Last Updated: 09/23/2019
Effective Date: 09/23/2019
European Economic Area (“EEA”) Privacy Policy
This privacy policy (“EEA Privacy Policy”) describes the ways Isokan Collective (collectively, “we” or “us” or “Isokan”) collects, stores, uses, discloses, and protects Personal Data received from persons in the EEA. We use the term “Personal Data” to describe any information relating to an identified or identifiable individual from persons in the EEA, and it may include name, address, email address, phone number, login (account number, password), marketing preferences, social media account, social security number, country identification number, or payment card number. Personal Data does not include information that does not identify a specific person.
This policy applies to Personal Data we collect:
- When you visit or otherwise use our website wayaj.com or mobile application.
- When you interact with us through email, text and/or other electronic messages.
(collectively, the “Site”) This Privacy Policy does not apply to other websites to which we may link, or to other companies or persons who might be listed as third-party contacts or suppliers on our Sites, or to whom we may refer you if you contact us.
Our goal is to maintain your trust and confidence when handling your Personal Data. The security of your personal information is our priority. We protect this information by maintaining physical, electronic and procedural safeguards that meet applicable law.
What This EEA Privacy Policy Covers
This EEA Privacy Policy describes the following general aspects of our collection and processing of Personal Data concerning you:
2. How We Process Your Personal Data
4. Sharing of Personal Data with Third Parties
5. Technology Used in Collecting Personal Data
6. How we Use Automated Decision Making
7. What are Your Rights Related to Your Personal Data
9. International Transfer of Your Information
10. Changes to EEA Privacy Policy
11. How we Protect Your Personal Data
12. How Long We Store Your Personal Data
1. Personal Data We Collect
We collect Personal Data and other types of information provided by you directly, indirectly, advertently and inadvertently (which may be obtained from emails, web forms or in other manners), including, without limitation, the following:
- contact information;
- personal identification information, including: name, date of birth, telephone number, email address and profile picture;
- certain technical information, such as your: IP address, User ID, Username;
- Favorites activities;
- Favorite Places/countries/destinations;
- Visited destinations;
- Reviews and ratings; and
- Geolocation.
When you visit our Site, our servers may automatically collect your IP address, the name of the domain you used to access the Internet, the link that brought you to our Site and any links clicked within our Site.
When you use our chatbot, we collect the content of your submitted questions.
Certain information may also be automatically collected through third-party tools used on Isokan’s Site, which collect information that may include your browser type and operating system; IP address and general geographic location; the date and time of your visit; the content viewed on our Site; and Site features accessed. Some of this information may be retained by us only during your visit to our Site, and some information may be gathered on an aggregated, pseudonymous basis.
We may also receive information contained in your social media accounts when you log in through your Facebook or Google account and, by doing so, you may give us access to certain of your account information, including your name, user ID, email address, birth date, gender, profile photo and public profile information.
2. How We Process Your Personal Data
In this section, we set out the purposes for which we use Personal Data that we collect and, in compliance with our obligations under the General Data Protection Regulation (“GDPR”), identify the legal bases on which we rely to process that Personal Data. These legal bases are set out in the GDPR. The GDPR allows companies to process personal data only when the processing is permitted under the following grounds:
- Consent: where you have consented to our use of your Personal Data;
- Contract performance: where your Personal Data is necessary to enter into or perform our contract with you;
- Legal requirements: where we need to use your Personal Data to comply with our legal obligations;
- Legitimate interests: where we use your Personal Data to achieve a legitimate interest and our reasons for using it outweigh any prejudice to your data protection rights;
- Vital interests: where we use your Personal Data to protect the vital interests of you or of another natural person; and
- Public interest: where we use your Personal Data as necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
Your Personal Data may be used for the following purposes on the following bases:
On the bases of fulfilling our contract with you:
We may process your Personal Data to evaluate and process client transactions, such as booking accommodation(s) at the destination you select; provide you with travel confirmations and updates regarding your trip; provide you with customer support; and resolve disputes, collect fees, or troubleshoot problems.
If we did not process your Personal Data as described directly above, we could not provide the above services to you.
On the basis of fulfilling our legal requirements:
We may disclose Personal Data in order to comply with or respond to a request or requirement pursuant to law, regulation, or from a governmental or judicial body, or to help prevent fraud or for risk management purposes.
We may also use information collected for other legal purposes from time to time.
On the basis of our legitimate interests in the delivery of our products, services and communications to you as well as to our other customers and partners, and developing and growing our business, we process Personal Data in the following manner:
Information collected through third-party tools used on Isokan’s Site may be used by us and our service providers, affiliates and business partners to measure the number of visits, average time spent, page views and other general statistics about the overall use of our Site, in order to monitor and improve Site performance, improve our products and services, and make the Site easier and more convenient to use.
We may use technology such as cookies and web beacons to process your Personal Data for the purpose of learning more about how people use our site, including to measure the number of visits, average time spent, page views and other general statistics about the overall use of our Site, in order to monitor and improve Site performance, improve our products and services, and make the Site easier and more convenient to use.
The questions you submit to our chatbot may be processed to improve our chatbot’s ability to answer your questions effectively.
On the basis of our legitimate interest to protect our organization and our customers from cyber threats, we process Personal Data in the following manner:
Pursuant to Recital (49) of the GDPR, organizations have a recognized legitimate interest in collecting and processing Personal Data to the extent strictly necessary and proportionate for the purposes of ensuring network and information security. According to said Recital (49), network and information security means the ability of a network or of an information system to resist events, attacks or unlawful or malicious actions that could compromise the availability, authenticity, integrity and confidentiality of stored or transmitted data, or the security of the related services offered by, or accessible via those networks and systems. Therefore, we process your Personal Data to the extent necessary and proportionate for the purposes of detecting, blocking, reporting and mitigating cyber-threats.
On the basis that you have provided your consent to have your Personal Data processed, we process Personal Data in the following manner:
To send you promotional, advertising and other marketing materials or communications from us or our agents via email, telephone or text message.
You may revoke your consent at any time by contacting us, as provided below. Revoking your consent will prevent us from processing your information for the purposes in which we sought consent, but will not affect any other processing of information or the other services we provide to you. Revoking your consent will also not affect the lawfulness of our processing of your Personal Data for the period before you withdrew your consent.
On the basis of our legitimate interest of reorganizing or making changes to our business, we may process Personal Data in the following manner:
In the event that we: (i) are subject to negotiations for the sale of our business or part thereof to a third party; (ii) are sold to a third party; or (iii) undergo a re-organization, we may need to transfer some or all of your Personal Data to the relevant third party (or its advisors) as part of any due diligence process for the purpose of analyzing any proposed sale or re-organization. We may also need to transfer your Personal Data to that re-organized entity or third party after the sale or reorganization for them to use for the same purposes as set out in this policy.
3. Children’s Information
This Site is not directed to nor is it intended for individuals under the age of 16 and we do not knowingly solicit or collect information from children.
When you provide information to us, we may share your information with service providers we have retained to perform services on our behalf. These service providers will be given only the Personal Data needed to perform the tasks we request of them and they are not authorized by us to use or disclose your information except as necessary to perform services on our behalf or to comply with legal requirements. We have contracts in place holding these companies to the same standards of confidentiality by which we are governed.
As part of providing our services to you, we may direct you to the hotels, or related booking sites, where you can provide your information to book the reservation you requested. The information you provide on these third-party sites is subject to their own privacy policies.
We may also share your information with our affiliates and business partners to fulfill your requests, service your account, improve our services, and to develop, inform you about and provide you with offers about our products, services and events, as well as those of our affiliates and business partners.
We may also disclose your information: (i) if we are required or permitted to do so by law or legal process; (ii) to law enforcement authorities; (iii) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation of suspected or actual illegal activity; (iv) in the event that all or part of Isokan or all or part of its assets are acquired by, merged with, sold to or otherwise disposed of to one or more third parties; or (v) in the event of bankruptcy.
We may aggregate information that we gather about our customers and users of our site, including traffic patterns and services, and provide these statistics to our service providers, affiliates and/or business partners in aggregate form. This aggregate information, however, is not personally identifiable.
Some of the content, functionality and services on our Site may be provided by third parties that are not affiliated with Isokan. These types of entities may collect or receive certain information about your use of the Site, including through the use of cookies, web beacons, and similar technologies. These entities may collect this information over time, and combine it with other information collected from different websites and online services. Isokan is not responsible for these third parties’ privacy practices, or for the accuracy of information obtained from these third parties when Isokan does not provide these third-parties with your Personal Data, and/or these third-parties are not processing your Personal Data on behalf of Isokan.
The following is a list of the third-parties, and their privacy policies, who we use to help provide some of the content, functionality and services on our Site:
- Mailchimp. We use an email management service called mailchimp to manage all newsletter email communications. Mailchimp’s Privacy Policy can be found at http://mailchimp.com/legal/privacy/.
- Google Maps and Analytics. We use Google to display images of maps or interactive maps and to help us track and receive reports on website traffic, including:
- Remarketing with Google Analytics.
- Google Display Network Impression Reporting.
- Google Analytics Demographics and Interest Reporting.
- Integrated services that require Google Analytics to collect data for advertising purposes, including the collection of data via advertising cookies and identifiers.
In order to provide these features, Google may place cookies on your computer or otherwise use your local storage. Google will also collect various types of Personal Data directly from you for the personalization of ads. To better understand how Google might use your information please see Google’s Privacy Policy located here: https://policies.google.com/privacy.
You can opt-out of such use of your information by visiting and following the instructions provided by Google on the following page: https://tools.google.com/dlpage/gaoptout/.
- OneSignal. We use OneSignal to provide you with push notifications and advertisements on your mobile device. As part of providing this feature OneSignal may gather such information as your User ID and IP Address. They may also use such devices as pixel tags, cookies and local storage. To better understand the types of information OneSignal may gather and how they may use your information, please see their privacy policy located here: https://onesignal.com/privacy_policy
When you make purchases through our Site, we process your payments through Third-Party service providers. The Third-Party service providers may collect certain financial information from you to process a payment on behalf of Isokan, including your name, email address, address, credit card number, and other billing information. These Third-Party service providers may also provide such information to us. Since your information is provided directly to these service providers when you complete a transaction, you should review their privacy policies to see how your information will be handled. A list of these providers and their privacy policies are as follows:
- Stripe, Inc. Stripe’s Privacy Policy can be found here: https://stripe.com/privacy
- PayPal, Inc. PayPal’s Privacy Policy can be found here:
https://www.paypal.com/us/webapps/mpp/ua/privacy-full
- Priceline.com LLC. Priceline’s privacy policy can be found here:
https://www.priceline.com/static-pages/privacy-policy.html
Isokan does not sell, rent, lease or otherwise share your personal information with third parties for their own marketing purposes.
5. Technology Used in Collecting Personal Data
Isokan and third parties that provide content, functionality and services on our Site use a variety of technologies to learn more about how people use the Site. These primarily include the following:
Cookies
In collecting information, we may utilize cookies – small text files used to store information about users on the users’ own computers – so that our Site can recognize you as the same user when you visit our Site, or affiliated sites, allow such features as logging into your account and recognize you on different parts of our Site. These are also placed in outbound marketing emails to track engagement. You can configure your Internet browser system to warn you each time a cookie is being sent or to refuse cookies completely. Refusing to allow cookies could impact the functionality of our Site. Cookies may be used to collect information about your browsing activities in order to provide you with more relevant content and promotional materials, on and off the Site, and to help us understand your interests and improve the Site.
Web beacons
We and our third-party partners may use web beacons, which is a technology that communicates information from your internet browser to a web server. Web beacons can be embedded in banners and links on vendor websites, videos or emails, and permit a web server to read certain types of information from your browser, check whether you have viewed a particular web page or email message, and determine, among other things, the time and date on which you viewed such content, the IP address of your computer, and the URL of the web page from which the web beacon was viewed. We and our partners use web beacons for a variety of purposes, including to analyze the use of our Site and in conjunction with cookies to improve the Site and provide you with more relevant promotional materials.
User analytics and social media
Isokan utilizes Google Analytics for user analytics and we may also use social media (e.g., Twitter, LinkedIn, Facebook, YouTube, comments, requests and reviews) for purposes of information collection. Your use of social media sites is governed by the privacy policies of those sites.
Mobile Devices
When you connect to us using a mobile device or application, we may use cookies or web beacons and other methods to customize your browsing experience. If you use location-enabled products, you may be sending us location information. We do not store or use this information other than to provide the services you requested. Location-enabled features are opt-in and you have control over your participation and can turn these services off at any time. Some mobile applications may utilize analytic tools to help us better serve our customers through improved products, services and revisions to the mobile applications. This collected information does not include personal information and will not directly provide your identity to us. It may, however, let us know pseudonymously which services and features you are using the most within the application, as well as device type and hardware features, country and language of download.
6. How we Use Automated Decision Making
We use automated decision making to provide you with destinations and/or promotions that suit your preferences. This mechanic analyzes your favorite activities and places/countries/destinations in order to help identify destinations you might be interested in.
You may revoke your consent to this automated processing at any time by contacting us, as provided below. Revoking your consent will prevent us from processing your information for the purposes in which we sought consent, but will not affect any other processing of information or the other services we provide to you. Revoking your consent will also not affect the lawfulness of our processing of your Personal Data for the period before you withdrew your consent.
7. What are Your Rights Related to Your Personal Data
You have the following rights in relation to your Personal Data:
- to ask us to provide you with information regarding the Personal Data we process concerning you;
- to rectify, update or complete inaccurate or incomplete Personal Data concerning you;
- to delete or request the erasure of Personal Data concerning you that we no longer have a lawful ground to use;
- in certain circumstances, to require us to restrict the way in which we process your Personal Data;
- to withdraw any consent you may have given for us to process Personal Data concerning you;
- to object to our processing of Personal Data concerning you on the basis of our, or of third-parties’, legitimate interests;
- to obtain a copy of the Personal Data that you have provided to us.
Your exercise of these rights is subject to certain exemptions to safeguard the public interest (e.g. the prevention or detection of crime) and our interests (e.g. the maintenance of legal privilege). Where your exercise of any of the rights above is dependent on our action, we will abide by our legal obligation to take reasonable measures to ascertain your identity and the legitimacy of your request, and may ask you to disclose to us any information necessary for that purpose. We will respond to legitimate requests usually within a month of our receipt of the request. Pursuant to any such requests, we may retain certain data necessary to prevent fraud or future abuse or as otherwise required or permitted by law, including to comply with legal obligations we are subject to, as well as to establish, exercise and defend our legal claims.
Further, we will use reasonable means to ensure that the Personal Data you provided us remains accurate. In order to assist us with this, you should notify us of any changes to the Personal Data you have provided to us.
To exercise of any of the rights above that are dependent on our action, you may contact us by email at hello@wayaj.com or
PO Box 365, Jericho NY 11753
8. Right to Lodge a Complaint
The General Data Protection Regulation gives you the right to lodge a complaint with a supervisory authority, in particular in the European Union (or EEA) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or telephone: 0303 123 1113.
9. International Transfer of Your Information
Isokan and its affiliates, service providers, and business partners, are domiciled in the United States and therefore, your Personal Data may be accessed by staff or other persons in, transferred to, and/or stored at, a destination outside the EEA in which data protection laws may be of a lower standard than in the EEA.
Where we transfer Personal Data from inside the EEA to outside the EEA, we may be required to take specific additional measures to safeguard the relevant Personal Data. Certain countries outside the EEA have been approved by the European Commission as providing essentially equivalent protections to EEA data protection laws and therefore no additional safeguards are required to export Personal Data to these jurisdictions. In countries which have not had these approvals (see the full list here http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.htm), we will establish legal grounds justifying such transfer, such as EU Commission-approved model contractual clauses, or other legal grounds permitted by applicable legal requirements.
10. Changes to this EEA Privacy Policy
We reserve the right to modify or supplement this EEA Privacy Policy at any time. If we make any material change to the EEA Privacy Policy, we will notify you by email (sent to the e-mail address you specified) and/or update this EEA Privacy Policy to include such changes. We recommend that you review this EEA Privacy Policy regularly for changes. The date of this EEA Privacy Policy, noted above, indicates the last time it was revised or materially changed. Checking the date allows you to determine whether there have been changes made since the last time you reviewed this EEA Privacy Policy. By continuing to use our Site after we make changes, you indicate your consent to each of those changes.
11. How we Protect Your Personal Data
Isokan has established multiple avenues of protection to safeguard Personal Data. We use a variety of reasonable physical, technical, and administrative measures to safeguard information against loss. Our employees are only given access to files on an as-needed basis, thus limiting exposure of client information. Technologies and processes to protect Personal Data collected on our Site include firewalls, strict role-based file security, security for servers and workstations (with managed patching and managed antivirus), SSL certificates for secure remote access and encryption technology for transmission of Personal Data. Our computer systems utilize password protection to prevent access by unauthorized personnel, and we employ other physical, electronic and procedural safeguards to help protect your non-public Personal Data.
However, no security technology is completely secure, and you should remember that email is not a secure means of communication. While we strive to protect the information that we maintain, due to the inherent nature of the Internet, we cannot (and do not) guarantee, and make no representation or warranty about, the security of any information that you transmit to us or which is stored by us.
Isokan understands the importance of your privacy rights and takes their protection seriously. We recognize that you have placed your trust in us, and we strive to preserve that trust as a priority. Isokan arranges for its employees to be educated on Isokan’s privacy policies and procedures and, among other things, directs employees to adhere to Isokan’s established guidelines. Isokan will monitor the effectiveness of its privacy policies and procedures.
12. How Long We Store Your Personal Data
We shall store your Personal Data based on business needs and legal requirements. We retain your Personal Data for as long as is necessary for the processing purpose(s) for which the information was collected, and any other permissible, related purpose. For example, we may retain certain Personal Data to comply with regulatory requirements regarding the retention of such data. When Personal Data is no longer needed, we securely destroy the data.
13. How to Contact Us
You may contact us by email at hello@wayaj.com or: