ChannelRUSH Privacy Policy

About ChannelRUSH

ChannelRUSH is a software company that creates products and services for businesses in the hospitality industry. Customers of ChannelRUSH include, but are not limited to, hotels, resorts, timeshares, rental properties, and hospitality management companies. We also work with the companies our customers work with to process lodging reservation information.

Getting Oriented

ChannelRUSH processes two broad categories of personal information when you use our products and services.

• Direct Customer Data
  Your personal information as a customer of ChannelRUSH.
• Indirect Customer Data
  The personal information of your end customers (i.e. those who book reservations at your property, or those who book reservations at properties overseen by your management company).

ChannelRUSH processes these categories of personal information differently because the direct relationship we have with you, our customer, is different than the indirect relationship we have with your end customers.

Data protection and privacy laws in certain jurisdictions, like the European Economic Area (EEA), differentiate between “controllers” and “processors” of personal information.

A controller decides why and how to process personal information.

A processor processes personal information on behalf of a controller based on the controller’s instructions.

When ChannelRUSH processes your Direct Customer Data, the ChannelRUSH entity with whom you are contracting is acting as a controller.

When ChannelRUSH processes Indirect Customer Data, the ChannelRUSH entity with whom you are contracting is acting as a processor.

How We Process Your Personal Information

We, ChannelRUSH, collect and process your personal information:

• When you visit one of our public facing websites such as channelrush.com and make a request to receive information about ChannelRUSH products and services;
• When you contact ChannelRUSH’s Sales Team or Customer Support Team; and
• When you sign up for a ChannelRUSH account and use our products and services

We call this information Direct Customer Data.

Broadly speaking, we use Direct Customer Data to further our legitimate interests to:

• understand who our customers and potential customers are and their interests in ChannelRUSH’s product and services,
• manage our relationship with you and other customers,
• carry out core business operations such as product and service fulfillment, accounting, and filing taxes

We do not sell your Direct or Indirect Customer Information, and we do not share your Direct or Indirect Customer Information with third parties for those third parties’ own business interests.

Legal Basis for Processing Personal Information

Our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it.

However, we will normally collect personal information from you only where we need the personal information to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms, or where we have your consent to do so. In some cases, we may also have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of another person such as in the case where we request personal information from you in the context of a government audit or in response to a request from law enforcement.

Accountability for Onward Transfer

In the context of an onward transfer ChannelRUSH has responsibility for the processing of personal information it receives under the Privacy Shield and subsequently transfers to a third party acting as an agent on its behalf. ChannelRUSH is potentially liable under the Principles if its agent processes such personal information in a manner inconsistent with the Principles, unless the organization proves that it is not responsible for the event giving rise to the damage.

What Customer Account Data We Processes When You Sign Up for and Log Into a ChannelRUSH Account and Why

When you sign up for a ChannelRUSH account, we ask for certain information like your contact details and billing information so we can communicate with you and so you can pay for our products and services. We also collect some information automatically, like your IP address, when you log in to your account or when your software application built on ChannelRUSH makes requests to our APIs. We use this to understand who is using our services and how, and to detect, prevent and investigate fraud, abuse, or security incidents.

Information You Share Directly

When you sign up for a ChannelRUSH account, you’ll be asked to give us your name, email address, phone number, company name, billing information, payment information and to create a password. We collect this information so we know who you are, we can communicate with you about your account, and we can recognize you when you communicate with us through the account portal or otherwise.

We also use your email address to send you information about other ChannelRUSH products, services or events in which we think you may be interested. You can opt out of further marketing communications through your marketing preferences page linked from any marketing email you receive from ChannelRUSH. Or, you can contact our Customer Support Team to communicate your choice to opt-out.

If you set up two-factor authentication for your account, we’ll ask you to enter a telephone number to set up the process. You have the option to use that telephone number as the method for us to communicate verification codes to you to verify that it is you logging into your account. You can alternatively use the Authy App for verification codes.

When you upgrade your trial account, we’ll ask you to provide our payment processor with your payment method information like a credit card, and/or your billing address. Our payment processor, acting on our behalf, gathers this so we can bill you for your use of our products and services. Our payment processor will share your billing address with ChannelRUSH. Your billing address may also be used by ChannelRUSH for tax calculation and audit purposes.

Information We Generate or Collect Automatically

When you use our account portal, we collect your IP address and other data through tracking technologies like cookies. We use this information to understand how customers are using our platform, who those customers are (if they are a company and the IP address is associated with that company), what country they are logging in from (for analytics and export control purposes), and to help improve the navigation experience.

Note that we also collect the IP address of your devices or servers when you make requests to our APIs. When you use our APIs, we also collect and process the information contained in those interactions.

All information we collect when you sign up for a ChannelRUSH account and interact with the ChannelRUSH account portal or our products or services may be used to detect, prevent, or investigate security incidents, fraud, or abuse and misuse of our platform and services.

When you visit a ChannelRUSH websites, including our web forms, we automatically collect certain information using tracking technologies like cookies. We use this information to understand how visitors to our websites are using them, which helps us understand how we can improve our websites. For more details on our use of cookies and tracking technologies, please see our Cookie Notice.

Other Direct Customer Data We Collect and Why

We may collect information about you, as our customer, from publicly-available sources so we can understand our customer base better.

We may use publicly-available information about you through services like LinkedIn, or we may obtain information about your company from third party providers to help us understand our customer base better, such as your industry, the size of your company, and your company’s website URL.

How Long We Store Your Personal Information

ChannelRUSH will store your Direct Customer Data as long as needed to provide you with our services and to operate our business. If you ask ChannelRUSH to delete specific personal information from your Direct Customer Data (see ‘How To Make Choices About Your Personal Information’ below), we will honor this request unless deleting that information prevents us from carrying out necessary business functions, like billing for our services, calculating taxes, or conducting required audits.

Here is an overview of how long we hold on to Direct Customer Data in a form that can be used to identify you, unless there is a specific need or obligation to retain your information longer (like in the case of an open investigation, audit or other legal matter):

• Customer Account Data stored in our customer relationship management system(s) is generally stored up to 7 years following closure of your account. Invoice records, including their digital equivalent, may be retained in identifying form by ChannelRUSH for longer periods for accounting, tax, and audit purposes depending on and in accordance with applicable tax law.
• Your communications with ChannelRUSH’s Customer Support Teams may be retained for up to 3 years after your account is closed.
• Apart from the above, within 60 days following closure of your account, we will either delete other Direct Customer Data or transform it such that it can no longer be used to identify you.

How We Processes Your End Customers’ Personal Information

Your end customer’s personal information typically shows up on ChannelRUSH’s platform contained in lodging reservation information. This personal information was generated at a point of sale by the data controller, and passed to ChannelRUSH for processing as a data processor.

As noted above, data protection (aka privacy) law in certain jurisdictions, like the EEA, differentiate between “controllers” and “processors” of personal information. When ChannelRUSH processes your customer’s data, we act as a processor.

How Long We Store Your End Customers’ Personal Information

ChannelRUSH will store your Indirect Customer Data as long as needed to provide you with our services and to operate our business. After that we offer data retention controls that you can utilize to determine how long you want access to the personal information, after which time personal information is anonymized or deleted in our system.

How We Secure Personal Information

We take appropriate administrative, physical, and technical measures (collectively “Security Measures”) to protect your personal information from loss, misuse, unauthorized access or disclosure, alteration and destruction. We follow generally accepted standards when implementing and maintaining such Security Measures, including, but not limited to, TLS/SSL for data in transit, limiting unnecessary access, using encryption, monitoring for unauthorized access attempts, and mitigating activities by bad actors. These Security Measures are periodically reviewed and, if necessary, updated to ensure they meet current and generally accepted best practices. Furthermore, only authorized personnel have access to personally identifiable information on a need to know basis. We also take measures to ensure service providers that process personal data on our behalf also have appropriate security controls in place.

Please note that no service is completely secure. While we strive to protect your data, we cannot guarantee that unauthorized access, hacking, data loss or a data breach will never occur.

Google’s Cloud Computing Platform

We run all of ChannelRUSH’s products and services in Google’s Cloud Computing Platform, engineered to be one of the most reliable and secure cloud computing environments in the business. Click here to learn more.

Encryption at Rest

Taking advantage of security features and policies from Google’s Cloud Computing Platform, “Encryption At Rest” means all data is stored in an encrypted state by default. Click here to learn more.

Encryption in Transit

Taking advantage of security features and policies from Google’s Cloud Computing Platform, “Encryption In Transit” means security measures are taken to encrypt data that is being transferred or in use (think pulling up information from our servers for display in your web browser). Click here to learn more.

Encrypted Backups

All of our backups are done so in an encrypted fashion, both in transit and at rest.

HTTPS Everywhere

All of our public websites, customer websites, and APIs are only accessible via secured and encrypted HTTPS connections.

Security Conscious Software Development

Even with the best hosting providers, security can still break down if the products and services designed are not done skillfully and with security in mind. Our senior software development team ensures security of storage and processing is a priority every step of software development.

How to Make Choices About Your Personal Information

You can make various choices about your Direct Customer Data through the account portal, such as accessing it, correcting it, deleting it, or updating your choices about how it is used. Any other requests about your data you cannot make through these self-service tools, you can request by emailing privacy@channelrush.com or contacting ChannelRUSH Customer Support.

GDPR, Privacy Shield, and Transfers of Personal Information Out of the EEA and Switzerland

When you use our account portal, or our other products and services, personal information of you and your end users processed by ChannelRUSH may be transferred to the United States, where our primary processing facilities are located, and possibly to other countries where we or our service providers operate. These transfers will often be made in connection with routing your communications in the most efficient way.

ChannelRUSH employs appropriate safeguards for cross-border transfers of personal data, as required by applicable local law, including the EU-U.S. Privacy Shield and Swiss – U.S. Privacy Shield Frameworks.

EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield

ChannelRUSH complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States.

ChannelRUSH has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov.

A company’s failure to comply with the Privacy Shield Principles is enforceable under Section 5 of the Federal Trade Commission (FTC) Act prohibiting unfair and deceptive acts.

In compliance with the Privacy Shield Principles, ChannelRUSH commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact ChannelRUSH at:

ChannelRUSH
privacy@channelrush.com
2590 Welton St Ste. 200 #1021
Denver, CO 80205

An individual has the possibility, under certain conditions, to invoke binding arbitration for complaints regarding Privacy Shield compliance not resolved by any of the other Privacy Shield mechanisms. For additional information, see: https://www.privacyshield.gov/article?id=ANNEX-I-introduction

ChannelRUSH has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints concerning data transferred from the EU and Switzerland.

GDPR
GDPR (General Data Protection Regulation) is a new set of rules – effective beginning May 25, 2018 – imposed by the European Union on all organizations worldwide that collect or process data about EU citizens.

If you are a visitor/customer located in the European Economic Area (“EEA”), ChannelRUSH Limited, a UK company, is the data controller of your personal information. ChannelRUSH’s Data Protection Officer can be contacted at privacy@channelrush.com.

Lawful Basis for Processing Personal Data

Our lawful basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it. However, we will normally collect personal information from you only where we have your consent to do so, where we need the personal information to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect personal information from you.

If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences if you do not provide your personal information). Similarly, if we collect and use your personal information in reliance on our legitimate interests (or those of any third party), we will make clear to you at the relevant time what those legitimate interests are.

Your Rights

GDPR imbues EU citizens with several new rights regarding your personal data and privacy.

• the right to be informed;
  You have the right to be informed how your personal data is being handled, or if it has been breached.
• the right of access;
  You have the right to know what data has been collected about you and how such data has been processed.
• the right to rectification;
  You have the right to correct incorrect personal data that has been collected about you.
• the right to erasure;
  You have the right to withdraw consent for lawful processing and ask for your personal data to be deleted.
• the right to restrict processing;
  You have the right to limit the processing of personal data.
• the right to data portability;
  You have the right to transfer personal data from one electronic processing system to and into another electronic processing system.
• the right to object;
  You have the right to object to the handling or processing of your personal information.
• the right to not to be subject to automated decision-making including profiling;
  You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects on you or similarly significantly affects you.

Data Breaches

ChannelRUSH will comply with the GDPR in respect to any data breach.

Subject Access Requests

If you would like to initiate a Subject Access Request concerning your personal information, please contact us at privacy@channelrush.com.

Or, you can mail us at the following address:
ChannelRUSH
8 Church Street
Suite 111
Inverness, IV1 1EA

Other Information You May Find Useful

Here’s some other information about our privacy practices, such as how we handle certain types of data like children’s data, how we handle do-not-track signals, what to expect if we make changes to our notice, and the legal bases for processing personal information.

Changes to Our Privacy Statement

We may change our Privacy Statement from time to time. If we make changes we’ll revise the “Effective” date at the top of this statement, and we may provide additional notice such as on the ChannelRUSH website homepage, account portal sign-in page, or via the email address we have on file for you. We will comply with applicable law with respect to any changes we make to this notice and seek your consent to any material changes if this is required by applicable law.

Information from Children

We do not knowingly permit children (under the age of 13 in the US or 16, if you live in the EEA) to sign up for a ChannelRUSH account. If we discover someone who is underage has signed up for a ChannelRUSH account, we will take reasonable steps to promptly remove that person’s personal information from our records. If you believe a person who is underage has signed up for a ChannelRUSH account, please contact us at privacy@channelrush.com.

Contact Us / Disputes

ChannelRUSH tries to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.

We hope we can resolve any disputes relating to our data protection practices between us. You can raise your thoughts, concerns, or dispute by emailing our Privacy Team at privacy@channelrush.com or by writing to us at:

ChannelRUSH
2590 Welton St
Ste. 200 #1021
Denver, CO 80205

For individuals in the EEA, you have additional rights to make a complaint to a competent data protection authority or commence proceedings in a court of competent jurisdiction in accordance with applicable data protection laws.

Unless you are in EEA or Switzerland, if you have a dispute with us relating to our data protection practices, please contact us by email us at privacy@channelrush.com.

For those in the EEA or Switzerland, if you have a dispute with us relating to our data protection practices or are not satisfied with how we’ve addressed your concerns or questions, you may complain to an independent dispute resolution provider, at no cost to you, as outlined in our Privacy Shield Statement.

If you are a resident of the EEA, you also have the right to lodge a complaint with your local data protection authority or the Data Protection Commissioner in the UK (where our EEA headquarters are based).

UK
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Email: casework@ico.org.uk
Telephone: 0303 123 1113 or 01625 545745
Fax: 01625 524510

Effective Date: May 20th, 2022