Privacy Policy and Cookie Statement

Thank you for reviewing the Bastion Technologies, Inc. Privacy and Cookie Statement (“Statement”). The Bastion company is sensitive to the issue of confidentiality in online interactions and are committed to protecting individual privacy across our range of websites, mobile applications, products, solutions, and Services (collectively our “Services”).

This Statement applies to visitors and users of Bastion Services that link to this Statement. Some of our Services adopt different privacy statements, or privacy notices that supplement this Statement, to better fit transactions taking place on those Bastion Services or in accordance with local privacy laws. If a Service or brand has its own privacy statement or a supplementary notice, the provisions of that statement or supplementary notice will take priority if conflicting with this Statement.

For your convenience, Bastion Services enable purchases, subscriptions, or use of other products and online Services from other entities with different privacy practices, and the personal data collected in those instances will be governed by the respective privacy policies or statements of those other entities.

Collection and Use of Personal Information

Bastion Services collect personal information from and about individuals for a variety of purposes. In some cases, Bastion requests personal information from you, or from your employer in the case of organizational Services. In other cases, we obtain personal information by noting how you and the devices you use interact with our Services. Examples of personal information include:

First and last names
Job titles or roles
Phone numbers
E-mail addresses
Shipping and billing addresses
Login credentials
Passport or government identification information
Gender
Date of birth
Country of residence
Web statistics and use

Bastion uses your personal information in a variety of ways, depending on how you interact with Bastion Services, including to:

Maintain and provide you with Services
Provide customer support, including online chat features provided by Services
Fulfill underlying transactions on our Services
Allow access to account information and Service features
Respond to your questions or instructions concerning the Services
Deliver confirmations, account information, notifications, and similar operational communications
Improve your user experience and the quality of our products and Services
Market and advertise our products and Services
Enable you to share information with social networks and to interact with Bastion on social media sites
Maintain the integrity of our network and address security issues
Investigate or take action regarding violations or suspected violations of law or our terms
Comply with legal and/or regulatory requirements

We and our service providers also use the information you provide to send you communications, including promotional messages about Bastion and topics of interest, via email, postal mail, fax, SMS and phone, as permitted by local law and subject to your contact preferences. Although we hope you will find our promotional communications of interest, you are able to opt out of receiving them by following the instructions included in each communication.

You can choose to follow our brands and companies on social media, or log in to some Bastion Services using social media account credentials. Your use of social media features could result in the collection or sharing of information about you, depending on the feature. The details we receive depends on your social network account privacy settings. We encourage you to review the privacy practices and settings of the social media sites you use to make sure you understand the personal information that may be collected, used, and shared by those sites.

We acquire data from third-party sources that are either publicly or commercially available. This information includes personal data such as your name, address, email address, preferences, interests, and demographic data. We combine personal information collected through our Services with other information that we or third parties collect about you in other contexts, such as our communications with you via email or phone, or your customer service records. We treat such combined information as personal information and protect it in accordance with this Statement.

Collection and Use of Location Data

Bastion applications use geolocation features (GPS or network-based) to support your use of location-based tools such as airport/map views, city code searches and other features, as well as to improve Bastion applications. When you use Bastion Services, we collect and process information about your pinpointed location, after obtaining consent as required by local law. We use various technologies to determine location, including IP address, GPS, and other sensors that, for example, provide us with information on nearby devices, Wi-Fi access points, and cell towers. You are able to withdraw your permission for Bastion to acquire pinpointed location information from your device through your device settings, although Bastion does not control this process. If your device is owned by your organization, your ability to withdraw your permission for pinpointing location information will depend on your organization’s policies.

Information Collected Automatically

Bastion uses various digital analytics tools to collect data for metrics, fraud prevention, and service improvement purposes and to customize the content and layout of our pages for each individual visitor. Each time you visit Bastion Services, we may automatically collect certain types of information. Some examples of information automatically collected are as follows:

Your IP address and approximate physical location, MAC address, browser type, operating system, device-identifying information, type of computer or device, and type of Web browser software, the specific webpages visited during your connection, and the domain name from which you accessed the Bastion Services.
Information about your browsing behavior, such as the date and time you visit the Bastion Services, the areas or pages of the Bastion Services that you visit, the amount of time you spend viewing the Bastion Services, the number of times you return to the Bastion Services and other clickstream data.
We may use “cookies” of different types to recognize your device. A cookie is a small text file that a website, online application, or e-mail may save to your Web browser and/or your device memory for use in subsequent visits to the Site or other sites. See below for more information on cookies.
We may use web beacons, match scripts, pixel tags or similar technologies that allow us to know if a particular web page was visited, an e-mail opened, or links in the email used. In some instances, these technologies may allow us to match activities with particular users.

When you visit Bastion Services and you have not otherwise identified yourself (e.g., via registration with a Bastion Service), our web servers automatically recognize your domain name, but not your e-mail address. We also collect firmographic information about your company, if you are visiting Bastion Services from your company domain. We collect the domain name and monitor general site use and traffic patterns to improve the Services that we offer.

Cookies and Tracers

Cookies are currently the best way to effectively identify unique website visitors and understand how they navigate our Services. Cookies are small data files placed on your device by a website when you visit. Bastion uses cookies set by us or other companies for tracking purposes or to make our Services easier to use and tailored for individual users. Like many websites, we do not currently respond to “do not track” browser headers except where legally required. But with most Web browsers, you can take steps to limit tracking by erasing cookies from your device and by setting your browser to block all cookies or warn you before a cookie is stored. Cookies offer enhanced functionality to the user, but whether you allow a cookie to be placed on your device is up to you.

Bastion uses, and permits service providers to use, tracking scripts or “tracers” and web beacons that recognize a unique identifier from a cookie placed on your device by another website. For example, we use a tracer to determine whether you visit our pages after visiting a site where we placed a banner ad. We also use these technologies to compile information about your website usage and your interaction with email or other communications, to measure performance, and to provide content and ads that are more relevant to you. A web beacon is typically a transparent graphic image that can be embedded in online content, videos, and emails, and can allow a server to read certain types of information from your device, know when you have viewed the beacon, and the IP address of your device. For example, we include web beacons in our promotional email messages or newsletters to determine whether our messages have been opened or interacted with and whether our mailing tools are working properly.

While our cookie names will change over the course of time, they generally fall into the following categories:

Service Features and Processes

These cookThese cookies help us deliver Services, such as maintaining your shopping cart, processing payments, navigating around Services, and using live chat to interact with customer service representatives. Some of these cookies are placed on your device by a third party with which we contract to provide certain Services. Without these cookies, our Services cannot function properly.

Service Preferences

These cookies allow our Services to remember information that changes the way the Service behaves or looks, such as your preferred language or the region you are in. These cookies can also assist you in changing text size, font, and other parts of web pages that you can personalize. Without these cookies, our Services cannot function properly.

Service Improvement

These cookies help us improve our Services and your browsing experience. Blocking or deleting these cookies will not impact Service functionality.

Analytics

These cookies help us understand how visitors engage with our Services through collection of usage statistics. Examples of the types of data collected include IP addresses, referral pages, date and time of Service access, and Service visited. Some of these cookies are placed on your device by a third party with which we contract to provide certain Services. Blocking or deleting these cookies will not impact Service functionality.

Advertising and Remarketing

These cookies are used to understand and deliver ads, make them more relevant to you, and analyze the effectiveness of our advertising programs. They use the fact that you visited our Services to target online ads for Bastion Services to you on non-Bastion websites. Some of these cookies are placed on your device by a third party with which we contract to provide certain Services. Blocking or deleting these cookies will not impact Service functionality.

Social Features

These cookies allow you to more easily share our Service content on social networks, or share your comments with other Service visitors. Some of these cookies are placed on your device by a third party with which we contract to provide certain Services. Blocking or deleting these cookies will not impact Service functionality.

Security and Authentication

These cookies are used to authenticate users, prevent fraudulent use of login credentials, and protect user data from unauthorized parties. Without these cookies, certain Services features cannot function properly.

Third-party Cookies and Tracers

Bastion Services often contain cookies or similar technologies from third-party providers that help us compile statistics about the effectiveness of our promotional campaigns, perform analytics, enable social networking features, and other operations. These technologies enable the third-party providers to set or read their own cookies or other identifiers on your device, through which they can collect information about your online activities across the Services and other, unaffiliated devices, applications, websites, or Services. You can opt out of data collection or use by some of these third-party providers by visiting the following links:

https://tools.google.com/dlpage/gaoptout
https://www.adobe.com/privacy/opt-out.html
https://www.addthis.com/privacy/opt-out
Whttps://www.scorecardresearch.com/optout.aspx

Interest-based Advertising

Bastion also enables cookies and third-party tracking mechanisms to collect your information for use in interest-based advertising. For example, third parties use the fact that you visited our Services to target online ads for Bastion Services to you on non-Bastion websites. In addition, our third-party advertising networks use information about your use of our Services to help target non-Bastion advertisements based on your online behavior in general. Learn more about interest- based advertising, or opt out of the practice, by visiting the following links:

https://www.networkadvertising.org/choices
https://www.aboutads.info/choices
https://www.google.com/settings/ads/plugin

For more information on opting out of mobile interest-based advertising, please visit the following link:

https://www.aboutads.info/appchoices

Cross-device Tracking

Data collected from a particular browser, app, or device can be used with a linked computer or device. For example, we or our third-party service providers display ads to you on your laptop or other device based on the fact that you visited Bastion Services on your smartphone. You can opt out of cross-device tracking on each of your browsers and devices by using the links provided above. Please note that the opt-out will apply only to the specific browser or device from which you opt out, and you need to opt out separately on all of your browsers and devices.

Organizational Services Data

Many Bastion Services are intended for use by organizations. If you interact with our Services through an account provided by your organization, the organization typically administers your Services account, and controls and accesses your data, including the contents of files stored on our Services. Bastion is not responsible for the privacy or security practices of organizational customers, which differ from those set forth in this Statement, as they are administered by these organizations. The types of data processed by our Services include the following:

Customer Data

Data, including traveler profiles, maintenance records, and other text or image files provided to Bastion by you or your organization through use of our Services. Customer Data is used to provide the Services, including compatible related purposes. For example, we use Customer Data to provide a personalized experience, improve service reliability, combat spam or other malware, or to improve features and functionality of the Services.

Bastion processes Customer Data under the direction of organizational customers, and has no direct control or ownership of the Customer Data it processes. The organizations are responsible for complying with any regulations or laws that require providing notice, disclosure and/or obtaining consent prior to transferring Customer Data to Bastion for processing purposes.

We will not disclose Customer Data outside of Bastion except as a customer directs, as described here or in relevant agreement(s), as required by law, or in response to legitimate governmental requests. Should law enforcement contact Bastion with a lawful demand for Customer Data, Bastion will attempt to redirect the law enforcement agency to request that data directly from the organizational customer. In support of the above, Bastion provides basic organizational contact information to the third party.

Account Data

Information provided to Bastion during sign-up, purchase, or administration of the organizational Services. Account Data includes the names, addresses, phone numbers, and email addresses you provide, as well as aggregated usage information related to your organization’s accounts and administrative data. We use Account Data to provide the Services, complete transactions, service the account, and detect and prevent fraud.

We use Account Data to contact your organization to provide information about accounts, subscriptions, billing, and updates to the Services, including information about new features, security or other technical issues. We also contact your organization regarding government or other third-party inquiries we receive regarding its use of the Services. You or your organization will not be able to unsubscribe from these non-promotional communications. Subject to contact preferences, we also send promotional communications about our products and Services. You can manage your contact preferences in your account profile or by contacting your Bastion sales representative.

With limited exceptions, Bastion processes Account Data under the direction of its organizational customers, and has no direct control or ownership of the personal data it processes. The organizations are responsible for complying with any regulations or laws that require providing notice, disclosure and/or obtaining consent prior to transferring Account Data to Bastion for processing purposes.

We share Account Data or Payment Data with third parties for purposes of fraud prevention, to process payment transactions, or to enable a requested purchase, subscription, or use of a third- party offering.

Payment Data

Includes payment instrument number (e.g., credit card), name and billing address, the security code associated with the payment instrument, organizational tax ID, and other financial data. Organizations that make purchases will be asked to provide Payment Data, which we use to complete transactions, as well as to detect and prevent fraud. When you provide Payment Data online, we will store that data to help you complete future transactions.

You can update or remove Payment Data associated with your organization’s account by logging in to individual Services or by contacting customer support. After you close an account or remove Payment Data, however, Bastion will retain that information for as long as reasonably necessary to complete transactions, to comply with Bastion’s legal and reporting requirements, and to detect and prevent fraud.

Support Data

Information we collect when you contact or engage Bastion for support. It includes information you submit in a support request, or about the condition of the device and the app where an error may have occurred, including error-tracking files. We use Support Data to resolve your support incident.

In addition to using Support Data to resolve your support incident, we also use it to operate, improve and personalize the products and Services we offer. Phone conversations, online chat sessions, or remote troubleshooting sessions with support professionals are recorded and/or monitored. Following a support incident, we typically send you a survey about your experience.

Telemetry Data

Information we collect that tells us how our Services are performing and being used. It includes information about when and how long a Service is used, which features are accessed, and the physical location of devices used to access our Services. It also includes information about hardware, software, and other details gathered related to usage, authentication, diagnostics, errors encountered, or the condition of the device and the Service when an error occurred.

In addition to using Telemetry Data to resolve common incidents related to our Services, we also use it to operate, improve and personalize the Services we offer.

Disclosure of Personal Information

When you provide personal information to Bastion or its entities and brands, we share that information with other Bastion entities and brands to provide a more unified customer experience.

Certain Services must disclose information to third parties assisting us in processing a transaction requested by you (e.g., credit card service providers). In addition, Bastion hires service providers to perform work on its behalf. Any such service providers will be permitted to obtain data from the Services only to deliver the Services Bastion has retained them to provide and will be prohibited from using data for any other purpose. Bastion discloses personal information to these service providers for the purposes, including to send promotional communications to you via email, postal mail, fax, SMS and phone as permitted by local law and subject to your contact preferences. In order to cooperate with legitimate governmental requests, subpoenas, or court orders, to protect Bastion and/or Bastion’s systems and customers, to establish, protect, or exercise our legal rights or defend against legal claims, or to ensure the integrity and operation of Bastion and/or Bastion business and systems, Bastion accesses and discloses the necessary and appropriate information under the circumstances.

Location of Data Processing

Personal information that Bastion processes is transferred to, and stored and processed in, the United States or any other country in which Bastion or its affiliates or subcontractors maintain facilities. The data protection laws in these countries are different from, and could be less stringent than, those in your country of residence. We take steps to ensure that the data we collect under this Statement is processed according to the provisions of this Statement and the requirements of applicable law wherever the data is located.

Retention of Personal Information

Bastion stores your personal information for as long as you use the Services, and no longer than is necessary for the purposes for which the information was collected, or for which it is legitimately further processed. Thereafter, Bastion retains personal information for a period of time set forth in its corporate retention schedules. In the case of organizational Services data, Bastion retains personal information according to the timeframes set forth in relevant customer agreements, or in lieu of an agreement, for as long as a legitimate business purpose exists.

Security of Personal Information

Bastion is committed to helping protect the security of your information. We have implemented and will maintain appropriate technical and organizational measures to protect your information against accidental loss, destruction or alteration, unauthorized disclosure or access, or unlawful destruction. The Internet, however, cannot be guaranteed to be 100% secure, and we cannot ensure the security of any personal information provided to us.

Children’s Privacy

In general, Bastion does not knowingly collect, use or disclose personal information from children, as defined by local law. If you believe that we have collected personal information about a child, please contact us so that we can delete the information. Additionally, please contact us to request removal of content or information that was posted to our Services when the registered user was under the age of 18.

However, some Services may collect, use or disclose personal information from children (as defined by local law) where it is necessary to do so; for example, a child member of a group using International Trip Planning Services (ITPS). This information is necessary to fulfil travel arrangements, ensure safety, to meet legal and regulatory requirements, and to provide, or arrange for appropriate assistance or facilities where necessary. This information will be collected with the consent of a responsible adult or guardian where possible. The personal information will be appropriately designated for extra protections and review and removal at the earliest opportunity. This personal information from children will be flagged to avoid direct marketing.