Trip DB Privacy Policy
1. INTRODUCTION
Trip DB has developed and operates a Internet-based software platform that is used to manage trips programs - including participant information, communication, registration, travel arrangements, rental equipment, and related services and products.
This Privacy Policy relates to the personal information that Trip DB collects, uses, and discloses through its web site at tripdb.io and other sites owned and operated by Trip DB that refer to this Privacy Policy, and through all related technologies, software, and services provided by Trip DB, including its hosted products and services (collectively, the “Services”). This Privacy Policy also covers other interactions (e.g., customer service inquiries, etc.) you may have with Trip DB. If you do not agree with the terms, do not access or use the Services, Websites or any other aspect of Trip DB’s business.
This Policy covers both the public-facing marketing web site operated by Trip DB (the “Public Site”) as well as Services provided only to registered users. Trip DB provides Services to educational institutions and other organizations that manage trips programs (“Customers”). This Privacy Policy does not impact or change any of the privacy policies, terms, and/or agreements between you and Trip DB’s Customer. We encourage you to review any applicable institutional privacy policies, terms and agreements to see how your personal information may be used or disclosed by that institution.
Trip DB takes the utmost care when it comes to participant data security and privacy. Customers can use Trip DB to store some types of Protected Health Information, and only health care providers and specifically approved members of a healthcare provider's staff (collectively "Providers"), any Business Associates (as such term is defined pursuant to the Health Insurance Portability and Accountability Act of 1996 – "HIPAA") of a Provider, and you will have access to your Protected Health Information ("PHI"). Trip DB is HIPAA compliant, and we utilize industry best practices regarding data security. Trip DB is in compliance with all pertinent laws and regulations associated with PHI and healthcare data security.
2. NOTICE OF INFORMATION COLLECTED AND USE
We will inform you when we need information that personally identifies you (personal information) or allows us to contact you or provide you with the Services. Generally, this information is requested when you register for our Services or when you fill out our contact form on our Public Site, or sign up for our newsletter or a webinar.
Trip DB may receive certain information about you from Customers during the implementation and provision of Services. For example, Customers may provide basic student or staff information, manually or through integration with student information or human resource systems, when they are setting up the Service for their use.
Because Customers use Trip DB’s service to manage trips, they may use Trip DB to request that you provide similar information to what is required when you visit your doctor's office. At registration, you will be asked to provide specific information that falls under the category of PHI; this may include the collection of contact information, as well as certain health information, including health conditions, medications and allergies. This information may be checked and confirmed by Providers for accuracy. After initial registration is complete, both you and Providers may update your health profile within Trip DB.
You may be able to log into our Services using single sign-on providers or single sign-on features of other products. These products will authenticate your identity and may share certain personal information with us such as your name and email address.
Trip DB may also record information about how individuals access our Services. This information is typically not personally identifiable and may include internet protocol (IP) addresses (or the DNS name associated with it) of the individual's computer, the web site from which the individual linked to our Services, and the browser software the individual is using to access our Services. This information is used in the aggregate to administer computer systems and to make improvements to our Services.
Trip DB uses cookies and other technologies on our Public Site and as part of the Services for user session management.
3. WHAT WE DO WITH THE INFORMATION YOU SHARE
Trip DB will share your personal information with Customers and other third parties only in the ways that are described in this Privacy Policy. Trip DB shares information under the following circumstances:
- Information held in the Services may be accessed by and shared with Customers in order for Customers to manage its offerings and trips programs. Our Customers may use your Information to deliver product information from third parties to you through our Services.
- We will use your information to provide the Services, and we may provide information to companies that assist us in providing Services, such as a hosting provider or a customer service provider. These companies are authorized to use your information only as necessary to provide these Services and to assist with supporting our users.
- We may share your information in response to subpoenas, court orders, and other legal processes or governmental requests, or to establish or exercise our legal rights or defend against legal claims.
- Trip DB may share information in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, protecting and defending the rights or property of Trip DB, its Services and its users, violations of Trip DB terms of use, or as otherwise required by law.
- In the event that Trip DB is acquired by or merged with another company, Trip DB may share information regarding our users with that company. Trip DB will notify you before information about you is transferred that becomes subject to a different privacy policy.
4. ACCESS AND CONSENT
Upon request, Trip DB will grant you reasonable access to personal information that it holds about you and was collected on our public website, www.tripdb.io. Trip DB will take reasonable steps to permit individuals to correct, amend, or delete information about them that is shown to be inaccurate or incomplete. For access to information collected on behalf of one of our customers, you should request access via the Institution directly and we will support them in providing you reasonable access to this information.
5. SECURITY
Trip DB takes reasonable technical, administrative and physical measures to protect the security of your personal information from unauthorized use, disclosure and alteration. Trip DB is in compliance with HIPAA and with all pertinent laws and regulations associated with the storage and transmission of PHI. All data is encrypted both in transit and at rest, whether on our servers or your mobile device or computer.
Trip DB provides information and training to all employees who have access to personal non-PHI information maintained by Trip DB, and Trip DB employees are responsible for the internal security of such information.
Trip DB will not process personally identifiable information in any way that is incompatible or inconsistent with the purpose for which such information was collected.
Trip DB takes all reasonable measures to ensure that such information is reliable for its intended use, and is accurate, complete and current.
Trip DB may work with third-party vendors in making the Services available. It is our policy to ask companies with whom we do business to support the same privacy policy we do. These third parties are not allowed to use personally identifiable information except for the purpose of providing services to Trip DB.
Trip DB will not disclose personal information (contact, health and/or billing) to third parties other than as provided for in this Privacy Policy, except when we believe in good faith that the law requires it or you have otherwise consented to additional use or disclosure of the information.
Trip DB will not sell, share or disclose any of your PHI that is exchanged or stored within the Platform to any third parties in ways different than from what is disclosed in this Privacy Policy.
We will never resell or rent your contact information to third-parties.
6. CHILDREN’S PRIVACY
Trip DB does not knowingly collect or maintain information acquired through our site from persons under 13 years of age, and no part of the site or services is directed to persons under 13 years of age. Any user under 13 years of age should not use or access our site at any time or in any manner. If Trip DB learns that personally identifiable information of persons less than 13 years of age has been collected from our site without verified parental consent, then Trip DB will take the appropriate steps to delete this information.
7. DISPUTE RESOLUTION
Any questions or concerns regarding the use or disclosure of personal information should be directed to Trip DB pursuant to the contact information below. Trip DB will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information in accordance with the principles contained in this Policy.
8. CHANGES TO THIS PRIVACY POLICY
This Privacy Policy may be revised periodically by Trip DB, as reflected by the "last updated" date below. Please revisit this page to stay aware of any changes.
9. CONTACT INFORMATION
Trip DB welcomes questions and comments regarding this Privacy Policy. We may be contacted at:
Trip DB LLCPO Box 3971
Washington, DC 20027 Email: privacy@tripdb.io
Last Updated: February 2019