CAS Trips and GDPR –
Our Commitment to Data Privacy

CAS Trips is committed to compliance with the General Data Protection Regulation (GDPR), which will go into effect May 25, 2018. The regulation contains the most significant changes to European data privacy legislation in the last 20 years. It is designed to give EU citizens more control over their data and seeks to unify a number of existing privacy and security laws under one comprehensive law.

Our customers can trust that we have made GDPR a priority and have devoted significant resources toward our efforts to comply with GDPR. This post outlines our approach and progress to date.

What We Are Doing

Like many companies, we are implementing our company-wide GDPR compliance strategy leading up to May 25, 2018 and beyond. We appreciate that our customers have requirements under GDPR that are directly impacted by their use of CAS Trips, and we are committed to helping our customers fulfil their requirements under GDPR.

Below are a few examples of initiatives we have committed to in order to satisfy GDPR requirements that apply to both our customers and us:

  • Committing to security and privacy measures required under GDPR.
  • Assisting our customers with satisfying their GDPR data security and privacy requirements notifying regulators of personal data breaches on our systems and promptly communicating any such breaches to our customers and end- users.
  • Ensuring our staff that access and process our customer’s personal data are bound to maintain the confidentiality and security of that data.
  • Holding any sub processors that handle our customers’ personal data to the applicable data management, security and privacy standards required under GDPR
  • Committing to carry out data impact assessments and consulting with EU
    regulators where appropriate.

GDPR FAQ

Do we process personal data of our customers?
Yes, we process customer personal data to provide CAS Trips and for other
specified purposes described in our Privacy Policy.

Where do we send customer data?
CAS Trips only sends customer data to third parties in order to fulfill government requirements associated with International travel.

Can you guarantee that my data will stay in a certain location (e.g., Europe)?
In all cases where data is transferred outside of the E.U., CAS Trips commits to
ensuring such transfers are compliant with applicable data transfer laws,
including GDPR.

More Resources

CAS Trips is 100% committed to customers’ success and the protection of
customer data. Customers can count on our commitment to GDPR compliance.
For more information, be sure to look at our privacy policy, below:


Privacy Policy

What this policy covers

Your privacy is important to us, and so is being transparent about how we collect, use, and share information about you. This policy is intended to help you understand:

What information we collect about you

How we use information we collect

How we share information we collect

How we store and secure information we collect

How to access and control your information

Other important privacy information

This Privacy Policy covers the information we collect about you when you use our services or otherwise interact with CAS Trips (for example, attending CAS Trips events), unless a different privacy policy is displayed. This policy also explains your choices about how we use information about you. Your choices include how you can object to certain uses of information about you and how you can access and update certain information about you.

When we refer to “CAS Trips,” “we,” or “us” in this policy, we mean CAS Trips, which controls the information CAS Trips collects when you use our services.

What information we collect about you

We collect information about you when you provide it to us, when you use our Services, and when other sources provide it to us, as further described below.

Information you provide to us

We collect information about you when you input it into our Services or otherwise provide it directly to us.

  • Account and Profile Information:
    We collect information from you when you use our services. This is personal information that is needed for you to travel abroad. For example, you provide your contact information and, in some cases, billing information when you register for the Services. You are also required to provide passport numbers, birthdays, full names and genders as required by the foreign policy in many of our destinations.
  • Content you provide through feedback:
    We collect other content that you submit to us, which include social media or social networking websites operated by us. For example, you provide content to us when you provide feedback.
  • Payment Information:
    We collect certain payment and billing information when you register for certain paid Services. For example, we ask you to designate a billing representative, including name and contact information, upon registration. You might also provide payment information, such as payment card details, which we collect via secure payment processing services.

Information we collect automatically when you use the Services

We collect information about you when you use our Services, including browsing our websites and taking certain actions within the Services.

  • Device and Connection Information:
    We collect information about your computer, phone, tablet, or other devices you use to access the Services. This device information includes your connection type and settings when you install, access, update, or use our Services. We also collect information through your device about your operating system, browser type, IP address, URLs of referring/exit pages, device identifiers, and crash data. We use your IP address and/or country preference in order to approximate your location to provide you with a better Service experience. How much of this information we collect depends on the type and settings of the device you use to access the Services.
  • Cookies and Other Tracking Technologies:
    CAS Trips and our third-party partners, such as our advertising and analytics partners, use cookies and other tracking technologies (e.g., web beacons, device identifiers and pixels) to provide functionality and to recognize you across different Services and devices. For more information, please see our Cookies and Tracking Notice,3 which includes information on how to control or opt out of these cookies and tracking technologies.

Information we receive from other sources.

  • CAS Trips Partners:
    We work with a global network of partners who provide consulting, implementation, training and other services around our products. Some of these partners also help us to market and promote our products, generate leads for us. We receive information from these partners, such as contact information, company name and what country you are in.
  • Other partners:
    We receive information about you from third-party partners, such as advertising and market research partners who provide us with information about your interest in, and engagement with, our Services and online advertisements.

How we use information we collect

How we use the information we collect depends in part on which Services you use, how you use them, and any preferences you have communicated to us. Below are the specific purposes for which we use the information we collect about you.

To communicate with you about the Services:
We use your contact information to send transactional communications via email, including confirming your purchases, updating you about CAS Trips news, responding to your comments, questions and requests, providing customer support.

To market, promote, and drive engagement with the Services:
We use your contact information and information about how you use CAS Trips’ website and advertisements to send promotional communications that may be of specific interest to you. These communications are aimed at driving engagement and maximizing what you get out of CAS Trips, including information about new destinations, newsletters, and events we think may be of interest to you. We also communicate with you about new product offers, promotions and contests. You can control whether you receive these communications as described below under “Opt-out of communications.”

To protect our legitimate business interests and legal rights:
Where required by law or where we believe it is necessary to protect our legal rights, interests and the interests of others, we use information about you in connection with legal claims, compliance, regulatory, and audit functions, and disclosures in connection with the acquisition, merger or sale of a business.

With your consent:
We use information about you where you have given us consent to do so for a specific purpose not listed above. For example, we may publish testimonials or featured customer stories to promote CAS Trips services, with your permission.

Legal bases for processing (for EEA users):
If you are an individual in the European Economic Area (EEA), we collect and process information about you only where we have legal bases for doing so under applicable EU laws. The legal bases depend on the Services you use and how you use them. This means we collect and use your information only where:

  • We need it to provide you CAS Trips services, including to operate
    our trips, provide customer support and personalized features and
    to protect the safety and security of CAS Trips services;
  • It satisfies a legitimate interest (which is not overridden by your
    data protection interests), to market and promote the Services and
    to protect our legal rights and interests;
  • You give us consent to do so for a specific purpose; or
  • We need to process your data to comply with a legal obligation.
  • If you have consented to our use of information about you for a
    specific purpose, you have the right to change your mind at any
    time, but this will not affect any processing that has already taken
    place. Where we are using your information because we or a third
    party (e.g. your employer) have a legitimate interest to do so, you
    have the right to object to that use though, in some cases, this may
    mean no longer using the Services.

How we share information we collect

Sharing with third parties
We share information with third parties that help us operate, provide, improve, integrate, customize, support and market our Services.

  • Service Providers:
    We work with third-party service providers to provide website and application development, hosting, maintenance, backup, storage, virtual infrastructure, payment processing, analysis and other services for us, which may require them to access or use information about you. If a service provider needs to access information about you to perform services on our behalf, they do so under instruction from us, including abiding by policies and procedures designed to protect your information.
  • CAS Trips Partners:
    We work with third parties who provide consulting, sales, support, logistical and technical services. We may share your information with these third parties in connection with their services, such as to assist with billing and collections, to provide localized support, and to provide on-trip services.
  • Links to Third-Party Sites:
    CAS Trips services may include links that direct you to other websites or services whose privacy practices may differ from ours. Your use of and any information you submit to any of those third-party sites is governed by their privacy policies, not this one.
  • Third-Party Widgets:
    Some of our Services contain widgets and social media features, such as the Twitter “tweet” button. These widgets and features collect your IP address, which page you are visiting on CAS Trips’ webspace, and may set a cookie to enable the feature to function properly. Widgets and social media features are either hosted by a third party or hosted directly on our services. Your interactions with these features are governed by the privacy policy of the company providing it.
  • With your consent:
    We share information about you with third parties when you give us consent to do so. For example, we often display personal testimonials of satisfied customers on our public websites. With your consent, we may post your name alongside the testimonial.
  • Compliance with Enforcement Requests and Applicable Laws; Enforcement of Our Rights:
    In exceptional circumstances, we may share information about you with a third party if we believe that sharing is reasonably necessary to (a) comply with any applicable law, regulation, legal process or governmental request, including to meet national security requirements, (b) enforce our agreements, policies and terms of service, (c) protect the security or integrity of our products and services, (d) protect CAS Trips, our customers or the public from harm or illegal activities, or (e) respond to an emergency which we believe in good faith requires us to disclose information to assist in preventing the death or serious bodily injury of any person. For more information on how we respond to government requests, see our Guidelines for Law Enforcement and our Transparency Report.

How we store and secure information we collect

Information storage and security
We use data hosting service providers to host the information we collect, and we use technical measures to secure your data. While we implement safeguards designed to protect your information, no security system is impenetrable and due to the inherent nature of the Internet, we cannot guarantee that data, during transmission through the Internet or while stored on our systems or otherwise in our care, is absolutely safe from intrusion by others. We will  respond to requests about this within a reasonable timeframe.

How long we keep information
How long we keep information we collect about you depends on the type of information, as described in further detail below. After such time, we will either delete or anonymize your information or, if this is not possible (for example, because the information has been stored in backup archives), then we will securely store your information and isolate it from any further use until deletion is possible.

  • Personal Information:
    We retain your account information until you unsubscribe. We also retain some of your information as necessary to comply with our legal obligations, to resolve disputes, to enforce our agreements, to support business operations and to continue to develop and improve our services. Where we retain information for Service improvement and development, we take steps to eliminate information that directly identifies you, and we only use the information to uncover collective insights about the use of our Services, not to specifically analyze personal characteristics about you.
  • Marketing information:
    If you have elected to receive marketing emails from us, we retain information about your marketing preferences unless you specifically ask us to delete such information. We retain information derived from cookies and other tracking technologies for a reasonable period of time from the date such information was created.

How to access and control your information

You have certain choices available to you when it comes to your information. Below is a summary of those choices, how to exercise them and any limitations. We will respond to requests about this within a reasonable timeframe.

Your Choices:
You have the right to request a copy of your information, to object to our use of your information (including for marketing purposes), to request the deletion or restriction of your information, or to request your information in a structured, electronic format. Below, we describe the tools and processes for making these requests.

Your request and choices may be limited in certain cases: for example, if fulfilling your request would reveal information about another person, or if you ask to delete information which we or your administrator are permitted by law or have compelling legitimate interests to keep. If you have unresolved concerns, you may have the right to complain to a data protection authority in the country where you live, where you work or where you feel your rights were infringed.

  • Request that we stop using your information:
    In some cases, you may ask us to stop accessing, storing, using and otherwise processing your information where you believe we don’t have the appropriate rights to do so. Where you gave us consent to use your information for a limited purpose, you can contact us to withdraw that consent, but this will not affect any processing that has already taken place at the time. You can also opt-out of our use of your information for marketing purposes by contacting us, as provided below. When you make such requests, we may need time to investigate and facilitate your request. If there is a delay or dispute as to whether we have the right to continue using your information, we will restrict any further use of your information until the request is honored or the dispute is resolved, provided your administrator does not object (where applicable)
  • Opt out of communications:
    You may opt out of receiving promotional communications from us by using the unsubscribe link within each email or by contacting us as provided below to have your contact information removed from our promotional email list or registration database.
  • Turn off Cookie Controls:
    Relevant browser-based cookie controls are described in our Cookies & Tracking Notice.
  • Send “Do Not Track” Signals:
    Some browsers have incorporated “Do Not Track” (DNT) features that can send a signal to the websites you visit indicating you do not wish to be tracked. Because there is not yet a common understanding of how to interpret the DNT signal, our Services do not currently respond to browser DNT signals. You can use the range of other tools we provide to control data collection and use, including the ability to opt out of receiving marketing from us as described above.
  • Data portability:
    Data portability is the ability to obtain some of your information in a format you can move from one service provider to another (for instance, when you transfer your mobile phone number to another carrier). Depending on the context, this applies to some of your information, but not to all of your  information. Should you request it, we will provide you with an electronic file of your basic account information and the information you create on the spaces under your sole control.

Other important privacy information

Notice to End Users
Where CAS Trips services are made available to you through an organization (e.g. your employer or school), that organization is the administrator and is responsible for the end-users and over which it has control. If this is the case, please direct your data privacy questions to your administrator, as your use of the Services is subject to that organization’s policies. We are not responsible for the privacy or security practices of an administrator’s organization, which may be different than this policy.

Please contact your organization or refer to your administrator’s organizational policies for more information.

Changes to our Privacy Policy
We may change this privacy policy from time to time. We will post any privacy policy changes on this page and, if the changes are significant, we will provide a more prominent notice by adding a notice on the Services homepages, login screens, or by sending you an email notification. We will also keep prior versions of this Privacy Policy in an archive for your review. We encourage you to review our privacy policy whenever you use CAS Trips ervices to stay informed about our information practices and the ways you can help protect your privacy.

If you disagree with any changes to this privacy policy, you will need to unsubscribe from emails, as outlined above.

Contact Us
Your information is controlled by CAS Trips. If you have questions or concerns about how your information is handled, please direct your inquiry to CAS Trips. as set forth below:

CAS Trips s.r.o.
Zahradníčkova 1220/20a,
Košíře, 150 00 Praha 5
Czechia
info@castrips.org