Privacy Policy | Carey Executive Transportation

Updated: 07-10-2024

CAREY’S COMMITMENT TO PROTECTING YOUR PRIVACY

To demonstrate the commitment of Carey International, Inc. and its family of owned companies using the registered trademarks CAREY® and operating in the United States (see Other Covered Entities here) and the United Kingdom (listed here, collectively, “Carey,” “we,” “us,” or “our”), we have developed this policy (“Privacy Policy”) to help you understand how we collect, use, safeguard, share, disclose and internationally transfer your Personal Information in connection with our services. It also explains your rights and choices with respect to your Personal Information, and informs you how to contact us with inquiries or complaints.

This Privacy Policy applies when you interact with our websites located at https://www.carey.com/, and any other websites, pages, features or content we own or operate (the “Web Site(s)”); when you use our mobile applications (the “Mobile App(s)”); when you use our expense management platform—CareyConnect—available at https://www.careyconnect.com/ (“Platform”); when you when you interact with our Worldwide Reservation Center or Sales Representatives; or otherwise interact with our products or services that direct you to this Privacy Policy (collectively, the “Service(s)”).This Privacy Policy does not apply to websites run by independently-owned Carey franchises and affiliates, though those websites may link or redirect to Carey’s Web Site. Independent franchisees and affiliates may have developed similar, but not identical, standards and policies regarding privacy and security in connection with their web sites, subject to certain contractual obligations relating to their business relationship with Carey. In any event, our independently-owned Carey franchises and affiliates must adhere to all GDPR principles.

For purposes of the EU’s General Data Protection Regulation 2016 (the “GDPR”), the data controller is Carey International, Inc., with offices at 7445 New Technology Way, Frederick, MD 21703.

Please read this entire Privacy Policy to make sure that you fully understand it. By using our Services, you acknowledge our collection, use and disclosure of your Personal Information in accordance with this Privacy Policy, and you agree to the accompanying Terms and Conditions (https://www.carey.com/terms-and-conditions/). Our Terms and Conditions (“Terms”) govern all use of our Services, and together with the Privacy Policy, constitute your agreement with us. If you do not agree with or you are not comfortable with any part of this Policy or the Terms, please immediately discontinue access or use of our Services.

Table of Contents

PERSONAL INFORMATION WE COLLECT
COOKIES AND OTHER TRACKING TECHNOLOGIES
HOW WE USE YOUR PERSONAL INFORMATION
PERSONAL INFORMATION SHARING
YOUR PRIVACY RIGHTS AND CHOICES
HOW WE PROTECT YOUR PERSONAL INFORMATION
INTERNATIONAL TRANSFERS OF YOUR PERSONAL INFORMATION
LINKS TO OTHER SITES OR SERVICES
COMPLIANCE
DISPUTE RESOLUTION AND ENFORCEMENT
ADDITIONAL NOTICE TO CALIFORNIA RESIDENTS
ADDITIONAL NOTICE TO INDIVIDUALS LOCATED IN THE EUROPEAN ECONOMIC AREA, THE UNITED KINGDOM, SWITZERLAND, AND BRAZIL
EU-U.S., UK EXTENSION, AND SWISS-US DATA PRIVACY FRAMEWORK COMPLIANCE
NOTICE TO NEVADA RESIDENTS
CHANGES TO THIS POLICY
CONTACT US

1. PERSONAL INFORMATION WE COLLECT.

Carey collects certain Personal Information about you and your use of our Services. Personal Information is typically data that identifies an individual or relates to an identifiable individual. The definition of Personal Information (used interchangeably with “Personal Data” for European residents) depends on the applicable law based on your physical location. Only the definition that applies to your physical location will apply to you under this Privacy Policy. The Personal Information that Carey collects generally falls into three categories: (1) information you voluntarily provide to us, (2) information we collect from you automatically, and (3) information we collect from third parties.

Information You Voluntarily Provide to Us. You may browse through the informational portion of our Web Site without providing us with any Personal Information. However, we or service providers that assist us in providing, maintaining, and operating our Services, may collect the following types of Personal Information from you:

Web Forms. If you request information or materials from us, we may ask for your contact information, such as your and your contact’s name, email address, company name, postal address, and phone number(s). Personal information that you provide web forms will be used only for such purposes as are described at the point of collection (for example on a web form), such as to send information to you or respond to your questions or comments. If you provide contact information, we may contact you to clarify your comment or question, or to learn about your level of interest in, or satisfaction with our services.
Reservations. To access and make reservations through the Services available at our Web Sites and Mobile Apps, we will require you to complete a registration form. This registration form will request certain Personal Information about the Web Site or Mobile App user (“User”) and the traveler who will use our transportation services (“Client”) in the event the Client is different from the User. Certain parts of this information will be compiled into a profile maintained by Carey in order to, among other things, most efficiently provide the services to Clients and/or Users. Such information may include at least the following: for the User, name, address, email address, company name, home/mobile phone number and ARC or IATA number; and for the Client, name, email address, home/mobile phone number, company name, work address, home address and billing address, pick-up and drop-off information, credit card information, corporate account information, specific preferences related to the services, and in-transit itineraries. We use this information for billing purposes for reservation management or to contact you if we have difficulty processing your requests.
Customer Service. When you engage with Carey International’s Digital Support Team, we may collect your name, email address, phone number, reservation number, company name, records, copies of your correspondence, and any additional information you choose to share with us (such as screenshots).

Information We Automatically Collect. To the extent permitted under the applicable law, we may collect certain types of information automatically, such as whenever you interact with the Sites or use the Services. We may collect the following types of information automatically from you:

Usage Data. When you browse our Web Sites, we automatically collect log data such as your web request, Internet Protocol (“IP”) address, browser type, domain names, referring and exit pages and URLs, pages viewed and the order of these page views, the date and time you access our servers, and other diagnostic data.
Device Information. When you use your desktop or mobile devices to access our Services, we may be able to identify your device’s unique device identifier, MAC address, operating system, and your mobile device’s advertising ID.
Location Information. When you use our Services, we may infer the generic physical location and geographic regions of your device from your Wi-Fi, Bluetooth and other device settings. For example, your IP address may indicate your general geographic region. You may choose not to share your location details with us by adjusting your mobile or desktop device’s location services settings. For instructions on changing the relevant settings, please contact your service provider or device manufacturer.

Information We Collect From Third Parties. From time to time, we may obtain information about you from third-party sources as required or permitted by law. These sources may include:

Third-Party Reservation Agent, Systems or Centers. We may receive your reservation details from third-party reservation agents, systems or centers
Marketing Partners and Analytics Providers. Unless prohibited by applicable law, we may obtain your Personal Information from marketing partners and analytics providers so that we can better understand which of our Services may be of interest to you.

2. COOKIES AND OTHER TRACKING TECHNOLOGIES

We and third parties on our behalf, may use cookies or similar tracking technologies, such as cookies and other similar technologies (collectively, “Tracking Technologies”) to collect Personal Information automatically as you interact with our Web Sites, to help us customize your experience and better manage content on our Web Sites, including to:

Analyze our web traffic using an analytics package
Identify whether you already visited our Web Sites
Store information about your preferences
To recognize when you return to our Web Sites

Please read our Cookie Policy for more details. Click this link to view our Cookie Policy

If you want to exercise your rights regarding Personal Information collected via cookies and similar tracking technologies, please see the Your Rights and Choices section below.

Do Not Track. We do not respond to web browser “do not track” signals. If you arrive at our Web Site by way of a link from a third-party web site that does respond to “do not track” requests, the recognition of any “do not track” request you have initiated will end as soon as you reach our Web Site.

3. HOW WE USE YOUR PERSONAL INFORMATION

Delivery of Carey’s Service – We use the Personal Information collected through our Services to administer and deliver our services. In connection with the delivery of our services, we may share the Personal Information with third-party partners or vendors who help deliver or administer the services, but they are only permitted to use the information in connection with the delivery or administration of our services. For example, we share a Client’s credit card information with third-party credit card processing and fraud detection companies, but those companies are not permitted to use the credit card or Personal Information for any purpose other than to assist us to safely and securely fulfill the specific purchase transaction. We may also share Personal Information with Carey subsidiaries, affiliates, licensees, and subcontracted service providers who need that information to provide the services that you have requested. Under certain circumstances, we may remain liable for the acts of our third-party agents or service providers who perform services on our behalf for their handling of EEA Personal Data that we transfer to them.
Maintain Legal and Regulatory Compliance – Our Services are subject to certain laws and regulations, which may require us to process your Personal Information. For example, we process your Personal Information to fulfill our business obligations, to manage risk as required under applicable laws and regulations, or to respond to requests by judicial process or governmental agency.
Enforce Compliance with Our Terms, Agreements and Policies – When you access or use our Services, you are bound to our Terms. We may process your Personal Information for compliance purposes, such as carrying out our obligations and enforcing our Terms or other legal rights, including those arising from any contracts entered into between you and us, including for billing and collection.
Detect and Prevent Fraud and Security Risks – We may process your Personal Information to help monitor, prevent and detect fraud and abusive use of our Service, monitor and verify your identity so that unauthorized users do not gain access to your information, enhance system security, and combat spam, malware, malicious activities or other security risks.
Provide Customer Support or Respond to You – We collect any information that you provide to us when you engage with Carey International’s Digital Support Team. Without your Personal Information, we cannot respond to you or ensure your continued use and satisfaction of the Services.
Provide Service-Related Communications – We will send you administrative or account-related information to keep you updated about your account and the Services. Such communications may include information about Privacy Policy updates, security updates, tips or other relevant transaction-related information. Service-related communications are not promotional in nature. You are not able to unsubscribe from such communications, otherwise you may miss important developments relating to your account or the Services.
Carey Sales Promotions and Marketing – We may use the Personal Information collected through our Services to provide you with information or newsletters related to our services, and to promote our services to your company as listed in your profile, where you have provided your consent if required under the applicable law. This may include information, promotions, and marketing via email, the Mobile App, postal mail, fax or telephone calls. However, for information that we have collected through your voluntary participation in an online customer survey to obtain your suggestions or comments about Carey International’s services, we use such information only for the purpose for which it was collected. We will not use such survey information for direct marketing or disclosure to other companies.
Internal Marketing Research and Reporting – We may use your Personal Information on an anonymized, aggregated basis for a variety of purposes, including operating and enhancing our Services, our service delivery, internal marketing research, and management reporting. We reserve the right to use and disclose this aggregated information to third parties for any purpose. Aggregate information will not identify any one specific individual.
Personalize Your Experience – We may process your information to personalize your experience. By personalization, we enable you to interact more easily with our Services across platforms and devices.
Facilitate Corporate Acquisitions, Mergers and Transactions – We may process any information regarding your account and your use of our Services as is necessary in the context of corporate acquisitions, mergers or other corporate transactions.
With Your Consent – We may process or use your Personal Information for any other purpose to which you consent.

4. PERSONAL INFORMATION SHARING

We may share your Personal Information as needed to fulfill the purposes described in this Privacy Policy and as permitted by applicable law. We may disclose your Personal Information as described below.

As Required by Law. We may share your Personal Information when access, use, preservation, or disclosure of Personal Information is reasonably necessary for Carey to detect, prevent or remedy security or technical issues, or suspected or actual fraudulent or illegal activity; to satisfy any applicable law, regulation, public authorities, ordinance, matters related to national security, or legal process, including government investigation; or to protect the rights of Carey, our clients, or other individuals, as required or permitted by law.
Within Our Corporate Organization. We may share your Personal Information within our organization to provide you with the Services and take actions based on your request.
With Our Service Providers. We may provide your Personal Information to service providers we have retained to perform services, or process Personal Information, on our behalf, and only to the extent necessary to deliver or administer such services. Service providers may provide us with support services such as credit card processing, website hosting, single-sign-on, community and feedback management, analytics services, surveys and research services, and network maintenance. We require service providers to process Personal Information in a manner consistent with this Privacy Policy or other similar or appropriate privacy measures and any laws governing the processing of Personal Information.
During Business Transaction or Other Asset Transfers. We may disclose and transfer information about you to buyers, service providers, advisors, potential transactional partners or other third parties in connection with the advisors, potential transactional partners or other third parties of a corporate transaction in which we are acquired by or merged with another company, or we sell, liquidate, or transfer all or a portion of our business or assets. By engaging with us or using our Services, you understand and agree to our assignment or transfer of rights to your Personal Information.
With Our Business Partners. Subject to applicable law, we may share your Personal Information with our business partners, such as, for permitted marketing purposes.
With Your Consent. We may disclose your Personal Information for any purpose with your consent.

5. YOUR PRIVACY RIGHTS AND CHOICES.

Marketing Communications. If you do not want to receive marketing email communications from us, you can opt-out by clicking on the “unsubscribe” link located on the bottom of our marketing emails or you may send a request to Opt-out@Carey.com.

Right to Correct or Update Your Information. You may request that we correct or update any inaccurate or incomplete Personal Information by contacting Privacyinfo@Carey.com, or by calling Carey’s Worldwide Reservations Center. Carey accountholders may also update or change their Account Information at any time by editing their Profile and Settings on our Web Site or in our Mobile App.

Your Opt-Out Rights. If you reside in one of the following states in the United States – California or Virginia, you may have the right to opt-out of certain types of processing for your Personal Information. As of July 1, 2023, residents of Colorado and Connecticut will also have this right to the extent their privacy laws apply to us.

Right to Opt Out of Sale/Sharing. You have the right to opt-out of the sale of your Personal Information in exchange for monetary or other valuable consideration, including sharing of your Personal Information to third parties for targeted advertising purposes. We generally do not sell your Personal Information for profit, but like many websites, we use cookies, pixels, and similar technology, and we share certain information, such as your IP address or device identifiers, to certain third-party advertisers in order to improve your user experience and to optimize our marketing activities. Some states may consider sharing of your Personal Information for targeted advertising purposes as a “sale.” To exercise your right to opt-out of sale or share of your Personal Information, please submit a request by checking the “Do Not Sell or Share My Personal Information” link located at the bottom of our website or contact our Do-Not-Sell group by clicking this link. Please note that you may still receive generalized ads after opting out of targeted advertising.
Opt-Out Preference Signals. You may send your request to opt-out sale or sharing your Personal Information by configuring your device to automatically send opt-out preference signals. The Global Privacy Control signal is currently the only opt-out preference signal we can recognize. Please visit Global Privacy Control’s official site (https://globalprivacycontrol.org/#about) to learn how to configure your device to send such signals. Please note that the opt-out choice will only apply to your use of our Sites through the current browser or device you are using and only as long as that browser’s cookies are not erased.

Additional Rights for Certain Territories: If you reside in certain territories (such as the European Economic Area, Switzerland, the United Kingdom, Japan, Brazil or one of the following states in the United States – California or Virginia), you may have the right to exercise certain privacy rights available to you under applicable law. As of July 1, 2023, residents of Colorado and Connecticut may have certain rights to the extent their privacy laws apply to us. If any of the rights listed below are not provided under law for your jurisdiction, we have the absolute discretion in providing you with those rights.

However, your rights are subject to certain exceptions and are not absolute. Depending upon the applicable law, access to your rights under the applicable law may be denied: (a) when denial of access is required or authorized by law; (b) when granting access would have a negative impact on another’s privacy; (c) to protect our rights and properties; (d) where the request is frivolous or vexatious, or for other reasons.

Right Not to Provide Consent or to Withdraw Consent. Under limited circumstances, we may seek to rely on your consent in order to process certain types of Personal Information, such as Personal Information categorized as sensitive or as special categories under applicable law. Where we do so, you have the right not to provide your consent or to withdraw your consent at any time. This does not affect the lawfulness of the processing based on consent before its withdrawal.
Right of Access and/or Portability: You may have the right to access the Personal Information that we hold about you and, in some limited circumstances, have that data provided to you so that you can provide or port that data to another provider.
Right to Correct/Rectification: You may have the right to require us to correct any inaccurate or incomplete Personal Information in our files.
Right of Erasure/Delete: In certain circumstances, you may have the right to request the erasure or deletion of the Personal Information that we hold about you. This right is not absolute, and we may refuse your request if there are compelling legitimate grounds for keeping your Personal Information.

Right to Object to Automated Decision-making. If you reside in certain territories, you may have the right not to be subject to a decision which significantly impact your rights that is based solely on automated processing (where a decision is taken about you using an electronic system without human involvement). No decision will be made by us about you solely on the basis of automated decision making which has a significant impact on you.

Right to Object to Processing: If you reside in certain territories, you may have the right to request object to our processing of your Personal Information at any time and a permitted under applicable law if we process your Personal Information on the legal basis of consent or legitimate interests. However, we may continue to process your Personal Information if it is necessary for the defense of legal claims, or for any exceptions permitted under applicable law.
Right to Restrict Processing: If you reside in certain territories, you may have the right to request that we restrict processing of your Personal Information in certain circumstances (for example, where you believe that the Personal Information we hold about you is not accurate or lawfully held).

Right Against Discrimination. You have the right not to be discriminated against for exercising any of the rights described in this section. We will not discriminate against you for exercising your rights.
Right to Appeal. In certain jurisdictions, you may have the right to appeal if we refuse to take action on your rights request. Instructions on how to appeal will be provided to you upon such a denial, but in any event, such instructions will be substantially similar to those provided below for submitting requests.

Right To Limit Use and Disclosure of Sensitive Personal Information. If you are a California resident, to the extent your sensitive Personal Information, as that term is defined under California privacy law, is used to infer characteristic about you, you have the right to object to our processing of your sensitive Personal Information for inferring characteristics

Right to Lodge a Complaint to Your Local Data Protection Authority. If you reside in certain territories (such as the European Economic Area, Switzerland, the United Kingdom), you may have the right to lodge a complaint with your national Data Protection Authority or equivalent regulatory body.

Exercising Your Privacy Rights. You may exercise your rights by contacting us at at Privacyinfo@Carey.com, or by calling Carey’s Worldwide Reservations Center at our toll-free customer service phone number 800-285-5312, or via another method identified in the “Contact Us” section below. In your request, please make clear which right you would like to exercise. Before fulfilling your request, we are required by law to have you to verify the Personal Information we already have on file to confirm your identity. If we cannot verify your identity based on the information we have on file, we may request additional information from you, which we will only use to verify your identity, and for security or fraud-prevention purposes. If you use an authorized agent to submit requests on your behalf, we will require you to verify your identity directly with us, or have you confirm directly with us that the authorized agent has been authorized to act on your behalf.

6. HOW WE PROTECT YOUR PERSONAL INFORMATION

Carey will use Personal Information to the extent necessary to deliver or administer our services, and only for the purposes for which it was originally collected, or subsequently authorized by you, in accordance with this Privacy Policy. Carey will take reasonable steps to ensure that your Personal Information is relevant to its intended use, current, accurate, and complete.

We have established and currently maintain security procedures to protect the confidentiality, security and integrity of your Personal Information from loss, misuse, unauthorized access, and disclosure. We use encryption, tokenization, Secure Socket Layers, and firewalls, and we implement off-line efforts to further protect this information, including updating our security practices and privacy policies, privacy and security related training, and limiting employee, agent, and subcontractor access to Personal Information to those who need to know such information to deliver or administer services. In addition, both electronic and paper records containing Personal Information are maintained in access-controlled facilities and access to the information within our secured facilities is limited to only those Carey associates with a legitimate need to access the information in furtherance of providing the services requested by you.

HOW LONG WE RETAIN YOUR PERSONAL INFORMATION

We will store your Personal Information, in a form that permits us to identify you, for no longer than is necessary for the purpose for which the Personal Information is processed. We store your Personal Information as necessary to comply with our record retention policy, any legal obligations (which may include the duration of a pending suit, allegation, investigation or claim), resolve disputes, and enforce our agreements and rights, or if it is not technically and reasonably feasible to remove it. Otherwise, we will seek to delete your Personal Information within a reasonable timeframe upon request.

7. INTERNATIONAL TRANSFERS OF YOUR PERSONAL INFORMATION

Carey’s business operates on a global scale. When you access or submit information to us, your Personal Information may be transferred to, processed, maintained, and used on computers, servers and systems located where the data protection laws may not be as protective as those in your jurisdiction. Carey is headquartered in the United States. If you are located outside the United States and choose to provide information to us, please note that we may transfer your Personal Information to the United States for further processing. We will take appropriate contractual or other steps to protect the relevant Personal Information in accordance with applicable laws.

We rely primarily on the European Commission’s Standard Contractual Clauses to facilitate the international and onward transfer of Personal Information collected in the European Economic Area (“EEA”), the United Kingdom and Switzerland (collectively “European Personal Information”), to the extent the recipients of the European Personal Information are located in a country that the European Countries consider to not provide an adequate level of data protection. We may also rely on an adequacy decision of the relevant regulatory body confirming an adequate level of data protection in the jurisdiction of the party receiving the information, or derogations in specific situations.

Carey is responsible for the processing of Personal Information it receives and subsequently transfers to a third party acting as an agent on its behalf. Before we share your information with any third party, we will enter into a written agreement that the third party provides at least the same level of protection for the Personal Information as required under applicable data protection laws.

Data Privacy Frameworks

Carey International, Inc. and its family of companies (“Carey”) comply with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Carey has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Carey has further certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between these terms in this Privacy Policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov.

8. LINKS TO OTHER SITES OR SERVICES

Our Services may contain links to other websites or services for your convenience and information. These websites may be operated by companies not affiliated with Carey. Linked websites or services may have their own privacy policies, which we strongly suggest you review if you visit any linked websites or services. We are not responsible for the content of any websites or services that are not affiliated with Carey, any use of those websites or services, or the privacy practices of those websites or services.

9. COMPLIANCE

Carey has established internal policies and procedures to review and verify our ongoing compliance with this Privacy Policy, including an annual assessment to verify that privacy practices have been implemented as represented in this Privacy Policy. In compliance with the EU-US, UK Extension and Swiss-US Data Privacy Framework Principles, Carey commits to resolve complaints about your privacy and our collection or use of your Personal Information. If you have any questions or concerns regarding this Privacy Policy, or if you have any complaints regarding this Privacy Policy, please first contact us at:

Carey England
c/o Companies House
280 Bishopsgate, London, EC2M 4RB

privacyinfo@careyuk.com

For residents of the European Union:

Carey International, Inc. takes the protection of personal data seriously, and has appointed Data Rep as their Data Protection Representative in the European Union so that you can contact them directly in your home country. DataRep has locations in each of the 27 EU countries and Norway & Iceland in the European Economic Area (EEA), so that Carey International, lnc.’s customers can always raise the questions they want with them.

If you want to raise a question to Carey International, Inc., or otherwise exercise your rights in respect of your personal data, you may do so by:

sending an email to DataRep at datarequest@datarep.com quoting <Carey International, > in the subject line,
contacting us on our online webform at datarep.com/data-request, or
mailing your inquiry to Data Rep at the most convenient of the addresses in the subsequent

For residents outside of the European Union and United Kingdom:

Carey International, Inc.
Attn: Data Representative
7445 New Technology Way
Frederick, MD 21703
Privacyinfo@Carey.com

10. DISPUTE RESOLUTION AND ENFORCEMENT.

Carey has further committed to refer unresolved privacy complaints under the EU-US, UK Extension and Swiss-US Data Privacy Framework Principles to JAMS, a non-profit alternative dispute resolution provider located in the United States. In the event of a formal complaint, it is Carey’s policy to contact the individual directly to resolve any concerns. Carey will cooperate with JAMS, free of charge to you, pursuant to the JAMS International Mediation Rules, which are accessible on the JAMS website at Data Privacy Framework Resolution | JAMS Mediation, Arbitration, ADR Services (jamsadr.com), if the complaint cannot be resolved through Carey’s internal processes. If you do not receive timely acknowledgment of your complaint, or if we have not addressed your complaint to your satisfaction, please contact or visit www.jamsard.com for more information or to file a complaint. Such JAMS mediation will be held in New York, NY for complaints by individuals in the U.S. and in London, UK for complaints by individuals outside of the U.S.

Carey is subject to the investigatory and enforcement power of the Federal Trade Commission with respect to claims or complaints related to this Privacy Policy. As set forth in section 4 above, we may disclose your Personal Information in response to lawful requests related to applicable law, regulation, ordinance, public authorities, matters related national security or legal process, including government investigations.

You may have the option to select binding arbitration for the resolution of your complaint under certain circumstances, provided you have taken the following steps: (1) raised your complaint directly with Carey and provided us the opportunity to resolve the issue; (2) made use of the independent dispute resolution mechanism identified above; and (3) raised the issue through the relevant data protection authority and allowed the US Department of Commerce an opportunity to resolve the complaint at no cost to you.

11. ADDITIONAL NOTICE TO CALIFORNIA RESIDENTS

The California Consumer Privacy Act, as amended by the California Privacy Rights Act (“California Privacy Laws”) requires us to disclose the following additional information related to our privacy practices. If you are a California resident, as defined in Section 17014 of Title 18 of the California Code of Regulations, this section applies to you in addition to the rest of this Privacy Policy.

Categories of Personal Information Collected, Used, and Disclosed

During the past 12 months, we have collected the following categories of information from the listed sources, used it for the listed business purposes and shared it for a business purpose with the listed categories of third parties. The categories of information include information we collect from our website visitors, registered users, employees, vendors, suppliers and any other person that interacts with us either online or offline. Not all information is collected about all individuals. For instance, we may collect different information from applicants for employment or from vendors or from customers.

CATEGORY OF INFORMATION COLLECTED	SOURCE	*BUSINESS PURPOSES FOR COLLECTION/USE**	CATEGORIES OF THIRD PARTIES RECEIVING INFORMATION FOR A BUSINESS PURPOSE
Identifiers (name, alias, postal address, email address, phone number, fax number, account name, Social Security number, unique personal identifier, IP address)	Individuals submitting information to us; information we automatically collect from site visitors; information we may receive from third-party marketing and data partners.	Auditing relating to transactions; security detection, protection and enforcement; functionality debugging/error repair; ad customization; performing services for you; internal research and development; quality control.	Service providers (such as payment processors, mail houses, marketing partners, shipping partners, employee benefits partners); affiliated companies; government regulators; law enforcement; and strategically aligned businesses.
Sensitive Information (name with financial account, medical, health, and health insurance information, user name and password)	Individuals submitting information; employment applications; employees.	Auditing relating to transactions; security and fraud detection, protection and enforcement; performing services for you; internal research and development; quality control; and Facilitating employment related activities and benefits for our employees.	Service providers (such as payment processors and employee benefits partners); affiliated companies with a need to know; government regulators; and law enforcement.
Protected classification information (race, gender, ethnicity, religion)	Employees and Individuals submitting information.	Facilitating employment related activities and benefits for our employees; Auditing relating to transactions; performing services for you; internal research and development; quality control.	Service providers (such as payment processors, mail houses, marketing partners, shipping partners, employee benefits partners); affiliated companies with a need to know; government regulators; law enforcement;
Commercial information (transaction history, products/services purchased, obtained or considered, product preference)	Individuals submitting information; information we automatically collect from site visitors; information we may receive from third-party marketing or data partners.	Auditing relating to transactions; security and fraud detection, protection and enforcement; functionality debugging/error repair; ad customization; performing services to you; internal research and development; quality control.	Service providers (such as payment processors, mail houses, marketing partners, shipping partners, employee benefits partners); affiliated companies; government regulators; law enforcement; strategically aligned businesses.
Electronic network activity (browsing or search history, website interactions, advertisement interactions)	Information automatically collected from site visitors.	Auditing relating to transactions; security and fraud detection, protection and enforcement; functionality debugging/error repair; ad customization; performing services for you; internal research and development; quality control.	NOT SHARED
Audio, video or similar information (customer service calls, security monitoring)	Individuals submitting information; information we collect for security purposes.	Auditing relating to transactions; security detection, protection and enforcement; functionality debugging/error repair; ad customization; performing services for you; internal research and development; quality control.	Service providers (such as payment processors, mail houses, marketing partners, shipping partners, employee benefits partners); affiliated companies; government regulators; law enforcement; strategically aligned businesses.
Biometrics	NOT COLLECTED	NOT COLLECTED	NOT SHARED
Geolocation	Information we automatically collect from site visitors.	Auditing relating to transactions; security detection, protection and enforcement; functionality debugging/error repair; ad customization; performing services for you; internal research and development; quality control.	Service providers (such as payment processors, mail houses, marketing partners, shipping partners, employee benefits partners); transportation services providers, affiliated companies; government regulators; law enforcement; strategically aligned businesses.
Professional, educational or employment related information	Information submitted by individuals; information received from third parties in connection with vendor or employment status or applications; information we observe in connection with vendor or employment oversight.	Auditing relating to transactions; security detection, protection and enforcement; functionality debugging/error repair; ad customization; performing services for you; internal research and development; quality control.	Service providers (such as employee benefits partners); affiliated companies; government regulators; law enforcement; strategically aligned businesses.
Inference from the above (preferences, characteristics, behavior, attitudes, abilities, etc.)	Internal analytics	Auditing relating to transactions; performing services for you; internal research and development; quality control.	affiliated companies with a need to know;

Business Purposes for Processing Your Personal Information

*More specifically, the business purposes include:

Performing services for you:

To administer or otherwise carry out our obligations in relation to any agreement to which we are a party;
To assist you in completing a transaction or order;
To allow tracking of shipments;
To prepare and process invoices;
To respond to queries or requests and to provide services and support;
To provide aftersales customer relationship management;
To create and manage our customer accounts;
To notify you about changes to our services and products;
To administer any promotion, contest, survey, or competition;
To provide you information regarding our products and services,
To offer our products and services to you in a personalized way, for example, we may provide suggestions based on your previous requests to enable you to identify suitable products and services more quickly.

Advertising customization.

For marketing and promotions we believe you may find of interest and to provide you, or allow selected third parties to provide you, with information about products and services that may interest you.

Auditing relating to transactions, internal research and development.

To provide for internal business administration and operations, including troubleshooting, Site customization, enhancement or development, testing, research, administration and operation of our Sites and data analytics;
To create products or services that may meet your needs;
To measure performance of marketing initiatives, ads, and websites “powered by” another company on our behalf.

Security detection, protection and enforcement; functionality debugging, error repair.

As part of our efforts to keep our Sites safe and secure;
To ensure the security of your account and our business, preventing or detecting fraud, malicious activity or abuses of our Sites, for example, by requesting verification information in order to reset your account password (if applicable);
To ensure the physical security of our premises through the monitoring of surveillance images;
To resolve disputes, to protect the rights, safety and interests ourselves, our users or others, and to comply with our legal obligations.

Quality control.

To monitor quality control and ensure compliance with our legal obligations, codes and ordinances, policies and procedures,
To develop and improve our products and services, for example, by reviewing visits to the Sites and various subpages, demand for specific products and services and user comments.

Your Privacy Rights

Please see section 5, above, for details.

12. ADDITIONAL NOTICE TO INDIVIDUALS LOCATED IN THE EUROPEAN ECONOMIC AREA, THE UNITED KINGDOM, AND BRAZIL

This section only applies to individuals using or accessing our Service while located in the European Economic Area, the United Kingdom, Switzerland (collectively, the “European Countries”), or Brazil at the time of data collection. Pursuant to the European Union’s General Data Protection Regulation, the UK General Data Protection Regulation (collectively, the “GDPR”), and Brazil’s General Personal Data Protection Act (“LGPD”), for the sake of clarity, references to Personal Information in this Policy concerns personal data in the sense of the GDPR.

We may ask you to identify which country you are located in when you use or access some of the Services, or we may rely on your IP address to identify the country in which you are located. If any terms in this section conflict with other terms contained in this Privacy Policy, the terms in this section shall apply to individuals in a European Country or Brazil.

Legal Bases for Processing Your Personal Information

Section & Purpose of Processing	Legal Bases for Processing
Section 3(2) To Maintain Legal and Regulatory Compliance. Section 3(4) To Detect and Prevent Fraud and Security Risks. Section 4(1) As required by Law	Based on our legal obligations. Article 6(1) lit.(c) GDPR; Article 7(II) LGPD.
Section 3(1) To Provide Finalsite’s Services. Section 3(3) To Enforce Compliance with Our Terms, Agreements and Policies. Section 3(5) To Respond to Requests. Section 3(6) To Provide Services Communications. Section 4(2) Within Our Corporate Organization. Section 4(3) With Our Service Providers Section 4(5) With Our Business Partners	Based on our contract with you or to take steps at your request prior to entering a contract. Article 6(1) lit.(b) GDPR; Article 7(V) LGPD.
Section 3(8) To Research and Develop Our Services. Section 3(9) To Personalize Your Experience. Section 3(10) To Facilitate Corporate Acquisitions, Mergers and Transactions. Section 4(6) During Business Transaction or Other Asset Transfers	Based on our legitimate interest to operate our business and not overridden by your data protection interests or fundamental rights and freedom. Article 6(1) lit.(f) GDPR; ; Article 7(IX) LGPD.
Section 3(7) To Provide Marketing Communication. Section 3(11) With Your Consent. Section 4(7) With Your Consent	Based on your consent. Article 6(1) lit.(a) GDPR; Article 7(I) LGPD.

Your Privacy Rights

Please see section 5, above, for details.

13. EU-U.S., UK EXTENSION, AND SWISS-US DATA PRIVACY FRAMEWORK COMPLIANCE

14. NOTICE TO NEVADA RESIDENTS

We do not transfer Personal Information for monetary consideration. If you would like to tell us not to sell your information in the future in case we change our policy please email us at DoNotSell@Carey.com with your name, postal address, telephone number and email address with “Nevada do not sell” in the subject line.

15. CHANGES TO THIS POLICY.

Carey may amend or change this Privacy Policy at any time. We will post any revisions to this Privacy Policy on Carey’s Web Site. Therefore, you should review Carey’s Web Site periodically to ensure that you are informed of our current policies and practices. Any User or Client who provides additional Personal Information after these changes are posted will be deemed to have accepted the revised policy.

16. Contact Us

We hope this Privacy Policy clarifies our policies and procedures regarding your Personal Information. If you have any questions, you may contact us at Privacyinfo@Carey.com. As stated above, if you are a California resident, over the age of 16 and would like to instruct us not to sell your Personal Information, please contact our Do-Not-Sell group by clicking this link.