Privacy Notice for European Residents

PRIVACY NOTICE FOR EUROPEAN RESIDENTS

If you reside in a country in the European Economic Area, the United Kingdom, or Switzerland (a “European Resident”), then information we collect from you may be subject to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the “EU GDPR”), or the equivalent laws of the United Kingdom and Switzerland (collectively, “Data Protection Laws”), and the following additional information is provided for your benefit. For purposes of this Privacy Notice for European Residents, in addition to the meaning set forth in the Privacy Policy, “Personal Information” shall also include “personal data” as that term is defined by the GPDR, as well as “personal data” or similar terminology as defined by other applicable Data Protection Laws.

The controller of the Personal Information collected through the Services is:

Aspen Chamber Resort Association, Inc.

590 N. Mill Street, Aspen, CO 81611

If you use the Services, you acknowledge that your Personal Information is being processed pursuant to the lawful bases described below, and you specifically consent to your Personal Information gathered through the Services being transferred, used, and stored in the United States or other third party countries which do not have local privacy laws that are equivalent to the Data Protection Laws. You acknowledge and agree that the local laws in such countries may be materially different from, and provide for a lesser degree of protection regarding your Personal Information (including, but not limited to, with respect to governmental and law enforcement agencies’ ability to access your Personal Information under certain conditions) than, Data Protection Laws.

Personal Information

If you use the Services, we may collect certain categories of Personal Information, as described in Section 1 of the Privacy Policy.

Your Rights

You may have the following rights under applicable Data Protection Laws:

You have the right to know why we collect your Personal Information, how and why it is processed by us, and what our legal bases for such processing are.
Right of access: You have the right to access your Personal Information.
Right to rectification and deletion: you have the right to supplement or correct the Personal Information we’ve collected about you, or to direct us to delete your Personal Information.
If you give us your consent to process your Personal Information, you have the right to revoke that consent.
Right to data portability: you have the right to request that we transfer all your Personal Information to another controller in a reasonably understandable format.
Right to object: you may object to our processing of your Personal Information. We will make commercially reasonable efforts to comply with your objection, unless there are legally permissible reasons why we can or must continue to process your Personal Information.

You have the right to complain to a Data Protection Authority about our collection and use of your Personal Information. For more information, if you are in the European Economic Area (EEA), please contact your local data protection authority in the EEA. For contact details of your local Data Protection Authority, please see https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.

Lawful Bases for Processing

Under European law, companies must have a legal basis to process data. You have particular rights available to you depending on which legal basis we use, and we've explained these above. You always have the right to request access to, rectification of, and erasure of your data under applicable Data Protection Laws. To exercise your rights, please email us at [email protected].

Pursuant to a contract with you:

We may process data as necessary to perform our contracts with you. We describe the contractual services for which this data processing is necessary throughout the Privacy Policy and in our Terms of Service (collectively, the “Terms”). The main uses of your data necessary to provide our contractual services are described in the Use of Your Information section of the Privacy Policy:

We'll use the Personal Information we have to provide the Services and as otherwise described in our Privacy Policy. If you choose not to provide certain data, the quality of your experience using the Services may be negatively impacted.

When we process data you provide to us as necessary to perform our contracts with you, you have the right to receive a portable copy of it (meaning to receive a copy of your data in a structured, commonly used and machine-readable format) under applicable Data Protection Laws. To exercise your rights, please email us at [email protected].

The other legal bases we rely on in certain instances when processing your data are:

Your Consent:

We may process your Personal Information on the lawful basis of consent. When we process data you provide to us based on your consent, you have the right to withdraw your consent at any time and to receive a portable copy of the data you provide to us, under applicable Data Protection Laws. To exercise your rights, please email us at [email protected]. You have given your consent for processing Personal Information for the specific purposes disclosed in this Privacy Policy.

Legitimate Interests:

We may process your Personal Information where our legitimate interests, or the legitimate interests of a third party, are not outweighed by your interests or fundamental rights and freedoms.

The legitimate interests for our processing of Personal Information are to:

Assist us in providing, maintaining, and protecting the Services;
Set up, maintain, and protect accounts to use the Services;
Improve our online operations;
Process transactions;
Provide customer service;
Communicate with you, such as provide you with account- or transaction-related communications, or other newsletters, RSS feeds, and/or other communications relating to the Services;
Send or display offers and other content that is customized to your interests or preferences;
Perform research and analysis aimed at improving our products and services and developing new products or services;
Manage and maintain the systems that provide the Services
Prevent and address fraud, unauthorized use of the Services, violations of our terms and policies, or other harmful or illegal activity; to protect ourselves (including our rights, property or products), our users or others, including as part of investigations or regulatory inquiries; or to prevent death or imminent bodily harm; and
Operate of our day-to-day business and planning, including executing strategic corporate transactions, such as mergers.

You have the right to object to, and seek restriction of, such processing; to exercise your rights, please email us at [email protected].

We will consider several factors when assessing an objection to our processing in furtherance of ACRA’s legitimate interests, including: our users' reasonable expectations; the benefits and risks to you, us, other users, or third parties; and other available means to achieve the same purpose that may be less invasive and do not require disproportional effort. Your objection will be upheld, and we will cease processing your information, unless the processing is based on compelling legitimate grounds or is needed for legal reasons.

Compliance with a legal obligation:

We need to process your Personal Information when applicable law requires it, including, for example, if there is a valid legal request for certain data.

Disclosures of Your Information

“Processors” means our Service Providers and their respective service providers.

We may also disclose your Personal Information, (as well as non-Personal Information, without the same restrictions that apply to your Personal Information) to our Processors who we engage to perform certain functions for us, or on our behalf (including, but not limited to, processing of payments, provision of data storage, hosting of our website, marketing of our products and services, conducting audits, and performing web analytics). A list of our Processors and a description of the services that they perform for us follows. We establish data processing agreements that govern our Processors’ use of your Personal Information, but our Processors’ use of your Personal Information may also be subject to the Processors’ own privacy policies. See links to our Processors’ privacy policies below.

Retention of Your Information

We retain each category of your Personal Information for no longer than is reasonably necessary for one or more of the above lawful bases for processing, subject to your right to request we delete your Personal Information. Due to the nature of the services, it is not possible to predict the length of time that we intend to retain your Personal Information. Instead, we use the following criteria to determine whether it remains reasonably necessary to retain your Personal Information for one or more disclosed legal bases for processing:

Whether not there is a retention period required by statute or regulations;
Pendency of any actual or threatened litigation for which we are required to preserve the information;
Pendency of applicable statutes of limitations for potential legal claims; and
Generally accepted best practices in our industry.

When we determine that it is no longer reasonably necessary to retain your Personal Information for one or more disclosed lawful bases for processing based on the above criteria, we will delete your Personal Information.

Questions and Complaints

If you have any questions or complaints regarding our use of your Personal Information, please contact us at [email protected]. You also have the right to submit a complaint to your applicable Data Protection Authority.