Effective Date: April 18, 2022
If you are a California resident, please also refer to the California Privacy Notice.
If you are located in the European Economic Area, the United Kingdom or Switzerland, please also refer to the Additional Disclosures for Individuals in Europe.
Collection of Information
We collect and use two types of information: personal information you directly provide to us, and information you indirectly provide to us when you access and interact with our Services.
Information You Provide to Us
We collect information you provide directly to us. For example, we collect information when you request a reservation or a brochure, create an account, go on one of our expeditions, participate in any interactive features of the Services (like send a message through the Services), fill out a form, participate in a contest or promotion, make a purchase, apply for a job, communicate with us via third party social media sites, request customer support, or otherwise communicate or interact with us. The types of information we may collect include your name, email address, postal address, phone number, credit card and other payment information, government identification information (like passport information when you make a reservation), health data and medical conditions (e.g., allergies, accessibility requirements and dietary restrictions/preferences) and any other information you choose to provide. We may collect information from you offline, such as when you speak on the phone with one of our expedition specialists or interact or transact with us in person at an event or during one of our expeditions. We may also collect professional and employment-related information about you if you apply for a job with us.
Information Collected Through Our Services
When you access or use our Services or transact business with us, we automatically collect information about you, including:
- Usage Information. Information about your use of the Services, such as the date and time the app on your device accesses our servers.
- Transactional Information. Information about the transaction, such as reservation details, purchase price, and date and location of the transaction.
- Log Information. Information related to your access to and use of the Services, including the type of browser you use, app version, access times, pages viewed, your IP address, and the page you visited before navigating to our Services.
- Device Information. Information about the computer or mobile device you use to access our Services, including the hardware model, operating system and version, unique device identifiers, Media Access Control (MAC) address, screen resolution, language, and mobile network information. We use this information to ensure that our Services function properly.
- Location Information. The approximate location of your device from your IP address.
Cookies & Similar Tracking Technologies
We (and our service providers) may use different technologies to collect information, including cookies and web beacons. Cookies are small data files stored on your hard drive or in device memory that we may use for security purposes, to facilitate navigation, to display information more effectively, and to personalize your experience. We also gather statistical information about use of our Services in order to continually improve their design and functionality, understand how they are used, and assist us with resolving questions about them. Web beacons (also known as “pixel tags” or “clear GIFs”) are electronic images that may be used in our Services or emails to help deliver cookies, count visits, track your actions on our Services and communications, compile statistics about the use and response rates of our Services and communications, and understand usage and campaign effectiveness. For more information about cookies and how to disable them, see Your Choices below.
Information We Collect From Other Sources
We may also obtain information about you from other sources. For example, we collect information about you from third parties, including from address and email address services as well as through participation in co-op marketing platforms (such as Epsilon). When you make a reservation for an expedition with one of our co-branded partners (such as National Geographic Partners, LLC or Hyatt Hotels Corporation), we collect information about you that you provide to these partners.
Use & Sharing of Information
We may, subject to applicable law, use any of the information we collect from you:
- to fulfill or meet the reason you provided the information and perform our services—e.g., respond to your inquiries; process and fulfill your requests and transactions (such as to process your payment, personalize your experience, provide you with documents needed for your expedition, and communication with you about your expedition); provide you with customer service; send you administrative information (such as changes to our terms, conditions, and policies) and technical notices, updates, security alerts, and support and administrative messages; and allow you to share content from the Services via our share feature.
- to provide you with marketing materials—e.g., send you marketing communications about products, services, and events offered by us and our affiliates, and provide news and information we think will be of interest to you (refer to Your Choices below for information about how to opt out of these communications at any time);
- to provide you with personalized services—e.g., personalize your use of our Services, such as providing you with content and offers we believe may be of interest to you;
- to accomplish our business purposes—
- for research and data analysis, e.g., to develop and improve the efficiency of our Services;
- to perform auditing functions, to verify that our internal processes function as intended and are compliant with legal, regulatory, or contractual requirements;
- for fraud and security monitoring and prevention, e.g., to detect and prevent cyberattacks or attempts to commit identity theft;
- for debugging to identify and repair errors that impair existing intended functionality;
- for providing customer support, e.g., to investigate and address customer concerns and monitor and improve our responses and customer service;
- for developing new products and services;
- for identifying usage trends, e.g., understanding which parts of the Services are of most interest to users;
- for determining the effectiveness of our promotional campaigns and auditing your interactions with our online ads, including by counting ad impressions and verifying positioning and quality of ad impressions, so that we can adapt our campaigns to the needs and interests of our users;
- for protection of the rights, property and safety of us, our customers or others, as necessary or appropriate;
- for responding to governmental authorities, including law enforcement requests, and as required by applicable law, court order, or regulations;
- for certain limited internal uses, provided the personal information is not disclosed to another third party and is not used to build a profile about you or otherwise alter your experience outside the current interaction; and
- for operating and expanding our business activities;
- as described to you when collecting your personal information or subsequently agreed to by you.
We may, subject to applicable law or your consent when required, share information with:
- our parent, affiliates and subsidiaries (including Natural Habitat Adventures, DuVine Cycling + Adventure Co., Classic Journeys LLC and Off the Beaten Path LLC) in an effort to bring improved products and services across our family of products and services, when permissible under relevant laws and regulations;
- vendors, service providers, and consultants that perform services for us such as market research, promotions management, data analysis, payment processing, customer service, mail/email delivery, auditing, and other services;
- our co-branded partners (e.g., Hyatt Hotels and National Geographic), booking partners, travel agents, tour and meal service providers, and others involved in your booking and accommodations;
- governmental authorities or other entities as required by law or regulation;
- other users of the Services, if you post content in a publicly-accessible area of the Services, such as when you submit information, photos/videos, or other content that may be viewed by other users of the Services or the general public, or when you send a message through the Services; and
- others authorized by you to receive the information.
Please note that your personal information may also be shared outside of Lindblad (and its affiliates) in connection with a sale, divestiture, or transfer of our company or any combination of its products, services, assets and/or affiliates. Your personal information may be among the items sold or otherwise acquired in these types of transactions. We may also sell, assign or otherwise transfer such information in the course of corporate divestitures, mergers, acquisitions, bankruptcies, dissolutions, reorganizations, liquidations, or similar transactions or proceedings involving all or a portion of the company.
We may use your information for any purpose or share it with any third party if we anonymize the information so that it no longer reasonably identifies you. Anonymization requires altering your information, so re-identification requires use of only non-public sources. Wherever possible, we require third party service provider use of the information to be anonymized or protected in accordance with our information security policies. We limit who we share your information with and the legitimate business purposes for which it can be used.
We may keep the information we collect until we no longer need the information to provide services to you or complete our transaction with you, to enable us to communicate with you about our service, for our research, evaluation of use, or troubleshooting purposes, for our analysis to improve quality of our services, or to satisfy our legal or contractual obligations.
Advertising and Analytics Services Provided by Others
We process personal information about minors to provide products and services when they are guests on one of our expeditions, but do not seek to collect personal information about minors for any other purpose. Our Services are not targeted at, nor do we knowingly collect personal information from, children under the age of 18. If we have reason to believe that information is being provided by a person under the age of 18, we will not collect the information. If you believe that we have collected information from a person under 18, please contact us at [email protected].
Transfer of Information to the U.S. And Other Countries
Lindblad is based in the United States, and we process and store information in the United States and other countries. Therefore, we and our service providers may transfer your information to, or store or access it in, jurisdictions that may not provide equivalent levels of data protection as your home jurisdiction. If you are in the European Economic Area, United Kingdom or Switzerland, we provide adequate protection for the transfer of personal data to countries outside of the EEA through a series of intercompany agreements based on the Standard Contractual Clauses or as otherwise authorized or permitted under EU law.
You have certain choices about the information we collect, use or share. To exercise any of your rights described below, please email us or send us a letter at any time at the address provided at the end of this notice (see “Contact Us”).
- You may see what data we have about you, if any.
- You may change or correct any data we have about you.
- You may instruct us to delete any data we have about you that is not required for the purposes described in this notice.
- You may express any concern you have about our use of your data.
- You may opt out of receiving promotional emails from Lindblad by following the instructions in those emails. If you opt out, we may still send you non-promotional emails, such as those about your account or our ongoing business relations. If you prefer that we discontinue sharing your personal information on a going-forward basis with our affiliated companies for their direct marketing purposes, you may contact us at [email protected].
- California residents may have additional personal information rights and choices. If you are a California resident, please refer to the California Privacy Notice for additional privacy disclosures.
- Nevada residents who wish to exercise their sale opt-out rights under Nevada Revised Statutes Chapter 603A may submit a request to this designated address: [email protected]. However, please know we do not currently sell data triggering that statute's opt-out requirements.
- Residents of the European Economic Area, the United Kingdom or Switzerland may have additional personal information rights and choices. If you reside in Europe, please also refer to the Additional Disclosures for Individuals in Europe.
Safeguarding Your Information
We are committed to keeping your personal information secure. We have implemented commercially appropriate technical, administrative and physical procedures and information security policies to safeguard your information from loss, misuse, or alteration. We limit access to personal information to individuals who have a business need consistent with the reason the information was provided. Wherever possible, we require our third-party service providers to protect your information in accordance with our information security policies.
We use no encryption (data scrambling) on certain portions of our website and mobile application, but use encryption on portions where you are transmitting sensitive information as described above. When you are on any website that asks you for confidential or personal information, you should check to see if the information being transmitted is encrypted in order to increase the security of your information. Keep in mind that there is no such thing as perfect security.
While we use encryption to protect sensitive information transmitted online, we also have processes and procedures designed to protect your information offline. Our policy is to grant access to only those employees who need the information to perform a specific job (for example, billing or customer service). The computers/servers in which we store personally identifiable information are kept in an environment that uses various administrative, physical, and technical security measures. The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a user name and/or password for access to certain parts of the Services, you are responsible for keeping this user name and/or password confidential. We ask you not to share your user name and/or password with anyone. We urge you to be careful about giving out personal or private information in public areas of the Services. The information you share in public areas may be viewed by any user of the Services.
California Privacy Notice
Effective Date: April 18, 2022
Your privacy is important to Lindblad Expeditions LLC (“Lindblad” or “we” or “us”). This California Privacy Notice explains how Lindblad collects, shares, uses and protects personal information relating to California residents covered by the California Consumer Privacy Act of 2018 (“CCPA”) over the past twelve (12) months. Any terms defined in the CCPA have the same meaning when used in this Notice.
Collection of Information
In the preceding twelve (12) months, we have collected the following categories of personal information:
- Identifiers, such as name, postal or electronic address, phone number, government-issued identifiers (e.g., passport details), account name (for our booking/guest portal) and social media account;
- Personal information as defined under the California Consumer Records statute (Cal. Civ. Code § 1788.80(e)) such as contact information, medical information, financial information and insurance information;
- Characteristics of protected classifications under California or federal law, such as age, gender, national origin and religion (as it pertains to guests’ dietary restrictions);
- Sensory and biometric information, such as photos and videos of you, audio recordings of phone calls (when permitted under law), and copies of passports and IDs;
- Commercial information, such as transaction history, account data and information about bookings or other products and services purchased or considered;
- Internet or network activity information, such as browsing history and interactions with our website, mobile application and/or services;
- Geolocation data, such as precise geolocation data from your device or Internet Protocol address;
- Professional or employment-related information (to the extent you submit a job application);
- Sensitive personal information, including—
- government identifiers (e.g., passport details);
- contents of mail, emails and text messages, blogs or other social media postings;
- health data and medical conditions (e.g., allergies, accessibility accommodations);
- religious beliefs (as it pertains to guests’ dietary restrictions) and
- Inferences drawn from any of the foregoing information.
Please be advised that “personal information” does not include information which is publicly available, anonymized or aggregated, nor other information which is excluded from the CCPA’s scope (e.g., information covered by other privacy laws such as the Fair Credit Reporting Act, the Gramm-Leach-Bliley Act or California Financial Information Privacy Act, and the Driver’s Privacy Protection Act).
Sources of Information
- From third parties that interact with us in connection with the services we perform;
- From marketing partners and commercially available third-party sources; and
- From publicly available databases.
Use of Information
We may keep the personal information we collect until we no longer need the information to provide services to you, complete our transaction with you, to enable us to communicate with you about our service, for troubleshooting purposes, for our analysis to improve quality of our services, or to satisfy our legal, regulatory, insurance or contractual obligations.
Sharing of Information
To perform the functions and provide the services described above, we may share your personal information with our affiliates and certain trusted third parties, such as:
- Our parent, affiliates or subsidiaries (including Natural Habitat Adventures, DuVine Cycling + Adventure Co., Classic Journeys LLC and Off the Beaten Path LLC) in an effort to bring improved products and services across our family of products and services, when permissible under relevant laws and regulations;
- Co-branded partners (e.g., Hyatt Hotels and National Geographic), service providers and vendors to perform functions and provide services, including (without limitation) booking reservations and arranging travel and accommodations, payment processing, and other activities relating to customer service, website/application and database hosting and maintenance, data analytics, call monitoring, email delivery and related communication infrastructure, marketing and marketing research, error monitoring, debugging, and information technology and related infrastructure;
- Other third parties to whom you authorize us to share personal information in connection with services provided by us; and
- Governmental authorities or other entities as required by law or regulation.
We require these third parties to maintain the privacy and security of the personal information they access and process on our behalf. We do not sell or rent your personal information to unaffiliated third parties, such as sellers of goods or services, for their own business or commercial purposes. We may share anonymous or aggregated information with third parties to help deliver products, services and content and for other purposes.
Access. As a California resident, you have the right to request that we disclose certain information to you about our collection and use of your personal information over the past twelve (12) months. Once we receive and verify your request, we will disclose to you:
- the categories of personal information that we have collected about you;
- the categories of sources from which the personal information was collected;
- the purpose for collecting your personal information;
- the categories of third parties to whom we disclosed your personal information, the categories of personal information that we disclosed (if applicable) and the purpose for disclosing your personal information; and
- the specific pieces of personal information we collected about you (also referred to as a “data portability” request).
Deletion. You have the right to request that we delete the personal information that we collected from you and retained, unless the CCPA recognizes an exception. We may maintain a confidential record of deletion requests solely for the purpose of preventing your personal information from being sold, for compliance with applicable law, or for other purposes permitted under the CCPA.
Correction. You may at any time direct us to correct any inaccuracies in the personal information that we maintain about you. Upon receiving and verifying your request to correct inaccurate personal information, we will use commercially reasonable efforts to correct the inaccuracy.
Restrict Use or Disclosure of Personal Information for Advertising & Marketing. We may use, or share to our affiliates and service providers, personal information about you for advertising and marketing purposes. You have the right, at any time, to request that we not use your sensitive personal information or disclose it for advertising and marketing purposes. Once we receive and verify your request, we will no longer use or share your personal information for advertising or marketing purposes.
How to Exercise Your Rights
If you are a California resident, you may submit a request by:
- Calling toll-free at 800-397-3348;
- Submitting an online request via email to [email protected];
Only you, or a person legally authorized to act on your behalf, may make a request related to your personal information. You may also make a request on behalf of your minor child. You may only make a request for access or data portability twice within a 12-month period.
Your request must (1) provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, and (2) describe your request with sufficient detail that allows us to properly understand, evaluate and respond to it. We cannot respond to your request or provide you with personal information if we cannot verify your identify or authority to make the request and confirm the requested personal information relates to you. Making a request does not require you to create an account with us. We will only use personal information provided in a request to verify the requester’s identity or authority to make the request.
Any disclosures we provide will only cover the 12-month period preceding our receipt of the request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
We will not discriminate against you for exercising any of your rights under California law. Unless permitted by applicable law, we will not deny you services, charge you different rates for services, provide you with a different level or quality of services, or suggest that you may receive a different rate for services or a different level or quality of goods or services.
However, we may offer you certain financial incentives permitted under California law that can result in different prices, rates, or quality levels. Any legally-permitted financial incentive we offer will reasonably relate to your personal information’s value and contain written terms that describes the program’s material aspects. Participation in a financial incentive program requires your prior opt-in consent, which you may revoke at any time.
If you have any questions or concerns about this California Privacy Notice, the ways in which Lindblad collects and uses your information described above, or your choices and rights regarding such use, please do not hesitate to contact us at:
96 Morton Street
New York, NY 11201
Additional Disclosures for Individuals in Europe
Effective Date: April 18, 2022
Legal Basis for Processing Personal Information
When we process your personal data, we will only do so in accordance with applicable data protection regulations and only in the following situations:
- We need to use your personal data to perform our responsibilities under a contract with you (e.g., processing payments for and providing the products and services you have requested).
- We have a legitimate interest in processing your personal data. For example, we may process your personal data to send you marketing communications, to communicate with you about changes to our products and services, and to provide, secure, and improve our products and services.
- We find such processing is necessary to comply with our legal obligations.
- We have your consent to do so. When consent is the legal basis for our processing, you may withdraw such consent at any time by contacting us at [email protected].
We store the information we collect on you only for as long as is necessary for the purpose(s) for which we originally collected it, or for other legitimate business purposes, including to meet our legal, regulatory, or other compliance obligations. The criteria used to determine the appropriate retention period for personal information include: (1) the amount, nature and sensitivity of the personal information; (2) the length of time we have an ongoing relationship with you and provide services to you; (3) the purposes for which we process the personal information; (4) the potential risk of harm from unauthorized use and disclosure of your personal information; (5) whether there are legal obligations or requirements to which we are subject; and (6) whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitation, litigation or regulatory investigations). After the expiry of the aforementioned retention periods, we will delete or anonymize your personal information.
Transfer of Personal Information
Lindblad Expeditions is based in the United States, and we process and may store information in the United States and other countries. If your personal information is transferred to the United States or other jurisdictions located outside of the European Economic Area, the United Kingdom or Switzerland, we will ensure that appropriate safeguards exist and are taken, including:
- the recipient of the information being located within a country that benefits from an “adequacy” decision of the European Commission;
- the recipient having signed a contract based on the standard contractual clauses approved by the European Commission, obliging them to protect your personal information;
- or in the absence of the above appropriate safeguards, we may ask for your consent for the cross-border transfer of your personal information or take any other measures that provide sufficient level of protection for your personal information.
Please be advised that U.S. law has not yet been recognized as providing for a data protection standard that is adequate to the ones within your jurisdiction.
Data Subject Requests
You have the right to access personal data that we maintain about you and to ask that your personal data be corrected, erased, or transferred. You may also have the right to object to, or request that we restrict, certain processing of your information. If you would like to exercise any of these rights, you may contact us by sending an email to [email protected]. Please be advised that our ability to honor these rights may depend upon our obligations to process personal information for security, safety, fraud prevention reasons, compliance with regulatory or legal requirements, or because processing is necessary to deliver the services you have requested. If we are not able to honor your request(s), we will inform you of the specific reasons in our response to your request.
Questions or Complaints
You may contact us at [email protected] if you have any questions about these Additional Disclosures. If you have a concern about our processing of personal data that we are not able to resolve, you have the right to lodge a complaint with the competent data protection supervisory authority. Information about how to contact your local data protection supervisory authority is available from the European Data Protection Board (https://edpb.europa.eu/about-edpb/about-edpb/members_en).
For further information, or to exercise any rights described herein, please contact us at:
96 Morton Street
New York, NY 11201