Privacy Policy

 

We, Sayari LLC (“we“, “us“, “our“) have developed and operate a proprietary
software-based Platform designed for providers of tourism related services and other
interested customers to help them manage their day-to-day business, and operate a
website available at: https://www.tripmatrix.com/ (“Website“). “You” may be a visitor to
our Website, a registered partner, or an end-user of our software-based Services
(“Services“).

We appreciate your interest in our enterprise and are committed to protecting your
privacy. The purpose of this Privacy Policy is to inform you about the Personal Data we
collect through our main Website and through our Services that we provide, how we use
and share that Personal Data, your rights and choices, and how you can contact us
about our privacy practices. Your Personal Data will be processed exclusively in
accordance with the statutory provisions of data protection laws. By visiting our
Website, using our Services and submitting your Personal Data to us, you acknowledge
and consent to our use of Personal Data as set out in this Privacy Policy. In the event
we have processed your Personal Data prior to commencement of particular data
protection laws (or applicable privacy laws in your location), you consent to us
continuing to process your Personal Data pursuant to this Privacy Policy.

 

Privacy Policy Overview

  1. Who is responsible for Data Processing and how can you contact them?
  2. Personal Data
  3. Types of Personal Data we collect
  4. How we collect your Personal Data?
  5. How we use your Personal Data, Purposes and Legal Basis
  6. Who may receive your Personal Data?
  7. International Personal Data Transfer
  8. Personal Data Storage and Duration
  9. Your rights regarding Data Privacy
  10. Is there Automated Decision-Making or Profiling?
  11. Third-Party Links
  12. Changes to our Privacy Policy
  13. Your complaints

 

 

1. Who is responsible for Data Processing and how can you contact
them?

Responsible for the data processing is:

Sayari LLC,

Legal & Compliance Department

2810 N Church St PMB 48386,

Wilmington, DE 19802-4447,

United States of America

If you have any questions or suggestions regarding data protection, please feel free to
contact us. You may reach us at:

E-Mail: dataprotection@tripmatrix.com

Web: https://www.tripmatrix.com/

 

2. Personal Data

The subject matter of data protection is your Personal Data. That is all the information
that relates to you (as an identified or identifiable individual). This covers for example,
information such as name, postal address, e-mail address, or telephone number as well
as information that necessarily originates from the use of our Website, such as details
about the start, end, and scope of use, and the communication of your IP address.

 

3. Types of Personal Data we collect

We collect and process various types of Personal Data:

  1. Identity data including your name, gender, date of birth, nationality, passport
    number, profile image;
  2. Contact data including your address, e-mail, phone number, fax, social media
    profiles (Facebook, Instagram, Twitter), your website, preferred salutation;
  3. Financial data including your IBAN, SWIFT;
  4. Transaction data related to the payment of the contracted service received from
    the payment gateway;
  5. Technical data including internet protocol (IP) address, your login data, browser
    type and version, access times;
  6. Usage data including information about your usage of our Website, Services,
    and activities including information retrieved from cookies;
  7. Marketing and communication data including travel inquiries and offers and your
    preference in receiving marketing from us and communicating with us.

 

4. How we collect your Personal Data?

There are two primary ways you may interact with us online, by visiting our Website and
by using our Services. We may collect your personal data through any of the following
methods:

  1. Direct interactions where you provide us with identity, profile, contact, financial
    and transaction data through completing documentation for us or communicating
    by phone, e-mail, post, via our Website or otherwise.This includes personal data that is provided to us when you:
    1. access or use our Website or Services;
    2. register an account;
    3. subscribe to our Services;
    4. provide us with feedback;
    5. provide us with information through our web forms (including “Book a
      demo”, “Contact us”);
    6. otherwise contact us, or our registered partners in the course of our
      business.
  2. Automated technology and data where you interact with our Website and/or
    Services, we automatically collect technical, usage and marketing or
    communications data. We collect this personal data using particular service
    providers, cookies and server logs/log files. This includes:
    1. Browser and Device information that is collected by most browsers or
      automatically through your device, such as your IP address, computer
      type, screen resolution, operating system name and version, device
      manufacturer and model, language, Internet browser type, and add-ons;
    2. Log Information that is automatically collected in system logs about how
      you interact with our Website, such as your online activity, search terms,
      pages you visit, date and time of access. This information is used to
      improve your experience on our Website and keep the Website free of
      bugs and errors;
    3. Cookies and similar technologies which serve us to communicate with
      your end device and exchange stored information. Cookies are text files
      that are stored in a computer system via an Internet browser. Many
      Internet sites and servers use Cookies. Many Cookies contain a so-called
      Cookie ID which is a unique identifier of the Cookie. It consists of a
      character string through which Internet page accesses can be assigned to
      the specific Internet browser in which the cookie was stored. This allows
      visited Internet sites and servers to differentiate the individual browser of
      the data subject from other Internet browsers that contain other Cookies.
      A specific Internet browser can be recognized and identified using the
      unique Cookie ID. These Cookies are primarily used to make the functions of our online Services usable. Our Website uses the so-called third-party
      cookies. These cookies are provided by third party service providers
      (including Google Analytics, HubSpot and Youtube) and will be used to
      improve the performance and design of the Website. Insofar as we should
      also use Cookies to analyze the use of our online Services and to be able
      to target it to your interests and, if necessary, to provide you with interest-
      based content and advertisements, this is done exclusively on the basis of
      your voluntary consent. You may, at any time, prevent the setting of
      Cookies through our website by means of a corresponding setting of the
      Internet browser used, and may thus permanently deny the setting of
      Cookies. Already set cookies may also be deleted at any time via an
      Internet browser or other software programs.
  3. Third parties or publicly available sources where your personal data is made
    available as follows:
    1. Technical data from advertising networks, search information providers
      and analytics providers (including Google Analytics);
    2. Contact, financial and transaction data from technical and payment
      services connected to our Services;
    3. Identity and contact data made available from public sources, law
      enforcement or government entities (as applicable);
    4. Identity and contact data from third-party applications where services
      require the import of information about users and their clients to fulfill
      activities and facilitate payments.

 

5. How we use your Personal Data, Purposes and Legal Basis

We use your Personal Data as permitted by applicable law. Sayari LLC is subject to the
General Data Protection Regulation (EU) 2016/679 (GDPR) when processing personal
data of data subjects located in the European Union. Under the GDPR we are the data
processor and data controller for your Personal Data when you access and use our
Website and Services.

If we process your Personal Data because you use our Services as a result of your
relationship with a person or entity that we provide our Services to, we are not the data
controller for that Personal Data. In this event, we act as a Data Processor by
processing your Personal Data on behalf of our customer.

The provision of Personal Data by you may be required by law or contract or may be
necessary for the conclusion of a contract. We will point it out separately if you are
obliged to provide personal data and what possible consequences the non-supply would
then have (e.g., our position not to provide the requested service without providing
certain information).

In accordance with applicable law, we commonly process your Personal Data for
various purposes based on a particular legal basis including:

  1. Performance of Contractual Obligations
    We process your Personal Data if this is necessary for the performance of a
    contract to which you are a party or for the implementation of pre-contractual
    measures taken in response to your request. The purposes of processing include
    enabling the use of our specific Services. This also includes providing Services
    or access to our Website, facilitating interactions with you in respect of operating
    our business, processing payments, billing, or claims, responding to enquiries,
    requests and feedback technical assistance, maintaining technical and account
    history, Service updates, storing information at third-party data centers,
    assessing the performance of aspects of our business, conducting business
    processing functions, any other uses identified at the time of Personal Data
    collection, including necessary steps taken prior to entering a contract with you;
  2. Compliance with Legal Obligation
    We process your Personal Data to comply with legal obligations to which we are
    subject. These obligations may arise, for example, from commercial, tax, money
    laundering, financial or criminal law. The purposes of the processing result from
    the respective legal obligation; as a rule, the processing serves the purpose of
    complying with state control and information obligations.
  3. Legitimate Interest
    We also process your Personal Data to pursue our legitimate interests or those
    of third parties, unless your rights, which require the protection of your Personal
    Data, outweigh these interests. The processing to safeguard legitimate interests
    is carried out for the following purposes or to safeguard the following interests:
    1. Further development of our Services;
    2. Improvement of Service quality, elimination of errors and malfunctions;
    3. Handling of non-contractual inquiries and concerns;
    4. Ensuring legally compliant actions, prevention of and protection against legal
      violations (especially criminal offences), assertion of and defense against
      legal claims, internal and external compliance measures;
    5. Answering and evaluation of contact requests and feedback.
  4. Consent
    We process your Personal Data on the basis of corresponding consent. If you
    give your consent, it is always for a specific purpose; the purposes of processing
    are determined by the content of your declaration of consent. You can withdraw
    the consent granted to us at any time. Please note that the withdrawal of your
    consent will not affect the lawfulness of any processing carried out prior to the
    withdrawal. Upon your withdrawal of consent, we may not be able to provide
    certain services to you. We will notify you if this occurs at the time you withdraw
    your consent.

If we process your Personal Data for a purpose other than that for which the data was
collected, beyond the scope of a corresponding consent or a mandatory legal basis, we
will take into account, the compatibility of the original and the now pursued purpose, the
nature of the Personal Data, the possible consequences of further processing for you
and the guarantees for the protection of the Personal Data.

 

6. Who may receive your Personal Data?

Within Sayari LLC, only those persons who need your Personal Data for the respective
purposes mentioned in this Policy will have access to it. Service providers and vicarious
agents appointed by us can also receive access to data for the purposes given if they
maintain confidentiality. These are companies in the categories of [banking services, IT
services, logistics, printing services, telecommunications, collection, advice and
consulting, and sales and marketing]. Your Personal Data will only be passed on to
external recipients if we have legal permission to do so or have your consent. Below
you may find an overview of the corresponding recipients:

  1. Commissioned processors: external service providers, for example in the areas
    of technical infrastructure, performance and maintenance as well as payment
    processing, which are carefully selected and reviewed. The processors may only
    use the data in accordance with our instructions.
  2. Public bodies: authorities and state institutions, such as tax authorities, public
    prosecutors’ offices or courts, to which we are required to transfer Personal Data.

 

7. International Personal Data Transfer

We may disclose your Personal Data internationally to third parties for the purposes for
which we collect and use that information. Any such disclosure will be completed in
accordance with a requisite degree of protection. If you are based in the European
Economic Area (EEA), we will ensure at least one of the following safeguards is
implemented:

  1. We will only transfer your Personal Data to countries that have been deemed to
    provide an adequate level of protection for your personal data by the decision of
    the European Commission;
  2. In case we shall transfer your data to any other country that is not subject to an
    adequacy decision, we will ensure that there is a legal basis and, where required,
    a reasonable safeguard for such data transfer to ensure your personal data is
    dealt with in a manner that is consistent with applicable laws and regulations on
    data protection under the GDPR.; or
  3. If we use particular service providers outside of the EEA, we may rely on
    contracts approved for use in the EEA that provide personal data with the same
    protection it holds in the EEA, especially standard data protection clauses
    adopted by the European Commission.

Please contact us if you would like to request a copy of the specific safeguards applied
to export your information.

 

8. Personal Data Storage and Duration

We store your Personal Data, if there is legal permission to do so, only as long as
necessary to achieve the intended purposes or as long as you have not revoked your
consent. In the event of an objection to processing, we will erase your Personal Data,
unless further processing is still permitted by law. We will also erase your Personal Data
if we are obliged to do so for other legal reasons. Applying these general principles, we
will usually erase your Personal Data immediately after the legal permission has ceased
to apply and provided that no other legal basis (e.g. commercial and tax law retention
periods) intervenes. If the latter applies, we will delete the data after the other legal
basis has ceased to apply. We will also usually erase your Personal Data if we are no
longer required to hold it for the purposes we pursue and no other legal basis
intervenes, if the latter is the case, we will delete the data after the other legal basis has
ceased to apply.

We may store your personal data in physical documents or in electronic form. Physical
files are kept securely inside our access-controlled premises, while electronic files are
only accessible through our secure network.

 

9. Your Rights

Under the GDPR and other applicable law, certain circumstances will give you the
following rights in relation to your Personal Data:

  1. Right to access your Personal Data enables you to receive a copy of the
    Personal Data we hold about you and confirm that we are processing it in
    accordance with the law.
  2. Right to rectification of your Personal Data enables you to correct any
    incomplete or inaccurate data we hold, provided we can verify the accuracy of
    the new data provided by you. It is important that your Personal Data is accurate
    and current, therefore please keep us notified of changes to your personal data
    during your relationship with us.
  3. Right to erasure of your Personal Data enables you to ask us to erase or
    otherwise remove personal data where there is no valid reason for us continuing
    processing it. You also have the right to ask us to erase or remove your Personal
    Data where you have successfully objected to processing. Notwithstanding this,
    we may not always be able to comply with your request of erasure for legal
    reasons that we will notify you of, if applicable, at the time of your request for
    erasure.
  4. Right to objection to processing of your Personal Data in circumstances where
    we are relying on a legitimate interest (or a third party’s interest) and there is something about your situation which drives you to object to processing because
    you believe it impacts on your fundamental rights and freedoms. You may object
    to us processing your personal data for direct marketing purposes. In the event
    we demonstrate compelling legitimate interest to process your data, this may
    override your objection to processing.
  5. Right to restriction of the processing of your Personal Data enables you to ask
    us to suspend the processing of your Personal Data in the following situations:
    1. If our use of the personal data is unlawful, but you do not want us to
      delete it; or
    2. If you require us to hold the personal data, even if we no longer require it,
      because you need it to establish, exercise or defend legal claims; or
    3. If you have objected to our use of your personal data but we need to
      verify whether we have overriding legitimate interest to use it; or
    4. If you want us to establish the personal data’s accuracy.
  6. Right to data portability of your Personal Data enables you to ask us to give
    you, or a third party you have elected, your Personal Data in a structured,
    commercially reasonable, machine-readable format. Please note that this right
    only applies to automated information which you initially provided consent for us
    to use, or where we used the information to complete performance or a contract
    with you.

Please contact us using the listed contact details in this Privacy Policy if you choose to
exercise any of the rights listed above. We may require and request further information
to assist us in confirming your identity or clarifying your request.

 

10. Is there Automated Decision-Making or Profiling?

We do not carry out automated decision-making or profiling described under Article 22
GDPR. If we use this procedure in individual cases, we will inform you of this
separately, as long as that is legally required.

 

11. Third-Party Links

Our website and services may include links to third-party websites, applications or plug-
ins (including Facebook, LinkedIn, Instagram and Youtube). If you click on third-party
links or enabling third-party connections, you consent to third-party collection or sharing
of data about you.

We do not control third-party links and we are not responsible for the privacy statements
of third parties. When you are directed away from our website or services, we
encourage you to read the privacy policy of each third-party website you visit.

 

12. Supplemental Privacy Notice to California Residents

This Supplemental Privacy Notice supplements the information in our Privacy Policy
above, and except as provided herein, applies solely to California residents.

Types of Personal Information We Collect

If you are a California resident, California law requires us to provide you with some
additional information regarding how we collect, use, and disclose your “personal
information” and “sensitive personal information” (as defined in the California Consumer
Privacy Act (“CCPA”)).

Throughout our Privacy Policy, we describe the specific pieces of personal information
and sensitive personal information we collect, the sources of that information, and how
we disclose it. Under the CCPA, we also have to provide you with the “categories” of
personal information we collect and disclose for “business purposes” (as those terms
are defined by applicable law). Those categories are identifiers (such as name, address,
email address, phone number, other account information, and cookies); commercial
information (such as transaction data); financial data (such as credit card and other
financial account information); internet or other network or device activity (such as IP
address or service usage); geolocation information (general location); inference data
about you; sensory information (such as audio recordings if you call customer service);
professional or employment related data; education data; insurance (including health
insurance) information; medical information; physical characteristics or description;
legally protected classifications (such as gender); other information that identifies or can
be reasonably associated with you. The categories of sensitive personal information are
account log-in, financial account information, and password or other credentials allowing
access to your account.

We collect the categories of personal information identified above from the following
sources: (1) directly from you; (2) through your interaction with/use of our Website
and/or Services; (3) affiliates; and (4) third parties such as social networks.

We may collect and disclose the above categories of information for the purposes
described in our Privacy Policy. This includes the following business or commercial
purposes (as those terms are defined in applicable law):

•   Our operational purposes;

•   Auditing consumer interactions on our site;

•   Detecting, protecting against, and prosecuting security incidents and fraudulent
or illegal activity;

•   Bug detection and error reporting;

•   Customizing content that we or our service providers display on the Service;

•   Providing the Service (e.g., account servicing and maintenance, order processing
and fulfillment, customer service, advertising and marketing, analytics, and
communication about the     Service);

•   Improving the Service and developing new services (e.g., by conducting research
to develop new products or features);

•   Other uses that advance our commercial or economic interests, such as third
party advertising and communicating with you about relevant offers from third party
partners;

•   Other uses about which we notify you.

We may also use the above categories of personal information for compliance with
applicable laws and regulations, and we may combine the information we collect
(“aggregate”) or remove pieces of information (“de-identify”) to limit or prevent
identification of any particular user or device.

We describe our information disclosure practices in our Privacy Policy. We may disclose
certain categories of personal information with third parties (as defined by the CCPA) for
the business purposes described above. For example, we may disclose identifiers with
our marketing partners, and we may also disclose any of the categories described
above with our subsidiaries and affiliates. If you connect your account with social media
services or interact with social media plugins or links on the Service, we may disclose
identifiers, commercial information, internet or other network or device activity, or
general location with those social media services.

Consumer Rights

If you are a California resident, you may have certain rights. California law may permit
you to request that we:

•   Provide you the categories of personal information we have collected or
disclosed about you; the categories of sources of such information; the business or
commercial purpose for “collecting,” “selling,” or “sharing” your personal information; the
categories of third parties to whom we disclose or “sell,” or with whom we “share,”
personal information; and the categories of personal information we “sell.”

•   Provide access to and/or a copy of certain information we hold about you.

•   Delete certain information we have about you.

•   Correct inaccurate personal information that we maintain about you.

You may have the right to receive information about the financial incentives that we
offer to you (if any). You also have the right to not be discriminated against (as provided
for in applicable law) for exercising certain of your rights. Certain information may be
exempt from such requests under applicable law. We need certain types of information
so that we can provide the Service to you. If you ask us to delete it, you may no longer
be able to access or use the Service.

In instances where we process personal information on behalf of a person or entity that
we provide our Services to, rights requests should be directed to the our
partner/customer. Any request sent directly to us that pertains to information collected
on behalf of a customer will be forwarded on to that customer.

If you would like to exercise any of these rights, you can submit a request at
dataprotection@tripmatrix.com, and call +385 1 8000 950. You will be required to
verify your identity before we fulfill your request. To do so, you will need to provide
information to match with our existing records to verify your identity, depending on the
nature of the request and the sensitivity of the information sought. You can also
designate an authorized agent to make a request on your behalf. To do so, you must
provide us with written authorization or a power of attorney, signed by you, for the agent
to act on your behalf. You will still need to verify your identity directly with us.

“Sale” of Personal Information

California residents may opt out of the “sale” of their personal information. The CCPA
broadly defines “sale” in a way that may include allowing third parties to receive certain
information such as cookie identifiers, IP addresses and/or browsing behavior to add to
a profile about your device, browser or you. Such profiles may enable delivery of
interest-based advertising by such third parties within their platform or on other sites.

We do not sell your personal information.

“Sharing” of Personal Information

California residents may opt out of the “sharing” of their personal information. The
CCPA defines “sharing” as the targeting of advertising to a consumer based on that
consumer’s personal information obtained from the consumer’s activity across websites.
We “share” information for these purposes to provide more relevant and tailored
advertising to you regarding our Service. As part of this advertising, we may “share”
identifiers (such as IP address, device identifiers, and cookies) and internet and device
activity with advertising platforms and advertising networks. To opt out of such
“sharing,” please submit a request to dataprotection@tripmatrix.com.

Children Under 16

We do not knowingly “sell” or “share” the personal information of children under 16.

Sensitive Personal Information

The CCPA also allows you to limit the use or disclosure of your “sensitive personal
information” (as defined in the CCPA) if your sensitive personal information is used for
certain purposes. Please note that we do not use or disclose sensitive personal
information other than for purposes for which you cannot opt out under the CCPA.

Retention of Your Personal Information

Please see the ” Personal Data Storage and Duration” section above.

California Shine the Light

We do not disclose personal information to third parties for their direct marketing
purposes.

 

13. Changes to our Privacy Policy

Our Privacy Policy is current to the date indicated at the top of the front page: “Version
Last Updated ”. We reserve the right to update this Privacy Policy, from time to time, and
provide the most recently updated version on the Website for you.

If we make any significant changes to this Privacy Policy, we will publish a notice on our
Website, and notify you as required by applicable law.

Any changes will become effective when we post the revised Privacy Policy.

 

14. Your Complaints

Complaints about our Privacy Policy or our collection, processing, use, disposal, or
erasure of your Personal Data should first be directed to us at the contact details set out
below. We will promptly investigate and attempt to resolve your complaint.

Please, contact us at:

Sayari LLC

Legal & Compliance Department,

2810 N Church St PMB 48386,

Wilmington, DE 19802-4447,

United States of America

E-mail address: dataprotection@tripmatrix.com

Without prejudice to any other administrative or judicial remedy, you have the right to
lodge a complaint with a competent supervisory authority, in particular, you can contact the supervisory authority responsible for your place of habitual residence, place of work
or place of the alleged infringement if you believe that that the processing of your
Personal Data infringes the applicable law.

 

Version 3, Last Updated: 07/04/2023