Effective 05.24.2018

Welcome!

We take your privacy seriously and know you do too. This Privacy Policy is here to help you understand how we collect, use, disclose, and process your personal data. We also describe your choices and rights with respect to how we process your personal data. Please read this policy carefully.

Who We Are

This is the Privacy Policy of Xanterra Leisure Holding, LLC (“Xanterra,” “us,” “our,” or “we”), a Colorado-based company with offices at 6312 S. Fiddlers Green Cir., Ste. 600 North, Greenwood Village, Colorado 80111. You can contact us here.

Applicability

This Privacy Policy applies to our “Digital Services”, which include our:

  • Websites that link to/post this Privacy Policy, including any subdomains or mobile versions (the “Site(s)”); and
  • On-premise or web-enabled technologies, such as on-premise WiFi, Bluetooth beacons, and other internet-connected devices (the “Internet and IoT Service(s)”).

Agreement

This policy is incorporated into the Terms of Use governing your use of any of our Digital Services. Any capitalized terms not defined in this Privacy Policy will have the definitions provided in our Terms of Use. Supplemental policies may also apply, such as our Cookies and Similar Technology Policy.

Following notice to you or your acknowledgment of this Privacy Policy (including any updates), your continued use of any of our Digital Services indicates your acknowledgment of the practices described in this Policy.

Third Parties

This Privacy Policy does not apply to information collected by third parties—for example, when you book travel using a travel agent or third party booking service, visit a third-party website, or interact with online advertisements—unless and until we receive your information from those parties. Further, some third parties may place additional restrictions on our use of your personal data, in which case, portions of this Policy may not apply to you. Please review any third-parties’ privacy policies before disclosing information to them.

Collection and Use of Personal Data

Personal Data We Collect

We may collect and process information that relates to identified or identifiable individuals (“Personal Data”). We collect and process the following categories of Personal Data (note, specific Personal Data elements listed in each category are only examples and may change):

Identity Data: Personal Data about you and your identity, such as your name, driver’s license or other ID number, photo/avatar, username, and other Personal Data you may provide on registration or purchase forms or as part of an account profile (e.g. biographical information).

Transaction Data: Personal Data we collect in connection with a transaction or purchase, such as a reservation you made, the price, your billing address, zip code, and other similar information.

Contact Data: Personal Data used to contact an individual, e.g. email address(es), physical address(es), phone number(s), or social media or communications platform usernames/handles, as well as a name or other salutation.

Financial Data: Personal Data relating to financial accounts or services, e.g. a credit card or other financial account number, and other relevant information you provide in connection with a financial transaction.

Device Data: Personal Data relating to your device, browser, or application e.g. IP addresses, MAC addresses, application ID/AdID/IDFA, identifiers from cookies, session navigation history, and similar browsing metadata, and other data generated through applications and browsers, including cookies and similar technologies.

Preferences Data: Personal Data relating to your preferences, interests, personal demographics (e.g. location of residence, age group, gender, etc.), your “likes,” and other information provided to us via social media services and advertising technologies, including any other categories of information (such as Transaction Data or Identity Data linked to such information.)

Location Data: Personal Data relating to your precise location, such as information collected from your device’s GPS, or through your interactions with a Bluetooth location beacon, WiFi, or other localization product.

Special Category Data: Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, health information, or information relating to sex life or sexual orientation. (Note: this Personal Data may be subject to additional restrictions.)

Processing of Personal Data

Reservations, Bookings, and Purchases

Data: We process Transaction Data, Identity Data, Financial Data, Preferences Data and certain Contact Data, and Special Category Data when you apply for or make a reservation or booking for travel, activities, or events, or complete a purchase through our Digital Services. Note, some transactions are made directly through us, and others are processed by a third party on our behalf. In addition, we may receive this data from third parties (such as travel agents) that may retain control over your personal data.

Uses: We use the Transaction Data, Identity Data, and Contact Data as necessary to complete and provide you with important information regarding your transaction (such as cancellations, emergency alerts, etc.) Financial Data is used only as necessary to process transactions that you request. Subject to Your Rights and Choices, we may process the Transaction Data, Identity Data, and Preferences Data to improve our services and to create a personalized user experience, in connection with marketing communications and behavioral advertising.

Note: For certain reservations and trips you may purchase, we may collect Special Category Data, such as health data, passport information, or other similar information. We collect this information as and when required by governmental authorities, travel agents, gate agents, and other similar parties. We process this only as necessary for legal compliance, as necessary to fulfill a contract/transaction you request, in connection with your vital interests, or in accordance with your consent. For example, we allow guests to provide health data on some trips so that we can better ensure your safety, or accommodate dietary restrictions. Similarly, we may require passport information so that we can ensure that travelers are able to travel, and as may be required by applicable law.

Call Centers and Support

Data: We process Transaction Data, Identity Data, Device Data, Financial Data, Preferences Data, and certain Contact Data when you contact us via our call center, chat, contact us forms, or other support options. For example, you may speak with a call center associate that enters your information into our customer database, or you may call us using a unique number that links some Cookie and Similar Technology Data to your call session and our customer records. In the case of support calls, and subject to applicable law, your call may be recorded and analyzed electronically, and we may derive this information from these recordings.

Uses: We use the Transaction Data, Identity Data, and Contact Data as necessary in connection with your support request. Financial Data is used only as necessary to process transactions that you request. Subject to Your Rights and Choices, we may use Identity Data, Transactions Data, Device Data, Preferences Data, and Contact Data (including Cookies and Similar Technology, described below, that is linked to this information) to improve our services and to create a personalized user experience and in connection with marketing communications and behavioral advertising.

Account Registration

Data: You may be able to register and create an account on our Digital Services. Registration is optional in most cases. If you choose to register, we will process Identity Data, Preferences Data, and certain Contact Data. We may also process certain Financial Data if you choose, for example, to store payment information for future purchases.

Uses: We use the Identity Data and Contact Data as necessary to create, maintain, and provide you with important information about your account. Financial Data provided at registration will be used only as necessary to process transactions at your request. Subject to Your Rights and Choices, we may also use the Identity Data and Preferences Data as part of our efforts to improve our Digital Services and to create a personalized user experience, and we may process the Identity Data, Preferences Data and Contact Data in connection with marketing communications and behavioral advertising.

Surveys and Questionnaires

Data: We may process Identity Data, Preferences Data, and certain Contact Data if you choose to complete a customer survey, questionnaire, or similar form. Note, some surveys are operated/controlled by us, and others are operated/controlled by our third-party partners. We may receive this data from third parties to the extent allowed by the applicable partner, and we may share certain personal information or aggregated statistics with our survey partners.

Uses: Subject to Your Rights and Choices, we may also use this Identity Data, Contact Data, and Preferences Data to improve our services, and share insights with our partners, improve our services and to create a personalized user experience, and in connection with marketing communications and behavioral advertising.

Promotions and Offers

Data: We may process Identity Data, Preferences Data, and certain Contact Data if you choose to register for special promotions and offers such as discounts, sweepstakes or contests. Note, some special promotions and offers are operated/controlled by us, and others are operated/controlled by our third-party partners. We may receive this data from third parties to the extent allowed by the applicable partner; otherwise, this Privacy Policy will not apply.

Uses: We use this Identity Data and Contact Data as necessary to carry out special promotions and related transactions. Subject to Your Rights and Choices, we may also use this Identity Data and Preferences Data to improve our services and to create a personalized user experience, and we may process this Identity Data and Contact Data in connection with marketing communications and behavioral advertising.

Note: If you win a promotion, your acceptance of a prize may allow us to make certain Personal Information public, e.g. posting your name on a winner’s page. See the applicable program’s terms for details.

Marketing Communications

Data: We may process Identity Data, Device Data, Preferences Data, and Contact Data when you are enrolled to receive, and when you open or interact with, our electronic marketing communications. Note, you may be enrolled with your consent or, where allowed, in connection with account registration or a purchase.

Uses: Subject to Your Rights and Choices, we use the Identity Data, Device Data, Preferences Data, and Contact Data to improve our services and to create a personalized user experience, and in connection with marketing communications and behavioral advertising.

User Content & Social Media

Data: We process Identity Data, Preferences Data, Contact Data, and any other data in or relating to your User Content if you choose to submit User Content (e.g. comments, forum and social media posts, etc.) through our Digital Services. If you use a social media service to post User Content that references our official accounts, your comment or content may appear on our Digital Services. We may sometimes receive that data from a third party (e.g. social media platform).

Uses: We use Identity Data and Contact Data as necessary to feature User Content and for integration with social media on our Digital Services. Subject to Your Rights and Choices, we may also use Identity Data and Preferences Data to improve our services and to create a personalized user experience and we may process Identity Data and Contact Data in connection with marketing communications and behavioral advertising.

Note: Any User Content you provide may be made public as soon as you post it on our Digital Services. We do not screen comments or other postings for personal or inappropriate content.

Staffing Data

Data: We may process Identity Data and Contact Data as well as certain Special Category Data in connection with your application to be a vendor, volunteer, employee, or otherwise join or support our team.

Uses: Staffing data processed under this Privacy Policy is used primarily in connection with the assessment and creation of the staffing relationship. Subject to Your Rights and Choices, we may also use your Contact Data as necessary to process your application, contact you regarding this or other future application/vendor/work opportunities, or similar matters.

WiFi and On-Premise Technology

Data: We process Identity Data, Location Data, Device Data, Preferences Data, and may process Contact Data when you interact with our Internet and IoT Services. These technologies include on-premise WiFi networks, internet-connected kiosks and other hardware, and other similar technologies. We may receive this data from third parties (e.g. an operator of our Internet and IoT service) to the extent allowed by that party.

Uses: We use Identity Data, Location Data, Device Data, and Contact Data to enable certain features and to enhance the security of our Sites and Mobile Apps. Subject to Your Rights and Choices, we may process Identity Data, Location Data, Device Data, Preferences Data, and Contact Data to improve our services and to create a personalized user experience and we may process this data to contact you in connection with marketing communications and behavioral advertising.

Note: If you use on-premise WiFi, additional terms and conditions may apply, and we (or our third party provider) may have access to and/or process additional Personal Data, including a record of websites visited. This data may reveal Special Category Data, and may be shared with or accessible by additional third parties, including governmental entities with jurisdiction over a given location. For more information, please review any supplemental privacy policy related to these services.

Cookies and Similar Technologies

Data: We, and certain third parties, may process Identity Data, Device Data, Contact Data, Preference Data, Location Data, and certain User Content when you interact with cookies and similar technologies. We may receive this data from third parties to the extent allowed by the applicable partner; otherwise, this Privacy Policy will not apply.

Uses: We use Device Data and Identity Data to enable you to register with and/or use certain features of these technologies. Subject to Your Rights and Choices, we may use Identity Data, Location Data, Device Data, and Contact Data to improve our services and to create a personalized user experience and we may use Identity Data, Location Data, Device Data, and Contact Data in connection with marketing communications and behavioral advertising.

Note: Some of these technologies can be used by us and/or our third party partners to identify you across platforms, devices, sites, and services. Third parties may engage in behavioral advertising using this data. Our Cookie and Similar Technology Policy provides more information about our use of these technologies. In addition, we may be able to link this data with your customer support calls when you call our customer support lines using the unique dial-in number. See Your Rights and Choices for information on how to opt out.

Specific Processing Purposes

Personalization

Consistent with our legitimate business interests, we may personalize our Digital Services. To do so, we may link together and analyze the Personal Data that we hold about you. Personal Data processed for personalization purposes, whether or not linked, may be augmented with Preferences Data. We may create Preferences Data, or obtain it from third parties, using Personal Data we hold about you. We process Preferences Data so that our communications and Digital Services are more relevant to you. For example, we may greet you by name, provide better recommendations to you, tailor communications to your interests, and use the information to guide overall improvements to our products and services. We may also use Preferences Information in connection with behavioral advertising. See Your Rights and Choices for information about how you can limit or opt out of this processing.

Marketing Communications

Consistent with our legitimate business interests, we (or if appropriate, our third party partners) may send you marketing and promotional communications if you sign up for such communications or purchase products or services from us. Where allowed, we may also send you these communications if you register on our Digital Services or for a promotion, or in connection with your communications with, or submission of User Content to, us. These communications may be personalized. See Your Rights and Choices for information about how you can limit or opt out of this processing.

Additional Processing

If we process Personal Data in connection with our Digital Services in a way not described in this Privacy Policy, this Privacy Policy will still apply generally (e.g. with respect to Your Rights and Choices) unless otherwise stated when you provide it.

Note that we may, without your consent, also process your Personal Data on certain public interest grounds. For example, we may process information as necessary to fulfill our legal obligations, to protect the vital interests of any individuals, or otherwise in the public interest. Please see the data sharing section for more information about how we disclose Personal Data in extraordinary circumstances.

Data Sharing

Generally

Information we collect may be shared with a variety of parties, depending upon the purpose for and context in which that information was provided. We generally transfer data to the following categories of recipients:

Service Providers: In connection with our general business operations, product/service improvements, to enable certain features, and in connection with our other legitimate business interests, we may share your Personal Data with service providers who provide certain services or process data on our behalf.

Affiliates: In order to streamline certain business operations, improve personalization, and develop products and services that better meet the interests and needs of our customers, and promote information we believe will be of interest to you, we may share your Personal Data with any of our current or future affiliated entities, subsidiaries, and parent companies.

Partners: We may share your Personal Data with business or marketing partners in connection with promotions, events, products, and services that are promoted, managed, supported, or otherwise undertaken with that third party. If appropriate, these parties may engage in direct marketing or behavioral advertising.

Marketers: In order to improve personalization, deliver more relevant advertisements, and develop better products and services, we may share certain Personal Data with current or future affiliated entities and trusted third parties for marketing, advertising, or other commercial purposes, and we may allow third parties (such as Facebook, ad exchanges, data management platforms, or ad servers) to operate on our Digital Services and process data for behavioral advertising.

Social Media: If you use any social media plugin, API, or other similar feature, use an event hashtag or similar link or otherwise interact with us or our Digital Services via social media, we may make your post available on our Digital Services or to the general public. We may share, rebroadcast, or redisplay Personal Data or other information in the post to the extent permitted by the relevant social media service.

Corporate Events: Your Personal Data may be processed in the event that we go through a business transition, such as a merger, acquisition, liquidation, or sale of all or a portion of our assets. For example, Personal Data may be part of the assets transferred or may be disclosed (subject to confidentiality restrictions) during the due diligence process for a potential transaction.

Legal Disclosures: Where you travel internationally, we may share your data with governmental agencies to the extent required in connection with a given transaction and applicable law (e.g. cruise ship passenger records). Additionally, in limited circumstances, we may, without notice or your consent, access and disclose your Personal Data, any communications sent or received by you, and any other information that we may have about you to the extent we believe such disclosure is legally required, in response to lawful requests by public authorities (including to meet national security or law enforcement requirements) to prevent or respond to a crime, to investigate violations of our Terms of Use, or in the vital interests of us or any person. Note, these disclosures may be made to governments that do not ensure the same degree of protection of your Personal Data as your home jurisdiction. We may, in our sole discretion (but without any obligation), object to the disclosure of your Personal Data to such parties.

Your Rights & Choices

Your Rights

Subject to the rights granted to other individuals, and our rights to limit or deny access/disclosure under applicable law, you have the following rights in your Personal Data. Note, we may require that you provide additional Personal Data to exercise these rights, e.g. information necessary to prove your identity. You may exercise your rights by contacting us (re: data rights requests, except where noted):

Access: You may receive a list of your Personal Data that we process to the extent required and permitted by law.

Rectification: You may correct any Personal Data that we hold about you to the extent required and permitted by law. For Registration Data, you may be able to make changes via your account settings menu.

Erasure: To the extent required by applicable law, you may request that we delete your Personal Data from our systems.

Data Export: To the extent required by applicable law, we will send you a copy of your Personal Data in a common portable format of our choice.

California Rights: Residents of California (and others as required by applicable law) may request a list of Personal Data we have disclosed about you to third parties for direct marketing purposes during the preceding calendar year. This request must be written, signed, and mailed to us unless otherwise required by applicable law.

Regulator Contact: You have the right to contact or file a complaint with regulators or supervisory authorities about our processing of Personal Data. To do so, please contact your local data protection or consumer protection authority.

Your Choices

It is possible for you to use some of our Digital Services without providing any Personal Data, but you may not be able to access certain features or view certain content. You have the following choices regarding the Personal Data we process:

Consent: If you consent to processing, you may withdraw your consent at any time, to the extent required by law.

Direct Marketing: You have the choice to opt-out of or withdraw your consent to processing related to direct marketing communications. You may have a legal right not to receive such messages in certain circumstances, in which case, you will only receive direct marketing communications if you consent. You may exercise your choice via the links in our communications or by contacting us re: direct marketing.

Location Data: You may control or limit Location Data that we collect using our Mobile App and Internet and IoT Services by changing your preferences in your device’s location services preferences menu, or through your choices regarding the use of Bluetooth, WiFi, and other network interfaces you may use to interact with our Digital Services. However, please note that use of RFID technologies may be necessary for the functioning of hardware required for certain processing of Personal Data.

Profiling & Personalization: You may opt out of the creation or other processing of Preferences Data by automated means, and object to processing for personalization purposes, to the extent applicable law gives you the right to do so. To exercise this right, please contact us re: data rights requests. Note that we may not be required to cease processing based solely on an objection.

Cookies & Similar Tech: If you do not want information collected through the use of cookies, you can manage/deny cookies (and certain technologies) using your browser’s settings menu. You must opt out of third-party services directly via the third party. For example, to opt-out of Google’s analytic and marketing services, visit Google Analytics Terms of Use, the Google Privacy Policy, or Google Analytics Opt-out. To learn more and opt-out of web-to-phone personalization during customer support calls, please visit https://www.invoca.com/privacy-policy/. Our Site does not respond to your browser’s do-not-track request.

Behavioral Advertising: You may opt out or withdraw your consent to behavioral advertising. You must opt out of third-party services directly via the third party. For example, to opt out of Google’s use of cookies, visit Google’s Ads Settings here. To opt out from Facebook Custom Audience Pixel, visit their customer support page here. To learn more about how to opt out of Twitter’s use of audience pixels, visit the Twitter help page here. If you wish to take steps to opt-out of tracking by certain online advertisers, you can visit the Digital Advertising Alliance’s opt-out page at http://www.aboutads.info/choices or the Network Advertising Initiative at www.networkadvertising.org/optout_nonppii.asp. You can limit or opt out of our processing for behavioral advertising by contacting us.

Other Processing: You may have the right under applicable law to object to our processing of your Personal Data for certain purposes. You may do so by contacting us re: data rights requests. Note that we may not be required to cease certain processing based solely on an objection.

Security

We implement reasonable administrative, technical, and procedural security measures to safeguard the Personal Data you provide us. Please note, we do not warrant perfect security and we do not provide any guarantee that your Personal Data or any other information you provide us will remain secure.

Data Retention

We retain information for so long as it, in our discretion, remains relevant to its purpose, and in any event, for so long as is required by law (whether such time is shorter or longer than our standard retention period). We will review retention periods periodically, and may sometimes pseudonymize or anonymize data held for longer periods, if appropriate.

Minors

Our Digital Services are neither directed at nor intended for use by minors under the age of majority in the relevant jurisdiction. Further, we do not knowingly collect Personal Data from such individuals. If we learn that we have inadvertently done so, we will promptly delete it. Do not access or use the Digital Services if you are not of the age of majority in your jurisdiction unless you have the consent of your parent or guardian.

International Transfers

We operate in and use service providers located in the United States. If you are located outside the U.S., your Personal Data may be transferred to the U.S. The U.S. does not provide the same legal protections guaranteed to Personal Data in the European Union. Accordingly, your Personal Data may be transferred to the U.S. pursuant to the EU-U.S. Privacy Shield Framework, the Standard Contractual Clauses, or other adequacy mechanisms, or pursuant to exemptions provided under EU law. Please contact us for more information regarding the adequacy mechanism used for transfers in specific circumstances.

EU-U.S. Privacy Shield

We comply with the EU-U.S. and U.S.-Swiss Privacy Shield Frameworks set forth by the U.S. Department of Commerce with respect to our collection, use, and retention of Personal Data from European Union member countries and Switzerland. We have certified that we adhere to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. Furthermore, we require third party recipients of EU/Swiss residents’ Personal Data to agree to respect these principles, and we accept liability for third parties’ processing of EU/Swiss residents’ data to the extent required by law.

If there is any conflict between the policies in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov. You may view the list of Privacy Shield companies here.

We encourage users to contact us if you have any concerns about our compliance with this Privacy Policy and the Privacy Shield Framework. In compliance with the EU-U.S./U.S.-Swiss Privacy Shield Principles, we commit to resolving complaints about your privacy and our collection or use of your Personal Data. EU/Swiss residents with inquiries or complaints regarding this Privacy Policy should first contact us at the address below. We will respond to complaints from EU/Swiss residents within 45 days.

If any complaints by EU/Swiss residents cannot be resolved informally, we have agreed to participate in the JAMS dispute resolution procedures pursuant to EU-U.S./U.S.-Swiss Privacy Shield principles. EU/Swiss residents with unresolved complaints may refer them to may refer them to JAMS here. Under certain circumstances, these dispute resolution processes may result in your ability to invoke binding arbitration. As a U.S. company, we are also subject to the investigatory and enforcement power of the FTC regarding our compliance with the Privacy Shield Framework and this Privacy Policy, and users may direct complaints to the FTC in the event the dispute resolution processes described above is unsatisfactory.

Changes to Our Privacy Policy

We may change this Privacy Policy from time to time. Changes will be posted on this page with the effective date. Please visit this page regularly so that you are aware of our latest updates. Your use of the Digital Service following notice of any changes indicates acceptance of any changes.

Contact Us

Feel free to contact us with questions or concerns using the appropriate address below.

General inquires: privacy@xanterra.com

Marketing choices: If you would like to make changes to your communications preferences, click the link in any email from Xanterra, or send us an email at preferences@xanterra.com

Data rights requests: datarequests@xanterra.com

Data Protection Officer: DPO@xanterra.com

Physical address: Xanterra Leisure Holding | 6312 S. Fiddlers Green Cir. Ste. 600N. | Greenwood Village, Colorado 80111 | Attn: Privacy