Effective Date: July 27th, 2022.
Who we are
Our website address is: https://geekgirltravel.com.
What personal data we collect and why we collect it
Information we collect directly from you
We collect the information you provide directly to us, such as when you open an account, place an order, ask to receive emails, fill out a contact form, or interact with us on social media. The types of personal data we may collect directly from you include:
- Contact information, such as your name, email address, mailing address, and phone number;
- Account information, such as your username and password;
- Billing information, such as credit card details and billing address;
- Optional information you may choose to provide, such as your social handles and age range; and
- Any other information you choose to provide, such as product reviews, responses to surveys or to receive customer support.
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
For more information on our Comments policy, please refer to our Terms and Conditions.
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
We do not collect any Sensitive Data about you. Sensitive Data refers to data that includes details about your race, ethnicity, religion, political affiliations, or sexual orientation.
Where we are required to collect personal data by law, or under the terms of the contract between us and you do not provide us with that data when requested, we may not be able to perform the contract (for example, to deliver goods or services to you). If you don’t provide us with the requested data, we may have to cancel a product or service you have ordered but if we do, we will notify you at the time.
We will only use your personal data for a purpose it was collected for or a reasonably compatible purpose if necessary. We may process your personal data without your knowledge or consent where this is required or permitted by law. For more information on this please Contact us.
How we use your personal data
We may use the information we collect to deliver the products and Services you request, to maintain and customize your account and our interactions with you (such as on our digital properties), and to provide, maintain, and improve our Services. We also use the information we collect to:
- Create and manage your online accounts and profiles;
- Communicate with you about our Services, including to tell you about products and services that may be of interest to you;
- Complete the transactions you request, perform our contractual obligations, and use as otherwise anticipated within the context of our ongoing business relationship;
- Respond to your requests, inquiries, comments, and suggestions;
- Facilitate your engagement with the Services, including to enable you to post comments and reviews, to engage with other users, and to post on social media;
- Detect, investigate, and respond to security incidents and protect against illegal or objectionable activities, including the unauthorized use of the Services, and protect the rights and property of Geek Girl Travel and others;
- Debug, identify and repair errors that impair existing intended functionality of our Services; and
- Comply with our legal obligations, including those required for you to benefit from rights recognized by law, or any regulatory requirements or provisions.
Who we share your personal data with
We may disclose certain of your personal data to Geek Girl Travel affiliates and personnel who need to know the information for the purposes described above, including personnel in the customer service and information technology departments.
We may use vendors, consultants and service providers acting on Geek Girl Travel’s behalf to perform some of the services described above. For example, we share certain information with service providers who assist with the processing of credit cards and payments, hosting, managing and servicing our data, distributing emails, or administering certain services and features. We may also share information about you with our professional advisors, including accountants, auditors, lawyers, insurers and bankers, if needed. These vendors, consultants and service providers may change over time, but we will always use trusted service providers who we require to take appropriate security measures to protect your personal data in line with our policies. We only permit them to process your personal data for specified purposes and, as appropriate, in accordance with our instructions and the provisions of this Policy and applicable law.
In certain limited circumstances, we share and/or are obligated to share your personal data with other third parties, including (a) to comply with our obligations, to protect the rights and property of Geek Girl Travel, our customers and the public, to cooperate with law enforcement investigations, and to detect and respond to suspected illegal activity and threats to the health or safety of any person or of our systems or services; and/or (b) with your consent and at your direction.
When you provide a product review or post other user content, that content may be publicly posted. Other users may be able to see your name or other information about you that you post. In certain instances, we may also share aggregated or de-identified information that cannot reasonably be used by those third parties to identify you.
How long we retain your personal data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Legal Basis for Processing
If you are a European Resident, we process your personal data when:
- We need to use your personal data to perform our responsibilities under our contract with you (e.g., processing payments for and providing the Geek Girl Travel products you have ordered).
- We have a legitimate interest in processing your personal data. For example, we may process your personal data for performance marketing activities, to conduct data analytics and to provide, secure, and improve our Services.
- We need to do so to comply with a legal obligation to which we are subject.
- We need to do so to protect your vital interests or those of others.
- We have your consent to do so, which you may withdraw at any time.
Data Subject Requests
If you are a European Resident, you have the right to access personal data we hold about you and to ask that your personal data be corrected, updated, or erased. You may also have the right to object to, or request that we restrict, certain processing. If you would like to exercise any of these rights, you may submit a request here. If you have a Geek Girl Travel account, you may also review, update, and delete certain personal data by logging into your account.
Questions or Complaints
If you are a European Resident and have a concern about how we process personal data that we are not able to resolve, you have the right to lodge a complaint with the data privacy authority where you live. For contact details of your relevant local Data Protection Authority, please see http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm or, if you are a resident of Switzerland, https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact/.
We comply with the California Consumer Privacy Act of 2018 (CCPA). The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.
You have the right to request that Geek Girl Travel disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you (i) the categories of personal information we collected about you; (ii) the categories of sources for the personal information we collected about you; (iii) our business or commercial purpose for collecting or selling that personal information; (iv) the categories of third parties with whom we share that personal information; (v) the specific pieces of personal information we collected about you (also called a data portability request); and (vi) if we sold or disclosed your personal information for a business purpose, two separate lists disclosing (a) sales, identifying the personal information categories that each category of recipient purchased; and (b) disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
You have the right to request that Geek Girl Travel delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.
We may deny your deletion request if retaining the information is necessary for us or our service providers to (i) complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you; (ii) detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for those activities; (iii) debug products to identify and repair errors that impair existing intended functionality; (iv) exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law; (v) comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.); (vi) engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent; (vii) enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us; (viii) comply with a legal obligation; or (ix) make other internal and lawful uses of that information that are compatible with the context in which you provided it.
To exercise the access, data portability, and deletion rights described above, please submit a request through our Contact form. Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, and describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request. We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.
Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance. We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not (i) deny you goods or services; (ii) charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties; (iii) provide you a different level or quality of goods or services; or (iv) suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
However, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your personal information’s value and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt in consent, which you may revoke at any time.
California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our Websites that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please Contact us.
Opting out of email marketing
If you subscribe to our mailing lists, you may unsubscribe from our promotional emails at any time by following the instructions included in those emails. If you opt out of receiving such communications, note that we may continue to send you non-promotional emails (such as order confirmation emails or emails about changes to our legal terms).
Where we send your data
Visitor comments may be checked through an automated spam detection service.
Your contact information
When you submit a form on this site that requests contact information, such as your email address or phone number, you agree to accept communication from this site to that contact information for purposes of following up or responding to your query.
How we protect your data
We have put in place security measures to prevent your personal data from being accidentally lost, used, altered, disclosed, or accessed without authorization. We also allow access to your personal data only to those employees and partners who have a business need to know such data.
What data breach procedures we have in place
We have put into place data breach procedures to attempt to identify and notify any affected users in the event of a data breach. If we cannot identify the scope of the data breach or specific affected users, we will notify all users that a data breach has occurred and may impact the personal data we have collected.
Changes to this policy