Last Updated: 12/07/2021
The San Francisco Exchange Company Inc. (SFX), its affiliates and subsidiaries ("Company," "We," “Us,” and “Our”) respects your privacy and are committed to protecting it through our compliance with this policy. This policy describes the types of information we may collect from you or that you may provide when you visit the website (our "Website") or social media sites we control and our practices for collecting, using, maintaining, protecting, and disclosing that information.
This policy applies to information we collect:
- On or through this Website.
- Over the phone, email, text, and other electronic messages between you and Us.
- Through mobile and desktop applications you download from this Website, which provide dedicated non-browser-based interaction between you and this Website.
- When you interact with our advertising and applications on third-party websites and services, if those applications or advertising include links to this Website.
Information Collected About You and How We Collect It
We collect several types of information from and about users of our Website, including the following categories of information:
- Purchasing Information. This is information that we may collect about your transactions in our stores, on our websites or via our mobile applications including what products you purchase, how frequently you purchase them, any rewards or promotions associated with a purchase.
- Personal Information. This is information by which you may be personally identified, through your account with us or otherwise, such as name, postal address, e-mail address, telephone number, address, or any other identifier by which you may be contacted online or offline (“Personal Data”). The collection of such personal information is necessary for Us to provide you with our services.
- Device and Usage Information. This is information about your internet connection (ISP), IP address, device and mobile ad identifiers, the website that referred you to our website, the subject of the ads you click or scroll over, Cookies, Analytics, the equipment you use to access our Website and usage details. To collect this information, we use automatic data collection cookies, web beacons and similar technologies.
- Location information. This is information about the location of your device, including GPS location, for purposes of enhancing or facilitating our services, such as enabling the functionality of our websites or mobile applications that provide you with information about offers near you, enabling you to remotely order and pay for our products and services, or have certain products delivered by a third-party vendor. If you want to opt out of the collection of this location information, please see the section below titled Choices on How We Use and Disclose Your Information or by contacting us as detailed under Contact Information.
- Public information. Some information we gather is publicly available. We may also gather information about you from third-parties and other companies.
We collect this information:
- Directly from you when you provide it to us.
- Some information such as your internet connection and equipment you use to access our Website and usage details is automatically collected as you navigate through the site. Information collected automatically may include usage details, IP addresses, location and information collected through cookies and other tracking technologies.
- We use third party analytics providers and products, such as Google Analytics, to obtain, compile and analyze information about how users are using and interacting with the Website. In order to collect this information, such providers may set cookies on your browser or mobile device or read cookies that are already there. Google Analytics may also receive information about you from apps you have downloaded, that partner with Google. We do not combine the information collected through the use of Google Analytics with personally identifiable information. You can control the information provided to Google and opt out of certain ads provided by Google by using one of the of the methods set forth in https://www.google.com/policies/privacy/partners/.
- From third parties, for example, our business partners, affiliates and agents.
Information You Provide to Us. The information we collect on or through our Website may include:
- Certain general data and Personal Data (“Personal Data”) that identifies our customers, that you provide or give us in another way. This may include your first and last name, postal address, telephone number, email address, date of birth, citizenship, and passport details, and if you make a purchase, your credit/debit card details in order to make a payment and confirm the purchase.
- Information that you provide by filling in forms on our Website. This includes information provided at the time of registering to use our Website, subscribing to our service, posting material, or requesting further services. We may also ask you for information when you enter a contest or promotion sponsored by us, and when you report a problem with our Website.
- Records and copies of your correspondence including email addresses, if you contact us.
- Your responses to surveys that we might ask you to complete for research purposes.
- Details of transactions you carry out through our Website and of the fulfillment of your travel and purchases. You may be required to provide financial information including credit or debit card information before placing an order through our Website.
- Your search queries or preferences through use of the Website, including the election to share location information with us and our website applications.
You also may provide information, or comments, or photographs to be published or displayed (hereinafter, "posted") on public areas of the Website or transmitted to other users of the Website or third parties (collectively, "User Contributions"). Your User Contributions are posted on and transmitted to others at your own risk. Although we limit access to certain pages/you may set certain privacy settings for such information by logging into your account profile, please be aware that no security measures are perfect or impenetrable. Additionally, we cannot control the actions of other users of the Website with whom you may choose to share your User Contributions. Therefore, we cannot and do not guarantee that your User Contributions will not be viewed by unauthorized persons.
Information We Collect Through Automatic Data Collection Technologies. As you navigate through and interact with our Website, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, including:
- Details of your visits to our Website, including traffic data, logs, and other communication data and the resources that you access and use on the Website.
- Information about your computer and internet connection, including your IP address, operating system, and browser type.
The information we collect automatically is statistical data and does not include personal information, but we may maintain it or associate it with personal information we collect in other ways or receive from third parties. It helps us to improve our Website and to deliver a better and more personalized service, including by enabling us to:
- Estimate our audience size and usage patterns.
- Store information about your preferences, allowing us to customize our Website according to your individual interests.
- Speed up your searches.
- Recognize you when you return to our Website.
The technologies we use for this automatic data collection may include:
- Flash Cookies. Certain features of our Website may use local stored objects (or Flash cookies) to collect and store information about your preferences and navigation to, from, and on our Website. Flash cookies are not managed by the same browser settings as are used for browser cookies. Information on how to disable or remove flash cookies can be found below under the section titled Choices on How We Use and Disclose Your Information.
- Web Beacons. Pages of the Website and our e-mails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).
- Java Scripts. Java scripts are code snippets embedded in various parts of websites and applications that facilitate a variety of operations including accelerating the refresh speed of certain functionality or monitoring usage of various online components.
- Entity Tags. Entity Tags are HTTP code mechanisms that allow portions of websites to be stored or “cached" within your browser and validates these caches when the website is opened, accelerating website performance since the web server does not need to send a full response if the content has not changed.
- HTML5 Local Storage. HTML5 local storage allows data from websites to be stored or “cached" within your browser to store and retrieve data in HTML5 pages when the website is revisited.
We do not collect personal information automatically through the above technologies, but we may tie this information gathered to personal information about you that we collect from other sources or you provide to us.
Third Party Cookies and Other Tracking Technologies
We do not control these third parties' tracking technologies or how they may be used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly.
How We Use Your Information and Legal Bases for Processing
We only process your information where it is necessary for:
- our legitimate interests to establish and manage our relationship with you, for administrative purposes, and other legitimate business interests such as credit assessment, marketing, presenting and improving our website;
- fulfilling our contractual obligations towards you (e.g., sending confirmations, invoices, and travel documentation to you), our affiliated or related entities, associates, partners, and the customers of such affiliated or related entities, associates and partners; and
- compliance with applicable laws and regulations and our legal obligations, such as accounting and tax requirements.
There may be occasions where we request your consent to process your personal data. Where applicable, you may withdraw consent subsequently at any time by contacting us as detailed under Contact Information, below, without affecting the lawfulness of processing based on consent before its withdrawal. For example, we may use your information to contact you about our own and third-parties' goods and services that may be of interest to you. We may use the information we have collected from you to enable us to display advertisements to our advertisers' target audiences. Even though we do not disclose your personal information for these purposes without your consent, if you click on or otherwise interact with an advertisement, the advertiser may assume that you meet its target criteria. Information on how to opt-out of interest-based advertising can be found under the section titled Choices on How We Use and Disclose Your Information or by contacting us as detailed under Contact Information.
Disclosure of Your Information
We may disclose aggregated information about our users, and information that does not identify any individual, without restriction. We may disclose personal information that we collect or you provide as described above (How We Use Your Information and Legal bases for Processing) to the following:
- To our subsidiaries and affiliates.
- To contractors, service providers, and other third parties we use to support our business and who are bound by contractual obligations to keep personal information confidential and use it only for the purposes for which we disclose it to them.
- To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of SFX's stock or assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by SFX about our Website users is among the assets transferred.
- To third parties, including but not limited to suppliers, third-party vendors, business partners, and corporate affiliates for the same legitimate purposes as detailed above.
- To fulfill the purpose for which you provide it. For example, if you give us an email address to use the "email a friend" feature of our Website, we will transmit the contents of that email and your email address to the recipients.
- For any other purpose disclosed by us when you provide the information, with your consent, as applicable.
- To comply with any court order, law, or legal process, including to respond to any government or regulatory request. When the disclosure of such personal information is required to be made to a governmental or regulatory agency, we will ensure that such personal information will only be shared with the relevant governmental or regulatory agency and not released to the general public. However, you will hold Us harmless if the personal information is disclosed by the governmental or regulatory agency to any third party or the public.
- If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of SFX, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.
Choices About How We Use and Disclose Your Information
We strive to provide you with choices regarding the personal information you provide to us. Below are some of the mechanisms available to change control over your information automatically provided when visiting the Website:
- Google Analytics. You can control the information provided to Google and opt out of certain ads provided by Google by using one the of the methods set forth in https://www.google.com/policies/privacy/partners/ or use the Google Analytics opt out browser add-on at https://tools.google.com/dlpage/gaoptout?hl=en.
- Cookies; Web Beacons; Entity Tags; and HTML5 Local Storage; and other similar technologies. Persistent cookies can be removed by following your web browser’s directions. A session cookie is temporary and disappears after you close your browser. You can reset your web browser to refuse all cookies or to indicate when a cookie is being sent. However, some features of the Site may not function properly if the ability to accept cookies is disabled. Turning off the browser's cookies will prevent web beacons from tracking your specific activity. The web beacon may still record an anonymous visit from your IP address, but unique information will not be recorded. If you do not want to receive tracking pixels, you will need to disable HTML images in your email client, and that may affect your ability to view images in other emails that you receive. Each browser is different, but many common browsers (Internet Explorer, Chrome, Firefox, and Safari) have preferences or options that may be adjusted to allow you to either accept or reject cookies and certain other technologies before they are set or installed or allow you to remove or reject the use or installation of certain technologies altogether. To find out how to see what cookies have been set and how to reject and delete the cookies, please visit: https://www.aboutcookies.org.
- Opting out of sharing location information. You may be able to adjust the settings of your device so that information about your physical location is not sent to us or third parties by (a) disabling location services within the device settings; or (b) denying certain websites or mobile applications permission to access location information by changing the relevant preferences and permissions in your mobile device or browser settings. Please note that your location may be derived from your WiFi, Bluetooth, and other device settings. See your device settings for more information.
We do not control third parties' collection or use of your information to serve interest-based advertising. However, these third parties may provide you with ways to choose not to have your information collected or used in this way. You can opt out of receiving targeted ads from members of the Digital Advertising Alliance or the Network Advertising Initiative ("NAI") on the NAI's website or by visiting www.AboutAds.info.
Information Sent Abroad
SFX is a global organization and provides global services. In certain circumstances, sharing data cross-border is essential to the services you receive from Us.
I. Special Requirements under EU Data Protection Laws (GDPR):
In order to complete your booking, complete analysis, or for other legitimate purposes we transfer, process and store information about you outside of the EEA on servers located in the United States by The San Francisco Exchange Company Inc. and its affiliates located at 1350 Old Bayshore Hwy Ste. 520, Burlingame, CA 94010. Therefore, your information may be transferred to, stored, or processed in the United States. We will ensure that in terms of Data Security Standards of our systems in the US will have the same level of data protection that is adhered to by Us. If we transfer your Personal Data to agencies or third parties outside the EEA, we require similar, binding EU Standard Contractual Clauses, and we monitor compliance with such. Our affiliated or related entities, associates and partners have also agreed to adopt equivalent measures. Copies of these measures can be obtained by contacting Us as detailed under Contact Information below. You may lodge a complaint with the UK Information Commissioner’s Office if you consider that our processing of your Personal Data infringes applicable law.
II. Special Requirements under Mexican Data Protection Laws
In accordance with the requirements of the Mexican Federal Law on the Protection of Personal Data Held by Private Parties ( Ley Federal de Protección de Datos Personales en Posesión de los Particulares ) (the “Mexican DP Law”), We inform our users and subscribers located in Mexico of Our compliance with this Law. Under Mexican DP Law, we do not need to obtain your consent for the processing of your personal data for the purposes that give rise and are necessary for the fulfillment of our relationship (e.g. personal information required in order for you to subscribe to our vacation programs). In case you do not agree with the processing of your personal information for such purposes and as described in this policy, please abstain from acquiring or using our services.
Our Website users and subscribers located in Mexico should note that:
- The personal data provided by you to Us through email, fax, websites, online services, enrollment or subscription forms and agreements, telephone calls or any other means, is processed by Us for the purposes set forth in section How We Use Your Information; in the understanding that, in order to comply with the Mexican DP Law, below we have set forth those purposes that are not required to fulfill the relationship between us, commonly known as “additional or secondary purposes”.
- To provide you with updates about discounted availability, special offers, new services and products which may be of interest to you and other noteworthy news items.
- Send advertisements, promotions and brochures.
- To contact you about our and third parties’ goods and services that may be of interest to you.
- To ask for ratings and reviews of services or products.
- Should you not wish that your personal information be used for the purposes listed immediately above, please send an email to email@example.com with subject line “Request for Restriction on the use of My Personal Information for Secondary Purposes / Mexico”.
- As described above (see Information We Collect Through Automatic Data Collection Technologies), We also collect information using various technologies, such as cookies and web beacons.
- Copy of your official ID and/or of your legal representative. Such documents should be scanned and attached to the corresponding email communication. For legal representative, please also attach a copy of his/her power-of-attorney.
- Clear and precise description of the personal information about which the ARCO Rights are to be exercised, as well as the right or rights you wish to exercise. This description could be included in the email cover letter or in a document attached thereto, scanned and initialized in each of its pages.
- Expressly state your agreement to receive our response through an email communication, specifying the corresponding email address.
- Any other data that allows US to locate your personal data.
We will issue a response within the following 20 business days after we receive your request. Once you receive our response, you will have a 15 business day period to respond to our communication. In case you do not reply to our response within the mentioned period, we will understand in good faith that you agree with our response. We may refuse the exercise of your ARCO Rights in the cases permitted by applicable law, and shall inform you about such decision. The refusal may be partial, in which case We will carry out the access, rectification, cancellation or objection in the corresponding part.
As mentioned below, you can also review and change your personal information by logging into the Website and visiting your account profile page.
See the section Disclosure of Your Information for information regarding the manner in which we share your personal information with third parties and data-processors. Please note that we require your consent to transfer your personal data to third parties to market their own products or services to you.
Should you not wish that your personal data be transferred to third parties for their own marketing purposes please send an email to firstname.lastname@example.org with subject line “Request for Restriction on the Transfer of Personal Data to Third Parties for their Own Marketing Purposes / Mexico”.
Your Rights to Accessing and Correcting Your Information
You can review and change your personal information by logging into the Website and visiting your account profile page. You have the right to ask SFX not to process your Personal Data for marketing purposes. You also have the right to access Personal Data about you by SFX and to correct inaccurate Personal Data. Please ensure that we have an up-to-date active and deliverable email address for you. In accordance with applicable law, you may also have the right to object to or request restriction of the processing of your Personal Data and to request erasure and to port Personal Data about you.
Should you wish to exercise your rights, or to unsubscribe please contact email@example.com or Attn: Privacy Requests SFX Preferred Resorts at 1350 Old Bayshore Hwy Ste. 520, Burlingame, CA 94010 or via our toll-free number: 1-800-739-9969.
Access to your Personal Data will be granted in accordance with the requirements of applicable national legislation. The information will be forwarded to you within an appropriate period of time in accordance with applicable law, and where any discrepancies are discovered following your enquiry, we will take immediate steps to validate and, where appropriate, correct our records.
Retention of Data
We will retain your personal information during the term of the provision of the services availed by You only for so long as reasonably necessary for the purposes set out herein, in accordance with applicable laws.
Upon contacting The San Francisco Exchange Company Inc. (SFX) and providing PII such as your full name, e-mail address, and/or contact number, You expressly authorize and consent to receive autodialed and/or pre-recorded telemarketing calls, as well text messages and emails, from or on behalf of The San Francisco Exchange Company Inc. at the telephone number(s) provided. You hereby understand that your permission overrides your listing on any state, federal or company do not call list. You also understand that your consent is not a condition of purchasing any good or service. You agree to waive your rights under TCPA. You agree to receive communication via SMS, email and telephone on an ongoing basis and understand that you can opt-out of these communications at any time. You understand that this means both marketing and informational communication. You understand that message and data rates may apply to any communication via SMS.
Children Under the Age of 16
Our Website is not intended for children under 16 years of age. No one under age 16 may provide any personal information to Company or on the Website. We do not knowingly collect personal information from children under 16. If you are under 16, do not use or provide any information on this Website or on or through any of its features/register on the Website, make any purchases through the Website, use any of the interactive or public comment features of this Website or provide any information about yourself to us, including your name, address, telephone number, email address, or any screen name or user name you may use. If we learn we have collected or received personal information from a child under 16 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 16, please contact us as detailed under Contact Information, below.
Data Security and Retention
We have implemented measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure. All information you provide to us is stored on our secure servers behind firewalls. Any payment transactions provided therewith will be encrypted.
The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. We urge you to be careful about giving out information in public areas of the Website like message boards. The information you share in public areas may be viewed by any user of the Website.
Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our Website. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Website.
Your Personal Data will be retained only for so long as reasonably necessary for the purposes set out above, in accordance with applicable laws.
Your California Privacy Rights
California Civil Code Section § 1798.83 permits users of our Website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please contact us as detailed under Contact Information.
Click here to see your rights as a resident of California under the California Consumer Privacy act (CCPA).
Your Nevada Privacy Rights
The San Francisco Exchange Company Inc.
The San Francisco Exchange Company Inc.
Attn: Privacy Requests SFX Preferred Resorts
Updated: 11/28/2022