Privacy Policy

NYC Adventure Tours

NYC Adventure Tours (“Company,” “we,” or “us”) knows that you care how information about you is used and shared. This Privacy Policy explains what information of yours will be collected by us when you use the Company Service, how the information will be used, and how you can control the collection, correction and/or deletion of information. We will not use or share your information with anyone except as described in this Privacy Policy. This Privacy Policy does not apply to information we collect by other means (including offline) or from other sources.

This privacy policy has been compiled to better serve those who are concerned with how their ‘Personally Identifiable Information’ (PII) is being used online. PII, as described in US & EU privacy law and information security, is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context. Please read our privacy policy carefully to get a clear understanding of how we collect, use, protect or otherwise handle your Personally Identifiable Information in accordance with our website.

Definitions:

Data Controller – Data Controller means the natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which, and the manner in which any personal information id, or is to be, processed.

For the purpose of this Privacy Policy, we are a Data Controller of your Personal Data. If you have any questions about this privacy notice, please contact us using the details set out below.

It is important that the information we hold about you is accurate and up to date. Please let us know if at any time your personal information changes or if you want to change your consent. You can do this by emailing us using the details set out below.

Data Processors (or Service Providers) – Data Processor (or Service Provider) means any natural or legal person who processes the data on behalf of the Data Controller.

Data Subject (or User) – Data Subject is any living individual who is using our Service and is the subject of Personal Data.

What personal information do we collect from the people that visit our blog, website or app?

When ordering or registering on our site you may be asked to enter your name, email address or other details to help you with your experience.

What sensitive data do we collect from the people that visit our blog, website or app?

Sensitive data refers to details about your religious beliefs or political opinions, your race or ethnicity, your sex life or sexual orientation, genetic or biometric data, information about your health, or information about any trade union memberships.

We do not collect any Sensitive Data about you.

What is our legal basis for processing personal data under general data protection regulation (GDPR)

If you are from the European Economic Area (EEA), our legal basis for collecting and using the personal information described in this Privacy Policy depends on the Personal Data we collect and the specific context in which we collect it.

We collect information from you when you subscribe to a newsletter, fill out a form or enter information on our site. In this case you have given us permission to do it.

We might also collect communication data that you send us through email, text, social media messaging, social media posting, or any other communications you send us. We process this data to communicate with you. We have lawful grounds for processing this information as it is within an allowable legitimate interest, which in this case applies to replying to communications sent to us, to keep records, and to establish, pursue or defend legal claims.

Customer data we collect can include data given as part of a purchase of products or services. This data might include your name, billing address, delivery address, email address, phone number, credit card details, and the details of your purchase. This information is allowable as our lawful ground for the fulfillment of a contract between us and you, and/or to take steps to enter into a contract which you have requested.

We might use analytics tracking systems to collect technical data that includes your IP address, details about your browser, length of time spent on our website, pages viewed, and the number of times you visited our website. We process this data to analyze your use of our website and online services, and to deliver relevant content to you. We have lawful grounds for processing this data as it applies to our legitimate interests, which in this case are to enable us to maintain the website in an efficient manner.

How do we use your information?

We may use the information we collect from you when you register, make a purchase, sign up for our newsletter, respond to a survey or marketing communication, surf the website, or to send periodic emails regarding your order or other products and services.

How do we protect your information under general data protection regulation (GDPR)

If you are a resident of the European Economic Area (EEA), you have certain data protection rights. It is our goal to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Data.

In addition, we use regular malware scanning to help keep the website safe from hackers who might try to obtain data.

For any credit card transactions, we use an external PCI compliant payment gateway. All transactions are processed through this gateway provider and are not stored or processed on our servers.

Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. In addition, all sensitive/credit information you supply is encrypted via Secure Socket Layer (SSL) technology.

To maintain the safety of your personal information, we implement a variety of security measures when a user places an order, enters, submits, or accesses their information.

How long to we keep your data?

We retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations, to resolve disputes, enforce our legal agreements and policies, or as required to retain your data to comply with applicable tax laws.

Do we use ‘cookies’?

When you visit our website, we may send one or more cookies – a small text file containing a string of alphanumeric characters – to your computer that uniquely identifies your browser and lets our Company help you log in faster and enhance your navigation through the site. A cookie may also convey anonymous information about how you browse the website to us. A cookie does not collect personal information about you. A persistent cookie remains on your hard drive after you close your browser. Persistent cookies may be used by your browser on subsequent visits to the site. Persistent cookies can be removed by following your web browser’s directions. A session cookie is temporary and disappears after you close your browser.

You can have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser settings. Since each browser is a little different, look at your browser’s Help Menu to learn the correct way to modify your cookies. Some features of the website may not function properly if the ability to accept cookies is disabled.

Do we use third-party service providers?

We might share your personal data with companies who provide services to us. This includes web hosting companies and companies who process emails and marketing information for us. In these cases we work only with companies who have been certified to the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework, so your personal data can be transferred outside of the EEA.

We might also share personal data with parties who assist us in operating our website or serving our users.

We only allow such third parties to process your personal data for specified purposes and in accordance with our instructions. In addition, all third parties who might process your data are required to respect the security of your personal data and to treat it in accordance with the law.

We may also release information when it’s release is appropriate to comply with the law, enforce our site policies, or protect ours or others’ rights, property or safety.

However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.

Do we use third-party links?

Occasionally, at our discretion, we may include or offer third-party products or services on our website. These third-party sites have separate and independent privacy policies. We do not control these third-party sites and we encourage you to read the privacy policy of any website you visit. In addition, we seek to protect the integrity of our site and welcome any feedback about those sites.

What about Google?

Google’s advertising requirements can be reviewed through Google’s Advertising Principles. They are put in place to provide a positive experience for users.

We have not enabled Google AdSense on our site but we may do so in the future.

Are we in compliance with the California Online Privacy Protection Act?

CalOPPA is the first state law in the nation to require commercial websites and online services to post a privacy policy. The law’s reach stretches well beyond California to require any person or company in the United States (and conceivably the world) that operates websites collecting Personally Identifiable Information from California consumers to post a conspicuous privacy policy on its website stating exactly the information being collected and those individuals or companies with whom it is being shared.

According to CalOPPA, we agree to the following:

Users can visit our site anonymously.

Our Privacy Policy is accessible through a link on our home page or as a minimum, on the first significant page after entering our website.

Our Privacy Policy link includes the word ‘Privacy’ and can easily be found as specified above.

You will be notified of any Privacy Policy changes on our Privacy Policy Page.

You can change your personal information by emailing us.

Do we comply with COPPA (Children Online Privacy Protection Act)

When it comes to the collection of personal information from children under the age of 13 years old, the Children’s Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, United States’ consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children’s privacy and safety online.

We do not specifically market to children under the age of 13 years old.

What is our Fair Information Practice?

The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. To be in line with Fair Information Practices we will notify you via email within 72 hours, as feasible, should a data breach occur.

We also agree to the Individual Redress Principle which requires that individuals have the right to legally pursue enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or government agencies to investigate and/or prosecute non-compliance by data processors.

Do we comply with the CAN SPAM Act?

The CAN-SPAM Act is a law that sets the rules for commercial email, establishes specific requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.

In compliance with this act, we collect your email address in order to:

Send information, respond to inquiries, and/or other requests or questions.

Process orders and to send information and updates pertaining to orders.

Send you additional information related to your product and/or service

Market to our mailing list or continue to send emails to our clients after the original transaction has occurred.

To be in accordance with CANSPAM, we agree to the following:

Avoid use of false or misleading subjects or email addresses.

Identify the message as an advertisement in some reasonable way.

Include the physical address of our business or site headquarters.

Monitor third-party email marketing services for compliance, if one is used.

Honor opt-out/unsubscribe requests quickly.

Allow users to unsubscribe by using the link at the bottom of each email.

Data protection laws give you the right to request erasure, to object to processing or to withdraw consent. If at any time you would like to unsubscribe from receiving future emails, you can follow the instructions at the bottom of each email and we will promptly remove you from all correspondence. There is no fee for us to do this for you.

Contacting Us

If there are any questions regarding this privacy policy, you may contact us using the information below.

Domain Name: nycadventuretours.com
Contact Email: Contact us through the contact form on the website.
City, State, Zip: New York, New York
Country: United States

This privacy policy goes into effect May 25, 2018
Last Edited on May 23, 2018