PRIVACY POLICY
OUR PRIVACY COMMITMENT
Great Lake Adventures, LLC (“Company”) is committed to respecting the privacy rights and concerns of all users (“Users”) of Company's website and the services included on the website (collectively, “Services”). As such, we have established and implemented this Privacy Policy (“Privacy Policy”) to inform Users how we use and protect the User personal information we collect (“Personal Information”).
By visiting the Website or using the Services, you consent to Company's collection, use, storage, deletion, and disclosure of information relating to you as set forth in this Privacy Policy. This Privacy Policy is subject to change at any time for any reason and without notice. Any modifications will take effect when posted. Therefore, each time you access the Services, you need to review the Privacy Policy upon which access and use of these Services is conditioned. By your continuing use of the Services after changes are posted, you will be deemed to have accepted such changes. This Privacy Policy is only applicable to the Services and not to any other website that you may be able to access from the Services, which may have its own data collection and use policy.
Except as set forth in this Privacy Policy, or unless we have your consent, we will not share your personal information with any person or entity other than those affiliated with us, entities acting on our behalf, and relevant third parties such as those needed to collect and maintain our servers and perform technology and related services. We do not share your personal information with third parties for marketing purposes. However, Company reserves the right to use any photos and/or reviews You submit in its marketing materials.
COOKIES
The Services use cookie and similar technologies which are small files or pieces of text that download to a device when a visitor accesses a website or app. These analytics and performance cookies are used only when you acknowledge our cookie banner and are used to view site traffic, activity, and other data and/or to provide you with a personalized experience. Cookies may also be used to keep track of your login name and password, to track your visits to the Services, to personalize your experience, and improve our Services so the pages you view and other behavior may be stored by cookies on your device. These cookies contain no personally identifiable information.
WEB ANALYSIS TOOLS
We may use web analysis tools to measure and collect anonymous session information. We use this information to monitor and analyze in a depersonalized form how Users use the Services, to provide customers with the Services, and to maintain and improve the Services. We may also collect similar information from emails we may send to you which then help us track which emails are opened and which links are clicked. The information allows for more accurate reporting and improvement of the Services.
The personal data collected when you visit the Services include:
- Information about your browser, network, and device
- Web pages you visited prior to coming to this website
- Search engine used to locate the Services
- Web pages you view while on our website and how long you use them
- Your IP address
COLLECTION OF PERSONAL INFORMATION
We may collect certain personal information, including your mailing address, phone number, date of birth, social security number, driver’s license or state identification number, financial information, information about your employment, and other information that may be required. If your use of the Services requires payment, you will also be required to provide a credit card number and billing address, or other payment information. We also collect personal information when you receive customer support.
USE OF PERSONAL INFORMATION
We use your personal information to provide the Services to you, deliver services you request, complete transactions, handle your questions or issues, and send communications to you about promotions, updates, or special offers that may be of interest to you. Other uses include verifying your identity, preventing fraud, and alerting you of new products, features, or enhancements to the Services. We may also use your email address to send you messages about the Services, as well as other general announcements.
The personal information submitted by you will be shared only with authorized persons required to provide the Services. We may also use your depersonalized personal information to provide analyses of our Users in the aggregate (including Analytical Data subject to the terms of this Privacy Policy) to prospective partners and other third parties.
By submitting personal information through the Services, you authorize Company to share this personal information for the purposes identified herein, and you grant us a royalty-free, worldwide, perpetual, irrevocable, and fully transferable right and license to use your personal information in connection with the creation and development of analytical and statistical analysis tools (the “Analytical Data”). We are expressly authorized to make any commercial use of the Analytical Data, including without limitation sharing the Analytical Data with third parties, provided that we do not sell, trade, or otherwise transfer from us any part of the Analytical Data that personally identifies any Users.
We will also share the personal information we collect from you under the following circumstances:
Feedback. You may choose to, or Company may invite you to, submit comments, bug reports, ideas, or other feedback about the Services (“Feedback”). By submitting Feedback, you agree that Company is free to use such Feedback at its discretion without any obligation to you. Company may also choose to disclose Feedback to third parties. You hereby grant Company a royalty-free, perpetual, irrevocable, transferable, sublicensable, worldwide, nonexclusive license under all rights necessary to incorporate and use your Feedback for any purpose.
Asset Transfers. If we become involved in a merger, acquisition, or other transaction involving the sale of some or all of Company's assets, User information may be included in the transferred assets. Should such an event occur, we will use reasonable means to notify you through email and/or a prominent notice on the Site.
PAYMENT
If you make a purchase through the Services, we may use a third-party payment processor such as Stripe or Paypal. Payments are encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction.
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express, and Discover.
Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.
THIRD PARTY PRIVACY POLICIES
In general, the third-party providers used by Us will only collect, use, and disclose your information to the extent necessary to allow them to perform the services they provide. However, certain third-party service providers, such as payment gateways, servers, and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions. For these providers, we recommend that you read their privacy policies so you can understand the manner your personal information will be handled by these providers.
Certain providers may be located in a different jurisdiction or have facilities that are located in a different jurisdiction, than either you or us. If you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located. As an example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act.
Once you leave our Website or are redirected to a third-party website or application, you are no longer governed by this Privacy Policy or our Website’s Terms of Service.
LEGAL DISCLOSURE OF YOUR INFORMATION
We may disclose your personal information if we are required by law to do so or if you violate our Terms of Service.
ELECTRONIC COMMUNICATION; SIGNATURES
You may withdraw your consent to receive communications by following the “unsubscribe” link at the bottom of our emails. You may withdraw your consent to use an electronic signature at any time by contacting us. If you withdraw your consent, you will be unable to apply for products and services through the Services, and we will be unable to continue to process any pending applications for products and Services.
HOW IS YOUR PERSONAL INFORMATION SAFEGUARDED?
The personal information that you provide to us is stored on servers with restricted access. However, no server, computer, communications network or system, or data transmission over the Internet can be guaranteed to be 100% secure. As a result, while we strive to protect User information, we cannot ensure or warrant the security of any information you transmit to us or through the use of the Services and you acknowledge and agree that you provide such information and engage in such transmissions at your own risk.
In the event that personal information you provide to us is compromised as a result of a breach of security, when appropriate we will take reasonable steps to investigate the situation, notify you, and take the necessary steps to comply with any applicable laws and regulations.
MEDIATION
You agree that, in the event any dispute or claim arises out of or relating to this Privacy Policy, you and Company will attempt in good faith to negotiate a written resolution of the matter directly between the parties. You agree that if the matter remains unresolved for forty-five (45) days after notification (via certified mail or personal delivery) that a dispute exists, all parties shall join in mediation services in Chicago, IL USA with a mutually agreed mediator in an attempt to resolve the dispute. Should you file any arbitration claims or any administrative or legal actions without first having attempted to resolve the matter by mediation, then you agree that you will not be entitled to recover attorneys’ fees, even if you would otherwise be entitled to them.
RESIDENTS OF CALIFORNIA
We may collect customer information from persons other than the individual or individuals applying for products. Such customer information, as well as other personal or privileged information subsequently collected, may in certain circumstances be disclosed to third parties without your authorization as permitted by law. If you would like additional information about the collection and disclosure of customer information, please contact us. Please see the CCPA Privacy Policy on the Website.
ADDITIONAL TERMS AND PRIVACY POLICY FOR EU CITIZENS
Under the General Data Protection Regulation (GDPR) of the European Union (EU), EU citizens are entitled to certain privacy protections regarding the use of, storing, and processing of your personal information as well as having right to be notified if personal information is stolen, copied or accessed on an unauthorized basis.
The GDPR is a modern privacy rights framework adopted to create better transparency and control over who, how and when your personal data may be used, including the “right to be forgotten”.
This section will explain how Company complies with the GDPR and how your personal data may be collected, stored, and used. We also explain under what circumstances and for what purposes we may use your personal data and also provide instructions on how you can “opt-out” from our using your personal data and also request the removal of your personal data from our systems.
OUR BUSINESS
Our business is related to property rentals. Under the GDPR, if you are an employee of or associated with a business customer, certain information may be considered personal data such as your business email, business mobile number or other similar information from which your personal identity may be known. It is also customary in many instances for business associates of business or government customers to furnish their private or personal contact information such as private email address, home telephone number, and similar information. Even if done in the context of a business purpose, this information may be deemed personal data. Therefore, if you believe your business information discloses personal data that you do not wish disclosed, you should not give it to us. You should also ask your employer to change your business contact information an anonymized format, such as changing your email form “my.name@mycompany” to “randomcharacters@mycompany”.
Please be advised that our business has less than 250 employees. Accordingly, we are subject to less stringent recording requirements under GDPR requirements. We are, however, not exempt from other privacy protection and reporting requirements which apply to all businesses equally.
COLLECTION AND USE OF YOUR PERSONAL DATA
Our ability to use your personal data may come about by the following means:
1. By Your Consent. You may expressly give your consent to our using your data for the specific purposes we detail below. Even if you give consent, however, you can subsequently withdraw your consent at any time without retribution.
2. By Other Permitted Means. We may collect your personal data under certain other cases whether consent is expressly given as follows:
- Contractual obligations. In certain circumstances, we need your personal data to comply with our contractual obligations. This would include information such as your and your employer’s name, address, telephone number, email address, driver’s license, or other document number associated with identity for the purpose of delivery of Services, billing, collection, legal notification, authentication, and contract enforcement. For example, if you work for an employer who designates you as a point of contact for purposes of contract administration or notice, we will retain that information and use it for such purposes and for other related purposes as is reasonable.
- Legal compliance. If the law requires us to, we may need to collect and process your data. This data may include personal identification data, transactional data relating to purchases, and communications data, such as IP address, telephone number, and other meta-data. For example, we can pass on details of people involved in fraud or other criminal activity to law enforcement. If you reside outside of the United States or are a non-US citizen, we may collect personal data from you and other third-party sources for purposes of complying with export control, anti-money laundering, and anti-terrorism laws, rules, and regulations.
- Legitimate interest. In specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom, or interests. For example, we may use your contact information to send information and updates regarding our Services, endorsement of our Services or their use by others, recommendations on optimizing the use of our Services, updates, new properties, offers regarding Services and other education information or information of interest relevant to you.
HOW WE USE YOUR PERSONAL DATA
We will use your personal data only in connection with furthering our relationship with you, to enhance and protect the security of your information, and to enable your use of our Services.
- We will not sell, rent, lease, or transfer your data to any third-party commercial entity for the purpose of marketing or selling unrelated products or services for our financial gain or economic benefit. We may share basic contact information such as your name and contact information (“Basic Information”) and services information, including technical configuration information, customer compliant information, trouble-shooting information with third party product and solutions providers that work with our products, such as channel partners and sales representatives, product repair and service providers, and operationalization consultants and specialists (“Sales and Service Partners”).
- Security Data Use. We will use your personal data that is Security Data when it is necessary to perform security authentication functions related to purchasing, payment and the use of our products and services. We may link or issue encrypted tokens to your applications or devices to provide increased security and to limit the transmission of your passwords or other sensitive data.
If you wish to change how we use your data, you’ll find details in the ‘What are my rights?’ section below.
However, if you choose not to share your personal data with us, or refuse certain contact permissions, Company might not be able to provide the services you require.
HOW LONG WILL WE KEEP YOUR PERSONAL DATA?
Whenever we collect or process your personal data, we’ll only keep it for as long as is necessary for the purpose for which it was collected. We have outlined above the various circumstances, purposes, and time periods when we will hold personal data.
At the end of that retention period, your data will either be deleted completely or anonymized, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning. To summarize:
Ten Years from Transaction date. As described above, you should expect your personal data including any pertinent Relationship Data to be held for ten (10) years from the date of its creation for contract and legal purposes. The same ten-year period would apply to Security Data from the date of its last use or transactional entry.
WHERE WILL YOUR PERSONAL DATA BE PROCESSED
We will not transfer your personal data to any provider in any jurisdiction unless such provider and jurisdiction meet the requirement under the GDPR.
YOUR RIGHTS OVER YOUR PERSONAL DATA
Below is an overview of your various rights.
You have the right to request:
- Access to the personal data we hold about you, free of charge in most cases.
- The correction of your personal data when incorrect, out of date, or incomplete.
- The deletion of the data we hold about you, in specific circumstances. For example, when you withdraw consent, or object and we have no legitimate overriding interest, or once the purpose for which we hold the data has come to an end.
- A computer file in a common format (e.g. CSV or similar) containing the personal data that you have previously provided to us and the right to have your information transferred to another entity where this is technically possible.
- Restriction of the use of your personal data, in specific circumstances, generally whilst we are deciding on an objection you have made.
- That we stop processing your personal data, in specific circumstances. For example, when you have withdrawn consent, or object for reasons related to your individual circumstances. Please be advised, however, your employer may reasonably object as the customer having direct contract relationship with us, and we reserve the right to notify your employer or organization of such as request and advise them that removal may impair the intended use or enjoyment of our product and services functions.
- That we stop using your personal data for direct marketing (either through specific channels, or all channels).
- That we stop any consent-based processing of your personal data after you withdraw that consent.
- Review by a partner of any decision made based solely on automatic processing of your data (i.e. where no human has yet reviewed the outcome and criteria for the decision).
You can contact us to request to exercise these rights at any time by completing an online form. If we choose not to adhere to your request we will explain to you the reasons for our refusal.
YOUR RIGHT TO WITHDRAW CONSENT
Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent. In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data.
RIGHT TO STOP DIRECT MARKETING
You have the right to stop the use of your personal data for direct marketing activity through all channels, or selected channels. We must always comply with your request.
This right does not include communications and information functions, such as alerts and notices, which are displayed in any application or product interface of ours which is part of the operation of or relates to a normal function of our product. By using our products or services, you are expressly giving your consent for such purposes. If you disagree with that then do not use our products or services.
CHECKING YOUR IDENTITY
To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make under this Privacy Notice. If you have authorized a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.
HOW TO SEND US NOTICE
You may send us notice of the exercise of your rights, whether to “opt-out” of certain or all marketing channels, to request deletion of your personal data or to correct, receive a copy of your personal data by any of the following means:
Via Email: Send us an email with the subject line “GDPR Request”. Please include the action you are requesting we take, the basis for the action, and any information which can reasonably identify you, and valid means to respond back to you.
Online: When you send us a communication through a form, you may check a box indicating your preference to opt-out of marketing campaigns and contacts.
COMPLAINTS OR CONCERNS
We are dedicated to adhering to the EU’s privacy laws for our EU customers. If you believe that we are not fulfilling our obligations in accordance with the law, you may file a complaint with the European Data Protection Supervisor (EDPS). We have provided this link for your convenience (note you are linking to an external third-party site unaffiliated with us):
https://edps.europa.eu/data-protection/our-role-supervisor/complaints_en
RESERVATION OF RIGHTS
We provide this privacy notice to EU citizens in accordance with our understanding of the GDPR and will endeavor to comply with such law on a voluntary basis. We reserve all rights afforded under United States laws and treaties. This privacy notice is not a contractual obligation or guarantee to you that may be enforced in the United States or any other jurisdiction which does not recognize the GDPR as part of its law. Our contract obligations are limited to those contained in the purchase agreements and end-user license agreements between us and our customers. We, for ourselves and on behalf of directors, officers, employees, advisors, and all other persons affiliated with us reserve all rights regarding personal and subject jurisdictional matters, and the applicability and enforcement of the GDPR with respect to US citizens and non-EU citizens. Neither this privacy notice nor any actions taken to comply with the GDPR shall constitute a waiver of such rights or submission to jurisdictional authority of any court, tribunal, or governmental authority outside of the United States.
QUESTIONS
If you have any questions about our privacy practices or this Privacy Policy, please contact us.