Privacy and GDPR
The General Data Protection Regulation (GDPR) is a new European Union (EU) law that gives its citizens greater protection and control of their personal data. GDPR will regulate the data that can be collected, stored and transferred for companies both in and outside of the EU. Fortis Riders consistently protects the data of our clients as a part of our general good business practices and this approach will also be reflected in the new requirements of the GDPR.
Personally Identifiable Information That We Collect:
We do not collect any personally identifiable information (PII) about any clients (users) unless our users voluntarily submit that information to us, such as through our website contact pages, by email, by registering for our services or some other unspecified means.
We collect the following different kinds of personally identifiable information: name, user name, email, phone number, address, business names, associates, family members, financial information, billing information, and travel destinations.
Non-Personal or Aggregate Information That We Collect:
When users visit or use the Fortis Riders website, we automatically collect certain non-personally identifiable information about the user, such as IP address, session, page view, average time on site, host, pathway, device identifiers, operating system information, debugging information, and browser information. We do not re-identify this non-personally identifiable information, but please note that we do share this Information with third-party processors. See below for Information about how Information Is handled If It becomes PII.
Like many websites, we use “cookies” to collect information. A cookie is a small data file that we transfer to your computer’s hard disk for record-keeping purposes. We use persistent cookies to save your registration ID and login password for future logins to the Sites. We also utilize session ID cookies to enable certain features of the Sites, to better understand how you interact with the Sites, and to monitor aggregate usage by visitors and web traffic routing on the Sites.
You can instruct your browser, by changing its options, to stop accepting cookies or to prompt you before accepting a cookie from websites you visit. However, if you do not accept cookies, you may not be able to use all portions of the Sites or all functionality of the Service.
Information Usage, Disclosure and Recipients:
We process PII to ensure the efficiency and effectivity of our business relationships, commercial transactions, and marketing practices. Processing will always be based on legitimate grounds or user consent. We send PII to other companies, affiliates, and third parties to help us process information for marketing purposes.
These are the different instances in which that happens:
- We use personally identifiable information to operate the Fortis Riders website and applications and provide users with specific services that they have requested or expressed interest in.
- We use personally identifiable information to respond to users’ direct inquiries or to customize the services they request or purchase from us.
- We use personally identifiable information to add users to our mailing lists in order to send emails, important updates, or periodic newsletters.
If we intend to use and transfer of PII for purposes beyond the our commercial transactions for marketing or commercial communications, or if we disclose personal data to a third party or use of the PII for other purposes other than the purpose than for which it was originally collected or subsequently authorized by a user, then we will offer the user an opportunity to affirmatively opt in to consent whether user personal data is to allow for disclosure be disclosed to a third party or to be used for other purposes other than the purpose for which it was originally collected or subsequently authorized.
A list of third-party processors who have a need to process PII in connection with the above functions is available here.
Users will be informed about any changes to third party providers.
If we transfer PII within our operations or to our third-party service providers across borders outside of the user’s country or jurisdiction, we will ensure that the country provides adequate protections or that the recipients are subject to appropriate safeguards pursuant to EU approved standard contract clauses.
Non-personally identifiable information or aggregated information is shared with any number of parties, provided that such information cannot identify the user.
Security and Data Retention:
We make every reasonable effort to secure user data. Such measures include the pseudonymization and encryption of data where appropriate; the ability to ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services; the ability to restore the availability and access to PII in a timely manner in the event of a physical or technical incident; and a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing. However, data transmission or storage on the Internet cannot be guaranteed to be 100% secure, and we do not make such a guarantee. Users should take all precautions to safeguard passwords and account information that they have or provide and to employ current virus-scanning or firewall software and other security safeguards.
Other Websites, Apps and Services:
We link to third party websites, apps or services from within our website. We are not in control of these websites, apps and services or their privacy policies.
Social Networking Services:
We integrate with social networking services such as Facebook, Instagram, LinkedIn, and Twitter. We are not in control of these social networking services or their privacy policies.
Information Relating to Children:
Our services and website are designed for users over the age of 18.
If we become aware that information we have is on a user under the age of 18 it will be deleted.
Communication with Us or Through Our Website:
We will respond to a user when a communication or request is received through our website.
We will post and email updates to our policy. Email notice will be sent to users for whom we maintain email information. It is important that users review this policy periodically for an up-to-date understanding of our policies and practices.
User Rights for EU Residents:
To exercise the rights below, except as specifically provided, please contact us at firstname.lastname@example.org.
Users may request details of personal data which we hold about them. Upon request, we will provide a copy of such personal data within a reasonable timeframe, generally within 1 month.
If a user believes that any personal data we are holding related to that user is incorrect or incomplete, please contact us as soon as possible. We will promptly correct any personal data found to be incorrect.
Users may choose to object to the collection or use of user personal data:
- whenever data is processed for our legitimate interest
- whenever data is processed for a task carried out in the public interest or in the exercise of our official authority
Please note that user objections may be overridden by our legitimate interests to process and collect user personal data.
Users also have the right to object to the processing or the user’s PII for direct marketing purposes.
- Right to Erasure (Right to be Forgotten)
To the extent legally permissible, users are entitled to have certain personal data erased in the following circumstances:
- The personal data is no longer necessary in relation to the purposes for which it was collected or processed;
- The user objects to the collection or use of user personal data and there are no overriding legitimate grounds for the processing;
- The personal data has been unlawfully processed; or
- The personal data has reached the defined retention period to be erased or for compliance with a legal obligation to which we are subject.
- Right to Restriction of Processing
Users may have the right to restrict further processing of user personal data in the following situations:
- The user contests the accuracy of the personal data;
- The processing of the data is unlawful;
- The personal data we have has reached the defined retention period no longer needs the personal data for the purposes of the processing, but we require the personal data to establish, exercise, or defend legal claims; or
- The user objects to the processing, and seeks it be restricted pending the verification of whether our legitimate grounds override the user’s rights as a data subject.
Users have the right to receive their personal data in a structured, commonly used and machine-readable format. We will assist in the transmission of such data to another entity, upon request, to the extent technically feasible.
- Right not to be subject to Automated Decision-Making
Users have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning the user or similarly significantly affects the user.
Data Retention of Customer Data:
We will not store user data longer than necessary for the purpose for which we have processed that data, the period of time required by applicable record retention laws, and/or the time period necessary to establish, exercise, or defend legal claims. How long we retain user data depends on the type of data and the purpose for which we process that user data.
Fortis Riders allows customers to specify length of time their data can be stored in our products.
To opt out users can send us an unsubscribe request to email@example.com.
Opting out will remove a user’s access to our emails, newsletters, Internet and social media marketing, and reservation information.
Fortis Riders also allows customers to purge personal data. Once an end-user is deactivated in the Fortis Riders system, users can request to automatically remove their personal profiles.
Do Not Track:
We do not respond to “do not track” signals or similar mechanisms.
United States of America:
Our website is in the United States of America. Personally identifiable information collected is exported to the USA and stored in the USA.
Questions and Complaints:
Questions or complaints regarding the processing of PII should be directed to firstname.lastname@example.org.