Privacy & Security
City Pass, Inc. ("CityPASS"), is committed to protecting the privacy of our customers and users of our Website. We have therefore created this policy statement (the "Policy") to explain the privacy practices and procedures that apply to information we collect through citypass.com (the “CityPASS Website” or “Website”) and our supporting applications (the "App" or “Apps”).
We believe that you should know what information we may collect from you through the Website and the Apps, as well as understand how we use and protect that information. This includes what you tell us about yourself, what we may learn from your use of our technology, what we learn by having you as a customer, and the choices you give us about what marketing materials you want us to send you. This notice also tells you about your privacy rights and how the law protects you.
CityPASS will revise and update this Policy as we change practices. You should refer back to this page for the latest information.
This Policy applies to the CityPASS Website and Apps, which are intended for the use of persons residing in countries that CityPASS markets its products, and for the order and delivery of CityPASS products.
Our Purposes for Collecting and Processing Personal Information and its Uses
General Uses and Disclosures. We use and share the information we gather from users for the purposes described below. To perform the following tasks, when necessary, we will obtain your consent before using your data for these purposes. If you withhold consent, access to some functions and portions of our web site may be limited.
- Providing Services to our Website Users. If you use our Website and consent to the use of cookies, pixels and other technologies (collectively, "cookies"), we will gather personal information as described below, we will use your information to process and respond to your requests, comments, inquiries, and other forms you submit through our Website.
- Providing Services to our App Users. If you use our Apps and consent to the use of cookies, we will gather personal information as described below, we will use your information to verify your identity, access your tickets, process any reservation bookings you request, and respond to your comments, inquiries, and other forms you submit through our Apps.
- Providing Services to our Customers. If you are a CityPASS customer, we will use your information to support our delivery of products and services to you.
- Improving our Services. We use your information to enhance our understanding of our users’ preferences and improve our services.
- Disclosures we make to Service Providers. We share your information with third-party service providers that assist us with hosting and maintaining the CityPASS Website and Apps, processing payment card information, analyzing activity on our Website, analyzing activity with our Apps, marketing our services, and managing our daily business operations, delivery of products and services, or use of your CityPASS products. The personal information we provide to a service provider is information necessary for the service provider to perform the work it is obligated to perform for us. Service providers are prohibited from using any personal information that we provide except in connection with the service providers’ work for us.
- Compliance with Legal Obligations. We will share your information with law enforcement, government officials, regulatory agencies, or other parties when we are required to do so by applicable law. We will also disclose your information to comply with a judicial proceeding, court order, subpoena, or legal process.
- In an Emergency. In emergency situations to protect our customer’s vital interests we will use or share your information when doing so is necessary to protect an interest that is essential for an individual’s life.
- Our Legitimate Interests. We will use and disclose your information when necessary for City Pass, Inc.'s legitimate interests, as long as such interests are not overridden by our users’ interests, rights, and freedoms with respect to their personal information.
Our Legal Basis for Processing Personal Information
Your privacy may be protected by the laws in the country or state in which you reside. The scope and level of protection offered by those laws varies. CityPASS has adopted privacy and security policies designed to comply with the laws and regulations applicable to individuals residing in the locations in which it markets its products and services, however, CityPASS undertakes no obligation to provide protections beyond the duties required by laws that apply to the information we collect from you.
Data protection laws allow us to collect, use and retain your personal information if we have a proper reason to do so. These reasons include:
- When you consent to it,
- To fulfill a contractual relationship with you, such as fulfilling your order,
- When it is permissible under applicable privacy laws,
- When we have a legal duty to do so, or
- When it is in our legitimate interest.
Our legitimate interests include, ensuring that fraudulent transactions are not placed through our Website or Apps, to protect against security breaches, to process financial information, to further discuss your interest in future events, discounts and programs, to track the use of our Website, Apps and services, to protect CityPASS and others from claims by third-parties and for business transfers, as discussed below.
CityPASS may collect personal data for the purpose of making automated decisions, including the sharing of information to complete a transaction. For example, if you elect to purchase a product or service and you provide information necessary to place the transaction, your credit or debit card information will automatically be sent to a third-party for credit/debit card processing and certain information will automatically be sent to a third-party for verification and fraud detection purposes. Also, if you consent to the use of cookies or you subscribe to our newsletter, CityPASS may collect information to create a profile to assist with the delivery of marketing information targeted to persons in certain geographic areas or persons who have previously purchased similar products or services from CityPASS.
We have given you the option to agree to opt out of the collection of personal data by CityPASS. By agreeing to permit the use of cookies and similar technologies, subscribing to our newsletter, or purchasing a product or service from CityPASS, you have agreed to the collection of your personal information and terms and conditions set forth in this Privacy Policy. You may, after agreeing to provide personal information to CityPASS, opt out of these services or ask to have your personal information erased or anonymized as described in this Policy.
Details About Our Collection and Use of Personal Information
The Information We Collect
CityPASS collects a variety of personally identifiable information about customers and visitors to our Website and Apps in order to ensure order delivery and provide unique offers. We collect different types of information from users.
Personal Information means any personally identifiable information relating to an identified or identifiable natural person. When we use the term "personally identifiable information," we mean information that is directly associated with, or could be used to identify, a specific person or to determine an identifiable person's preferences, interests, behavior, location or movement to create or use in a personal profile. Examples of information we may collect includes a name, address, telephone/cell number, email address, internet protocol address (IP address), mobile device identifier, or information about activities directly linked to that person which would permit the physical or online tracking or contacting of that person.
Usage Information. We also collect additional information regarding users’ activities on our Website and Apps. For instance, when you view a section of our Website that does not require you to log in with unique user credentials or start conversations with us, we may collect anonymous Usage Information that may not reasonably be used to identify you as the source. Usage Information includes “click stream” activity, such as when you click on a banner advertisement; the type of Internet browser and computer operating system you are using; the location from which you are accessing the Website; the URL of the Website from which you linked to our Website; and the areas of our Website you visited. This Usage Information may be obtained through “cookies” and similar technologies. For more detailed information please review our Cookie Policy.
When We Collect Personal Information
Information you give us at checkout: We will collect personal information you give us when you purchase from our Website or Apps. Depending on the product purchased, you may provide some or all of the following personal information, your name, billing address, telephone number, email address, travel dates, names of ticket holders, preferences, and/or credit card number.
Blog/ Newsletter Subscription: If you chose to subscribe to our newsletter we only collect your email address. We do not share subscriber’s email addresses with third parties.
Browsing our Website: When you access and browse our Website we will collect anonymous Usage Information. This may be done through the use of cookies and similar technologies.
Information you give us while using our Apps: When you use our CityPASS mobile or web Apps, you may provide your email address and name to authenticate your identity and to perform customer functions related to managing your CityPASS tickets and reservations, if applicable. We will collect an anonymous indication of your browsing and other activity and anonymous Usage Information to help us improve the app experience via analytics and provide personalized content.
To see how we use, disclose and protect the personally identifiable information that we collect, please review our Cookie Policy for information regarding your options to accept, limit or avoid the collection of personally identifiable information. In addition, please review the rest of this Privacy Policy.
Our Use of Personally Identifiable Information
Our Internal Use: CityPASS collects personally identifiable customer information for the purpose of delivering CityPASS products to you and/or to contact you directly regarding your order. We use email addresses on an opt-in basis to provide users with information they have subscribed to.
Our Customer Surveys: Periodically, you may be able to participate in our surveys to help us improve our site and products. Any personally identifiable information that we may collect from you in a survey will ONLY be used internally by CityPASS. And unless otherwise explained in the instructions for a particular customer survey, any personally identifiable information you provide to us for purposes of that survey will be used in accordance with this Policy.
Third-Party Use: Except where you have explicitly opted-in to receive marketing by third-party partners, CityPASS does not disclose, share or sell personally identifiable information to third-parties or non-affiliate entities for their use independent of the products we provide. There are two limited exceptions to this policy that apply to users who purchase our products: 1) We use a third-party global identity and fraud verification vendor, Ekata. For fraud detection, we use information you give us including, name, address, email address and phone number, in order to match the information with information Ekata has collected from other sources and stored in its database. To facilitate verification of future transactions through CityPASS or other vendors, Ekata may update its database to reflect that the information you provided to CityPASS and we shared with Ekata. You can review Ekata’s privacy policy by following this link, Ekata Privacy Policy. 2) We also use a third-party fraud verification vendor, Kount. We share information you give us including, name, address, email address and phone number, in order to match the information with information Kount has collected from other sources and stored in its database. To facilitate verification of future transactions through CityPASS or other vendors, Kount may update its database to reflect that the information you provided to CityPASS and we shared with Kount. You can review Kount’s privacy policy by following this link, Kount Privacy Policy. If you exercise your right to ask us to erase your personal information, we will also instruct Kount to erase your personal information. You can instruct Ekata to erase your personal information by contacting them directly here. However, this may impair your ability to transact business over the internet in the future.
If you use our Website or Apps and consent to the use of cookies, we may work with third parties, such as analytics providers, advertisers, social media networks, and search engines to improve the relevancy of our ads shown to you. We use ad measurement services provided by Google, including its “Customer Match” and “enhanced conversions” features to improve the relevancy of our ads shown to you. We do not associate your interactions on the Website with information which on its own identifies you. To protect your privacy, we use hashing techniques to de-identify your personal data. This means that we replace identifying personal information such as your name, phone number or email address with a unique identifier, or ‘hash’, that is not directly linked to your real identity. Google receives the hashed information in an encrypted format and associates it with other interactions linked to a Google account. For more information on how Google “Customer Match” works, see: https://support.google.com/google-ads/answer/6334160. You can review a description of the “enhanced conversions” feature by following this link, https://support.google.com/google-ads/answer/9888656?hl=en-GB. And for more information on how Google uses the information provided through their ad measurement services, please review: https://support.google.com/adspolicy/answer/9755941. If you are in a jurisdiction that requires you to provide affirmative consent for us to utilize these services for the first-party customer data you provide to us, we will not share hashed information about you with Google unless you have provided the required consent.
Potential Future Disclosure of Personally Identifiable Information
Business Transfers: Information about our users and customers, including personally identifiable information, may be disclosed as part of any merger, acquisition, or sale of company assets. It may also be disclosed in the unlikely event of an insolvency, bankruptcy, or receivership in which case personally identifiable information would be transferred as one of the business assets of CityPASS.
Retention of Personal Information
We retain personal information for a reasonable period of time necessary to fulfill our legal or regulatory obligations and for our legitimate business purposes. We retain the following categories of personal information for the following time frames:
Cookie and similar technologies: Certain information is retained for time periods that vary. Retention periods range from the deletion of data at the end of each web browsing session to a maximum of two years. Please see our Cookie Policy for detailed information regarding the retention period and privacy policy for each cookie or tracking technology.
Personal profile information you give to us: When you make a purchase on our web site or subscribe to our newsletter, we may maintain that information. If you unsubscribe from the newsletter, we will take reasonable steps to erase or anonymize personal and other information, but we reserve our right to retain and access the data for so long as is required to complete the delivery of products and services purchased from CityPASS and to comply with applicable laws.
Credit and debit card information: When you enter credit card or debit card information while purchasing our products and services through the checkout process, that information is provided directly to Braintree, a service of PayPal. CityPASS does not receive access to or store credit card or debit card information. By clicking this link you can review Braintree /PayPal's Privacy Policy.
Our Secure Transmission of information
Ensuring the security of your information is very important to us. The information you provide us when placing an online order on citypass.com is protected in transit using Hypertext Transfer Protocol Secure (HTTPS). Information sent using HTTPS protocol is encrypted between web browser and website to keep your data private while in transit.
Once you enter the checkout page, your computer will begin communicating with our server in secure mode. You can tell that you are in secure mode by the following:
- In the web address shown in the address window at the top of your browser window, "http" will be replaced by "https".
- In most browsers, you will see a closed padlock to the right of the address window. You can click on the lock for more security information.
Our Use of "Cookies"
Our use of cookies is described in detail in our Cookie Policy.
The right to access, copy or erase your personal information
This section provides details about rights that may be available under privacy laws that apply to you. If you are a California resident, please reference our CItyPASS California Consumer Privacy Act Disclosure.
Under these laws we may be obligated to respond to your request to:
-
Provide access to all the personal information about you held by us. If this right applies to you, we will
provide you with a copy of this information. For the first request, we will provide an electronic copy of the
data at no charge. For subsequent requests, or printed copies, we reserve the right to charge a reasonable fee
taking into account the administrative costs of providing the information or taking the action requested. You
can exercise your right of access to your personal information:
- By submitting a GDPR data request at www.citypass.com/gdpr-data-request.
-
By writing to us at:
CityPASS, Inc.
Attn: Privacy Officer
27 Arrow Root Lane
Victor, Idaho 83455 - You have the right to receive your information in a commonly used electronic format or ask us to move the data in that format to another provider where your request relates to data you gave us directly and where technically feasible (data portability).
- Please note that we may be required to ask you for further information in order to confirm your identity before we provide the information requested. We will not respond to requests that cannot be verified and appear to be fraudulent.
- Correct your personal information where appropriate. Please note, you may review and update or correct your user profile information by logging in, as applicable, to the relevant portions of your CityPASS account profile where such information may be updated or corrected;
- Restrict the processing of your personal information while we investigate your concern;
-
Withdraw your consent at any time when the processing relies upon consent;
- Provided, however, if processing of a purchase of products or services has been completed, then cancellation of the purchase shall be subject to the terms and conditions for the purchase at the time it was made. In other words, you are not permitted to withdraw your consent to process your information in an effort to rescind an otherwise non-refundable purchase.
-
Erase your personal information.
- In the event you ask us to erase your personal information, it is in our reasonable interest to maintain some of the information for a reasonable period of time to complete the processing of your order, the delivery of our services to you to verify that the transaction placed for you was not fraudulent, or to enable the use of your purchased products. We may also keep a log or a record sufficient to demonstrate that we sent your information to you or fulfilled your request to erase your data. The log or record is in our reasonable interest to document compliance with various privacy laws, rules and regulations.
- Further, in the event you ask us to erase your data, certain third-party software we use is not designed to entirely remove information from software or systems without impairing the software’s functionality. It is in our reasonable interest to maintain the integrity of our software and operating systems. If that is the case, we will take steps to erase your data by making your data unreadable, thereby rendering it anonymous and untraceable. For example, we may change all letters to hash marks (“#”) or other symbols and numbers to zeros (“0”) to effectively erase your information.
- If you are not satisfied with our response to your concerns with our handling of your personal information, you may file a complaint regarding this Privacy Policy or our privacy practices by contacting us at the address provided above. Additionally, you may file a complaint with EU data protection authorities (DPAs). Please contact us to be directed to the appropriate DPA contact(s).
If you choose not to give personal information
You can choose not to give us personal information, but it may prevent us from providing our services to you. In this section we explain the effects this may have.
We may need to collect personal information to enter into or fulfill a contract we have with you.
If you choose not to give us your personal information, it may also mean that we cannot complete a purchase or deliver our products or services to you.
We sometimes ask for information that is useful, but not required by law to process your order. We will make this clear when we ask for it. You do not have to give us these extra details and it won't affect the products or services you have with us. For example, we may ask you if you wish to subscribe to our newsletter. You are not required to do so in order to obtain our products and services.
Children under the age of 13
CityPASS products and services are not targeted to and are not intended to attract children under the age of 13. Other than requesting name(s) for any CityPASS child products purchased, CityPASS does not knowingly solicit personal information from children under the age of 13. Should we learn or be notified that we have collected information from users under the age of 13, we will immediately take reasonable steps to erase and/or anonymize such personal information.
Monitoring of our Privacy Policy
CityPASS regularly reviews its compliance with this Privacy Policy. Please contact us with any questions or concerns regarding this Privacy Policy or City Pass, Inc.'s treatment of personal information. When we receive formal written complaints, it is City Pass, Inc.'s policy to contact the complaining customer or user regarding his or her concerns.
Updating of Our Policy
CityPASS will revise or update this Policy if our practices change, as we change existing services, add new services, or develop better ways to inform you of services we think will interest you. You should refer back to this page for the latest information and the effective date of any changes.
CityPASS is committed to the policies set forth in this Policy.
Effective Date: April 18, 2023
Read more at http://citypass.life/privacy