Privacy Policy

Welcome to http://likealocal.travel website. The protection of your personal data is a high priority for us. With this privacy policy document, we would like to explain to you in more detail what personal data we collect and for what purposes this data is processed. United States residents should consult the section titled “United States residents’ rights” for rights that apply to them.

1. Controller and contact

The controller for purposes of processing your personal data is:
TRIPSTER LIMITED
Arch. Makariou III, 155,
PROTEAS HOUSE, Floor 5,
3026, Limassol, Cyprus.

For clarity, any data processing by activity providers who offer their services on the LikeALocal Travel platform is subject to their respective privacy policies. Activity providers act as separate data controllers.

2. Subject of data protection

The subject of data protection is personal data, i.e. all information relating to an identified or identifiable natural person. Personal data is also referred to simply as data in the following.

3. Automated data collection

When accessing our website, your end device automatically transmits data for technical reasons. The following data is stored separately from other data that you may transmit to us: * URL of the page accessed * Latency of the network connection * Date and time.

We store this data for the following purposes: * for load balancing, i.e. to distribute access to our website across several devices and to be able to offer you the fastest possible loading times; * to ensure the security of our IT systems, e.g. to defend against specific attacks on our systems and to recognise attack patterns; * to ensure the proper operation of our IT systems, e.g. if errors occur that we can only rectify by storing the IP address; * to enable criminal prosecution, averting of danger or legal prosecution in the event of specific indications of criminal offenses.

Your IP address is only stored for a period of 30 days.

In this case, the processing is carried out to ensure the security of the processing in accordance with Art. 32 GDPR, as well as on the basis of our legitimate interest in protecting ourselves against misuse of our service (Art. 6 para. 1 lit. f GDPR).

4. LikeALocal Travel account

4.1. Registration
Surname/first name
 E-mail address
* Passwords

Alternatively, you can log in with your Facebook, Google account or email address. We receive the following personal data from Facebook or Google in order to create a user account for you:
* Name * E-mail address * Photo * an authentication token.

Your registration data is required to set up and manage a user account for you. In this case, you conclude a (free) user agreement with us, on the basis of which we collect this data (Art. 6 para. 1 lit. b GDPR).

In order to conclude the agreement, you must provide us with this data. However, you are neither contractually nor legally obliged to conclude the agreement and thus to provide the data.

4.2. Wish lists
After you have created a customer account, you have the option to create wish lists with activities and tours and to share these wish lists with other users. Your data is processed for these purposes in order to be able to provide you with the corresponding functions (Art. 6 para. 1 lit. b GDPR).

5. Reviews and ratings

Our website offers the possibility to rate and comment on tours or activities. After you have completed a tour booked via our website, we may ask you to rate it accordingly. Submitting a rating is, of course, voluntary. When you submit a rating, we collect the data you enter in order to process it according to the function you use and publish it on our website. You can have a rating deleted at any time by contacting our customer service.

You can object at any time to receiving review requests by clicking the unsubscribe link in each review request email.

The processing of your data for these purposes is done to protect our legitimate interest in providing our users with as much information as possible about the tours we offer. User ratings are also in the interest of all users. Accordingly, the processing is based on Art. 6 para. 1 lit. f GDPR.

6. Customer support

6.1. Processing of enquiries

Your request will be processed by our processor, TRIPSTER LIMITED.

For the processing of enquiries, we use Intercome's group services provided by Intercom R&D Unlimited Company, a company registered in Ireland with offices at 3rd Floor, Stephens Court, 18-21 Saint Stephen's Green, Dublin 2; Intercom, Inc. a Delaware corporation with offices at 55 2nd Street, 4th Fl., San Francisco, CA 94105, USA; Intercom Software UK Limited, a private limited company registered in the UK with offices at Level 9, the Warehouse 207-211 Old St, London, EC1V 9NR UK; Intercom Software Australia Pty Ltd, a company registered in Australia with offices at 285A Crown St. Surry Hills NSW 2010, Australia, 1st Floor, Sydney.

6.2. Improvement of customer service
In order to continuously improve our customer service, we analyze enquiries sent to us on the basis of certain parameters and keywords. Although, as a matter of principle, no analysis is carried out on the basis of personal data, it cannot be ruled out that, in individual cases, personal data may also be processed within this context. The processing required within this context serves our legitimate interest as well as that of our customers in the continuous improvement of our customer service (Art. 6 para. 1 lit. f GDPR).

7. Technical service providers

We use technical service providers for hosting and some of the services required for the website. Accordingly, the processing of data takes place on the servers of these service providers. These service providers only process the data according to our explicit instructions and are obliged to guarantee sufficient technical and organizational measures for data protection. Consequently, our service providers act for us as so-called processors within the meaning of Art. 28 GDPR.

7.1. Hosting of the website
For the hosting of our website, we use the services of DigitalOcean, LLC headquartered in New York, 101 6th Ave, United States. Accordingly, when you interact with our website or provide personal data, it is processed on DigitalOcean servers. To cover remote maintenance and similar constellations, we have concluded the standard contractual clauses approved by the EU Commission with DigitalOcean in accordance with Art. 46 para. 2 lit. c GDPR.

7.2. Email system
For sending emails, we use the Sendgrid service of Twilio Inc based in the USA ("Twilio"). There is no adequacy decision for the USA. We have therefore concluded the standard contractual clauses approved by the EU Commission pursuant to Art. 46 para. 2 lit. c GDPR with Twilio.

8. Newsletter

You have the option on our website to register for our newsletter. With our newsletter, we would like to send you information on offers, tours, activities or special promotions that are as personalized as possible. By registering for our newsletter, you therefore consent to us processing your email address for the purpose of sending the newsletter. The legal basis for this processing is Art. 6 para. 1 lit a GDPR. You can revoke your consent at any time by unsubscribing from our newsletter. To do this, you can use the unsubscribe link contained in every email.

To verify your email address, you will first receive a registration email with verification code, which is necessary to enter on the registration page. When you register for the newsletter, we store the IP address and the date and time of registration. The processing of this data is necessary in order to be able to prove that consent has been given. The legal basis results from our legal obligation to prove your consent (Art. 6 para. 1 lit. c in conjunction with Art. 7 para. 1 GDPR).

If you have booked a tour via our website or created a LikeALocal Travel account, we will send you our newsletter based on our legitimate interest in promoting similar services to your bookings or account (Art. 6 para. 1 lit. f GDPR, § 7 para. 3 UWG) unless you have objected to this use. If cookies are used for personalisation, we will obtain your separate consent.

You can object to this at any time – even during registration – by deselecting the corresponding checkbox or clicking the unsubscribe link in the respective emails.

9. Bookings & payments

9.1. Bookings
When you book a tour, activity or similar on our site, we collect the data required to carry out the tour. This usually includes the following information: First and last name, billing address, email address, telephone number, number of participants, date and time. Depending on the activity booked, it may also be necessary for us to collect further information, such as your flight number or the age of the participants. The processing that takes place in connection with this is based on Art. 6 para. 1 lit. b GDPR. To the extent necessary, we will transfer your data to the provider responsible for the tour or activity who will process your personal data as set out in their privacy policy as an independent data controller. If a transfer to a third country outside the European Economic Area is necessary, this is based on Art. 49 para. 2 lit. b, c GDPR.

9.2. Booking confirmations
In order to keep you updated on your bookings we will send you booking confirmations as well as reminders and updates for upcoming bookings (e.g. changed times or meeting points) to make sure that you have all information you need to attend your booked services. Booking confirmations are sent to your email address, and/or by SMS to the phone number you provide during the booking process.

We process your personal data in order to be able to provide you with these features of our service (Art. 6 para. 1 lit. b GDPR).

9.3. Payments
You have various options for paying for your booking. In doing so, we will process the data required in each case depending on the selected payment method. Within this context, your personal data will be processed as described below, which is based on Art. 6 para. 1 lit. b GDPR and is necessary to carry out the payment method you have chosen.

9.3.1. Credit / Debit card payments
For the processing of payments by credit card, we use the service provider Unlimit registered in Cyprus, with its registered and head office address at 125 Georgiou Griva Digeni, Limassol 3101, Cyprus. Registration number HE328641. The data provided during your payment will be forwarded by Unlimit to the respective banks or financial institutions for the purpose of processing the payment. In the case of payments by credit/debit card, we only receive the information that a payment has or has not been made, along with the last 4 digits of the credit card number. We therefore have no knowledge of your full credit/debit card number.

10. Cookies

We use so-called "cookies" to offer certain functions of our website and to optimize the use of our website. "Cookies" are small files that are stored on your device with the help of your internet browser.

Specifically, we use (unless other cookies are specified elsewhere in this privacy policy or our cookie consent) the following cookies:
* Session cookies: These cookies are needed to store certain technical data during your visit to our website, e.g. to determine whether you have logged in. * Persistent cookies: These cookies are needed to store data beyond a browser session if you wish to do so.

The legal basis for the use of these cookies is § 15 para. 1 of Art. 6 para. 1 b GDPR, insofar as they are necessary for the use of our website and the functions you have accessed. Otherwise, we use cookies – as described below – on the basis of your consent.

11. Marketing and remarketing services

11.1. Google services
We use the services of Google LLC, 1600 Amphitheatre Pkwy Mountain View, California 94043, USA ("Google") described below. There is no EU Commission adequacy decision for the USA. We have therefore concluded the standard contractual clauses approved by the EU Commission with Google in accordance with Art. 46 para. 2 lit. c GDPR.

Basic information on the processing of your personal data by Google can be found here: https://policies.google.com/privacy?hl=en.

You also have the following setting options with Google: * You can deactivate personalised advertising from Google: https://adssettings.google.com/anonymous?hl=en&sig=ACi0TCie_PP0WXzD2NDiHGJny9ca0PSQVyMysggnxws0C7Hxy7edd8F9O3gyme7JNE3bplGpLmt8pU3iFPJYnpIHlEL7FSn5hXWg8EhEQAbCywX-v9nEW3M * You can disable personalised advertising on a device-by-device basis: https://support.google.com/ads/answer/1660762?hl=en-GB#mob

You can disable personalised advertising by browser: http://optout.networkadvertising.org/?c=1

11.2.1 Google Analytics 360
If you have consented, we use Google Analytics 360, a web analytics service. Google Analytics 360 collects pseudonymous data from you about the use of our website, including your shortened IP address, and uses cookies. This data is transmitted to a Google server in the USA and stored there. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity, and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf.

Your data will be stored by Google Analytics for a period of 14 months. After this period, the data is deleted and only aggregated statistics are kept.

The use of Google Analytics is based on your consent (Art. 6 para. 1 lit. a GDPR).

You can revoke your consent at any time and deactivate Google Analytics using a browser add-on. You can download this here: http://tools.google.com/dlpage/gaoptout. Alternatively, you can revoke your consent as described here: https://developers.google.com/analytics/devguides/collection/analyticsjs/user-opt-out.

You can also revoke your consent via our consent manager. This does not affect the lawfulness of the processing carried out until your revocation.

11.2.2. Google Remarketing & Advertising Personalisation on the Google Network
If you have consented, we use remarketing services from Google. Google uses cookies to record your usage behavior on our website in order to display interest-based advertising for our products on other pages within the Google advertising network across devices. This includes Google search and other sites operated by Google and its subsidiaries, as well as sites operated by Google's advertising partners. The information is transmitted accordingly to Google and Google's partners. Additional data processing will only take place if you have consented to Google linking your browsing history to your Google Account and using information from your Google Account to personalize the ads you see on the web. In this case, Google will use your data together with Google Analytics data to create and define target group lists for remarketing. To do this, your personal data will be temporarily linked by Google with Google Analytics data to form target groups.

The use of these services is based on your consent (Art. 6 para. 1 lit. a GDPR).

11.2.3. YouTube pixel If you have consented, we use the YouTube pixel. This is a tracking code that is loaded when our website and certain subpages are accessed and when certain actions are performed, and thus tracks your behavior on our website. The pixel also collects usage data (such as URL, referrer URL, IP address, device and browser properties and timestamp). We send this information to Google so that Google can display advertisements on YouTube according to your behavior on our website.

We use the YouTube pixel on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can revoke your consent at any time via our consent manager. This does not affect the lawfulness of the processing carried out until your revocation.

11.2.4. Google Enhanced Conversions
This technology is based neither on cookies nor on pixels. When you use our website and are redirected by a Google ad, we send a hashed identifier and information about possible purchases to Google. Google will use this information only to understand which ad you clicked, to measure the success of certain ads and to provide us with this information in aggregate form. In particular, Google will not use the data to serve targeted ads to you or to other users, or store or use the data for any other purpose. We transmit this data on the basis of our legitimate interest in controlling our marketing activities (Art. 6 para. 1 lit. f GDPR).

11.2.5. Retargeting and audience matching
If you give us your consent, we use services provided by Google Ireland Limited to show you personalized ads on Google and to reach audiences which are similar to you. In this case, we transfer your encrypted (hashed) email address along with information about website behavior to Google. Google will then match your encrypted data with their database and, if you have a Google account with personalized ads enabled, identify you to show you ads for LikeALocal Travel. The processing is carried out based on your consent (Art. 6 para. 1 lit. a GDPR). You can withdraw your consent at any time with future effect by rejecting Marketing Technologies in our consent manager. Google may process your personal data in the USA. There is no EU Commission adequacy decision for the USA. We have therefore concluded the standard contractual clauses approved by the EU Commission with Google in accordance with Art. 46 para. 2 lit. c GDPR.

11.3. Facebook services
We use the services of Facebook Ireland Limited ("Facebook") described below. Please note that this may also involve processing by Facebook Inc. based in the USA. There is no EU Commission adequacy decision for the USA. In this case, Facebook will use the standard contractual clauses approved by the EU Commission, which constitute a suitable guarantee within the meaning of Art. 46 para. 2 lit. c GDPR for the transfer to third countries.

Basic information on the further processing and use of your data by Facebook as well as your setting options for protecting your privacy with Facebook can be found in Facebook's privacy policy at https://www.facebook.com/privacy/explanation.

11.3.1. Facebook pixel
If you have consented, the Facebook pixel is used on our website. This is Javascript code. The Facebook pixel records when you perform certain actions on our website or visit certain areas on our website. The Facebook pixel also collects usage data (such as URL, referrer URL, IP address, device and browser characteristics and timestamp). The Facebook pixel generates a checksum (hash value) from this information and transmits this hash value to Facebook. If available, the Facebook cookie is also addressed and your Facebook ID is transmitted. If you have a Facebook profile and log in there, you can be presented with targeted personalized advertising on Facebook based on the data transmitted by the pixel. Data from users who do not have a Facebook profile is discarded by Facebook without being used.

We use the Facebook pixel on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can revoke your consent at any time via our consent manager. This does not affect the lawfulness of the processing carried out until your revocation.

11.3.2. Facebook Server-to-Server
This technology is based neither on cookies nor on pixels. When you use our website and are redirected by Facebook, we send your Facebook Click-ID and information about possible purchases and other actions on our website to Facebook. Facebook will use this information to understand which ad you clicked, to measure the success of certain ads and to provide us with this information in aggregate form. Facebook will not use the data to serve targeted ads to you or other users. We transmit this data on the basis of our legitimate interest in controlling our marketing activities (Art. 6 para. 1 lit. f GDPR).

11.3.3. Retargeting and audience matching
If you give us your consent, we use services provided by Meta Platforms, Inc. (USA) to show you personalized ads on Facebook and to reach audiences which are similar to you. In this case, we transfer your encrypted (hashed) email address along with information about website behavior to Facebook. Facebook will then match your encrypted data with their database and, if you have a Facebook account with personalized ads enabled, identify you to show you ads for LikeALocal Travel.

We are joint controllers with Meta Platforms, Inc. for such data transfer to Facebook. You can find our agreement on this joint controllership here: https://www.facebook.com/legal/controller_addendum.

The processing is carried out based on your consent (Art. 6 para. 1 lit. a GDPR). You can withdraw your consent at any time with future effect by rejecting Marketing Technologies in our consent manager. There is no EU Commission adequacy decision for the USA. We have therefore concluded the standard contractual clauses approved by the EU Commission with Facebook in accordance with Art. 46 para. 2 lit. c GDPR.

11.4. Other remarketing services
If you have consented, we also use the remarketing services described below on our website. In each case, your usage behavior on our website is analyzed using cookies. The providers will use this information to play personalized advertising on third-party sites. * Remarketing service of Criteo S.A. based in France ("Criteo"). Criteo will serve personalized advertising on sites connected to the Criteo network. * Remarketing services provided by Microsoft Ireland Operations Limited, based in Ireland ("Microsoft"). Microsoft will use the cookie information to serve personalized advertisements through the Bing search engine and to display advertisements to you on third-party sites.
* Remarketing service provided by Outbrain Inc based in the USA ("Outbrain"). Outbrain will use the cookie information to show you personalized advertising on third-party sites. * Remarketing service provided by Snap Group Limited based in the UK ("Snapchat"). Snapchat will use the cookie information to show you personalized advertising.

We use these services on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can revoke your consent at any time via our consent manager. This does not affect the lawfulness of the processing carried out until your revocation.

12. CRM system

To manage our customer relationships, we store your personal data in our CRM system. This enables us to answer any enquiries in a targeted manner and to send you contextual advertising within the permissible framework. The processing that takes place within this context is based on our legitimate interest in managing our customer relationships, Art. 6 para. 1 lit. f GDPR. For this purpose, we use the services of the provider Braze, Inc. based in the USA ("Braze"). There is no EU Commission adequacy decision for the USA. We have therefore concluded the standard contractual clauses approved by the EU Commission with Braze in accordance with Art. 46 para. 2 lit. c GDPR.

13. Personalisation of website content

We also process your data in order to display personalized content on our website. The legal basis for this is our legitimate interest in showing you tours and activities that are relevant to you, Art. 6 para. 1 lit. f GDPR.

14. Further sharing of data.

Beyond the cases described, your personal data will only be passed on without your express prior consent in the following cases:
* If it is necessary for the clarification of an illegal use of our services or for legal prosecution, personal data will be forwarded to the law enforcement authorities and, if necessary, to injured third parties. However, this only happens if there are specific indications of unlawful or abusive behavior. A transfer may also take place if this serves to enforce terms of use or other agreements. We are also legally obliged to provide information to certain public authorities upon request. These are law enforcement agencies, authorities that prosecute administrative offenses subject to fines and the tax authorities.

This data is disclosed on the basis of our legitimate interest in combating abuse, prosecuting criminal offenses and securing, asserting and enforcing claims and provided that your rights and interests in the protection of your personal data are not overridden, Art. 6 para. 1 lit. f GDPR or on the basis of a legal obligation pursuant to Art. 6 para. 1 lit. c GDPR.
* We disclose personal data to auditors, accounting service providers, lawyers, banks, tax consultants and similar bodies insofar as this is necessary for the provision of our services (Art. 6 para. 1 lit. b GDPR) or the proper operation of our business (Art. 6 para. 1 lit. f GDPR) or we are obliged to do so (Art. 6 para. 1 lit. c GDPR). * We rely on contractually affiliated third-party companies and external service providers ("processors") to provide the services. In such cases, personal data is passed on to these processors to enable them to continue processing. These processors are carefully selected and regularly reviewed by us to ensure that your rights and freedoms are protected. The processors may only use the data for the purposes specified by us and are also contractually obliged by us to treat your data exclusively in accordance with this privacy policy and data protection laws.

The transfer of data to processors takes place on the basis of Art. 28 para. 1 GDPR. * As part of the further development of our business, it may happen that the structure of TRIPSTER LIMITED changes by changing the legal form, founding, buying or selling subsidiaries, parts of the company or components. In such transactions, customer information is passed on together with the part of the company to be transferred. Whenever personal information is disclosed to third parties to the extent described above, we will ensure that this is done in accordance with this privacy policy and the relevant data protection laws.

Any disclosure of personal data is justified by the fact that we have a legitimate interest in adapting our corporate form to the economic and legal circumstances as necessary (Art. 6 para. 1 lit. f GDPR).

15. Erasure of your data

We delete or anonymise your personal data as soon as it is no longer necessary for the purposes for which we collected or used it in accordance with the above paragraphs. We also continue to retain your data if we are obliged to do so for legal reasons or if the data is needed for a longer period of time for criminal prosecution or to secure, assert or enforce legal claims.

If you delete your user account, your profile will be deleted completely and permanently. However, we will retain backup copies of your data to the extent and for as long as this data is required for legal reasons or for criminal prosecution or to secure, assert or enforce legal claims.

If data must be retained for legal reasons, processing will be restricted. The data is then no longer available for further use.

Storage beyond the contractual relationship is based on our aforementioned legitimate interests according to Art. 6 para. 1 lit. f GDPR.

16. Your rights as a data subject

You have the rights described below with regard to the processing of your personal data.

16.1. Right of access to information
You have the right to receive information from us at any time, upon request, about the personal data we process that concerns you, to the extent and subject to the conditions of Art. 15 GDPR and § 34 BDSG.

16.2. Right to correct incorrect data You have the right to request that we correct personal data relating to you without delay if it is inaccurate.

16.3. Right to erasure
You have the right to demand that we delete the personal data concerning you under the conditions described in Art. 17 GDPR and § 35 BDSG. These conditions provide in particular for a right to erasure if the personal data is no longer necessary for the purposes for which it was collected or otherwise processed, as well as in cases of unlawful processing, the existence of an objection or the existence of an obligation to erasure under Union law or the law of the Member State to which we are subject.

16.4. Right to restriction of processing
You have the right to demand that we restrict processing in accordance with Art. 18 GDPR. This right exists in particular if the accuracy of the personal data is disputed between the user and us, for the duration that the verification of the accuracy requires, as well as in the event that the data subject requests restricted processing instead of erasure in the case of an existing right to erasure; furthermore, in the event that the data is no longer required for the purposes pursued by us, but the user requires it for the assertion, exercise or defense of legal claims, as well as if the successful exercise of an objection is still disputed between us and the user.

16.5. Right to data portability
You have the right to receive from us the personal data relating to you that you have provided to us in a structured, commonly used, machine-readable format in accordance with Art. 20 GDPR.

16.6. Right to object
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out, inter alia, on the basis of Art. 6 para. 1 lit. e or f GDPR, in accordance with Art. 21 GDPR. We will then stop processing your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

16.7. Right of appeal
You have the right to contact a supervisory authority of your choice in case of complaints.

16.8. Data processing when exercising your rights
Finally, we would like to point out that we process the personal data provided by you when exercising your rights pursuant to Art. 15 to 22 GDPR for the purpose of implementing these rights and to be able to provide evidence thereof. This processing is based on the legal basis of Art. 6 para. 1 lit. c GDPR in conjunction with Art. 15 to 22 GDPR and § 34 para. 2 BDSG.23

17. United States residents’ rights

17.1. Disclosure
If you are a resident of certain states, including California, Colorado, Connecticut or Virginia, you may have specific rights. The additional disclosures and rights relevant to residents of certain U.S. states that have enacted data protection laws and regulations are set out below. This Section also provides you with necessary information about the personal information we collect and how we may use this information.

The California Consumer Privacy Act of 2018, the California Consumer Privacy Act of 2018 ("CCPA"), the California Privacy Rights Act of 2020 (“CPRA”) and other states privacy laws provide certain U.S. residents with specific rights regarding personal information. This section of the Privacy Policy describes those rights and how to exercise them. This section does not apply to publicly available information.

Some information is collected automatically when you access our website (See Section 3 Automated data collection of this Privacy Policy).

More details on the personal information we collect, how we collect it and why we collect it can be found below:
* When you create an account on our website; * When you decide to leave reviews; * Where you need customer support; * By our service providers; * When you subscribe to our newsletter; * When you book activities on our Platform; * For fraud prevention purposes; * To protect us against bots; * By using cookies; * For marketing purposes; * Some of our trusted partners may collect some of your personal information as described in Section “Integrated third-party content”; * When you interact with us on social media; * For customer support purposes; * For product development purpose; * For personalisation of website content purposes.

If it is necessary for providing a service you are requesting, we will collect, process or you may also supply us with the following sensitive personal information to operate our business: username and passwords, government IDs, such as driver’s license and passport number. For example, in a very limited number of cases, some tour providers selling you tickets and activities might require the collection of your passport number or other valid ID during the checkout process.

Depending on your cookie preferences, we may “share” categories of personal information, as defined under California law, to or with third parties and for the business and commercial purposes described in this Privacy Policy. According to the CPRA, “sharing” means the disclosure of your personal information to a third party or cross-context behavioral advertising, whether or not for monetary or other valuable consideration. See Section certain sections above for more information about the context in which we share your personal information and how you request to opt-out.

We do not “sell” personal information as defined under CPRA or under Consumer Data Protection Act (Virginia privacy law) (“CDPA”).

We do not “sell” your personal information as defined under the CCPA.

We do not knowingly “share” the personal information of known minors under 16 years of age.

17.2. Access to Specific Information Rights
You have the right to request that we disclose certain information to you about how we collected and used your personal information. Once we have received a valid request from you, we will disclose to you, to the extent permitted by law:
* The categories of personal information we collected about you. * The categories of sources for your personal information we collected about you. * The business or commercial purpose for collecting, selling, or sharing your personal information, if applicable. * The categories of third parties with whom we share your personal information. * If we disclosed your personal information for a business purpose, the personal information categories that each category of recipient obtained.

17.3. Deletion Right
Residents of certain states have the right to request that we delete the personal information that we have collected about them, subject to certain exceptions described in Section 17.3 of this Privacy Policy and as set forth in applicable law(s).

17.4. Correction Right
Residents of certain states have the right to request that we correct inaccurate personal information that we maintain about them as explained in Section 17.2 of this Privacy Policy, subject to certain exceptions set forth in applicable law(s).

17.5. No Discrimination
We will not discriminate against you for exercising any of your privacy rights.

17.6. Do Not Sell or Share My Personal Information
You are free to change your cookie preferences at any time and request to opt out of sharing of your personal information to third parties, subject to certain exceptions set forth in applicable law(s). By “sharing”, we refer to the processing of personal data as described above in Section 10 Cookies and Section 11 Marketing and remarketing services. We and other companies place tracking technologies on our websites to allow us to collect and share, with selected partners, information about your behavior on our website in order to display interest-based advertising for our products on other pages or to improve our advertising accuracy and relevance. If you decide to opt out of this data sharing, you will need to click on the Preference Center link and change your preferences by opting out of “Share or Sale of Personal data”.

17.7. Opt Out of Targeted Advertising
Certain data collection and processing on our website for purposes of interest-based advertising may be deemed “targeted advertising,” or a “sale” or “sharing” of personal information by some state laws, like under the CDPA. Depending on your cookie preferences and to the extent permitted by law, we may disclose your personal information to our trusted partners for targeted advertising. You may request that we stop using and sharing your personal information for such targeted advertising by clicking on the Preference Center link and change your preferences by opting out of “Share or Sale of Personal data”.

17.8. Do not share or disclose my sensitive personal information
You have the right to limit how your sensitive personal information is disclosed or shared with third parties. To exercise your rights described in this Privacy policy, please contact customer support service.

17.9. Exercising Your Rights
You can exercise any of your rights as described in this Privacy Policy to the extent permitted by applicable law(s).

Please provide enough information and describe your request with sufficient detail to enable us to properly respond to your request. We will take reasonable steps to verify your identity before we can respond to your request.

If you reside in California, you or a person registered with the California Secretary of State that you authorize to act on your behalf, may file a request.

If you reside in Connecticut or Colorado, you have the option to designate an authorized agent to file a request on your behalf.

You may also make a verifiable consumer request on behalf of your minor child.

18. Changes to this privacy policy

The current version of this privacy policy is always available at https://likealocal.travel/privacy_policy.

Status at: 20 Apr 2024