Connexions Loyalty Travel Solutions, LLC

Privacy Policy For Information Received From Our European Affiliates and Clients

We at Connexions Loyalty Travel Solutions LLC (referred to as "CLTS," "We," "Us," or "Our") recognize the importance of protecting the privacy of certain Personal Information (as defined herein) that We may receive from Our current and former European affiliates and clients  about their customers or clients (referred to as "You" or "Your"). This Privacy Policy discloses the purposes for which We receive and use Your Personal Information, how We use it, how to contact Us with any inquiries or complaints, and how to correct, change, or delete it. At CLTS, it is Our intention to give You a complete and accurate understanding about how We receive Your information and the use We make of it in the course of Our business. You can be assured that CLTS will not disclose Your Personal Information to third parties without Your consent, except as may be noted in this Privacy Policy.

Compliance with Safe Harbor Principles

CLTS complies with the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland. CLTS has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view CLTS’s certification, please visit http:www.export.gov/safeharbor/.

What Does CLTS Treat as Personal Information?

"Personal Information" is any information or data about You that in itself, or as part of a unique combination of information, specifically recognizes You by unique descriptors and/or identifiers.  Examples of Personal Information are name, address, credit card number, bank or financial account number, and social security number. Personal Information does not, however, include publicly available information. CLTS recognizes that You have an expectation about how Your Personal Information will be used and safeguarded. CLTS takes very seriously its commitment to ensure that such expectations are reasonably met, including the implementation of sound policies and business practices designed to diminish the unauthorized use of Personal Information for purposes such as the falsification of identity, unauthorized transactions in Your name, and/or the sale of Personal Information to third parties such as telemarketing firms. As a general rule, CLTS will not (within the scope of the European Directive 95/46/EC (the “Directive”)) disclose any specific Personal Information that We receive about You from our current and former European affiliates and clients (collectively referred to as “Disclosing Parties”) in a manner that connects You with the Personal Information.

How Does CLTS Receive Your Personal Information?

CLTS acts as a data processor for the Disclosing Parties and supports their business offerings purely as a data processor as defined in the Directive. In doing so, We act at the specific direction of, and in accordance with written instructions provided by, the relevant Disclosing Party outlining the authority granted to CLTS as the data processor. The data that we receive from such Disclosing Parties includes customer data (such as Your Personal Information) housed in the databases of such Disclosing Party or its clients, which data is transmitted by the Disclosing Party, via a secured link (like a Virtual Private Network) using appropriate encryption mechanisms, to Our database servers or transmitted by You to Us in connection with our services as a service provider. Although it is ultimately the responsibility of the Disclosing Party to ensure the integrity of the data it transmits to Us, We take reasonable steps to ensure that the data remains reliable, accurate, complete, and current, and that it is used solely for the intended purposes for which it was collected.

Onward Transmission:

As a general rule, CLTS will not disclose any specific Personal Information about You that We receive from the Disclosing Parties or You, except when We have Your permission or under certain circumstances described below. We receive and use Personal Information for Our business purposes only, and as specifically instructed by the Disclosing Parties. The following describes some of the ways that Your Personal Information may be disclosed:

Third Party Contractors:

We disclose Your Personal Information to third party contractors who are acting as Our agents for the purposes of fulfilling Our data processing obligations to the Disclosing Parties and in connection with the provision of Our services to the Disclosing Parties. In such cases, We shall enter into a written agreement with such third party contractors requiring that they provide at least the same level of privacy protection as is required by the Safe Harbor Principles.

Others:

CLTS may also disclose Personal Information in special cases when We have reason to believe that disclosing this information is necessary to identify, contact or bring legal action against someone who may be causing injury to or interference (either intentionally or unintentionally) with any of CLTS's rights or property, other customers or clients of CLTS, or anyone else. CLTS may disclose Personal Information when We believe in good faith that the law requires it and/or as otherwise permitted by the Safe Harbor Principles. 

If We become involved in a merger, acquisition, or any form of sale of some or all of Our assets, any Personal Information about you involved in such transactions will upon effectiveness of such transaction, remain subject to the privacy policy that your Personal Information is subject to immediately prior to the transaction.

How Can You Control the Usage Of Your Personal Information?

Given that CLTS is only acting as a data processor on behalf of, and at the specific direction and instruction of, the Disclosing Parties, we are not entitled to modify, change, amend or otherwise alter Your Personal Information unless otherwise instructed directly by such Disclosing Parties. Accordingly, We will promptly forward to the relevant Disclosing Party from which We received Your Personal Information any request We may receive from You to correct, update or delete such Personal Information. We will coordinate any responses and/or inquiries that We may receive from such Disclosing Parties in response to Your requests, and will promptly comply with any related instructions We may receive from such Disclosing Parties relating to the processing of Your Personal Information (including any corrections, updates or deletions to such Personal Information). We will also reasonably cooperate with the applicable European and Swiss Data Protection Supervisory Authority in the course of any inquiries it may have, and will reasonably comply with the advice of such Supervisory Authority, with regard to Our processing of Your Personal Information.

If, at any time, You wish to update, change, limit, or delete Your Personal Information, You may contact CLTS's Information Protection Officer, Brian Fisher, at (203) 956-1000 (telephone), (203) 956-8789 (fax), or bfisher@affiniongroup.com, who will forward Your request to the relevant Disclosing Party.

Data Security

The security of all Personal Information associated with Our clients and customers is an important concern to Us. We take reasonable industry-standard precautions to safeguard the confidentiality of Your Personal Information, and to protect Your Personal Information from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. We exercise care, as a data recipient, in ensuring a secure transmission of Your Personal Information from the Disclosing Parties to Our servers. We require that such transmissions be made via a secured link (like a Virtual Private Network ("VPN")) using appropriate encryption mechanisms. Unfortunately, no data transmission over a VPN can be guaranteed to be 100% secure. As a result, while We strive to protect Your Personal Information, CLTS and CLTS-affiliates cannot guarantee or warrant the security of any such Personal Information.

Enforcement

CLTS has instituted a self-regulatory and assessment program for ensuring verification and adherence to the Safe Harbor Privacy Principles. This may consist of regular information protection reviews including privacy information reviews by us or certain Disclosing Parties, physical security reviews, disaster recovery planning, testing and reviews, internal and external audits of CLTS's security, and onsite and survey reviews by certain Disclosing Parties. Vulnerability reviews by CLTS or Our designated third party agents are also performed periodically. CLTS's privacy policies and practices are in accordance with the aforementioned program and the Safe Harbor Principles. 

If You wish to file a complaint or have any objections about the way We use or disclose Your Personal Information, please follow Our Dispute Resolution process below.

Dispute Resolution

In addition to the establishment of internal controls and dispute resolution procedures for ensuring compliance with the Safe Harbor Principles, CLTS has implemented an independent recourse mechanism whereby Your complaints and disputes can be investigated and resolved. To that end, CLTS has committed to cooperate with data protection authorities located in the European Union, the Swiss Federal Data Protection and Information Commissioner, or their authorized representatives. If You wish to file a complaint or have any objections about the way We use or disclose Your Personal Information, You may contact CLTS's Information Protection Officer, Brian Fisher, at (203) 956-1000 (telephone), (203) 956-8789 (fax), or bfisher@affiniongroup.com. We will cooperate with the appropriate regulatory authorities, including local data protection authorities, to resolve Your complaint where necessary.