Effective Date of Current Policy: July 26, 2021
For Victorian Residents:
Under section 12 of the Public Records Act 1973, the Keeper of Public Records (‘the Keeper’) is responsible for the establishment of Standards for the efficient management of public records and for assisting Victorian government agencies to apply those Standards to records under their control.
Recordkeeping Standards issued by PROV reflect best practice methodology. This includes International Standards issued by the International Organisation for Standardisation (ISO) and Australian Standards (AS) issued by Standards Australia in addition to PROV research into current and future trends.
Our Service is not intended for children under 13 years of age. You must be 13 years or older before using our Service. If you are under 13 please stop using our Service immediately and do not submit any information to us.
- INFORMATION WE COLLECT
- User-Provided Information: We collect your name, email address, and other information detailed below, that you share when you sign up for the Service directly or log in through your Facebook account. Sign up is not required to use the service, but does allow you to access your plan from any device using your account credentials. We also collect interests you have selected, as well as places, events, or tours you have added to your plan.
- Location Information: We use data transmitted from your mobile device to determine your location and use it for the purpose of notifications and analyzing customer information. This Information allows us to periodically determine your location.
- Device Information: We collect certain information from your mobile device, which includes information about your device; information about your use of features, functions, or notifications on the device; and other technical data. We collect this non-identifiable information even if you are not logged in to the Service.
- User ID: An automatically generated unique identifier for authenticated users on the Services, allowing the service to differentiate between users.
- Plan ID: An automatically generated unique identifier for any user (authenticated or anonymous) that adds any item to their plan in the Services, allowing the service to preserve users plans independently.
- OneSignal Player ID: An automatically generated unique identifier for any user that accepts push notifications on the Apps.
- Firebase Instance ID: An automatically generated unique identifier for any user that accesses the Services through the Apps.
- Cookie Information: We place small files, known as “cookies” on the hard drive of your computer to save your preferences when you access the web-widget and adjust your preferences. You may disable browser cookies, but then you may be unable to access certain features of the Service.
- USE OF THE INFORMATION
We use information that we collect or that you provide, including any personal information to:
- Register Your Account: Your name, email, and an encrypted version of your password are used to register your account and allow you to use our Service on the same device in the future as well as on other devices from which you access the Services.
- Maintain Your Plan & Preferences: Your interest selections and any places, events, and tours added to your plan are used to persist your plan on the same device in the future as well as on other devices from which you access the Services.
- Enhance or Improve the Service: Your account information and preference selections are stored and used to enhance your use of the Services and to understand how you use our Service.
- Device Information:
- User ID: Your User ID is used to enable cross device use of the Services.
- Plan ID: Your Plan ID is used to enable saving of unique plans for use on the same device or other devices from which you access the Services.
- OneSignal Player ID: The OneSignal Player ID is a UUID (Unique Universal Identifier) that OneSignal creates per device per OneSignal App Id. The Player Id is generated based on the Google Advertising ID for Android and identifierForVendor for iOS. It is used for the delivery of notifications to App users of the Services who have accepted notifications on their device.
- Firebase Instance ID: Google’s Firebase Instance IDs are used to identify individual installations of the apps for the purpose of improving the Services through monitoring analytics, crashes, and Android Cloud Messaging.
- Send you emails and respond to inquiries.
- Provide user support.
- Carry out other purposes that are disclosed to you and to which you consent.
- DISCLOSURE OF THE INFORMATION
We share non-identifiable information to our vendors and other third parties we use to support the Service and who have agreed to keep personal information confidential and to use the information only for the purposes for which we disclose it to them.
We may also disclose personal information to a buyer or other successor in the event of a merger, divestiture, reorganization, dissolution or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation or similar proceeding.
- MODIFYING OR DELETING YOUR INFORMATION
After creating an account, you will be able to edit information submitted through the Service by accessing your account. You have the right to request information about our collection, use, and disclosure of your personal information over the prior 12 months (up to 2 times per year at no cost), and ask that we provide you with the following in a portable and easily accessible format:
- Categories of and specific pieces of personal information we have collected about you.
- Categories of sources from which we collect personal information.
- Purposes for collecting, using, or selling personal information.
- Categories of third parties with which we share personal information.
- Categories of personal information disclosed about you for a business purpose.
Note – Visit Widget does not sell any personal information collected from use of the Services to any third party or vendor connected to the Services.
To make a verifiable request for information about the personal information we have collected about you, please access the App Info section of the apps (located on the bottom of the main menu in the apps) or within the Options section of the widget (located in the User Profile dropdown menu when logged in) and select one of the following options:
- Opt-out of user data collection
- Request deletion of your user data
- Request an export of your user data
Fill out the relevant fields and submit the form. Upon receipt of the submission, we will use commercially reasonable efforts to honor your request, in compliance with applicable laws. You may also exercise your rights by contacting us at firstname.lastname@example.org or at: 1.304.584.7487
You may freely exercise these rights without fear of being denied goods or services.
- THIRD PARTY SITES
We may post links to third party websites through the Service. If you access a third party site through our Service, you acknowledge that these third party websites are not screened for privacy or security issues by us, and you release us from any liability for the conduct of these third party websites.
We use industry best practices to keep your personal information secure; including:
- All app communication is done over SSL
- Use of only Accredited Data Centers:
- ISO 27001
- SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II)
- PCI Level 1
- FISMA Moderate
- Sarbanes-Oxley (SOX)
- All web server traffic goes through AWS WAF – Web Application Firewall
- Automated security notifications whenever it becomes that a third party library has security vulnerability
- Monthly IT checks to review performance of the system, review all errors, and address any security vulnerability if not addressed already
- User passwords are hashed and salted with Bcrypt making them irreversible and thus unreadable
- Google Captcha used in the web application where applicable
- CRSF vulnerabilities protected by Rails
We make no guarantees, however, as to the security or privacy of your personal information. To protect your personal information, we recommend you use firewalls, anti-virus, spyware and other encryption methods when submitting personal information or content to us
- CROSS-BORDER TRANSFER
Your information will be transferred to – and stored on – computers located outside of your state or province. Personal information is transferred to the United States and processed there. Your use of the Service constitutes your agreement to that transfer.
- User ID: Transferred to Amazon Web Services us-east-1
- Plan ID: Transferred to Amazon Web Services us-east-1
- OneSignal Player ID: Transferred to OneSignal for messaging subscription.
- Firebase Instance ID: Transferred to Google Firebase.