- What personally identifiable information CREST collects.
- How CREST uses and shares personally identifiable information.
- What choices are available to users regarding the collection, use, and distribution of data.
- What types of security procedures are in place to protect the loss, misuse, or alteration of information.
- How users can correct any inaccuracies in the information.
CREST is the sole owner of the information collected on www.responsibletravel.org. CREST collects the following information from our users on our website.
Information you provide to us
- Newsletter signup We request information from the user through our newsletter signup. A user may provide their name, email, and location to receive news and other relevant information via email.
- Payment information
If you donate or purchase something from us, we may need to collect payment information, such as credit card number, expiration date, and credit card security code, where needed to complete a transaction. This information is securely processed by service providers, as discussed below.
Information we collect automatically
- Log data
Like most standard website servers, we collect log information. This includes Internet Protocol (IP) addresses, browser type, Internet service provider (ISP), referring/exit pages, platform type, date/time stamp, and number of clicks.
We generally use the information we collect to:
- Fulfill your requests for products, services, and information;
- Send you informational materials
- Analyze the use of the Services and user data to understand and improve the Services
- Prevent potentially prohibited or illegal activities; and
For any other purposes disclosed to you at the time we collect your information or pursuant to your consent.
Communications from the site
If a user wishes to subscribe to our electronic communications, we require an email address and other contact information (full name and location). Out of respect for our users’ privacy, we provide a way to opt-out of these communications. Please see the “Opt-out and Control of Information” section below.
- Third-party Service Providers
- Order Fulfillment
We may process your information when doing so is necessary to fulfill your request (e.g. to ship an order).
- Change of Control
We may share your information in connection with a substantial transaction, such as the sale of a website, a merger, consolidation, asset sale, or in the unlikely event of bankruptcy.
- With Your Consent
We may share information for any other purposes disclosed to you at the time we collect the information or pursuant to your consent.
- Legal Process
We may need to disclose personal information when required by law wherein we have a good-faith belief that such action is necessary to comply with a current judicial proceeding, a court order, or legal process.
If you access third-party services, such as Facebook, Google, or Twitter, through our website (for example to share information about your experience with CREST with others), these third-party services may be able to collect information about you, including information about your activity on the website, and they may notify your connections on the third-party services about your use of the website, in accordance with their own privacy policies.
Opt-out and Control of Information
Users who no longer wish to receive our newsletters and/or promotional communications may send an email to CREST’s Managing Director (contact information listed below), indicating the email address(es) to be removed from the email list. We also offer automatic opt-out mechanisms at the bottom of all communications.
Users may also have rights in accordance with applicable law to do the following by contacting us via the contact information listed below:
- See what data we have about you, if any.
- Change/correct any data we have about you.
- Have us delete any data we have about you.
- Express any concern you have about our use of your data.
This website takes every precaution to protect our users’ information. When users submit sensitive information via the website, their information is protected both online and off-line.
We also do everything in our power to protect user-information off-line. All of our users’ information, not just the information mentioned above, is restricted in our offices. Only employees who need the information to perform a specific job are authorized to access to personally identifiable information. All employees are kept up-to-date on our security and privacy practices. Any time new policies are added, our employees are notified and/or reminded about the importance we place on privacy, and what they can do to ensure our users’ information is protected. Finally, the servers that store personally identifiable information are housed in a secure environment.
We retain data only as long as necessary to fulfill the purpose for which it was collected.
Cookies and Information Collected by Third Parties
We use Google Analytics to aggregate and analyze data about the audiences for our websites. To learn more about how Google Analytics process data, visit their site here.
Visitors from the European Economic Area
We process your data from outside of the European Economic Area, including from the United States, which may not have the same level of privacy protections as your home country.
The data controller for your personal data is the Center for Responsible Travel. If you have any unresolved privacy concern that we have not addressed satisfactorily after contacting us, you have the right to contact the appropriate EU Data Protection Authority and lodge a complaint. We hope, however, that you will raise those concerns with us first by contacting us as set out in the “Contact Information” section below.
Notification of Changes
If you have questions or concerns, feel free to reach out to CREST managing director Samantha Bray at firstname.lastname@example.org. The Managing Director can also be reached at the following address:
Center for Responsible Travel
1225 Eye St. NW
Washington, DC 20005