may process your payment card or other financial account data, but not in conjunction with authentication information which permits access to the account – please do not provide us with any financial, online, or login account authentication information of any kind.
The use of Travel Services themselves (as distinct from the use of our Services to effect Travel Service transactions), may involve the processing of additional sensitive or special category data (e.g., biometric data for the purpose of uniquely identifying a natural person) by various government entities; however except as described below under “Cross-Border Transfers” and as described in our Public Authority Access Request Policy, we are not involved in the collection or processing of such data. For further information regarding the nature of any such processing we advise you to contact the Passenger Information Unit (PIU), customs & immigration, intelligence services, law enforcement, or other appropriate government representative(s) of the country of your Travel departure(s) or destination(s).
Accessing/Changing Your Personal Information
- Self-service Access/Changes to Your Personal Information: You may access, update, correct, or delete your profile information and preferences at any time by logging in to your Account through our Apps. We may have disabled, at the direction of our Customer, your ability to edit certain information fields pertaining to your data, including Personal Information fields (these fields will typically be ‘grayed out,’ in edit mode, or attempted edits will fail). If you would like to make a change to one of these fields, please contact your Customer for assistance.
- Formal Access/Changes, and other Data Protection Rights: Depending on a number of factors, which may include your place of residence, the location of your Customer, and other factors, you may have the right to make certain requests with respect to your personal data processed by others.
This is because for most purposes we are legally not the “controller” of your data with respect to EU’s General Data Protection Regulation; instead in the course of providing the Service to our Customer we act as a “processor;” similarly, we are not the California Consumer Privacy Act “business,” we are a “service provider” or “contractor” providing the Service to that “business.” We will respond to your request in accordance with the law that applies to your circumstances, and with our agreement with our Customer that is consistent with those laws. Even if we are able to directly respond to your request (for example, if we are directed by the controller to directly accommodate your request), in order to protect your rights, and the rights of our Customer and ourselves, we may require you to verify your identity using certain information associated with your account, including but not limited to your email address, but unless absolutely necessary, we will not ask for additional information about you that we do not already have.
While certain exceptions may apply to your situation which make these rights inapplicable under some circumstances, your data rights may potentially include the right to:
- get confirmation about whether or not our Customer is processing your Personal Information;
- be provided access by our Customer to a copy of your Personal Information (including in electronic “portable” form for use with the platforms of other providers);
- object to/restrict our Customer’s uses of your Personal Information;
- have our Customer correct inaccurate or incomplete Personal Information about you;
- have your Customer delete or erase your Personal Information;
- withdraw your consent to our Customer’s processing of your data (to the extent that our Customer’s processing was based on your consent. Note that such withdrawal of consent will not impact the lawfulness of any processing we conducted based on your consent prior to its withdrawal.)
- California residents may potentially be able to exercise the following rights by making requests to our Customer:
- The right to request a copy of the personal information our Customer has collected about you in the past 12 months, including the categories of personal information it has disclosed about you, the business purpose for which it did so, and the categories of recipients;
- the right to request deletion of your personal information;
- the right to Opt-Out of the “sale” or “sharing” of your personal information to third parties, although as discussed above, because we do not “sell” or “share” (as those terms are defined under the CCPA) any Personal Information entered or obtained through your use of the Services, we do not provide any means for you to Opt-Out, that is, to direct us not to do the things we are already not doing. Spotnana may provide this right in connection with other services we provide via Spotnana’s public website at www.spotnana.com; please consult that site, and the privacy notice provided there for further information regarding this right.
- the right to not receive discriminatory treatment when attempting to exercise any of the California rights above.
In some cases, our Customer may also be unable to fulfill your request; for example, if applicable law provides that your data on our Platform comprises a record that our Customer is legally required to preserve (such as an employee record), our Customer may be required to preserve the data in spite of your request that your data be deleted.
Alternatively, while you may reside in California, our Customer on behalf of which you access the Services may not have sufficient gross revenues, or may not otherwise comprise a “business” as defined under the California Consumer Privacy Act (as amended) so as to make our Customer those circumstances Spotnana is not independently empowered to respond to your data subject requests — Spotnana is a data controller only to the very limited extent that, with the permission of the primary controller, Spotnana de-identifies user data in order to render it no longer personal data. To the very limited extent that Spotnana acts as a controller, Spotnana maintains no personal data to act on in response to a data subject request, whether the request is one of access, deletion, objection, &c. (see ”Aggregated and De-Identified Personal Information,” above).
If you would like to exercise any of these rights, you should feel free to contact us (for example via email at privacy@spotnana.com, or as described in the Contact Us section below). To the extent possible, we will pass along your request to our controller Customer, and we will typically also provide you with the name and contact information for your controller to which you should direct your request. In either event, it is important to note that in most cases we will be unable to fulfill your request directly.
Formal data requests contrasted with “informal”/self-help portal data entry/requests. As a component of our Services to our Customer, we may offer to our Customer, and to some or all of its authenticated Users, and therefore potentially to you while you are logged into the Platform, utilities enabling some manipulation of the data that we hold about you; for example by entering, modifying, correcting, “deactivating,” “freezing,” or omitting, all or part of your User or Traveler data or profile as it is maintained on the operational or “live” instance of our Service (see “Self-service Access/Changes to Your Personal Information,” above). While such data manipulation within the Service may or may not be permanent (i.e., we cannot guarantee that changes to User or Traveler account data made by a properly authenticated user can be rolled back or undone), such User-administered edits to yours or others’ Personal Data will not comprise or effect a data rights request of the type that you may be entitled to make under the data protection laws that may be applicable to you as described above.
Data Security and Retention
We maintain technical and organizational measures intended to protect Personal Information from misuse by persons both within, and outside of, our organization. In order to protect the security of your communications with us, do not send Personal Information over insecure communications such as email. Instead, whenever possible, communicate with us using the chat feature of the Platform while logged in to the Platform so that your communications with us will be encrypted.
No data security implementation can guarantee absolute security in the storage and transmission of confidential data. If you have reason to believe that your communications with us have been compromised, or that your interactions with us are no longer secure, please contact us at security@spotnana.com or privacy@spotnana.com immediately.
We retain Personal Information as we are directed by our Customer in its role as data controller, for as long as needed or permitted in light of the purpose(s) for which it was obtained, and consistent with applicable law. Absent contrary instructions from our Customer, we will retain your Personal Information for as long as we provide Services to our Customer, provided that in general transactions involving still-active users will be deleted 7 years following the last activity on any given transaction record.
Notwithstanding any contrary policy or Customer/controller instructions, we may retain Personal Information and certain records of your transactions to the extent necessary to comply with our legal and regulatory obligations (including as permitted or required in view of a pending or threatened judicial or administrative process, such as in connection with a possible or actual lawsuit or regulatory investigation).
Onward/Cross-Border Transfers
Your Personal Information may be stored and processed in any country where we have facilities or in which we engage service providers. Your Personal Information may be transferred to countries outside of your country of residence or supranational data protection region such as the EU/EEA. The countries to which your data may be sent include the United States, which may have data protection laws that are different from those of your country. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries may be entitled to access your Personal Information, as described further in our Public Authority Access Request Policy.
How We Disclose Personal Information
We disclose your Personal Information in connection with providing our Services and the operation of our business.
Spotnana Affiliates.We share Personal Information with other Spotnana entities in order to provide our Services and for internal administration purposes. These entities are Spotnana Technology BV (Netherlands), Spotnana Technology Ltd (UK), Spotnana Technology Private Limited (India).
Our Customers. As a provider of travel management services to our Customers, we share User and Traveler Personal Information related to use of our Platform, and Travel Services purchased using our Services, with the Customer who procured our Services and made them available to the User and Traveler to use on the Customer’s behalf. This Personal Information may include Traveler and/or User profile; business travel reservations and itineraries (both used and unused); current location inferred from consumed itinerary; travel and loyalty preferences, and transactions history. Our Platform is designed for and provided for Traveler use for the arrangement and procurement of business travel on behalf of our Customers, and all travel information is accessible by the Customer, whether or not designated as business or personal travel by the Traveler or User, and regardless of the method of payment. The collection and transfer to us of your Personal Information by our Customers, used by us to create your User and/or Traveler account profiles; and the use of your Personal Information that we provide to our Customer controller, is governed by the data protection policies of our Customer. Please consult the Customer through which you are granted access to our Services for further information about the data protection practices of our Customer controller.
Service Providers. We disclose your Personal Information with a limited number of service providers of two primary types:
- Subprocessors: Service providers that we engage to provide us with necessary assistance in providing the Services, operating our Platform, or otherwise running our business, such as computing infrastructure, hosting, and cloud computing providers, payment processing vendors, and customer service agent bureaus. These service providers are called “subprocessors,” and we enter agreements with these subprocessors governing their use of Personal Information, and we disclose these subprocessors to our Customer controller;
- Travel Service Providers: We may disclose Personal Information we receive from our Customers to third-party business partners when this is necessary to effect Travel Services transactions that you wish to explore, assess, or enter in the course of using our Services. These Travel Service Providers to which we may disclose Personal Information include transportation common carriers such as airlines or rail operators, rental car companies, hotelkeepers, and other Travel Service Providers, and infrastructure and reservation system vendors and agents of these Travel Service Providers. In contrast to the subprocessors that we engage as described above, these Travel Service Providers and their vendors operate as independent controllers. Accordingly, we cannot direct or control the data processing activities or practices of these Travel Service Providers, we accept no responsibility for the data protection practices of these Travel Service Providers, and your Personal Information is disclosed to them subject to the receiving Travel Service Provider’s data protection notice(s). By electing to create a reservation with, or purchase Travel Services from any Travel Service Provider, you consent to our provision of your Personal Information subject to the policies and practices of the applicable Travel Services Provider with respect to the processing, collection, storage, use, and transfer of your data by the Travel Service Provider.
Legal Compliance and Obligations. We may also disclose your Personal Information, including outside your country of residence, when necessary in order for us to:
- comply with the laws where we do business or to which we are subject to;
- protect your or our rights, freedoms, or legitimate interests, or those of our business partners, Customers, or others; and
- respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities in the jurisdictions in which we do business or to which we are subject. Review our Public Authority Access Request Policy for further information.
Transactions Involving the Sale of a Business Unit. We may disclose or transfer Personal Information to a third party in connection with our preparations to effect a transaction altering our business organization or structure, such as a corporate reorganization, merger, sale, spin-off, joint venture, assignment, insolvency or liquidation petition, or other disposition of a material portion of our business or its assets.
Communications — Your Rights and Options
You have choices regarding our use and disclosure of your Personal Information. This describes some of the communications or data that you might receive from us, and any options you may have:
- Marketing-related emails: If you no longer want to receive marketing-related emails from us, you may opt-out via the “unsubscribe” link included in such emails. Even after you opt-out of receiving marketing-related emails from us, we may still send you important administrative messages that are required to provide you (personally, or as a representative of our Customer) with information pertaining to our Services, or that are related to the provision of Travel Services by third-party Travel Service Providers. You cannot opt-out of receiving these important messages while using the Services.
- Travel Alerts: You can manage your communication preferences by accessing your account “Profile” >> “Preferences,” and scrolling down to “Alerts.” There, you can choose which types of Booking and Flight Alerts to receive, and the email addresses that will receive the alerts. You may also opt-out of SMS alerts in your Account Settings.
- Travel Arrangers: Our Customer may have designated certain other Users (typically, other employees of the Customer) who may be available to assist you with arranging the procurement of Travel Services. At your “Profile” >> “Arranger,” you may designate these Users as your Travel “Arrangers” to assist you in effecting Travel Services transactions. Note that this will likely provide the Arranger User with increased access to your Personal Information that has been disclosed to your Customer.
- Necessary Cookies. Our Service uses a limited amount of necessary cookies and other tracking technologies in order to provide session functionality and otherwise make our technology work as intended. Because the cookies we place on your devices are necessary to make our Services function, we do not provide the option to opt-out from them.
Our Services Are Not Intended for Use by Minors
As a business-to-business service engaging with business entity Customers, Spotnana’s Services are designed for use only by those who are 18 years of age or over, and are not intended for use by minors; Spotnana does not authorize the creation of Traveler accounts by or for persons under 18 years of age.
In some exceptional cases, our Customer may permit Travelers who travel with their children to provide the personal information of those minor children to the extent required to use Travel Services. The Traveler must have legal permission to provide consent on behalf of the child to the processing of the child’s data. In addition, further proof of direct consent from or relating to traveling children may be required by the data controller.
International Privacy Practices
European Economic Area. Some non-EEA countries are recognized by the European Commission as providing adequate level of data protection according to EEA standards (the full list of these countries is available here: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en). For transfers from the EEA to countries not considered adequate by the European Commission, we endeavor to put in place adequate measures to ensure your Personal Information is safeguarded consistent with the requirements of applicable laws. You may obtain more information by contacting us in accordance with the “Contact Us” section below.
You may also lodge a complaint with the EU/EEA data protection authority for your country or region where you have your residence, place of work, where an alleged infringement of applicable data protection law occurs, or where our Customer/controller is established or maintains an EU representative.
Updates to This Privacy Notice
We reserve the right to update this Privacy Notice at any time to reflect new Services, improvements in our data practices, or the requirements of applicable law, effective upon our posting of the revised Privacy Notice as indicated by the “Last Updated” date above; unless we are required by law to provide you with prior notice of changes.
Contact Us
Spotnana Technology, Inc., located at 115 Broadway Suite 10-114, New York, NY 10006, United States, is the company responsible for collection, use, and disclosure of your Personal Information under this Privacy Notice. The controller is our Customer that engaged us to provide the Services to you (most frequently, this will be your employer, but you may have a different relationship with the controller entity).
If you have any questions about this Privacy Notice, please contact us at privacy@spotnana.com. Because email communications are not always secure, please do not include any login information, payment account data, or other sensitive information in your emails to us.\
You can also write to us at:
Privacy Team
Spotnana Technology, Inc.
115 Broadway Suite 10-114
New York, NY 10006, United States