Last Updated: 8/9/18

Index:

This site is owned and operated by The Cain Travel Group of Boulder, Inc. (Cain Travel) and its subsidiaries. This privacy policy applies to www.caintravel.com, Cain Travel and its subsidiaries. The privacy and security of your personally identifiable information (PII) is very important to us. This policy governs data collection, transfer and usage within our organization. We respect our Visitors’ preferences concerning the collection and use of their personal information. The following policy applies to Visitors who visit our web site(s), use our apps, and/or who contact us or interact with Cain Travel in any way.

Data Protection

Cain Travel has established corporate policies focused on the secure acquisition, storage, transfer and use of personal information across our organization. Through these policies we protect personal information and achieve compliance with applicable laws and regulations. Our data protection policies are reviewed frequently and updated as a part of our overall Information Security Policy and the Acceptable Use Policy in place with each of our employees.

What We Collect from Visitors

We collect certain pieces of personally identifiable information to allow us to provide you with products and services that require the information. We collect your personal information to operate our website(s) and to deliver services that you have requested.
We may collect:

  • Personal & Contact Information: Name, phone number(s), address(es), email address(es), social media handle(s), corporate information including title and company name
  • Payment Information: Credit Card/debit card numbers, bank account and routing numbers
  • Security credentials: username and password (if you create an account on our website)
  • TSA related information: date of birth, gender
  • Travel related information: Frequent Guest Numbers, passport & visa information
  • Website information: IP address, browser type, domain names, access time, referring website address

How We Collect Visitors’ Information

Cain Travel collects information through the following methods:

  • Personal interactions: information may be relayed to our company via telephone, text/SMS, email or other electronic means.
  • Direct requests by our Visitors: Visitors may provide their information directly to us through our website(s), or other technological forms that our company may make available to the public.
  • Transfers from our Sub-processors and Business partners: Visitor information may be securely transferred directly to Cain Travel by one of our sub-processors or business partners.
  • Cookies: We may store your browsing history with our website in a cookie.

How We Use Visitors’ Information

Cain Travel uses this information to fulfill your requests for our products and services, to contact you about those products and services and to contact you about specials and new products, when you authorize that communication. Some information and historical purchase information is used to maintain our quality of service, and to improve our future service levels for our visitors. This may include:

  • Optimization and improvement of our website
  • To receive and respond to your inquiries and requests, and to provide Visitors with information about our products and services
  • To process online transactions and setup user accounts
  • To send visitors information for marketing purposes
  • To carry out business transactions that users have requested that we transact

Information We Share

  • Cain Travel will not sell or rent your information to anyone, ever.
  • Cain Travel shares information with our sub-processors and business partners, when it is required to deliver the product or service that you have requested.
  • We may also disclose Visitors’ information to third-parties: (a) where required by law or regulatory requirement, court order or other judicial authorization, (b) in response to lawful requests by public authorities, including for the purposes of meeting national security and law enforcement requirements; (c) in connection with the sale, transfer, merger, bankruptcy, restructuring or other reorganization of a business; (d) to protect or defend Our rights, interests or property, or that of third parties; (e) to investigate any wrongdoing in connection with the Website or Our Services; or (f) to protect the vital interests of an individual.

Security

Cain Travel safeguards the information that we collect. We have employed the use of physical, electronic and policy-based security procedures to prevent unauthorized access, maintain data security while at rest, transmit data securely, and provide data redundancy. Our security procedures are defined through our Information Security policy, and all employees are bound by our Acceptable Use Policy. Our systems are governed by our access control policy, and we utilize firewalls and security software to protect against malicious actors. Data transmissions are secured through SMTP, current versions of TLS, and SSL.

PCI Compliance

Cain Travel is PCI compliant, and only works with sub-processors and business partners who are PCI Compliant. For information, or to receive copies of our PCI certificates or the results of our PEN scans, please contact security@caintravel.com

Sub Processors and Business Partners

Depending on the nature of our relationship with you, we may transfer your data to the following sub-processors / business partners to deliver our products and services.

CompanyLocationFunction
TravelportLangley, Berkshire, Sough UKReservation system
SAP ConcurBellevue, WA USAOnline booking solution
DeemSan Francisco, CA USAOnline booking solution
Salesforce.comSan Francisco, CA USACRM services
SendGridBoulder, COEmail delivery services
ETSILongmont, CODatabase services, travel profile synchronization, software development

Children Under 13

Cain Travel does not knowingly collect personally identifiable information from children under the age of thirteen, unless parental approval is obtained.

Our website may contain links to other sites. We are not responsible for the content or reliability of other sites.

Rights of Visitors

  1. Right of access


    • You have the right to know that we are processing your personal information, how we are processing this information, and for what purposes. This Privacy Policy provides those details.
  2. Right to Edit and Update Information
    • 

You have the right to update your personal information, and supplement incomplete information in Cain Travel’s systems.
  3. Right to Delete Personal Information


    • You have the right to request us to delete your personal information for the following reasons:
      • 
a) If the data is no longer necessary for the purposes it was collected.
      • 
b) If you withdraw previously given consent where consent is required to process the information.
      • 
c) If you object to Cain Travel processing the data in a certain way or for certain purposes and Cain Travel does not have legitimate grounds to continue processing the information.
      • 
d) If your personal information has been unlawfully processed.
      • 
e) If your personal information must be erased to comply with a legal obligation.
      • f) If the personal information has been collected in relation to the offer of Information Society Services as defined in Article 8(1) of the General Data Protection Regulation.
    • We may be required to reject your request to delete your information for the following reasons:
      • 
a) For exercising the right of freedom of expression and information.
      • b) For compliance with a legal obligation.
      • c) For reasons of public interest as described in Article 17 of GDPR.
      • 
d) For the establishment, exercise or defense of legal claims.

To make a request to delete information, you can email Cain Travel at security@caintravel.com. We will notify you within 30 days as to whether your request has been accepted or if and for what reason we cannot fulfill your request.
  4. Right to Request the Limitation of Processing Personal Information


    • You have the right to restrict our processing of your personal information for the following reasons:
      • 
a) If you believe your personal information is inaccurate, you can request that we limit our processing of the data until its accuracy is verified.
      • 
b) If the processing of your data is unlawful, you may either request erasure as described above or request certain restrictions.
      • c) If the controller does not need the information for the purposes above but must retain the information for the establishment, exercise or defense of legal claims.
      • d) If you have objected to the processing of your personal information and there is a pending determination as to whether our legitimate grounds to process override your rights described here.
    • 

As with any request for erasure of your personal information, you also have the right to be notified by us about a restriction in the processing of your personal information.
    • 

You can make this request by emailing security@caintravel.com
  5. Right to Portability
    • 

You have the right to request us to send you your personal information in a structured, commonly used, machine-readable format so that it can easily be transferred and used by a third party if:
      • 

a) You provided us with the information.
      • 
b) The processing of your personal information is based on your consent or required for the performance of a contract; or
,
      • c) The processing is carried out by automated means.

You can make this request by emailing security@caintravel.com.
  6. Right to Object and Automated Individual Decision-making
    • 

You have the right to object to our processing of your data when our legal basis for processing is Cain Travel’s legitimate interests based on your particular situation. Upon receiving an objection from you, Cain Travel will cease to process your information unless we can demonstrate compelling legitimate grounds for the processing which overrides your rights and freedoms.
    • 

Particularly, you have the right to object to the processing of your personal information related to direct electronic marketing.
    • 

You also have the right to object to our processing of your information where decisions on processing are made by automated processing which has a legal or other significant impact on you.

You can make this request by emailing security@caintravel.com

  7. Right to Withdraw Consent
    • 

Cain Travel is primarily processing your information based on our legitimate interests and other obligations. However, where you have given consent to us to process your personal information, you have the right to withdraw that consent and we will promptly respond.
    • You can make this request by emailing security@caintravel.com

  8. Right to File a Complaint with the Data Protection Authority
    • 

If you are located in the European Economic Area, or the United Kingdom you have the right to contact your local data protection authority for assistance or to make a complaint.
    • While the rights explained above do not apply to those outside of the European Economic Area and the UK, as a matter of rights and freedoms, we care about any questions related to your personal information. If you are not located in the European Economic Area or the United Kingdom, you can contact Cain Travel at security@caintravel.com with questions.

Contact Information

If you have questions or comments regarding this Privacy policy, please contact Cain Travel at:

The Cain Travel Group of Boulder, Inc.
2990 Center Green Court
Boulder, CO 80301 USA
303-443-2246