35 Thousand Inc (“35 Thousand”), a privately-owned company; provides information, content and resources to help people travel more beautifully.
Data privacy and protection is very important to us for everyone who uses our products and services, and who entrusts us with their information. We have written this privacy notice so you can better understand how we collect data, what we do with it and how we look after it. We will tell you how long we keep data and what happens when we no longer need it. We will also outline what rights you have over your data and how we protect and facilitate those rights.
Opting in and out of communications made easy
Sometimes people want to read privacy notices because a business is asking for their permission to contact them for marketing. They want to be sure that, if they agree, it will be easy for them to withdraw permission in the future. We want you to be able to opt out as easily as you opted in. Any marketing email we send you will always have an “unsubscribe” link that will take you off that relevant marketing list. Please remember that you may have subscribed from another email address; you will only be able to use the link to “unsubscribe” from the address to which the marketing email has been sent.
1. WHAT PERSONAL INFORMATION DO WE COLLECT FROM YOU?
We collect information:
- when you pay for any of our products or services
- when you register to receive one of our newsletters
- when you use any of our websites
- when you attend any of our events
- if you participate in any research we undertake
- if you join one of our communities or forums
- when you enter a competition
- if you contact us about a query or a complaint
We collect the following types of information:
When you use or subscribe to one of our services such as signing up to an email newsletter, entering a competition, joining one of our online communities or participating in any of our community events, we will ask you to provide information such as your name, email and/or postal address so that we can provide you with the services requested.
General personal information
When conducting surveys or running competitions, in addition to contact information, we may collect other personal information such as your gender, date of birth, marital status, etc.
When you purchase a product or service from us we will also ask you for your payment details in addition to your contact information in order to secure payment and to authorise access to our products and services.
When you visit one of our websites, we collect information about your web visit, such as how long you visited, what sites you visited or pages you looked at, your IP address and where you were when you visited, what sort of device you were using when you visited (such as a mobile phone or type of desktop PC, Mac etc), and information identifying the language used by your Device.
When you visit one of our websites, we collect data on your online behaviour (eg time spent on website, items clicked on, etc).
When you buy a product or service from us, such as a ticket to a 35 Thousand event, we will collect information about what products and services you have bought from us.
When you register for a newsletter or take part in research, we may collect data about your preferences, tastes and interests.
“Special” categories of data
Sometimes, we may collect data in online surveys on what is called “special categories of data”. These could be data sets such as biometric information (including voice samples, facial recognition, etc), or political opinions, religion, philosophical beliefs, health, sexual orientation, etc. Whenever we conduct research on these topics, it is always optional, and we will make sure we have your consent to process this data. We will remind you at the time of why and how we are processing this data and what additional safeguards are in place for using, storing and ultimately either deleting or anonymising this data.
Other data collection
The lists in this policy are not intended to be exhaustive and, in specific instances, we may need to collect audio all data for the purposes set out in this Policy. Some of the above personal data is collected directly, for example when you set up an on-line account on our websites, or send an email to our team. Other personal data may be collected indirectly, for example your browsing or shopping activity. We may also collect personal data from third parties who have your consent to pass your details to us, or from publicly available sources.
2. HOW DO WE USE YOUR PERSONAL INFORMATION?
At 35 Thousand we use the data we collect for the following reasons:
- To provide goods and services to you
- To make a tailored website available to you
- To manage any registered account(s) that you hold with us
- To verify your identity
- For fraud prevention purposes
- With your agreement, to contact you electronically about promotional offers and products and services we think may interest you
- For promotional and marketing purposes and to tailor and personalise products and services
- To train and manage our people and develop products and services
- For customer insight and market research
- To enable us to manage customer service interactions (including refunds)
- To comply, where legally required to do so by public authorities, with requests related to investigations or legal disputes
When you sign up to one of our newsletters, you are giving consent for us to use the email address provided to send you relevant content that you have requested. You can withdraw this consent for any newsletter by unsubscribing at any time.
Social Media Advertising
We work with social media networks such as Facebook Pixel to show you interest-based marketing content from our brand and selected advertisers if you have viewed the 35 Thousand website. Data collected by the Facebook Pixel may also be anonymised and used in aggregate to help improve the quality and effectiveness of our websites and marketing efforts.
You can limit the kind of tracking and profiling that Facebook undertakes by going to your Facebook account settings. You can also find out more about the pixels and cookies we use on our websites by reading our Cookies Policy.
We may also participate in Facebook’s ‘Custom Audience’ service from time to time. This service enables 35 Thousand to display to you personalised advertisements when you visit Facebook’s social media platforms. It works by converting your email address to a unique number that Facebook uses to match to unique numbers that Facebook generates from email addresses of its users. Where we use Facebook Custom Audiences, we will only include you if you have consented to receive marketing from us. If you have given us your consent, you can change your mind at any time by unsubscribing (linked in any email we send you) or by adjusting your preferences in our preference center.
Research & Insight
We may run various user communities, forums and reader panels. We may, from time to time, send out research invitations to our research communities to people who have opted in to receive communications from us.
We may sometimes use your gender and age range collected during a survey for building “look-a-like” models. This data is anonymously transmitted to our Data Management Platform and matched with our subscribers and members. This allows us to provide relevant and targeted advertising. If you are interested and want to learn more about these, including how to opt out, please see our Cookies Policy. Please note, opting out of cookies does not mean you will not see any advertisements.
Delivery of goods and services / Customer account management
We will use the information you have provided for the provision of goods and/or services that you have requested and subsequently communicating with you about those products and services.
Please note too, that when you buy something from us we may contact you about your registration details, to manage any account or subscription you have with us, or to provide customer service. This will be the case even if you have opted-out of, or declined to consent to, receiving promotional emails.
When you enter one of our online competitions, we will process your information for the purposes of picking a winner. If you have opted-in to receiving information from us about our products and services (eg receiving event invitations, signing up for editorial newsletters etc) then we will use the information you provide to make sure we offer you relevant products and services (based on where you live, your age, gender, tastes, preferences etc). If you have opted-in to receive news and offers from any competition sponsors, we will share your information with them.
Further details about this is outlined in the “who do we share information with” with section.
We work with our partners from the world of luxury goods, fashion, travel and retail so that we can present you with some outstanding offers and opportunities by either email or post. You will only ever receive partner messages from us if you have actively given permission. We won’t disclose your personal information to anyone, the messages will come from us and you can unsubscribe at any time from these messages.
Customer queries and complaints
We process any information you provide when dealing with any complaints or enquiries made by you or legally on your behalf.
3. LEGAL BASES FOR DATA PROCESSING – WHAT DOES IT MEAN AND HOW DO WE USE THEM?
The law on data protection sets out different reasons why a company may collect and process your personal data and it is one of our duties to make sure you understand which of these lawful bases we are using to process your data.
In specific situations, we can collect and process your data with your consent:
- When you sign up to any editorial newsletter
- When you tick a box to receive email from 35 Thousand about news and offers
- When you tick a box to consent to receive email from 35 Thousand on behalf of our partners
- When you give us your details to purchase goods or enter a competition
- When you participate in any research, this is with your consent
In specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests:
- We personalise the marketing content we provide you
- If you have bought a product or service from us, we will also use your details to send you direct marketing information by email or post, telling you about products and services that we think might interest you
- If you have bought a product or service from us we may send you direct marketing on behalf of our partners
We will only use legitimate interest after we have properly evaluated the data processing and conducted a necessary balancing test. We will also give data subjects the right to object to the processing at any time.
In certain circumstances, we need your personal data to comply with our contractual obligations.
For example, when you purchase products from us or sign up for a competition and win, we will keep your name and address to deliver goods and/or services.
If the law requires us to, we may need to collect and process your data.
For example, we can pass on details of people involved in fraud or other criminal activity affecting us to law enforcement.
4. DO WE SHARE YOUR INFORMATION WITH ANYONE ELSE?
35 Thousand and its subsidiaries
We may share your personal information:
- Between any sub brands we may create
- If all or any of our assets (eg a title owned by us) were to be sold to another business, the personal data relating to that title (eg the subscriber list / newsletter list etc) would be transferred to the new business owner.
We work with service providers to perform some tasks on our behalf. This might include: analysis, payments, newsletter production, marketing, etc and including tagging and blending non-personal site user data to provide aggregate demographics on our audiences. We may share your personal data with these providers to perform the necessary tasks. However, they are obliged not to disclose or use it for any other purposes. Any third-party processing of your data on our behalf will be subject to security and confidentiality obligations consistent with this privacy notice and applicable law.
Payment processing and website security
We only utilise certified Payment Card Compliant (PCI) partners to process payments on our site (Stripe, PayPal and Amazon). Your credit card details are stored with these secure partners. Our website has been developed with security in mind, it uses SSL encryption, is monitored, maintained and regularly patched. We work with a highly trusted hosting partner who provides a further level of security which includes their firewall, penetration testing and disk write protection and limitations.
Customer research & insight
We may disclose de-personalised data (such as aggregated statistics) about the audience of our products and services and/or research participants to describe our sales, customers, traffic patterns and other information to prospective partners, advertisers, investors and other reputable third parties, and for other lawful purposes. These statistics will never include identifiable personal information.
Law enforcement organisations
Under certain circumstances we may occasionally be required by law, court order or governmental authority to disclose certain types of personal information and we reserve the right to comply with any such legally binding request.
With your explicit permission, we may share your information with other companies we are working with, such as competition sponsors. Whenever we share your information with another company, we will always ask for your permission, will name the company and will always be clear that your information will be shared with another organisation.
5. HOW WE PROTECT YOUR DATA
We care very much about the security of your data in interactions with 35 Thousand. Our website hosting, payment processes, customer email management systems and digital marketing are all managed by companies with certified processes and systems around security controls. Beyond this, our website uses SSL encryption, is monitored, maintained and regularly patched to provide continuous security checks and updates.
6. COLLECTING DATA ON CHILDREN
We do not knowingly collect and process information from children (anyone under the age of 13). The products and services we offer are generally aimed at people aged 18 and over.
If you are under the age of 13, we ask that you do not give us any information about you or use our websites.
If you are a parent or guardian of a child under 13 and you if you think that your child has used our websites or subscribed to a newsletter or provided their information to us without your consent, please contact us at email@example.com and we will delete and/or stop processing your child’s personal information within a reasonable time.
If you are aged between 13 and 18, we request that you seek your parent or guardian’s permission before providing us with your information or using our websites or apps.
7. HOW LONG WILL WE KEEP DATA?
We will retain your personal information for as long as necessary to provide the individual service/s you have requested, while taking into account any legal requirements and tax and accounting rules. We do not store customer data for longer than 6 years after the last approved use.
Where you sign up to receive email marketing from us we will retain your e-mail address after you ‘opt-out’ of receiving emails to ensure that we continue to honour and respect that request. To unsubscribe from marketing emails at any time, please click on the unsubscribe link at the bottom of any marketing email and update your account preferences.
In some circumstances you can ask us to delete your data: see ’Your Rights’ below for further information.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
In the event that we go through a business reorganisation or sale or change of control, your personal information may be transferred to the acquirer. You will be notified of any such change in ownership or control of your information.
We may sometimes use the data you share with us, and that we collect about you when browsing our websites and products, to personalise our services and to tailor marketing content. For example, we may use information you have provided to send you information about products we think you may be interested in. If you do not want to receive this material, you can unsubscribe at any point.
9. CROSS-BORDER TRANSFERS AND SECURITY
We make sure that we have appropriate security measures to protect your information and make sure that, when we ask another organisation to provide a service for us, they have appropriate security measures and follow the same high standards of security and data protection as we do.
If we or our service providers transfer any information out of the European Economic Area (EEA), it will only be done with the relevant protection (stated under UK law) being in place.
10. LINKS TO OTHER WEBSITES
We receive commission on some of the links to third party websites offering products and services that we feature on our websites. We work with a third party to help us attribute e-commerce traffic. You can find out more in our Cookies Policy.
11. YOUR RIGHTS
As a consumer, you have rights when it comes to your data:
- The right to be informed. At every point where we are collecting your data, we will inform you of why it is being collected and how it is being processed.
- The right of access. If you wish to see what information we hold on you, you may send us what is called a Subject Access request. We will require photocopies of two pieces of identification. We will respond within 30 days of receipt of your request. There is no cost to you in requesting to see your data, but please note that we reserve the right to charge you if you make subsequent requests. You can use the contact details below for a Subject Access Request.
- The right to rectification. We offer the opportunity to amend your personal information by contacting us using the details below.
- The right to erasure. If you wish to cancel all communications with us, we can anonymise or de-identify your data. Please contact us using the details below. Please make sure you inform us of all email accounts, profiles, names etc that you may have used with us that you wish to erase.
- The right to restrict processing. You can opt-out or restrict the processing of your data by:
- Using ‘Unsubscribe’ link at bottom of emails we send to unsubscribe from our communications
- Amending your cookie settings in your browser
If you are unhappy with the way we have collected and are using your personal data please do not hesitate to contact us, using the contact details below or by contacting our Data Protection Officer on firstname.lastname@example.org.
You have the right to complain to a supervisory authority. In the UK this is the Information Commissioner’s Office.
12. HOW TO CONTACT US
The Data Controller
35 Thousand Inc
600 Congress Avenue
Austin, Texas, 78701