Tripgrid Privacy Policy

Introduction

Welcome to Tripgrid. Formally, we are Tripgrid, Inc. (“Tripgrid,” “we,” “us,” and “our”), the provider of Tripgrid’s group travel management and booking services available through our website at www.tripgrid.com (the “Site”) and other forms of communication (together with theSite, the “Services”). This Privacy Policy (this “Policy”) summarizes our privacy practices and policies. Tripgrid respects your right to privacy, and in this Policy, we’ll inform you about how we collect, use, share, and protect the information you provide to us or is otherwise obtained by theSite (your “Content” or “User Content”).

Each person or entity who uses our Services is referred to as a “user” or “you” or “your.” If you subscribe to any of our Services, we will refer to you as a “registered user.” If you don’t register with us, we will refer to you as an “unregistered user.” This Policy and our Terms of Service(“Terms”) apply to each user. Among other services, Tripgrid connects users with travel agents, airlines, and other companies in the industry (collectively, “Partners”). Please understand that this Policy only applies to us and does not apply to any Partners or to any third-party websites, mobile applications or businesses that may process your Personal Information or other data.

As used in this Policy, “Personal Information” means any User Content that identifies or could be used to identify a particular individual, including (but not limited to) name, address, telephone numbers, electronic mail and postal addresses, and personal health, travel, or financial information. Any Content that is not Personal Information is referred to as “Non-PersonalInformation.” Non-Personal Information may include (but is not limited to) information about where users travel, what services users review and select, how users respond to service offerings, how users share information with others, all of which we aggregate and anonymize into larger data sets that do not identify individuals (collectively, “Usage Data”). Usage Data is a type of Non-Personal Information.

By using our Services, you consent to the collection, transfer, analysis, transformation, storage, disclosure, and other uses of your Content, including your Personal Information, as described in this Policy.

1. Client Content


Tripgrid provides Services to business customers (“Clients”) to book and/or facilitate the Client’s group travel projects. We may process Personal Information that is included in the information provided by Clients (“Client Content”) to provide our Services to Clients. Client Content is a typeof User Content. Tripgrid will only process Personal Information on behalf of and under the instructions of our Clients, as set out in our Terms of Service, Client agreements, and/or where otherwise required by applicable laws. Depending on the feature of the Services used, we process Client Content to streamline group travel coordination and/or to book group air travel.Subject to our Client agreements, we may use Usage Data derived from Client Content to improve our Services and for research, analytics, and other purposes, provided such information does not identify a particular individual.


2. Information we collect


We collect Content from you to provide the Services. Some of the Content is PersonalInformation we collect directly from you or from third parties (such as a Client or a Partner), and automatically by your use of our Site, which is necessary to provide the Services. For example, we can’t book a flight for you unless we provide your Personal Information to the airline or travel agent. Other Content we collect from you is Usage Data and other Non-Personal Information.


If you are located in the European Economic Area (EEA) or the United Kingdom, we are regulated under the General Data Protection Regulation (which applies across the EuropeanUnion) and the United Kingdom General Data Protection Regulation (which applies in the UnitedKingdom) and we are responsible as controller of that Personal Information for the purposes of those laws.

We collect many types of information from you, both directly and indirectly.

Information you provide us directly. We may collect Content (including Personal Information)about you directly from you or from your company.


Registration information
. When you create or modify an account, or use our Services, you may provide Personal Information to us, such as your full name, user name, password, phone number, date of birth, gender, postal address, email address, company name, company-specific information (such as industry and location), position or title, and other information necessary to confirm that you are an authorized user of a Client (where relevant).

Payment information. We may store and process your or a Client’s credit card numbers and other payment information in order to book a reservation through the Site.We may also use a third party credit card processor to store and process your credit card numbers and other payment information.

Profile information. You may provide travel-related information, such as airline, meal or seat preferences, travel loyalty membership information, TSA pre check traveler information, and/or passport details. We may use your contact information to send you information about our Services, any orders you place, or to market to you. You may use your account settings to customize notifications from us. If you email us, we may keep your message, email address and contact information to respond to your request.

Location Information. We may ask for your postal address or your geographic location information, especially if you place an order for Services with us.

Communications between you and Tripgrid. We may send you emails, SMS or text messages, and other electronic communications for sales and delivery, account verification, notices of changes/updates to features of the Services, technical and

security notices, and for other purposes. We may collect and store these communications.

Information we gather from your use of the Services. We collect the following information from your use of our Services.


Emails
. We may save private emails sent to us by users, and we may share your emails with any third parties or other users. You may elect to disclose certain PersonalInformation and Non-Personal Information.


Chat
. We may provide users with the ability to communicate with Tripgrid and/or other users on the Services. Such communication may include text, images, and other UserContent, including Personal Information.


Metadata. Metadata is usually technical data that is associated with other data, includingUser Content. For example, metadata can describe how, when and by whom an item ofUser Content was collected and how that User Content is formatted. Tripgrid may collect and store metadata.

Links. Tripgrid may keep track of how you interact with links across our Services, including our email notifications and third-party Services by redirecting clicks or through other means. We do this to help improve our Services, to provide more relevant local data, and to be able to share aggregate click statistics such as how many times a particular link was clicked on.

Device Identifiers. We may access, collect, monitor, store on your device, or remotely store one or more "device identifiers." Device identifiers are small data files or similar data structures stored on or associated with your computer, phone, or other device, which uniquely identifies your device. A device identifier may be data stored in connection with the device hardware, data stored in connection with the device's operating system or other software, or data sent to the device by Tripgrid. A device identifier may deliver information to us or to a third-party partner about how you browse and use the Services and may help us or others provide reports or personalized Content and ads. Some features of the Services may not function properly if use or availability of device identifiers is impaired or disabled.

Log Data
. Our servers automatically record information ("Log Data”) created by your use of the Services. Log Data may include information such as your Internet Protocol (“IP”)address, browser type, operating system, the referring web page, pages visited, location, your mobile carrier, device and application IDs, search terms, and cookie information.We receive log data when you interact with our Services, for example, when you visit our website, sign into our Services or interact with our email notifications. Tripgrid uses LogData to review how we provide our Services and to measure, customize, and improve the Services.

Information from third parties.
We may collect name, company, contact details and other details from third parties, such as destinations, travel providers, or Clients to provide the Services.


3. How we use your information

We use User Content, including Personal Information, primarily to provide our Services to Clients and to communicate with you (including for marketing purposes). We may use yourContent as follows:

Providing Support and Services
. To provide and operate our Site and Services, communicate with you about your use of the Site and our Services, provide troubleshooting and technical support, respond to your inquiries, fulfill your orders and requests, process your payments, communicate with you, and for similar service and support purposes.

Responding to Your Requests. For the purpose for which you provided the Content to us, such as to respond to your inquiries and to provide information in response to your request.

Analytics and Improvement. To better understand how users access and use our services, both on an aggregated and individualized basis, to administer, monitor, and improve our services, for our internal purposes, and for other research and analytical purposes.

Personalization. To tailor the content and information that we may send or display to you, to offer location customization (where permitted by applicable law), and to otherwise personalize your experiences while using our website.


Marketing and Promotional Purposes. Where permitted by law, we may use your information, such as your email address, phone number, or mailing address to contact you about services or information we think may interest you. If you are located in a jurisdiction that requires opt-in consent to receive electronic marketing messages or calls, we will only contact you for direct marketing if you have opted-in.


Advertising
. To advertise our services on third party sites and social media services.


Protect Our Legal Rights and Prevent Misuse
. To protect our customers, employees or property—for instance, to prevent, detect and investigate fraud, misuse, harassment or other types of unlawful activities, where we believe necessary to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety or legal rights of any person or third party, or violations of this policy and our applicable terms of service and agreements.


Comply with Legal Obligations. To comply with the law or legal proceedings. For example, we may disclose information in response to subpoenas, court order, and other lawful requests by regulators and law enforcement, including responding to national security or law enforcement disclosure requirements.

General Business Operations. Where necessary to the administration of our general business, accounting, record keeping, and legal functions. We also create and use Usage Data to assess, improve and develop our business, products and services, and for similar research and analytics purposes. This information is not generally subject to the restrictions in this Policy, provided it does not identify and could not be used to identify a particular individual.

4. When we disclose your information

We do not sell your Personal Information to third parties. In general, we disclose the PersonalInformation we collect as follows:

Partners and Affiliates. We may disclose Content to Partners or to our affiliates(companies related by common ownership or control), as necessary to sell and provide the Services. However, any Personal Information stored in one country or jurisdiction would not be forwarded to another country or jurisdiction, except in compliance with applicable law.

Service Providers. We may disclose the information we collect from you to third party service providers who perform functions on our behalf. Third party service providers will only process your Personal Information in accordance with our instructions and will implement adequate security measures to protect your Personal Information.

Enterprise users
. If you use access or communicated with us about our Services on behalf of your company (our Client), we may share Personal Information about your access, and your communications or requests, with the relevant enterprise Client. We also share all Client Content with the relevant Client on whose behalf we have collected it.

In Response to Legal Process. We may disclose the information we collect from you to comply with the law, judicial proceedings, a court order, or other legal process, such as in response to a subpoena.

To Protect Us and Others. We may disclose the information we collect from you where we believe it is necessary to investigate, prevent or act regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, violations of our Terms of Service or this Policy, to respond to claims asserted against us or, or as evidence in litigation in which we are involved.

Business Transfers
. We may disclose or transfer information, including PersonalInformation, as part of any merger, sale, and transfer of our assets, acquisition or restructuring of all or part of our business, bankruptcy, or similar event, including related to due diligence conducted prior to such event where permitted by law. You will continue to own your User Content, but the license you grant to us in the Terms of Service may

be transferred to others in Tripgrid’s sole discretion. We may share Usage Data with third parties for research, marketing, analytics and other purposes, provided such information does not identify a particular individual.

5. Information we track automatically

We also collect information automatically by using cookies, pixel tags, log files, and similar tracking technologies when you visit our Site. When you visit our Site, we and our third-party service providers use cookies, pixels, java script, and other tracking mechanisms to track information about your use of our Site and Services. For more detailed information about the use of cookies on our Site and how you can manage your cookie preferences, you can review our Cookie Policy.

Cookies and similar devices. Cookies are identifiers that we transfer to your computer’s hard drive through your web browser for record-keeping purposes and make it easier for us to provide a better experience for you when using the Site during future visits. Some cookies allow us to make it easier for you to navigate our Site, while others are used to enable a faster log-in process or to allow us to track your activities while using our Site. Most browsers allow you to control cookies, including whether to accept them, and how to remove them. For more information, please visit our Cookie Policy.

Clear GIFs, pixel tags. Clear GIFs are tiny graphics with a unique identifier, similar in function to cookies but are embedded invisibly on web pages. We may use clear GIFs (also referred to as web beacons, web bugs or pixel tags), in connection with our Services to, among other things, track the activities users of our Services, help us manage content, and compile statistics about usage of our Services. We and our third-party service providers also use clear GIFs inHTML emails to our customers, to help us track email response rates, identify when our emails are viewed, and track whether our emails are forwarded.

Do-Not-Track Signals. Our Site does not respond to so-called ‘do-not-track’ signals. For more information about do-not-track signals, please click here. You may, however, disable certain tracking as discussed above (e.g., by disabling cookies) and set out in our Cookie Policy.

Third-Party Analytics. We use automated tools, such as Google Analytics and GA Audiences(more info here) to evaluate use of our Services. We use these tools to gather non-personal data about users to help us improve our Services and user experiences. These analytics providers may use cookies and other technologies to perform their services and may combine the information they collect about you on our Sites with other information they have collected for their own purposes. This Policy does not cover such uses of data by third parties.


6. Interest-based advertising

Tripgrid works with different third-party ad networks, analytics companies, measurement services and. We and these third-party ad companies may use automatic web-tracking tools to collect activity information on our Services (as well as on third party sites and services), as well as IP address, device ID, cookie and advertising IDs, and other identifiers, general location information, and, with your consent, your device’s geolocation information. For more information on these third parties that we work with, and how you can opt-out of ads from them please visit our Cookie Policy. For more information about third party ad networks and to opt-out of interest-based ads from many ad networks please click:

Canada: www.youradchoices.ca
EU: www.youronlinechoices.eu

U.S.: www.aboutads.info


7. Direct marketing

We may send you promotional emails from time to time, but we will obtain your consent where required by law to do so. If you wish, you may opt-out of such communications by following the opt-out instructions contained in the respective email. If you opt-out of receiving emails about recommendations or other information we think may interest you, we may still send you emails about your account or Services you have requested or received from us.

8. How your information is stored or transferred

Tripgrid is headquartered in the United States, and has operations, entities and service providers in the United States and other jurisdictions. As such, we and our service providers may transfer your Personal Information to, or access it in, jurisdictions (including the UnitedStates) that may not provide adequate levels of data protection as your home country. We will take steps to ensure that your personal data receives an adequate level of protection in the jurisdictions in which we process it, including through appropriate written data processing terms and/or data transfer agreements, by putting in place Standard Contractual Clauses as approved by the European Commission. You have a right to obtain details of the mechanism under which your Personal Information is transferred outside of the EEA; you may request such details by contacting us as set forth in the “Contact us” section below. By using our Services, or by submitting your Personal Information to us, you consent to the collection, storage, processing, and onward transfer of your Personal Information as stated in this Policy and the Terms of Service.


9. Your preferences and choices


Access, Amend and Correct.
If you wish to access Personal Information that you have submitted to us, to request the correction of any inaccurate information you have submitted to us, or to request deletion of your information, please contact us at privacy@tripgrid.com. If you are a registered member of the Site, you may review and update most of your PersonalInformation by sending your request to privacy@tripgrid.com. We will review your request and make reasonable efforts to respond to it as soon as practicable. We may ask you for additional information so that we can confirm your identity.


Direct Marketing
. You can let us know if you do not want us to send you information by clicking the unsubscribe link at the bottom of the email; you may also let us know about your communication preferences (email, phone, and postal mail), by shooting an email toprivacy@tripgrid.com. Please identify all the email addresses, postal address information, and phone numbers that you would like to unsubscribe.


Complaints.
We will take steps to try to resolve any complaint you raise regarding our treatment of your Personal Information. You also have the right to raise a complaint with the privacy regulator in your jurisdiction.


Users in the European Economic Area.
Individuals in the EEA have the below rights with respect to their Personal Information.


Access
. You can ask us to: confirm whether we are processing your PersonalInformation; give you a copy of that data; provide you with other information about yourPersonal Information such as what data we have, what we use it for, who we disclose it to, whether we transfer it abroad and how we protect it, how long we keep it for, what rights you have, how you can make a complaint, where we got your data from and whether we have carried out any profiling, to the extent that such information has not already been provided to you in this Policy.


Correction
.
You can ask us to rectify inaccurate Personal Information. We may seek to verify the accuracy of the data before rectifying it.


Erasure
.
You can ask us to erase your Personal Information, but only where: it is no longer needed for the purposes for which it was collected; you have withdrawn your consent (where the data processing was based on consent); following a successful right to object (see “Right to Object” below); it has been processed unlawfully; or to comply with a legal obligation to which we are subject. We are not required to comply with your request to erase your Personal Information if the processing of your PersonalInformation is necessary: for compliance with a legal obligation; or for the establishment, exercise or defense of legal claims. There are certain other circumstances in which we are not required to comply with your erasure request, although these two are the most likely circumstances in which we would deny that request.


Restriction
.
You can ask us to restrict (i.e. keep but not use) your Personal Information, but only where: its accuracy is contested, to allow us to verify its accuracy; the processing is unlawful, but you do not want it erased; it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; you have exercised the right to object, and verification of overriding grounds is pending. We can continue to use your Personal Information following a request for restriction, where: we have your consent; to establish, exercise or defend legal claims; or to protect the rights of another natural or legal person.


Right to object.
You can ask us to stop processing your Personal Information, and we will do so (i) to the extent that we are relying on our legitimate interests to use yourPersonal Information, you have the right to object to such use, unless we can either demonstrate compelling legitimate grounds for the use that override your interests, rights and freedoms or where we need to process the data for the establishment, exercise or defense of legal claims, and (ii) where we are processing your Personal Information for

direct marketing purposes.


Portability
.
You can ask us to provide your Personal Information to you in a structured, commonly used, machine-readable format, or you can ask to have it ‘ported’ directly to another Data Controller, but only where our processing is based on your consent and the processing is carried out by automated means.

Withdrawal of Consent. You can withdraw your consent in respect of any processing ofPersonal Information that is based upon a consent, which you have previously provided.

Please contact us as set out in the “Contact Us” section below to exercise one of these rights. If we receive any requests from an individual related to the Client Content, we will forward the request to the relevant Client.


10. Security

The security of your Personal Information is very important to us. We employ security measures to protect your information both online and offline from access by unauthorized persons and against unlawful processing, accidental loss, destruction, and damage. Unfortunately, theInternet cannot be made totally secure, and you acknowledge that we cannot guarantee the complete security of the information you provide us.


11. Retention

We will retain your Personal Information as long as necessary for purposes for which thePersonal Information was collected by us, as explained in this Policy or as required to comply with legal obligations or resolve claims and disputes. In general, we will retain relevant PersonalInformation of Clients and Site visitors for at least three years from the date of our last interaction with you and in compliance with our obligations under applicable laws. Our Clients may instruct us on how long to retain Client Data, which we handle as a data processor. We may retain Personal Information for longer where required by our regulatory obligations, professional indemnity obligations, or where we believe necessary to establish, defend, or protect our legal rights and interests or those of others.


12. Children

We do not knowingly collect or solicit Personal Information from anyone under the age of sixteen (16) or knowingly allow such persons to register. If we become aware that we have collected Personal Information from a child under the relevant age without parental consent, wewill take steps to delete that information.

13. Changes to this policy

Tripgrid may update this Privacy Policy from time to time. Any changes to this Privacy Policy in the future will be posted to our Site. If the changes will materially affect the way we use or disclose your Personal Information, we will endeavor to notify you in advance of the change, such as by sending a notice to the primary email address associated with your account and/or by posting a notice on our Site. We encourage you to review this Policy periodically for the latest information on our privacy practices.


14. California privacy rights

California law permits users who are California residents to request and obtain from us once a year, free of charge, a list of the third parties to whom we have disclosed their PersonalInformation (if any) for their direct marketing purposes in the prior calendar year, as well as the types of Personal Information disclosed to those parties. If you are a California resident and would like to request this information, please submit your request in an email to privacy@tripgrid.com. To learn more about your California privacy rights, visit here.

15. Contact us

To ask questions or comment about this privacy policy and our privacy practices, contact us at: privacy@tripgrid.com or (877) 308-7474

Last Updated: January 12, 2023