Understanding How We Collect, Use, and Protect Your Personal Data

Retention Period (How long we store the data)*

When we Collect Data	Type of Personal Data we Collect	Purposes of Processing the Data	Legal Basis under the GDPR	Third Parties with Whom We Share your Personal Data** Consequences of not Providing the Personal Data	Consequences of not Providing the Personal Data
1.1 When you access and use our Site (automatically collected data) [Please confirm]	Google and Apple Advertiser IDs country city region time zone device model operation system user behavior in-app (including in-app purchases, media source i.e., the URL of the page or the application which referred you to the App, and all other activity in the App).	operating, providing, maintaining, protecting, managing, customizing and improving our Services; analysis of traffic, user and visitor; improving our products and services; display and personalization of advertisements in the Services.	For a period of two (2) years from the date of your last activity within the Website , except for information relating to disputes or complaints which will keep for a period of seven (7) years.	Your consent (through any consent you granted your employer) Legitimate interest (e.g. essential cookies)	Google	You and your employer cannot access and use the Services
1.2 When you visit our Site (automatically collected data)	Placement of cookies.	protecting the security of the Site; enable site functionality identify unique users, track user activity on the site, and unique website views.	Please see our Cookie Policy	Your consent (through any consent you granted your employer) Legitimate interest (e.g. essential cookies)	Google Analytics	Depending on the cookie Type you may not be able to access or use the Site. Please see our CookiePolicy – for more information
1.4 When you contact us (including for support), or your employer contacts us on your behalf	Full name Email address Any other information you or your employer provides	Verify your identity, process your request and respond to or contact you regarding your request; Present this information to you as part of your account history To display and contact you with information that is relevant to you in the future, and to assist you with further requests for support; Improve our customer support and	180 days after the request is answered and closed.However, information relating to complaints will be kept for a period of seven (7) years after the request is answered or otherwise closed (whichever is later).	The performance of our contract (Terms of Service) with your employer. Your Consent Our legitimate interest.		We may not be able to provide you or your employer support or respond to your request.
1.6 When you make a flight reservation through your corporate account	Full name Email address provided in connection with your business (whether an office or personal address) Phone number provided in connection with your business (whether an office or personal number) Your Company Cost Center Department	To provide the air fare reshopping service or air spend insights services	As long as the corporate contract is in effect	Your Consent; Legitimate Interest;		We would not be able to provide the faresaver or insights services to the full extent without access to all reservation data

**Please see Section 2.7 below for more information about third parties listed in this column.

1. 1. 1. Information your Employer Provides
         • Account. In order to use certain features of the Services your employer will be required to create an account (“Account”). In order to do so your employer will be required to provide your full name, e-mail address, and mobile phone number. This information is used in order to book flights, contact you in connection with your tickets and upcoming flights, and respond to and process requests you or your employer We may also use this information to verify your identity and prevent fraud or illegal behavior. As part of the Account creation process you may also be asked to provide us with additional information such as destination preferences. We will use such information to display or contact you with information relevant to you. We will also use your Account information to automatically complete the Traveler Information (see Section 1.3 below), but you may modify this be asked to provide additional information.
      • Traveler Information. When you or your employer reserves a product or service (such as a flight) using the Service your employer provides us information about the person or persons for whom you have made the reservation. This information includes each traveler’s name, mailing address (all such information, together, “Traveler Information”). We assume that your employer has the consent of the other travelers listed, or the parent or guardian of these travelers, to provide such information or that you are the travelers’ parent or guardian. If you or your employer does not have such consent or are not the parent or guardian of the traveler, then please do not provide Personal Data relating to these persons. We use this information to process the reservation and provide airfare reshopping services as well as business intelligence (insights) based on the data collected to the employer.
   2. • Flight Itinerary. We collect information about the flight your employer has requested to book or have booked, such as the airline with which you have made the booking, the flight number, the date and time of the flight, the points of origin and the destination to which you are traveling, requests regarding the flight, including meal request or special seating requests, and certain other information you provide (collectively, “Flight Itinerary”). We use this information to provide our travel insights and optimization services to your employer.
   3. • Support Requests. If you contact us to request support in connection with your use of (or inability to use) the Services or to make a request relating to a product or service which you have reserved or purchased using the Services, then, in addition, to your contact information (such as an email address or phone number), you will be asked for your name, mailing address, information regarding the Service you have booked, and the details of the request itself. We will use this information to verify your identity, identify the Service which you have booked, process your request and contact you regarding your request (or to answer your question). We may also store the details of the request in order to present this information to you as part of your account history, in order to display and contact you with information that is relevant to you in the future. We may also use the details of your request (including information about you) for our own review of our customer support and communication practices.
   4. • Contacting Us. If you contact us to make certain requests or to ask questions, we will use this information to respond to your requests or questions. We may also store the details of the request in order to present this information to you as part of your account history, in order to display and contact you with information that is relevant to you in the We may also use the details of your request (including information about you) for our own review of our customer support and communication practices.
   5. • Newsletter or Marketing Sign Up. In the event you sign up to receive promotions, newsletters or other commercial or marketing communications from us, we will use the information you provide (such as your email address) to send you such You may contact us at any time to request that we stop sending you such communications or opt-out of such communications by using the “unsubscribe” link at the bottom of e-mails we send.
   6. • Surveys & Feedback. If you complete a survey or feedback form we provide, you may be requested to provide your personal details or to log in to your Account. In such case the feedback you provide may be connected to your Account or we may contact you in order to resolve any problems you report as part of your Whether you are asked to provide personal details or not, we will use your feedback to improve our products and services, and compile statistical data.
   7. • Business Contact Information. If you have provided us with your business card or contact card (including electronically), or you have sent us an e-mail which lists your contact information (for example as part of your signature), if you have signed up with us at a trade exhibition or at another event, or you have entered into an agreement with us and have provided contact information as part of the agreement, then we will use the information provided to contact you in the future either regarding products or services you have purchased from us (or which we have purchased from you, if you are a service provider or supplier of ours), or which may be of interest you (or which you have offered or may be able to provide to us, if you are a service provider or supplier, or a potential service provider or supplier of ours).
   8. • Applying for a Position. When you apply for a position or make an inquiry regarding employment with Oversee or our affiliates, including by sending your resume or CV to us by email or by other means, or through a third party, or completing and submitting a form on the Services, we will (but are not obligated to) use the information you provide to contact you regarding your request or the position, to evaluate your experience, skills and candidacy for a position, and to verify your identity and conduct background checks (to the extent legally permissible). We may also share this information with affiliates as well as with third parties who provide personnel services for such purposes.
   9. 1. Information we Automatically Collect and Receive from Other Sources
         • Log Files. We use log files generated by your visits to and activity on our Services. Log files record information such as your internet protocol (IP) address, browser type, device type, Internet Service Provider (ISP) identity, a date/time stamp for user actions, the URLs referring/exit pages, the URL of clicked pages, error We will use this information to present relevant information to you and provide you with the Services, analyze activity on the Services, and improve our Services. [While this information may be used to automatically determine what is presented to you on the Services and the format of such content, we do not link this information to your Account.
      • Device Information. We collect information about the device you use to access and use the Services, including the unique device identifier, MAC address, International Mobile Equipment Identity (“IMEI”), device dimensions, model, manufacturer, operating system, the application you use to access the Services (for example, your web browser), and your mobile network information. We use this information to adapt the Services to your device and to collect statistical information about how our Services are used and improve our Services.
   10. • Geolocation Information. We collect information about your (or your device’s) location using your IP address or your mobile device’s GPS. We use this information to offer or present you with information and content that is relevant to you. Your mobile device may enable you to disable or turn off location sharing, though this may interfere with the functionality of our Services.
   11. • Cookies. We use “cookies”, small text files sent to your computer and then sent back by your Web browser to a website or other online service to retrieve the information in the cookie (for instance, whether you visited a website previously, or have already logged into an online account). “Session” cookies are temporary cookie files that last until you close your browser when they are deleted. “Persistent” cookies remain on your device until you or your browser delete them, or for the period set in the specific cookie. Cookies enable us to customize our Services to your preference or previous activity on the Services. For example, we may use cookies to store your language preferences or other settings so you don‘t have to set them up every time you visit the You may delete cookies or block cookies from your device, by changing the preferences in your browser. Doing so, however, may impair the functionality of the Services in whole or in part.
   12. • Usage Data and Analytics Services. We collect and analyze information about how you use and access the Services using services and tools provided by third parties (collectively, “Analytics Services“), such as (but not limited to) Google Analytics, as described further below. Generally, Analytics Services collect information about user or visitor activities on our Services (such as our Site) using technologies like cookies and other tracking technologies (including some of those described above). The type of information collected by Analytics Services includes information about what users do on our Services, what elements of the Services they interact with and how they interact with the Services, how often users visit the Services, what pages or parts of the Services they visit, what other websites they may have visited prior to coming to the Services (“referring pages”), what search engine and search keywords they may have used to get to the Services, and information about users’ devices and We use this information to provide, maintain and improve our Services.

Google Analytics. Google Analytics collects information such as how often users visit our Services, what pages or parts of the Services they visit and access, what other websites or applications they used prior to accessing our Services and users’ IP addresses. We use the information we receive from Google Analytics to maintain and improve our Services. We do not combine the information collected through the use of Google Analytics with personally identifiable information. Google’s ability to use and share information collected by Google Analytics about your visits to our Services is governed by the Google Analytics Terms of Service, available at https://marketingplatform.google.com/about/analytics/terms/us/ and the Google Privacy Policy, available at http://www.google.com/policies/privacy/. You may learn more about how Google collects and processes data specifically in connection with Google Analytics at http://www.google.com/policies/privacy/partners/. You may prevent your data from being used by Google Analytics by downloading and installing the Google Analytics Opt-out Browser Add-on, available at https://tools.google.com/dlpage/gaoptout/.

1. 1. 2. What Security Measures Do We Use to Keep Your Personal Data Safe?

We use reasonable procedures to prevent unauthorized access to and the misuse of your Personal Data such as appropriate business systems and procedures to protect and safeguard your Personal Data. Also, there are security procedures and technical and physical restrictions for accessing and using your Personal Data on our servers, we are only allowing authorized personnel to access Personal Data as part of their work. We’ll only keep your personal data as long as we think necessary in order to let you use our services including accessing your Account or in order for us to provide your employer, our Services, unless otherwise shall be instructed by you or your employer. However, and in order to comply with applicable laws, to resolve any disputes, and to otherwise allow us to conduct our business, including detecting and preventing fraud or other illegal activities, we may refuse to delete your Personal Data, subject to applicable law. All Personal Data we keep about you is covered by this Privacy Policy.

1. 1. 3. How (And With Whom) We Share Your Personal Data

In addition to the methods or the third parties with whom we may share your Personal Information described above (such as the providers of Analytics Services), we share Personal Data in the following manner:

1. 1. • Your Employer. Your employer (and any person using your employer’s Account) may access your Account information and view your activity using the Services while logged into the corporate account.

Global Distribution System. In order to process your reservation, any requests you make, cancellations or resolve disputes with airlines and other third parties in connection with you and your flight, we receive the Traveler Information and Flight Itinerary from Global Distribution System following a consent from your employer.

1. 1. • Law Enforcement or Other Government Entities. Where required by law or government or court order, we will disclose Personal Data relating to you, but only to the extent we are required to do so by law.
   2. • With your Consent. In the event that you have requested or have consented to the transfer of Personal Data relating to you (such as by checking a box to signify your agreement) we will transfer Personal Data to the relevant third party.
   3. • Disputes. In case of any dispute with or concerning you, we may disclose Personal Data relating to you with our legal counsel, professional advisors and service providers, the relevant court or other tribunal and other third parties as needed in order to resolve the dispute, defend ourselves against any claims, or enforce our rights.
   4. • Mergers and Acquisitions. In the event that we, or a part of our business, are sold to a third party, or if we are merged with another entity, or in the event of bankruptcy or a similar event, we will transfer information about the relevant portions of our business as well as relevant customers and users, to the purchaser or the entity with which we are merged.
   5. • Affiliates. We share Personal Data with our affiliates, such as our U.S. subsidiary, Oversee, Inc., who assist us in processing Personal Data and providing our Services.
   6. 4. RIGHTS UNDER THE GDPR

Subject to certain exceptions and exclusions, the following rights apply to individuals who are protected by Regulation (EU) 2016/679, known as the General Data Protection Regulation (the “GDPR”). This includes, but may not be limited to, individuals who reside in, and who are citizens of, EU member states. If you are such a person, then:

1. 1. • Right of Access. You may request that we confirm to you whether or not we store Personal Data about you and to provide you with a copy of the Personal Data we maintain about you and information about: (a) the purposes of the processing of the Personal Data; (b) the categories of Personal Data being processed; (c) the names of the recipients or the categories of recipients to whom the Personal Data have been or will be disclosed, in particular recipients in third countries or international organizations; (d) if possible, the period we believe we will store the Personal Data, or the criteria we use to determine that period; (e) the sources of the Personal Data, if not collected from you; and (f) whether we use automated decision-making, including profiling, and meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.
   2. • Right to Rectify. You may request that we rectify any Personal Data about you that we maintain that is incorrect. Depending on the purpose for which the data is used, this may also include the right to complete incomplete Personal Data.
   3. • Right to Erasure (“Right to be Forgotten”). You may request that we erase or suppress Personal Data that relates to you in the following cases: the data is no longer needed by us; when the data is collected with your consent and you withdraw that consent; when you have a right to object to our use of the data (as described below under, “Right to Object”); we are not lawfully processing the data; or we are otherwise required by law to delete the However, there may be circumstances in which we may retain your data or we may refuse your request, for example when we review the data to defend ourselves or make legal claims or exercise are own rights. In addition, this right may not apply to the display or access of your Personal Data outside of the European Union.
   4. • Right to Restrict Processing. You may request that we restrict our use or processing of your Personal Data if: you claim the Personal Data is inaccurate, during the time we investigate your claim; our processing of the Personal Data was unlawful; we no longer require the Personal Data; we processed the Personal Data for our legitimate interests and you object to this use (as you are permitted to do under Article 21(1) of the GDPR), during the time that we investigate whether our legitimate interests override your request. However, there may be circumstances in which we are legally entitled to refuse your request.
   5. • Right to Data Portability. You may request that we provide you with your Personal Data that we process based on your consent or to fulfill a contract with you or that we process using automated means, in a structured, commonly used and machine-readable format, and to transfer your Personal Data to another entity or have us transfer it directly to such entity.
   6. • Right to Object. You may, based on reasons specifically relating to you, to object to our processing of your Personal Data, when: (i) the data is used for our legitimate interests and our interests in processing the data does not override your interests, rights and freedoms and we do not require use of the data for the establishment, exercise or defense of our legal claims or rights; and (ii) we use the data for direct marketing purposes or profiling for direct marketing purposes.
   7. • Right to Object to Automated Decision Making. You may request that you not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or significantly affects you.
   8. • Right to Withdraw Consent. Where we process Personal Data relating to you based on your consent (such as by clicking a check box adjacent to a statement of consent), you may withdraw your consent and request that we cease using your Personal Data for the purpose for which you have your consent, or altogether, depending on the
   9. • Right to Make a Complaint. You may file a complaint regarding our practices with the data protection authority in your place of habitual residence, place or work, or the place of the alleged infringement.

You can exercise your rights that apply to us by contacting us by email at [email protected]. We may be permitted by law (including the GDPR and local national laws) to refuse or limit the extent to which we comply with your request. We may also require additional information in order to comply with your request, including information needed to locate the information requested or to verify your identity or the legality of your request. To the extent permitted by applicable law, we may charge an appropriate fee to comply with your request.

1. 1. 5. Transfers of Personal Data to other Countries outside the EU or EEA

When we transfer Personal Data subject to the GDPR to recipients located in other countries outside the European Economic Area and which the European Commission has not determined adequately protect Personal Data, we enter into contractual agreements approved by the EU Commission with these recipients and receive assurances that the Personal Data will be protected. As of the date this Privacy Policy was published (see above), examples of the forms of such agreements can be found here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-t hird-countries_en; and a list of countries which the European Commission has determined to adequately protect Personal Date                                                     can                                            be                                            found here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-e u-countries_en. In the case of recipients of such Personal Data who are located in the United States and who have joined the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks, we do not enter into such contractual agreements, and instead rely on the Privacy Shield Framework. As of the date this Privacy Policy was published, the U.S. International Trade Administration (ITA) and U.S. Department of Commerce maintain a list of U.S. entities which have joined the Privacy Shield Framework here: https://www.privacyshield.gov/list. In addition, in certain circumstances, as permitted by applicable law, we may transfer Personal Data to which the GDPR applies to countries outside the European Economic Area or which the European Commission has not determined to adequately protect Personal Data, such as where you have explicitly consented to the transfer, after having been informed of the possible risks, where the transfer is necessary to perform a contract with you or which is in your interest, i.e., process your flight reservation, or in other circumstances specified in Article 49 of the GDPR (Derogations for specific situations). If you are an individual protected by the GDPR, you may contact us at [email protected] in order to obtain additional information regarding the basis for the transfer of Personal Data relating to you to countries outside the European Economic Area. Please note that information or copies of documents we may provide to you in connection with such requests may be limited or redacted in order to protect the rights of third parties or to comply with contractual obligations we may have (such as obligations of confidentiality).

1. 1. 6. YOUR CALIFORNIA PRIVACY RIGHTS

If you are a California resident you have the right under California law to make certain requests in connection with our use of Personal Data relating to you, as described below. To make such a request, please contact us by email at [email protected]. Please note that certain exceptions may apply.

1. 1. • Disclosure of Direct Marketing Practices. Under California Civil Code Section 1798.83, one time per year you may request the following information regarding our disclosure of your Personal Data to third parties for their direct marketing purposes: a list of the categories of the personal information disclosed to such parties during the preceding calendar year, the names and addresses of such third parties, and if the nature of the parties’ businesses is not clear from their names, examples of the products or services marketed by such third parties.
   2. • Removal of Public Information. If you are under the age of 18 and have an Account, under California Business and Professions Code Section 22581, you may request the removal of content or information you have publicly posted that is identified with you or your Please be aware that certain exceptions may apply and we may not be able to completely remove all such information.
   3. 7. CALIFORNIA DO NOT TRACK NOTICE.

We do not track individuals’ online activities over time and across third party Web sites or online services (though we do receive information about the webpage you visited prior to access the Services). However, we allow third parties (such as analytics service-providers Google) to collect personally identifiable information about an individual consumer’s online activities when a consumer uses the Services. We do not respond to Web browser “do not track” signals or similar mechanisms.

1. 1. 8. Personal Data of

Our Services are not intended for, and we do not knowingly collect Personal Data from persons under the age of eighteen (18). If you believe that a person under the age of eighteen (18) has provided us with Personal Data, or if we have received the Personal Data of such person, please contact us at https://overseeprod.wpengine.com/privacy/  

1. 1. 9. UNSUBSCRIBING TO COMMERCIAL MESSAGES.

You may request that we stop sending you commercial messages by clicking the unsubscribe link located at the bottom of the email you receive. However, we may still send you messages in connection with your Account, requests or reservations you make, to resolve disputes, or as otherwise permitted by applicable law.

1. 1. 10. ANONYMOUS INFORMATION.

We do not treat information we collect or receive which cannot be connected to any particular person or which is anonymized or aggregated such that it can no longer be connected to or used to identify any particular person as Personal Data even if it was originally linked to or stored with Personal Data. Such information cannot be used to identify you or any other person. We use anonymous information internally for a variety of purposes, may share it with third parties or even publish it for any reason.