ICONIC ADVENTURES, LLC
Last Updated: November 18, 2022
This Policy describes the types of information we may collect from you or that you may provide when you access or use the Company’s website located at https://iconicadventures.com/, along with any content or functionality offered on or through the website (the “Website”) and our practices for collecting, using, maintaining, protecting, and disclosing that information. In processing this information and providing our services, you understand and acknowledge we are acting as a data processor acting under instructions from you, who shall be considered a data controller with regard to such information (as such terms are defined under Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)).
This policy applies to information we collect:
- On the Website.
- In email, through our electronic forms and other electronic messages between you and the Company.
It does not apply to information collected by:
- Us offline (e.g., information you may provide us over text messages, telephone calls, postal mail, etc.), or through any other means, including on any other website operated by the Company or any third party (including our vendors and service providers).
- Any third party, including through any application or content that may link to or be accessible from or on the Website.
Please read this Policy carefully to understand our policies and practices regarding your information and how we will treat it. By accessing and using the Website and/or clicking “I Agree” or checking any box on the Website or any electronic form acknowledging your acceptance of the Policy, you expressly consent to the use and disclosure of your information as described in this Policy. If you do not agree with the terms set out in this Policy, your choice is not to access or use our Website.
The electronic forms that we may send you in connection with the provision of our services are hosted and provided by third-parties through their respective platforms. You should check the privacy and security policy statements of such third parties to understand the policies and practices of such third-parties, as we are not responsible for such policies and practices.
2. Children Under the Age of 16
Our Website is not intended for children under sixteen (16) years of age. No one under age sixteen (16) may provide any information to the Company. We do not knowingly collect Personal Information (as defined below) from children under sixteen (16). If you are under sixteen (16), do not use the Website or provide any information on the Website or through any of its features, or provide any information about yourself to us, including your name, address, telephone number, email address you may use. If we learn we have collected or received Personal Information from a child under sixteen (16), we will delete that information. In the event we must collect information of a child under the age of sixteen (16) (such as when you book a trip with us that includes individuals under the age of sixteen (16)), we will only collect Personal Information of such child under the age of sixteen (16) with his/her parent’s consent. If you are a parent of a child under the age of sixteen (16), you acknowledge and agree that you consent to our collection and use of the Personal Information of your child by providing us with such information. If you believe we might have accidentally collected information from or about a child under the age of sixteen (16), please contact us at email@example.com.
3. Collected Information
We collect several types of information from and about users of our Website through the Website, your communications with us, or electronic forms we may send you, including: (i) Information by which you may be personally identified (such as: name, date of birth, height, weight, passport number, driver’s license number, visa number (if required for a certain destination) postal address, e-mail address, telephone number, or any other identifier by which you may be contacted online or offline) or (ii) information which reveals relevant parts of your medical history, medication list, vaccination records, and dietary restrictions (collectively, “Personal Information“).
We collect this information directly from you when you provide it to us.
Information You Provide to Us
The information we collect on or through the Website, your communications with us, or our electronic forms may include:
- Information that you provide by filling in forms, and/or include in any communications with us. We may also ask you for information when you report a problem with our Website.
- Records and copies of your correspondence (including email addresses and/or phone numbers), if you contact us.
4. Use of Information
We use information that we collect about you or that you provide to us, including any Personal Information:
- To prepare the logistics and emergency plans for your trip that you book with us (e.g., hotel rooming lists, meal reservations, emergency contact information, medical and dietary lists, sizes for equipment for activities, etc.).
- To provide you with any other services that you request from us.
- To process your requests, provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses.
- To present our Website, and its contents to you.
- To fulfill any other purpose for which you provide it.
- To allow you to participate in interactive features of our Website.
- To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection.
- To detect, and protect us, our business partner and other third parties against negligence, fraud, and other illegal activities.
- To better understand your needs and improve our Website.
- To customize offerings to you that are in relation to the services you have requested.
- To help maintain the safety, security, and integrity of our Website, databases and other technology assets, and business.
We do not sell, rent, or trade any Personal Information that you provide to us through your use of our Website or electronic forms. We do not use the information you provide to make any automated decisions that might affect you.
If you do not want us to use your information in this way, please notify us by contacting us at firstname.lastname@example.org. Please note, if you restrict our ability to use your Personal Information, we may not be able to provide all of our services to you or fulfill certain requests for you.
Residents of the European Economic Area (“EEA”) may have additional personal information rights and choices. Please see EEA Privacy Rights for more information.
California residents may have additional personal information rights and choices. Please see California Privacy Rights for more information.
Nevada residents who wish to exercise their sale opt-out rights under Nevada Revised Statutes Chapter 603A may submit a request to email@example.com. However, please know we do not currently sell data triggering that statute’s opt-out requirements.
5. Sharing of Information
We may disclose aggregated information about our users, and information that does not identify any individual, without restriction.
We may disclose Personal Information that we collect or you provide as described in this Policy:
- To contractors, service providers, and other third parties we use to support our business.
- To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of the Company’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Information held by Company about our Websites users is among the assets transferred.
- To comply with any court order, law, or legal process, including to respond to any government or regulatory request.
- If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Company, our customers, or others.
- To fulfill the purpose for which you provide it.
- With your consent for any other purpose.
We do not reveal your Personal Information to third parties for their independent use, other than as described above. By using the Website, you consent to sharing of any information collected about you with our business partners for any business purpose, including without limitation providing access to our Website and improving our Website.
6. International Transfer of Your Information
Though your information is stored on our cloud server, in order to provide our services we may transfer your Personal Information to our third party service providers and partners that are located and operate outside the United States of America. These countries (including the United States of America) may have data protection laws that are different to the laws of your country (and, in some cases, may not be as protective). By providing instructions or requesting services that require us to transfer your Personal Information outside of your country or the EEA in order to provide you with our services, you acknowledge the risks inherent in such transfer (e.g., loss, theft, or interception of data) and consent to such transfers.
Where possible, we have taken appropriate safeguards to require that your information will remain protected in accordance with this Policy.
7. Legal Basis for Processing Personal Information
If you are a visitor from the EEA, our legal basis for collecting and using your Personal Information as described above will depend on the Personal Information concerned and the specific context in which we collect it.
Normally, we will collect information about you: (i) where we have your consent to do so; (ii) where we need the information to perform a contract with you; and/or (iii) where the processing is in our legitimate interest and not overridden by your rights. In some cases, we may also have a legal obligation to collect Personal Information from you.
If we ask you to provide Personal Information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your Personal Information is mandatory or not (as well as of the possible consequences if you do not provide your information).
If we collect and use your Personal Information relying on our legitimate interests, typically this interest will be to operate our websites and communicate with you as necessary to provide our services to you and for our legitimate commercial interests, for instance, when responding to your queries, improving our platform, or for the purpose of detecting or preventing illegal activities. We may have other legitimate interests, and if appropriate we will make clear to you at the relevant time what these legitimate interests are.
If you have any questions about or need further information concerning the legal basis on which we collect and use your Personal Information, please contact us using the contact details provided at bottom of this Policy.
8. Retention of Personal Information
We generally retain your Personal Information for a period of one (1) year after the completion of your trip for which you contracted with us (the “Retention Period“). If within the Retention Period you engage us to book another trip, we will continue to retain your Personal Information for a subsequent one (1)-year period from the completion of the subsequent trip. Notwithstanding the previous sentence, we may retain your information for longer periods in order to comply with applicable law, prevent fraud, resolve disputes, troubleshoot problems, assist with any investigation, enforce our rights under our agreements with you, for backup, audit or regulatory purposes, and for other actions permitted by law.
9. Data Security
We have implemented measures designed to secure your Personal Information from accidental loss and from unauthorized access, use, alteration, and disclosure. All information you provide to us is stored on our secure servers. Additionally, we restrict access to your Personal Information to those employees and third-party service providers who need to know that information to provide benefits or services to you.
Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your Personal Information, we cannot guarantee the security of your Personal Information. We are not responsible for circumvention of any privacy settings or security measures contained on the Website or our cloud servers.
We do not use any cookies on our Website.
This Policy may be revised from time to time as we add new features and Website, as laws change, and as industry privacy and security practices evolve. When we revise the Policy, we will post the new Policy on this page and change the date located at the top of the Policy. You are responsible for periodically visiting our Websites and this Policy to check for any changes.
Please contact us if you have any questions or concerns about our Policy. You are welcome to call our Customer Care Center at 877.706.4266 between 8:30 a.m. and 5:30 p.m. MST on weekdays to speak with a customer service representative. You may also contact us by e-mail at firstname.lastname@example.org.
Iconic Adventures, LLC, 495 Anglers Drive, Suite A-127 Steamboat Springs, CO 80487
Pursuant to California Civil Code Section 1789.3, California users are entitled to the following consumer rights notice: California residents may reach the Compliant Assistance Unit of the Division of Consumer Services for the California Department of Consumer Affairs by mail at 1625 North Market Blvd., Sacramento, CA 95834, or by telephone at (916) 445-1254 or (800) 952-5210.
13. EEA Privacy Rights
If you are a resident of the European Economic Area, you have the following data protection rights:
- You can ask us what information we hold about you and access your Personal Information, and you can ask us to correct, update and, in some cases, delete, the information.
- If we have asked for your consent to process your Personal Information, you may withdraw that consent at any time. In addition, you can object to processing of your Personal Information or ask us to restrict processing of your Personal Information.
- If we are processing your Personal Information with your consent or to fulfil a contract, you can ask us to give you a copy of your Personal Information in a machine-readable format so that you can transfer it to another provider. When technically feasible, we will, at your request, provide your Personal Information to you or transmit it directly to another data controller. Under certain circumstances, you can request that we cease processing your Personal Information. You have the right to ask us to stop using your Personal Information for a period of time if you believe we are not doing so lawfully.
- You may have a right to lodge a complaint about how we handle your Personal Information with the appropriate supervisory authority in the EU Member State where you reside or work, or where an alleged infringement involving your Personal Information occurred.
To submit a request regarding your Personal Information by email or post, please use the contact information provided in this Policy.
14. California Privacy Rights
This section supplements the Policy provisions above and applies solely to users who reside in the State of California. The California Consumer Privacy Act of 2018 (CCPA) and the California Privacy Rights Act (CPRA) provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA/CPRA rights and explains how to exercise those rights.
i. Right to Know and Data Portability
You have the right to request that we disclose certain information to you about our collection and use of your Personal Information (the “right to know”). Once we receive your request and confirm your identity (see Exercising Your California Rights), we will disclose to you:
- The categories of Personal Information we collected about you.
- The categories of sources for the Personal Information we collected about you.
- Our business or commercial purpose for collecting that Personal Information. We do not sell Personal Information.
- The categories of third parties with whom we share that Personal Information.
- If we sold or disclosed your Personal Information for a business purpose, two separate lists disclosing:
- sales, identifying the Personal Information categories that each category of recipient purchased; and
- disclosures for a business purpose, identifying the Personal Information categories that each category of recipient obtained.
- The specific pieces of Personal Information we collected about you (also called a data portability request).
ii. Right to Correct Inaccurate Information
You have the right to request that we correct any inaccurate Personal Information that we may have collected and maintain about you. Once we receive your request and confirm your identity (see Exercising Your California Rights), we will correct the Personal Information that we maintain about you.
iii. Right to Delete
You have the right to request that we delete any of your Personal Information that we collected from you and retained, subject to certain exceptions (the “right to delete”). Once we receive your request and confirm your identity (see Exercising Your California Rights), we will review your request to see if an exception allowing us to retain the information applies. We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
- Complete the transaction for which we collected the Personal Information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
We will delete or de-identify Personal Information not subject to one of these exceptions from our records and will direct our service providers to take similar action.
iv. Right to Limit Sharing of Sensitive Personal Information
Under the CCPA/CPRA certain Personal Information (such as: social security, driver’s license, state identification card, or passport number) is considered sensitive personal information (“Sensitive Personal Information”). You have the right to limit our use of your Sensitive Personal Information to that only what is necessary to perform the services. We only use and may share with certain trusted third parties the contents of your communications with us to provide you with our services, to fulfill any requests you have made, and/or otherwise permitted by CCPA/CPRA. If you would like to request that we stop sharing your Sensitive Personal Information with any third parties please see Right to Stop Sharing.
v. Right to Stop Sharing
You have the right to request that we stop sharing your Personal Information with any third party, even though we do not sell your Personal Information. Once we receive your request and confirm your identity (see Exercising Your California Rights), we will stop sharing your Personal Information with any third party, unless otherwise permitted by CCPA/CPRA. If you request we stop sharing your Personal Information with any third party, it may prevent us from providing you with our products and/or services.
vi. Exercising Your California Rights
To exercise your rights described above, please submit a request by:
Emailing us at email@example.com.
Only you, or someone legally authorized to act on your behalf, may make a request related to your Personal Information.
Your request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative thereof.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you.
We will only use Personal Information provided in the request to verify the requestor’s identity or authority to make it.
You may only submit a request to know twice within a 12-month period.
vii. Response Timing and Format
We will confirm receipt of your request within ten (10) business days. If you do not receive confirmation within the 10-day timeframe, please email us at firstname.lastname@example.org.
We endeavor to substantively respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to another 45 days), we will inform you of the reason and extension period in writing.
We will deliver our written response by mail or electronically, at your option.
If applicable, the response we provide will also explain the reasons we cannot comply with a request. For data portability requests, we will select a format to provide your Personal Information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
We will only use Personal Information provided in an opt-out request to review and comply with the request.
We will not discriminate against you for exercising any of your CCPA/CPRA rights. Unless permitted by the CCPA/CPRA, we will not:
- Deny you services.
- Charge you different prices or rates for services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of services.
- Suggest that you may receive a different price or rate for services or a different level or quality of services