Checkfront Privacy Policy

Last Update: March 26, 2025

At Checkfront Bookings, Inc. (“Checkfront”,“Company”,“we”,“our” or “us”), we value your trust and are constantly striving to provide excellent service to you, our customers and business partners, while building a long-lasting relationship with you. To achieve these goals, we collect and analyze information about you, your business, and the reservations and other transactions that are made using Checkfront.

We believe in being clear and open about how we collect data related to you when you visit our website at www.checkfront.com (the “Website(s)”), use the Website-based chat tool, and/or use Checkfront’s mobile application named Checkfront – Online Booking (“App”), create an account, use our services or www.checkfront.com to manage their tour and activity inventories, subscribe to our newsletter, interact with us, participate in online advertisements or marketing emails, opt-in to receive SMS mobile messages, or engage with any other websites, pages, features, or content we own, operate and/or provide (collectively with the Websites, SaaS and App, the “Services”) that direct you to this Privacy Notice (“Privacy Notice”).

No matter how Checkfront comes to have your information, we want you to know that we respect the privacy of your information and that you should be aware of how we handle it. This Privacy Notice is designed to help you understand how we collect, use, share and safeguard the information you provide to us and to assist you in making informed decisions when using our Services.

By accepting our Privacy Notice and/or accessing and using the Services, you consent to our collection, storage, use and disclosure of your Personal Information as described in this Privacy Notice and the Cookie Policy located at https://www.checkfront.com/terms/cookie-policy/ (“Cookie Policy”). The use of www.checkfront.com is subject to the Checkfront Terms of Service located at https://www.checkfront.com/terms/. 

Please click on the links below to go directly to that section of the Privacy Notice:

• Types of Data We Collect
• Children’s Online Privacy Protection Act (“COPPA”)
• Information You Provide Us
• Collected via Technology
• Use of Your Personal Information
• Use of Non-Personal Information
• How We Share Your Personal Information
• Links to Third-Party Websites and Third-Party Providers
• Your Rights Regarding the Use of Your Personal Information
• How to Exercise Your Right(s)
• How We Protect Your Personal Information
• How We Retain Your Personal Information
• Accessibility
• Changes to This Privacy Notice
• Other Jurisdictions
• Notice to California Residents
• Notice to Residents of the European Union, the European Economic Area and the United Kingdom
• Notice to Canadian Residents
• Notice to Residents Outside of the United States, EU, EEA and UK and Canada
• Notice to Texas Residents
• Contact Information

Types of Data We Collect

We collect “Non-Personal Information” and “Personal Information” and the information we collect from you depends on how you use the Services.“Non-Personal Information” includes information that cannot be used to personally identify you, such as anonymous usage data, general demographic information we may collect, referring/exit pages and URLs, platform types, preferences you submit and preferences that are generated based on the data you submit and number of clicks.“Personal Information” means data that allows someone to identify or contact you, including, for example, your name, address, telephone number, email address, as well as any other non-public information about you that is associated with or linked to any of the foregoing data. 

Our primary purpose in collecting personal information from you is to provide you with a safe, smooth, efficient, and customized experience. This allows us to provide services and features that most likely meet your needs, and to customize our service to make your experience safer and easier. We only collect personal information about you that we consider necessary for achieving this purpose.

Once you become a User, we require you to provide various contact and identity information, billing information, and other personal information as indicated on the relevant forms on the Site (which vary, depending on what kind of User you are), and you are no longer anonymous to us. Where possible, on these forms, we indicate which fields are required and which fields are optional.

In addition, as you use the Site, you can from time to time enter or send to us personal information. For example, if you are a Subscriber, you can set up your profile and other billing information, and if you are a Customer, you can enter information about a booking. As you use the Site you can also from time to time enter personal information about third parties. For example, if you are a Subscriber, you can enter personal information about your Customers or your staff.

You always have the option to not provide information by choosing not to become a User or by not using the particular feature of the Site for which the information is being collected.
If you are a Subscriber, we collect your credit card information for billing purposes. And if you are a Customer who wishes to pay amounts to a Subscriber, we collect your credit card information for payment purposes.

Our Integrations section provides connections to third-party systems. Although it may appear that you are within the Checkfront Site, please be aware that you are also providing data to these third-party systems. You should review the privacy and terms of service with any third-party system before using it with the Site.

In general, you can browse the Site without telling us who you are or revealing any personal information about yourself. However, we automatically track certain information about you based upon your behaviour on our Site and store it through log files. We use this information to do internal research on our users’ demographics, interests, and behaviour to better understand, protect and serve you and our community, and to improve our Site. This information may include the URL that you just came from, which URL you next go, your computer browser information, and your IP address. We may provide Customers’ IP addresses to payment intermediaries in the course of the payment process.

Children’s Online Privacy Protection Act (“COPPA”)

Our Services are not designed for children under 13, and we do not intentionally or knowingly collect Personal Information from users who are under the age of 13 or from other websites or services directed at children. If we discover that a child under 13 has provided us with Personal Information, we will delete such information.

Information You Provide to Us

• We collect Personal Information from you, such as your role/title, first and last name, e-mail, mailing address, phone, username, and password when you choose to subscribe to our Services/ set up an account through the Services.
• When you engage us to provide Services, our payment processor will collect all information necessary to complete the transaction, including your name, company name, credit card information, billing information, and direct deposit/ ACH information.
• We may also collect your name, physical address, and any information in connection with referral programs in order to ship rewards we may provide.
• If you provide us feedback or contact us via email, we may collect your name, if stated, and email address, as well as any other content included in the email, in order to send you a reply.
• When you participate in one of our surveys, we may collect additional information that you knowingly provide.
• We will maintain the information you send via email in accordance with applicable federal law.
• In compliance with the CAN-SPAM Act, all emails sent from our organization will clearly state who the email is from and provide clear information on how to contact the sender. In addition, all email messages will also contain concise information on how to remove yourself from our mailing list so that you receive no further email communication from us.

Collected via Technology

• In an effort to improve the quality of the Services, we reserve the right to track information provided to us by your browser or by our software application when you view or use the Services, such as the website you came from (known as the “referring URL”), the type of browser you use, the device from which you connected to the Services, the time and date of access, and other information that does not personally identify you. We track this information using Cookies. Cookies are sent to a user’s browser from our servers and are stored on the user’s computer hard drive or mobile device. Sending a Cookie to a user’s browser enables us to collect Non-Personal information about that user and keep a record of the user’s preferences when utilizing our Services, both on an individual and aggregate basis. Please see our Cookies Policy for information about our use of cookies and other tracking technologies
• We may also use third-party analytics services such as Hubspot, Clay, Dealfront and Google Analytics to collect information about how you use and interact with our Services. Such third-party analytics services may use Cookies to gather information such as the pages you visited, your IP address, a date/time stamp for your visit and which website referred you to the Websites, SaaS or App.  We also use, as part of the chat functionality of our website, services provided by third-party Zendesk.  When you utilize that chat functionality, information about you, including any information you enter into the chat, will be sent to and processed by third-party Zendesk.”
• Our Website and App use social media connectors. They are social media buttons, such as Facebook, Instagram, X (formerly known as Twitter), LinkedIn and YouTube, you see on our Website(s) and App or blog posts that allow you to connect and learn more about us and interact with us, our users and marketing partners. We reserve the right to use technological equivalents of Cookies, including social media pixels. These pixels allow social media sites to track visitors to outside websites so as to tailor advertising messages users see while visiting that social media website. We reserve the right to use these pixels in compliance with the policies of the various social media sites. These social media third-party providers may combine your information with other information they have about you. The Personal Information that is shared with them will be governed by the third-party provider’s privacy policy and will apply to any Personal Information Checkfront may access through the third-party provider.
• Some content or applications, including advertisements, on the Services are served by third parties, including advertisers, ad networks and servers, content providers, and application providers. These third parties may use Cookies alone or in conjunction with web beacons or other tracking technologies to collect information about you when you use our Services. The information they collect may be associated with your Personal Information, or they may collect information, including Personal Information, about your online activities over time and across different websites and other online services. They may use this information to provide you with interest-based (behavioral) advertising or other targeted content. We do not control these third parties’ tracking technologies or how they may be used, and we are not liable for any third-party providers, acts or omissions. If you have any questions about an advertisement or other targeted content, you should contact the third-party provider directly.

Use of Your Personal Information

We use personal information in the file we maintain about you, and other information we obtain from your current and past activities on the Site and Services, to provide to you our Services; resolve service and billing disputes; troubleshoot problems; bill any amounts due from you; measure consumer interest in our products and Services, inform you about online and offline offers, products, services, events and updates; deliver information to you that, in some cases, is relevant to your interests, such as product news; customize your experience; detect and protect us against error, fraud and other criminal activity; enforce our Terms of Use; provide you with system or administrative messages, and as otherwise described to you at the time of collection. On occasion, we use email addresses or other contact information to contact our Subscribers to ask them for their input on our services, to forward to them media opportunities, and even to invite them to dinner.

We may also use personal information about you to improve our marketing and promotional efforts, to analyze Site usage, to improve our content and product offerings, and to customize the Site’s content, layout, and services. These uses improve the Site and better tailor it to meet your needs, so as to provide you with a smooth, efficient, safe and customized experience while using the Site.

If you wish to subscribe to our newsletters, we will use your name and email address to send the newsletter to you. Out of respect for your privacy, we provide you with a way to unsubscribe in the email. If you wish to no longer receive our newsletters you may update the settings in your account, follow the unsubscribe instructions located in the email, or you may submit a request. Please note that you may continue to receive transactional and account-related electronic messages from us.

Use of Non-Personal Information

In general, we use Non-Personal Information to help us improve the Services and customize the user experience. We also aggregate Non-Personal Information in order to track trends and analyze use patterns on the Services. This Privacy Notice does not limit in any way our use or disclosure of Non-Personal Information, and we reserve the right to use and disclose such Non-Personal Information to our partners, advertisers and other third parties at our discretion.

How We Share Your Personal Information

Subject to the exceptions below, we do not sell, rent, lease, retain, disclose or otherwise transfer any information collected either automatically or through your voluntary action to any third party. We will share your personal information with third parties only in the ways that are described in this Privacy Policy, or as otherwise in accordance with instructions provided by our Subscribers. The following describes some of the ways that your information may be disclosed in the normal scope of business to provide our services:

Subscribers and Customers

In the normal operation of the Site and our Services, Subscriber bookings (including information entered by “staff” members) and invoices are disclosed to the applicable Customers, and Customer information is shared with the applicable Subscriber for the purposes of completing the Services that the Customer requests. In general, information you enter on the Site or through our Services is available to other persons – whether they are Customers, Subscribers, staff members or others – to whom you give access to your account or to whom you give access to the information through the normal operation of the Site or Services.

Payment Information

We use credit card and other contact information (such as PayPal email addresses) you submit to us on the Site or through our Services, and other information that we collect, as required, to process payments you make through the Site or Services through our payment processor intermediaries. We do not store credit card or other payment method information. 

Anonymized Aggregated Data

We aggregate and anonymize sales information including (but not limited to) industry type, number of bookings sent, average booking size, method of sending bookings, percentage paid online, sales amounts and average sale per customer, and disclose such information in a non-personally identifiable manner to Subscribers as part of our Services to them. However, in these situations, we do not disclose any information that could be used to identify you personally.

Links to Third-Party Websites and Third-Party Providers

As part of the Services, we may provide links to or compatibility with other websites or applications; however, we are not responsible for the privacy practices employed by those websites or the information or content they contain, nor are we liable for third party products, services, acts and/or omissions. This Privacy Notice applies solely to information collected by us in relation to the Services and your use of the Services. Therefore, this Privacy Notice does not apply to your use of a third-party website accessed by selecting a link via the Services. To the extent that you access or use the Services through or on another website or application, then the privacy notice of that other website or application will apply to such access and/or use. We encourage our users to read the privacy statements of other websites before proceeding to use them.

Your Rights Regarding the Use of Your Personal Information

We may send periodic promotional emails to you. You have the right at any time to prevent us from contacting you for marketing purposes. When we send a promotional communication to a user, the user can opt out of further promotional communications by following the unsubscribe instructions provided in each promotional email. If you unsubscribe from the promotional emails, you will still receive emails related to the Services, including booking confirmations. Please note that notwithstanding the promotional preferences you indicate by unsubscribing, we may continue to send you administrative emails including, for example, periodic updates to our Privacy Notice and other non-marketing communications. Please note that it may take up to 10 business days for us to process unsubscribe requests. 

Your Rights and Choices

If applicable privacy laws allow, you may have rights over your Personal Information. This includes, but is not limited to:

• Right to Know. You have the right to request disclosure about our Personal Information collection practices during the prior 12 months, including the categories of Personal Information we collected, the sources of the information, our business purposes for collecting or sharing the information and the categories of third parties with whom we shared such information. You may request a copy of the specific pieces of Personal Information we may have collected about you in the last 12 months.
• Right to Delete. You may request that we delete (and direct our service providers to delete) your Personal Information, subject to certain exceptions.
• Right to Opt-Out. You have the right to opt out of any ‘sales’ of your Personal Information, if a business is selling your information. For clarity, we do not sell your Personal Information.
• Non-Discrimination. You have the right not to be discriminated against for exercising these rights. You can make the following choices regarding your Personal Information:

• Access To Your Personal Information. You may request access to your Personal Information by contacting us at the address below. If required by law, upon request, we will grant you reasonable access to the Personal Information that we have about you. We will provide this information in a portable format, if required. Note that California residents may be entitled to ask us for a notice describing what categories of Personal Information (if any) we share with third parties or affiliates for direct marketing.
• Changes To Your Personal Information. We rely on you to update and correct your Personal Information. Please update your Personal Information by logging into your account or contact us at the address or via email below, immediately if there are any changes to your Personal Information. Note that we may keep historical information in our backup files as permitted by law.
• Deletion Of Your Personal Information. Typically, we retain your Personal Information for the period necessary to fulfill the purposes outlined in this Privacy Notice, unless a longer retention period is required or permitted by law, or as otherwise described in this Privacy Notice. You may, however, request information about how long we keep a specific type of information, or request that we delete your Personal Information by contacting us at the address below. If required by law, we will grant a request to delete information, but you should note that in many situations we must keep your Personal Information to comply with our legal obligations, resolve disputes, enforce our agreements, or for another one of our business purposes.

If you decide to delete your in-app account, you may do so by selecting “Delete My Account” on your profile page. Deleting your Checkfront account in-app will:

1. Sign you out immediately
2. Remove or anonymize any identifiable user information
3. Remove your email from our mailing lists

You will receive an email when the account deletion is completed.

• Objection to Certain Processing. You may object to our use or disclosure of your Personal Information by contacting us at the address or email below.
• Online Tracking. We do not currently recognize automated browser signals regarding tracking mechanisms, which may include ‘Do Not Track’ instructions.
• Promotional Emails. You may choose to provide us with your email address for the purpose of allowing us to send free newsletters, surveys, offers, and other promotional materials to you, as well as targeted offers from third parties. You can stop receiving promotional emails by following the unsubscribe instructions in emails that you receive. If you decide not to receive promotional emails, we may still send you communications related to your use of the Services and for administrative purposes, for reasons such as providing you with updates to this Privacy Notice.
• Revocation Of Consent. If you revoke your consent for the processing of Personal Information, then we may no longer be able to provide you with Services. In some cases, we may limit or deny your request to revoke consent if the law permits or requires us to do so, or if we are unable to adequately verify your identity. You may revoke consent to processing (where such processing is based upon consent) by contacting us at the address below.

How to Exercise Your Right(s)

You may enquire about your Personal Information by contacting us as described below, and we’ll generally respond to all access requests within 30 days of the receipt of all necessary information. As required by law, we will require you to prove your identity before providing you with the Personal Information we hold about you. We may verify your identity by phone call or email. Depending on your request, we will ask for information such as your name or other account information. We may also ask you to provide a signed declaration confirming your identity. Following a request, we will use reasonable efforts to supply, correct or delete Personal Information about you in our files. In circumstances where we are not able to provide access, or if additional time is required to fulfill a request, we will advise you in writing.

In some circumstances, you may designate an authorized agent to submit requests to exercise certain privacy rights on your behalf. We will require verification that you provided the authorized agent permission to make a request on your behalf. You must provide us with a copy of the signed permission you have given to the authorized agent to submit the request on your behalf and verify your own identity directly with us. If you are an authorized agent submitting a request on behalf of an individual, you must attach a copy of the following information to the request:

• A completed written notice indicating that you have authorization to act on the consumer’s behalf signed by you and the consumer.
• If you are a business, proof that you are registered with the appropriate Secretary of State to conduct business in that state.

If we do not receive this information, the request will be denied.

Checkfront may not release certain types of information based upon exemptions specified in applicable laws. Where possible, we will sever the information that will not be disclosed and provide you with access to the remaining information. Should we be unable to provide access to or disclose Personal Information to you, we will provide you with an explanation, subject to restrictions.

In certain circumstances, such as where the request is excessive or unfounded, we may charge you an administration fee for access to your Personal Information. We may also charge for additional copies. We will

advise you of any fees before proceeding with a request. You may learn more about the process or obtain assistance in completing an access request by contacting us as described below.

How We Protect Your Personal Information

Checkfront strives to protect your personal information. We have implemented reasonable administrative, technical and physical safeguards designed to protect personal information in our custody and control from unauthorized access, use, modification and disclosure of personal information in our custody and control. For example, for security of transactions, we use the Secure Sockets Layer (SSL) protocol, which encrypts any information, such as credit card numbers and billing information, you send to us electronically. The encryption process protects your information by scrambling it before it is sent to us from your computer. Once Checkfront receives your transmission, we make commercially reasonable efforts to ensure its security on our system. Unfortunately, no data transmission over the Internet can be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot warrant the security of any information you transmit to us. More information about security is available on the Site and in our Terms of Service.

How We Retain Your Personal Information

We will retain your information for as long as your account is active or as needed to provide you with services. We will retain and use your information as long as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. For more information, see Data Protection, Ownership & Confidentiality in our Terms of Service.

Accessibility

If you are visually impaired, you may access this Privacy Notice through your browser’s audio reader.

Changes to This Privacy Notice

We reserve the right to change this Privacy Notice or any agreement you entered into with Checkfront from time to time. We will notify you of significant changes to this Privacy Notice by sending a notice to the primary email address specified by you or by placing a prominent notice on the Websites and App. Significant changes will go into effect thirty (30) days following such notification. Non-material changes or clarifications will take effect immediately. You should periodically check the Services and this Privacy Notice for updates.

Other Jurisdictions

Personal information that you submit through the Services may be transferred outside of the jurisdiction in which you live. We also store Personal Information locally on the devices you use to access the Services. Your Personal Information may be transferred to other jurisdictions that do not have the same data protection laws as the jurisdiction in which you initially provided the information. The following provisions may apply to you depending on where you are located.

Nevada

This notice is provided to you pursuant to state law. Nevada state privacy laws permit us to make marketing calls to existing users, but if you prefer not to receive marketing calls, you may be placed on our internal opt-out list by emailing us at support@checkfront.com or you may also contact the Nevada Bureau of Consumer Protection, Office of the Nevada Attorney General, 555 E. Washington St., Ste 3900, Las Vegas, NV 89101; telephone 702-486-3132; email: AGCinfo@ag.nv.gov.

Although we do not currently conduct sales of personal information, Nevada residents may submit a request directing us not to sell personal information we maintain about them if our practices change in the future. To exercise this right, email us at support@checkfront.com with the subject line: “Nevada: Request to Opt-Out.”

Vermont

In accordance with Vermont law, we will not share information we collect about you with companies outside of Checkfront except as described herein, or otherwise required or permitted by law.

Virginia

This Section is only applicable to you if you are a resident of the state of Virginia (“Virginia Residents”). If you have a complaint, first contact us at support@checkfront.com. We will respond within 45 days after receipt of your request, and such time may be extended for an additional 45 days if it is reasonably necessary. We will notify you of any extension within the initial 45-day period. If you are not satisfied with our responses, you have the right to appeal. We will respond within 45 days of receipt of your appeal. If you still have an unresolved complaint, please direct your complaint to the Virginia Attorney General at service@oag.state.va.us or call (804)786-2071.

Colorado

If you are a Colorado resident, the Colorado Privacy Act (“CPA“) provides you with specific rights regarding your personal data, subject to certain exceptions. The CPA also does not apply to certain types of personal data maintained in compliance with specific federal privacy laws, such the Health Insurance Portability and Accountability Act and the Fair Credit Reporting Act, or for certain governmental purposes. For a complete list see CRS §6-1-1304.

The CPA defines “Personal Data” as any non-public information that can be linked or reasonably linked to an individual and does not include de-identified data.“Sensitive Data Inference(s)” means inferences made by a controller of Personal Data,“alone or in combination with other data, which are used to indicate an individual’s racial or ethnic origin; religious beliefs; mental or physical health condition or diagnosis; sex life or sexual orientation; or citizenship or citizenship status.”

The CPA provides Colorado Residents with the following rights with respect to their Personal Data:

• The right to opt out from the sale of their personal data, or use of personal data for targeted advertising and certain types of profiling;
• The right to know whether a controller is collecting personal data;
• The right to access personal data that a controller has collected about them;
• The right to correct personal data;
• The right to delete personal data; and
• The right to download and remove personal data from a platform in a format that allows the transfer to another platform.

To exercise any of these rights, please contact us at support@checkfront.com. To appeal a decision regarding a consumer request, support@checkfront.com. We will respond within 45 days of your appeal, and any such time may be extended for an additional 60 days if reasonably necessary. We will notify you of any extension within the initial 45-day period. If you still have an unresolved complaint, please direct your complaint to the Colorado Attorney General here.

Notice to California Residents

To the extent of the California Consumer Privacy Act of 2018, Cal. Civ. Code §§ 1798.100 et. seq (“CCPA”) as amended by the California Privacy Rights Act (“CPRA”) is applicable, this Section is only applicable to you if you are a resident of the state of California (“California Residents”), and only applies to personal information for which Company is a “Business”(as defined in the CCPA, as amended).“Personal Information” means information that identifies, relates to, describes, could reasonably be associated with, or could be reasonably linked directly or indirectly with a particular California consumer or household. Personal Information does not include (i) publicly available information from government records; (ii) deidentified or aggregated consumer information; or (iii) information excluded from the scope of the CCPA, as amended, such as:

• Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA), clinical trial data, or other qualifying research data;
• Personal Information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), the Farm Credit Act, and the Driver’s Privacy Protection Act of 1994.

CCPA applies to Personal Information we collect from California Residents on or through our Services and through other means (such as information collected offline or in person).

As a Business, we may need to collect certain Personal Information from you. If you do not provide the information that we ask for, we may not be able to provide you with the requested services. Sensitive Personal Information is a subset of Personal Information that requires greater security protections and standards of care in handling. With respect to Personal Information for which you are a “Business” and Checkfront is a “Service Provider,” as defined in the CCPA, please see the applicable Service Agreement or Terms of Service, as the case may be.

Rights of California Residents

If you are a California resident or are a California employee or contractor of Checkfront, the CCPA, as amended, provides you with specific rights regarding your Personal Information, subject to certain exceptions. For instance, we cannot disclose specific pieces of Personal Information if the disclosure would create a substantial, articulable, and unreasonable risk to the security of the Personal Information, your account with us, or the security of our network systems. These rights are explained below:

• Right against discrimination. You have the right not to be discriminated against for exercising any of the rights described in this section. We will not discriminate against you for exercising your rights.
• Right to know. You have the right to request that we disclose certain information to you about our collection and use of your Personal Information over the past twelve (12) months, including the categories of third parties who purchased or received your Personal Information. Checkfront will disclose this information to a consumer upon request, a maximum of two times in a 12-month period. Once we receive and confirm your verifiable consumer request, we will disclose the following to you: (i) the categories of Personal Information we collected about you; (ii) the categories of sources from which Personal Information was collected; (iii) the business or commercial purpose for collecting, selling, or sharing Personal Information; (iv) the categories of third parties with whom we shared your Personal Information; and (v) the specific pieces of Personal Information we collected about you.
• Right to delete. You have the right to request that we delete any of your Personal Information we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete and direct our service providers to delete your Personal Information from their records and if applicable, to instruct their service providers or contractors to delete your Personal Information from their records. We may deny your request if it is necessary for us, our contractors or service providers to: (i) complete the transaction for which we collected the Personal Information, provide a good or service that you requested, or reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform services pursuant to our contract with you; (ii) help to ensure security and integrity to the extent the use of your Personal Information is reasonably necessary and proportionate for those purposes; (iii) debug our Websites or App, and/or identify and repair errors that impair existing intended functionality; (iv) exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law; (v) comply with the California Electronic Communications Privacy Act pursuant to Chapter 3.6 ( commencing with Cal. Penal Code § 1546 et. seq. of Title 12 of Part 2); (vi) engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent; (vii) enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us and compatible with the context in which you provided the information; (viii) comply with a legal obligation.
• Right to Correct. If applicable, you have the right to request that we correct inaccurate Personal Information about you, taking into account the nature of the Personal Information and the purpose of the processing of Personal Information. Upon verifying the validity of a verifiable consumer correction request, we will use commercially reasonable efforts to correct the inaccurate Personal Information as directed by you and in compliance with CCPA, as amended.
• Right to Opt-Out of Sale or Sharing of Your Personal Information. You have the right to opt out of having your Personal Information, including Sensitive Personal Information, sold or shared for cross-context behavioral advertising. Checkfront does not sell Personal Information for money, but our Websites and App may use Cookies or similar technologies as described in our Privacy Notice, which could be considered as a ”sale” under the CCPA.

The CCPA defines “sharing” to include certain sharing of your Personal Information for purposes of serving you advertisements that are relevant to you based on your activity across our services and other sites (i.e., cross-contextual behavioral advertising). Like many companies, we use services that help deliver interest- based ads to you, and our Websites and App and may use Cookies or similar technologies that allow advertising partners to collect your Personal Information for their use. If you wish to opt out of having your Personal Information sold or shared for cross-context behavioral advertising, please click this link: “Do Not Sell or Share My Personal Information”, and we will process your request.

• Right to limit the Use and Disclosure of Sensitive Personal Information. Additionally, you have the right to direct Checkfront to limit our use of your Sensitive Personal Information to that information which is expected by an average individual as necessary to perform our Services or for your employment. If you wish to limit our use or disclosure of your Sensitive Personal Information, please click this link: “Limit the Use of My Sensitive Information”, and we will process your request.

Consumers under 16 years of age. We will not sell or share Personal Information of users if we have actual knowledge that the user is less than 16 years of age, unless the user, in the case of user at least 13 years of age and less than 16 years of age, or the user’s parent or guardian, in the case of users who are less than 13 years of age, has affirmatively authorized the sale or sharing of the user’s Personal Information.

Exercising Your Rights. If you’re a California resident, employee or contractor and desire to exercise your data protection rights, please contact us at support@checkfront.com. With the exception of your right to opt-out of the sale or sharing of your Personal Information for which we do not need to verify your identity, you may be required to provide additional information necessary to confirm your identity before we can respond to your request, and we will use that information only for that purpose. We may request that you submit a signed statement under penalty of perjury that you are the individual you claim to be. We will acknowledge receipt of your request within 10 days from receipt of such request and will endeavor to respond within 45 days after receipt of your request, but if we require more time (up to an additional 45 days) we will notify you of our need for additional time. For requests that we not sell or share your information, or limit the use of your sensitive Personal Information, we will comply with your request within 15 days after receipt of such request. We cannot respond to your request or provide you with Personal Information if we cannot verify your identity and confirm that the Personal Information relates to you. You may make a request for disclosure of our information collection practices, the information we collected about you, or our sharing practices up to twice within a 12-month period. You may make a request that we not sell or share your Personal Information, limit the use of your sensitive Personal Information, or the deletion of your information at any time. For requests for a copy of the Personal Information we have collected during the 12 months prior to your request we will endeavor to provide the information in a format that is readily useable, including by mailing you a paper copy or providing an electronic copy to your e-mail account on file, if you have an email address on file with us. For requests for deletion of your information, please understand that California law permits us to retain certain information and not to delete it under certain circumstances. By way of example, we are not required to comply with a request to delete information if (1) the information is necessary for us to (a) complete a transaction for you or otherwise perform a contract; or (b) detect, protect against, or prosecute security incidents, fraud or illegal activity; (2) we use the information only internally in ways reasonably aligned with your expectations as our customer, and (3) we are required to retain the information to comply with legal obligations. If we receive such a request from you, we will notify any service providers we have engaged and provided your information to delete your information as well.

Using an Authorized Agent. You may submit a request through someone holding a formal ‘Power of Attorney’. Otherwise, you may submit a request using an authorized agent only if (1) the person is registered with the Secretary of State to do business in California, (2) you provide the authorized agent with signed written permission to make a request, (3) you verify directly with us that you have authorized the person to make the request on your behalf, (4) you verify your own identity directly with us, and (5) your agent provides us with proof that they are so authorized. We will require the agent to submit proof to us that they have been authorized to make requests on your behalf.

Categories of Information Collected

We collect Personal Information for the business purposes described in this Privacy Notice. The CCPA as amended, defines a “Business Purpose” as the use of Personal Information for the business’s operational purposes, or other notified purposes, provided the use of Personal Information is reasonably necessary and proportionate to achieve the operational purpose for which the Personal Information was collected or another operational purpose that is compatible with the context in which the Personal Information was collected. The CCPA defines “Collected” as buying, renting, gathering, obtaining, receiving, or accessing any Personal Information pertaining to a consumer by any means, including receiving information directly or passively from the consumer, or by observing the consumer’s behavior.

We make disclosures for a Business Purpose under written contracts that describe the purposes, require the recipient to keep the Personal Information confidential, and prohibit selling or sharing of Personal Information and using the disclosed information for any purpose except performing the contract. In the preceding twelve (12) months, the Company has disclosed Personal Information for a Business Purpose to the categories of service providers or contractors indicated in the chart below.

This notice supplements our Privacy Notice. To the extent the California Consumer Privacy Act (“CCPA”) is applicable, this Section is only applicable to you if you are a resident of the state of California (“California Residents”) and only applies to Personal Information for which Company is a “Business”(as defined in CCPA), but does not apply to Personal Information we collect from you where you are an employee, owner, director, officer or contractor of a company, partnership, sole proprietorship, non-profit or government agency. It applies to Personal Information we collect from California Residents on or through our Services and through other means (such as information collected offline or in person). With respect to personal information for which you are a “Business” and Checkfront is a “Service Provider,” as defined in the CCPA, please see the applicable Service Agreement or Terms of Service, as the case may be.

Rights and Choices. Under the CCPA and subject to certain limitations and exceptions, if you are a California resident, you may have certain rights with respect to information we have collected about you that constitutes

Personal Information under the CCPA as set forth herein. This Privacy Notice describes the Personal Information we collect about you. 

Exercising Your Rights. If you’re a California resident and desire to exercise your data protection rights, please contact us at support@checkfront.com. You may be required to provide additional information necessary to confirm your identity before we can respond to your request, and we will use that information only for that purpose. We may request that you submit a signed statement under penalty of perjury that you are the individual you claim to be. We will acknowledge receipt of your request within 10 days from receipt of such request and will endeavor to respond within 45 days after receipt of your request, but if we require more time (up to an additional 45 days), we will notify you of our need for additional time. For requests that we not sell your information, we will comply with your request within 15 days after receipt of such request. We cannot respond to your request or provide you with Personal Information if we cannot verify your identity and confirm that the Personal Information relates to you. You may make a request for disclosure of our information collection practices, the information we collected about you, or our sharing practices up to twice within a 12-month period. You may make a request that we not sell information or for the deletion of your information at any time. For requests for a copy of the Personal Information we have collected during the 12 months prior to your request we will endeavor to provide the information in a format that is readily useable, including by mailing you a paper copy or providing an electronic copy to your e-mail account on file, if you have an email address on file with us. For requests for deletion of your information, please understand that California law permits us to retain certain information and not to delete it under certain circumstances. By way of example, we are not required to comply with a request to delete information if (1) the information is necessary for us to (a) complete a transaction for you or otherwise perform a contract; or (b) detect, protect against, or prosecute security incidents, fraud or illegal activity; (2) we use the information only internally in ways reasonably aligned with your expectations as our customer, and (3) we are required to retain the information to comply with legal obligations. If we receive such a request from you, we will notify any service providers we have engaged and provide your information to delete your information as well.

Using an Authorized Agent. You may submit a request through someone holding a formal ‘Power of Attorney’. Otherwise, you may submit a request using an authorized agent only if (1) the person is registered with the Secretary of State to do business in California, (2) you provide the authorized agent with signed written permission to make a request, (3) you verify directly with us that you have authorized the person to make the request on your behalf, (4) you verify your own identity directly with us, and (5) your agent provides us with proof that they are so authorized. We will require the agent to submit proof to us that they have been authorized to make requests on your behalf.

Categories of Information Collected. During the past 12 months we may have collected the following categories of information about California residents from the listed sources, used it for the listed business purposes and shared it with the listed categories of third parties. Please see more information below:

We obtain the categories of Personal Information listed above from the following categories of sources:

• Directly from you. 
• Indirectly from you. For example, from observing your actions and interactions with the Services.
• Other sources. For example, our affiliates, data analytics providers, advertising networks, internet service providers, publicly available sources, operating systems and platforms, or social networks.

Categories of Information Collected and Sold or Shared for Commercial Purposes and/or Cross-Context Behavioral Advertising. During the past 12 months, we have collected the following categories of information about California residents from the listed sources, used it for the listed commercial and/or cross-context behavioral advertising purposes, as defined by the CCPA, and sold or shared it with the listed categories of third parties. Please note that as defined by the CCPA, a “sale” includes making a consumer’s Personal Information available for monetary or other valuable consideration. Checkfront does not sell Personal Information for monetary consideration.

The CCPA defines “shared” as “sharing, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by the business to a third party for cross-context behavioral advertising, whether or not for monetary or other valuable consideration, including transactions between a business and a third party for cross- context behavioral advertising for the benefit of a business in which no money is exchanged” unless (i) you use or direct us to intentionally disclose your Personal Information or intentionally interact with one or more third parties; (ii) it’s needed to honor your opt-out request; or (iii) it’s part of an asset that is part of a merger, acquisition, bankruptcy, or other transaction in which a third party assumes control of all or part of our business.

In the preceding twelve (12) months, Checkfront has disclosed or shared Personal Information for a commercial or cross-context behavioral advertising purpose to the categories of third parties indicated in the chart below.

Notice to Residents of the European Union, the European Economic Area and the United Kingdom

If you reside in the European Union (“EU”) or the European Economic Area (“EEA”), the European Union General Data Protection Regulation (“GDPR”) will apply to how we collect and process your Personal Information. If you reside in the United Kingdom, the United Kingdom General Data Protection Regulation (“UK GDPR”) will apply to how we collect and process your Personal Information.

The Personal Information we collect and process may be transmitted or transferred to countries other than the country in which you reside. Those countries may have data protection laws that are different from the laws of your country.

The data centers for Checkfront’s Services are cloud-based with hosting facilities in CA and the EU, and third-party service providers operate in many countries around the world. When we collect your Personal Information, we may process it in any of those countries.

We have taken appropriate steps and put safeguards in place to help ensure that your Personal Information remains protected in accordance with this Privacy Notice.

We also require that third-party service providers to whom a data transfer is made has appropriate safeguards in place to protect your personal information, in compliance with applicable data protection law. The particular measures used will depend on the service provider, and our agreements with them may include European Commission approved Standard Contractual Clauses, the service provider’s certification under the EU-U.S. and/or Swiss-U.S. Privacy Shield certification, UK International Data Transfer Agreements and /or reliance on the service provider’s Binding Corporate Rules, as defined by the European Commission.

Completing Checkfront Order Forms, Online Booking and Account Information for Customers

Checkfront will collect and process information related to and included in Checkfront’s order forms, online bookings and account information as described in this Privacy Notice.

Your Rights

In addition to your rights described in this Privacy Notice, you will have the following rights:

• Right to be informed: about how your Personal Information is being processed.
• Right of access by the data subject: to the Personal Information we hold about you. You have the right to request copies of your Personal Information. We may charge you a small fee for this service.
• Right to rectification: this means you have the right to have your Personal Information corrected if it is inaccurate and to have incomplete Personal Information completed. This can also be done if you have an online account with us.
• Right to erasure (“right to be forgotten”): this means that under certain circumstances, you have the right to request we remove your Personal Information from our system.
• Right to restrict processing: this means that in certain conditions, you have the right to restrict processing of your Personal Information.
• Right to data portability: you have the right to request us to transfer the data that we have collected to another organization/ company, or directly to you, under certain conditions.
• Right to object: this means that under certain conditions, you have the right to object to the processing of your Personal Information.
• Rights in relation to automated decision making, including profiling: this means that if applicable, you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

How to Exercise Your Rights

We will not discriminate against you for exercising your rights. You may exercise your rights regarding your Personal Information by contacting us as described below.

Once we receive your request, we will need to verify your identity before providing you with the Personal Information we hold about you. Typically, we will respond to your request within thirty (30) days. If we are unable to verify your identity, complete your request or if additional time is required to fulfill a request, we will notify you in writing.

In certain circumstances, such as where the request is manifestly unfounded, excessive or repetitive, we may charge you a reasonable fee. We will advise you of any fees before proceeding with a request.

Withdrawal of Your Consent

If we used consent to lawfully and fairly use your Personal Information, you may withdraw your consent at any time. Doing so may prevent you from accessing the Websites and App. In some cases, we may limit or deny your request to withdraw consent if the law permits or requires us to do so, or if we are unable to adequately verify your identity. If you unsubscribe from the promotional emails or texts, you will still receive emails with booking confirmations.

Retention of Personal Information

As we are committed to the privacy of your Personal Information, we only hold on to Personal Information for as long as we need it to provide Services to you. We may retain limited Personal Information to meet legal or compliance obligations our Company must meet. You can request further details of retention periods for different aspects of your Personal Information by contacting us.

To withdraw your consent, contact us at: support@checkfront.com.

Questions or Complaints Regarding Our Privacy Practices

We hope that you will contact us if you have any questions or complaints regarding how we handle or use your Personal Information. We will work to answer your question or address your complaint.

A list of the Data Protection Authorities and their contact information can be found here.

Notice to Canadian Residents

If you reside in Canada, the Personal Information Protection and Electronic Documents Act (“PIPEDA”) will apply to how we collect and process your Personal Information.

In addition to the safeguards and rights listed in this Privacy Notice, the following will also apply to you:

Accuracy and Use of Your Personal Information

We rely on you to update and correct your Personal Information. Please update your Personal Information by logging into your account or contact us at the address or via email below, immediately if there are any changes to your Personal Information. We may keep historical information in our backup files as permitted by law.

Your Personal Information will not be used without your consent for purposes other than the ones for which it was collected, as described in this Privacy Notice and in compliance with applicable laws. We will request your consent for any new or additional purposes for the collection and processing of your Personal Information.

Completing Checkfront Order Forms, Online Booking and Account Information for Customers

Checkfront will collect and process information related to and included in Checkfront’s order forms, online bookings and account information as described in this Privacy Notice.

Online Tracking

We do not currently recognize automated browser signals regarding tracking mechanisms, which may include ‘Do Not Track’ instructions.

Security of Your Personal Information and Personal Data

We implement security measures designed to protect your information from unauthorized access, alteration, disclosure and/or destruction. Because the internet is not a completely secure environment, we cannot warrant the security of any information a user transmits to us or guarantee that information on the Services may not be accessed, disclosed, altered, and/or destroyed by breach of any of our physical, technical and/or managerial safeguards. Any account you have on our Website(s), SaaS or App is protected by your account password and we urge you to take steps to keep your Personal Information safe by not disclosing your password and by logging out of your account after each use. We further protect your information from potential security breaches by implementing certain technological security measures; however, these measures do not guarantee that your information will not be accessed, disclosed, altered or destroyed by breach of such firewalls and secure server software. While we use reasonable efforts to protect your Personal Information, we cannot guarantee the Services are absolutely secure.

In the event that your Personal Information is acquired, or is reasonably believed to have been acquired, by an unauthorized person and applicable law requires notification, we will notify you of the breach by email, fax, or

U.S. mail. We will give you notice promptly, consistent with the reasonable needs of law enforcement and/or Checkfront to determine the scope of the breach and to investigate and restore the integrity of the data system.

Your Rights

In addition to your rights described in this Privacy Notice, you will have the following rights:

• Right to be Informed: You have a right to be informed about how your Personal Information is collected and processed.
• Right to Access: You have the right to access the Personal Information that Checkfront has about you. To request a copy of such information, please contact us at: support@checkfront.com. If you have an online, you may access certain categories of Personal Information by logging into your account.
• Right to Withdraw your Consent: You may withdraw your consent to processing (where such processing is based upon consent) by contacting us at the email or address below. If you withdraw your consent for the processing of Personal Information for the purpose to which your originally consented, then we may no longer be able to provide you Services. In some cases, we may limit or deny your request to withdraw consent if the law permits or requires us to do so, or if we are unable to adequately verify your identity. If you unsubscribe from the promotional emails or texts, you will still receive emails with booking confirmations.
• Right to Opt-Out: You have the right to opt-out of any ‘sales’ of your Personal Information, if a business is selling your information. For clarity, we do not sell your Personal Information.
• Right to Delete your Personal Information: You may request that we delete (and direct our service providers to delete) your Personal Information, subject to certain exceptions.
• Right to Rectification: Please contact us at: support@checkfront.com to let us know if your Personal Information is inaccurate or changes, so that we can update your Personal Information. If you have an account with us, please log in and update your account information there.
• Right to Data Mobility: You have the right to request that the data we have collected from you be moved to you in a standard digital format. We may not be able to process your request if we are unable to verify your identity or if complying with your request is unduly burdensome.

How to Exercise Your Rights

We will not discriminate against you for exercising your rights. You may exercise any of the above rights by contacting us as indicated below or by emailing us at: support@checkfront.com.

Once we receive your request, we will need to verify your identity before providing you with the Personal Information we hold about you. Typically, we will respond to your request within thirty (30) days. If we are unable to verify your identity, complete your request or if additional time is required to fulfill a request, we will notify you in writing.

E-mail and SMS Mobile Messaging Communications

In compliance with Canada’s anti-spam legislation (CASL), our Websites, SaaS and App allow you to sign up and expressly consent to receiving electronic communications. All emails sent from Checkfront will clearly state who the email is from and provide information on how to contact us.

You can unsubscribe from promotional emails via the unsubscribe link included in each promotional email. You can opt out of receiving future text messages by replying “STOP”. If you opt out and unsubscribe, you will still receive transactional/ booking confirmation emails from us. You may also contact us at support@checkfront.com to stop receiving them.

Privacy of Minors

Our Services are not designed for minors, and we do not intentionally or knowingly collect Personal Information from users who are considered minors in their province. If we discover that a minor has provided us with Personal Information, we will delete such information.

Questions or Complaints Regarding Our Privacy Practices

We hope that you will contact us if you have any questions or complaints regarding how we handle or use your Personal Information. We will work to answer your question or address your complaint. You also have the right to lodge a complaint with the applicable supervisory authority, or to seek a remedy through the courts. You can learn more here.

Notice to Residents Outside of the United States, EU, EEA, UK and Canada

Personal Information may be accessed by us or transferred to us in North America or to our affiliates, business partners, or service providers elsewhere in the world. Those countries may have data protection laws that are different from the laws of your country. If you are located outside of United States, EU, EEA, UK or Canada, please be advised that any information you provide to us will be transferred to and stored in the United States and that, by submitting information to us, you explicitly authorize its transfer and storage in the United States or elsewhere in the world as explained in this Privacy Notice.

We will protect the privacy and security of Personal Information according to this Privacy Notice regardless of where it is processed or stored.

Changes to this Privacy Notice

Checkfront reserves the right, in its discretion, to change, modify, add or remove portions of this Privacy Notice at any time and from time to time, without prior notice to you. Such changes, modifications, additions, or deletions shall be effective immediately upon posting unless otherwise indicated. However, we will treat your continued use of our Checkfront Services following such revision as your acceptance of the revised Privacy Notice. If you do not consent to our privacy practices as described in the revised version of the Privacy Notice, please do not use the Services in any manner, and we will continue to treat previously collected information in accordance with the privacy practices described in the applicable, prior version of this Privacy Notice or as otherwise required by applicable law.

Comments or Questions?

If you have comments or questions about our Privacy Notice, please contact us at support@checkfront.com. We will address any issue to the best of our abilities.

Notice To Texas Residents

This notice supplements our Privacy Notice and only applies to Texas residents. If you are a Texas resident, the Texas Data Privacy and Security Act (“TDPSA“) provides you with specific rights regarding your personal data, subject to certain exceptions. The TDPSA does not apply to certain types of personal data maintained in compliance with specific federal privacy laws, such the Health Insurance Portability and Accountability Act and the Fair Credit Reporting Act, or for certain governmental purposes.

The TDPSA defines “Personal Data (“Personal Information” in the Privacy Notice) as any information linked or reasonably linked to an identified or identifiable individual, including pseudonymous data when used or combined with additional information that reasonably links the data to an identified or identifiable individual. “Sensitive Data” is a Personal Data category and is Personal Data revealing an individual’s racial or ethnic origin, religious beliefs, mental or physical health diagnosis, sexuality, or citizenship or immigration status; genetic or biometric data processed to uniquely identify an individual; Personal Data collected from a known child; or precise geolocation data.

The TDPSA provides Texas Residents with the following rights with respect to their Personal Data:

• The right to access Personal Data that a data controller has collected about them;
• The right to correct Personal Data;
• The right to opt out from the sale of their Personal Data, or use of Personal Data for targeted advertising and certain types of profiling. We do not profile in furtherance of a decision that could produce a legal or similarly significant effect concerning the consumer. If you wish to opt out of having your Personal Data sold or used for targeted advertisement, please click here, and we will process your request;
• The right to delete Personal Data with certain exceptions; and
• The data portability right allows the consumer to obtain a copy of their Personal Data that the consumer previously provided to the data controller in a portable and, to the extent technically feasible, readily usable format.

We will not discriminate against you for exercising your rights. To exercise any of your rights, please click here, send us an email at support@checkfront.com, or you can also send a request in writing to:

Checkfront Bookings, Inc.
777 Broughton Street, 3rd floor
Victoria, BC, Canada, V8W 1E3

(250) 999-2209

To appeal a decision regarding a consumer request, please contact us as described above. We will respond within 60 days of your appeal. If you still have an unresolved complaint, please direct your complaint to the Texas Attorney General here: https://www.texasattorneygeneral.gov/consumer-protection/file-consumer-complaint or call (800) 621-0508.

Contact Information

If you have any questions comments, or complaints concerning our privacy practices, please contact us by sending an email to support@checkfront.com or send correspondence via mail to

Checkfront Bookings, Inc.
777 Broughton Street, 3rd floor
Victoria, BC, Canada, V8W 1E3
1-800-559-0985

We will attempt to respond to your request and to provide you with additional privacy-related information.