LEGAL BASIS FOR PROCESSING INFORMATION
Where required by the EU General Data Protection with Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“GDPR”), we will only collect and process personal information about you where we have a legal basis. Examples of legal bases include consent (where you have given consent), contract (where processing is necessary for entering into or the performance of a contract with you), and “legitimate interests”.
Where we process personal information based on consent, we will ask for your consent. You may withdraw your consent at any time, but that will not affect the lawfulness of the processing of your personal information prior to such withdrawal. Where we rely on contract, we will ask that you agree to the processing of personal information that is necessary for entering into or the performance of your contract with us, and we will inform you whether the provision of your personal data is mandatory and of the possible consequences if you do not provide your personal information.
We may process your personal information for the purposes of our legitimate interests, provided that such processing does not outweigh your rights and freedoms. Where we rely on legitimate interests, you have the right to object. We process your personal information based on legitimate interests in order to:
- Market our products and services;
- Protect you, us, or others from data security threats;
- Comply with laws that apply to us; and
- Enable or administer our business, such as for invoicing vendors and customers.
DO NOT TRACK SIGNALS
California and Delaware laws require that we indicate whether we honor “Do Not Track” settings in your browser concerning targeted advertising. “Do Not Track” is a standard that is currently under development. As it is not yet finalized, we adhere to the standards set out in this Policy and do not monitor or follow any Do Not Track browser requests.
The Website is intended for a general adult audience and is not intended for children under 16 years of age. VISIT COLORADO SPRINGS does not intentionally collect any personal information from any child under the age of 16 and if we discover we have been provided with any such information, VISIT COLORADO SPRINGS will promptly dispose of the information. VISIT COLORADO SPRINGS encourages parents and guardians to closely monitor children’s online activities.
COLORADO SPRINGS receives visitors from all over the world. If you are accessing this Website from outside the United State of America, please note that your information may be collected, transferred to, stored or processed in the United States and will be subjected to U.S. laws, which may not afford the same privacy protection as the laws of your own country. By continuing to access the Website, you understand and consent to the transfer of your information to our facilities in the United States and those third parties with whom we share it. For purposes of applicable data protection laws, we will rely on legally-provided mechanisms to lawfully transfer personal data across borders, including consent and performance of a contract.
SECURITY OF PERSONAL INFORMATION COLLECTED
We understand the importance of safeguarding the personal information we collect from you. We, therefore, take reasonable measures to protect your personal information that is under our control in an effort to prevent its loss, misuse or unauthorized access, alteration or disclosure, including established electronic and administrative safeguards designed to make the information we collect secure. You should take care not to send us personal information in an email, which is an inherently insecure form of communication.
Although we strive to keep your information secure, no policy or system can perfectly guard against the risk of intentional intrusion or inadvertent disclosure and we do not and cannot guarantee that your information may never be disclosed in a manner inconsistent with this Policy and applicable laws. Any personal information you provide to us is at your own risk. You should understand the limits to privacy and security on the Internet and use common sense in all of your online activities.
In the event that VISIT COLORADO SPRINGS and/or its business units or subsidiaries are ever sold, acquired, merged, liquidated, reorganized or otherwise transferred, we reserve the right to transfer our user databases together with any personal information contained therein to a third party acquiring VISIT COLORADO SPRINGS or any of its assets.
QUESTIONS OR OPT-OUT
If at any time you have any questions or change your mind and would like to add or remove your name from the VISIT COLORADO SPRINGS mailing list, or update your personal information, or opt out from receiving any further communications from VISIT COLORADO SPRINGS, please either (1) call us at 719-685-7630, (2) email us at marketing@VisitCOS.com, (3) write us at VISIT COLORADO SPRINGS, the Convention and Visitors Bureau, 515 South Cascade Avenue, Colorado Springs, CO 80919 USA, and/or (4) click on unsubscribe in the email sent to you, where applicable.
EUROPEAN ECONOMIC AREA (EEA) RESIDENTS
Using the contact details provided above, if you are an EEA resident (specifically, any country in the EU, Lichtenstein, Norway, Iceland), for personal information that we have about you, you can also ask us for a copy of your personal information, ask us to erase or delete all or some of your personal data, ask us to stop using all or some of our personal information or limit our use of it, or ask us for a copy of your personal information provided in machine-readable form.
If we have collected and processed your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
We do not make use of automated decision-making. As defined under current data protection laws, automated decisions are defined as decisions about individuals that are based solely on the automated (i.e., no human involvement) processing of data and that produce legal effects or that significantly affect the individuals involved.
You have the right to complain to a data protection (or supervisory) authority about our collection and use of your personal information. For more information, please contact your local data protection authority. (Contact details for data protection authorities in the EEA and Switzerland are available here.)
We respond to all requests that we receive from individuals residing in the EEA and who wish to exercise their data protection rights in accordance with applicable data protection laws. We may ask you to verify your identity in order to help us respond efficiently to your request.
NOTIFICATION OF CHANGES
We may change this Policy from time to time in our sole discretion without prior notice to you. Please check the Website regularly for updates. If we make material changes to this Policy, we will notify you here or by notice on our home page. The most recent version is reflected by the version date below. All such updates and changes are effective immediately upon notice thereof, which may be given by any means, including posting a revised version on this Website.
This Policy was last updated on April 15, 2019