Privacy Policy – International Sports Travel Agencies Association (ISTAA)

General

This Privacy Policy applies to our website available at https://www.istaa.org (the “Website“) where we, International Sports Travel Agencies Association (“ISTAA”), c/o Libra Law SA – Maison du Sport International, Avenue de Rhodanie 54, 1007 Lausanne, Switzerland, collect certain personal information.

Please take your time to read this Privacy Policy as it contains important information to help you understand how we process your personal information that you give to us or that we collect otherwise in the context of the Website (“Personal Data”’). When processing your Personal Data ISTAA is the controller of the Personal Data collected and processed.

We respect your privacy, and we are committed to keeping your Personal Data secure and managing it in accordance with our legal responsibilities under applicable data protection laws and Personal Data protection best practices and recommendations.

What Personal Data We Collect and How We Use your Personal Data

You can use the majority of our Website without being required to provide any Personal Data to us. For membership application and registration, you need to provide Personal Data to us for us to be able to process your application or to contact you with other information relevant to your membership. Requested information on the Website marked with an asterisk is mandatory. If you do not provide the requested information, we will not be able to process your membership application.

We have specified the Personal Data we collect, the purposes for which we use the Personal Data and how long we will generally retain your Personal Data:

Registration and creating an account on our Website.

Before you make membership application, you will be asked to complete questionnaire on our Website and provide us with a name of contact person, e-mail address and telephone number. Also, we need general information about your Company / Organization in order to process your membership application and create your account.

Creating an account is necessary for accessing the members’ area on our Website and benefit from your ISTAA membership. We will retain your account details including your Personal Data for as long as you are ISTAA member in accordance with Statutes of the International Sports Travel Agencies Association (ISTAA).

You can manage the information in your account yourself in the members’ area on our Website.

If you don’t use your account actively we can delete your account after 2 years of inactivity. Before deletion, we will send you an email reminder or other appropriate notice.

Claims and suggestions

Members can send claims, reports and suggestions via the form on our Website. The form itself doesn’t require any Personal Data to be processed.

If you enter any Personal Data to the form anyway it will only be used to address your claim, report or suggestion. We register your claims, reports, suggestions and our responses and other actions taken to handle your request.

We will retain all information regarding claims or complaints that are being evaluated by the Conflict Resolution Committee as long as you are ISTAA member. When your membership ends we will delete or anonymize any Personal Data, but we will keep information regarding your claim or complaint for the Conflict Resolution Committee archive.

Sending newsletters or other marketing information.

If you have subscribed for the newsletter, we use the email address you have provided to send you our newsletter or other marketing information. Your email will be added automatically to our database. If you no longer wish to receive any newsletters or other marketing information from us, you can unsubscribe at any time by using the unsubscribe function in each email message or you can contact us at info@istaa.org

You can always opt-out of receiving our newsletter or other marketing information and you can always object to our use of your Personal Data for direct marketing purposes (for more information on how to do this, read the paragraphs below regarding your rights).

Information about your visit to and use of our Website.

We can collect certain information when you visit our Website, such as your IP address, which web pages you visit, the name of your computer, and type of internet browser, clicks and views. The information about your use of our Website enables us to provide better service to our members and maintain or upgrade our Website. That information dose not represent Personal Data and will never be used for automated processing, including profiling.

We can use your Personal Data for maintenance and analysis of our Website to solve performance issues, to improve the availability and to secure the website against fraud or other security risks (e.g. in case of repeated attempts to log-in or attempts to log-in from suspicious location or network). We care about data security and implement appropriate technical and organisational measures to ensure the safety of your Personal Data and your Company / Organization data. The analysis also enables us to check whether the online ordering process works efficiently so we can provide you with the best membership experience possible.

Our use of your Personal Data for these purposes is necessary for our legitimate interests and will be retained for a maximum period of 6 months. The logs of the use of our Website will be deleted 6 months after creation.

How We Share Your Personal Data

We may need to share Personal Data with third parties to help us provide membership services, like access to the member network, to you and to run our Website. These third parties are:

  • ISTAA members and partners
  • contracted service providers where this is needed to provide us or our members with a service or to help us provide membership services and / or to provide data analytics services.

These parties may be located in Switzerland, other countries in the European Economic Area or elsewhere in the world.

We use CDmon (https://www.cdmon.com/en) for the hosting services and we store Personal Data in the EEA.

If any Personal Data is stored by us outside the EEA we will ensure an adequate level of protection of the transferred Data. We always require service providers to use appropriate technical and organisational measures to ensure the confidentiality and security of the Personal Data stored.

We may also need to provide Personal Data to law enforcement bodies in order to comply with any legal obligation or court order.

Security of Personal Data.

We will take appropriate technical, physical and organisational measures to protect the Personal Data collected through the Website from misuse or accidental, unlawful or unauthorized destruction, loss, alteration, disclosure, acquisition or access, that are consistent with applicable privacy and data security laws and regulations as well as data protection best practices.

However, no internet-based site can be 100% secure, and we cannot be held responsible for unauthorised or unintended access that is beyond our control.

Our Website may contain links to other websites, mainly our members’ websites. We are not responsible for the privacy practices, content or security used by such other websites, which shall not be governed by this Privacy Policy. We advise you to always carefully read the privacy policies on these other websites.

Retention of Your Personal Data

We will retain your Personal Data for the duration of your membership or as long as legally required or for as long as necessary to provide you with membership services or for any of the other purposes listed in this Privacy Policy.

Where possible the specific retention terms are listed in this Privacy Policy for each of the relevant purposes. We will take reasonable steps to destroy or de-identify Personal Data we hold if it is no longer needed for the purposes set out above or after the expiration of the defined retention term.

Cookies

Cookies are small text files containing small amounts of information which are downloaded and may be stored on your user device, e.g. your computer, smartphone or table. These cookies and similar techniques make websites work efficiently and sometimes are necessary to remember your account settings, language and country.

We may collect information about your computer, including your IP address, operating system and browser type, for system administration and in order to create reports. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual or collect any type of Personal Data.

Where required, you will be asked for consent to our use of cookies. You can change your cookie preferences in your web browser.

Social Media

You may choose to share information on our Website via social media, such as Facebook, Instagram, Twitter or other relevant social media. This means that the information you share, with name and preferences, shall be visible to visitors of your personal pages. We advise you to carefully read the privacy policies of the social media parties as these are applicable to the processing of your Personal Data by these parties.

Children’s Privacy

The Website is not intended for use by individuals under the age of 18. We do not knowingly collect Personal Data from individuals under the age of 18.

Your Rights to Access, Rectification, Deletion, Restriction and Data Portability

You have the right to request an overview of your Personal Data processed by or on behalf of us. You have the right to have your Data rectified, deleted or restricted (as appropriate). You can exercise this right by contacting us at info@istaa.org

Please note that requests that do not meet the requirements set out by applicable law may be requested to be re-issued or ultimately denied and that certain Personal Data may be exempt from such access, rectification and deletion requests pursuant to applicable data protection laws or other laws and regulations.

Please note that you can also delete Personal Data by ending your membership, however we will retain Personal Data where it is legally required for us to do so.

You have the right to receive the Personal Data that you have provided to us in a structured, commonly used and machine-readable format, and in certain circumstances we will, at your request, transmit your Data to another controller where this is technically feasible.

Your Right to Object

You also have a right, in certain circumstances, to require us to stop processing your Personal Data, but where we have compelling legitimate grounds, we will continue processing your Personal Data.

Where you have provided consent to our use of your Personal Data, you have the right to withdraw your consent without this effecting the lawfulness of our use of this Data before your withdrawal.

Updates

We will keep this Privacy Policy under review and make updates from time to time. Any changes to this Privacy Policy will be posted on our Website page and to the extent reasonably possible, will be communicated to you.

Contact

If you wish to exercise any of your rights listed above, you can contact us at info@istaa.org

Please note that we may request proof of identity. If you have any other question, objection to our use of your Personal Data or a complaint about this Privacy Policy or about our handling of your Personal Data, you can mail us at info@istaa.org

You also have the right to file a complaint with your local data protection authority.

May 2018.

Lausanne, Switzerland