GAVEL INTERNATIONAL CORPORATION PRIVACY POLICY

Effective May 25, 2018, we have updated our Privacy Policy as a part of our GDPR readiness efforts.

ABOUT THIS NOTICE

Gavel International Corporation (also known as “GAVEL” OR “COMPANY”) is committed to protecting the privacy and security of your personal information. This privacy notice describes how we collect and use personal information about you in accordance with data protection law, including but not limited to the European Union’s General Data Protection Regulation. Please read it carefully.

Data protection law generally says that the personal information we hold about you must be:

  • Used lawfully, fairly and in a transparent way.
  • Collected only for valid purposes that we have clearly explained to you in this Privacy Policy and not used in any way that is incompatible with those purposes.
  • Relevant to the purposes we have told you about and limited only to those purposes.
  • Accurate and kept up to date.
  • Kept only as long as necessary for the purposes we have told you about.
  • Kept securely.

If you have any questions about this notice or how we collect and use personal information about you, please contact us at PrivacyManagement@gavelintl.com.

In this age of the Internet where privacy has become an increasing concern, we take your privacy very seriously. The privacy and security of your personal data (the “Personal Information”) which we collect from you is important to us. It is equally important that you understand how we handle this data. The Company will not knowingly collect or use Personal Information in any manner not consistent with this policy, as it may be amended from time to time, and applicable laws.

Is Company complying with GDPR?

Yes, Company is complying with GDPR through the information collection disclosures included in this document.

We reserve the right to keep customer data for a period of time adequate to ensure compliance and respond to follow-up inquiries. Pursuant to regulatory, legal, and security requirements in Chapter 2 of the General Data Protection Regulation this timeline is determined based on the type of data, the security implications of storing the data, the legal requirements Company must meet with the data, and the privacy of the individual referenced in the data.

We take the security of our data very seriously and have a responsibility to the individuals we hold data on behalf of on our systems and servers. Please refer to the following headings below to review what kind of data we keep and the process to request, review, change, or remove data we hold.

Information about us

We are Gavel International Corporation. Our principal address is 935 Lakeview Pkwy #190, Vernon Hills, IL 60061. We can be reached at PrivacyManagement@gavelintl.com or by phone at 800-544-2835.

Collection of Information

Employees

In the course of conducting our business and complying with federal, state, and local government regulations governing such matters as employment, tax, insurance, etc., we must collect Personal Information from you. The nature of the information collected varies somewhat for each employee, depending on your employment responsibilities, the location of the facility where you work, and other factors. We collect Personal Information from you solely for business purposes, including those related directly to your employment with the Company, and those required by governmental agencies.

Customers/Clients

Please see Marketing, Contract Information and Other Correspondence, and Special Categories of Data below.

CONTRACT INFORMATION AND OTHER CORRESPONDENCE

1.1 When you enter into a contract with us (or someone does so on your behalf) there will be personal information about you relating to that contract such as your name, contact details, contract details, delivery details, and correspondence with us about the contract. In addition, if you are registering your companion attendees, you may be providing information about those individuals as well. In the event you provide any such companion information, you represent, warrant and agree that you have obtained those individuals’ consents to include their information in the submission.

1.2 We need certain information to carry out our contract with you and you must provide this in order to enter into a contract with us (or as required under that contract), if you do not, we may not be able to carry out our contract with you. Mandatory information fields are generally set out when you are entering into the contract, but in particular, you must provide the following information:

1.2.1 Your name and contact details.

1.2.2 Your delivery address.

1.2.3 Your payment details.

1.2.4 Information to verify your identity and other information for us to carry out anti money laundering checks.

1.2.5 Name and contact details of individual consumers of our products covered by the contract.

1.3 Other correspondence or interaction (for example by email, telephone, post, SMS or via our website) between you and us, will include personal information (such as names and contact details) in that correspondence. This may include enquiries, reviews, follow-up comments or complaints lodged by or against you and disputes with you or your organization.

1.4 Call information. We may also collect details of phone numbers used to call our organization and the date, time and duration of any calls. Please note that we may record your calls to or from us for quality and training purposes.

1.5 We will keep and use that information to carry out our contract with you (if applicable), to comply with any legal requirements for us to maintain certain records or carry out certain verifications, and/or for our legitimate interests in dealing with a complaint or enquiry and administering your (or your organization’s) account or order and any services we offer, as well as to review and improve our offerings, including troubleshooting, data analysis, testing, research, statistical and survey purposes.

1.6 If you work for one of our customers, suppliers or business or destination partners, the information we collect about you may include your contact information, details of your employment and our relationship with you. This information may be collected directly from you or provided by your organization. Your organization should have informed you that your information would be provided to us and directed you to this policy. We use this as necessary for our legitimate interests in managing our relationship with your organization. If we have a business relationship with you or your organization, we may receive information about you from your organization.

1.7 Where your information relates to a contract, it is kept for a period of up to 7 years after your account is closed to enable us to deal with any after sales enquiries or claims and as required for tax purposes and may be stored in our archive for reference purposes for as long as our business need which we will review after 7 years.

1.8 Payment information is collected and stored at a PCI authorized processor, “Authorized.net,” and is retained for a period of up to 16 months after the date of the order.

Use of the Information Collected

The primary purposes for collection, storage and/or use of your Personal Information include, but are not limited to:

1 Human Resources Management. We collect, store, analyze, and share (internally) Personal Information in order to attract, retain, and motivate a highly qualified workforce. This includes recruiting, compensation planning, succession planning, reorganization needs, performance assessment, training, employee benefit administration, compliance with applicable legal requirements, and communication with employees and/or their representatives.

2 Business Processes and Management. Personal Information is used to run our business operations including, for example, scheduling work assignments, managing Company assets, reporting and/releasing public data (e.g., annual reports, etc.); and populating employee directories. Information may also be used to comply with government regulation.

3 Safety and Security Management. We use such Personal Information as appropriate to ensure the safety and protection of employees, assets, resources, and communities.

4 Communication and Identification. We use your Personal Information to identify you and to communicate with you.

5 Marketing.

5.1 We may collect your name and contact details (such as your email address, phone number or address) in order to send you information about our products and services which you might be interested in. We may collect this directly from you, or through a third party. If a third party collected your name and contact details, we will process your professional data based on legitimate interests to send you a fair processing notice and then respect any communication preferences you give us.

5.2 If you are an existing customer or are acting as a business we use your contact details as necessary for our legitimate interests in marketing to you and maintaining a list of potential customers.

Information We Receive from Third Parties

1 We may also receive information about you from the following sources:

1.1 Our service providers. We work closely with third parties (including, for example, business partners, destination partners) who may provide us with information about you, to be used as set out above.

1.2 Businesses we have bought. If we have acquired another business, or substantially all of its assets, which originally held your information, we will hold and use the information you provided to them, or which they otherwise held about you, in accordance with this privacy notice.

1.3 Our other channels. This is information we receive about you if you use any of the other websites we, our group companies or our partners operate, or the other services or products we provide. In this case we will have informed you when we collected that data if we intend to share those data internally and combine it with data collected on this website. We will also have told you for what purpose we will share and combine your data.

1.4 Credit information. We may also collect credit information on you from third party reference agencies.

Special Categories of Data

1.1 We may also collect and use the following “special categories” of more sensitive personal information in the following situations:

1.1.1 Information you provide about your dietary requirements in the booking process for an event may contain reference to religion but are only stored for the purpose of providing appropriate food and beverage.

1.2 Where we collect “special categories” of particularly sensitive personal information this information requires higher levels of protection and by law we need to have further justification for collecting, storing and using this type of personal information. We may process special categories of personal information in the following circumstances:

1.2.1 In limited circumstances, when you have provided the data.

1.3 Where we collect “special categories” of particularly sensitive personal information, we retain this for the duration of any contractual relationship.

Common uses of your information.

We will only use your personal information when the law allows us to do so. Although in limited circumstances we may use your information because you have specifically consented to it, we generally use your information in the ways set out in this notice because:

1.1 we need to perform a contract we have entered into with you.

1.2 we need to comply with a legal obligation.

1.3 it is necessary for our legitimate interests (or those of a third party) and your interests and rights do not override those interests.

1.4 we need to protect your interests (or someone else’s interests) or where it is needed in the public interest (although these circumstances are likely to be rare).

1.5 Change of purpose. We will only use your personal information for the purposes for which we collected it as set out in this notice, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Sharing Your Information

As well as any sharing listed above, we may also share your information with third parties, including third-party service providers (such as our destination partners) and other entities in our group. Third parties are required to respect the security of your personal information and to treat it in accordance with the law. We never sell your data to third parties.

1.1 Why might we share your personal information with third parties?

We may share your personal information with third parties if we are under a duty to disclose or share your personal information in order to comply with any legal obligation, or in order to enforce or apply our agreements with you, or to protect the rights, property, or safety of us, our customers, or others or where we have another legitimate interest in doing so. This may include exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.

We also may need to share your personal information for third-party service providers (including contractors and designated agents) so that they can carry out their services.

1.2 Which third-party service providers process your personal information?

The following activities are carried out by third-party service providers: destination details, some booking of hotels and airlines, booking of destination tours and activities, booking of transportation services, and on-site delivery of general travel operations.

1.3 How secure is your information with third-party service providers and other entities in our group?

All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal information. Where third parties process your personal information on our behalf as “data processors” they must do so only on our instructions and where they have agreed to treat the information confidentially and to keep it secure.

1.4 What about other third parties?

We may share your personal information with other third parties, for example in the context of the possible sale or restructuring of the business where necessary in connection with the purposes which your information was collected for. We may also need to share your personal information with a regulator or to otherwise comply with the law.

Your Rights If An EU Subject

1.1 If you are EU subject, Data protection law gives you a number of rights when it comes to personal information we hold about you. The key rights are set out below. Under certain circumstances, by law you have the right to:

1.1.1 Be informed in a clear, transparent and easily understandable way about how we use your personal information and about your rights. This is why we are providing you with the information in this notice. If you require any further information about how we use your personal information, please let us know.

1.1.2 Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.

1.1.3 Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.

1.1.4 Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it (for instance, we may need to continue using your personal data to comply with our legal obligations). You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).

1.1.5 Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to us using your information on this basis and we do not have a compelling legitimate basis for doing so which overrides your rights, interests and freedoms (for instance, we may need it to defend a legal claim). You also have the right to object where we are processing your personal information for direct marketing purposes.

1.1.6 Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.

1.1.7 Request the transfer of your personal information to another party where you provided it to us and we are using it based on your consent, or to carry out a contract with you, and we process it using automated means.

1.1.8 Withdraw consent. In the limited circumstances where we are relying on your consent (as opposed to the other bases set out above) to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate interest in doing so.

1.1.9 Lodge a complaint. If you think that we are using your information in a way which breaches data protection law, you have the right to lodge a complaint with your national data protection supervisory authority (if you are in the UK, this will be the ICO).

If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal information, withdraw your consent to the processing of your personal information or request that we transfer a copy of your personal information to another party, please contact us at PrivacyManagement@gavelintl.com.

1.2 No fee usually required. You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

1.3 What we may need from you. We may need to request specific information from you to help us understand the nature of your request, to confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

1.4 Time for response. Please consider your request responsibly before submitting it. We will respond to your request as soon as we can. Generally, this will be within one month from when we receive your request but, if the request is going to take longer to deal with, we will let you know

1.5 IMPORTANT NOTICE REGARDING EXERCISING YOUR RIGHTS UNDER THIS SECTION. DATA PRIVACY RULES PROVIDE YOU WITH THESE VARIOUS RIGHTS. AND YOU HAVE THE FULL ABILITY TO EXERCISE THEM IN YOUR DISCRETION. HOWEVER, GIVEN THE NATURE OF THE PROGRAMS (TRIPS) OPERATED BY US, IN THE EVENT THAT YOU EXERCISE ANY OF THE RIGHTS OUTLINED IN SECTIONS 1.1.4 THROUGH 1.1.8 OF THIS SECTION, YOU WILL BE PROHIBITED FROM PARTICIPATING IN SUCH PROGRAM (TRIP) FOR WHICH YOU HAVE PROVIDED INFORMATION, AS IT WILL BE IMPOSSIBLE FOR US TO ADEQUATELY EXECUTE OUR OBLIGATIONS.

Limited Disclosure

The Company acts to protect your Personal Information and ensure that unauthorized individuals do not have access to such information by using security measures to protect Personal Information. We will not knowingly disclose, sell, or otherwise distribute your Personal Information to any third party without your knowledge and, where appropriate, your express written permission, except where disclosure is reasonably necessary to comply with the law.

Security of Personal Information

We employ reasonable security measures and technologies, such as password protection, encryption, physical locks, etc., to protect the confidentiality of your Personal Information. Only authorized employees have access to Personal Information. If you are an employee with such authorization it is imperative that you take the appropriate safeguards to protect such information. Paper and other hard copy containing Personal Information (or any other confidential information) should be secured in a locked location when not in use. Computers and other access points should be secured when not in use by logging out or locking.

Passwords and user IDs should be guarded and not shared. When no longer necessary for business purposes, paper and hard copies should be immediately destroyed using paper shredders or similar devices. Do not leave copies in unsecured locations waiting to be shredded or otherwise destroyed. Do not make or distribute unauthorized copies of documents or other tangible medium containing Personal Information. Electronic files containing Personal Information should only be stored on secure computers and not copied or otherwise shared with unauthorized individuals within or outside of the Company.

The Company will make reasonable efforts to secure Personal Information stored or transmitted electronically from hackers or other persons who are not authorized to access such information.

Any violation or potential violation of this policy should be reported to your immediate supervisor, designated manager, or the Human Resources Department. The failure by any employee to follow these privacy policies may result in discipline up to and including discharge of the employee. Any questions or suggestions regarding this policy may also be directed to your immediate supervisor, designated manager, or the Human Resources Department.

How Long Will We Keep Your Information For?

1.1 We have set out above indications of how long we generally keep your information. In some circumstances, it may be necessary to keep your information for longer than that in order to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

1.2 To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

1.3 In some circumstances we may anonymize your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.

Changes To This Privacy Notice

Any changes we make to our privacy notice in the future will be posted on this page and, where appropriate, notified to you by e-mail or otherwise. Please check back frequently to see any updates or changes to our privacy notice.