Last updated: January 14, 2019
Where applicable, we indicate whether and why you must provide us with your Personal Information, as well as the consequences of failing to do so. If you do not provide necessary or legally required Personal Information when requested, you may not be able to benefit from our Services.
Personal Information You Provide Us
Registration. If you wish to access our Services, such as travel management, you may be required to become a registered user, and to submit Identification information (e.g., name, surname, email address, login credentials)
Social Media Sign-On. We collect Personal Information when you use your social media credentials to log into our Services (e.g., when you log in with your Gmail credentials, we may collect the Personal Information you have made available to Google and on Google+, such as your name and profile picture).
Visa and passport application. We collect Personal Information necessary to manage your request to obtain a visa or U.S. passport (e.g., nationality and passport/visa information, contact details, credit card information, travel information, occupation, education,). In addition, certain countries require us to collect and submit certain Personal Information that is considered to be sensitive data under applicable data protection laws (e.g., criminal record, general health information, religious affiliation)
Business Partners. If you work for one of our business partners or vendors, we will collect your contact details to manage the business relationship.
Job Application. If you apply for a job with us, we will collect your application information, including your resume and the contact details of your referees, as well as any other information you chose to provide to us in the context of your application.
Personal Information Obtained in the Context of Travel Purchase
We may collect Personal Information in the context of Travel Purchase directly from you, from your employer or travel supplier.
Travel management. Depending on the nature of the Services that you have engaged us to provide (e.g., corporate, concierge, vacation, or group travel), we may collect the following types of Personal Information:
Personal Information Automatically Obtained From Your Use of the Services
Internal and Services-Related Usage. We use Personal Information for internal and Services-related purposes, including to operate, provide and maintain the Services (e.g., creating and managing your account, purchasing travel, completing reservations, managing travel accommodations, managing visa and U.S. passport requests, payment processing, industry reporting, expense reporting, processing job applications and managing our business relationships).When you deactivate your Casto account, your Personal Information is permanently disassociated with information about your purchasing behavior, but we will continue to use such data for internal analysis, invoicing and general ledger.
Communication. We use Personal Information to communicate with you and to respond to your inquiries relating to customer-support, technical-support, security and privacy, and administrative matters (e.g., informing you about updates of your travel accommodation).
Analytics and Improving the Services. We and our service providers use Personal Information that we collect on the Services, such as your activities on the Services, to monitor and analyze usage of the Services and to improve and enhance the Services.
Marketing. We may send you marketing communications, which may be tailored to you, based on information such as your interests and preferences, and to advertise to you on other Websites. For example, we may send you an email to alert you about product or service updates, special offers and other new products and services.
Aggregate Data. We may de-identify and aggregate information collected through the Services for statistical analysis and other lawful purpose.
Anonymized data. We may use and disclose aggregate information that does not identify or otherwise relate to an individual for other purpose.
If you are located in the European Economic Area, we only process your Personal Information based on a valid legal ground, including when:
We disclose Personal Information that we collect about you in the context of the Services to third parties in the following circumstances:
Marketing Communications. If you decide at any time that you no longer wish to receive marketing communications from us, please follow the unsubscribe instructions provided in any of the communications. Please be aware that, even after you opt out from receiving commercial messages from us, you may continue to receive administrative messages regarding the Services.
Depending on your country and, in particular, if you are located in the European Economic Area or Switzerland, you may have the following additional rights:
Those rights may be limited in some circumstances by local law requirements. You may exercise these rights by contacting us as specified in the “How to Contact Us” section below. We may request you to provide proof of identity when handling your request.
Residents of California have the right to request a disclosure describing what types of personal information we have shared with third parties for their direct marketing purposes, and with whom we have shared it, during the preceding calendar year. You may request a copy of that disclosure by contacting us at firstname.lastname@example.org.
The Services are not directed to individuals under the age of sixteen (16), and we request that they not provide Personal Information through the Services. If a parent or guardian becomes aware that his or her child has provided us with Personal Information, he or she should contact us at email@example.com and we will take steps to immediately delete that information.
We comply with applicable legal requirements providing adequate safeguards for the transfer of Personal Information to countries other than the country where you are located. To protect Personal Information transferred from the EEA or Switzerland to the U.S. we adhere to the EU-U.S. Privacy Shield framework. [To learn more, read our Privacy Shield Policy.] We may also transfer Personal Information to countries for which adequacy decisions have been issued by the European Commission, use contractual protections for the transfer of Personal Information to third parties, such as the European Commission's Standard Contractual Clauses, or rely on third parties’ certification to the EU-U.S. Privacy Shield Framework where applicable.
We maintain administrative, technical and physical safeguards that are intended to appropriately protect Personal Information against accidental or unlawful destruction, accidental loss, unauthorized alteration, unauthorized disclosure or access, misuse, and any other unlawful form of processing of the Personal Information in our possession. We do not ensure or warrant the security of your Personal Information or any data or information you transmit to us and you do so at your own risk. If a security breach occurs, we may communicate with you electronically (e.g., via the email address you have provided to us) and may post a notice on our Sites.
We take measures to delete your Personal Information or keep it in a form that does not allow you to be identified when this information is no longer necessary for the purposes for which we process it, unless we are required by law to keep this information for a longer period. When determining the retention period, we take into account various criteria, such as the type Services requested by or provided to you, the nature and length of our relationship with you, possible re-enrolment with our Services, the impact on the Services we provide to you if we delete some information from or about you, mandatory retention periods provided by law and applicable statute of limitations.
Our Sites may provide links to other websites for your convenience and information (e.g., you may authorize us to place new orders or cancel orders with a travel supplier on your behalf using our technologies). We are not responsible for, the privacy practices, content or information of any third parties, including any third party operating any site or services to which our Services link. We strongly suggest that you review these third party’s applicable terms of service and privacy policies. We do not provide a notice warning our users when they are leaving our Services.
Casto Travel Inc. is the entity responsible for the processing of your Personal Information.
2560 North First Street, Suite 150
San Jose, CA 95131 USA
Fran Mincey - VP of Global Sales and Account Management