Last Updated: June 5, 2024
Introduction
NextTrip Holdings, Inc., its affiliates and subsidiaries including Maupintour, NextTrip, NextTrip Vacations (“Company,” “We”, “Us,” and “Our”) respect your privacy and are committed to protecting it through our compliance with this policy. This Privacy Policy describes the types of information we may collect from you or that you may provide when you visit our website, http://www.NextTrip.com, (Our “Website“(s)), our mobile application(s), NextTrip and Maupintour (“App.”(s)), and our practices for collecting, using, maintaining, protecting, and disclosing that information. As a general rule, we never your personal information to outside marketers, and we place strict limits on how and with whom we share your personal information.
This Privacy Policy applies to information we collect when you participate in any of our Programs, which collectively include:
-
On or through the Website.
-
On or through our App.
-
Over the phone, email, text, and other electronic messages between you and Us.
-
Through mobile and desktop applications you download from the Website and/or App, which provide dedicated non-browser-based interaction between you and the Website and/or App.
-
When you interact with our advertising and applications on third-party websites and services, if those applications or advertising include links to the Website and/or App.
Please read this Privacy Policy carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, your choice is to not use our Website and/or App. By accessing or using this Website, you agree to this privacy policy. This Privacy Policy may change from time to time (see Changes to Our Privacy Policy). Your continued use of the Website and/or App after We make changes is deemed to be acceptance of those changes, so please check the Privacy Policy periodically for updates.
Categories of Information We Collect About You and How We Collect It
We collect several types of information from and about you when you use any of our Programs, including the following categories of information:
-
Purchasing Information. This is information that We may collect about your transactions in our stores, on our Website or via our App including what products you purchase, how frequently you purchase them, and any rewards or promotions associated with a purchase.
-
Payment Information. This information that We may collect about your transactions via the Website, App or via purchases over the phone or email including your payment card number, expiration date, and billing address.
-
Personal Information. This is information by which you may be personally identified, through your account with us or otherwise, such as name, postal address, e-mail address, telephone number, address, birth date, gender, or any other identifier by which you may be contacted online or offline (“Personal Information”). The collection of such personal information is necessary for Us to provide you with our services.
-
Booking Information. We work with third parties to coordinate their booking, and that allows us to collect your name, billing information, contact information including your phone number and email, and dates that you are traveling.
-
Device and Usage Information. This is information about your internet connection (ISP), Internet browser-type, operating system, mobile carrier, how you device has interacted with Our service, including pages accessed, links clicked, and features used, along with associated dates and times, details of any referring websites or exit pages, performance and usage data, usage data, such as dates and times the app accesses Our services, the features and links clicked in the App (as applicable), searches, transactions, and the data and files downloaded to the App (as applicable), device settings selected or enabled, such as Wi-Fi, Global Position System, and Bluetooth (which may be used for location services, subject to your permissions), other technical information such as application name, type, and version as needed to provide You with our services. IP address, device and mobile ad identifiers, the website that referred you to our Website and/or App, the subject of the ads you click or scroll over, cookies, analytics, the equipment you use to access our Website and/or App, and usage details. To collect this information, we use automatic data collection cookies, web beacons and similar technologies.
-
Location information. This is information about the location of your device, including GPS location, for purposes of enhancing or facilitating our services, such as enabling the functionality of our websites or mobile applications. If you want to opt out of the collection of this location information, please see the section below titled Choices on How We Use and Disclose Your Information or by contacting us as detailed under Contact Information.
-
Public information. Some information we gather is publicly available. We may also gather information about you from third parties and other companies.
-
We may also collect other information you provide us including, collected travel-related preference s and requests such as favorite destination and accommodation types, special dietary and accessibility needs, as available, loyalty program and membership information, geolocation, images, videos, and other recording, social media account ID and other publicly-available information, communications with us (such as recordings of calls with customer service representatives for quality assurance and training purposes), search you conduct, transactions, and other interactions with you on our website, other communications that occur through the Website our App, email, phone, etc., among partners and travelers, and in-group chat and traveler-collaboration tools, the searches and transactions conducted through the services, and data you give Us about other people, such as Your travel companions or others for whom you are making a booking.
We collect this information:
-
Directly from you when you provide it to Us.
-
Some information such as your internet connection and equipment you use to access Our Website and usage details is automatically collected as you navigate through the Website and/or App. Information collected automatically may include usage details, IP addresses, location and information collected through cookies and other tracking technologies.
-
We use third-party analytics providers and products, such as Google Analytics, to obtain, compile and analyze information about how users are using and interacting with the Website and/or App. In order to collect this information, such providers may set cookies on your browser or mobile device or read cookies that are already there. Google Analytics may also receive information about you from apps you have downloaded, that partner with Google. We do not combine the information collected through the use of Google Analytics with personally identifiable information. You can control the information provided to Google and opt out of certain ads provided by Google by using one of the methods set forth in www.google.com/policies/privacy/partners/
-
From third parties, for example, our business partners, affiliates and agents.
Information You Provide to Us
The information We collect on or through Our Website and/or App may include:
-
Certain general data and Personal Information that identifies our customers, that you provide or give us in another way. This may include your first and last name, postal address, telephone number, email address, date of birth, citizenship, and passport details, and if you make a purchase, your credit/debit card details in order to make a payment and confirm the purchase.
-
Information that you provide by filling in forms on Our Website and/or App. This includes information provided at the time of registering to use Our Website, Our App, subscribing to Our service, posting material, or requesting further services. Information you provide when you enter a contest or promotion sponsored by us, and when you report a problem with our Website and/or App.
-
Records and copies of your correspondence including email addresses, if you contact Us.
-
Your responses to surveys that we might ask you to complete for research purposes.
-
Details of transactions you carry out through Our Website and/or App and of the fulfillment of your travel and purchases. You may be required to provide financial information including credit or debit card information before placing an order through Our Website and/or App.
-
Your search queries or preferences through use of the Website and/or App, including the election to share location information with Us and Our Website and/or App.
You also may provide information, or comments, or photographs to be published or displayed (hereinafter, “posted”) on public areas of the Website and/or App or transmitted to other users of the Website and/or App or third parties (collectively, "User Contributions"). Your User Contributions are posted on and transmitted to others at your own risk. Although We limit access to certain pages/you may set certain privacy settings for such information by logging into your account profile, please be aware that no security measures are perfect or impenetrable. Additionally, We cannot control the actions of other users of the Website and/or App with whom you may choose to share your User Contributions. Therefore, We cannot and do not guarantee that your User Contributions will not be viewed by unauthorized persons.
Information We Collect Through Automatic Data Collection Technologies
As you navigate through and interact with our Website and/or App, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, including:
-
Details of your visits to Our Website and/or App, including traffic data, logs, and other communication data and the resources that you access and use on the Website and/or App.
-
Information about your computer and internet connection, including your IP address, operating system, and browser type. The information we collect automatically is statistical data and does not include personal information, but We may maintain it or associate it with personal information We collect in other ways or receive from third parties. It helps Us to improve Our Website and/or App and to deliver a better and more personalized service, including by enabling U to:
-
Estimate Our audience size and usage patterns.
-
Store information about your preferences, allowing Us to customize Our Website and/or App according to your individual interests.
-
Speed up your searches.
-
Recognize you when you return to Our Website and/or App.
The technologies We use for this automatic data collection may include:
-
Cookies (or browser cookies). A cookie is a small file placed on the hard drive of your computer. You may refuse to accept browser cookies by activating the appropriate setting on your browser. However, if you select this setting you may be unable to access certain parts of our Website and/or App. Unless you have adjusted your browser setting so that it will refuse cookies, Our system will issue cookies when you direct your browser to Our Website and/or App.
-
Flash Cookies. Certain features of Our Website and/or App may use local stored objects (or Flash cookies) to collect and store information about your preferences and navigation to, from, and on our Website and/or App. Flash cookies are not managed by the same browser settings as are used for browser cookies. Information on how to disable or remove flash cookies can be found below under the section titled Choices on How We Use and Disclose Your Information.
-
Web Beacons. Pages of the Website and/or App and Our e-mails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit Us, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).
-
Java Scripts. Java scripts are code snippets embedded in various parts of websites and applications that facilitate a variety of operations including accelerating the refresh speed of certain functionality or monitoring usage of various online components.
-
Entity Tags. Entity Tags are HTTP code mechanisms that allow portions of websites to be stored or “cached" within your browser and validates these caches when the website is opened, accelerating website performance since the web server does not need to send a full response if the content has not changed.
-
HTML5 Local Storage. HTML5 local storage allows data from websites to be stored or “cached" within your browser to store and retrieve data in HTML5 pages when the Website and/or App is revisited.
We may tie information gathered above to personal information you provide to us.
Third-Party Use of Cookies and Other Tracking Technologies
Some content or applications, including advertisements, on the Website and/or App are served by third parties, including advertisers, ad networks and servers, content providers, and application providers. These third parties may use cookies alone or in conjunction with web beacons or other tracking technologies to collect information about you when you use our Website and/or App. The information they collect may be associated with your personal information or they may collect information, including personal information, about your online activities over time and across different websites and other online services. They may use this information to provide you with interest-based (behavioral) advertising or other targeted content.
We do not control these third parties' tracking technologies or how they may be used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly.
How We Use Your Information and Legal Bases for Processing
We only process your information where it is necessary for: our legitimate interests to establish and manage our relationship with you, for administrative purposes, and other legitimate business interests such as credit assessment, marketing, presenting and improving Our Website and/or App;
-
Fulfilling our contractual obligations towards you (e.g., sending confirmations, invoices, and travel documentation to you), Our affiliated or related entities, associates, partners, and the customers of such affiliated or related entities, associates and partners;
-
Create, maintain, and update user accounts on Our platforms and authenticate you as a user;
-
Maintain your search and travel history, accommodation and travel preferences, and similar information about your use of our platforms and services, and as otherwise described in this Privacy Policy;
-
Enable and facilitate acceptance and processing of payments, coupons, and other transactions;
-
Administer loyalty and rewards programs;
-
Collect and enable booking-related reviews;
-
Respond to your questions, requests for information, and process information choices
-
Enable communication between you and the travel supplier like hotels and vacation property owners;
-
Contact you (such as by text message, email, phone calls, mail, push notifications, or messages on other communication platforms) to provide information like travel booking confirmations and updates, for marketing purposes, or for other purposes as described in this Privacy Policy;
-
Market our products and services, optimize such marketing to be more relevant to you, and measure and analyze the effectiveness of our marketing and promotions;
-
Administer promotions like contests, sweepstakes, and similar giveaways;
-
Conduct surveys, market research, and data analytics;
-
Maintain, improve, research, and measure the effectiveness of our sites and apps, activities, tools, and services;
-
Monitor or record calls, chats, and other communications with our customer service team and other representatives, as well as platform communications between or among ;partners and travelers for quality control, training, dispute resolution, and as described in this Privacy Policy;
-
Create aggregated or otherwise anonymized or de-identified data, which we may use and disclose without restriction where permissible;
-
Promote security, verify identity of our customers, prevent and investigate fraud and unauthorized activities, defend against claims and other liabilities, and manage other risks
-
Comply with applicable laws, protect our and our users’ rights and interest, defend ourselves, and respond to law enforcement, other legal authorities, and requests that are part of a legal process;
-
Comply with applicable security and anti-terrorism, anti-bribery, customs and immigration, and other such due diligence laws and requirements;
-
Operate our business using lawful business purposes and as permitted by law; and
-
Compliance with applicable laws and regulations and our legal obligations, such as accounting and tax requirements.
There may be occasions where we request your consent to process your Personal Information. Where applicable, you may withdraw consent subsequently at any time by contacting Us as detailed under Contact Information, below, without affecting the lawfulness of processing based on consent before its withdrawal. For example, We may use your information to contact you about Our own and third-parties' goods and services that may be of interest to you. We may use the information We have collected from you to enable us to display advertisements to Our advertisers' target audiences. Even though We do not disclose your personal information for these purposes without your consent, if you click on or otherwise interact with an advertisement, the advertiser may assume that you meet its target criteria. Information on how to opt-out of interest-based advertising can be found under the section titled Choices on How We Use and Disclose Your Information or by contacting us as detailed under Contact Information.
Lawful bases for processing:
We will collect Personal Information from you only (i) where the Personal Information is necessary to perform a contract with you (e.g., manage your booking, process payments, or create an account at your request), (ii) where the processing is in our legitimate interests and not overridden by your rights (as explained below), or (iii) where we have your consent to do so (e.g., sending you marketing communications where consent is required). In some cases, We will have a legal obligation to collect Personal Information from you such as where it is necessary to use your transaction history to complete our financial and tax obligations under the law.
If We ask you to provide Personal Information to comply with a legal requirement or to perform a contract with you, We will make this clear at the relevant time and advise you whether the provision of your Personal Information is mandatory or not (as well as of the possible consequences if you do not provide your personal information).
Certain countries and regions allow us to process Personal Information on the basis of legitimate interests. If We collect and use your Personal Information in reliance on our legitimate interests (or the legitimate interests of any third-party), this interest will typically be to operate or improve our platform and communicate with you as necessary to provide Our services to you, for security verification purposes when you contact Us, to respond to your queries, undertaking marketing, or for the purposes of potentially detecting or preventing illegal activities.
We may in some cases use automated decision-making, for example, in relation to assessing fraudulent transactions or suspicious activity on Our Website and/or App. As part of this processing, automated decisions may be made by putting your Personal Information into a system and the decision is calculated using automatic processes. If you pose a fraud risk, this may affect your ability to book on our site. You may have rights in relation to automated decision making, including the ability to request a manual decision-making process instead or contest a decision based solely on automated processing. If you want to know more about your data protection rights, it can be found under the section titled Choices on How We Use and Disclose Your Information or by contacting us as detailed under Contact Information.
Disclosure of Your Information
We may disclose aggregated information about Our users, and information that does not identify any individual, without restriction. We may disclose personal information that We collect or you provide as described above (How We Use Your Information and Legal bases for Processing) to the following:
-
To our subsidiaries and affiliates, including, but not limited to: Maupintour, NextTrip, and NextTrip Vacations.
-
To our third party partners, for the purpose of assisting you book your trip through the partner’s platform/website.
-
To contractors, service providers, and other third parties We use to support Our business and who are bound by contractual obligations to keep Personal Information confidential and use it only for the purposes for which We disclose it to them.
-
To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Company's stock or assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Information held by Us about our Website/mobile app users is among the assets transferred.
-
To third parties, including but not limited to suppliers, third-party vendors, business partners, and corporate affiliates for the same legitimate purposes as detailed above.
-
To fulfill the purpose for which you provide it. For example, if you give Us an email address to use the "email a friend" feature of Our Website and/or App, We will transmit the contents of that email and your email address to the recipients.
-
For any other purpose disclosed by Us when you provide the information, with your consent, as applicable.
-
To comply with any court order, law, or legal process, including to respond to any government or regulatory request. When the disclosure of such personal information is required to be made to a governmental or regulatory agency, We will ensure that such Personal Information will only be shared with the relevant governmental or regulatory agency and not released to the general public. However, you will hold Us harmless if the Personal Information is disclosed by the governmental or regulatory agency to any third party or the public.
-
To enforce or apply our terms of use or terms and conditions posted on the Website and/or App and other agreements, including for billing and collection purposes.
-
If We believe disclosure is necessary or appropriate to protect the rights, property, or safety of NextTrip, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.
Choices About How We Use and Disclose Your Information
We strive to provide you with choices regarding the Personal Information you provide to Us. Below are some of the mechanisms available to change control over your information automatically provided when visiting the Website and/or App:
-
Tracking Technologies and Advertising. You can set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent. To learn how you can manage your Flash cookie settings, visit the Flash player settings page on Adobe's website. If you disable or refuse cookies, please note that some parts of the Website and/or App, as applicable, may then be inaccessible or not function properly.
-
Google Analytics. You can control the information provided to Google and opt out of certain ads provided by Google by using one the of the methods set forth in www.google.com/policies/privacy/partners or use the Google Analytics opt-out browser add-on at tools.google.com/dlpage/gaoptout?hl=en.
-
Cookies; Web Beacons; Entity Tags; and HTML5 Local Storage; and other similar technologies. Persistent cookies can be removed by following your web browser’s directions. A session cookie is temporary and disappears after you close your browser. You can reset your web browser to refuse all cookies or to indicate when a cookie is being sent. However, some features of the Website and/or App may not function properly if the ability to accept cookies is disabled. Turning off the browser's cookies will prevent web beacons from tracking your specific activity. The web beacon may still record an anonymous visit from your IP address, but unique information will not be recorded. If you do not want to receive tracking pixels, you will need to disable HTML images in your email client, and that may affect your ability to view images in other emails that you receive. Each browser is different, but many common browsers (Internet Explorer, Chrome, Firefox, and Safari) have preferences or options that may be adjusted to allow you to either accept or reject cookies and certain other technologies before they are set or installed or allow you to remove or reject the use or installation of certain technologies altogether. To find out how to see what cookies have been set and how to reject and delete the cookies, please visit: http://www.aboutcookies.org.
-
Opting out of sharing location information. You may be able to adjust the settings of your device so that information about your physical location is not sent to us or third parties by (a) disabling location services within the device settings; or (b) denying certain websites or mobile applications permission to access location information by changing the relevant preferences and permissions in your mobile device or browser settings. Please note that your location may be derived from your WiFi, Bluetooth, and other device settings. See your device settings for more information.
-
We partner with third-parties so please review their Privacy Policy with respect to information it collects about you through your use of their website and mobile application.
We do not control third parties' collection or use of your information to serve interest-based advertising. However, these third parties may provide you with ways to choose not to have your information collected or used in this way. You can opt out of receiving targeted ads from members of the Digital Advertising Alliance or the Network Advertising Initiative ("NAI") on the NAI's website or by visiting www.AboutAds.info.
Information Sent Outside the United States.
NextTrip Holdings, Inc. is a global organization and provides global services. In certain circumstances, sharing data cross-border is essential to the services you receive from Us.
Special Requirements under EU Data Protection Laws (GDPR):
In order to complete your booking, complete analysis, or for other legitimate purposes We transfer, process and store information about you outside of the EEA on servers located in the United States by NextTrip Holdings, Inc. and its affiliates located at:
NextTrip Holdings Inc.
1560 Sawgrass Corporate Parkway
Suite 400
Sunrise, Florida 33323
Therefore, your information may be transferred to, stored, or processed in the United States. We will ensure that in terms of data security standards, our systems in the US will have the same level of data protection that is required of Our EU affiliate. If we transfer your Personal Information to agencies or third parties outside the EEA, We require similar, binding EU Standard Contractual Clauses, and We monitor compliance with such. Our affiliated or related entities, associates and partners have also agreed to adopt equivalent measures. Copies of these measures can be obtained by contacting Us as detailed under Contact Information below.
If you are a resident of the European Economic Area (EEA), you have certain data protection rights. We aim to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Information.
If you wish to be informed about what Personal Information We hold about you, have a copy of it, correct or otherwise rectify it, and/or if you want it to be removed from Our systems, please contact us using the contact information set out below.
In certain circumstances, you have the following data protection rights:
-
Request access to your Personal Information (commonly known as a “data subject access request”). This enables you to receive a copy of the Personal Information We hold about you where We are the data controller and to check that We are lawfully processing it.
-
Request correction of the Personal Information that We hold about you. This enables you to have any incomplete or inaccurate information We hold about you corrected, though We may need to verify the accuracy of the new information you provide to Us.
-
Request erasure of your Personal Information. This enables you to ask Us to delete or remove Personal Information where there is no good reason for Us to continue to process it. You also have the right to ask Us to delete or remove your Personal Information where you have successfully exercised your right to object to processing (see below), where We may have processed your information unlawfully or where We are required to erase your Personal Information to comply with local law. Note, however, that We may not always be able to comply with your request for erasure for specific legal reasons, which will be explained to you, if applicable, at the time of your request.
-
Object to processing of your Personal Information. Where We are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground, as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where We are processing your Personal Information for direct marketing purposes. In some cases, We may demonstrate that We have compelling legitimate grounds to process your information which override your rights and freedoms.
-
Request restriction of processing of your Personal Information. This enables you to ask Us to suspend the processing of your Personal Information in the following scenarios: (a) if you want us to establish the information's accuracy; (b) where Our use of the information is unlawful but you do not want Us to erase it; (c) where you need Us to hold the information even if We no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to Our use of your information but We need to verify whether We have overriding legitimate grounds to use it.
-
Request the transfer of your Personal Information to you or to a third party. We will provide to you, or a third party you have chosen, your Personal Information in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for Us to use or where We used the information to perform a contract with you.
-
Withdraw consent at any time where we are relying on consent to process your Personal Information. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, We may not be able to provide certain services to you. We will advise you if this is the case at the time you withdraw your consent.
You have the right to complain to a Data Protection Authority about Our collection and use of your Personal Information. For more information, please contact your local data protection authority in the EEA.
If you wish to exercise any of the rights set out above, please contact us using the contact details below.
You will not have to pay a fee to access your Personal Information (or to exercise any of the other rights). However, We may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, We may refuse to comply with your request in such circumstances.
We may need to request specific information from you to help Us confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights). This is a security measure designed to ensure that Personal Information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
For users in the EEA, the United Kingdom, or Switzerland, any changes or modifications will be effective upon your express consent as you will be notified of any changes by virtue of a pop-up, banner, or other notification mechanism when you seek to access the Website and/or App after We issue a change or modification. Upon consent, the revisions on the Website and/or App or mobile applications shall apply to all use of the Website and/or App and mobile services and all acts or omissions occurring after the effective date of the revised Privacy Policy.
Special Requirements under Mexican Data Protection Laws In accordance with the requirements of the Mexican Federal Law on the Protection of Personal Information Held by Private Parties (Ley Federal de Protección de DatosPersonalesenPosesión de los Particulares) (the “Mexican DP Law”), We inform our users and subscribers located in Mexico of Our compliance with the Mexican DP Law. Under Mexican DP Law, We do not need to obtain your consent for the processing of your Personal Information for the purposes that give rise and are necessary for the fulfillment of our relationship (e.g. personal information required in order for you to purchase travel services). In case you do not agree with the processing of your personal information for such purposes and as described in this policy, please abstain from acquiring or using our services.
Our Website and/or App users and subscribers located in Mexico should note that:
-
The Personal Information provided by you to Us through email, fax, websites, online services, enrollment or subscription forms and agreements, telephone calls or any other means, is processed by Us for the purposes set forth in section How We Use Your Information; in the understanding that, in order to comply with the Mexican DP Law, below We have set forth those purposes that are not required to fulfill the relationship between Us, commonly known as “additional or secondary purposes”:
-
To provide you with updates about discounted availability, special offers, new services and products that may be of interest to you and other noteworthy news items.
-
Send advertisements, promotions and brochures.
-
To contact you about our and third parties’ goods and services that may be of interest to you.
-
To ask for ratings and reviews of services or products. Should you not wish that your Personal Information be used for the purposes listed immediately above, please send an email to PRIVACY@nexttrip.com with subject line “Request for Restriction on the use of My Personal Information for Secondary Purposes / Mexico”.
-
That this Privacy Policy applies to all your Personal Information that We may have access to, including: name, nationality, birthdate and birthplace, age, address, telephone number, cell phone number, email, tax identification number, hand written signature, as well as personal information that may be considered sensitive and related to recorded video or photographs, health condition, economic and financial data, including your bank account information and information of your credit or debit cards, as well as other Personal Information listed in the section Information We Collect About You and How We Collect It.
-
As described above (see Information We Collect Through Automatic Data Collection Technologies), We also collect information using various technologies, such as cookies and web beacons.
-
That your Personal Information will be solely treated in accordance with the terms and conditions of this Privacy Policy.
-
In order for you to: (i) exercise your rights to Access, Rectify, Cancel, and Object to the use of your Personal Information (known as “ARCO Rights”), and (ii) to limit the use and disclosure or to revoke your consent to the use of your Personal Information for the secondary purposes described above, please send an email to PRIVACY@nexttrip.com with subject line “Exercise of ARCO Rights / Mexico”. The request should include, as minimum:
-
Copy of your official ID and/or of your legal representative. Such documents should be scanned and attached to the corresponding email communication. For legal representative, please also attach a copy of his/her power-of-attorney.
-
Clear and precise description of the Personal Information about which the ARCO Rights are to be exercised, as well as the right or rights you wish to exercise. This description could be included in the email cover letter or in a document attached thereto, scanned and initialized in each of its pages.
-
Expressly state your agreement to receive our response through an email communication, specifying the corresponding email address.
-
Any other data that allows Us to locate your Personal Information.
-
We will issue a response within the following 20 business days after We receive your request. Once you receive our response, you will have a 15 business day period to respond to our communication. In case you do not reply to Our response within the mentioned period, We will understand in good faith that you agree with our response. We may refuse the exercise of your ARCO Rights in the cases permitted by applicable law and shall inform you about such decision. The refusal may be partial, in which case We will carry out the access, rectification, cancellation or objection in the corresponding part. As mentioned below, you can also review and change your Personal Information by logging into the Website and/or App and visiting your account profile page.
-
See the section Disclosure of Your Information for information regarding the manner in which We share your Personal Information with third parties and data-processors. Please note that we require your consent to transfer your Personal Information to third parties to market their own products or services to you. Should you not wish that your Personal Information be transferred to third parties for their own marketing purposes please send an email to PRIVACY@nexttrip.com with subject line “Request for Restriction on the Transfer of Personal Information to Third Parties for their Own Marketing Purposes / Mexico”.
-
This Privacy Policy may be modified as described in the section “Changes to the Privacy Policy” set forth below.
California Data Subject Rights
Shine the Light Law
Under California Civil Code Sections 1798.83-1798.84, California residents are entitled to ask Us for a notice identifying the categories of personal Information that we share with our affiliates and/or third parties for marketing purposes, and providing contact information for such affiliates and/or third parties. If you are a California resident and would like a copy of this notice, please submit a written request to privacy@nexttrip.com will respond to one request per California customer each year, and We do not respond to requests made by means other than as set forth above.
California Consumer Privacy Act (“CCPA”) Notice
We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“personal information”). We may have collected the following categories of personal information of California residents in the past 12 months:
-
Identifiers such as a name, postal address, Internet Protocol address, MAC address, email address, or other similar identifiers.
-
Categories of personal information described in subdivision (e) of California Civil Code Section 1798.80.
-
Characteristics of protected classifications under California or federal law.
-
Commercial information, including records of products or services purchased or considered.
-
Internet or other electronic network activity information.
-
Geolocation data.
-
Audio and visual information, such as customer service call recordings and photographs.
-
Inferences drawn from any of the information identified above.
This information is collected and used for the purposes disclosed in this Notice. We may have disclosed your identifiers to Our third party business partners, which are those analytic entities We discussed above, within the 12 months immediately preceding the posting of this updated Privacy Policy. We may have disclosed any of the above categories of Personal Information pursuant to your consent or under a written contract with a service provider for a business purpose in 12 months immediately preceding the posting of this updated Notice.
Your Rights and Choices
Under California Laws, California residents can exercise three privacy rights (Disclosure and Access; Deletion; and “Do Not Sell My Personal Information”) (collectively, “Rights”); however, based on the information we gather, and the fact that We do not “sell” personal information as that term is defined in the CCPA, your rights are somewhat limited as these Rights are not absolute and are subject to certain exceptions. For instance, we are not required to respond to requests concerning employment/application data, B2B data, and cannot disclose or permit access to specific pieces of personal information if the disclosure or access would present a certain level of risk to the security of the personal information, your account with us, or the security of the business’s systems of networks.
Specifically, employment/application data is not subject to this Notice if it is Personal Information that is collected by us in the course of your acting as a job applicant, employee, owner, director, officer, medical staff member, or contractor to us to the extent your personal information is collected and used by us solely within the context of your role or former role as a job applicant to, employee of, owner of, director of, officer of, medical staff member of, us or a contractor/third party business partner/service provider of ours. This also extends to any emergency contact information or benefits administration information you may have provided us in this context.
B2B data is similarly not subject to this Notice if the data reflects a written or verbal communication or transactions between you and us if you are acting as an employee, owner, director, officer, or contractor of a company, partnership, sole proprietorship, nonprofit, or government agency and whose communications or transaction with us occurs solely in the context of us conducting due diligence regarding, or providing or receiving a product or service to or from such company, partnership, sole proprietorship, nonprofit or government agency. If you are a California consumer, We will process your request to exercise your Rights in accordance with California Laws.
A record concerning the requests may be maintained pursuant to our legal obligations. Further, We may charge a reasonable fee or refuse to act on a request if such request is excessive, repetitive, or manifestly unfounded.
Disclosure and Access Requests
You have the right to request that We collect about you for the 12-month period immediately preceding the date of your request to know the following:
Categories of Personal Information Request
-
The categories of personal information We collected about you.
-
The categories of sources for the Personal Information we collected about you.
-
Our business or commercial purpose for collecting or selling that personal information.
-
The categories of third parties with whom We share that personal information.
-
If We sold or disclosed your personal information for a business purpose, two separate lists disclosing:
-
sales, identifying the personal information categories that each category of recipient purchased; and
-
disclosures for a business purpose, identifying the Personal Information categories that each category of recipient obtained.
-
Specific Pieces of Information Request
-
The specific pieces of personal information We collected about you (also called a data portability request).
When a request for disclosure is made, We will first take steps to verify your identity to protect your privacy and security. For requests to disclose categories of Personal Information collected, We will have the requestor provide at least two pieces of information so that We may verify the requestor’s identity to a reasonable degree of certainty.
For requests to disclose specific pieces of personal information collected, We will have the requestor provider at least three pieces of information so that We may verify the requestor’s identity to a reasonably high degree of certainty and additionally provide a signed declaration under penalty of perjury that the requestor is the consumer whose Personal Information is the subject of the request. We are required to retain the signed declarations as part of our record-keeping obligations for 24 months.
Please note that We will never disclose a consumer’s social security number, driver’s license number, or other government-issued identification number, financial account number, any health information or medical identification number, an account password, or security questions and answers in response to a disclosure request.
Please note additionally that We are only required to fulfil a disclosure request from a consumer twice per every 12-month period. If you submit a request in excess, it may be denied or you may be charged for fulfilling your request.
Deletion Request Rights
You have the right to request that We delete any of your Personal Information that We collected from you and retained, subject to certain exceptions. Given the type of Personal Information We collect, for requests to delete Personal Information collected, We will have the requestor provide at least two pieces of information so that We may verify the requestor’s identity to a reasonable degree of certainty. We are required to retain the requests to delete for a period of 12 months as part of our record-keeping obligations.
If We are unable to verify a request, to the extent possible, that request will be treated as a request to opt-out and afforded rights associated with that request right as described in more detail below.
Once We receive and confirm your verifiable consumer request, We will delete (and direct our service providers to delete) your Personal Information from our records, unless an exception applies. A deletion request may be denied, in full or in part, if retaining the information is necessary for us or Our service providers to:
-
Complete the transaction for which we collected the Personal Information, provide a good or service that you requested, take actions reasonably anticipated within the context of Our ongoing business relationship with you, or otherwise perform Our contract with you.
-
Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
-
Debug products to identify and repair errors that impair existing intended functionality.
-
Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
-
Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 ).
-
Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research's achievement, if you previously provided informed consent.
-
Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with Us.
-
Comply with a legal obligation.
-
Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
Exercising Disclosure and Deletion Rights
To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by either:
-
Emailing us at privacy@nexttrip.com with “Deletion Request” or “Disclosure Request” in the subject line
Only you or your agent (with proper authorization and proof of identity) may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.
You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
-
Provide sufficient information that allows Us to reasonably verify you are the person about whom We collected personal information or an authorized representative.
-
Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with Personal Information if We cannot verify your identity or authority to make the request and confirm the Personal Information relates to you. Making a verifiable consumer request does not require you to create an account with Us. We will only use Personal Information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request and, to the extent necessary, to identify the browser/device that is the subject of the request.
We endeavor to respond to a verifiable consumer request within 45 days of its receipt. If We require more time (up to 90 days), We will inform you of the reason and extension period in writing. If you have an account with us, We will deliver our written response to that account. If you do not have an account with Us, We will deliver our written response electronically. Any disclosures We provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response We provide will also explain the reasons We cannot comply with a request, if applicable. For data disclosure requests, We will select a format to provide your Personal Information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, We will tell you why We made that decision and provide you with a cost estimate before completing your request.
Household Requests
We currently do not collect household data. If all the members of a household makes a Right to Know or Right to Delete request, We will respond as if the requests are individual requests.
Request Made Through Agents
You may designate, in writing or through a power of attorney, an authorized agent to make requests on your behalf to exercise your rights. Before accepting such a request from an agent, We will require the agent to provide proof you have authorized it to act on your behalf, verify the agents identity, and We may need you to verify your identity directly with us. (The verification requirement does not apply if the consumer has provided the authorized agent with legal power of attorney under California Probate Code Sections 400 to 4465.)
Requests to Opt-In for Minors
If you are 16 years of age or older, you have the right to direct us not to sell your personal information at any time. We do not and will not sell personal information of consumers We actually know are less than 16 years of age unless we received affirmative authorization from the consumer who is between 13 and 16 years of age, or the parent or guardian of a consumer less than 13 years of age, to opt-in to the sale of their personal information. Upon the receipt of this request to opt-in, We will inform the minor of the right to opt-out later and of the process for doing so.
Sale and Disclosure of Personal Information
Under the CCPA, a “sale” means providing to a third party personal information for valuable consideration. It does not necessarily mean money was exchanged for the transfer of personal information. We have taken substantial steps to identify whether any of our data sharing arrangements would constitute a “sale” under the CCPA. Due to the complexities and ambiguities in the CCPA, We will continue to evaluate some of our third party relationships as we wait for final implementing regulations and guidance. For example, it is currently unclear whether the use of certain types of advertising partners would be considered a sale under CCPA. Based on our understanding of the CCPA at this time, in the preceding 12 months We have not sold any Personal Information to any third parties. In the preceding 12 months, We have disclosed Personal Information to third parties for business purposes including to customer service, technical support, payment processors, information technology, and sales, recruiting and marketing partners. We will continue to update our business practices as regulatory guidance becomes available and provides clarity on what constitutes a sale transaction, particularly in the advertising ecosystem.
Non-Discrimination
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
-
Deny you goods or Services.
-
Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
-
Provide you a different level or quality of goods or services.
-
Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
Nevada Privacy Rights
Nevada law permits our Users who are Nevada consumers to request that their personal information not be sold (as defined under applicable Nevada law), even if their Personal Information is not currently being sold. Sent requests to privacy@nexttrip.com and it free of charge.
Do Not Track (Including California Do Not Track Disclosure)
Do Not Track is a privacy preference that users can set in their web browsers. When a user turns on the Do Not Track signal, the browser sends a message to websites requesting them not to track the user. At this time, We do not respond to Web browser “do not track” settings or signals. We deploy cookies and other technologies on our Service to collect information about you and your browsing activity, even if you have turned on the Do Not Track signal.
Retention of Data
We will retain your Personal information during the term of the provision of the services availed by you only for so long as reasonably necessary for the purposes set out herein, in accordance with applicable laws.
Children’s Privacy
Our Website, App, and services are intended for children under 13 (16 in the EEA). No one under age 13 (16 in the EEA) may provide any information to us, including through the Website, App over the phone, or via email. We do not knowingly collect Personal Information from children under 13 (16 in the EEA). If you are parent or guardian and learn we have collected or received personal information from a child under 13 (16 in the EEA) without verification of parental consent, please contact us and we will delete that information. If you believe We might have any information from or about a child under 13 (16 in the EEA), please contact Us as detailed under Contact Information, below.
Data Security
We have implemented measures designed to secure your Personal Information from accidental loss and from unauthorized access, use, alteration, and disclosure. All information you provide to Us is stored on our secure servers behind firewalls. Any payment transactions provided therewith will be encrypted. The safety and security of your information also depends on you. Where We have given you (or where you have chosen) a password for access to certain parts of our Website or App, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. We urge you to be careful about giving out information in public areas of the Website and/or App like message boards. The information you share in public areas may be viewed by any user of the Website or App. Unfortunately, the transmission of information via the internet is not completely secure. Although We do our best to protect your Personal Information, We cannot guarantee the security of your Personal Information transmitted to Our Website or App. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Website or App.
Changes to Our Privacy Policy
It is our policy to post any changes we make to our Privacy Policy on this page with a pop-up notice that indicates the Privacy Policy has been updated on the Website and/or App home page, as applicable. The date the Privacy Policy was last revised is identified at the top of the page. Please visit our Website, App and this Privacy Policy periodically to check for any changes.
Contact Information
We may update this Statement in response to changing laws or technical or business developments. If we propose to make any material changes, we will notify you by means of a notice on this page. You can see when this Privacy Statement was last updated by checking the "Last Updated" date displayed at the top of this Statement. For information on prior updates please email or write to us at: PRIVACY@nexttrip.com or by mail:
NextTrip Holdings Inc.
1560 Sawgrass Corporate Parkway
Suite 400
Sunrise, Florida 33323
The Privacy Policy Manager would also act as a designated grievance officer and shall address any discrepancies and grievances that you may have with respect to this Privacy Policy.