Last updated: January 15, 2023
Cloudforest is an online booking software service and commerce platform that provides users with access to a day-to-day management and sales system for the facilitation of tours, activities and event bookings. The Cloudforest website (including any mobile properties and related applications) and services (collectively, our "Services") are owned and provided by Untrodden Inc dba Cloudforest (“Untrodden”, “we”, “our”, “us”). This privacy notice describes how and why we might collect, store, use, and/or share ("process") your information when you use our services, such as when you:
- Visit our website at https://cloudforest.io, or any website of ours that links to this privacy notice
- Engage with us in other related ways, including any sales, marketing, or events
By accessing and utilizing our Services, you acknowledge that you have read and understood this Privacy Policy and the information collection and handling practices outlined in it. If you do not agree with our policies or practices, please do not use our Services. We may change this Privacy Policy from time to time so please check back regularly to keep informed of any updates.
Overview
This Privacy Policy describes in detail our policy and practices regarding our collection, use and disclosure of your personal data.
We recognize that providing information online and having confidence in us with your personal data involves a significant amount of trust on your part. We acknowledge this and make it a top priority to guarantee the security and privacy of the data you give us when utilizing our Services.
- Collection of your personal data
- How we process your personal information
- With whom we share your personal data
- How long we keep your personal information
- How we use “cookies” and other tracking technologies
- Your rights
- How we protect your personal data
- Your customers’ information
- Information concerning minors
- External links
- International transfers
- Controls for do-not-track features
- Changes to this Privacy Policy
- How you can reach us
- Collection of your personal data
Personal data means any information about an individual from which that person can be directly or indirectly identified. It does not include data where the identity has been removed or otherwise anonymized (anonymous data).
In the course of our business, we collect and process personal data in different ways. We may collect personal data you give us directly but we also collect data by logging how you interact with our services. For example by using cookies on our websites. We also receive personal data from third party businesses who use our Services.
We collect personal information that you voluntarily provide to us when you register on the Services, express an interest in obtaining information about us or our products and Services, when you participate in activities on the Services, or otherwise when you contact us.
The personal information that we collect depends on the context of your interactions with us and the Services, the choices you make, and the products and features you use. The personal data we collect about you may include, but is not limited to: your name(s), email addresses, mailing addresses, billing addresses, phone numbers, passwords, contact preferences, payment information, survey responses, booking details and other information you may provide about yourself through use of our Services, and your IP address and web browser software.
You can choose not to provide us with your personal data. However, in general you need to provide us with certain information about you in order to take advantage of many features of the Services. We also collect personal data for security purposes.
Information that you provide us: as described below, we may receive and store any information you enter on our website or give us in any other way. All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information.
Information about Others: You may provide contact and travel-related information for other people through our Services. If you book for someone else through the Services, you will need to submit that individual's personal data. You must obtain the consent of other individuals prior to providing us with their personal data.
Information from Other Sources: We also may obtain information about you from affiliated entities, business partners, Cloudforest suppliers and resellers, and other independent third-party sources.
Automatic Collection of Information: We may automatically collect some information from your computer or mobile device when you visit our website. For example, session data, including your IP address, the navigation software used and the reference site. We may also collect information about your online activity, such as reviewed content, pages visited and searches. We automatically collect this type of information to try to better understand your interests and preferences and potentially to personalize your experience. We also collect personal data in order to help protect our site and other users from misuse.
Location Information and Other Information from Devices: When you use our website on a device, we may collect certain information about your location if you have instructed your device to send such information to the application via the privacy settings on that device, or if you have uploaded photos tagged with location information. You can change the privacy settings of your device at any time in order to turn off the functionality to share location information with the application and/or the functionality to tag your photos with location information.
Call Recording and Monitoring: Please be aware that calls to and from Cloudforest may be recorded. We may use the call recordings to monitor our customer service for quality or compliance purposes, to check the accuracy of the information you provide us, for fraud prevention purposes or to provide training to our staff. We will retain the call recordings for as long as reasonably necessary to perform such activities and then delete them. Any personal data obtained from you during the call will be treated in accordance with the provisions of this Privacy Policy.
Site usage and session information: We collect information about your interaction with our Services, including the resources that you access, pages viewed, how much time you spent on a page, and how you reached our website. We also log the details of your visits to our website and information generated in the course of using our website, such as mouse movements, clicks, page visits, text entered, how long you spent on a page, and other details of your actions on our website. We may share this information with a trusted third-party to analyze and organize any collected data on our behalf and at our express direction.
- How we process your personal information?
We use the personal data that we collect only for specific purposes. This includes, but is not limited to, offer our Services, to manage your registration and account, including your access to and use of our Services, to manage and facilitate booking enquiries and bookings processed via our Services, to communicate with you about your account or use of our Services, to respond to, or follow up on, your comments and questions and otherwise provide customer service, notify you about changes to our terms or privacy policy, ask you to leave a review or take a survey, operate and improve our Services, personalize your experience on our websites, measure interest in and improve our Services, notify you about promotions and special offers, to invite you to partake in a prize draw or competition, to protect, investigate and deter against fraudulent or illicit activity, unauthorized or illegal activity, administer and protect our business and to resolve disputes or troubleshoot problems.
We will only use your personal data when the law allows us to. We process your personal information for a variety of reasons, depending on how you interact with our Services, including:
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- We may process your personal information where you have provided your consent. Where we need to comply with a legal or regulatory obligation. In particular, where we cannot rely on an alternative legal basis for processing, where your data is sourced and it already comes with consent or where we are required by law to ask for your consent in the context of some of our sales and marketing activities.
- To enable user-to-user communications. We may process your information if you choose to use any of our offerings that allow for communication with another user.
- To determine the effectiveness of our marketing and promotional campaigns. We may process your information to better understand how to provide marketing and promotional campaigns that are most relevant to you.
- To identify usage trends. We may process information about how you use our Services to better understand how they are being used so we can improve them.
- If you use Cloudforest Payments, we collect more specific information you provide us about your business, including your business address, business type, business ID number, bank account information, date of birth (if you are an individual business owner), and in some circumstances, government-issued identification (such as your Social Security Number, Social Information Number, Employer Identification Number, or Tax Identification Number).
- We use the information we collect from Users and customers of a Cloudforest merchant’s Site or Store:
- To perform any other function that we believe in good faith is necessary to protect the security or proper functioning of the FullStory website or the FullStory Services;
- Comply with legal requirements and industry standards, detect, investigate, and prevent activities that may violate our policies or be fraudulent or illegal, and protect the rights of Cloudforest, you, or others;
- In a support context, to view details of your account to ensure that it complies with your contractual obligations to us;
- Manage, operate, and improve the Services;
- Monitor the performance of our Services including metrics such as total number of visitors, and traffic.
- Where we need to perform a contract we are about to enter into or have entered into with you (for example, to process your subscription payments to use the Cloudforest platform), or where we or someone we work with needs to use your personal information for a reason related to their business (for example, to provide you with a service). European law calls these reasons “legitimate interests.” These “legitimate interests” include:
- preventing risk and fraud
- answering questions or providing other types of support
- helping merchants find and use apps through our app store
- providing and improving our products and services
- providing reporting and analytics
- testing out features or additional services
- assisting with marketing, advertising, or other communications
We only process personal information for these “legitimate interests” after considering the potential risks to your privacy—for example, by providing clear transparency into our privacy practices, offering you control over your personal information where appropriate, limiting the information we keep, limiting what we do with your information, who we send your information to, how long we keep your information, or the technical measures we use to protect your information.
One of the ways in which we are able to help merchants using Cloudforest is by using techniques like “machine learning” (European law refers to this as “automated decision-making”) to help us improve our services. When we use machine learning, we either: (1) still have a human being involved in the process (and so are not fully automated); or (2) use machine learning in ways that don’t have significant privacy implications (for example, reordering how apps might appear when you visit the app store).
You may receive marketing messages from us if you have given your consent, if you have requested to receive them, or if you have purchased goods or services from us and if you have not opted out of receiving marketing messages.
Each time you receive an email of this type, you will be able to tell us if you no longer wish to receive them by clicking on the unsubscribe link that you will find at the bottom of each communication you receive from us, or by e-mailing [email protected] with your request.
Please note that we may continue to send you service communications, such as service and administrative messages about your account or transactional messages related to your bookings. It is not possible to unsubscribe from these service communications.
- With whom we share your personal data
Cloudforest may share your information with other parties, including with business subsidiaries and the types of third parties listed below. For instance, if we sell or divest our business or any part of it, and your personal data relates to such sold or divested part of our business, or if we merge with another business, we will share your personal data with the new owner of the business or our merger partner, respectively.
Separately, if we are legally obliged to do so, we will share personal data to protect our customers, the site, as well as our company and our rights and property.
- Suppliers and resellers of services, including but not limited to to tours, trips, activities, attractions, retreats and accommodations, classes, workshops, festivals, rentals, transport services and/or any type of event who fulfil travel and event bookings using our Services.
- We may share your data with third-party vendors, service providers, contractors, or agents ("third parties") who perform services for us or on our behalf and require access to such information to do that work. We have contracts in place with our third parties, which are designed to help safeguard your personal information. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will also not share your personal information with any organization apart from us. They also commit to protect the data they hold on our behalf and to retain it for the period we instruct. The categories of third parties we may share personal information with include, payment processors, customer service, marketing, public relations, fraud prevention, business analytics, performance monitoring tools, cloud computing services, communication and collaboration tools, data storage service providers, and distribution of surveys or sweepstakes programs. Third-party service providers have access to and may collect information only as needed to perform their functions and are not permitted to share or use the information for any other purpose.
- Business partners with whom we may offer products or services in conjunction. If you choose to access these optional services, we may share information about you, including your personal data, with those partners. Please note that we do not control the privacy practices of these third-party business partners.
- Affiliated Websites. If you were referred to our website from another website, we may share your registration information, such as your name, email address, mailing address, telephone number and travel preferences with that referring website. We encourage you to review the privacy policies of any website that referred you to our website.
- When we use Google Maps Platform APIs. We may share your information with certain Google Maps Platform APIs (e.g., Google Maps API, Places API). To find out more about Google’s Privacy Policy, please refer to this link. We obtain and store on your device ("cache") your location. You may revoke your consent anytime by contacting us at the contact details provided at the end of this document.
- Companies belonging to our group. We may share your personal data with our parent companies and domestic and international corporate affiliate companies and websites. This sharing enables us to provide you with information about products and services which might interest you. To the extent that our parent company and corporate affiliates have access to your information, they will follow practices that are at least as restrictive as the practices described in this Privacy Policy.
- When you share personal information (for example, by posting comments, contributions, or other content to the Services) or otherwise interact with public areas of the Services, such personal information may be viewed by all users and may be publicly made available outside the Services in perpetuity. Similarly, other users will be able to view descriptions of your activity, communicate with you within our Services, and view your profile.
We also may share your information if we believe, in our sole discretion, that such disclosure is necessary:
- to comply with legitimate and enforceable subpoenas, court orders or other legal process; to establish or exercise our legal rights; to defend against legal claims or as otherwise required by law. In such cases we reserve the right to raise or waive any legal objection or right available to us;
- to investigate, prevent or take action regarding illegal or suspected illegal activities; to protect and defend our rights, property or safety of , our customers or others and in connection with our Terms of Service and other agreements or
- in connection with a corporate transaction, such as a divestiture, merger, consolidation or asset sale or in the unlikely event of bankruptcy.
Other than as set out above, you will be notified when personal data about you will be shared with third parties, and you will have an opportunity to choose not to have us share such information.
We also may share aggregate or anonymous information with third parties, including advertisers and investors. For example, we may tell our advertisers the number of visitors our website receives. This information does not contain any personal data and is used to develop content and services we hope you will find of interest.
- How long we keep your personal information
We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting or statutory reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure or your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means and the applicable legal requirements.
We may retain certain information subsequent to the closing of your account with us, for example if it is necessary to fulfil our legal obligations or to exercise, to maintain security, to prevent fraud and abuse and to defend or enforce our rights.
- How we use “cookies” and other tracking technologies
We use cookies and similar tracking technologies on our website and when providing our services. Cookies are small text files that are automatically stored on your computer or mobile device when you visit a website. They are usually stored by your internet browser and contain information about your use of the internet. Each time you come back to the website, your browser will send the cookies back to it, allowing it to identify your computer or device and improve your user experience by providing personalized content.
You can find out more information about cookies in general, including how to see what cookies are installed on your (mobile) device and how to manage and delete them at websites such as www.allaboutcookies.org and www.youronlinechoices.com/uk.
We use cookies and similar tracking technologies on our website and when providing our services. For more information about how we use these technologies, including a list of other companies that place cookies on our sites, a list of cookies that we place when we power a merchant’s store, and an explanation of how you can opt out of certain types of cookies, please see our Cookie Policy.
- Your rights
In accordance with applicable law, you may have the right of access, the right of rectification, the right to erasure, the right to restrict processing, the right to data portability and the right to object. Please find below more details and information on how and when you can exercise your rights. We will respond to your request within one month, but have the right to extend this period with two months.
In accordance with applicable law, you may have the following rights with regard to your personal data:
- The right to request access to your personal data. This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- The right to request to correct your personal data if it is inaccurate. You may also supplement any incomplete personal data we have, taking into account the purposes of the processing.
- The right to request deletion of your personal data if:
- your personal data is no longer necessary for the purposes for which we collected or processed them; or
- you withdraw your consent if the processing of your personal data is based on consent and no other legal ground exists; or
- you object to the processing of your personal data and we do not have an overriding legitimate ground for processing; or
- your personal data is unlawfully processed; or
- your personal data has to be deleted for compliance with a legal obligation.
- The right to object to the processing of your personal data. We will comply with your request, unless we have a compelling overriding legitimate interest for processing or we need to continue processing your personal data to establish, exercise or defend a legal claim.
- The right to restrict the processing of personal data, if:
- the accuracy of your personal data is contested by you, for the period in which we have to verify the accuracy of the personal data; or
- the processing is unlawful and you oppose the deletion of your personal data and request restriction; or
- we no longer need your personal data for the purposes of processing, but your personal data is required by you for legal claims; or
- you have objected to the processing, for the period in which we have to verify overriding legitimate grounds.
- The right to data portability. You may request us to receive the personal data that concern you. You may also request us to send this personal data to a third party, where feasible. You only have this right if it regards personal data you have provided us, the processing is based on consent or necessary for the performance of a contract between you and us, and the processing is done by automated means.
- . We do not offer an opt-out from the sale of personal information because we do not engage in the sale or share of personal information as contemplated by applicable law. As noted elsewhere in this Privacy Policy, we share personal information with other third parties for a variety of reasons.
Do Not Sell or Share My Personal Information
To exercise any of the aforementioned rights, you can e-mail [email protected]
You will not have to pay a fee to access your personal data (or to exercise any of the other rights described in this Privacy Policy). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. In an effort to speed up our response, we may also contact you to ask you for further information in relation to your request.
California residents are permitted one time each year to request certain details about how their personal information is shared with third parties for their direct marketing purposes. To make a request, please submit a request, or write to us at the address listed below. Indicate in your letter that you are a California resident making a “Shine the Light” inquiry.
California residents may also take advantage of the following rights:
- You may request, that we disclose to you the categories and specific pieces of personal information that we have collected about you; the categories of sources from which we collected your personal information; our business or commercial purpose for collecting your personal information; the categories of personal information that we have disclosed for a business purpose; the categories of third parties with whom we have disclosed your personal information; and the business or commercial purpose for collecting or sharing your personal information, if applicable.
- You may request that we delete your personal information that we maintain about you, subject to certain exceptions. As described in more detail in our Privacy Policy, there are some reasons for which we will not be able to fully address your deletion request, such as if we need to complete a transaction for you, to detect and protect against fraudulent and illegal activity, to exercise our rights, or to comply with a legal obligation. You can also access, update, and remove your information.
- You can request that we correct inaccurate personal information that we maintain about you.
To take advantage of any of these rights, please contact us in writing at Untrodden Inc. dba Cloudforest: 2150 Hyde St., #11, San Francisco, CA 94109, USA. California residents may designate an authorized agent to make a request on their behalf. When submitting the request, please ensure the authorized agent is identified as an authorized agent. We may need to verify your identity or elements of the request to enable us to process your request. We will take reasonable steps to verify your identity; these verification steps will vary depending on the sensitivity of the personal information and whether you have an account with us. We may deny certain requests, or fulfil a request only in part, based on our legal rights and obligations. For example, we may retain personal information as permitted by law, such as for tax or other record keeping purposes, to maintain an active account, and to process transactions and facilitate customer requests. We value your privacy and will not discriminate against California residents in response to your exercise of privacy rights.
Additionally, you can opt out of certain uses of cookies for advertising purposes by visiting www.aboutads.info/choices. For more information, please see the “Cookies” section above. Your opt-out of cookie-based tracking for advertising purposes is specific to the device, website, and browser you are using; it is deleted whenever you clear your cookies or your browser’s cache.
We may deny certain requests, or fulfil a request only in part, based on our legal rights and obligations. You have the right to submit an appeal if you are not satisfied with the outcome of your request.
- How we protect your personal data
We want you to feel confident about using our Services, and we are committed to protecting the personal data we collect. While no website can guarantee perfect security, we have implemented and maintain appropriate physical, administrative, technical, and organizational measures to protect the personal data you provide us against unauthorized or unlawful access, use of disclosure and against accidental loss, damage, alteration or destruction.
For example, only authorized employees are permitted to access personal data, and they may do so for permitted business functions. In addition, we use encryption when transmitting your personal data between your system and ours, and between our system and those of the parties with whom we share sensitive information, and we employ firewalls and intrusion detection systems to help prevent unauthorized persons from gaining access to your personal data.
- Your customers’ information
In order to power your merchant business, we collect and use personal information about your customers. In general, we only collect and use this personal information as directed by you, and as further described in our Data Processing Addendum. Legally speaking, we are a “data processor” and a “service provider” as these terms are used in European and California privacy law. We will never use your customers’ information to independently market or advertise to your customers unless they are also using one of our applications or services directly. We also do not and will not “sell” your customers’ information, as that term is used in California law.
Because you decide how the personal information of your customers will be used, you need to make sure your customers understand how you (and how we on your behalf) collect and process their personal information. You should do this by, at a minimum, posting a privacy policy on your store that describes the information you collect, how you use it, and who you share it with.
To help get you started with this, you can check out our privacy policy templates within your User Account. Also, if you are collecting any “sensitive” personal information from your customers (for example, information about health, race, ethnicity, genetics, biometrics, trade union membership, political opinions, philosophical or religious beliefs, criminal history, or sexual interests), you should get the affirmative, express consent from your customers to use and process this information.
- Information concerning minors
Cloudforest is a general audience site and does not offer services directed to minors. We do not knowingly collect data relating to minors. If a person whom we know is under 13 years of age sends us personal data, we will delete or destroy this information as soon as reasonably possible.
- External links
Our website may include links to third party websites, plug-ins and applications. If you access other websites from the links provided on our website, the operators of those websites may collect or share information about you. This information will be used by them in accordance with their privacy policy, which may differ from our Privacy Policy. We do not control these third-party websites and recommend that you examine the privacy statements posted on those other websites to understand their procedures for collecting, using and disclosing personal data.
- International transfers
Our servers are located in the United States. If you are accessing our Services from outside the United States, please be aware that your information may be transferred to, stored, and processed by us in our facilities and by those third parties with whom we may share your personal information (see Section 3 "With whom we share your personal data?" above), in the United States, and other countries.
If you are a resident in the European Economic Area (EEA) or United Kingdom (UK), then these countries may not necessarily have data protection laws or other similar laws as comprehensive as those in your country. However, we will take all necessary measures to protect your personal information in accordance with this privacy notice and applicable law.
Your personal data may be stored or transferred to countries outside the European Economic Area for the purposes described in this Privacy Policy. When we store or transfer your personal data outside the European Economic Area, we take the following precautions to ensure that your personal data is properly protected.
Whenever we store or transfer your personal data outside the European Economic Area, we will do so in accordance with applicable law and we will ensure a similar degree of protection is afforded to it by implementing appropriate safeguards. Transfers of personal data are made:
- to a country recognized by the European Commission as providing an adequate level of protection; or
- to a country which does not offer adequate protection but whose transfer has been governed by the standard contractual clauses of the European Commission or by implementing other appropriate cross-border transfer solutions to provide adequate protection.
European Commission's Standard Contractual Clauses:
We have implemented measures to protect your personal information, including by using the European Commission's Standard Contractual Clauses for transfers of personal information between us and our third-party providers. These clauses require all recipients to protect all personal information that they process originating from the EEA or UK in accordance with European data protection laws and regulations. Our Data Processing Agreements that include Standard Contractual Clauses are available here: https://legal.cloudforest.io/dpa. We have implemented similar appropriate safeguards with our third-party service providers and partners and further details can be provided upon request.
By using our services, you understand that your personal data may be transferred to our facilities and those third parties with whom we share it as described in this Privacy Policy.
- Controls for Do-Not-Track Features
Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track ("DNT") feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this privacy notice.
- Changes to this Privacy Policy
Untrodden Inc dba Cloudforest may change or modify this Privacy Policy from time to time. We will note the date that revisions were last made to this Privacy Policy at the first page of this Privacy Policy, and any revisions will take effect upon posting. We will notify our members of material changes to this Privacy Policy by either sending a notice to the email address you provided us or by placing a notice on our website. We encourage you to check this Privacy Policy from time to time to review the most current version.
- How you can reach us
If you would like to ask about, make a request relating to, or complain about how we process your personal information, you can file a request by emailing us at [email protected]. You may also have the right to lodge a complaint to the supervisory authority about the way we process your personal data. We would, however, appreciate the chance to address your concerns before you approach the supervisory authority, so please contact us in the first instance.
Our full details are:
Untrodden Inc dba Cloudforest
2150 Hyde St., #111
San Francisco, CA 94109, USA
Attn: Privacy Officer/Legal Department
Email: [email protected]