DVC ESCAPE PRIVACY POLICY

LAST UPDATE: August 7, 2022

1. Introduction:

Welcome to the “Privacy Policy” page of this website www.dvcescape.com. Firepit Partners, Inc. ("FPI") doing online business through the website www.dvcescape.com (hereinafter called “We/we”, or “Us/us” or “Our/our”) is committed to protecting your privacy. When you visit, access, and use our website, you trust us with your data including personal data. In this Privacy Policy, we describe our practices with respect to your data. By reading the Privacy Policy, you will get to know what data we collect, how we use it, and what rights you have in relation to it. Please take some time to read through it carefully, as it is important. We request you to read Privacy Policy along with the Terms of Use on our website.

2. What personal data do we collect about you?

The personal data that we collect depends on the context of your interactions with us and the website. Briefly stating, we collect the personal data that you voluntarily provide to us including the following:

  1. First name;
  2. Last name;
  3. Cell phone number;
  4. Postal address;
  5. Email address;
  6. User account login data;
  7. Third-party financial services user id. We only act as an escrow service. The funds transferred into and out of the service need to be received and paid to our users (buyers and sellers) via one of the third-party financial settlement platforms that our website supports. As such, we need to maintain the user id for the chosen third-party financial settlement platform selected by our users for purposes of payment.

You may modify your personal data, with the help of account settings.

3. What data is automatically collected when you visit, access, or use our website?

Some data that we collect about you do not reveal your personal identity. This is called non-personal information. Such data is automatically collected by us when you visit, use, or navigate the websites. Such data may include:

  1. IP address;
  2. Page visit date/time;
  3. Sales viewed;
  4. Browser information – This may or may not include language and OS info;
  5. Website errors.

This data is primarily needed to maintain the security and operation of our website, and for our internal analytics and reporting purposes.

4. For what purposes do we process, or utilize your data?

  1. To make it possible for you to register or sign up on the website by creating a personal user account or personal user profile on the website, enabling the sign-in or login process, and managing your user account;
  2. To fulfill and manage your purchases of the services on the website including the payments made through the website;
  3. To allow you to subscribe to our bi-weekly blog email. You can opt out of the subscription of our bi-weekly blog email, at any time, by clicking the unsubscribe button in the email or through the website with the help of your account settings;
  4. To allow you to set up an “alert”, which is saved search criteria. So, when another user posts an item matching your saved search criteria, an email alert is sent to you. To subscribe to or unsubscribe from the alerts, you can just turn the alerts on or off through the website.
  5. To search for and find your vacation;
  6. To rent your DVC points;
  7. To provide you personalized customer service;
  8. To request feedback about our website, and services;
  9. To personalize and customize your experience based on your interactions with us, i.e., your search and booking history, your profile information and preferences, and other content you submit;
  10. To help us perform analytics, debug the platform, and conduct research;
  11. To contact you by email, or other equivalent forms of electronic communication, regarding website or services updates or informative communications related to the services, including the security updates, when necessary or reasonable for their implementation;
  12. To send administrative information to you about your user account, website, services, information about changes to our terms, conditions, and policies, or any other or related information;
  13. To protect our website as part of our efforts to keep our websites safe and secure (for example, for fraud monitoring and prevention);
  14. To enforce our terms, conditions, and policies;
  15. To respond to legal requests and prevent harm to you or to us. If we receive a subpoena or other legal request, we may need to inspect the data we hold to determine how to respond;
  16. For business activities, to evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or another sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which data held by us about our users is among the assets transferred;
  17. For other business purposes, such as data analysis, identifying usage trends, and evaluating and improving our websites, services, and your experience;
  18. To attend and manage your requests to us;
  19. To otherwise interact with you for any other legitimate purpose or activities.

5. What is the legal basis for processing your personal data?

We may process personal data under the following conditions:

  1. Consent:
    You have given your consent for processing personal data for one or more specific purposes.
  2. Performance of a contract:
    Provision of personal data is necessary for the performance of an agreement with you and/or for any pre-contractual obligations thereof.
  3. Legal obligations:
    Processing personal data is necessary for compliance with a legal obligation to which you are subject.
  4. Vital interests:
    Processing personal data is necessary in order to protect your vital interests or of another natural person.
  5. Public interests:
    Processing personal data is related to a task that is carried out in the public interest or in the exercise of official authority vested with us.
  6. Legitimate interests:
    Processing personal data is necessary for the purposes of our legitimate interests pursued by us.

In any case, we will gladly help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.

6. Will your data be shared with anyone?

We only share data with your prior consent, to comply with laws, protect your rights, or fulfill our business obligations. We only share and disclose your data in the following situations or to the following recipients:

  1. Government bodies or courts:
    We may share or disclose your data where we are legally required to do so in order to comply with applicable law, governmental requests, a judicial proceeding, court order, or legal processes, such as in response to a court order or a subpoena (including in response to public authorities to meet national security or law enforcement requirements). We may disclose your data where we believe it is necessary to investigate, prevent, or take action regarding potential violations of our policies, suspected fraud, situations involving potential threats to the safety of any person and illegal activities, or as evidence in litigation in which we are involved.
  2. Service providers:
    We may share your data with third-party service providers including consultants, vendors, independent contractors, or agents who perform services for us or on our behalf and require access to such data to perform such services. Such services may include marketing or promotional efforts, customer service, hosting services, payment processing, data analysis, and email delivery. Unless described in this Privacy Policy, we do not share, sell, rent or trade any of your data with third parties for their promotional purposes. We currently use the website hosting services of Microsoft Azure. Our payment service providers are Bank of America for ACH, Venmo, Zelle, and PayPal. We also use Google Analytics.
  3. Business transfers, mergers, or acquisitions:
    We may share or transfer your data in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
  4. Affiliates and business partners:
    We may share your data with our affiliates and business partners, in which case we will require those affiliates and business partners to comply with this Privacy Policy.
  5. With your consent:
    We may disclose your data for any other purpose with your prior consent.

7. Do we use cookies on the website?

Yes, we use cookies to access, track or store data. Cookies are small pieces of data stored on your computer or mobile device by your web browser. These small files contain a string of characters, to your IP address, giving the browser distinct identification, in order to keep track of your preferences. Among other things, cookies help us improve our website and your experience. Cookies are used to track your online activity and behavior for marketing purposes.

Most web browsers are set to accept cookies by default. If you prefer, you can choose to set your browser to remove cookies and reject cookies. If you set your browser to reject cookies, then you may not be able to access some features or functionalities on our website. For more information on rejecting cookies, see your browser's instructions on changing your cookie settings. You can prevent the storage of cookies by choosing a 'disable cookies" option in your browser settings.

8. Do we use website analytics?

Yes, we use Google Analytics to monitor and analyze your use of our website.

9. What about links to third-party websites and mobile applications on the website?

The website will have links to Disney’s website. The website may have links to other affiliates for travel insurance, discount tickets, etc. Please note that if you follow a link to any of these websites, such websites will apply different privacy practices to the collection and privacy of your personal data and we do not accept any responsibility or liability for the privacy practices of such websites. When you leave our website, we encourage you to read the Privacy Policy of every website you visit.

10. How long do we retain your data?

This website is a travel/vacation website and hence, users may repeatedly use this website over a period of many years. Hence, we would retain your data on a continuing basis without deleting it. This is done for your convenience only. However, you may reach out to us at info@dvcescape.com, if you do not want us to retain your data.

If you request us to delete your data, we will do our best to delete most of your data. But please remember, it will not be possible for us to delete all of your data. Some data, for example, your payment transaction details, your booking details, reviews you post on the website, etc. will still be retained by us for record purposes or proof.

11. How do we secure and protect your data?

We take due care to protect your data. We maintain physical, electronic, and procedural safeguards in connection with the collection, storage, and disclosure of personal data. We take reasonable steps to help protect your data in an effort to prevent loss, misuse, unauthorized access, disclosure alteration, and destruction. The data you provide to us is shared on our secure servers. We have implemented appropriate physical, technical and organizational measures designed to secure your data against accidental loss and unauthorized access, use, alteration, or disclosure. In addition, we limit access to personal data on a need-to-know basis to those employees or third parties that have a legitimate business need for such access.

If you are concerned about your data, you have the right to request access to the personal data which we may hold or process about you. You have the right to direct us to correct any inaccuracies in your data free of charge. At any stage, you also have the right to ask us to stop using your personal data for direct marketing purposes. However, please also remember that we cannot guarantee that anything on the internet itself is completely secure. Although we will do our best to protect your data, the transmission of data to and from our website is at your own risk. You should only access the website within a secure environment.

12. How do we transfer your data?

Your data is processed at our operating offices and in any other places where the parties involved (third-party service providers) in the processing are located. It means this data may be transferred to and maintained on devices outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction. Your consent to this Privacy Policy followed by your submission of such data represents your agreement to that transfer. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your data will take place to an organization or a country unless there are adequate controls in place including the security of your data.

13. How do we deal with the data collected from minors?

We do not knowingly collect data from children under 18 years of age. We do not knowingly market our services to children under 18 years of age. By using the website, you represent that you are at least 18 or above 18 years of age or older. If we become aware that data from users under the age of 18 years has been collected, we will take reasonable measures to promptly delete such data from our records.

14. How do we process your payment data?

We display paid services on the website. In that case, we will use third-party services for payment processing (e.g., payment processors). We will not store or collect your payment card details. The payment data is provided directly to our third-party payment processors namely Bank of America for ACH, Venmo, Zelle, and PayPal, whose use of your data is governed by their privacy policies. You should contact the payment processor directly for any questions regarding the collection, processing, storage, use, and retention of your payment data.

15. Do Not Track:

If you are a user from the State of California (USA), you must note that we currently do not recognize or respond to Do Not Track signals. “Do not Track” is a privacy preference that some users can set in certain web browsers.

16. If you are a citizen or resident of the European Union, what are your rights under the GDPR (General Data Protection Regulation)?

We respect the confidentiality of your personal data. We will provide you with complete support in exercising your rights. You have the right under this Privacy Policy, and by law, if you are within the European Union, to:

  1. Request access to your personal data:
    The right to access, update or delete the data we have about you. Whenever made possible, you can access, update or request deletion of your personal data directly by contacting us. This also enables you to receive a copy of the personal data we hold about you.
  2. Request correction of personal data:
  3. Object to processing of your personal data:
    You have the right to have corrected any incomplete or inaccurate data we hold about you.
  4. Request erasure of your personal data:
    You have the right to ask us to delete or remove your personal data when there is no good reason for us to continue processing it.
  5. Withdraw your consent:
    You have the right to withdraw your consent to use your personal data. If you withdraw your consent, we may not be able to purchase our services or we may not be able to provide you with access to the website.

17. How can you exercise your GDPR data protection rights?

You may exercise your rights of access, rectification, cancellation, and opposition by contacting us at info@dvcescape.com. Please note that we may ask you to verify your identity before responding to such requests. If you make a request, we will try our best to respond to you as soon as possible. You have the right to complain to a Data Protection Authority about our collection and use of your personal data. For more information, if you are in the European Economic Area (EEA), please contact your local data protection authority in the EEA.

18. Do we make updates to this Privacy Policy?

We may update this Privacy Policy from time to time. The updated version will be indicated by an updated “Revised” date and the updated version will be effective as soon as it is accessible. If we make material changes to this Privacy Policy, we may notify you through a pop-up notice on the website.

19. How can you contact us?

If you have any questions regarding this Privacy Policy, please contact us at info@dvcescape.com.