European Economic Area ("EEA") Privacy Policy

Effective Date: December 9, 2019

Last Updated: March18, 2021

European Economic Area Privacy Policy

This European Economic Area (“EEA”) privacy policy (“EEA Privacy Policy”) describes the ways Wayaj, Inc. (collectively, “we” or “us” or “Wayaj”) collects, stores, uses, discloses, and protects Personal Data received from persons in the EEA. We use the term “Personal Data” to describe any information relating to an identified or identifiable individual from persons in the EEA, and it may include name, address, email address, phone number, login (account number, password), marketing preferences, social media account, social security number, country identification number, or payment card number. Personal Data does not include information that does not identify a specific person.

This policy applies to Personal Data we collect:

when you visit or otherwise use our website wayaj.com or mobile application, and/or
when you interact with us through email, text and/or other electronic messages (collectively, the “Site”). This EEA Privacy Policy does not apply to other websites to which we may link, or to other companies or persons who might be listed as third-party contacts or suppliers on our Sites, or to whom we may refer you if you contact us.

Our goal is to maintain your trust and confidence when handling your Personal Data. The security of your Personal Data is our priority. We protect this information by maintaining physical, electronic and procedural safeguards that meet applicable law.

What This EEA Privacy Policy Covers

This EEA Privacy Policy describes the following general aspects of our collection and processing of Personal Data concerning you:

Personal Data We Collect
How We Process Your Personal Data
Children’s Information
Sharing of Personal Data with Third Parties
Technology Used in Collecting Personal Data
How we Use Automated Decision Making
What are Your Rights Related to Your Personal Data
Right to Lodge a Complaint
International Transfer of Your Information
Changes to EEA Privacy Policy
How We Protect Your Personal Data
How Long We Store Your Personal Data
How to Contact Us

1. Personal Data We Collect

We collect Personal Data and other types of information provided by you directly, indirectly, advertently and inadvertently (which may be obtained from emails, web forms or in other manners), including, without limitation, the following:

contact information;
personal identification information, including: name, date of birth, telephone number, email address and profile picture;
certain technical information, such as your: IP address, user ID, Username;
Favorites activities;
Favorite places/countries/destinations;
Visited destinations;
Reviews and ratings; and
Geolocation.

When you visit our Site, our servers may automatically collect your IP address, the name of the domain you used to access the Internet, the link that brought you to our Site and any links clicked within our Site.

When you use our chatbot, we collect the content of your submitted questions.

Certain information may also be automatically collected through third-party tools used on Wayaj’s Site, which collect information that may include your browser type and operating system; IP address and general geographic location; the date and time of your visit; the content viewed on our Site; and Site features accessed. Some of this information may be retained by us only during your visit to our Site, and some information may be gathered on an aggregated, pseudonymous basis.

We may also receive information contained in your social media accounts when you log in through your Facebook or Google account and, by doing so, you may give us access to certain of your account information, including your name, user ID, email address, birth date, gender, profile photo and public profile information.

2. How We Process Your Personal Data

In this section, we set out the purposes for which we use Personal Data that we collect and, in compliance with our obligations under the General Data Protection Regulation (“GDPR”), identify the legal bases on which we rely to process that Personal Data. These legal bases are set out in the GDPR. The GDPR allows companies to process personal data only when the processing is permitted under the following grounds:

Consent: where you have consented to our use of your Personal Data;
Contract performance: where your Personal Data is necessary to enter into or perform our contract with you;
Legal requirements: where we need to use your Personal Data to comply with our legal obligations;
Legitimate interests: where we use your Personal Data to achieve a legitimate interest and our reasons for using it outweigh any prejudice to your data protection rights;
Vital interests: where we use your Personal Data to protect the vital interests of you or of another natural person; and
Public interest: where we use your Personal Data as necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

Your Personal Data may be used for the following purposes on the following bases:

On the basis of fulfilling our contract with you:

We may process your Personal Data to evaluate and process client transactions, such as booking accommodation(s) at the destination you select; provide you with travel confirmations and updates regarding your trip; provide you with customer support; allow you to use our expense manager; allow you to calculate and manage your carbon footprint; and resolve disputes, collect fees, or troubleshoot problems.

If we did not process your Personal Data as described directly above, we could not provide the above services to you.

On the basis of fulfilling our legal requirements:

We may disclose Personal Data in order to comply with or respond to a request or requirement pursuant to law, regulation, or from a governmental or judicial body, or to help prevent fraud or for risk management purposes.

We may also use information collected for other legal purposes from time to time.

On the basis of our legitimate interests in the delivery of our products, services and communications to you as well as to our other customers and partners, and developing and growing our business, we process Personal Data in the following manner:

Information collected through third-party tools used on Wayaj’s Site may be used by us and our service providers, affiliates and business partners to measure the number of visits, average time spent, page views and other general statistics about the overall use of our Site, in order to monitor and improve Site performance, improve our products and services, and make the Site easier and more convenient to use.

We may use technology such as cookies and web beacons to process your Personal Data for the purpose of learning more about how people use our Site, including to measure the number of visits, average time spent, page views and other general statistics about the overall use of our Site, in order to monitor and improve Site performance, improve our products and services, and make the Site easier and more convenient to use.

The questions you submit to our chatbot may be processed to improve our chatbot’s ability to answer your questions effectively.

On the basis of our legitimate interest to protect our organization and our customers from cyber threats, we process Personal Data in the following manner:

Pursuant to Recital (49) of the GDPR, organizations have a recognized legitimate interest in collecting and processing Personal Data to the extent strictly necessary and proportionate for the purposes of ensuring network and information security. According to said Recital (49), network and information security means the ability of a network or of an information system to resist events, attacks or unlawful or malicious actions that could compromise the availability, authenticity, integrity and confidentiality of stored or transmitted data, or the security of the related services offered by, or accessible via those networks and systems. Therefore, we process your Personal Data to the extent necessary and proportionate for the purposes of detecting, blocking, reporting and mitigating cyber-threats.

On the basis that you have provided your consent to have your Personal Data processed, we process Personal Data in the following manner:

To send you promotional, advertising and other marketing materials or communications from us or our agents via email, facsimile, telephone or text message.

To provide you with recommendations through our chatbot.

You may revoke your consent at any time by contacting us, as provided below. Revoking your consent will prevent us from processing your information for the purposes in which we sought consent, but will not affect any other processing of information or the other services we provide to you. Revoking your consent will also not affect the lawfulness of our processing of your Personal Data for the period before you withdrew your consent.

On the basis of our legitimate interest of reorganizing or making changes to our business, we may process Personal Data in the following manner:

In the event that we: (i) are subject to negotiations for the sale of our business or part thereof to a third party; (ii) are sold to a third party; or (iii) undergo a re-organization, we may need to transfer some or all of your Personal Data to the relevant third party (or its advisors) as part of any due diligence process for the purpose of analyzing any proposed sale or re-organization. We may also need to transfer your Personal Data to that re-organized entity or third party after the sale or reorganization for them to use for the same purposes as set out in this policy.

3. Children’s Information

This Site is not directed to nor is it intended for individuals under the age of 16 and we do not knowingly solicit or collect information from children.

When you provide information to us, we may share your information with service providers we have retained to perform services on our behalf. These service providers will be given only the Personal Data needed to perform the tasks we request of them and they are not authorized by us to use or disclose your information except as necessary to perform services on our behalf or to comply with legal requirements. We have contracts in place holding these companies to the same standards of confidentiality by which we are governed.

As part of providing our services to you, we may direct you to the hotels or related booking sites, where you can provide your information or, when you book your reservation directly through our Site, we may provide and allow access to this information to the hotel or related booking site. The information you provide on these third-party sites, or have us provide on your behalf, is subject to those entities’ own privacy policies.

We may also share your information with our affiliates and business partners to fulfill your requests, service your account, improve our services, and to develop, inform you about and provide you with offers about our products, services and events, as well as those of our affiliates and business partners.

We may also disclose your information: (i) if we are required or permitted to do so by law or legal process; (ii) to law enforcement authorities; (iii) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation of suspected or actual illegal activity; (iv) in the event that all or part of Wayaj or all or part of its assets are acquired by, merged with, sold to or otherwise disposed of to one or more third parties; or (v) in the event of bankruptcy.

We may aggregate information that we gather about our customers and users of our Site, including traffic patterns and services, and provide these statistics to our service providers, affiliates and/or business partners in aggregate form. This aggregate information, however, is not personally identifiable.

Some of the content, functionality and services on our Site may be provided by third parties that are not affiliated with Wayaj. These types of entities may collect or receive certain information about your use of the Site, including through the use of cookies, web beacons, and similar technologies. These entities may collect this information over time, and combine it with other information collected from different websites and online services. Wayaj is not responsible for these third parties’ privacy practices, or for the accuracy of information obtained from these third parties when Wayaj does not provide these third-parties with your Personal Data, and/or these third-parties are not processing your Personal Data on behalf of Wayaj.

The following is a list of the third-parties, and their privacy policies, who we use to help provide some of the content, functionality and services on our Site:

a. Active Campaign. We use an email management service called Active Campaign to manage all newsletter email communications. Active Campaign’s privacy policy can be found at https://www.activecampaign.com/legal/privacy-policy.

b. Google Maps and Analytics. We use Google to display images of maps or interactive maps and to help us track and receive reports on website traffic, including:

- Remarketing with Google Analytics.
- Google Display Network Impression Reporting.
- Google Analytics Demographics and Interest Reporting.
- Integrated services that require Google Analytics to collect data for advertising purposes, including the collection of data via advertising cookies and identifiers.

In order to provide these features, Google may place cookies on your computer or otherwise use your local storage. Google will also collect various types of Personal Data directly from you for the personalization of ads. To better understand how Google might use your information please see Google’s privacy policy located here: https://policies.google.com/privacy.

You can opt-out of such use of your information by visiting and following the instructions provided by Google on the following page: https://tools.google.com/dlpage/gaoptout/.

c. Google APIs and Databases. We may use Google’s APIs and database services to process the information you submit through our chatbot. That information may be used in accordance with Google’s privacy policy, located at: https://policies.google.com/privacy, and to secure and to improve Google’s APIs and other Google products. Google may also use, host, store, modify, communicate, and publish the information in accordance with their privacy policy.

d. OneSignal. We use OneSignal to provide you with push notifications and advertisements on your mobile device. As part of providing this feature OneSignal may gather such information as your User ID and IP Address. They may also use such devices as pixel tags, cookies and local storage. To better understand the types of information OneSignal may gather and how they may use your information, please see their privacy policy located here: https://onesignal.com/privacy_policy

e. Taggun. When you submit a picture of a receipt through our Site, that receipt may be transferred to and processed by Taggun Limited. Taggun processes the receipt in order to convert the image into data that is readable by our system. As part of this transfer, any Personal Data contained in the receipt may be viewed and stored temporarily in Australia, the United States of America and New Zealand from time to time. By submitting a receipt through our Site, you consent to this transfer and storage of information in a region outside of the locale in which you are located.

f. Amazon. We use Amazon’s AI services to provide recommendations to you through our chatbot. When you communicate with us through our chatbot, your information is shared with Amazon. Amazon may be use your information to maintain and provide to us their AI service (including but not limited to developing and improving their AI service) and to develop and improve AWS and affiliate machine-learning and artificial-intelligence technologies. They may also use your information in accordance with their privacy policy located at: https://aws.amazon.com/privacy/.

Amazon may use and store the information you provide in regions outside of the country in which you are located. By submitting your information through our chatbot, you consent to Amazon transferring and storing your information in a region outside of the locale in which you are located.

g. When you make purchases through our Site, we process your payments through Third-Party service providers. The Third-Party service providers may collect certain financial information from you to process a payment on behalf of Wayaj, including your name, email address, address, credit card number, and other billing information. These Third-Party service providers may also provide such information to us. Since your information is provided directly to these service providers when you complete a transaction, you should review their privacy policies to see how your information will be handled. Here is a list of these providers and where to locate their privacy policies:

- Stripe, Inc.
  - https://stripe.com/privacy
- PayPal, Inc.
  - https://www.paypal.com/us/webapps/mpp/ua/privacy-full
  - https://www.braintreepayments.com/legal/payment-services-agreement
- Priceline.com LLC.
  - https://www.priceline.com/static-pages/privacy-policy.html

By your own actions, you may also be able to share Personal Data with third parties through our Site, such as when you:

a. Use Our Chat Feature. When you book a reservation, you may be able chat directly with the hotel or related booking entity. The information and materials you provide in this chat area will be sent to the hotel, or related booking entity, and will be subject to their privacy policy. We also maintain a copy of this information for the purposes of providing the chat functionality.

Wayaj does not otherwise sell, rent, lease or otherwise share your Personal Data with third parties for their own marketing purposes.

5. Technology Used in Collecting Personal Data

Wayaj and third parties that provide content, functionality and services on our Site use a variety of technologies to learn more about how people use the Site. These primarily include the following:

Cookies
In collecting information, we may utilize cookies – small text files used to store information about users on the users’ own computers – so that our Site can recognize you as the same user when you visit our Site, or affiliated sites, allow such features as logging into your account and recognize you on different parts of our Site. These are also placed in outbound marketing emails to track engagement. You can configure your Internet browser system to warn you each time a cookie is being sent or to refuse cookies completely. Refusing to allow cookies could impact the functionality of our Site. Cookies may be used to collect information about your browsing activities in order to provide you with more relevant content and promotional materials, on and off the Site, and to help us understand your interests and improve the Site.

Web beacons
We and our third-party partners may use web beacons, which is a technology that communicates information from your internet browser to a web server. Web beacons can be embedded in banners and links on vendor websites, videos or emails, and permit a web server to read certain types of information from your browser, check whether you have viewed a particular web page or email message, and determine, among other things, the time and date on which you viewed such content, the IP address of your computer, and the URL of the web page from which the web beacon was viewed. We and our partners use web beacons for a variety of purposes, including to analyze the use of our Site and in conjunction with cookies to improve the Site and provide you with more relevant promotional materials.

User analytics and social media
Wayaj utilizes Google Analytics for user analytics and we may also use social media (e.g., Twitter, LinkedIn, Facebook, YouTube, comments, requests and reviews) for purposes of information collection. Your use of social media sites is governed by the privacy policies of those sites.

Mobile Devices
When you connect to us using a mobile device or application, we may use tracking technologies, similar to cookies or web beacons, and other methods to customize your browsing experience. If you use location-enabled products, you may be sending us location information. We do not store or use this information other than to provide the services you requested. Location-enabled features are opt-in and you have control over your participation and can turn these services off at any time. Some mobile applications may utilize analytic tools to help us better serve our customers through improved products, services and revisions to the mobile applications. This collected information does not include personal information and will not directly provide your identity to us. It may, however, let us know pseudonymously which services and features you are using the most within the application, as well as device type and hardware features, country and language of download.

6. How we Use Automated Decision Making

We use automated decision making to provide you with destinations and/or promotions that suit your preferences. This mechanic analyzes your favorite activities and places/countries/destinations in order to help identify destinations you might be interested in.

You may revoke your consent to this automated processing at any time by contacting us, as provided below. Revoking your consent will prevent us from processing your information for the purposes in which we sought consent, but will not affect any other processing of information or the other services we provide to you. Revoking your consent will also not affect the lawfulness of our processing of your Personal Data for the period before you withdrew your consent.

7. What are Your Rights Related to Your Personal Data

You have the following rights in relation to your Personal Data:

to ask us to provide you with information regarding the Personal Data we process concerning you;
to rectify, update or complete inaccurate or incomplete Personal Data concerning you;
to delete or request the erasure of Personal Data concerning you that we no longer have a lawful ground to use;
in certain circumstances, to require us to restrict the way in which we process your Personal Data;
to withdraw any consent you may have given for us to process Personal Data concerning you;
to object to our processing of Personal Data concerning you on the basis of our, or of third-parties’, legitimate interests;
to obtain a copy of the Personal Data that you have provided to us.

Your exercise of these rights is subject to certain exemptions to safeguard the public interest (e.g. the prevention or detection of crime) and our interests (e.g. the maintenance of legal privilege). Where your exercise of any of the rights above is dependent on our action, we will abide by our legal obligation to take reasonable measures to ascertain your identity and the legitimacy of your request, and may ask you to disclose to us any information necessary for that purpose. We will respond to legitimate requests usually within a month of our receipt of the request. Pursuant to any such requests, we may retain certain data necessary to prevent fraud or future abuse or as otherwise required or permitted by law, including to comply with legal obligations we are subject to, as well as to establish, exercise and defend our legal claims.

Further, we will use reasonable means to ensure that the Personal Data you provided us remains accurate. In order to assist us with this, you should notify us of any changes to the Personal Data you have provided to us.

To exercise of any of the rights above that are dependent on our action, you may contact us by email at hello@wayaj.com or by regular mail at:

PO Box 621
Jericho, NY 11753

8. Right to Lodge a Complaint

The General Data Protection Regulation gives you the right to lodge a complaint with a supervisory authority, in particular in the European Union (or EEA) state where you work, normally live or where any alleged infringement of data protection laws occurred.

9. International Transfer of Your Information

Wayaj and its affiliates, service providers, and business partners, are domiciled in the United States and therefore, your Personal Data may be accessed by staff or other persons in, transferred to, and/or stored at, a destination outside the EEA in which data protection laws may be of a lower standard than in the EEA.

Where we transfer Personal Data from inside the EEA to outside the EEA, we may be required to take specific additional measures to safeguard the relevant Personal Data. Certain countries outside the EEA have been approved by the European Commission as providing essentially equivalent protections to EEA data protection laws and therefore no additional safeguards are required to export Personal Data to these jurisdictions. In countries which have not had these approvals (see the full list here http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.html), we will establish legal grounds justifying such transfer, such as EU Commission-approved model contractual clauses, or other legal grounds permitted by applicable legal requirements.

10. Changes to this EEA Privacy Policy

We reserve the right to modify or supplement this EEA Privacy Policy at any time. If we make any material change to the EEA Privacy Policy, we will notify you by email (sent to the email address you specified) and/or update this EEA Privacy Policy to include such changes. We recommend that you review this EEA Privacy Policy regularly for changes. The date of this EEA Privacy Policy, noted above, indicates the last time it was revised or materially changed. Checking the date allows you to determine whether there have been changes made since the last time you reviewed this EEA Privacy Policy. By continuing to use our Site after we make changes, you indicate your consent to each of those changes.

11. How we Protect Your Personal Data

Wayaj has established multiple avenues of protection to safeguard Personal Data. We use a variety of reasonable physical, technical, and administrative measures to safeguard information against loss. Our employees are only given access to files on an as-needed basis, thus limiting exposure of client information. Technologies and processes to protect Personal Data collected on our Site include firewalls, strict role-based file security, security for servers and workstations (with managed patching and managed antivirus), SSL certificates for secure remote access and encryption technology for transmission of Personal Data. Our computer systems utilize password protection to prevent access by unauthorized personnel, and we employ other physical, electronic and procedural safeguards to help protect your non-public Personal Data.

However, no security technology is completely secure. While we strive to protect the information that we maintain, due to the inherent nature of the Internet, we cannot (and do not) guarantee, and make no representation or warranty about, the security of any information that you transmit to us or which is stored by us.

Wayaj understands the importance of your privacy rights and takes their protection seriously. We recognize that you have placed your trust in us, and we strive to preserve that trust as a priority. Wayaj arranges for its employees to be educated on Wayaj’s privacy policies and procedures and, among other things, directs employees to adhere to Wayaj’s established guidelines. Wayaj will monitor the effectiveness of its privacy policies and procedures.

12. How Long We Store Your Personal Data

We shall store your Personal Data based on business needs and legal requirements. We retain your Personal Data for as long as is necessary for the processing purpose(s) for which the information was collected, and any other permissible, related purpose. For example, we may retain certain Personal Data to comply with regulatory requirements regarding the retention of such data. When Personal Data is no longer needed, we securely destroy the data.

13. How to Contact Us

You may contact us by email at hello@wayaj.com or by regular mail at: