Privacy Policy

A Supplement to our Privacy Policy

Last updated: June 20, 2018

This Privacy Policy covers how we collect, use, process, share, and protect Personal Information (as defined below) about you gathered through our Casto Travel websites, including casto.com, casto.com.ph, castotravel.ph, castotravel.com, casto.travel, castovacations.com, castovacations.net, castotravel.net, icasto.com, passportvisa.com, rascalsinparadise.com, visabycasto.com (the “Sites”), and our ‘Marco by Casto’ mobile application (the “App”), collectively, the “Services”. It also tells you about your rights and choices with respect to your Personal Information, and how you can contact us if you have any questions or concerns.

References in this Privacy Policy to “you”, “your” or “yours” are to be taken as references to the site user and the user’s company, except where stated or where the context requires otherwise. References to “us” or “we” are to be taken as references to Casto Travel Inc., its affiliates and subsidiaries.

By using the Services, you agree to the processing of your Personal Information as described in this Privacy Policy. Beyond the Privacy Policy, your use of the Services is also subject to our Terms of Use. If you don’t agree to this privacy policy or don’t accept the terms of use, you may not use our Services.

This Privacy Policy does not apply to the processing of Personal Information we do on behalf of our customers. To learn more about the processing of your Personal Information in that context, please refer to the relevant customer’s privacy notice.

1. Information We Collect

For the purpose of this Privacy Policy, “Personal Information” means any information relating to an identified or identifiable individual. We obtain Personal Information relating to you from the following sources:
  • Website form submission
  • Email
  • Phone conversation
  • Through a file provided by their employer (in the event the traveler’s employer is a Client of Casto)
  • Through a file provided by a Travel Supplier
Where applicable, we indicate whether and why you must provide us with your Personal Information, as well as the consequences of failing to do so. If you do not provide necessary or legally required Personal Information when requested, you may not be able to benefit from our Services.

Personal Information You Provide Us

Registration. If you wish to access our Services, such as travel management, you may be required to become a registered user, and to submit Identification information (e.g., name, surname, email address, login credentials)

Social Media Sign-On. We collect Personal Information when you use your social media credentials to log into our Services (e.g., when you log in with your Gmail credentials, we may collect the Personal Information you have made available to Google and on Google+, such as your name and profile picture).

Visa and passport application. We collect Personal Information necessary to manage your request to obtain a visa or U.S. passport (e.g., nationality and passport/visa information, contact details, credit card information, travel information, occupation, education,). In addition, certain countries require us to collect and submit certain Personal Information that is considered to be sensitive data under applicable data protection laws (e.g., criminal record, general health information, religious affiliation)

Business Partners. If you work for one of our business partners or vendors, we will collect your contact details to manage the business relationship.

Job Application. If you apply for a job with us, we will collect your application information, including your resume and the contact details of your referees, as well as any other information you chose to provide to us in the context of your application.

Personal Information Obtained in the Context of Travel Purchase

We may collect Personal Information in the context of Travel Purchase directly from you, from your employer or travel supplier.

Travel management. Depending on the nature of the Services that you have engaged us to provide (e.g., corporate, concierge, vacation, or group travel), we may collect the following types of Personal Information:
  • Information relating to travelers (e.g., traveler name, middle name and surname, date of birth, gender, passport number, country of passport issuance, TSA known redress number, airline frequent flyer number, passenger name record (PNR) reference, primary email address, primary phone number, employee ID)
  • Travel ticket information (ticket indicator, conjunctive ticket number, international sale indicator, fare class, ticket/confirmation number, record locator, arrival/destination location, arrival/departure date, airline carrier, flight detail)
  • Information relating to travel arrangements (e.g., preferred travel supplier, preferred travel destinations, hotel and car rental company, room rate, total spend, vendor name, vendor property locations)
  • Business contact information (e.g., Co-worker and personal assistant names and email address)
  • Billing information (e.g., invoice date, billing number, form of payment, credit card code, credit card number, credit card expiration date)
  • In limited situations and with your consent where required under applicable law, we may process Personal Information that is considered to be sensitive under applicable law. For example, we may collect your religion if you travel to countries that require this information for VISA purposes.
Personal Information Automatically Obtained From Your Use of the Services

When you use our Services, we and our third party service providers may collect information from you through automated means, such as cookies, web beacons, and web server logs. By clicking on our cookies banner, you consent to the placement of cookies, beacons, and similar technologies in your browser and on emails in accordance with this Privacy Policy. The information collected in this manner includes IP address, browser characteristics, device IDs and characteristics, operating system version, language preferences, referring URLs, and information about the usage of our Services.

We may use this information, for example, to ensure that the Services function properly, to determine how many users have visited certain pages or opened messages or newsletters, or to prevent fraud. We work with analytics providers such as Google Analytics, which uses cookies and similar technologies to collect and analyze information about use of the Services and report on activities and trends. This service may also collect information regarding the use of other websites, apps and online resources. You can learn about Google’s practices by going to https://www.google.com/policies/privacy/partners/, and opt out of them by downloading the Google Analytics opt-out browser add-on, available at https://tools.google.com/dlpage/gaoptout.

If you do not want information collected through the use of cookies, there is a simple procedure in most browsers that allows you to automatically decline cookies or be given the choice of declining or accepting the transfer to your computer of a particular cookie (or cookies) from a particular site. You may also wish to refer to http://www.allaboutcookies.org/manage-cookies/index.html. If, however, you do not accept cookies, you may experience some inconvenience in your use of the Services.

2. How We Use Your Personal Information

Internal and Services-Related Usage. We use Personal Information for internal and Services-related purposes, including to operate, provide and maintain the Services (e.g., creating and managing your account, purchasing travel, completing reservations, managing travel accommodations, managing visa and U.S. passport requests, payment processing, industry reporting, expense reporting, processing job applications and managing our business relationships).When you deactivate your Casto account, your Personal Information is permanently disassociated with information about your purchasing behavior, but we will continue to use such data for internal analysis, invoicing and general ledger.

Communication. We use Personal Information to communicate with you and to respond to your inquiries relating to customer-support, technical-support, security and privacy, and administrative matters (e.g., informing you about updates of your travel accommodation).

Analytics and Improving the Services. We and our service providers use Personal Information that we collect on the Services, such as your activities on the Services, to monitor and analyze usage of the Services and to improve and enhance the Services.

Marketing. We may send you marketing communications, which may be tailored to you, based on information such as your interests and preferences, and to advertise to you on other Websites. For example, we may send you an email to alert you about product or service updates, special offers and other new products and services.

Aggregate Data. We may de-identify and aggregate information collected through the Services for statistical analysis and other lawful purpose.

Legal. We may use your Personal Information to enforce our Terms of Use to comply with our legal obligations and internal policies, to prevent or address potential or actual injury or interference with our rights, property, operations, users or others who may be harmed or may suffer loss or damage and to protect our legal rights, prevent fraud and/or comply with judicial proceeding, court order, or legal process served on Casto.

Anonymized data. We may use and disclose aggregate information that does not identify or otherwise relate to an individual for other purpose.

If you are located in the European Economic Area, we only process your Personal Information based on a valid legal ground, including when:
  • You have consented to the use of your Personal Information, for example to receive electronic marketing communications;
  • We need your Personal Information to provide you with the Services, including for account registration, to respond to your inquiries, for customer support or where necessary execute the contract between your employer and Casto ;
  • We have a legal obligation to use your Personal Information such as a Statutory Requirement per the Advanced Passenger Information System (APIS) as provided for by the Aviation and Transportation Security Act (ATSA) of 2001 and the Enhanced Border Security and Visa Reform Act of 2002; or
  • We or a third party, have a legitimate interest in using your Personal Information. In particular, we have a legitimate interest in using your Personal Information to understand how you use our website on an aggregated basis,, conduct business analytics, and otherwise improve the safety, security, and performance of our Services. We only rely on our or a third party’s legitimate interests to process your Personal Information when these interests are not overridden by your rights and interests.

3. How We Share Your Personal Information

We disclose Personal Information that we collect about you in the context of the Services to third parties in the following circumstances:

  • Our affiliated entities. We may share Personal Information about you with our affiliates and subsidiaries.

  • Business partners. We may share Personal Information about you with various business partners depending on your travels. Such Business partners include: Airlines, Hotel companies, Car Rental companies, ride sharing services, internal accounting and quality control systems, our customer relation management utilities, online booking providers, expense reporting companies, reporting systems, and data aggregation utilities.

  • Third party services providers. We may share Personal Information about you with our third party service providers who perform services on our behalf, such as website hosting, payment processing, data analysis, information technology and related infrastructure provision, customer service, email delivery, online advertising, market research and product development, auditing, and other services.

    Our service providers may combine the information collected with other information they have independently collected from other services or products relating to your activities. Such collection and use of your information is subject to the third party’s own privacy policy.

  • VisaByCasto. If you use the ViseByCasto service, we may disclose Personal Information about you, including your visa or passport application and any Personal Information they may contain, to the Passport office or the relevant Consulate in order to submit and manage the application on your behalf.

  • Legal. We may disclose Personal Information if required to do so by law or in the good faith belief that such action is appropriate: (a) under applicable law, including laws outside your country of residence; (b) to comply with legal process; (c) to respond to requests from public and government authorities, including public and government authorities outside your country of residence; (d) to enforce our terms of use; (e) to protect our operations or those of any of our affiliates; (f) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others; (g) to allow us to pursue available remedies or limit the damages that we may sustain and (h) to protect against or prevent actual or potential fraud, unauthorized transactions, claims or other liabilities, and to investigate potential fraudulent or questionable activities.

  • Merger or sale. We may share your Personal Information with a potential or actual acquirer, successor, or assignee as part of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in bankruptcy or similar proceedings).

4. Your Rights And Choices

Marketing Communications. If you decide at any time that you no longer wish to receive marketing communications from us, please follow the unsubscribe instructions provided in any of the communications. Please be aware that, even after you opt out from receiving commercial messages from us, you may continue to receive administrative messages regarding the Services.

Depending on your country and, in particular, if you are located in the European Economic Area or Switzerland, you may have the following additional rights:
  • Request access to and receive information about the Personal Information we maintain about you, to update and correct inaccuracies in your Personal Information, to restrict or to object to the processing of your Personal Information, to have the information anonymized or deleted, as appropriate, or to exercise your right to data portability to easily transfer your Personal Information to another company. In addition, you may also have the right to lodge a complaint with a supervisory authority, including in your country of residence or of your place of work or where an incident took place.
  • Withdraw any consent you previously provided to us regarding the processing of your Personal Information, at any time and free of charge. We will apply your preferences going forward and this will not affect the lawfulness of the processing before your consent withdrawal.
Those rights may be limited in some circumstances by local law requirements. You may exercise these rights by contacting us as specified in the “How to Contact Us” section below. We may request you to provide proof of identity when handling your request.

Residents of California have the right to request a disclosure describing what types of personal information we have shared with third parties for their direct marketing purposes, and with whom we have shared it, during the preceding calendar year. You may request a copy of that disclosure by contacting us at privacy@casto.com.

5. Use of Services by Children

The Services are not directed to individuals under the age of sixteen (16), and we request that they not provide Personal Information through the Services. If a parent or guardian becomes aware that his or her child has provided us with Personal Information, he or she should contact us at privacy@casto.com and we will take steps to immediately delete that information.

6. International Cross-Border Data Transfer

Casto Services are hosted in and intended for use in the United States by U.S. residents. If you are visiting the Services from the European Economic Area or other regions with laws governing the processing of Personal Information, please note that your Personal Information may be transferred to countries that do not have the same data protection laws as the country in which you initially provided the information. By providing your Personal Information to the Services, you consent to any transfer of your Personal Information to the United States and the Philippines in accordance with this Privacy Policy. When we transfer Personal Information to other countries, we will protect that information as described in this Privacy Policy.

We comply with applicable legal requirements providing adequate safeguards for the transfer of Personal Information to countries other than the country where you are located. To protect Personal Information transferred from the EEA or Switzerland to the U.S. we are in the process of certifying to the EU-U.S. and Swiss-U.S. Privacy Shield frameworks. [To learn more, read our Privacy Shield Policy.] We may also transfer Personal Information to countries for which adequacy decisions have been issued by the European Commission, use contractual protections for the transfer of Personal Information to third parties, such as the European Commission's Standard Contractual Clauses, or rely on third parties’ certification to the EU-U.S. or Swiss-U.S. Privacy Shield Frameworks where applicable.

7. How We Secure Your Personal Information.

We maintain administrative, technical and physical safeguards that are intended to appropriately protect Personal Information against accidental or unlawful destruction, accidental loss, unauthorized alteration, unauthorized disclosure or access, misuse, and any other unlawful form of processing of the Personal Information in our possession. We do not ensure or warrant the security of your Personal Information or any data or information you transmit to us and you do so at your own risk. If a security breach occurs, we may communicate with you electronically (e.g., via the email address you have provided to us) and may post a notice on our Sites.

8. Data retention

We take measures to delete your Personal Information or keep it in a form that does not allow you to be identified when this information is no longer necessary for the purposes for which we process it, unless we are required by law to keep this information for a longer period. When determining the retention period, we take into account various criteria, such as the type Services requested by or provided to you, the nature and length of our relationship with you, possible re-enrolment with our Services, the impact on the Services we provide to you if we delete some information from or about you, mandatory retention periods provided by law and applicable statute of limitations.

9. Third Party Services and Links

Our Sites may provide links to other websites for your convenience and information (e.g., you may authorize us to place new orders or cancel orders with a travel supplier on your behalf using our technologies). We are not responsible for, the privacy practices, content or information of any third parties, including any third party operating any site or services to which our Services link. We strongly suggest that you review these third party’s applicable terms of service and privacy policies. We do not provide a notice warning our users when they are leaving our Services.

10. How We May Update Our Privacy Policy

From time to time, we may change this Privacy Policy. The “Last Updated” date at the top of this page indicates when this Privacy Policy was last revised. Unless we notify you otherwise, the revised Privacy Policy will be effective at the time we post it. If we make material changes, we may notify you through the Services or by sending you an email or other communication. We encourage you to read this Privacy Policy periodically to stay up-to-date about our privacy practices. Your continued use of the Services after a revised or updated version of the Privacy Policy has been posted constitutes your acceptance of that new Privacy Policy.

11. How to Contact Us

Casto Travel Inc. is the entity responsible for the processing of your Personal Information. If you have any questions about this Privacy Policy, or if you would like to exercise your rights to your Personal Information, you may contact us at privacy@casto.com or write to us at:

Casto Travel
2560 North First Street, Suite 150
San Jose, CA 95131 USA
+1 408-984-7000