Last Updated September 6, 2023
Who We Are and What We Do
‘Sojern’ is the trading name of Sojern, Inc. and its subsidiaries, headquartered in San Francisco, California, and operating globally. We provide intelligent digital marketing solutions for the travel industry to engage and convert travelers. For more information about Sojern and our Services, visit our Website.
Chart of Data Categories, Sources, Purposes, and Disclosures
You can visit the Privacy Center for a chart summarizing the categories of personal information we collect, use, and disclose and their different sources, purposes, and disclosures.
Personal Information We Collect and How We Use Personal Information
Below we describe the personal information that we collect and how we use it:
- When providing our Services,
- On our Website, and
- When recruiting candidates for employment.
Providing Our Services
Personal information from our clients’ and partners’ representatives
If you represent a client or partner that is engaging with us to provide Services, we may collect and use personal information which is necessary for our business relationship. We use this personal information to manage our business relationship, administer our Services, and communicate with you. This personal information may include:
- Name and job title;
- Company or organization;
- Contact information, including email address and telephone number;
- Financial information, including payment card and other payment related information;
- Any other personal information relating to you or other third parties which you may provide to us for the purpose of receiving our Services.
When we provide Services for our clients and partners
When clients and partners engage with us to provide Services, we may collect and use your personal information for the performance of those Services. Those Services include:
- Delivering advertising campaigns and more relevant content to our clients’ potential travelers across the Internet, mobile applications, and other channels;
- Tracking travelers across devices and browsers for purposes of online behavioral advertising;
- Creating audience segments, using data collected from our pixels and partners, for our clients to optimize the relevance and performance of their advertising campaigns; and
- Delivering intelligent insights for our clients and partners to better understand their potential customers, the advertisements they see, and how they interact with online content.
To provide our Services we use aggregated and pseudonymized personal information collected directly from our clients, who have access to this information with the consent of their users. We also use aggregated and pseudonymized personal information collected directly from our partners, who have access to this information with the consent of their users. We may also receive aggregated or anonymized information from third-party sources such as data providers.
Specifically, we may enable clients and partners to use pixels that automatically collect personal information from their online properties to share with us. (Similar technologies to a pixel are used when you view an email from our clients or partners that has a Sojern tag, use a mobile application with a Sojern SDK installed, or see or interact with an online advertisement that was placed through our Services). This personal information may include:
- Pseudonymous IDs, such as cookie ID, mobile advertising ID (MAID), TV identifier, hashed email address, and other persistent alpha-numerical identifiers that do not, by themselves, personally identify a specific individual;
- Technical data, such as IP address, device type, browser type, date and time stamp of clicks and web visits, URLs, and other technical information;
- Customer relationship management (CRM) data belonging to our clients and partners that reflects their online and/or offline interactions with individuals;
- Audience data, such as information of preferences, interests, and consumer segment in aggregated and pseudonymized form.
The personal information that we may collect about you when you visit our Website broadly falls into the following categories:
Information that you provide voluntarily
We collect personal information that you provide voluntarily through our Website, for example when inquiring about or registering for our Services and events. We may use your information to send marketing and promotional materials to you. The information we collect about you may include some or all of the following:
- Name and job title;
- Company or organization;
- Contact information, including email address and telephone number;
- Demographic information such as preferences and interests;
- Information pertinent to fulfilling our Services to you; and
- Any other personal information that you voluntarily choose to provide to us.
We will be clear with the reasons why we ask you to provide other personal information that was not identified above at the point we collect such information.
Information we collect automatically
When you visit our Website, we may collect certain personal information automatically from your browser, collectively, ‘technical data’. Technical data may include your IP address, internet service provider (ISP), device type, browser type, date and time stamps, cookie data, and other technical information. We collect and use this information to help us understand visitors to our Website, respond to your requests, process transactions you initiate, and improve the quality and relevance of our Website.
We collect information from and about candidates in connection with available employment opportunities at Sojern. We use your personal information to match your qualifications with the specific roles offered at Sojern. This information may include:
- Resume or curriculum vitae;
- Identification documents;
- Academic records;
- Work history; and
- Employment and personal references.
We may collect sensitive personal information where we have an employment law obligation to do so, the information is relevant to place future employment benefits, or with your explicit consent. We do not use sensitive personal information to determine credit worthiness or eligibility for insurance, employment, housing, etc. We may need to conduct criminal background checks for some candidates for eligibility to work at Sojern. On a voluntary basis, we may also ask you to provide diversity information such as your race/ethnicity or veteran status for diversity monitoring purposes.
We may collect personal information from candidates from the following sources:
- Directly from you, for example, when applying for a position through our careers Website;
- From recruitment agencies that identified you as a potential candidate;
- Through publicly available sources online, for example, where you have a professional profile posted online; and
- By reference or word of mouth, for example, through a referral from an individual connected to you.
Children's Personal Information
We do not direct or advertise our Services to children under the age of thirteen (13) or other minimum age as required by local law. We do not knowingly collect personal information from children. If you are a child or you are a parent or legal guardian of a child and personal information was provided to us, you may alert us at email@example.com. We will take steps to delete such personal information from our files as soon as possible.
We may share your personal information with the following categories of recipients:
- To our subsidiaries and affiliates under the Sojern trade name, as well as partners and third party services providers who provide data processing services to us (for example, for Website spam security services; or if you are a candidate, from recruitment agencies we have engaged);
- To any competent law enforcement body, regulator, government agency, court or other third party where we believe disclosure is necessary: (i) as a matter of applicable law or regulation, such as complying with a subpoena or other legal process, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person;
- Professional advisors, such as lawyers, auditors, bankers and insurers, where necessary in the course of the professional services that they render to us; and
- To a person you have given us your consent to disclose to.
- You can visit our Partner & Subprocessor List for more information about our data processors.
Other Uses of Personal Information
In addition to the uses of personal information described above, we may use personal information for the following general purposes:
- Where permitted by our client or partner agreements, for internal uses including research, fraud prevention and detection, and product development and improvement;
- To investigate, identify, and respond to fraudulent, harmful, unauthorized, unethical or illegal activity, including cybersecurity threats, and assist others to do the same;
- To respond to law enforcement investigations, including responding to lawful requests and legal process in civil, criminal, or investigative matters, including to meet national security or law enforcement requirements;
- To enforce agreements, terms and conditions, and policies, and protect our legal rights; and
- To protect the personal safety of you, Sojern employees, our clients and partners or any person.
We rely on a number of legal bases to collect, use, and disclose your personal information, including:
- As necessary to provide the Services and fulfill our contractual obligations;
- With your consent;
- To comply with a legal obligation, court order, or to exercise and defend legal claims;
- To protect your vital interests or those of others; and
- For Sojern’s or a third party’s legitimate interests, and not overridden by your interests and fundamental rights and freedoms.
Safeguarding Personal Information
We use appropriate technical and organizational measures to protect the personal information that we collect and process about you. We have implemented policies that include administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, use, and disclosure. The measures we use are designed to provide a level of security appropriate to the risk of processing your personal information.
Retention of Information
We retain personal information we collect from you where we have an ongoing legitimate business need to do so (for example, to provide the Services to you or others, or to comply with applicable legal, tax, or accounting requirements). We also retain and use personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
When we have no ongoing legitimate business need to process your personal information, we either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), we securely store your personal information and isolate it from any further processing until deletion is possible. When it is no longer necessary and relevant to provide our Services, we may aggregate or de-identify your personal information and combine with other non-personal information to provide insights and statistics and improve our products and services.
We retain raw, cookie-level data associated with our Services for up to 24 months. At the time of collection, we may create aggregated data that cannot be re-associated with an individual cookie. We may retain this aggregated data for a longer period as required by law or otherwise necessary to resolve a dispute and enforce our agreements.
Sojern cookies expire in 12 months, although your additional use of other businesses’ websites may result in the placement of a new cookie.
Our Website servers are located in the United States. To deliver our Services, we use a cloud hosting service provider that distributes traffic across servers located in multiple geographies, known as geographic load balancing. Data is then transferred to data centers located in the United States for processing. Our subsidiaries, affiliates, partners, and third party service providers operate around the world. This means that we collect your personal information and it may be processed in countries that may have data protection laws that are different to the laws of your country.
Sojern is responsible for the processing of personal data it receives, under the DPF, and subsequently transfers to a third party acting as an agent on its behalf. Sojern complies with the DPF Principles for all onward transfers of personal data from the EU, UK, and Switzerland, including the onward transfer liability provisions.
The Federal Trade Commission has jurisdiction over Sojern’s compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF. In certain situations, Sojern may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Sojern commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF to TRUSTe, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://feedback-form.truste.com/watchdog/request for more information or to file a complaint. These dispute resolution services are provided at no cost to you.
For complaints regarding DPF compliance not resolved by any of the other DPF mechanisms, you have the possibility, under certain conditions, to invoke binding arbitration. Further information can be found on the official DPF website.
Our Standard Contractual Clauses or Data Privacy Framework certification can be provided on request.
Opting-Out of Sojern Targeted Advertising
You may choose to opt-out of cookie-based targeted advertising from Sojern by following opt-out instructions in the Privacy Center. We comply with opt-out requests by placing an “opt-out” cookie on your computer or device, so, if you clear your cookies on that computer or device, we are unable to read the “opt-out” cookie. You may also change your browser settings so that cookies cannot be placed on your device and modify your mobile device settings for seeing advertisements. Additionally, you may choose to opt-out of receiving browser-based targeted advertisements from us by following opt-out instructions here:
- Digital Advertising Alliance in the U.S. (DAA)
- Digital Advertising Alliance of Canada in Canada (DAAC)
- European Interactive Digital Advertising Alliance in Europe (EDAA). Sojern is a member of the DAA, DAAC, and EDAA and adheres to these organizations’ Self-Regulatory Principles.
If you wish to exercise your privacy rights related to the personal information provided by our clients or partners, we may help by directing your requests to them so they may appropriately respond.
For additional privacy rights that you may have under your local privacy laws, please see the following sections.
Your Privacy Rights
Under applicable privacy laws, you may have the following privacy rights at any time:
- Access: You can request a copy of the personal information we have collected about you.
- Appeal: You can appeal our denial of any request validly submitted.
- Correction: You can ask us to correct inaccurate personal information that we have collected about you.
- Deletion: You can ask us to delete the personal information that we have collected from you.
- Nondiscrimination: You are entitled to exercise the rights described above free from discrimination as prohibited under applicable privacy laws.
- Objection: You can object to the processing of your personal information if processed under the “legitimate interests” ground under GDPR, ask us to restrict processing of your personal information, or request we port your personal information;
- You can opt-out of targeted advertising from Sojern;
- You can opt-out of marketing communications we send you; and
- For United States residents: You may have the right to opt-out of the “sale” or “sharing” of your personal information and the processing of your personal information for targeted advertising purposes, as defined under applicable state-level privacy laws. See the “Additional Information for United States Residents” section below for additional information.
- Information: You can request information about our collection, use and disclosure of your personal information, including: (i) a description of the categories of personal information we have collected or shared; (ii) a description of the categories of sources from which we have collected your personal information; (iii) a description of the categories of third parties with whom we have shared your personal information; (iv) a description of our purposes for collecting and sharing your personal information; and (v) if we have used your personal information for direct marketing purposes;
- If we collected your personal information with your consent, you can withdraw your consent; and
- You can complain to a data protection authority about our collection and use of your personal information.
Exercising your privacy rights: You can visit the Privacy Center to access/export or delete your personal information, and also opt-out of targeted advertising from Sojern, as described in the section “Opting-Out of Sojern Targeted Advertising”. You can also exercise these and the other privacy rights above by contacting us by email at firstname.lastname@example.org. Contact details for data protection authorities in the European Economic Area, Switzerland, and certain non-European countries (including the US and Canada) are available on the European Commission website. We respond to all requests received from individuals wishing to exercise their privacy rights in accordance with applicable privacy laws.
You may choose to not receive marketing emails by following the “unsubscribe” link found in these emails or emailing us at email@example.com.
Additional Information for United States Residents
Do Not Sell or Share My Personal Information: While we do not sell personal information for monetary compensation, under some United States privacy laws the disclosure of your pseudonymous personal information to ad exchanges, ad networks, and other companies in the programmatic advertising ecosystem, may constitute a “sale” or “sharing” of personal information, even absent an exchange of money. You have the right to opt-out of “sales”/”sharing” and can submit your opt-out request by visiting the Privacy Center. You can also exercise these rights by contacting us by email at firstname.lastname@example.org. You can also exercise your right to opt-out of sales/sharing occurring on the Website by using an opt-out preference signal in your web browser or by using the Do Not Sell or Share My Personal Information link in the Website’s cookie notice. We do not knowingly sell or share the personal information of individuals under 16 years of age.
Verification of Privacy Requests and Authorized Agents: We may need to verify your identity in order to process your information/, access, appeal, correction, or deletion requests and reserve the right to confirm your residency. To verify your identity, we may require government identification, a declaration under penalty of perjury, or other information, where permitted by law.
Under applicable US privacy laws, you may appoint an authorized agent to exercise your rights on your behalf. However, we may need to verify your authorized agent’s identity and authority to act on your behalf. We may require a copy of a valid power of attorney given to your authorized agent pursuant to applicable law. If you have not provided your agent with such a power of attorney, we may ask you to take additional steps permitted by law to verify that your request is authorized, such as by providing your agent with written and signed permission to exercise your privacy rights on your behalf, the information we request to verify your identity, and confirmation that you have given the authorized agent permission to submit the request. In order for us to honor a request made by your agent, you must submit proof of your written authorization of the agent to email@example.com.
We do not use or disclose sensitive personal information for purposes that California residents have a right to limit under the CCPA.
We do not share your personal information with third parties who are not our clients and partners for their direct marketing unless you authorize us to do so.
If you have any questions or concerns about our collection or use of your personal information, email us at firstname.lastname@example.org.
The entity that decides how and for what purposes we use your personal information (“data controller”) for the Website and Services is Sojern, Inc. If you are a candidate seeking employment at Sojern, the data controller is the relevant Sojern entity with whom you have engaged. Address details for all Sojern entities are available on the Contact Us page.
You may contact us via postal mail to the addresses below:
545 Market Street, Floor 4
San Francisco, CA 94105
Sojern International Ltd.
34-37 Clarendon Street