And applies solely to visitors, users or clients who reside in the State of California (hereinafter, “Client(s)” or “you”) as set herein.
This CCPA Policy details the information we collect from you when you visit our associates’ websites or when you get in touch with OPR to adhere to our services using such websites (hereinafter, the “Services”).
We provide this CCPA Policy to comply with CCPA Information Requirements when you visit or use our associates’ websites to know, request information about our Services or acquire our Services. Nothing in this CCPA Policy shall be deemed as a representation, statement or intention of OPR to submit to other US or California laws.
2. PERSONAL INFORMATION COLLECTED, USED ANS SHERED
We collect the following information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably de linked, directly or indirectly, with a particular Client or device (“personal information”).
- Identifiers such as your name, postal address, email address, telephone numbers, and/or IDs such as passport number.
- Personal Characteristics such as your marital status, family information, date of birth, age, gender and citizenship.
- Bank or Financial Information such as credit/debit card number, bank account number and notice address.
- Commercial Information such as records of services purchased, obtained, or considered, or other purchasing or consuming histories and tendencies.
- Internet Activity such as Internet Protocol address, browsing history, search history, information on your interaction with our associates’ websites or with their advertisements.
- Geolocation data: approximate physical location (derived from an Internet Protocol address).
Personal information does not include:
- Publicly available information from government records.
- De-identified or aggregated consumer information.
- Information excluded from the CCPA´s scope, like:
- Health or medical information covered by the US Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;
- Personal information covered by certain sector-specific US privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver´s Privacy Protection Act of 1994.
We obtain the categories of personal information listed above directly and indirectly form your activity on our associates’ websites.
3. USE OF PERSONAL INFORMATION
We may use or disclose the personal information we collect for one or more of the following business purposes:
- To fulfill or meet the reason for which the information is provided. For example, to provide information on the characteristics and costs of our Services.
- To provide you with Services that you request form us.
- To provide you with email alerts and other notices concerning our Services, or events or news, that may be of interest to you.
- To carry out our obligations and enforce our rights arising from any contracts entered into between you and OPR, including for billing and collections.
- To manage our client’s claims or compensation requests.
- For testing, research, analysis and product deployment.
- To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations from California or the destination in which you made a lodging reservation.
OPR does not directly collect or intend to collect personal information from minors (those under age of 18) through its website. Minors must refrain from providing their personal information through our associates’ websites.
4. DO WE SHARE YOUR PERSONAL INFORMATION?
We may disclose your personal information to a third party for a business purpose, such as analytics and marketing activities. When we disclose personal information for a business purpose we enter a contract that describes OPR as the data controller, describes the purpose of the disclosure and requires the recipient (a data processor) to keep that personal information confidential and not use it for any purpose except performing the contract.
In the preceding twelve (12) months we have disclosed the following categories of personal information for a business purpose:
- Identifiers: email address,
- Internet activity,
- Geolocation data.
We disclose your personal information for a business purpose to the following categories of third parties:
- Holding companies, subsidiaries or affiliates of OPR.
- Non-Affiliated Third Parties (service providers).
- Business Partners to whom you authorize us to disclose your personal information in connection with the Services. For example, transportation services providers, airlines or travel agencies.
- OPR shall not sell or rent your personal information. In the preceding twelve (12) months, we have not sold any personal information.
5. ACCESS AND CONTROL OVER YOUR PERSONAL INFORMATION AND YOUR RIGHTS
You may do the following at any time by contacting us at firstname.lastname@example.org.
Access to Specific Information Rights
You have the right to request that we disclose to you:
- The categories of personal information we collected about you and the categories of sources from which we collected such information.
- The business or commercial purpose for collecting personal information about you.
- The categories of personal information about you that we shared or disclosed and the categories of third parties with whom we shared or to whom we disclose such information in the preceding 12 months.
Deletion Request Rights
You also have the right to request that we delete personal information we collected from you subject to certain exceptions.
Once we receive and confirm your request, we will delete (and direct our services providers to delete) your personal information from our records, unless an exception applies. We may deny your deletion request if retaining the information is necessary for us or our service providers to:
- Complete the transaction for which we collected the personal information, provide the Services that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Enable solely internal uses that are reasonably aligned with consumer expectation based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
6. REQUESTS AND RESPONSES
You may make a request to exercise the access or deletion rights through the e-mail email@example.com. However, we cannot respond to your request or provided you with information if we cannot verify your identity or authority to make the request and confirm that personal information requested relates to you. Therefore, OPR shall request you:
- To submit proof of your identity, or
- To provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. You do not need to create an account with us to be a “verifiable” Client. OPR will only use personal information provided in a verifiable Client request to verify the requestor´s identity or authority to make the request.
We will respond to your request consistent with the CCPA. We will respond within 45 days after receipt. If we require more time, we will inform you in writing of the reason and the period additional required. Any disclosures we provide will only cover the 12-month period preceding the verifiable Client request´s receipt. The response we provide will also explain the reason we cannot comply with a request, if applicable.
We do not charge a fee to process or respond to your verifiable Client request unless it is excessive, repetitive or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Cookies have an expiry date which may vary during any single session or visit to the website and will expire on a specific date counted from the time they become active. Most cookies used by our associates’ websites are associated with a single anonymous user and their equipment, they do not provide information that can be used to obtain the name of a User, they cannot read information from your hard disk nor insert a virus in your texts.
We can also gather information using “web beacons”, “pixel tags”, “clear gifs” or similar means (generically called “web beacons”) which allow us to collect information such as domain names, the site areas you visit, operating system you use, version of your system, browser version and the URL you last visited. This information is used to improve your experience on the site and analyze traffic patterns.
You may configure your browser to accept or reject cookies automatically or to receive a notification that will allow you to decide whether to accept or reject that cookie. Even when you configure your browser to reject all cookies or to expressly reject cookies from our associates’ websites, you will be able to continue browsing the website but not all its features will be available. In any case, you can eliminate our associates’ websites cookies at any time by following the procedure indicated in the Help section of your browser.
8. SECURITY MEASURES
We have implemented security measures in order to safeguard your personal information from loss and / or unauthorized access, use, alteration and disclosure. In any case, we cannot guarantee the security of your personal information. Any transmission of personal information is at your own risk and we are not responsible for settings or security measures contained in the Services.
9. NON DISCRIMINATION
Under the CCPA you have the right not to be discriminated. OPR will not do the following:
- Deny you goods or services.
- Charge different prices or fees for goods or services based on your personal information.
- Provide a different level or quality of goods or services based on your personal information.
We will update this CCPA Privacy Act Policy anytime. Any changes will be posted on our associates’ websites with the date of updating.
December 21st, 2020