We, Sayari LLC (“we”, “us“, “our“) have developed and operate a software-based solution designed specifically for travel agencies and tours operators to help them manage their day-to-day business, and operate a website available at: https://www.tripmatrix.com/ (“Website”). “You” may be a visitor to our Website, a registered partner, or an end-user of our software-based Services (“Services”).
- Who is responsible for Data Processing and how can you contact them?
- Personal Data.
- Types of Personal Data we collect.
- How we collect your Personal Data?
- How we use your Personal Data, Purposes and Legal Basis.
- Who may receive your Personal Data?
- International Personal Data Transfer.
- Personal Data Storage and Duration.
- Your rights regarding Data Privacy.
- Is there Automated Decision-Making or Profiling?
- Third-Party Links.
- Your complaints.
1. Who is responsible for Data Processing and how can you contact them?
Responsible for the data processing is:
Legal & Compliance Department
2810 N Church St PMB 48386,
Wilmington, DE 19802-4447,
United States of America
If you have any questions or suggestions regarding data protection, please feel free to contact us. You may reach us at:
2. Personal Data
The subject matter of data protection is your Personal Data. That is all the information that relates to you (as an identified or identifiable individual). This covers for example, information such as name, postal address, e-mail address, or telephone number as well as information that necessarily originates from the use of our Website, such as details about the start, end, and scope of use, and the communication of your IP address.
3. Types of Personal Data we collect
We collect and process various types of Personal Data:
- Identity data including your name, gender, date of birth, nationality, passport number, profile image;
- Contact data including your address, e-mail, phone number, fax, social media profiles (Facebook, Instagram, Twitter), your website, preferred salutation;
- Financial data including your IBAN, SWIFT;
- Transaction data related to the payment of the contracted service received from the payment gateway;
- Technical data including internet protocol (IP) address, your login data, browser type and version, access times;
- Usage data including information about your usage of our Website, Services, and activities including information retrieved from cookies;
- Marketing and communication data including travel inquiries and offers and your preference in receiving marketing from us and communicating with us.
4. How we collect your Personal Data?
There are two primary ways you may interact with us online, by visiting our Website and by using our Services. We may collect your personal data through any of the following methods:
- Direct interactions where you provide us with identity, profile, contact, financial and transaction data through completing documentation for us or communicating by phone, e-mail, post, via our Website or otherwise.
This includes personal data that is provided to us when you:
- access or use our Website or Services;
- register an account;
- subscribe to our Services;
- provide us with feedback;
- provide us with information through our web forms (including “Book a demo”, “Contact us”);
- otherwise contact us, or our registered partners in the course of our business.
2. Automated technology and data where you interact with our Website and/or Services, we automatically collect technical, usage and marketing or communications data. We collect this personal data using particular service providers, cookies and server logs/log files. This includes:
- Browser and Device information that is collected by most browsers or automatically through your device, such as your IP address, computer type, screen resolution, operating system name and version, device manufacturer and model, language, Internet browser type, and add-ons;
- Log Information that is automatically collected in system logs about how you interact with our Website, such as your online activity, search terms, pages you visit, date and time of access. This information is used to improve your experience on our Website and keep the Website free of bugs and errors;
3. Third parties or publicly available sources where your personal data is made available as follows:
- Technical data from advertising networks, search information providers and analytics providers (including Google Analytics);
- Contact, financial and transaction data from technical and payment services connected to our Services;
- Identity and contact data made available from public sources, law enforcement or government entities (as applicable);
- Identity and contact data from third-party applications where services require the import of information about users and their clients to fulfill activities and facilitate payments.
5. How we use your Personal Data, Purposes and Legal Basis
We use your Personal Data as permitted by applicable law. Sayari LLC is subject to the General Data Protection Regulation (EU) 2016/679 (GDPR) when processing personal data of data subjects located in the European Union. Under the GDPR we are the data processor and data controller for your Personal Data when you access and use our Website and Services.
If we process your Personal Data because you use our Services as a result of your relationship with a person or entity that we provide our Services to, we are not the data controller for that Personal Data. In this event, we act as a Data Processor by processing your Personal Data on behalf of our partner.
The provision of Personal Data by you may be required by law or contract or may be necessary for the conclusion of a contract. We will point it out separately if you are obliged to provide personal data and what possible consequences the non-supply would then have (e.g. our position not to provide the requested service without providing certain information).
In accordance with applicable law, we commonly process your Personal Data for various purposes based on a particular legal basis including:
- Performance of Contractual Obligations
We process your Personal Data if this is necessary for the performance of a contract to which you are a party or for the implementation of pre-contractual measures taken in response to your request. The purposes of processing include enabling the use of our specific Services. This also includes providing Services or access to our Website, facilitating interactions with you in respect of operating our business, processing payments, billing, or claims, responding to enquiries, requests and feedback technical assistance, maintaining technical and account history, Service updates, storing information at third-party data centers, assessing the performance of aspects of our business, conducting business processing functions, any other uses identified at the time of Personal Data collection, including necessary steps taken prior to entering a contract with you;
2. Compliance with Legal Obligation
We process your Personal Data to comply with legal obligations to which we are subject. These obligations may arise, for example, from commercial, tax, money laundering, financial or criminal law. The purposes of the processing result from the respective legal obligation; as a rule, the processing serves the purpose of complying with state control and information obligations.
3. Legitimate Interest
We also process your Personal Data to pursue our legitimate interests or those of third parties, unless your rights, which require the protection of your Personal Data, outweigh these interests. The processing to safeguard legitimate interests is carried out for the following purposes or to safeguard the following interests:
- Further development of our Services;
- Improvement of Service quality, elimination of errors and malfunctions;
- Handling of non-contractual inquiries and concerns;
- Ensuring legally compliant actions, prevention of and protection against legal violations (especially criminal offences), assertion of and defense against legal claims, internal and external compliance measures;
- Answering and evaluation of contact requests and feedback.
We process your Personal Data on the basis of corresponding consent. If you give your consent, it is always for a specific purpose; the purposes of processing are determined by the content of your declaration of consent. You can withdraw the consent granted to us at any time. Please note that the withdrawal of your consent will not affect the lawfulness of any processing carried out prior to the withdrawal. Upon your withdrawal of consent, we may not be able to provide certain services to you. We will notify you if this occurs at the time you withdraw your consent.
If we process your Personal Data for a purpose other than that for which the data was collected, beyond the scope of a corresponding consent or a mandatory legal basis, we will take into account, the compatibility of the original and the now pursued purpose, the nature of the Personal Data, the possible consequences of further processing for you and the guarantees for the protection of the Personal Data.
6. Who may receive your Personal Data?
Within Sayari LLC, only those persons who need your Personal Data for the respective purposes mentioned in this Policy will have access to it. Service providers and vicarious agents appointed by us can also receive access to data for the purposes given if they maintain confidentiality. These are companies in the categories of [banking services, IT services, logistics, printing services, telecommunications, collection, advice and consulting, and sales and marketing]. Your Personal Data will only be passed on to external recipients if we have legal permission to do so or have your consent. Below you may find an overview of the corresponding recipients:
- Commissioned processors: external service providers, for example in the areas of technical infrastructure, performance and maintenance as well as payment processing, which are carefully selected and reviewed. The processors may only use the data in accordance with our instructions.
- Public bodies: authorities and state institutions, such as tax authorities, public prosecutors’ offices or courts, to which we are required to transfer Personal Data.
7. International Personal Data Transfer
We may disclose your Personal Data internationally to third parties for the purposes for which we collect and use that information. Any such disclosure will be completed in accordance with a requisite degree of protection. If you are based in the European Economic Area (EEA), we will ensure at least one of the following safeguards is implemented:
- We will only transfer your Personal Data to countries that have been deemed to provide an adequate level of protection for your personal data by the decision of the European Commission;
- In case we shall transfer your data to any other country that is not subject to an adequacy decision, we will ensure that there is a legal basis and, where required, a reasonable safeguard for such data transfer to ensure your personal data is dealt with in a manner that is consistent with applicable laws and regulations on data protection under the GDPR.; or
- If we use particular service providers outside of the EEA, we may rely on contracts approved for use in the EEA that provide personal data with the same protection it holds in the EEA, especially standard data protection clauses adopted by the European Commission.
Please contact us if you would like to request a copy of the specific safeguards applied to export your information.
8. Personal Data Storage and Duration
We store your Personal Data, if there is legal permission to do so, only as long as necessary to achieve the intended purposes or as long as you have not revoked your consent. In the event of an objection to processing, we will erase your Personal Data, unless further processing is still permitted by law. We will also erase your Personal Data if we are obliged to do so for other legal reasons. Applying these general principles, we will usually erase your Personal Data immediately after the legal permission has ceased to apply and provided that no other legal basis (e.g. commercial and tax law retention periods) intervenes. If the latter applies, we will delete the data after the other legal basis has ceased to apply. We will also usually erase your Personal Data if we are no longer required to hold it for the purposes we pursue and no other legal basis intervenes, if the latter is the case, we will delete the data after the other legal basis has ceased to apply.
We may store your personal data in physical documents or in electronic form. Physical files are kept securely inside our access-controlled premises, while electronic files are only accessible through our secure network.
9. Your Rights
Under the GDPR and other applicable law, certain circumstances will give you the following rights in relation to your Personal Data:e used the information to complete performance or a contract with you.
- Right to access your Personal Data enables you to receive a copy of the Personal Data we hold about you and confirm that we are processing it in accordance with the law.
- Right to rectification of your Personal Data enables you to correct any incomplete or inaccurate data we hold, provided we can verify the accuracy of the new data provided by you. It is important that your Personal Data is accurate and current, therefore please keep us notified of changes to your personal data during your relationship with us.
- Right to erasure of your Personal Data enables you to ask us to erase or otherwise remove personal data where there is no valid reason for us continuing processing it. You also have the right to ask us to erase or remove your Personal Data where you have successfully objected to processing. Notwithstanding this, we may not always be able to comply with your request of erasure for legal reasons that we will notify you of, if applicable, at the time of your request for erasure.
- Right to objection to processing of your Personal Data in circumstances where we are relying on a legitimate interest (or a third party’s interest) and there is something about your situation which drives you to object to processing because you believe it impacts on your fundamental rights and freedoms. You may object to us processing your personal data for direct marketing purposes. In the event we demonstrate compelling legitimate interest to process your data, this may override your objection to processing.
- Right to restriction of the processing of your Personal Data enables you to ask us to suspend the processing of your Personal Data in the following situations:
- If our use of the personal data is unlawful, but you do not want us to delete it; or
- If you require us to hold the personal data, even if we no longer require it, because you need it to establish, exercise or defend legal claims; or
- If you have objected to our use of your personal data but we need to verify whether we have overriding legitimate interest to use it; or
- If you want us to establish the personal data’s accuracy.
6. Right to data portability of your Personal Data enables you to ask us to give you, or a third party you have elected, your Personal Data in a structured, commercially reasonable, machine-readable format. Please note that this right only applies to automated information which you initially provided consent for us to use, or where we used the information to complete performance or a contract with you.
10. Is there Automated Decision-Making or Profiling?
We do not carry out automated decision-making or profiling described under Article 22 GDPR. If we use this procedure in individual cases, we will inform you of this separately, as long as that is legally required.
11. Third-Party Links
Our website and services may include links to third-party websites, applications or plug-ins (including Facebook, LinkedIn, Instagram and Youtube). If you click on third-party links or enabling third-party connections, you consent to third-party collection or sharing of data about you.
13. Your Complaints
Please, contact us at:
Legal & Compliance Department,
2810 N Church St PMB 48386,
Wilmington, DE 19802-4447,
United States of America
E-mail address: email@example.com
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a competent supervisory authority, in particular, you can contact the supervisory authority responsible for your place of habitual residence, place of work or place of the alleged infringement if you believe that that the processing of your Personal Data infringes the applicable law.
Version 2, Last Updated: 23.02.2023.