Updated June 27, 2022
Coldwater Excursions offers various services (the “Services”) to provide individuals and businesses with guided tours, excursions, photos, merchandise, and gear rentals such as: kayaks, canoes, paddle boards, snorkeling gear
We do not offer Services in the European Union but If you are located in the European Union, the General Data Protection Regulation effective 25 May 2018 (“GDPR”) applies to information about you (“Personal Data” under GDPR) that Coldwater Excursions may collect. In that case, and under GDPR, you are defined as a “Data Subject,” Coldwater Excursions is a “Data Controller” for Personal Data that Coldwater Excursions obtains and “Processes,” and this policy explains your rights with respect to that Personal Data.
In addition, The California Consumer Privacy Act, codified at Cal. Civ. Code §1798.100 et seq., including future amendments as well as any final implementing regulations adopted by the State of California Department of Justice Office of The Attorney General (together, “CCPA”) also now protects “Personal Information” that identifies, relates to, describes or can be associated with, or reasonably can be linked (directly or indirectly) with a specific individual (“Consumers”) or household in California. If you think Coldwater Excursions is processing your Personal Information, please see the section in the Policy below with the heading “Your Rights Under California Privacy Statutes” for more information about Coldwater Excursions and CCPA.
This policy applies to information we collect:
* On the Sites.
* Under GDPR, this policy also applies to Personal Data to the extent that you as a Data Subject under GDPR provide that Personal Data to or it is collected from you on the websites of certain Coldwater Excursions partners who provide a service registering you for Coldwater Excursions events such as Coldwater ExcursionsCon (e.g. Eventbrite or Bizzabo) and those partners in their capacity as Data Controllers share any event attendee/participant Personal Data with Coldwater Excursions.
* In email, text, and other electronic messages between you and the Sites.
* Through mobile and desktop applications you download from the Sites or in connection with the Services, which provide dedicated non-browser-based interaction between you and the Sites.
* From third parties, whether they are partners or vendors.
Children Under the Age of 16
Our Sites are not intended for children under 13 years of age generally, and specifically for children under 16 years of age who are subject to GDPR (individually, a "Minor", and collectively, "Minors"). No minors may provide any information to or on the Sites. We do not knowingly collect personal information from minors. If you are a minor, do not use or provide any information on the Sites or on or through any of its features/register on the Sites, make any purchases through the Sites, use any of the interactive or public comment features of the Sites, or provide any information about yourself to us, including your name, address, telephone number, email address, or any screen name or username you may use. If we learn we have collected or received personal information from a minor without verification of parental consent, we will delete that information. If you believe we might have any information from or about a minor, please contact us at email@example.com.
GDPR Lawful Bases for Processing Personal Data of Data Subjects
* In order to perform pursuant to one or more legal agreements (contracts) with you,
* With your consent, and
* Pursuant to a Legitimate Interest, in which Coldwater Excursions considers the purpose it has for Processing your Personal Data, whether the Processing is necessary for that Purpose, and whether your own personal interests as a Data Subject outweigh Coldwater Excursions’s purpose in Processing your Personal Data.
(As a reminder, if you are not a Data Subject providing your Personal Data to Coldwater Excursions from within the European Union, GDPR does not apply to you.)
Information We Collect About You and How We Collect It
We collect several types of information from and about users of our Sites and Services, including information:
* By which you may be personally identified, such as name, postal address, email address, or telephone number ("personal information");
* That is about you but individually does not identify you, such as your company name and job title; and/or
* About your Internet connection, the equipment you use to access our Sites, and usage details.
(Under GDPR, if Coldwater Excursions collects Personal Data from Data Subjects from within the EU, and Personal Data is considered to be broader and to include more categories of information than how we generally refer to “personal information” in this policy. We will be specific when we are discussing GDPR and activities we undertake related to Personal Data under GDPR.)
We collect this information:
* Directly from you when you provide it to us.
* Automatically as you navigate through the site using cookies and other tracking technologies defined and discussed with more detail below. Information collected automatically may include usage details, email address, IP addresses, and information collected through cookies and other tracking technologies.
* From third parties, for example, our business partners and third-party service providers who we believe in good faith are providing or sharing with us data in compliance with applicable laws or with whom you have authorized either these third parties or us or both to collect and use the data.
The Information Provided by You to Us
The information we collect on or through our Sites or Services may include:
* Information that you provide by filling in forms on our Sites. This includes without limitation information provided at the time of subscribing to the Services, and when you report a problem with our Sites.
* Records and copies of your correspondence (including email addresses) if you contact us.
* Your responses to surveys that we might ask you to complete for research purposes.
* Details of transactions you carry out through our Sites and of the fulfillment of your orders. You may be required to provide financial information before placing an order through our Sites.
* Your search queries on the Sites.
* Information you enter into our Sites about your marketing activities so that we can provide Services to you.
You also may provide information to be published, displayed, or transmitted (hereinafter "posted") on public areas of the Sites, or transmitted to other users of the Sites or third parties (collectively, "Interactive Content"). Your Interactive Content is posted on and transmitted to others at your own risk; we cannot control the actions of other users of the Sites with whom you may choose to share your Interactive Content. Therefore, we cannot and do not guarantee that Interactive Content will not be viewed by unauthorized persons.
Details of Usage, IP Addresses, Cookies, and Other Technologies
As you navigate through and interact with our Sites and Services, we may automatically collect certain information about your equipment, browsing actions, and patterns, including without limitation:
* Details of your visits to our Sites, including traffic data, location data, logs, and other communication data and the resources that you access and use on the Sites.
* Information about your computer and Internet connection, including your IP address, operating system, and browser type.
The information we collect automatically is statistical data and does not identify any individual*. It helps us to improve our Sites and Services and to deliver better and more personalized future services by enabling us to do things such as:
1. Estimate our audience usage patterns, size and locations.
2. Store information about your preferences, allowing us to customize our Sites according to your individual interests.
3. Improve user searches and user experience.
4. Recognize you when you return to our Sites.
5. Provide you with better services in the future.
(*The information referred to above may still constitute Personal Data under GDPR even though more generally Coldwater Excursions does not try to identify any individuals beyond recognizing them when they return to the Sites and use our Services in order to provide and/or to enhance the experience described in 2. to 5. above; however, to the extent this information is not anonymized or pseudonymized to the extent that it no longer qualifies as Personal Data, Coldwater Excursions will comply with GDPR with respect to Processing any such Personal Data.)
The technologies we use for this automatic data collection may include:
* Flash cookies. Certain features of our Sites may use local stored objects (or Flash cookies) to collect and store information about your preferences and navigation to, from, and on our Sites. Flash cookies are not managed by the same browser settings as are used for browser cookies. For information about managing your privacy and security settings for Flash cookies, see Choices About How We Use and Disclose Your Information.
* Web beacons. Pages of our Sites and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs). These allow us, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of a certain website content and verifying system and server funtionality).
We do not collect personal information automatically, but we may tie this information to personal information about you that we collect from other sources or you provide to us. However, to the extent the information we collect by automatic means constitutes Personal Data under GDPR either before or after we collect it, our processing of that Personal Data will comply with GDPR.
How Can you Disable Cookies
Most web browsers automatically accept cookies, but this is typically something you can adjust. At the time this version of the Policy was drafted, here are instructions to disable cookies for each browser:
* Safari on desktop and Safari Mobile (iPhone and iPads): By default, Safari protects you from being tracked from site to site unless you disable Intelligent Tracking Prevention (ITP).
* Firefox: By default, Firefox protects you from cross-site tracking, so long as you have not disabled Enhanced Tracking Protection (ETP).
* Microsoft Edge: Enable tracking prevention to protect you from being tracked between sites.
* Samsung Internet Browser
How We Utilize Your Information
We at Coldwater Excursions use information that we collect about you or that you provide to us, including any personal information:
* To present our Sites and their content to you.
* To provide you with information, products, or services that you request from us.
* To fulfill any other purpose for which you provide it.
* To provide you with notices about your bookings to the Services.
* To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection.
* To notify you about changes to our Sites or any products or services we offer or provide though it.
* To allow you to participate in interactive features on our Sites.
* In any other way we may describe when you provide the information.
* For any other purpose with your consent.
Disclosure of Your Information
We may collect and disclose anonymous and aggregated information about our users and subscribers, and other information that does not identify any individual without restriction for the purposes of product research, to improve our Services and for other commercial purposes.
* We share your personal information with trusted third parties who are our technology suppliers and partners where we have agreements to provide services with or in conjunction with Coldwater Excursions Services that our marketing research indicates you have sought if not actually requested, such as Google Analytics, worldwide business location map and other location-specific software as a service offerings, and reliable keyword data services for SEO and Advertising. Coldwater Excursions is committed to working with suppliers and partners who comply with similar and equally protective undertakings of privacy and confidentiality.
* We share your personal information with third parties who perform functions on our behalf and who also provide services to us, such as professional advisors, IT consultants carrying out testing and development work on our business technology systems, research and mailing houses and function coordinators, including software systems for customer relationship management (customer relationship management/sales force automation, e.g. Xola.com), customer service and support solutions (e.g. Intercom), email campaign marketing (e.g. MailChimp). These third parties comply with similar and equally protective undertakings of privacy and confidentiality.
* We currently have one affiliated company. As we continue to grow our business, we will likely share your personal information with our other affiliated (“Group”) companies for internal reasons, primarily for business and operational purposes. As we continue to develop our business, we may joint-venture, sell or purchase assets. If another entity acquires us or merges with us, your personal information will be disclosed to such entity. Also, should any bankruptcy or reorganization proceeding ever be brought by or against us, all such information will be considered an asset of ours and as such it is possible the information will be assigned or transferred to third parties.
* To fulfill the purpose for which you provide it. For example, if you give us an email address to book a tour, gear rental, photos, or use the "email share" feature of our Sites, we will transmit the contents of that email and your email address to the recipients.
* For any other purpose disclosed by us when you provide the information.
* With your consent.
When we share Personal Data under GDPR with our partners, we will do so pursuant to GDPR appropriate Data Processing Addendum or Data Sharing Agreements as appropriate given the nature of the parties’ respective roles under GDPR (i.e. Data Controllers to Data Processors versus co-Data Controllers).
We may also disclose your personal information:
* If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Coldwater Excursions, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.
How We Use and Disclose Your Information and Changes
We aim to provide you with choices regarding the personal information you provide to us.
For those users of our Services and Sites Outside of the European Union and for which GDPR does not apply, we have created the following mechanisms and practice to provide you with the following control over your information:
* Promotional offers from the company. If you do not wish to have your contact information used by the Company to promote our own or third parties' products or services, as an account holder or subscriber at any other time you can make changes by logging into the Sites and adjusting your user preferences in your account profile by checking or unchecking the relevant boxes. For forms on which we collect information or data from non-account holders, we will switch our practice to the extent applicable law requires (e.g. GDPR) so that by default you are opted-out and can opt-in only by checking the relevant box located on the form on which we collect your information or data. If you find that you are receiving communications that you do not believe you have provided consent, you can alert us to your concerns by sending us an email stating your request to firstname.lastname@example.org. If we have sent you a promotional email, you may send us a return email asking to be omitted from future email distributions. This opt-out does not apply to information provided to the Company as a result of a product or service purchase, product service experience, or other transactions.
How to Access and Correct Your Information
You can review and change some of your personal information by logging into the Sites and visiting your account profile page.
You may also send us an email at email@example.com to request access to, correct, or delete any personal information that you have provided to us. In some cases, we cannot delete your personal information except by also deleting your user account, which can only be done after we have rendered the contracted services to you. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.
GDPR Process | Exercising Data Subject’s Rights in Personal Data
For those users of our Services and Sites from within the European Union and for which GDPR applies, we have created the following mechanisms and practices to provide you with the following control over your personal information that comprises GDPR Personal Data:
What are your rights?
By law, if any of your personal information/Personal Data provided to Coldwater Excursions is subject to GDPR in the European Union, you have a number of rights when it comes to your personal information/Personal Data. Further information and advice about your rights can be obtained from the data protection regulator in your country.
IMPORTANT: When you contact Coldwater Excursions to exercise your rights described below, it is very important for security verification and other purposes that you use any email address that you know is associated with the personal information/Personal Data about which you are contacting Coldwater Excursions.
A. The right to object to processing
You have the right to object to certain types of processing, including processing for direct marketing (i.e. if you no longer want to be contacted with potential opportunities).
HOW TO EXERCISE YOUR RIGHT: If you want to object to certain types of processing, please direct your communication to firstname.lastname@example.org providing specific and detailed information regarding your objection and requested action.
B. The right to be informed
C. The right of access
This is so you are aware and can check that we are using your information in accordance with GDPR or any other applicable data protection laws.
HOW TO EXERCISE YOUR RIGHT: If you have questions specific to your personal information/Personal Data and how Coldwater Excursions is using it in accordance with GDPR or other applicable laws, please direct your communication to email@example.com and please be specific and detailed about your questions and Coldwater Excursions will promptly address those questions.
D. The right to rectification
You are entitled to have your information corrected if it is inaccurate or incomplete.
HOW TO EXERCISE YOUR RIGHT: If you believe your personal information data processed by Coldwater Excursions is incorrect and needs to be updated or otherwise corrected, please check your settings with respect to your account, and if you still believe your Personal Data is inaccurate, direct your communication to firstname.lastname@example.org
E. The right to erasure
This is also known as “the right to be forgotten” and, in simple terms, enables you to request the deletion or removal of your personal information/Personal Data where there’s no compelling reason for us to keep using it. Please notice that this is not a general right to erasure; there are exceptions.
HOW TO EXERCISE YOUR RIGHT: If you no longer want Coldwater Excursions to have and process your personal information/Personal Data, please direct your communication to email@example.com (and you also may "copy" firstname.lastname@example.org).
(NOTE: Consistent with GDPR, Coldwater Excursions may retain a trivial amount of information to keep a record of its compliance with your request.)
F. The right to restrict processing
You have rights to “block” or suppress further use of your personal information/Personal Data that Coldwater Excursions processes. When processing is restricted, we can still store your personal information/Personal Data, but may not use it further. We keep lists of people who have asked for further use of their information to be “blocked” to make sure the restriction is respected in future.
For clarity, if you do make these requests, it does not mean that anything we have done with your personal information/Personal Data with your consent up to that point is unlawful.
HOW TO EXERCISE YOUR RIGHT: If you no longer want to restrict Coldwater Excursions from processing your personal information/Personal Data, please direct your communication to email@example.com,
G. The right to lodge a complaint
You have the right to lodge a complaint about the way we handle or process your personal information/Personal Data with your national data protection regulator. However, we hope you will contact Coldwater Excursions first (firstname.lastname@example.org) so Coldwater Excursions can try to address your complaint directly.
HOW TO EXERCISE YOUR RIGHT: If you want to lodge a complaint with Coldwater Excursions, please direct your communication to email@example.com.
H. The right to withdraw consent
If you have given your consent to anything we do with your personal information/Personal Data, you have the right to withdraw your consent at any time. This includes your right to withdraw consent to us using your personal information/Personal Data for marketing purposes.
HOW TO EXERCISE YOUR RIGHT: If you want Coldwater Excursions to withdraw your consent to process your personal information/Personal Data, please direct your communication to firstname.lastname@example.org
We usually act on requests and provide personal information/Personal Data free of charge, but may charge a reasonable fee to cover our administrative costs of providing the personal information/Personal Data for:
* Baseless or excessive/repeated requests, or
* Further copies of the same personal information/Personal Data. Alternatively, we also may be entitled to refuse to act on the request.
Please consider your request responsibly before submitting it. We will respond as soon as we can. Generally, this will be within one month from when we receive your request but, if the request is going to take longer to deal with, we will come back to you and let you know.
Most importantly, PLEASE UNDERSTAND that if you are a paid/unpaid user of a Coldwater Excursions Service, many types of personal information/Personal Data are necessary for Coldwater Excursions to maintain and continue your account, along with the booking or rental to any Services which that personal information/Personal Data is associated. If the personal information/Personal Data can no longer be used by Coldwater Excursions for that purpose, it may necessitate terminating the account and/or booking (without any refund) and discontinuing access to and the use of the Service and/or Sites to which the personal information/Personal Data is associated. We will use reasonable efforts to advise you of any such adverse consequences of restricting or removing our ability to maintain accounts and bookings by requests related to Personal Data, e.g. removal, restriction, blocking, etc.
Retention of Personal Data | Under GDPR and Other Applicable Laws
We only retain your personal information/Personal Data for as long as is necessary for us to use your information as described above or to comply with our legal obligations and legitimate interests. Please be advised that this means that we may retain some of your personal information/Personal Data after you cease to use our Services. For instance, we may retain your data as necessary to meet our legal obligations, such as for tax and accounting purposes.
When determining the relevant period in which we retain or establish/revise periods for retaining personal information/Personal Data, we will take the following factors into account:
* Our contractual obligations and rights in relation to the information involved;
* Legal obligation(s) under applicable law to retain data for a certain period of time or with respect to pending or anticipated legal actions;
* Our legitimate interest where we weigh your interest in controlling your Personal Data and against our lawful purpose in processing your Personal Data;
* Statutes of limitations under applicable law(s);
* If you have made a request to have your information deleted; and
* Guidelines issued by relevant data protection authorities.
Otherwise, pursuant to GDPR, we will securely erase your personal information/Personal Data once there is no lawful basis or legal obligation to store or process it.
Your Rights Under California Privacy Statutes
Cal. Civ. Code Section § 1798.83, commonly referred to as California’s “Shine the Light” law, permits users of our Sites that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to email@example.com or write us at: 13008 Agave St, Panama City Beach, Florida 32407.Coldwater Excursions is preparing its processes, technology and disclosures related to managing regulated Personal Information as needed to comply with CCPA (or its successor as of January 1, 2023, The California Privacy Rights Act of 2020 or “CPRA”) by the extended deadline. Other than CCPA’s regulations related to “Sale” of Personal Information and certain disclosures related to Personal Information of Consumers seeking employment with or employed by Coldwater Excursions, Coldwater Excursions will not become subject to most of CCPA’s requirements under two exemptions, until January 1, 2023. The first of the two CCPA exemptions applies to the remainder of CCPA’s obligations related to any applications by Consumers for, and any resulting, employment with, Coldwater Excursions and commonly is referred to as “the Employee Personal Information Exemption.” The Employee Personal Information Exemption is codified in CCPA at Cal. Civ. Code § 1798.145(m). The second of the two CCPA Exemptions deferring most of CCPA’s obligations for Coldwater Excursions applies to businesses collecting Personal Information in the process of doing business with other businesses, and commonly is referred to as “the Temporary B2B Exemption.” The Temporary B2B Exemption is codified in CCPA at Cal. Civ. Code § 1798.145(n).
Sale of Personal Information
As defined in the CCPA, "sell" and "sale" mean selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer's personal information by the business to a third party for valuable consideration. This means that We may have received some kind of benefit in return for sharing personal information, but not necessarily a monetary benefit.
Please note that the categories listed below are those defined in the CCPA. This does not mean that all examples of that category of personal information were in fact sold, but reflects our good faith belief to the best of our knowledge that some of that information from the applicable category may be and may have been shared for value in return. Therefore, we may sell and may have sold in the last twelve (12) months the following categories of personal information:
* Category A: Identifiers
* Category B: Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))
* Category D: Commercial information
* Category F: Internet or other similar network activity
Share of Personal Information
We may share Your personal information identified in the above categories with the following categories of third parties:
* Service Providers
* Payment processors
* Our affiliates
* Our business partners
* Third-party vendors to whom You or Your agents authorize Us to disclose Your personal information in connection with products or services We provide to You.
Coldwater Excursions has never been wanted and Coldwater Excursions does not want to sell to or provide any Personal Information to any third party for their own exclusive marketing purposes.
Sale of Personal Information of Minors Under 16 Years of Age
We do not sell the personal information of Consumers we actually know are less than 16 years of age, unless we receive affirmative authorization (the "right to opt-in") from either the Consumer who is between 13 and 16 years of age, or the parent or guardian of a Consumer less than 13 years of age. Consumers who opt-in to the sale of personal information may opt-out of future sales at any time. To exercise the right to opt-out, You (or Your authorized representative) may submit a request to Us by contacting Us.
If You have reason to believe that a child under the age of 13 (or 16) has provided Us with personal information, please contact Us with sufficient detail to enable Us to delete that information.
Security of Data
We have implemented measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure. All information you provide to us is stored on our secure servers behind firewalls. Any payment transactions will be encrypted using SSL technology and processed by third-party vendors such as Xola, PayPal, etc.
The safety and security of your information also depend on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Sites, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. We urge you to be careful about giving out information in public areas of the Sites like message boards. The information you share in public areas may be viewed by any user of the Sites.
Unfortunately, the transmission of information via the Internet is not completely secure. Although we do our best to protect your personal information generally and in compliance with applicable laws, we cannot guarantee the security of your personal information transmitted to our Sites or via our Services. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Sites or via the Services.
Coldwater Excursions, LLC
13008 Agave St
Panama City Beach, Florida 32407
Coldwater Excursions, its affiliates, and companies within our group only render services within the United States of America. In accordance with GDPR Article 27 that states “... the requirement to designate a representative does not apply if the processing meets three cumulative conditions. First, the processing must be "occasional". Second, it must not include "processing of special categories of data as referred to in Article 9(1) or processing of personal data relating to criminal convictions and offenses referred to in Article 10" on a large scale. Third, the processing must be "unlikely to result in a risk to the rights and freedoms of natural persons".
Updated June 27, 2022