DATA AND INFORMATION PRIVACY AND PROTECTION POLICY

THE NEXT STEP EVENTS, Inc. d/b/a Seven Hall Trees Events

Introduction

This Policy applies to the collection, processing, use, disclosure and transfer of data and information about individuals by THE NEXT STEP EVENTS, Inc. , d/b/a Seven Hall Trees Events ("Seven Hall Trees Events"). As such and among other things, Seven Hall Trees Events has elected to voluntarily participate in the European Union ("EU")-US Privacy Shield (the "Privacy Shield") and to certify its adherence to the Privacy Shield and its Principles, including the Supplemental Principles (collectively, the "Principles"). As such it has agreed to subject its compliance to the Privacy Shield and its Principles to the full breadth of current regulatory enforcement of the United States Department of Transportation and the United States Federal Trade Commission as well as any other statutory body empowered to enforce compliance with the Privacy Shield and its Principles. This includes the European Directive on Data Protection. Dir 95/45/EC and the Privacy and Electronic Directive Dir. 2002/58/EC.

Purpose

  1. As set forth above, various national and international laws and regulations protect the rights of individuals in connection with data relating to them. These rights include the right of a person to make sure that data about them is accurate, is processed fairly and lawfully, is kept secure and is only disclosed to others with their consent under agreed circumstances.

    The purpose of this Policy is to document Seven Hall Trees Events' continuing commitment to ensuring that the aims of national and international laws and regulations on data protection, including but not limited to those set forth above, are respected and that the collection, processing, use and disclosure of data by Seven Hall Trees Events is compliant with those laws and regulations.

  2. As a global travel management company, Seven Hall Trees Events, among other things, receives data from within and outside the United States, including but not limited to the EU and delivers that data to its customers and other third parties in various formats; all at the request of and by agreement with its customers.

Scope of this Policy

  1. This Policy applies to Seven Hall Trees Events' operations throughout the world. Where local laws and regulations which go beyond the scope of this Policy apply to the collection, processing, use and disclosure of data, then these may be included in an appendix to this Policy, which will specify the location to which it applies. In that location, the additional provisions of the relevant appendix will be observed along with all of the other provisions of the Policy.

Definitions

  1. "Personal Data" includes data that relates to a person and this person must be identifiable. The identification can be direct (for example, by reference to the person's name) or indirect (for example, by reference to a unique number that relates only to them).
  2. "Processing" of Personal Data means any operation or set of operations that is performed upon Personal Data, whether or not by automated means.
  3. "Controller" means a person or organization which, along or jointly with others, determines the purposes and means of the Processing of Personal Data.
  4. "Data Exporter" means the Controller who transfers Personal Data.
  5. "Data Importer" means the Controller or Processor who agrees to receive data from the Data Exporter for Processing.
  6. "Data Processor" means a person or organization that Processes Personal Data on behalf of a Controller.
  7. "Data Subject" means the individual whose Personal Data is being Processed.

Adherence to Primary Principles of Privacy Shield

  1. Notice, Choice and Accountability for Onward Transfer
    1. Seven Hall Trees Events will inform its customers and business partners (e.g., vendors and other third parties) that it participates in the Privacy Shield. It will provide such notice in a variety of manners as may be appropriate, such as, language in its contracts with customers, clear notification on its website (/privacy-policy/), and a specific link to this policy that can be easily found.
    2. Seven Hall Trees Events personal data may include, but is not limited to, information such as name, address, age, marital status, medical conditions, passport and visa information and corporate data.
    3. Seven Hall Trees Events complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States. Seven Hall Trees Events has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.
    4. In compliance with the Privacy Shield Principles, Seven Hall Trees Events commits to resolve complaints about our collection or use of your personal information. EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Seven Hall Trees Events at: dataprivacy@sevenhalltrees.com. Seven Hall Trees Events will respond within forty-five (45) calendar days of such request.

      Seven Hall Trees Events has further committed to refer unresolved Privacy Shield complaints to the International Centre for Dispute Resolution/American Arbitration Association ("ICDR/AAA"), an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit http://go.adr.org/privacyshield.html for more information or to file a complaint. The services of ICDR/AAA are provided at no cost to you.

    5. Seven Hall Trees Events provides travel management services and reporting to corporate clients (typically, a Data Controller). In order to provide these services, Seven Hall Trees Events requires Personal Data regarding persons authorized to travel for the client (the "Data Subjects") hereinafter referred to as the "Traveler" or "Travelers". This data may be collected from the Traveler, from the client, or from other sources such as travel agents. In order to complete travel arrangements requested by a Traveler, Seven Hall Trees Events typically provides Personal Data to one of the global distribution systems or an internet booking engine. This data may include, but is not limited to, information such as name, address, age, marital status, medical conditions, passport and visa information and corporate data.

      Global distribution systems fulfill the travel arrangements requested through specific travel suppliers, such as airlines, hotels and rental car agencies. Seven Hall Trees Events then confirms the completed travel arrangements and itinerary to the Traveler and the costs. Seven Hall Trees Events does not exercise any control over the use of personal information transmitted using global distribution systems or other travel suppliers. As of the Effective Date, Seven Hall Trees Events provides Traveler travel information to iJET/ISOS for travel risk management as well as to DataFlex for credit card reconciliation. Otherwise, travel arrangements are shared only with the client for whom the Traveler works.

    6. Rights of data subjects to obtain access to personal data
      1. Every Traveler about whom Seven Hall Trees Events Processes Personal Data has a right to the following:
        1. to inquire whether or not Personal Data relating to him or her is being Processed by or on behalf of Seven Hall Trees Events, a customer of Seven Hall Trees Events and/or a Controller;
        2. if Personal Data relating to him or her is being Processed by or on behalf of Seven Hall Trees Events, to be given the following information:
          1. a description of the Personal Data relating to him or her;
          2. the purposes for which that Personal Data is being or is to be Processed;
          3. the identity of any third parties to whom the data is or may be disclosed,
          4. and, in addition, the Traveler is entitled, upon written request, to be given a copy of the relevant data in an intelligible form.
      2. There may be restrictions on the amount of information that can be disclosed if such disclosure would necessarily involve disclosing information about another person or entity.
    7. In the event an individual desires to limit the use and disclosure of their personal data, including requests to "opt-out" Individuals have the right:
      1. to ask Seven Hall Trees Events to correct or erase incorrect or incomplete Personal Data relating to them; Seven Hall Trees Events will take reasonable steps to ensure that Personal Data is reliable for its intended use, accurate, complete and current;
      2. Notwithstanding the above, as Seven Hall Trees Events Processes Data that has been shared with the suppliers of travel (e.g. airline, car rental companies, hotels), it is not always reasonable for Seven Hall Trees Events to permit individuals to correct, amend or delete this information; accordingly, unless the circumstances are truly extraordinary, it will not make changes based upon an individual's request, nor will Seven Hall Trees Events permit an individual's access to such Data for that purpose;
      3. to ask Seven Hall Trees Events to not or stop Processing Personal Data relating to them ("Opt Out"): In the event a Traveler Opt Out, they must also contact the customer of Seven Hall Trees Events (the Traveler's employer). In the event that Seven Hall Trees Events receives a similar request from an individual, it will notify its customer and seek instructions from that customer. As Seven Hall Trees Events has a contractual duty to Process the individual's data for its customer, it does not have the authority to simply eliminate an individual's Personal Data from the data it processes. As such, Seven Hall Trees Events must seek and take direction from its customer. Notwithstanding this duty of Seven Hall Trees Events to its customers, an individual may submit an Opt Out request to support@sevenhalltrees.com;
      4. to access their Personal Data by contacting their employer (the customer of Seven Hall Trees Events) or by submitting a request to support@sevenhalltrees.com. In the event Seven Hall Trees Events receives an individual's request for access to his/her Personal Data, Seven Hall Trees Events will notify its customer of that request.
      5. Seven Hall Trees Events will respond to any inquiries directed to support@sevenhalltrees.com within forty-five (45) calendar days of such request.
      6. Seven Hall Trees Events understands that the notices referenced herein must be provided in clear and conspicuous language when individuals are first asked to provide Personal Data to it. As set forth above, Seven Hall Trees Events collects Personal Data at the request of its customers; as such, it will rely upon its customers to provide its Travelers with appropriate notice ("Notice") and to obtain any necessary consent ("Consent").
      7. Due to the nature of its contractual relationship with its customers and the services provided to them by Seven Hall Trees Events, it will be difficult and in most instances, impossible for Seven Hall Trees Events to provide individuals with Opt Out options. Individuals are therefore strongly encouraged to first request Opt Out with their employer (the customer of Seven Hall Trees Events). Notwithstanding this, individuals may send their Opt Out request to Seven Hall Trees Events as set forth above after which such request will be forwarded by Seven Hall Trees Events to its customer.
    8. As a participant in the Privacy Shield, Seven Hall Trees Events agrees to be subject to the investigatory and enforcement powers of the U.S. Department of Transportation ("DOT") and the U.S. Federal Trade Commission ("FTC"). Accordingly, Seven Hall Trees Events may be required to disclose Personal Data to DOT or FTC or other applicable U.S. government agencies including the requirement to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
    9. Onward transfers to third parties:
      1. The Traveler's Personal Data, including Human Resources Data where applicable, may be transferred to third parties for the purpose of customer account management, customer program analytics consistent with customer agreements, travel and expense technology services, passenger name record enhancement, travel management risk services, detailed reporting of customer preferred suppliers and/or reconciliation of traveler booking data with credit card transactions. In each and every instance, Seven Hall Trees Events shall be liable for the acts of such third parties.
      2. In order to facilitate travel arrangements, Seven Hall Trees Events will be required to pass a Traveler's Personal Data to disclosed third parties including but not limited to operators of global distribution systems ("Third Parties"). Depending upon a Traveler's specific travel needs, this may potentially require transfers of Personal Data beyond the European Economic Area) to locations throughout the world.
      3. As set forth above, Seven Hall Trees Events complies with the Privacy Shield and Principles regarding the collection, use, and retention of personal information from European Union member countries and Switzerland. In accordance with the Privacy Shield, Seven Hall Trees Events has self-certified its adherence to the Privacy Shield Principle, including sixteen binding supplemental principles, with the U.S. Department of Commerce. This policy supplements, but does not replace, all other policies, practices and/or procedures including, but not limited to applicable confidentiality or non-disclosure agreements. The implementation of this policy by Seven Hall Trees Events shall be effective September 30, 2016 ("Effective Date"). Seven Hall Trees Events recognizes that the Principles shall be applicable to it upon the Effective Date of the Certification. A copy of this policy can be found at: /privacy-policy/.
      4. Seven Hall Trees Events has mechanisms in place to periodically monitor its compliance with the Principles.
      5. Transfers to Third Parties may also take place where any Seven Hall Trees Events network offices or servers are located in a country outside the EU.
      6. By submitting their Personal Data to Seven Hall Trees Events, the client of Seven Hall Trees Events on behalf of its Travelers authorizes the use of the Traveler's Personal Data to complete their travel arrangements including any necessary transfers to Third Parties of their Personal Data as described herein and/or as may be required of Seven Hall Trees Events by the Data Controller. Travelers can request that transfers not take place however Seven Hall Trees Events may then not be able to deliver the specific travel arrangements.
      7. Where appropriate, Third Party transfer recipients will be expected to use such personal data in accordance with the provisions of this privacy policy, or in with their own privacy policies. Seven Hall Trees Events will not transfer data to any third party that has not become certified, within the applicable certification timeframe, under the Privacy Shield, or with which Seven Hall Trees Events does not have contractual agreements in place which provide at least the same level of protection as is required by the relevant Privacy Shield Principles. Seven Hall Trees Events, however, cannot ensure that a Third Party recipient will abide by the provisions of this privacy policy, their own privacy policies or those of the Privacy Shield. In addition, United States or other government and law enforcement authorities may require access to a traveler's personal data under various laws, rules, regulations, or orders, as well as under various security screening protocols.
      8. Seven Hall Trees Events will inform its customers and other Third Parties that it participates in the Privacy Shield including but not limited to appropriate language in its customer contracts and clear notification on its website as set forth above.
      9. In the event that Seven Hall Trees Events is required to transfer Personal Data to a Third Party, it will comply with the Notice and Consent principles set forth herein. It will also enter into a binding written agreement with the Third Party recipient which shall provide that such data may only be processed for limited and specified purposes all consistent with the Traveler's Consent as set forth above and the contractual agreement between the Traveler and Seven Hall Trees Events' customer. Such agreement with a Third Party will provide the same level of protection as set forth in the Principles. Such agreement shall further ensure that such Third Party takes reasonable and appropriate steps to ensure that it processes the Personal Data transferred to it in a manner consistent and appropriate with that organization's obligations under the Principles, as well as to, upon notice, take reasonable and appropriate steps to stop and remediate unauthorized processing. Upon request, Seven Hall Trees Events will provide a summary or a representative copy of the relevant privacy provisions of the relevant privacy provisions of its agreement with such Third Parties.
  2. Security
    1. Keeping Travelers' personal data secure is of paramount importance to Seven Hall Trees Events. All Personal Data processed by or on behalf of Seven Hall Trees Events is subject to stringent standards to make certain it is secure and that appropriate levels of confidentiality are maintained. Unauthorized persons are never allowed access to Personal Data. Hard copies of data are treated as confidential waste and shredded.
    2. Seven Hall Trees Events will take reasonable steps and appropriate measures to protect Personal Data from loss, misuse, unauthorized access, disclosure, alteration and destruction.
    3. Seven Hall Trees Events will only process Personal Data for the limited purposes of providing and/or assisting in the provision of management reporting to its customers as required by virtue of its customer contracts as well as any customer contractually mandated transfers to Third Parties. It will not process Personal Data for any purpose inconsistent with these limited purposes.
    4. Seven Hall Trees Events' clients may review such information as travel spend, bookings and compliance with its travel policy.
    5. Seven Hall Trees Events will keep security measures under review and updated as new technology becomes available.
  3. Data Integrity and Purpose Limitation

    Seven Hall Trees Events is committed to Processing Personal Data for which it is the Data Processor, the Data Controller and/or the Data Importer in accordance with the following principles:

    1. Processing personal data fairly and lawfully.
      1. Seven Hall Trees Events collects information electronically, either directly from Seven Hall Trees Events' client, from the global distribution system upon which a Traveler reservation is made and/or from the travel agency that has made the Traveler's reservation, The information a Traveler submits is needed to respond to requests for information, to complete travel transactions, to enhance travel arrangements and to ensure that a Traveler's arrangements are in compliance with any existing travel policy of the client (their employer).
      2. Personal Data is only collected by Seven Hall Trees Events where the Traveler gives this so that Seven Hall Trees Events can fulfill any special travel needs. This data is not shared with a third party without the Traveler's consent ("Consent") and/or the Consent of Seven Hall Trees Events' client on behalf of the Traveler. Seven Hall Trees Events client has the obligation to obtain the consent of its employee, the Traveler.
    2. Ensuring Personal Data of a Traveler is only processed for purposes specific to Seven Hall Trees Events' client before the processing takes place and which are lawful.
      1. Seven Hall Trees Events will only disclose Personal Data to Third Parties for purposes specified in this policy.
      2. Seven Hall Trees Events may sometimes be required or permitted to disclose Personal Data in order to comply with any legal obligation to which it is subject.
      3. Seven Hall Trees Events will take all appropriate steps to ensure processing of Personal Data will be carried out in accordance with all applicable legislation and/or regulation.
      4. Any Seven Hall Trees Events employee who uses Personal Data improperly will be subject to disciplinary action.
    3. Ensuring Personal Data is adequate and relevant the purposes for which the data is Processed.

      The Personal Data collected by Seven Hall Trees Events relates solely to those items of information necessary in order to facilitate the range of a Traveler's potentially different travel requirements. Only the information reasonably required to facilitate travel arrangements is shared among Seven Hall Trees Events, its affiliates, travel suppliers and Global distributions systems or booking engines used within the travel industry and only with Consent from the Client.

    4. Keeping personal data accurate; complete; and up to date.

      Seven Hall Trees Events has automated processes and oversight to update our data repositories containing the Personal Data provided by Seven Hall Trees Events' client in order to maintain such Data in an accurate, complete and up to date manner.

  4. Adherence to Supplemental Principles

    Many of the Supplemental Principals are extensively treated above. To the extent they have not been treated and are relevant to the role of Seven Hall Trees Events as a travel management services provider, the following policies are applicable:

    1. The Role of Data Protection Authorities

      Seven Hall Trees Events has set forth above the details of its adherence to the Principles, including the provision of recourse for individuals whose Personal Data is the subject of Processing by Seven Hall Trees Events as well as mechanisms by which individuals may follow-up upon Seven Hall Trees Events' adherence to the Privacy Shield. In the event a Data Protection Authority ("DPA") commences an investigation regarding Seven Hall Trees Events' adherence to the Privacy Shield, Seven Hall Trees Events will cooperate with such investigation. Moreover, Seven Hall Trees Events will comply with advice given by a DPA or DPA panel where the finder of fact indicates that Seven Hall Trees Events must take specific action to comply with the Principles, including corrective actions or compensatory measures for the benefit of individuals affected by non-compliance.

    2. Verification

      Seven Hall Trees Events will self-verify its statements relating to its adherence to the Privacy Shield and its Principles. As such and in addition to the representations set forth in this policy, Seven Hall Trees Events represents:

      1. This policy is accurate, comprehensive and implemented as of September 30, 2016.
      2. This policy will be prominently displayed at /privacy-policy/. Additionally, copies of this policy may be obtained by submitting a written request to IT@sevenhalltrees.com.
      3. This policy conforms to the Privacy Shield and all of its Principles, including the Supplemental Principles.
      4. Individuals may obtain information regarding the filing of complaints as set forth in this policy. Additional information for European businesses and individuals in Europe may be found at: www.privacyshield.gov.
    3. Human Resources Data

      1. Seven Hall Trees Events may require access to human resources-like data as a necessary component of the travel management services provided to its customers. Further, Seven Hall Trees Events may obtain human resource data related to its own employees in the EU for typically employment related matters. To the extent either occur, such transfers enjoy the benefits of the Privacy Shield and this policy.
      2. Seven Hall Trees Events commits to cooperate with EU data protection authorities (DPAs) and comply with the advice given by such authorities with regard to human resources data transferred from the EU in the context of the employment relationship.
    4. Obligatory Contracts for Onward Transfers

      In connection with travel management services provided by Seven Hall Trees Events to its customers, all data received from such customers is subject to an agreement between Seven Hall Trees Events and its customer, which agreement specifically sets forth the actions to be taken by Seven Hall Trees Events with respect to such data on behalf of the customer.

Conclusion

Seven Hall Trees Events is committed to ensuring that its customers' and their Travelers' Personal Data is handled confidentially, privately and appropriately. Seven Hall Trees Events has, therefore, voluntarily elected to participate in the Privacy Shield and to be subject to the compliance and enforcement powers of the DOT, FTC and other U.S. governmental authorities. Information about Seven Hall Trees Events' commitment to and compliance with the Privacy Shield may be obtained by submitting a written request to IT@sevenhalltrees.com.