Privacy Policy

Version 4, Last Updated: 27/11/2024

 

We, Sayari LLC (“we”, “us“, “our“) have developed and operate a  proprietary software-based Platform designed for providers of tourism related services and other interested customers to help them manage their day-to-day business, and operate a website available at: https://www.tripmatrix.com/ (“Website”). “You” may be a visitor to our Website, a registered partner, or an end-user of our software-based Services (“Services”).

We appreciate your interest in our enterprise and are committed to protecting your privacy. The purpose of this Privacy Policy is to inform you about the Personal Data we collect through our main Website and through our Services that we provide, how we use and share that Personal Data, your rights and choices, and how you can contact us about our privacy practices. Your Personal Data will be processed exclusively in accordance with the statutory provisions of data protection laws. By visiting our Website, using our Services and submitting your Personal Data to us, you acknowledge and consent to our use of Personal Data as set out in this Privacy Policy. In the event we have processed your Personal Data prior to commencement of particular data protection laws (or applicable privacy laws in your location), you consent to us continuing to process your Personal Data pursuant to this Privacy Policy.

Privacy Policy Overview

1. Who is responsible for Data Processing and how can you contact them?
2. Personal Data
3. Types of Personal Data we collect
4. How we collect your Personal Data?
5. How we use your Personal Data, Purposes and Legal Basis
6. Who may receive your Personal Data?
7. International Personal Data Transfer
8. Personal Data Storage and Duration
9. Your Rights
10. Is there Automated Decision-Making or Profiling?
11. Third-Party Links
12. Supplemental Privacy Notice to California Residents
13. Consumer rights
14. Changes to our Privacy Policy
15. Your Complaints

1. Who is responsible for Data Processing and how can you contact them?

Responsible for the data processing is:

Sayari LLC, 

Legal & Compliance Department

2810 N Church St PMB 48386, 

Wilmington, DE 19802-4447, 

United States of America

If you have any questions or suggestions regarding data protection, please feel free to contact us. You may reach us at:

E-Mail: dataprotection@tripmatrix.com

Web: https://www.tripmatrix.com/

2. Personal Data

The subject matter of data protection is your Personal Data. That is all the information that relates to you (as an identified or identifiable individual). This covers for example, information such as name, postal address, e-mail address, or telephone number as well as information that necessarily originates from the use of our Website, such as details about the start, end, and scope of use, and the communication of your IP address.

3. Types of Personal Data we collect

We collect and process various types of Personal Data:

• Identity data including your name, gender, date of birth, nationality, passport number, profile image;
• Contact data including your address, e-mail, phone number, fax, social media profiles (Facebook, Instagram, Twitter), your website, preferred salutation;
• Financial data including your IBAN, SWIFT;
• Transaction data related to the payment of the contracted service received from the payment gateway;
• Technical data including internet protocol (IP) address, your login data, browser type and version, access times;
• Usage data including information about your usage of our Website, Services, and activities including information retrieved from cookies;
• Marketing and communication data including travel inquiries and offers and your preference in receiving marketing from us and communicating with us.

4. How we collect your Personal Data?

There are two primary ways you may interact with us online, by visiting our Website and by using our Services. We may collect your personal data through any of the following methods:

Direct interactions where you provide us with identity, profile, contact, financial and transaction data through completing documentation for us or communicating by phone, e-mail, post, via our Website or otherwise. This includes personal data that is provided to us when you:

• access or use our Website or Services;
• register an account;
• subscribe to our Services;
• provide us with feedback;
• provide us with information through our web forms (including “Book a demo”, “Contact us”);
• otherwise contact us, or our registered partners in the course of our business.

Automated technology and data where you interact with our Website and/or Services, we automatically collect technical, usage and marketing or communications data. We collect this personal data using particular service providers, cookies and server logs/log files. This includes:

• Browser and Device information that is collected by most browsers or automatically through your device, such as your IP address, computer type, screen resolution, operating system name and version, device manufacturer and model, language, Internet browser type, and add-ons;
• Log Information that is automatically collected in system logs about how you interact with our Website, such as your online activity, search terms, pages you visit, date and time of access. This information is used to improve your experience on our Website and keep the Website free of bugs and errors;
• Cookies and similar technologies which serve us to communicate with your end device and exchange stored information. Cookies are text files that are stored in a computer system via an Internet browser. Many Internet sites and servers use Cookies. Many Cookies contain a so-called Cookie ID which is a unique identifier of the Cookie. It consists of a character string through which Internet page accesses can be assigned to the specific Internet browser in which the cookie was stored. This allows visited Internet sites and servers to differentiate the individual browser of the data subject from other Internet browsers that contain other Cookies. A specific Internet browser can be recognized and identified using the unique Cookie ID. These Cookies are primarily used to make the functions of our online Services usable. Our Website uses the so-called third-party cookies. These cookies are provided by third party service providers (including Google Analytics, HubSpot and Youtube) and will be used to improve the performance and design of the Website. Insofar as we should also use Cookies to analyze the use of our online Services and to be able to target it to your interests and, if necessary, to provide you with interest-based content and advertisements, this is done exclusively on the basis of your voluntary consent. You may, at any time, prevent the setting of Cookies through our website by means of a corresponding setting of the Internet browser used, and may thus permanently deny the setting of Cookies. Already set cookies may also be deleted at any time via an Internet browser or other software programs. 

Third parties or publicly available sources where your personal data is made available as follows:

• Technical data from advertising networks, search information providers and analytics providers (including Google Analytics);
• Contact, financial and transaction data from technical and payment services connected to our Services;
• Identity and contact data made available from public sources, law enforcement or government entities (as applicable);
• Identity and contact data from third-party applications where services require the import of information about users and their clients to fulfill activities and facilitate payments.

5. How we use your Personal Data, Purposes and Legal Basis

We use your Personal Data as permitted by applicable law. Sayari LLC is subject to the General Data Protection Regulation (EU) 2016/679 (GDPR) when processing personal data of data subjects located in the European Union. Under the GDPR we are the data processor and data controller for your Personal Data when you access and use our Website and Services.

If we process your Personal Data because you use our Services as a result of your relationship with a person or entity that we provide our Services to, we are not the data controller for that Personal Data. In this event, we act as a Data Processor by processing your Personal Data on behalf of our customer.

The provision of Personal Data by you may be required by law or contract or may be necessary for the conclusion of a contract. We will point it out separately if you are obliged to provide personal data and what possible consequences the non-supply would then have (e.g., our position not to provide the requested service without providing certain information).

In accordance with applicable law, we commonly process your Personal Data for various purposes based on a particular legal basis including:

Performance of Contractual Obligations
We process your Personal Data if this is necessary for the performance of a contract to which you are a party or for the implementation of pre-contractual measures taken in response to your request. The purposes of processing include enabling the use of our specific Services. This also includes providing Services or access to our Website, facilitating interactions with you in respect of operating our business, processing payments, billing, or claims, responding to enquiries, requests and feedback technical assistance, maintaining technical and account history, Service updates, storing information at third-party data centers, assessing the performance of aspects of our business, conducting business processing functions, any other uses identified at the time of Personal Data collection, including necessary steps taken prior to entering a contract with you;

Compliance with Legal Obligation
We process your Personal Data to comply with legal obligations to which we are subject. These obligations may arise, for example, from commercial, tax, money laundering, financial or criminal law. The purposes of the processing result from the respective legal obligation; as a rule, the processing serves the purpose of complying with state control and information obligations.

Legitimate Interest
We also process your Personal Data to pursue our legitimate interests or those of third parties, unless your rights, which require the protection of your Personal Data, outweigh these interests. The processing to safeguard legitimate interests is carried out for the following purposes or to safeguard the following interests:

• Further development of our Services;
• Improvement of Service quality, elimination of errors and malfunctions;
• Handling of non-contractual inquiries and concerns;
• Ensuring legally compliant actions, prevention of and protection against legal violations (especially criminal offences), assertion of and defense against legal claims, internal and external compliance measures;
• Answering and evaluation of contact requests and feedback.

Consent
We process your Personal Data on the basis of corresponding consent. If you give your consent, it is always for a specific purpose; the purposes of processing are determined by the content of your declaration of consent. You can withdraw the consent granted to us at any time. Please note that the withdrawal of your consent will not affect the lawfulness of any processing carried out prior to the withdrawal. Upon your withdrawal of consent, we may not be able to provide certain services to you. We will notify you if this occurs at the time you withdraw your consent.

If we process your Personal Data for a purpose other than that for which the data was collected, beyond the scope of a corresponding consent or a mandatory legal basis, we will take into account, the compatibility of the original and the now pursued purpose, the nature of the Personal Data, the possible consequences of further processing for you and the guarantees for the protection of the Personal Data.

6. Who may receive your Personal Data?

Within Sayari LLC, only those persons who need your Personal Data for the respective purposes mentioned in this Policy will have access to it. Service providers and vicarious agents appointed by us can also receive access to data for the purposes given if they maintain confidentiality. These are companies in the categories of [banking services, IT services, logistics, printing services, telecommunications, collection, advice and consulting, and sales and marketing]. Your Personal Data will only be passed on to external recipients if we have legal permission to do so or have your consent. Below you may find an overview of the corresponding recipients:

• Commissioned processors: external service providers, for example in the areas of technical infrastructure, performance and maintenance as well as payment processing, which are carefully selected and reviewed. The processors may only use the data in accordance with our instructions.
• Public bodies: authorities and state institutions, such as tax authorities, public prosecutors’ offices or courts, to which we are required to transfer Personal Data.

7. International Personal Data Transfer

We may disclose your Personal Data internationally to third parties for the purposes for which we collect and use that information. Any such disclosure will be completed in accordance with a requisite degree of protection. If you are based in the European Economic Area (EEA), we will ensure at least one of the following safeguards is implemented:

• We will only transfer your Personal Data to countries that have been deemed to provide an adequate level of protection for your personal data by the decision of the European Commission;
• In case we shall transfer your data to any other country that is not subject to an adequacy decision, we will ensure that there is a legal basis and, where required, a reasonable safeguard for such data transfer to ensure your personal data is dealt with in a manner that is consistent with applicable laws and regulations on data protection under the GDPR.; or
• If we use particular service providers outside of the EEA, we may rely on contracts approved for use in the EEA that provide personal data with the same protection it holds in the EEA, especially standard data protection clauses adopted by the European Commission.

Please contact us if you would like to request a copy of the specific safeguards applied to export your information.

8. Personal Data Storage and Duration

We store your Personal Data, if there is legal permission to do so, only as long as necessary to achieve the intended purposes or as long as you have not revoked your consent. In the event of an objection to processing, we will erase your Personal Data, unless further processing is still permitted by law. We will also erase your Personal Data if we are obliged to do so for other legal reasons. Applying these general principles, we will usually erase your Personal Data immediately after the legal permission has ceased to apply and provided that no other legal basis (e.g. commercial and tax law retention periods) intervenes. If the latter applies, we will delete the data after the other legal basis has ceased to apply. We will also usually erase your Personal Data if we are no longer required to hold it for the purposes we pursue and no other legal basis intervenes, if the latter is the case, we will delete the data after the other legal basis has ceased to apply. 

We may store your personal data in physical documents or in electronic form. Physical files are kept securely inside our access-controlled premises, while electronic files are only accessible through our secure network.

9. Your Rights

Under the GDPR and other applicable law, certain circumstances will give you the following rights in relation to your Personal Data:

Right to access your Personal Data enables you to receive a copy of the Personal Data we hold about you and confirm that we are processing it in accordance with the law.

Right to rectification of your Personal Data enables you to correct any incomplete or inaccurate data we hold, provided we can verify the accuracy of the new data provided by you. It is important that your Personal Data is accurate and current, therefore please keep us notified of changes to your personal data during your relationship with us. 

Right to erasure of your Personal Data enables you to ask us to erase or otherwise remove personal data where there is no valid reason for us continuing processing it. You also have the right to ask us to erase or remove your Personal Data where you have successfully objected to processing. Notwithstanding this, we may not always be able to comply with your request of erasure for legal reasons that we will notify you of, if applicable, at the time of your request for erasure.

Right to objection to processing of your Personal Data in circumstances where we are relying on a legitimate interest (or a third party’s interest) and there is something about your situation which drives you to object to processing because you believe it impacts on your fundamental rights and freedoms. You may object to us processing your personal data for direct marketing purposes. In the event we demonstrate compelling legitimate interest to process your data, this may override your objection to processing.

Right to restriction of the processing of your Personal Data enables you to ask us to suspend the processing of your Personal Data in the following situations:

• If our use of the personal data is unlawful, but you do not want us to delete it; or
• If you require us to hold the personal data, even if we no longer require it, because you need it to establish, exercise or defend legal claims; or
• If you have objected to our use of your personal data but we need to verify whether we have overriding legitimate interest to use it; or
• If you want us to establish the personal data’s accuracy.

Right to data portability of your Personal Data enables you to ask us to give you, or a third party you have elected, your Personal Data in a structured, commercially reasonable, machine-readable format. Please note that this right only applies to automated information which you initially provided consent for us to use, or where we used the information to complete performance or a contract with you. 

Please contact us using the listed contact details in this Privacy Policy if you choose to exercise any of the rights listed above. We may require and request further information to assist us in confirming your identity or clarifying your request.

 10. Is there Automated Decision-Making or Profiling?

We do not carry out automated decision-making or profiling described under Article 22 GDPR. If we use this procedure in individual cases, we will inform you of this separately, as long as that is legally required.

11. Third-Party Links

Our website and services may include links to third-party websites, applications or plug-ins (including Facebook, LinkedIn, Instagram and YouTube). If you click on third-party links or enabling third-party connections, you consent to third-party collection or sharing of data about you.

We do not control third-party links and we are not responsible for the privacy statements of third parties. When you are directed away from our website or services, we encourage you to read the privacy policy of each third-party website you visit.

12. Supplemental Privacy Notice to California Residents 

This Supplemental Privacy Notice supplements the information in our Privacy Policy above, and except as provided herein, applies solely to California residents. 

• Types of Personal Information We Collect

If you are a California resident, California law requires us to provide you with some additional information regarding how we collect, use, and disclose your “personal information” and “sensitive personal information” (as defined in the California Consumer Privacy Act (“CCPA”)).

Throughout our Privacy Policy, we describe the specific pieces of personal information and sensitive personal information we collect, the sources of that information, and how we disclose it. Under the CCPA, we also have to provide you with the “categories” of personal information we collect and disclose for “business purposes” (as those terms are defined by applicable law). Those categories are identifiers (such as name, address, email address, phone number, other account information, and cookies); commercial information (such as transaction data); financial data (such as credit card and other financial account information); internet or other network or device activity (such as IP address or service usage); geolocation information (general location); inference data about you; sensory information (such as audio recordings if you call customer service); professional or employment related data; education data; insurance (including health insurance) information; medical information; physical characteristics or description; legally protected classifications (such as gender); other information that identifies or can be reasonably associated with you. The categories of sensitive personal information are account log-in, financial account information, and password or other credentials allowing access to your account.

We collect the categories of personal information identified above from the following sources: (1) directly from you; (2) through your interaction with/use of our Website and/or Services; (3) affiliates; and (4) third parties such as social networks.

We may collect and disclose the above categories of information for the purposes described in our Privacy Policy. This includes the following business or commercial purposes (as those terms are defined in applicable law):

• Our operational purposes;
• Auditing consumer interactions on our site;
• Detecting, protecting against, and prosecuting security incidents and fraudulent or illegal activity;
• Bug detection and error reporting;
• Customizing content that we or our service providers display on the Service;
• Providing the Service (e.g., account servicing and maintenance, order processing and fulfillment, customer service, advertising and marketing, analytics, and communication about the Service);
• Improving the Service and developing new services (e.g., by conducting research to develop new products or features);
• Other uses that advance our commercial or economic interests, such as third party advertising and communicating with you about relevant offers from third party partners;
• Other uses about which we notify you.

We may also use the above categories of personal information for compliance with applicable laws and regulations, and we may combine the information we collect (“aggregate”) or remove pieces of information (“de-identify”) to limit or prevent identification of any particular user or device.

We describe our information disclosure practices in our Privacy Policy. We may disclose certain categories of personal information with third parties (as defined by the CCPA) for the business purposes described above. For example, we may disclose identifiers with our marketing partners, and we may also disclose any of the categories described above with our subsidiaries and  affiliates. If you connect your account with social media services or interact with social media plugins or links on the Service, we may disclose identifiers, commercial information, internet or other network or device activity, or general location with those social media services.

13. Consumer Rights

If you are a California resident, you may have certain rights. California law may permit you to request that we:

• Provide you the categories of personal information we have collected or disclosed about you; the categories of sources of such information; the business or commercial purpose for “collecting”, “selling,” or “sharing” your personal information; the categories of third parties to whom we disclose or “sell,” or with whom we “share,” personal information; and the categories of personal information we “sell”.
• Provide access to and/or a copy of certain information we hold about you.
• Delete certain information we have about you.
• Correct inaccurate personal information that we maintain about you.

You may have the right to receive information about the financial incentives that we offer to you (if any). You also have the right to not be discriminated against (as provided for in applicable law) for exercising certain of your rights. Certain information may be exempt from such requests under applicable law. We need certain types of information so that we can provide the Service to you. If you ask us to delete it, you may no longer be able to access or use the Service.

In instances where we process personal information on behalf of a person or entity that we provide our Services to, rights requests should be directed to the our partner/customer. Any request sent directly to us that pertains to information collected on behalf of a customer will be forwarded on to that customer.

If you would like to exercise any of these rights, you can submit a request at dataprotection@tripmatrix.com, and call +385 1 8000 950. You will be required to verify your identity before we fulfill your request. To do so, you will need to provide information to match with our existing records to verify your identity, depending on the nature of the request and the sensitivity of the information sought. You can also designate an authorized agent to make a request on your behalf. To do so, you must provide us with written authorization or a power of attorney, signed by you, for the agent to act on your behalf. You will still need to verify your identity directly with us.

• “Sale” of Personal Information

California residents may opt out of the “sale” of their personal information. The CCPA broadly defines “sale” in a way that may include allowing third parties to receive certain information such as cookie identifiers, IP addresses and/or browsing behavior to add to a profile about your device, browser or you. Such profiles may enable delivery of interest-based advertising by such third parties within their platform or on other sites.

We do not sell your personal information.

• “Sharing” of Personal Information

California residents may opt out of the “sharing” of their personal information. The CCPA defines “sharing” as the targeting of advertising to a consumer based on that consumer’s personal information obtained from the consumer’s activity across websites. We “share” information for these purposes to provide more relevant and tailored advertising to you regarding our Service. As part of this advertising, we may “share” identifiers (such as IP address, device identifiers, and cookies) and internet and device activity with advertising platforms and advertising networks. To opt out of such “sharing,” please submit a request to dataprotection@tripmatrix.com . 

• Children Under 16

We do not knowingly “sell” or “share” the personal information of children under 16.

• Sensitive Personal Information

The CCPA also allows you to limit the use or disclosure of your “sensitive personal information” (as defined in the CCPA) if your sensitive personal information is used for certain purposes. Please note that we do not use or disclose sensitive personal information other than for purposes for which you cannot opt out under the CCPA.

• Retention of Your Personal Information

Please see the “Personal Data Storage and Duration” section above.

• California Shine the Light

We do not disclose personal information to third parties for their direct marketing purposes.

14. Changes to our Privacy Policy

Our Privacy Policy is current to the date indicated at the top of the front page: “Version Last Updated”. We reserve the right to update this Privacy Policy, from time to time, and provide the most recently updated version on the Website for you.

If we make any significant changes to this Privacy Policy, we will publish a notice on our Website, and notify you as required by applicable law. 

Any changes will become effective when we post the revised Privacy Policy.

 15. Your Complaints

Complaints about our Privacy Policy or our collection, processing, use, disposal, or erasure of your Personal Data should first be directed to us at the contact details set out below. We will promptly investigate and attempt to resolve your complaint.

Please, contact us at:

Sayari LLC 

Legal & Compliance Department, 

2810 N Church St PMB 48386,

Wilmington, DE 19802-4447, 

United States of America

E-mail address: dataprotection@tripmatrix.com

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a competent supervisory authority, in particular, you can contact the supervisory authority responsible for your place of habitual residence, place of work or place of the alleged infringement if you believe that that the processing of your Personal Data infringes the applicable law.