The Holidays Exchange Cooperative , hereafter the PROCESSER of Users’ personal data, cares about privacy issues and wants you to be familiar with how we collect, disclose, and otherwise use (“Process“) information about you, in accordance with the applicable EU Regulations 2016/679 of 27 April 2016 (GDPR) relating to the protection of the personal data of individuals concerning the processing of personal data and the free circulation of this data.
Our privacy practices may vary among the countries in which we operate to reflect local practices and legal requirements, such that our practices may be more limited in such jurisdictions.
Please read the following to learn more about our privacy practices.
What data we collect and why we collect it
If you decide to join us using the “Join us” form we will collect your full name and e-mail address, which identifies you as a person.
Other information collected
In addition to any Personal Information or other information you choose to provide to us on the Services, we and our third-party service providers may use a variety of technologies, now and hereafter devised, that automatically collect certain website usage information whenever you visit or interact with the Services. This information may include browser type, operating system, the page served, the time, the source of the request, the preceding page view, and other similar information.
We may use this usage information for a variety of purposes, including to enhance or otherwise improve the Services. In addition, we may also collect your IP address or some other unique identifier for the particular device you use to access the Internet, as applicable (collectively, referred to herein as a “Device Identifier“).
A Device Identifier is a number that is automatically assigned to your device, and we may identify your device by its Device Identifier. When analysed, usage information helps us determine how our Services are used, such as what types of visitors arrive at the Services, what type of content is most popular, what type of content you may find most relevant and what type of visitors are interested in particular kinds of content and advertising. We may associate your Device Identifier or website usage information with the Personal Information you provide, but we will treat the combined information as Personal Information.
We use non-personal information in a variety of ways, including to analyse site traffic, understand customer needs and trends, carry out targeted promotional activities and to improve our services. We may use your non-personal information by itself or aggregate it with information we have obtained from others. We may share your non-personal information with our affiliated companies and third parties to achieve these objectives and others, but remember that aggregate information is anonymous information that does not personally identify you. We may provide our analysis and certain non-personal information to third parties (who may in turn use this information to provide advertisements tailored to your interests), but this will not involve disclosing any of your personally identifiable information.
Why and How We Use Your Information
We may Process Personal Information in connection with any of the following:
1.- Our business transactions with you, including, but not limited to:
- Entering into or performing a contract with you.
- Responding to your enquiries and fulfilling your requests.
- Sending administrative information to you, for example, information regarding the Services or an event you are attending.
- Completing and fulfilling any purchases or requests for services.
2.- For our legitimate business interests, including, but not limited to:
- Personalizing your experience on the Services by presenting products and offers tailored to you.
- Allowing you to participate in sweepstakes, contests, and similar promotions, and administering such activities (each of which may have additional rules and could contain additional information about how we Process your Personal Information).
- Facilitating social sharing functionalities of your social media account(s).
- Subject to your marketing preferences (which may include consent to marketing under applicable law), to send you newsletters or marketing communications we believe may interest you, for our own products and services, and on behalf of our Affiliates or selected third parties, via postal mail, email, phone or text messaging.
3.- In accordance with any consent you may have provided. You have the right to decline to provide your consent and, if consent is provided, to withdraw it at any time.
4.- As necessary or appropriate for legal reasons, including, but not limited to:
- Under applicable law.
- Complying with legal process.
- Responding to requests from public and government authorities, including those outside your country of residence.
- Enforcing our terms and conditions.
- Protecting our operations or those of any of our Affiliates, RCI affiliated resorts or other third parties.
- Protecting our rights, privacy, safety or property, or that of our Affiliates, RCI affiliated resorts, you, or other third parties.
- Allowing us to pursue available remedies or limit damages we, our Affiliates, RCI affiliated resorts or other third parties, may sustain.
Who we share your data with
We don’t share your Personal data with any entity.
How long we retain your data
We store your Personal data until you decide you don’t want to stand with us anymore.
What rights you have over your data
If you have joined us, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
In accordance with the provisions of the applicable personal data protection regulations, the CONTROLLER complies with all provisions of the GDPR regulations for the processing of the personal data it controls, and explicitly with the principles described in article 5 of the GDPR, which states that data must be processed legally, faithfully and transparently in relation to the interested party and in an adequate, relevant way limited to whatever is necessary in relation to the purposes for which it is processed.
The CONTROLLER guarantees that it has implemented appropriate technical and organisational policies to apply the security measures established by the GDPR to protect Users’ rights and freedoms and has given the appropriate information so that they may be exercised.
How can you contact us?