Upside receives information about individuals or their devices from the following sources:
You may withdraw your consent for our collection and use of your personally identifiable information or personal data at any time, however doing so may prevent us from offering you some or all of our Services given requirements imposed upon us by travel partners and various governments.
We and third parties also may use such automated means to read or write information on users’ devices, such as through various types of cookies and other browser-based or plugin-based local storage (such as HTML5 storage or Flash-based storage). Cookies and local storage are files that contain data, such as unique identifiers, that we or a third party may place on or read from a user’s device for purposes such as recognizing the device, service provision, record-keeping, analytics and marketing. You may choose to set your web browser to refuse certain types of cookies, or to alert you when certain types of cookies are being sent. Some browsers offer similar settings for HTML5 local storage, and Flash storage can be managed here. However, if you block or otherwise reject our cookies or local storage, certain websites and emails (including our own) may not function properly.
We may collect different types of information about your location, including general information (e.g., IP address, zip code) and more specific information (e.g., GPS-based functionality on mobile devices used to access the Services), and may use that information to customize the Services with location-based information, advertising, and features. For example, if your IP address indicates an origin in Chicago, the Services may be customized with Chicago-specific information and advertisements. If you access the Services through a mobile device and you do not want your device to provide us with location-tracking information, you can disable the GPS or other location-tracking functions on your device, provided your device allows you to do this. See your device manufacturer’s instructions for further details.
We and/or our service providers may collect and store unique identifiers matched to your mobile device, in order to deliver customized ads or content while you use applications or surf the internet, or to identify you in a unique manner across other devices or browsers. In order to customize these ads or content, we, or third parties may collect your information e.g., your email address, or data passively collected from you, such as your device identifier or IP address.
You may be able to manage how your mobile device and mobile browser share information with the Services, by adjusting the privacy and security settings on your device. Please refer to instructions provided by your mobile service provider or the manufacturer of your device to learn how to adjust your settings.
Upside uses and discloses the data we collect as follows:
We may also use your information to anticipate your travel needs or provide you with potential travel opportunities that may benefit you both at the time of your request and in the future. To do so, we may process your information using algorithms alone or in combination with the data of others. This processing is undertaken to provide you with improved travel options.
We may use manual or automated means (such as automated text messages and automated live or prerecorded/artificial voice calls) to perform some of the marketing and other communications described in this Section.
Combined Information You consent that, for the purposes discussed in this Policy, we may combine the information that we collect through the Services with information that we receive from other sources, both online and offline, and use such combined information in accordance with this Policy.
Aggregate/De-Identified Information. We may aggregate and/or de-identify information collected through the Services so that such information can no longer be linked to you or your device (“Aggregate/De-Identified Information”). We may use Aggregate/De-Identified Information for any purpose, including without limitation for research and marketing purposes, and may also share such data with any third parties, including advertisers, promotional partners, sponsors, event promoters, and/or others.
We share your information in the following ways:
To learn more about interest-based advertising generally, including how to opt out from the targeting of interest-based ads by some of our current ad service partners, visit the consumer choice pages offered by Network Advertising Initiative and Digital Advertising Alliance. For controls specific to advertising and analytics services offered by Google, click here, here and here. You also can use certain choice mechanisms offered by Facebook and Twitter. If you replace, change or upgrade your browser, or delete your cookies, you may need to use these opt-out tools again.
California Do-Not-Track disclosure requirements. We are committed to providing you with meaningful choices about the information collected on our Services for third-party purposes, and that is why we provide above the Network Advertising Initiatives Consumer Opt-out link, Digital Advertising Alliances Consumer Opt-Out Link, and other consumer choice mechanism links above. However, we do not recognize or respond to browser-initiated Do Not Track signals, as the Internet industry is currently still working on Do Not Track standards, implementations and solutions.
As described above, Upside connects individuals with third parties, such as providers of travel and gift card providers. These third parties use and disclose information (including information received from Upside) according to their own privacy policies and practices. For example, travel providers may use the information for communicating with travelers about their travel (including through automated calls or automated text messages regarding travel updates or other topics). As another example, some travel providers may correlate information received from Upside with additional information they collect (such as biometric data you provide to them for services such as baggage tracking or check-in). We encourage you to review their privacy policies and contact them for more information.
Some third parties’ embedded plugins or other automated technology on our websites, apps and emails, such as cookies or social sharing buttons, may allow their operators to learn that you have visited or interacted with our websites, apps and emails, and they may combine this information with other, identifiable information they have collected about your visits to other websites, apps, emails or online services. These third parties may handle this information, and other information they directly collect through their content and plugins, pursuant to their own privacy policies.
There is no perfect security. We have implemented certain physical, technical, and administrative measures to help prevent unauthorized access, use and disclosure of your information, but we cannot promise that these measures will work. You are responsible for maintaining the secrecy of any credentials that can be used to access any account or service with Upside, and you should report suspected unauthorized activity to us. You are responsible for activity conducted with your credentials.
You may review and update certain information Upside holds by logging in to the Upside account through which the information was provided (or by asking the Upside account holder to do so). In some instances you may need to provide updated information directly to the travel supplier.
The rights described here are subject to limitations and exceptions under applicable law. In particular, and as required by California law and by principles of prudent data security, we will endeavor to verify the identity of anyone requesting to exercise a data subject right and will endeavor to only release the personally identifiable information or personal data of that person to that person.
In addition to the rights above, you may lodge a complaint with the relevant supervisory authority. However, we encourage you to contact us first, and we will do our very best to resolve your concern.
We generally retain information for so long as it may be relevant to the purposes above. Information may persist in copies made for backup and business continuity purposes for additional time.
Upside complies with all applicable laws regarding your privacy. Individuals from the European Union ("EU") may only use our Services after providing your freely given, informed consent for Upside to collect, transfer, store, and share your Personal Data, as that term is defined in the EU's General Data Protection Regulation. EU residents may grant that consent directly to Upside, or to the company or your employer working directly on your behalf with Upside.
Upside is legally authorized to send the Personal Data of EU or Swiss individuals to the US for processing because we have made legally-binding commitments that are enforceable by US government agencies responsible for consumer protection. Upside provides you, as an EU or Swiss individual, both a means of directly contacting Upside to exercise your privacy rights and with a third party dispute resolution service.
In compliance with the Privacy Shield Principles, Upside commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to Privacy Shield. European Union and Swiss individuals with Privacy Shield inquiries or complaints should first contact Upside at: [email protected]
Our Data Protection Officer is Catherine R. Jones, our General Counsel, 4200 Wisconsin Ave NW, #106-231, Washington, DC 20016, [email protected]
Upside has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint. This service is provided free of charge to you.
If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction