Privacy & Security
City Pass, Inc. ("CityPASS"), is committed to protecting the privacy of our customers and users of our Website. We have therefore created this policy statement (the "Policy") to explain the privacy practices and procedures that apply to information we collect through citypass.com (the “CityPASS Website” or “Website”) and our supporting applications (the "App" or “Apps”).
We believe that you should know what information we may collect from you through the Website and the Apps, as well as understand how we use and protect that information. This includes what you tell us about yourself, what we may learn from your use of our technology, what we learn by having you as a customer, and the choices you give us about what marketing materials you want us to send you. This notice also tells you about your privacy rights and how the law protects you.
CityPASS will revise and update this Policy as we change practices. You should refer back to this page for the latest information.
This Policy applies to the CityPASS Website and Apps, which are intended for the use of persons residing in countries that CityPASS markets its products, and for the order and delivery of CityPASS products.
Our Purposes for Collecting and Processing Personal Information and its Uses
General Uses and Disclosures. We use and share the information we gather from users for the purposes described below. To perform the following tasks, when necessary, we will obtain your consent before using your data for these purposes. If you withhold consent, access to some functions and portions of our web site may be limited.
- Providing Services to our Customers. If you are a CityPASS customer, we will use your information to support our delivery of products and services to you.
- Improving our Services. We use your information to enhance our understanding of our users’ preferences and improve our services.
- Disclosures we make to Service Providers. We share your information with third-party service providers that assist us with hosting and maintaining the CityPASS Website and Apps, processing payment card information, analyzing activity on our Website, analyzing activity with our Apps, marketing our services, and managing our daily business operations, delivery of products and services, or use of your CityPASS products. The personal information we provide to a service provider is information necessary for the service provider to perform the work it is obligated to perform for us. Service providers are prohibited from using any personal information that we provide except in connection with the service providers’ work for us.
- Compliance with Legal Obligations. We will share your information with law enforcement, government officials, regulatory agencies, or other parties when we are required to do so by applicable law. We will also disclose your information to comply with a judicial proceeding, court order, subpoena, or legal process.
- In an Emergency. In emergency situations to protect our customer’s vital interests we will use or share your information when doing so is necessary to protect an interest that is essential for an individual’s life.
- Our Legitimate Interests. We will use and disclose your information when necessary for City Pass, Inc.'s legitimate interests, as long as such interests are not overridden by our users’ interests, rights, and freedoms with respect to their personal information.
Our Legal Basis for Processing Personal Information
Your privacy may be protected by the laws in the country or state in which you reside. The scope and level of protection offered by those laws varies. CityPASS has adopted privacy and security policies designed to comply with the laws and regulations applicable to individuals residing in the locations in which it markets its products and services, however, CityPASS undertakes no obligation to provide protections beyond the duties required by laws that apply to the information we collect from you.
Data protection laws allow us to collect, use and retain your personal information if we have a proper reason to do so. These reasons include:
- When you consent to it,
- To fulfill a contractual relationship with you, such as fulfilling your order,
- When it is permissible under applicable privacy laws,
- When we have a legal duty to do so, or
- When it is in our legitimate interest.
Our legitimate interests include, ensuring that fraudulent transactions are not placed through our Website or Apps, to protect against security breaches, to process financial information, to further discuss your interest in future events, discounts and programs, to track the use of our Website, Apps and services, to protect CityPASS and others from claims by third-parties and for business transfers, as discussed below.
Details About Our Collection and Use of Personal Information
The Information We Collect
CityPASS collects a variety of personally identifiable information about customers and visitors to our Website and Apps in order to ensure order delivery and provide unique offers. We collect different types of information from users.
Personal Information means any personally identifiable information relating to an identified or identifiable natural person. When we use the term "personally identifiable information," we mean information that is directly associated with, or could be used to identify, a specific person or to determine an identifiable person's preferences, interests, behavior, location or movement to create or use in a personal profile. Examples of information we may collect includes a name, address, telephone/cell number, email address, internet protocol address (IP address), mobile device identifier, or information about activities directly linked to that person which would permit the physical or online tracking or contacting of that person.
When We Collect Personal Information
Information you give us at checkout: We will collect personal information you give us when you purchase from our Website or Apps. Depending on the product purchased, you may provide some or all of the following personal information, your name, billing address, telephone number, email address, travel dates, names of ticket holders, preferences, and/or credit card number.
Blog/ Newsletter Subscription: If you chose to subscribe to our newsletter we only collect your email address. We do not share subscriber’s email addresses with third parties.
Information you give us while using our Apps: When you use our CityPASS mobile or web Apps, you may provide your email address and name to authenticate your identity and to perform customer functions related to managing your CityPASS tickets and reservations, if applicable. We will collect an anonymous indication of your browsing and other activity and anonymous Usage Information to help us improve the app experience via analytics and provide personalized content.
Our Use of Personally Identifiable Information
Our Internal Use: CityPASS collects personally identifiable customer information for the purpose of delivering CityPASS products to you and/or to contact you directly regarding your order. We use email addresses on an opt-in basis to provide users with information they have subscribed to.
Our Customer Surveys: Periodically, you may be able to participate in our surveys to help us improve our site and products. Any personally identifiable information that we may collect from you in a survey will ONLY be used internally by CityPASS. And unless otherwise explained in the instructions for a particular customer survey, any personally identifiable information you provide to us for purposes of that survey will be used in accordance with this Policy.
Potential Future Disclosure of Personally Identifiable Information
Business Transfers: Information about our users and customers, including personally identifiable information, may be disclosed as part of any merger, acquisition, or sale of company assets. It may also be disclosed in the unlikely event of an insolvency, bankruptcy, or receivership in which case personally identifiable information would be transferred as one of the business assets of CityPASS.
Retention of Personal Information
We retain personal information for a reasonable period of time necessary to fulfill our legal or regulatory obligations and for our legitimate business purposes. We retain the following categories of personal information for the following time frames:
Personal profile information you give to us: When you make a purchase on our web site or subscribe to our newsletter, we may maintain that information. If you unsubscribe from the newsletter, we will take reasonable steps to erase or anonymize personal and other information, but we reserve our right to retain and access the data for so long as is required to complete the delivery of products and services purchased from CityPASS and to comply with applicable laws.
Our Secure Transmission of information
Ensuring the security of your information is very important to us. The information you provide us when placing an online order on citypass.com is protected in transit using Hypertext Transfer Protocol Secure (HTTPS). Information sent using HTTPS protocol is encrypted between web browser and website to keep your data private while in transit.
Once you enter the checkout page, your computer will begin communicating with our server in secure mode. You can tell that you are in secure mode by the following:
- In the web address shown in the address window at the top of your browser window, "http" will be replaced by "https".
- In most browsers, you will see a closed padlock to the right of the address window. You can click on the lock for more security information.
Our Use of "Cookies"
The right to access, copy or erase your personal information
This section provides details about rights that may be available under privacy laws that apply to you. If you are a California resident, please reference our CItyPASS California Consumer Privacy Act Disclosure.
Under these laws we may be obligated to respond to your request to:
Provide access to all the personal information about you held by us. If this right applies to you, we will
provide you with a copy of this information. For the first request, we will provide an electronic copy of the
data at no charge. For subsequent requests, or printed copies, we reserve the right to charge a reasonable fee
taking into account the administrative costs of providing the information or taking the action requested. You
can exercise your right of access to your personal information:
- By submitting a GDPR data request at www.citypass.com/gdpr-data-request.
By writing to us at:
Attn: Privacy Officer
27 Arrow Root Lane
Victor, Idaho 83455
- You have the right to receive your information in a commonly used electronic format or ask us to move the data in that format to another provider where your request relates to data you gave us directly and where technically feasible (data portability).
- Please note that we may be required to ask you for further information in order to confirm your identity before we provide the information requested. We will not respond to requests that cannot be verified and appear to be fraudulent.
- Correct your personal information where appropriate. Please note, you may review and update or correct your user profile information by logging in, as applicable, to the relevant portions of your CityPASS account profile where such information may be updated or corrected;
- Restrict the processing of your personal information while we investigate your concern;
Withdraw your consent at any time when the processing relies upon consent;
- Provided, however, if processing of a purchase of products or services has been completed, then cancellation of the purchase shall be subject to the terms and conditions for the purchase at the time it was made. In other words, you are not permitted to withdraw your consent to process your information in an effort to rescind an otherwise non-refundable purchase.
Erase your personal information.
- In the event you ask us to erase your personal information, it is in our reasonable interest to maintain some of the information for a reasonable period of time to complete the processing of your order, the delivery of our services to you to verify that the transaction placed for you was not fraudulent, or to enable the use of your purchased products. We may also keep a log or a record sufficient to demonstrate that we sent your information to you or fulfilled your request to erase your data. The log or record is in our reasonable interest to document compliance with various privacy laws, rules and regulations.
- Further, in the event you ask us to erase your data, certain third-party software we use is not designed to entirely remove information from software or systems without impairing the software’s functionality. It is in our reasonable interest to maintain the integrity of our software and operating systems. If that is the case, we will take steps to erase your data by making your data unreadable, thereby rendering it anonymous and untraceable. For example, we may change all letters to hash marks (“#”) or other symbols and numbers to zeros (“0”) to effectively erase your information.
If you choose not to give personal information
You can choose not to give us personal information, but it may prevent us from providing our services to you. In this section we explain the effects this may have.
We may need to collect personal information to enter into or fulfill a contract we have with you.
If you choose not to give us your personal information, it may also mean that we cannot complete a purchase or deliver our products or services to you.
We sometimes ask for information that is useful, but not required by law to process your order. We will make this clear when we ask for it. You do not have to give us these extra details and it won't affect the products or services you have with us. For example, we may ask you if you wish to subscribe to our newsletter. You are not required to do so in order to obtain our products and services.
Children under the age of 13
CityPASS products and services are not targeted to and are not intended to attract children under the age of 13. Other than requesting name(s) for any CityPASS child products purchased, CityPASS does not knowingly solicit personal information from children under the age of 13. Should we learn or be notified that we have collected information from users under the age of 13, we will immediately take reasonable steps to erase and/or anonymize such personal information.
Updating of Our Policy
CityPASS will revise or update this Policy if our practices change, as we change existing services, add new services, or develop better ways to inform you of services we think will interest you. You should refer back to this page for the latest information and the effective date of any changes.
CityPASS is committed to the policies set forth in this Policy.
Effective Date: April 18, 2023
Read more at https://www.citypass.com/privacy