Privacy Policy

Privacy & Security

City Pass, Inc. ("CityPASS"), is committed to protecting the privacy of our customers and users of our Website. We have therefore created this policy statement (the "Policy") to explain our privacy practices and procedures.

We believe that you should know what information we may collect from you, as well as understand how we use and protect that information. This includes what you tell us about yourself, what we may learn from your use of our website, what we learn by having you as a customer, and the choices you give us about what marketing materials you want us to send you. This notice also tells you about your privacy rights and how the law protects you.

CityPASS will revise and update this Policy as we change practices within citypass.com. You should refer back to this page for the latest information.

This Policy applies to the CityPASS Website, which is intended for the use of persons residing in countries that CityPASS markets its products, and for the order and delivery of CityPASS products.


Our Purposes for Collecting and Processing Personal Information and its Uses

General Uses and Disclosures. We use and share the information we collect from users for the purposes described below. To perform the following tasks, when necessary, we will obtain your consent before using your data for these purposes. If you withhold consent, access to some functions and portions of our web site may be limited.

  • Providing Services to our Website Users. If you use our Website and consent to the use of cookies and web beacons, we will collect personal information as described below, we will use your information to process and respond to your requests, comments, inquiries, and other forms you submit through our Website.
  • Providing Services to our Customers. If you are a CityPASS customer, we will use your information to support our delivery of products and services to you.
  • Improving our Services. We use your information to enhance our understanding of our users’ preferences and improve our services.
  • Disclosures we make to Service Providers. We share your information with third-party service providers that assist us with hosting and maintaining the CityPASS Website, processing payment card information, analyzing online activity on our Website, marketing our services, and managing our daily business operations, delivery of products and services, or use of your CityPASS products. We share only the minimum amount of personal information with these service providers that they need to perform their tasks.
  • Compliance with Legal Obligations. We will share your information with law enforcement, government officials, regulatory agencies, or other parties when we are required to do so by applicable law. We will also disclose your information to comply with a judicial proceeding, court order, subpoena, or legal process.
  • In an Emergency. In emergency situations to protect our customer’s vital interests we will use or share your information when doing so is necessary to protect an interest that is essential for an individual’s life.
  • Our Legitimate Interests. We will use and disclose your information when necessary for CityPASS’s legitimate interests, as long as such interests are not overridden by our users’ interests, rights, and freedoms with respect to their personal information.

Our Legal Basis for Processing Personal Information

In addition to the protections provided in the CityPASS Privacy Policy, your privacy is protected by the laws in the country in which you reside. The scope and level of protection offered by those laws varies. CityPASS has adopted privacy and security policies designed to comply with the laws and regulations applicable to the countries in which it markets its products and services, however, CityPASS makes no guarantee to provide protections beyond the duties required by the laws in the country that a visitor to our Website resides.

Data protection laws allow us to collect, use and retain your personal information if we have a proper reason to do so. These reasons include:

  • When you consent to it,
  • To fulfill a contractual relationship with you, such as fulfilling your order,
  • When it is permissible under applicable privacy laws,
  • When we have a legal duty to do so, or
  • When it is in our legitimate interest.

Our legitimate interests include, ensuring that fraudulent transactions are not placed through our Website, to protect against security breaches, to process financial information, to further discuss your interest in future events, discounts and programs, to track the use of our Website and services, to protect CityPASS and others from claims by third-parties and for business transfers, as discussed below.

CityPASS may collect personal data for the purpose of making automated decisions, including the sharing of information to complete a transaction. For example, if you elect to purchase a product or service and you provide information necessary to place the transaction, your credit or debit card information will automatically be sent to a third-party for credit/debit card processing and certain information will automatically be sent to a third-party for verification and fraud detection purposes. Also, if you consent to the use of cookies, web beacons or you subscribe to our newsletter, CityPASS may collect information to create a profile to assist with the delivery of marketing information targeted to persons in certain geographic areas or persons who have previously purchased similar products or services from CityPASS.

We have given you the option to agree to opt out of the collection of personal data by CityPASS. By agreeing to permit the use of cookies, web beacons, subscribing to our newsletter, or purchasing a product or service from CityPASS, you have agreed to the collection of your personal information and terms and conditions set forth in this Privacy Policy. You may, after agreeing to provide personal information to CityPASS, opt out of these services or ask to have your personal information erased as described in this Policy.


Details About Our Collection and Use of Personal Information

The Information We Collect

CityPASS collects a variety of personally identifiable information about customers and visitors to our Website in order to ensure order delivery and provide unique offers. We collect different types of information from users.

Personal Information means any personally identifiable information relating to an identified or identifiable natural person. When we use the term "personally identifiable information," we mean information that is directly associated with, or could be used to identify, a specific person or to determine preferences, interests, behavior, location or movement to create or use in a personal profile. Examples of information we may collect includes a name, address, telephone/cell number, email address, internet protocol address (IP address), mobile device identifier, or information about activities directly linked to that person which would permit the physical or online tracking or contacting of that person.

Usage Information. We also collect additional information regarding users’ activities on our Website. For instance, when you view a section of our Website that does not require you to log in with unique user credentials or start conversations with us, we may collect anonymous Usage Information that may not reasonably be used to identify you as the source. Usage Information includes “click stream” activity, such as when you click on a banner advertisement; the type of Internet browser and computer operating system you are using; the location from which you are accessing the Website; the URL of the Website from which you linked to our Website; and the areas of our Website you visited. This Usage Information may be obtained through “cookies” or “web beacons”. For more detailed information please review our Cookie Policy.

When We Collect Personal Information

Information you give us at checkout: We will collect personal information you give us when you purchase from our Website. Depending on the product purchased, you may provide some or all of the following personal information, your name, billing address, telephone number, email address, travel dates, names of ticket holders, preferences, and/or credit card number.

Blog/ Newsletter Subscription: If you chose to subscribe to our newsletter we only collect your email address. We do not share subscriber’s email addresses with third parties.

Browsing our Website: When you access and browse our Website we will collect anonymous Usage Information. This may be done through the use of cookies or web beacons.

CityPASS does not collect personally identifiable information without your consent. To see how we use, disclose and protect the personally identifiable information that we collect, please review our Cookie Policy for information regarding your options to accept, limit or avoid the collection of personally identifiable information. In addition, please review the rest of this Privacy Policy.

Our Use of Personally Identifiable Information

Our Internal Use: CityPASS collects personally identifiable customer information for the purpose of shipping CityPASS products to you and/or to contact you directly regarding your order. We also use email addresses on an opt-in basis to provide users with information they have subscribed to.

Our Customer Surveys: Periodically, you may be able to participate in our surveys to help us improve our site and products. Any personally identifiable information that we may collect from you in a survey will ONLY be used internally by CityPASS. And unless otherwise explained in the instructions for a particular customer survey, any personally identifiable information you provide to us for purposes of that survey will be used in accordance with this Policy.

Third-Party Use: CityPASS does not disclose, share or sell personally identifiable information to third-parties or non-affiliate entities for their use independent of the products we provide. There are two limited exceptions to this policy that apply to users who purchase our products: 1) We use a third-party global identity and fraud verification vendor, Ekata. For the purpose of fraud detection, we use information you give us including, name, address, email address and phone number, in order to match the information with information Ekata has collected from other sources and stored in its database. To facilitate verification of future transactions through CityPASS or other vendors, Ekata may update its database to reflect that the information you provided to CityPASS and we shared with Ekata matched information in its database. Ekata may also update its database to include new information you provided to CityPASS and we shared with Ekata, which was not previously found in Ekata’s database. You can review Ekata’s privacy policy by following this link, Ekata Privacy Policy. 2) We also use a third-party fraud verification vendor, Kount. We share information you give us including, name, address, email address and phone number, in order to match the information with information Kount has collected from other sources and stored in its database. To facilitate verification of future transactions through CityPASS or other vendors, Kount may update its database to reflect that the information you provided to CityPASS and we shared with Kount matched information in its database. Kount may also update its database to include new information you provided to CityPASS and we shared with Kount, which was not previously found in Kount’s database. You can review Kount’s privacy policy by following this link, Kount Privacy Policy. If you exercise your right to ask us to erase your personal information, we will also instruct Kount to erase your personal information. You can instruct Ekata to erase your personal information by contacting them directly here. However, this may impair your ability to transact business over the internet in the future.

Potential Future Disclosure of Personally Identifiable Information

Business Transfers: Information about our users and customers, including personally identifiable information, may be disclosed as part of any merger, acquisition, or sale of company assets. It may also be disclosed in the unlikely event of an insolvency, bankruptcy, or receivership in which case personally identifiable information would be transferred as one of the business assets of CityPASS.

Retention of Personal Information

We retain personal information for a reasonable period of time necessary to fulfill our legal or regulatory obligations and for our legitimate business purposes. We retain the following categories of personal information for the following time frames:

Cookie and web beacon information: Certain cookie and web beacon information is retained for time periods that vary. Retention periods range from the deletion of data at the end of each web browsing session to a maximum of two years. Please see our Cookie Policy for detailed information regarding the retention period and privacy policy for each cookie.

Personal profile information you give to us: When you make a purchase on our web site or subscribe to our newsletter, we may maintain that information. If you unsubscribe from the newsletter, we will take steps to erase personal and other information, but we reserve our right to retain and access the data for so long as is required to complete the delivery of products and services purchased from CityPASS and to comply with applicable laws. CityPASS will review its records on an annual basis.

Credit and debit card information: When you enter credit card or debit card information while purchasing our products and services through the checkout process, that information is provided directly to Braintree, a service of PayPal. CityPASS does not receive access to or store credit card or debit card information. By clicking this link you can review Braintree /PayPal's Privacy Policy.


Our Secure Transmission of information

Security of the information regarding your order is very important to us. We use transport security with certificates signed by Trustwave to protect the security of your online order information from being intercepted by anyone other than CityPASS. You may verify that we are a legitimate Trustwave Secure Site by clicking on the Trustwave Trusted Commerce Seal in the lower corner of all checkout pages.

Once you enter the checkout page, your computer will begin communicating with our server in secure mode. You can tell that you are in secure mode by the following:

  • In the web address shown in the address window at the top of your browser window, "http" will be replaced by "https".
  • In most browsers, you will see a closed padlock to the right of the address window. You can click on the lock for more security information.

Our Use of "Cookies"

Our use of cookies is described in detail in our Cookie Policy.

Your right to access, copy or erase your personal information

This section provides details about your rights under applicable privacy laws, including, but not limited to, the General Data Protection Regulation (GDPR) in relation to your ability to access and to transfer personal information.

For qualifying citizens in the EU, you may ask us to:

  • Provide access to all the personal information about you held by us. If you ask us to do so, we will provide you with a copy of this information. For the first request, we will provide an electronic copy of the data at no charge. For subsequent requests, or printed copies, we reserve the right to charge a reasonable fee taking into account the administrative costs of providing the information or taking the action requested. You can exercise your right of access to your personal information:
    • By submitting a GDPR data request at www.citypass.com/gdpr-data-request.
    • By writing to us at:
      CityPASS, Inc.
      Attn: Privacy Officer
      27 Arrow Root Lane
      Victor, Idaho 83455
    Please note that we may be required to ask you for further information in order to confirm your identity before we provide the information requested. We will not respond to requests that cannot be verified and appear to be fraudulent.
  • Correct or erase your personal information where appropriate. Please note, you may review and update or correct your user profile information by logging in, as applicable, to the relevant portions of your CityPASS account profile where such information may be updated or corrected;
  • Restrict the processing of your personal information while we investigate your concern;
  • You have a right to receive your information in a commonly used electronic format or ask us to move the data in that format to another provider where your request relates to the data that you gave us directly and where technically possible (data portability); and
  • Withdraw your consent at any time when the processing relies upon consent. Provided, however, if processing of a purchase of products or services has been completed, then cancellation of the purchase shall be subject to the terms and conditions for the purchase at the time it was made. In other words, you are not permitted to withdraw your consent to process your information in an effort to rescind an otherwise non-refundable purchase.
  • If you are not satisfied with our response to your concerns with our handling of your personal information, you may file a complaint regarding this Privacy Policy or our privacy practices by contacting us at the address provided above. Additionally, you may file a complaint with EU data protection authorities (DPAs). Please contact us to be directed to the appropriate DPA contact(s).
  • If you are a California resident, please reference our CityPASS California Consumer Privacy Act Disclosure.

For qualifying citizens in the EU, this section provides details about your rights in relation to your ability to access and to transfer personal information.

  • In the event you ask us to erase your personal information, it is in our reasonable interest to maintain some of the information for a reasonable period of time to complete the processing of your order, the delivery of our services to you to verify that the transaction placed for you was not fraudulent, or to enable the use of your purchased products. We may also keep a log or a record sufficient to demonstrate that we sent your information to you or fulfilled your request to erase your data. The log or record is in our reasonable interest to document compliance with various privacy laws, rules and regulations.
  • Further, in the event you ask us to erase your data, certain third-party software we use is not designed to entirely remove information from software or systems without impairing the software’s functionality. It is in our reasonable interest to maintain the integrity of our software and operating systems. If that is the case, we will take steps to erase your data by making your data unreadable, thereby rendering it anonymous and untraceable. For example, we may change all letters to hash marks (“#”) or other symbols and numbers to zeros (“0”) to effectively erase your information.

If you choose not to give personal information

You can choose not to give us personal information, but it may prevent us from providing our services to you. In this section we explain the effects this may have.

We may need to collect personal information to enter into or fulfill a contract we have with you.

If you choose not to give us your personal information, it may also mean that we cannot complete a purchase or deliver our products or services to you.

We sometimes ask for information that is useful, but not required by law to process your order. We will make this clear when we ask for it. You do not have to give us these extra details and it won't affect the products or services you have with us. For example, we may ask you if you wish to subscribe to our newsletter. You are not required to do so in order to obtain our products and services.

Children under the age of 13

CityPASS products and services are not targeted to and are not intended to attract children under the age of 13. Other than requesting name(s) for any CityPASS child products purchased, CityPASS does not knowingly solicit personal information from children under the age of 13. Should we learn or be notified that we have collected information from users under the age of 13, we will immediately erase such personal information.

Monitoring of our Privacy Policy

CityPASS regularly reviews its compliance with this Privacy Policy. Please contact us with any questions or concerns regarding this Privacy Policy or CityPASS's treatment of personal information. When we receive formal written complaints, it is CityPASS's policy to contact the complaining customer or user regarding his or her concerns.


Updating of Our Policy

CityPASS will revise or update this Policy if our practices change, as we change existing services, add new services, or develop better ways to inform you of services we think will interest you. You should refer back to this page for the latest information and the effective date of any changes.


CityPASS is committed to the policies set forth in this Policy.

Effective Date: May 25, 2018

Read more at https://www.citypass.com/privacy