The Center for Responsible Travel (CREST) is committed to respecting the privacy of our contacts and donors and ensuring that their information will not be shared with any third party.This privacy policy covers websites maintained by CREST (responsibletravel.org) and discloses CREST’s practices regarding information collected from users of its websites. It will include:

  • What personally identifiable information CREST collects.
  • How CREST uses and shares personally identifiable information.
  • What choices are available to users regarding the collection, use, and distribution of data.
  • What types of security procedures are in place to protect the loss, misuse, or alteration of information.
  • How users can correct any inaccuracies in the information.

Information Collection
CREST is the sole owner of the information collected on www.responsibletravel.org. CREST collects the following information from our users on our website.

Information you provide to us

  • Newsletter signup We request information from the user through our newsletter signup. A user may provide their name, email, and location to receive news and other relevant information via email.
  • Payment information
    If you donate or purchase something from us, we may need to collect payment information, such as credit card number, expiration date, and credit card security code, where needed to complete a transaction.  This information is securely processed by service providers, as discussed below.

Information we collect automatically

  • Log data
    Like most standard website servers, we collect log information.  This includes Internet Protocol (IP) addresses, browser type, Internet service provider (ISP), referring/exit pages, platform type, date/time stamp, and number of clicks.

Information Use

We generally use the information we collect to:

  • Fulfill your requests for products, services, and information;
  • Send you informational materials
  • Analyze the use of the Services and user data to understand and improve the Services
  • Prevent potentially prohibited or illegal activities; and

For any other purposes disclosed to you at the time we collect your information or pursuant to your consent.

Communications from the site

If a user wishes to subscribe to our electronic communications, we require an email address and other contact information (full name and location). Out of respect for our users’ privacy, we provide a way to opt-out of these communications. Please see the “Opt-out and Control of Information” section below.

Information Sharing

We will not sell or rent your information to anyone. We will use your information to respond to you regarding the reason you contacted us. We will not share your information with any third party outside of our organization, other than as described in this privacy policy. These are the instances in which we will share users’ personal information:

  • Third-party Service Providers
    We use outside secure service providers to host and maintain our web server, provide bulk email services, and to process credit cards and bill users for goods and services. Unless you ask us not to, we may contact you via email in the future to tell you about CREST’s new products or services or changes to this privacy policy.
  • Order Fulfillment
    We may process your information when doing so is necessary to fulfill your request (e.g. to ship an order).
  • Change of Control
    We may share your information in connection with a substantial transaction, such as the sale of a website, a merger, consolidation, asset sale, or in the unlikely event of bankruptcy.
  • With Your Consent
    We may share information for any other purposes disclosed to you at the time we collect the information or pursuant to your consent. 
  • Legal Process
    We may need to disclose personal information when required by law wherein we have a good-faith belief that such action is necessary to comply with a current judicial proceeding, a court order, or legal process.

If you access third-party services, such as Facebook, Google, or Twitter, through our website (for example to share information about your experience with CREST with others), these third-party services may be able to collect information about you, including information about your activity on the website, and they may notify your connections on the third-party services about your use of the website, in accordance with their own privacy policies.

Opt-out and Control of Information

Users who no longer wish to receive our newsletters and/or promotional communications may send an email to CREST’s Managing Director (contact information listed below), indicating the email address(es) to be removed from the email list. We also offer automatic opt-out mechanisms at the bottom of all communications.

Users may also have rights in accordance with applicable law to do the following by contacting us via the contact information listed below:

  • See what data we have about you, if any.
  • Change/correct any data we have about you.
  • Have us delete any data we have about you.
  • Express any concern you have about our use of your data.

Links

This website contains links to other sites. Please be aware that CREST is not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy policies of each and every website that collects personally identifiable information. This privacy policy applies solely to information collected by this website.

Security

This website takes every precaution to protect our users’ information. When users submit sensitive information via the website, their information is protected both online and off-line.
We also do everything in our power to protect user-information off-line. All of our users’ information, not just the information mentioned above, is restricted in our offices. Only employees who need the information to perform a specific job are authorized to access to personally identifiable information. All employees are kept up-to-date on our security and privacy practices. Any time new policies are added, our employees are notified and/or reminded about the importance we place on privacy, and what they can do to ensure our users’ information is protected. Finally, the servers that store personally identifiable information are housed in a secure environment. 

We retain data only as long as necessary to fulfill the purpose for which it was collected.

Cookies and Information Collected by Third Parties

When you use our websites, you may receive cookies or other similar technologies such as pixel tags from us and the third parties that collect information on our websites. We use cookies to determine that we give you a high-quality experience on our websites.

We use Google Analytics to aggregate and analyze data about the audiences for our websites.  To learn more about how Google Analytics process data, visit their site here.

Visitors from the European Economic Area

We process personal data (as defined by applicable law) for the purposes set out in this privacy policy. Our legal basis to process personal data includes processing that is: necessary for the performance of the contract between you and CREST (for example, to provide you with the services you request); necessary to comply with legal requirements (for example, to comply with applicable accounting rules and to make mandatory disclosures to law enforcement); necessary for our legitimate interests (for example, to manage our relationship with you and to improve the website and our Services); and based on consent by our customers (for example, to communicate with you about our products and services and provide you with marketing information), which may subsequently be withdrawn at any time (by contacting us as set out below) without affecting the lawfulness of processing based on consent before its withdrawal.

We process your data from outside of the European Economic Area, including from the United States, which may not have the same level of privacy protections as your home country. 
The data controller for your personal data is the Center for Responsible Travel.  If you have any unresolved privacy concern that we have not addressed satisfactorily after contacting us, you have the right to contact the appropriate EU Data Protection Authority and lodge a complaint.  We hope, however, that you will raise those concerns with us first by contacting us as set out in the “Contact Information” section below.

Notification of Changes

If we decide to change our privacy policy, we will post those changes to this page and other places we deem appropriate, so our users are aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it.

Contact Information

If you have questions or concerns, feel free to reach out to CREST managing director Samantha Bray at staff@responsibletravel.org. The Managing Director can also be reached at the following address:

Center for Responsible Travel
1225 Eye St. NW
Suite 600
Washington, DC 20005