PRIVACY POLICY

Plan Holiday

[Last Amended: December 19, 2023]

This Privacy Policy (“Privacy Policy”), is an integral part of our End User License Agreement (“EULA”), and governs the processing and transfer of personal data collected or processed by using or accessing Plan Holiday mobile application (“we”, “us” or “our”) or our services, all as detailed in the applicable EULA (respectively the “App” and “Service”).

Any capitalized terms not defined herein shall have the meaning ascribed to them in the EULA.

This Privacy Policy explains what data we may collect from you, how such data may be used or shared with others, how we safeguard it and how you may exercise your rights related to your Personal Data (as defined below), among others, and where applicable, as required according to the EU General Data Protection Regulation (“GDPR”),the Brazilian General Data Protection Law (as amended by Law No. 13,853/2019) (“LGPD”), the California Consumer Privacy Act (“CCPA”) and other US states as further detailed below.

If you have any questions regarding this Privacy Policy or our data practices, you are welcome to contact us at: support.planholiday@o16iapps.com

This Privacy Policy explains our data collection practices that are applicable to any users of our App or our Services (“you” or “your”).

Table of Contents

I. PRIVACY NOTICE

A. POLICY AMENDMENTS:

B. CONTACT INFORMATION AND DATA CONTROLLER INFORMATION:

C. DATA SETS WE COLLECT AND FOR WHAT PURPOSE:

D. HOW WE COLLECT YOUR INFORMATION:

E. SDK & TRACKING TECHNOLOGIES:

F. DATA SHARING – CATEGORIES OF RECIPIENTS WE SHARE PERSONAL DATA WITH:

G. DATA RETENTION:

H. SECURITY MEASURES:

I. INTERNATIONAL DATA TRANSFER:

J. USER RIGHTS

K. OPT OUT OPTIONS

L. ELIGIBILITY AND CHILDREN PRIVACY:

II. JURISDICTION-SPECIFIC NOTICES:

A. ADDITIONAL NOTICE TO CALIFORNIA RESIDENTS

B. ADDITIONAL NOTICE TO COLORADO RESIDENTS

1. YOUR RIGHTS UNDER CPA:

2. HOW TO SUBMIT A REQUEST UNDER CPA?

C. ADDITIONAL NOTICE TO VIRGINIA RESIDENTS

1. HOW TO SUBMIT A REQUEST UNDER VCDPA?

D. ADDITIONAL NOTICE TO CONNECTICUT RESIDENTS

1. HOW TO SUBMIT A REQUEST UNDER CDPA?

E. ADDITIONAL NOTICE TO UTAH RESIDENTS (effective January 2024)

F. NOTICE TO NEVADA RESIDENTS

#

I.PRIVACY NOTICE

A.POLICY AMENDMENTS:

We reserve the right to amend this Policy from time to time, at our sole discretion. The most recent version of the Policy will always be posted on the website. The updated date of the Policy will be reflected in the “Last Modified” heading. We will provide notice to you if these changes are material, and, where required by applicable law, we will obtain your consent. Any amendments to the Policy will become effective within 30-days upon the display of the modified Policy. We recommend you review this Policy periodically to ensure that you understand our most updated privacy practices.

B.CONTACT INFORMATION AND DATA CONTROLLER INFORMATION:

 The company incorporated under the laws of Israel, and it is the controller of your Personal Data.

You may contact us and our DPO as follows:

Representative for data subjects in the EU and UK Contact Information:

We value your privacy and your rights as a data subject and have therefore appointed Prighter Group with its local partners as our privacy representative and your point of contact. Prighter gives you an easy way to exercise your privacy-related rights (e.g., requests to access or erase personal data). To get in touch with our representative, or to exercise your data subject rights, please reach out to us at: support.planholiday@o16iapps.com, and we will promptly provide you with the necessary details to contact Prighter directly.

C. DATA SETS WE COLLECT AND FOR WHAT PURPOSE:

You can find here information regarding the purposes for which we process your personal data as well as our lawful basis for processing, the definition of “personal” and “non-personal” data, and how it is technically processed.

Non-Personal Data

During your interaction with our website and Services, we may collect aggregated, non-personal non-identifiable information, which may be made available or gathered via your access to and use of the Services (“Non-Personal Data “). We are not aware of the identity of the user from which the Non-Personal Data is collected. The Non-Personal Data being collected may include your aggregated usage information and technical information transmitted by your device, such as: the type of browser or device you use, language preference, time and date stamp, country location, etc.

Personal Data

We may also collect from you, directly or indirectly, during your access or interaction with the website or Services, individually identifiable information, namely information that identifies an individual or may, with reasonable effort, be used to identify an individual (“Personal Data”). The types of Personal Data that we collect as well as the purpose for processing and the lawfulness are specified in the table below.

We do not knowingly collect or process any Personal Data constituting or revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning a person’s health or data concerning a person’s sex life or sexual orientation (“Special Categories of Personal Data”).

The table below details the processing of Personal Data, the purpose, lawful basis, and processing operations:

DATA SET PURPOSE AND OPERATIONS LAWFUL BASIS
Registration Information:
If you are required to register and create an account through our App, we will collect the Personal Data that you are required to provide us during the registry process, such as your full name and email address.
Further, during the registration process you will be supplied with username and password for your account, at which time you thereby represent and warrant that you are responsible for maintaining the confidentiality of your details and password. You represent and warrant that you will not provide us with inaccurate, misleading or false information.
This information will be processed for the purpose of performing our contract with you, to set up your account with us and enable you to use our Services.
In addition, we may process your Personal Data for our legitimate interests, for example, to send you marketing and promotional messages and offers related to our Services. You are able to unsubscribe from receiving such correspondence from us by contacting us at: support.planholiday@o16iapps.com
Please note that if you choose to unsubscribe from direct marketing, we may still retain your contact details and send you relevant service-related information such as invoices and subscription rates.
The registration information is processed to perform our contract with you and the direct marketing is subject to our legitimate interest.
Contact Information:
If you voluntarily contact us, you may be required to provide us with certain information such as your name, job title, company name, email address (“Contact Information”) and any additional information you decide to share with us.
We will use this data to respond to your inquiry.

Members Club Registration:
If you choose to register to our Members Club, we will you your Contact Information in order to send you Offers and marketing materials.
We process such Contact Information subject to our legitimate interest.

We may keep such correspondence if we are legally required to.
GPS Location Information:
Certain features may require access to your GPS location permissions.
In addition, in certain features we will use your “Access Fine Location” permission in the background while you are using the App so that we are able to locate the wifi networks and connection to provide the Services.
This information will be processed for the purpose of providing the Services.
In addition, we will use your Fine Access Location in order to offer you different WIFI networks depend on your location.
Please note that this information can run in the background of your mobile device, and show you an applicable list of WIFI networks. You may choose to block your background location through your device setting.

Further we wish to clarify that we do not store any GPS Location Information on our servers and any processing activity shall be done solely on your device.
We will process this data solely upon your active explicit consent though in-app notifications.
Push Notifications:
We may store Firebase Cloud Messages token. If you wish to stop getting push notifications, you may do so simply by disabling push notifications on your device’s settings or uninstall the app.
This information will be processed to allow us to send push notifications to users from our server. As the token is Non-Personal Data it does not require a lawful basis.
In-App Payment Information:
When you make a payment through our App and offered Services, all payments are in-app payments and are subject to the applicable App Store terms and privacy policy.
Google Terms of Service
Google Privacy Policy
App Store Terms of Use
App Store Privacy Policy
We use in app payment processors; the registration and payment information are solely processed by the applicable app store provider. We do not store nor process any Personal Data when you process the payment.
We receive an order number which is connected to a user ID which was generated when installing the app (non identifiable).
The Payment Information is processed to perform our contract with you to provide you our Services..
Log Data and Unique Identifiers:
In case of an error in the App we collect data and information (through third-party service providers) such as “Log Data” or “Crash Data”. This data may include information such as your device Internet Protocol (“IP”) address, device name, operating system version, the configuration of the App when utilizing our Service, the time and date of your use of the Service, and other statistics.
In most cases, this data will not include Personal Data, however we treat this information as Personal Data as we may be able to reasonably identify you. We process this data set for our legitimate Interest of protecting our App and Services and optimizing the App and Services.
List of Installed App:
When you install our App, we may collect information from your device, that may include a list of your installed Apps.
This data may contain identity information and therefore we treat it as Personal Data.
We use this data in order to maintain, support, improve, protect and manage our App and Services. We will base the processing of this data set on your consent through the organic in-app permissions
Profiling Data:
When you use our App we may display advertisements, our partners, the advertisers may place an SDK (as detailed below) and collect certain data on you for the purpose of displaying advertisement.
If you wish to prevent the display of advertisements or other identifiers for interest-based advertising, you may change your device settings to reset such advertisement or opt-out of such advertising (typically, this is available under the “Privacy” or “Ads” section in your device settings).
Please note that if you reset your advertising settings or opt-out of interest based advertising, you may still see advertisements in our App, but those ads will not be targeted for you. Please note that such actions may result in a less enjoyable user experience.
Our partners will process this data to manage and deliver advertisements more effectively and personally, including contextual, behavioral and interests-based advertising based on your activity, preferences or other data available to us or to our business partners and advertisers, including for re-targeting purposes. We process this information based on your consent as required under your jurisdiction provided through our cookie manager or similar technologies.
Photos and Videos:
if you use our designated feature in the applicable App in order to provide you with our Services, we will ask you to provide us with photos, images or videos of you (collectively “Content”) for editing purposes and to create animations.While we cannot prevent you from doing so, we still do not use Personal Data from photos for purposes other than providing our Service.
We process such data to provide you with the Services and to enable the editing and animation function that you requested.
For example, if you wish to receive altered photographs with animations of Emoji, we will use the original photograph you provided us.
We keep the original photo and the animation for as long as you use the Services.
Further we wish to clarify that we do not store any of your photos and videos on our servers and any processing activity shall be done solely on your device.
We process this information based on your consent provided through the organic in-app permissions in order to execute our contract with you and provide you with our services.
Microphone and audio:
As part of our dialer feature which is provided to certain Apps of ours, you will be required to provide us permissions to your Microphone.
We use those permissions to provide you with our dialer. The microphone permission needs to be affirmatively enabled through in-app permission or the mobile settings. You may disable the permissions at any time, but depending on the permission you disable, a feature or all features may not function properly. We will process the audio and use the microphone solely for providing you the dialer feature and we will not store any of your audio.
Further, we wish to clarify that we do not store any audio file or any information which may be accessed through the microphones and audio permissions on our servers and any processing activity shall be done solely on your device.
We process this information based on your consent provided through the organic in-app permissions in order to execute our contract with you and provide you with our services.
Call log and Contacts:
As part of our dialer feature which is provided to certain Apps of ours, you will be required to provide us permissions to your call log and contacts.
We use those permissions to provide you with our dialer and to identify your caller based on your contact list. The Call log and contacts permissions need to be affirmatively enabled through in-app permission or the mobile settings. You may disable the permissions at any time, but depending on the permission you disable, a feature or all features may not function properly.
Further, we wish to clarify that we do not store any of your contacts or call log on our servers and any processing activity shall be done solely on your device.
We process this information based on your consent provided through the organic in-app permissions in order to execute our contract with you and provide you with our services.
Bluetooth and Network:
We may collect through your Bluetooth and network permissions list of devices and networks your device “see” and connection history of your device
We use those permissions to provide you with our Services. The permission needs to be affirmatively enabled through in-app permission or the mobile settings. You may disable the permissions at any time, but depending on the permission you disable, a feature or all features may not function properly. We process this information based on your consent provided through the organic in-app permissions in order to execute our contract with you and provide you with our services.
Calendar:
Some of our Apps will provide you with new design features for your device. In order to apply those designs, we will need to access your calendar.
We will use the calendar permission in order to apply the applicable design for your device and calendar. The permission needs to be affirmatively enabled through in-app permission or the mobile settings. You may disable the permissions at any time, but depending on the permission you disable, a feature or all features may not function properly.
Further, we wish to clarify that we do not store any data processed or may be accessed through the calendar permissions on our servers and any processing activity shall be done solely on your device.
We process this information based on your consent provided through the organic in-app permissions in order to execute our contract with you and provide you with our services.
Health Data:
Our Apps may access and process certain health related data. This data shall be solely processed on your device and we will not transmit such data to our servers or taking any action which will cause the data to leave your device
We will use this data in order to provide you with certain features and as part of the performance of our Apps
We process this information based on your consent provided through the organic in-app permissions in order to execute our contract with you and provide you with our services.
We wish to clarify that we do not store any of your contacts or call log on our servers and any processing activity shall be done solely on your device.
We process this information based on your consent provided through the organic in-app permissions in order to execute our contract with you and provide you with our services.

Please note that the actual processing operation per each purpose of use and lawful basis detailed in the table above may differ. Such processing operation usually includes a set of operations made by automated means, such as collection, storage, use, disclosure by transmission, erasure, or destruction. The transfer of personal data to third-party countries, as further detailed in the Data Transfer Section, is based on the same lawful basis as stipulated in the table above.

In addition, we may use certain Personal Data to prevent potentially prohibited or illegal activities, fraud, misappropriation, infringements, identity thefts, and any other misuse of the Services and to enforce the Terms, as well as to protect the security or integrity of our databases and the Services, and to take precautions against legal liability. Such processing is based on our legitimate interests.

We may collect different categories of Personal Data and Non-Personal Data from you, depending on the nature of your interaction with the Services provided through the website and Platform, as detailed above. If we combine Personal Data with Non-Personal Data, the combined information will be treated as Personal Data or for as long as it remains combined.

D. HOW WE COLLECT YOUR INFORMATION:

Depending on the nature of your interaction with us, we may collect the above detailed information from you, as follows:

E. SDK & TRACKING TECHNOLOGIES:

Our Services and some of our Service Providers utilize “cookies” or “software development kits (“SDK”)” anonymous identifiers and other tracking technologies (collectively, “Tracking Technologies”) which help us provide and improve our Services, personalize your experience and monitor the performance of our activities and campaigns, as well as the usage of our Apps and Services as a whole.

The specific SDK we currently use, the purpose of the SDK, their privacy policy and opt-out controls are set forth in the table below:

NAME PURPOSE PRIVACY AND OPT OUT
Google Play In-app billing Google Play Privacy Policy: https://play.google.com/about/privacy-security-deception
https://policies.google.com/privacy?hl=en
Firebase • Remote Config- data
• storage and processing location
• Crashlytics- data
• Cloud Messaging
• data encryption
• security purpose
• a/b testing
• in-app messaging
• predictions
• analytics
Firebase Privacy Policy: https://firebase.google.com/support/privacy
Advertisers:
• AdMob
• AdColony
• Applovin
• Chocolate Platform
• Facebook Audience Network
• Index Exchange
• Media.net
• Mobfox
• OpenX
• PubMatic
• Rubicon
• Sharethrough
• Yieldmo

And as may be updated from time to time (collectively “Advertisers”).
The Advertisers are advertising Service Providers. Their targeted advertising SDKs collect information about your browsing activity across multiple websites and online services in order to provide you with relevant advertisements on the App and Services of third parties. The information collected using these advertising SDK does not disclose your identity, and helps us analyze the effectiveness of our advertising. • AdColony: https://www.adcolony.com/privacy-policy/
• AdMob: https://policies.google.com/privacy?hl=en
• Applovin: https://www.applovin.com/privacy/
• Chocolate Platform: https://chocolateplatform.com/privacy-policy/
• Facebook Audience Network: https://www.facebook.com/about/privacy/
• Index Exchange: https://www.indexexchange.com/privacy/
• Media.net: https://www.media.net/privacy-policy/
• Mobfox: https://www.mobfox.com/privacy-policy/
• OpenX: https://www.openx.com/legal/privacy-policy/
• PubMatic: https://pubmatic.com/legal/privacy/
• Rubicon: https://www.rubicon.com/privacy-policy/
• Sharethrough: https://www.sharethrough.com/privacy-center
• Yieldmo: https://yieldmo.com/privacy-policy/

F. DATA SHARING – CATEGORIES OF RECIPIENTS WE SHARE PERSONAL DATA WITH:

We share your data with third parties, including our partners or service providers that help us provide our Services. You can find here information about the categories of such third-party recipients.

CATEGORY OF RECIPIENT DATA THAT WILL BE SHARED PURPOSE OF SHARING
Advertisers Online Identifiers Display ads or content that best suit such application, as a part of our Services.
Service Providers All data We may disclose Personal Data to our service providers, contractors and third parties, including, but not limited to, our cloud and hosting provider, analytics and marketing providers, payment processors (in app payments), fraud prevention and analytic tools, tracking tools, the service providers are limited by contracts which limit their use of the data, and requires implementing security measures. The service providers process the data solely to provide the needed services. These entities are prohibited from using your Personal Data for any purposes other than providing us with requested services.
Any acquirer of our business All data We may share Personal Data, in the event of a corporate transaction (e.g., sale of a substantial part of our business, merger, consolidation or asset sale). In the event of the above, our affiliated companies or acquiring company will assume the rights and obligations as described in this Policy.
Governmental agencies, or authorized third parties. Subject to law enforcement authority request. We may disclose certain data to law enforcement, governmental agencies, or authorized third parties, in response to a verified request relating to terror acts, criminal investigations or alleged illegal activity or any other activity that may expose us, you, or any other user to legal liability, and solely to the extent necessary to comply with such purpose.

When we share information with services providers and partners, we ensure they only have access to such information that is strictly necessary for us to provide the Services. These parties are required to secure the data they receive and to use the data for pre-agreed purposes only while ensuring compliance with all applicable data protection regulations (such service providers may use other non-personal data for their own benefit).

G. DATA RETENTION:

In general, we retain the Personal Data we collect for as long as it remains necessary for the purposes set forth above, all under the applicable regulation, or until you express your preference to optout, where applicable.

Other circumstances in which we will retain your Personal Information for longer periods of time include: (i) where we are required to do so in accordance with legal, regulatory, tax, or accounting requirements, or (ii) for us to have an accurate record of your dealings with us in the event of any complaints or challenges, or (iii) if we reasonably believe there is a prospect of litigation relating to your Personal Data. Please note that except as required by applicable law, we will not be obligated to retain your data for any particular period, and we may delete it for any reason and at any time, without providing you with prior notice if our intention to do so.

H. SECURITY MEASURES:

We take great care in implementing physical, technical, and administrative security measures for the services that we believe comply with applicable regulation and industry standards to prevent your information from being accessed without the proper authorization, improperly used or disclosed, unlawfully destructed, or accidentally lost.

If you feel that your privacy was not dealt with properly or was dealt with in a way that was in breach of our Privacy Policy or if you become aware of a third party’s attempt to gain unauthorized access to any of your Personal Data, please contact us at our email. We will make a reasonable effort to notify you and the appropriate authorities (if required by applicable law) if we discover a security incident related to your Personal Data.

I. INTERNATIONAL DATA TRANSFER:

We use Google Cloud which are located in EU, US and Asia. Further, certain processing activities are conducted in Israel, or other countries. In the event of data transfer out of your jurisdiction, we will take appropriate measures to ensure that your Personal Data receives an adequate level of protection as required under applicable law. Further, when Personal Data collected within the EU is transferred outside the EU (and not to a recipient in a country that the European Commission has decided provides adequate protection) it shall be transferred under the provisions of the standard contractual clauses approved by the European Union. If you would like to understand more about these arrangements and your rights in connection therewith, please contact us at our email.

J. USER RIGHTS

According to data protection and privacy laws may grant you with certain rights with regards to your Personal Data, all according to your jurisdiction. The rights may include one or all of the following: (i) request to amend your Personal Data we store accessing; (ii) review and access your Personal Data that we hold; (iii) request to delete your Personal Data that we hold (as long as we do not have a legitimate reason for retaining the data); (iv) restrict or object to the process your Personal Data; (v) exercise your right of data portability (vi) contact to a supervisory authority in your jurisdiction and file a complaint; and (vii) withdraw consent (to the extent applicable). If you wish to submit a request to exercise your rights, please fill out the Data Subject Request Form (“DSR”) available here and send it to our email at: support.planholiday@o16iapps.com

When you contact us and request to exercise your rights regarding your Personal Data, we will require certain information from you in order to verify your identity and locate your data and that the process of locating and deleting the data may take reasonable time and effort, as required or permitted under applicable law. Data privacy and related laws in your jurisdiction may provide you with different or additional rights related to the data we collect from you, which may also apply.

You have the right to lodge a complaint with the EU Member State supervisory authority if you are not satisfied with the way in which we handled the complaint.

For additional rights under various jurisdictions, please refer to Section ‎II “JURISDICTION-SPECIFIC NOTICES” herein below.

K. OPT OUT OPTIONS

Interest-Based Advertising (“IBA”): We do not sell your Personal Data. Some of our Apps may include providing you with advertisements therefor we may “share” your Personal Data with third parties for personalized advertising purposes. If you wish to opt-out from the sharing of your personal data with third parties for the purpose of cross-contextual interest-based advertising there are many way to do so, as further detailed below. Please note that even if you opt-out you may still see personalized ads based on information other companies and ad networks have collected about you, if you have not opted out of sharing with them.

For IBA opt out options on desktop and mobile websites, please visit:

Additional information on opt-out rights and means are available through our CCPA Privacy Notice page link and DSR form: link.

L. ELIGIBILITY AND CHILDREN PRIVACY:

The Services are not intended for use by children (the phrase “child” shall mean an individual that is under the age defined by applicable law, which concerning the EEA is under the age of 16, and with respect to the US, under the age of 13), and we do not knowingly process children’s information. We will discard any information we receive from a user that is considered a “child” immediately upon discovering that such a user shared information with us. Please contact us at: support.planholiday@o16iapps.com if you have reason to believe that a child has shared any information with us.

II. JURISDICTION-SPECIFIC NOTICES:

A. ADDITIONAL NOTICE TO CALIFORNIA RESIDENTS

This section applies only to California residents. Pursuant to the California Consumer Privacy Act of 2018 (“CCPA”) effective November 2020, and as amended by the CPRA, effective January 1, 2023.

Please see the CCPA Privacy Notice: link which discloses the categories of personal information collected, purpose of processing, source, categories of recipients with whom the personal information is shared for a business purpose, whether the personal information is sole or shared, the retention period, and how to exercise your rights as a California resident.

B. ADDITIONAL NOTICE TO COLORADO RESIDENTS

Under the Colorado Privacy Act (“CPA”) if you are a resident of Colorado, acting only as an individual or household context (and not in a commercial or employment context, as a job applicant or as a beneficiary of someone acting in an employment context), your rights with respect to your personal data are described below.

Personal Data” as defined in the CPA means: “information that is linked or reasonably linkable to an identified or identifiable individual” and does not include any of the following: publicly available information, de-identified or aggregated consumer, and information excluded from the CPA scope, such as: Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPPA) or 42 CFR Part 2- “Confidentiality Of Substance Use Disorder Patient Records”, Personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or and the Driver’s Privacy Protection Act of 1994, Children’s Online Policy Protection Act of 1998 (COPPA), Family Educational Rights and Privacy Act of 1974, national Security Exchange Act of 1934, higher education data and employment data.

Sensitive Data includes (i) racial or ethnic origin, religious beliefs, mental or physical health condition or diagnosis, sex life or sexual orientation; (ii) Genetic or biometric data that can be processed to uniquely identify an individual; or (iii) child data. We do not process or collect any sensitive data.

Section ‎‎I.C “DATA SETS WE COLLECT AND FOR WHAT PURPOSE” of the Privacy Policy, we describe our collection and processing of personal data, the categories of personal data that are collected or processed, and the purposes. Additionally, in Section ‎I.F“DATA SHARING – CATEGORIES OF RECIPIENTS WE SHARE PERSONAL DATA WITH” details the categories of third-parties the controller shares for business purposes. ###

1. YOUR RIGHTS UNDER CPA:

Here in below, we will detail how consumers can exercise their rights, and appeal such decision, or if we sell the personal data, or sells the personal data for advertising and how to opt-out.

- - -  
Right to Access/ Right to Know You have the right to confirm whether and know the Personal Data we collected on you You can exercise your right by reviewing this Privacy Policy, in case you would like to receive the Personal Data please fill in this form to receive a copy of your data: link  
Right to Correction You have the right to correct inaccuracies in your Personal Data, taking into account the nature of the Personal Data and the purposes of the processing of your Personal Data. You can exercise this right directly through your account or by filling in this form: link  
Right to Deletion You have the right to delete the Personal Data, this right is not absolute and in certain circumstances we may deny such request. We may deny your deletion request, in full or in part, if retaining the information is necessary for us or our service provider(s) for any of the following reasons: (1) Complete the transaction for which we collected the Personal Data, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with you; (2) Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities; (3) Debug products to identify and repair errors that impair existing intended functionality; (4) Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law; (5) Comply with the law or legal obligation; (6) Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent; (7) Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us; (8) Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
We will delete or de-identify personal information not subject to one of these exceptions from our records and will direct our processors to take similar action.
If you would like to delete your Personal Data please fill in this form: link
You do not need to create an account with us to submit a request to know or delete.
 
Right to Portability You have the right to obtain the personal data in a portable, and to the extent technically feasible, readily usable format that allows you to transmit the data to another entity without hindrance. If you would like to receive the Personal Data please fill in this form to receive a copy of your data: link we will select a format to provide your Personal Data that is readily usable and should allow you to transmit the information from one entity to another entity without hindrance.  
Right to opt out from selling Personal Data You have the right to opt out of the sale of your Personal Data for the purposes of targeted advertising, sale to a third party for monetary gain, or for profiling in furtherance of decisions that produce legal or similarly significant effects concerning you or any other consumer.
You may authorize another person acting on your behalf to opt out, including by broad technical tools, such as DAA, NAI, etc.
We does not sell your personal information, so we do not offer an opt out. We may “share” personal information with third parties for personalized advertising purposes. You may indicate your choice to opt-out of the sharing of your personal data with third parties for personalized advertising on third party sites as detailed in Section ‎I.K OPT OUT OPTIONS.
To opt out from the use of cookies on our website, please click the “do not sell or share my personal information” in the footer of the website which will enable you to customize the use of cookies on our website.
 
Right to opt out from Targeted Advertising You have the right to opt out of the sale of your Personal Data for the purposes of targeted advertising, sale to a third party for monetary gain, or for profiling in furtherance of decisions that produce legal or similarly significant effects concerning you or any other consumer.
You may authorize another person acting on your behalf to opt out, including by broad technical tools, such as DAA, NAI, etc.
We does not sell your personal information, so we do not offer an opt out. We may “share” personal information with third parties for personalized advertising purposes. You may indicate your choice to opt-out of the sharing of your personal data with third parties for personalized advertising on third party sites as detailed in Section ‎I.K OPT OUT OPTIONS.
To opt out from the use of cookies on our website, please click the “do not sell or share my personal information” in the footer of the website which will enable you to customize the use of cookies on our website.
 
Right to opt out from Profiling You have the right to opt out of the sale of your Personal Data for the purposes of targeted advertising, sale to a third party for monetary gain, or for profiling in furtherance of decisions that produce legal or similarly significant effects concerning you or any other consumer.
You may authorize another person acting on your behalf to opt out, including by broad technical tools, such as DAA, NAI, etc.
We do not profile you, thus we do not need to provide an opt-out.  
Right to Appeal If we decline to take action on your request, we shall so inform you without undue delay, within 45 days of receipt of your request. The notification will include a justification for declining to take action and instructions on how you may appeal.
If we deny the appeal, you may contact the Colorado Attorney General using this link: https://coag.gov/office-sections/consumer-protection/ or (720) 508-6000.
Not more than 60 days after receipt of an appeal we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reason for the decisions.  
Duty not to violate the existing laws against discrimination or non-discrimination Such discrimination may include denying a good or service, providing a different level or quality of service, or charging different prices. We do not discriminate our users.  

2. HOW TO SUBMIT A REQUEST UNDER CPA?

Only you, or someone legally authorized to act on your behalf, may make a request to know or delete related to your Personal Data. If the DSR is submitted by someone other than the consumer about whom information is being requested, proof of authorization (such as power of attorney or probate documents) will be required.

We will respond to your request within 45 days after receipt of a verifiable Consumer Request and for no more than twice in a twelve-month period. We reserve the right to extend the response time by an additional 45 days when reasonably necessary and provided consumer notification of the extension is made within the first 45 days. If we refuse to take action on a request, you may appeal our decision within a reasonable period time by contacting us at support.planholiday@o16iapps.com and specifying you wish to appeal. Within 60 days of our receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, you may submit a complaint as follows: Colorado AG at https://coag.gov/file-complaint/

If you have an account with us, we may deliver our written response to that account or via email at our sole discretion. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. You do not need to create an account for submitting a request.

Any disclosures we provide will only cover the 12-month period preceding our receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable.

C. ADDITIONAL NOTICE TO VIRGINIA RESIDENTS

Under the Virginia Consumer Data Protection Act, as amended (“VCDPA”) if you are a resident of Virginia acting in an individual or household context (and not in an employment or commercial context), you have the following rights with respect to your Personal Data.

Personal data” means any information that is linked or reasonably linkable to an identified or identifiable natural person. “Personal data” does not include de-identified data or publicly available information. Personal Data does not include de-identified data or publicly available data, and information excluded from the scope such as: HIPAA, GBPA, non-profit entities, higher education, employment data and FCRA, Driver’s Privacy Protection Act of 1994, Family Educational Rights and Privacy Act, Farm Credit Act.

The VCDPA requires us to disclose the Categories of data processing and the purpose of each category, as detailed in Section ‎I.C “DATA SETS WE COLLECT AND FOR WHAT PURPOSE” of the Privacy Policy, the categories of data shared and the third parties with whom it is shared, as detailed in Section ‎I.F “DATA SHARING – CATEGORIES OF RECIPIENTS WE SHARE PERSONAL DATA WITH”. Disclosure of sale of data or targeted advertising are detailed in Section ‎I.K OPT OUT OPTIONS above, and in the DSR Form. Further, the table above under Section ‎II.B “ADDITIONAL NOTICE TO COLORADO RESIDENTS” details the rights you have under VCDPA and how you may exercise your rights.

1. HOW TO SUBMIT A REQUEST UNDER VCDPA?

We shall respond to your request within 45 days of receipt. We reserve the right to extend the response time by an additional 45 days when reasonably necessary and provided consumer notification of the extension is made within the first 45 days. If we refuse to take action on a request, you may appeal our decision within a reasonable period time by contacting us at support.planholiday@o16iapps.com and specifying you wish to appeal. Within 60 days of our receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, you may submit a complaint as follows: Virginia Attorney General at https://www.oag.state.va.us/consumercomplaintform

We shall provide information in response to your request free of charge, up to twice annually, unless requests are manifestly unfounded, excessive or repetitive. If we are unable to authenticate your request using commercially reasonable efforts, we may request additional information reasonably necessary to authenticate you and your request. If we cannot authenticate you and your request we will not be able to grant your request.

D. ADDITIONAL NOTICE TO CONNECTICUT RESIDENTS

Under the Connecticut Data Privacy Act, Public Act. No. 22-14 (the “CDPA”) if you are a resident of Connecticut, acting in an individual or household context (and not in a commercial or employment context or as a representative of business, non-profit or governmental entity), your rights with respect to your personal data are described below.

Personal data” means any information that is linked or reasonably linkable to an identified or identifiable individual. It does not include de-identified data or publicly available information. If further does not include information excluded from the scope such as: HIPAA, GBPA, non-profit entities, higher education, employment data and FCRA, Driver’s Privacy Protection Act of 1994, Family Educational Rights and Privacy Act, Farm Credit Act.

The categories of personal data processed, purpose of processing, are detailed in Section ‎I.C “DATA SETS WE COLLECT AND FOR WHAT PURPOSE”, categories of personal data shared with third parties, categories of third parties with whom data is shared, are detailed in Section ‎I.F “DATA SHARING – CATEGORIES OF RECIPIENTS WE SHARE PERSONAL DATA WITH”. Disclosure of sale of data or targeted advertising are detailed in Section ‎I.K OPT OUT OPTIONS above, and in the DSR Form.

Instructions on how to exercise your rights are detailed in the table above under Section ‎II.B “ADDITIONAL NOTICE TO COLORADO RESIDENTS” details the rights you have under CDPA and how you may exercise your rights.

1. HOW TO SUBMIT A REQUEST UNDER CDPA?

We shall respond to your request within 45 days of receipt. The response period may be extended once by 45 additional days when reasonably necessary, taking into account the complexity and number of requests and we inform you of such extension within the initial 45 day response period, together with the reason for the extension.

If we decline to take action on your request, we shall so inform you without undue delay, within 45 days of receipt of your request. The notification will include a justification for declining to take action and instructions on how you may appeal. Within 60 days of our receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, you may submit a complaint to the Connecticut Attorney General at link: https://www.dir.ct.gov/ag/complaint/ or (860) 808-5318.

We shall provide information in response to your request free of charge, up to twice annually, unless requests are manifestly unfounded, excessive or repetitive. If we are unable to authenticate your request using commercially reasonable efforts, we may request additional information reasonably necessary to authenticate you and your request. If we cannot authenticate you and your request, we will not be able to grant your request. ##

E. ADDITIONAL NOTICE TO UTAH RESIDENTS (effective January 2024)

Under the Utah Consumer Privacy Act (the “UCPA”) if you are a resident of Utah, acting in an individual or household context (and not in a commercial or employment context) your rights with respect to your personal data are described below. “Personal Data” refers that is linked or reasonably linkable to an identifiable individual, and does not include de-identified data and publicly available data.

The categories of personal data processed, purpose of processing, are detailed in Section ‎I.C “DATA SETS WE COLLECT AND FOR WHAT PURPOSE”, categories of personal data shared with third parties, categories of third parties with whom data is shared, are detailed in Section ‎I.F “DATA SHARING – CATEGORIES OF RECIPIENTS WE SHARE PERSONAL DATA WITH”. Disclosure of sale of data or targeted advertising are detailed in Section ‎I.K OPT OUT OPTIONS above, and in the DSR Form.

Further, the table above under Section ‎II.B “ADDITIONAL NOTICE TO COLORADO RESIDENTS” details the rights you have under CDPA and how you may exercise your rights.

F. NOTICE TO NEVADA RESIDENTS

Nevada law allows Nevada residents to opt out of the sale of certain types of personal information. Subject to several exceptions, Nevada law defines “sale” to mean the exchange of certain types of personal information for monetary consideration to another person. We currently do not sell personal information as defined in the Nevada law. However, if you are a Nevada resident, you still may submit a verified request to opt out of sales and will record your instructions and incorporate them in the future if our policy changes. You may send opt-out requests to support.planholiday@o16iapps.com.



Privacy Policy
End User License Agreement
CCPA Privacy Notice
Copyrights Policy