Who We Are
- On-premise or web-enabled technologies, such as on-premise WiFi, Bluetooth beacons, and other internet-connected devices (the “Internet and IoT Service(s)”).
Collection and Use of Personal Data
Personal Data We Collect
We may collect and process information that relates to identified or identifiable individuals (“Personal Data”). We collect and process the following categories of Personal Data (note, specific Personal Data elements listed in each category are only examples and may change):
Identity Data: Personal Data about you and your identity, such as your name, driver’s license or other ID number, photo/avatar, username, and other Personal Data you may provide on registration or purchase forms or as part of an account profile (e.g. biographical information).
Transaction Data: Personal Data we collect in connection with a transaction or purchase, such as a reservation you made, the price, your billing address, zip code, and other similar information.
Contact Data: Personal Data used to contact an individual, e.g. email address(es), physical address(es), phone number(s), or social media or communications platform usernames/handles, as well as a name or other salutation.
Financial Data: Personal Data relating to financial accounts or services, e.g. a credit card or other financial account number, and other relevant information you provide in connection with a financial transaction.
Device Data: Personal Data relating to your device, browser, or application e.g. IP addresses, MAC addresses, application ID/AdID/IDFA, identifiers from cookies, session navigation history, and similar browsing metadata, and other data generated through applications and browsers, including cookies and similar technologies.
Preferences Data: Personal Data relating to your preferences, interests, personal demographics (e.g. location of residence, age group, gender, etc.), your “likes,” and other information provided to us via social media services and advertising technologies, including any other categories of information (such as Transaction Data or Identity Data linked to such information.)
Location Data: Personal Data relating to your precise location, such as information collected from your device’s GPS, or through your interactions with a Bluetooth location beacon, WiFi, or other localization product.
Special Category Data: Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, health information, or information relating to sex life or sexual orientation. (Note: this Personal Data may be subject to additional restrictions.)
Processing of Personal Data
Reservations, Bookings, and Purchases
Data: We process Transaction Data, Identity Data, Financial Data, Preferences Data and certain Contact Data, and Special Category Data when you apply for or make a reservation or booking for travel, activities, or events, or complete a purchase through our Digital Services. Note, some transactions are made directly through us, and others are processed by a third party on our behalf. In addition, we may receive this data from third parties (such as travel agents) that may retain control over your personal data.
Uses: We use the Transaction Data, Identity Data, and Contact Data as necessary to complete and provide you with important information regarding your transaction (such as cancellations, emergency alerts, etc.) Financial Data is used only as necessary to process transactions that you request. Subject to Your Rights and Choices, we may process the Transaction Data, Identity Data, and Preferences Data to improve our services and to create a personalized user experience, in connection with marketing communications and behavioral advertising.
Note: For certain reservations and trips you may purchase, we may collect Special Category Data, such as health data, passport information, or other similar information. We collect this information as and when required by governmental authorities, travel agents, gate agents, and other similar parties. We process this only as necessary for legal compliance, as necessary to fulfill a contract/transaction you request, in connection with your vital interests, or in accordance with your consent. For example, we allow guests to provide health data on some trips so that we can better ensure your safety, or accommodate dietary restrictions. Similarly, we may require passport information so that we can ensure that travelers are able to travel, and as may be required by applicable law.
Call Centers and Support
Data: We process Transaction Data, Identity Data, Device Data, Financial Data, Preferences Data, and certain Contact Data when you contact us via our call center, chat, contact us forms, or other support options. For example, you may speak with a call center associate that enters your information into our customer database, or you may call us using a unique number that links some Cookie and Similar Technology Data to your call session and our customer records. In the case of support calls, and subject to applicable law, your call may be recorded and analyzed electronically, and we may derive this information from these recordings.
Uses: We use the Transaction Data, Identity Data, and Contact Data as necessary in connection with your support request. Financial Data is used only as necessary to process transactions that you request. Subject to Your Rights and Choices, we may use Identity Data, Transactions Data, Device Data, Preferences Data, and Contact Data (including Cookies and Similar Technology, described below, that is linked to this information) to improve our services and to create a personalized user experience and in connection with marketing communications and behavioral advertising.
Data: You may be able to register and create an account on our Digital Services. Registration is optional in most cases. If you choose to register, we will process Identity Data, Preferences Data, and certain Contact Data. We may also process certain Financial Data if you choose, for example, to store payment information for future purchases.
Uses: We use the Identity Data and Contact Data as necessary to create, maintain, and provide you with important information about your account. Financial Data provided at registration will be used only as necessary to process transactions at your request. Subject to Your Rights and Choices, we may also use the Identity Data and Preferences Data as part of our efforts to improve our Digital Services and to create a personalized user experience, and we may process the Identity Data, Preferences Data and Contact Data in connection with marketing communications and behavioral advertising.
Surveys and Questionnaires
Data: We may process Identity Data, Preferences Data, and certain Contact Data if you choose to complete a customer survey, questionnaire, or similar form. Note, some surveys are operated/controlled by us, and others are operated/controlled by our third-party partners. We may receive this data from third parties to the extent allowed by the applicable partner, and we may share certain personal information or aggregated statistics with our survey partners.
Uses: Subject to Your Rights and Choices, we may also use this Identity Data, Contact Data, and Preferences Data to improve our services, and share insights with our partners, improve our services and to create a personalized user experience, and in connection with marketing communications and behavioral advertising.
Promotions and Offers
Uses: We use this Identity Data and Contact Data as necessary to carry out special promotions and related transactions. Subject to Your Rights and Choices, we may also use this Identity Data and Preferences Data to improve our services and to create a personalized user experience, and we may process this Identity Data and Contact Data in connection with marketing communications and behavioral advertising.
Note: If you win a promotion, your acceptance of a prize may allow us to make certain Personal Information public, e.g. posting your name on a winner’s page. See the applicable program’s terms for details.
Data: We may process Identity Data, Device Data, Preferences Data, and Contact Data when you are enrolled to receive, and when you open or interact with, our electronic marketing communications. Note, you may be enrolled with your consent or, where allowed, in connection with account registration or a purchase.
Uses: Subject to Your Rights and Choices, we use the Identity Data, Device Data, Preferences Data, and Contact Data to improve our services and to create a personalized user experience, and in connection with marketing communications and behavioral advertising.
User Content & Social Media
Data: We process Identity Data, Preferences Data, Contact Data, and any other data in or relating to your User Content if you choose to submit User Content (e.g. comments, forum and social media posts, etc.) through our Digital Services. If you use a social media service to post User Content that references our official accounts, your comment or content may appear on our Digital Services. We may sometimes receive that data from a third party (e.g. social media platform).
Uses: We use Identity Data and Contact Data as necessary to feature User Content and for integration with social media on our Digital Services. Subject to Your Rights and Choices, we may also use Identity Data and Preferences Data to improve our services and to create a personalized user experience and we may process Identity Data and Contact Data in connection with marketing communications and behavioral advertising.
Note: Any User Content you provide may be made public as soon as you post it on our Digital Services. We do not screen comments or other postings for personal or inappropriate content.
Data: We may process Identity Data and Contact Data as well as certain Special Category Data in connection with your application to be a vendor, volunteer, employee, or otherwise join or support our team.
WiFi and On-Premise Technology
Data: We process Identity Data, Location Data, Device Data, Preferences Data, and may process Contact Data when you interact with our Internet and IoT Services. These technologies include on-premise WiFi networks, internet-connected kiosks and other hardware, and other similar technologies. We may receive this data from third parties (e.g. an operator of our Internet and IoT service) to the extent allowed by that party.
Uses: We use Identity Data, Location Data, Device Data, and Contact Data to enable certain features and to enhance the security of our Sites and Mobile Apps. Subject to Your Rights and Choices, we may process Identity Data, Location Data, Device Data, Preferences Data, and Contact Data to improve our services and to create a personalized user experience and we may process this data to contact you in connection with marketing communications and behavioral advertising.
Cookies and Similar Technologies
Uses: We use Device Data and Identity Data to enable you to register with and/or use certain features of these technologies. Subject to Your Rights and Choices, we may use Identity Data, Location Data, Device Data, and Contact Data to improve our services and to create a personalized user experience and we may use Identity Data, Location Data, Device Data, and Contact Data in connection with marketing communications and behavioral advertising.
Note: Some of these technologies can be used by us and/or our third party partners to identify you across platforms, devices, sites, and services. Third parties may engage in behavioral advertising using this data. Our Cookie and Similar Technology Policy provides more information about our use of these technologies. In addition, we may be able to link this data with your customer support calls when you call our customer support lines using the unique dial-in number. See Your Rights and Choices for information on how to opt out.
Specific Processing Purposes
Consistent with our legitimate business interests, we may personalize our Digital Services. To do so, we may link together and analyze the Personal Data that we hold about you. Personal Data processed for personalization purposes, whether or not linked, may be augmented with Preferences Data. We may create Preferences Data, or obtain it from third parties, using Personal Data we hold about you. We process Preferences Data so that our communications and Digital Services are more relevant to you. For example, we may greet you by name, provide better recommendations to you, tailor communications to your interests, and use the information to guide overall improvements to our products and services. We may also use Preferences Information in connection with behavioral advertising. See Your Rights and Choices for information about how you can limit or opt out of this processing.
Consistent with our legitimate business interests, we (or if appropriate, our third party partners) may send you marketing and promotional communications if you sign up for such communications or purchase products or services from us. Where allowed, we may also send you these communications if you register on our Digital Services or for a promotion, or in connection with your communications with, or submission of User Content to, us. These communications may be personalized. See Your Rights and Choices for information about how you can limit or opt out of this processing.
Note that we may, without your consent, also process your Personal Data on certain public interest grounds. For example, we may process information as necessary to fulfill our legal obligations, to protect the vital interests of any individuals, or otherwise in the public interest. Please see the data sharing section for more information about how we disclose Personal Data in extraordinary circumstances.
Information we collect may be shared with a variety of parties, depending upon the purpose for and context in which that information was provided. We generally transfer data to the following categories of recipients:
Service Providers: In connection with our general business operations, product/service improvements, to enable certain features, and in connection with our other legitimate business interests, we may share your Personal Data with service providers who provide certain services or process data on our behalf.
Affiliates: In order to streamline certain business operations, improve personalization, and develop products and services that better meet the interests and needs of our customers, and promote information we believe will be of interest to you, we may share your Personal Data with any of our current or future affiliated entities, subsidiaries, and parent companies.
Partners: We may share your Personal Data with business or marketing partners in connection with promotions, events, products, and services that are promoted, managed, supported, or otherwise undertaken with that third party. If appropriate, these parties may engage in direct marketing or behavioral advertising.
Marketers: In order to improve personalization, deliver more relevant advertisements, and develop better products and services, we may share certain Personal Data with current or future affiliated entities and trusted third parties for marketing, advertising, or other commercial purposes, and we may allow third parties (such as Facebook, ad exchanges, data management platforms, or ad servers) to operate on our Digital Services and process data for behavioral advertising.
Social Media: If you use any social media plugin, API, or other similar feature, use an event hashtag or similar link or otherwise interact with us or our Digital Services via social media, we may make your post available on our Digital Services or to the general public. We may share, rebroadcast, or redisplay Personal Data or other information in the post to the extent permitted by the relevant social media service.
Corporate Events: Your Personal Data may be processed in the event that we go through a business transition, such as a merger, acquisition, liquidation, or sale of all or a portion of our assets. For example, Personal Data may be part of the assets transferred or may be disclosed (subject to confidentiality restrictions) during the due diligence process for a potential transaction.
Your Rights & Choices
Subject to the rights granted to other individuals, and our rights to limit or deny access/disclosure under applicable law, you have the following rights in your Personal Data. Note, we may require that you provide additional Personal Data to exercise these rights, e.g. information necessary to prove your identity. You may exercise your rights by contacting us (re: data rights requests, except where noted):
Access: You may receive a list of your Personal Data that we process to the extent required and permitted by law.
Rectification: You may correct any Personal Data that we hold about you to the extent required and permitted by law. For Registration Data, you may be able to make changes via your account settings menu.
Erasure: To the extent required by applicable law, you may request that we delete your Personal Data from our systems.
Data Export: To the extent required by applicable law, we will send you a copy of your Personal Data in a common portable format of our choice.
California Rights: Residents of California (and others as required by applicable law) may request a list of Personal Data we have disclosed about you to third parties for direct marketing purposes during the preceding calendar year. This request must be written, signed, and mailed to us unless otherwise required by applicable law.
Regulator Contact: You have the right to contact or file a complaint with regulators or supervisory authorities about our processing of Personal Data. To do so, please contact your local data protection or consumer protection authority.
It is possible for you to use some of our Digital Services without providing any Personal Data, but you may not be able to access certain features or view certain content. You have the following choices regarding the Personal Data we process:
Consent: If you consent to processing, you may withdraw your consent at any time, to the extent required by law.
Direct Marketing: You have the choice to opt-out of or withdraw your consent to processing related to direct marketing communications. You may have a legal right not to receive such messages in certain circumstances, in which case, you will only receive direct marketing communications if you consent. You may exercise your choice via the links in our communications or by contacting us re: direct marketing.
Location Data: You may control or limit Location Data that we collect using our Mobile App and Internet and IoT Services by changing your preferences in your device’s location services preferences menu, or through your choices regarding the use of Bluetooth, WiFi, and other network interfaces you may use to interact with our Digital Services. However, please note that use of RFID technologies may be necessary for the functioning of hardware required for certain processing of Personal Data.
Profiling & Personalization: You may opt out of the creation or other processing of Preferences Data by automated means, and object to processing for personalization purposes, to the extent applicable law gives you the right to do so. To exercise this right, please contact us re: data rights requests. Note that we may not be required to cease processing based solely on an objection.
Other Processing: You may have the right under applicable law to object to our processing of your Personal Data for certain purposes. You may do so by contacting us re: data rights requests. Note that we may not be required to cease certain processing based solely on an objection.
We implement reasonable administrative, technical, and procedural security measures to safeguard the Personal Data you provide us. Please note, we do not warrant perfect security and we do not provide any guarantee that your Personal Data or any other information you provide us will remain secure.
We retain information for so long as it, in our discretion, remains relevant to its purpose, and in any event, for so long as is required by law (whether such time is shorter or longer than our standard retention period). We will review retention periods periodically, and may sometimes pseudonymize or anonymize data held for longer periods, if appropriate.
Our Digital Services are neither directed at nor intended for use by minors under the age of majority in the relevant jurisdiction. Further, we do not knowingly collect Personal Data from such individuals. If we learn that we have inadvertently done so, we will promptly delete it. Do not access or use the Digital Services if you are not of the age of majority in your jurisdiction unless you have the consent of your parent or guardian.
We operate in and use service providers located in the United States. If you are located outside the U.S., your Personal Data may be transferred to the U.S. The U.S. does not provide the same legal protections guaranteed to Personal Data in the European Union. Accordingly, your Personal Data may be transferred to the U.S. pursuant to the EU-U.S. Privacy Shield Framework, the Standard Contractual Clauses, or other adequacy mechanisms, or pursuant to exemptions provided under EU law. Please contact us for more information regarding the adequacy mechanism used for transfers in specific circumstances.
EU-U.S. Privacy Shield
We comply with the EU-U.S. and U.S.-Swiss Privacy Shield Frameworks set forth by the U.S. Department of Commerce with respect to our collection, use, and retention of Personal Data from European Union member countries and Switzerland. We have certified that we adhere to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. Furthermore, we require third party recipients of EU/Swiss residents’ Personal Data to agree to respect these principles, and we accept liability for third parties’ processing of EU/Swiss residents’ data to the extent required by law.
Feel free to contact us with questions or concerns using the appropriate address below.
General inquires: email@example.com
Marketing choices: If you would like to make changes to your communications preferences, click the link in any email from Xanterra, or send us an email at firstname.lastname@example.org
Data rights requests: email@example.com
Data Protection Officer: DPO@xanterra.com
Physical address: Xanterra Leisure Holding | 6312 S. Fiddlers Green Cir. Ste. 600N. | Greenwood Village, Colorado 80111 | Attn: Privacy
*Xanterra Holding Corporation; Xanterra Resort Holding, LLC; Xanterra Leisure Resort Holding, LLC; Xanterra Parks & Resorts, Inc.; Xanterra South Rim, L.L.C.; GCR Acquisitions, LLC; Grand Canyon Railway, LLC; Grand Canyon Railway Hotel, LLC; Xanterra Tusayan, LLC; Xanterra Cedar Creek, LLC; Otago, LLC; Holiday Vacations, LLC; TAC Cruise, LLC; and Windstar Cruises, LLC.