Legal - Privacy Policy

CellarPass Legal

Privacy Policy

Last Updated: January 1, 2020

1. Who We Are

1.1 CellarPass Services

Welcome to CellarPass. We are a travel, reservation and ticketing platform designed specifically for promoting and managing food & beverage events and luxury experiences. Through our website, mobile apps and services, we allow people all over the world to create, book, sip, and share events and activities.

CellarPass products, features and offerings are available without limitation online including CellarPass, Guest Link Pro, Table Pro; and off platform through various mobile applications, webpages, application programming interfaces, subdomains, marketing and distribution services referred to as “CellarPass Network” or our “Services”.

1.2 Who Are We Talking About

In this Privacy Policy uses the term “Business” or “Businesses” we mean event organizers, creators or suppliers using the Services to create events or activities for guests using our Services to obtain information about, or register to attend, events/activities, or for any other reason. Organizers, Suppliers, Guests and third parties using our Services are all referred to in these Terms collectively as “users”, “you” or “your”.

CellarPass, Inc is a California corporation with its principal place of business at 50 California Street, #1500, San Francisco, CA 94111 referred to as “CellarPass”, “us”, “we” or “our”.

2. Privacy Statement

This Privacy Policy governs our policy with respect to data collection and usage of Services provided by CellarPass and any of our affiliates (collectively, "CellarPass"). By using the Services, you consent to the data practices described in this policy as well as our Terms of Service. If you do not agree to any part of this Privacy Policy, then you should stop accessing the Services immediately.

More simply put:
By using CellarPass, you agree to our privacy policy and terms of service.

3. Collection of your Personal Information

When you use or interact with us through the Services, we may collect Personal Data. Sometimes this will be on our own behalf and other times this will be on behalf of a Business using our Services. This affects certain data protection laws and is explained in more detail below.

3.1 Information Collected from All Users

Information you provide: We collect Personal Data when you voluntarily provide such information to the Services, such as when you register to access the Services, browse or use certain parts of the Services, make a purchase or make reservations for events and activities, contact us with inquiries, or respond to one of our surveys. The Personal Data we may collect includes without limitation your e-mail address, your first name, your last name, address, telephone number, billing information, or other information that you provide and/or enables Users to be personally identified.

Information we automatically Collect: Information about your computer hardware and software such as your IP address, referring website addresses, Internet Service Provider, browser type, domain names, access times, operating system, cookie information, pixel tags, local shared objects, web storage and other similar technologies. This information is used by CellarPass for the operation of the service, to maintain quality of the service, and to provide general statistics regarding use of the Services. In order to better understand how Users utilize the site and to improve its services, CellarPass may also collect information on your use of our Site, such as pages visited, links clicked, text entered, and mouse movements.

We may also collect and associate anonymous Non-Personal Data (including Non-Personal Data from third parties) with your Personal Data. This many include demographic information, which is not unique to you, such as your Postal Code, age, gender, interests, and preferences.

More simply put:
When you sign up for a User account, make a purchase, book a reservation or register for an activity or event using our Services, we store your contact and billing information for our records. For all Users, we collect anonymized information like your browser type, the length of time you spend on the site, and some demographic data to help us learn more about our users. Certain personal information will be shared with Businesses supplying the activity or event you reserve or register for.

3.2 Information Collected from Businesses

CellarPass collects and uses your personal information to operate our websites and deliver the Services you have requested. In some cases, CellarPass may collect your credit card information (your credit card number, expiration date and billing address, etc.), some of which may be considered Personal Data, to secure certain payments for purchases. If you use our payment processing services, we will collect your mailing address or financial information (your bank account information) and information required for tax purposes (taxpayer identification number) as necessary to facilitate payments to you.

We may also collect Personal Data from third party sources, such as integrated partners that you have elected to access through the Services, third party websites and marketing partners, your bank, payment processing partners and credit reporting agencies, etc.

3.3 Information Collected from Guests

We collect Personal Data from Guests (you), sometimes for our own purposes and other times on behalf of Businesses (see below for more information). Information you provide to CellarPass when you place a reservation, purchase activities or register for an event may include your financial information (credit card number, expiration date, billing address, etc.) which may be considered Personal Data. In addition, Businesses can create event/activity pages to collect virtually any data from Guests in relation to reserving or registering for a Business’ activity or event. CellarPass does not control Businesses registration process nor the Personal Data they collect. When you register for, or otherwise provide information to CellarPass in relation to a Business’ activity or event, whether yours or a third party’s, in connection with a reservation, purchase, or registration, that Business will receive and may use the information you provide.

Information shared from other sources: We may also receive or collect Personal Data from third party sources, such as Businesses, third party integration, other Guests, social media, your credit card issuing bank, payment processing partners or other third parties.

4. How We Use Personal Data

We use the Personal Data we collect in a manner that is consistent with this Privacy Policy and applicable privacy laws.

4.1 Access and Use

We use Personal Data you provide in order to grant you access to or use the Services or any functionality thereof. For example, we may use your Personal Data to validate your identity to access all or certain portions of the Services. We will use your Personal Data to determine your ongoing qualification to use such Services. In addition, CellarPass may share your Personal Data with trusted partners to send you email or postal mail, perform tasks required to complete a purchase, ticket registration or reservation transaction, provide customer support and confirm your identity.

Please keep in mind provided Personal Data through use of the Services may be collected and used by Businesses to facilitate your request(s). CellarPass encourages you to review the privacy statements of Businesses that you choose to make reservations with or purchase events/activities from via our Services so that you can understand how those Businesses collect, use and share your information. CellarPass is not responsible for the privacy statements of Businesses or other content on websites outside of the Services we operate.

4.2 Internal Business Purposes

We may use your Personal Data including without limitation to manage your account, provide you with customer service, and to manage the Services and our business. CellarPass may also share information on your use of our Site, for statistical analysis, such as pages visited, links clicked, non-sensitive text entered, and mouse movements, with third party providers of web analytic software in order to enable CellarPass to improve its services. We may also use your Personal Data to identify and protect against wrongdoing and to enforce our Terms of Service.

Information about our customers, including personal information, may be disclosed as part of any merger, acquisition, debt financing, sale of company assets, reorganization, or similar event in which personal information could be transferred to third parties as one of CellarPass' business assets. You acknowledge and agree that any successor to or acquirer of CellarPass (or its assets) will continue to have the right to use your Personal Data or other information in accordance with this Privacy Policy.

We may also share your Personal Data with our parent companies, subsidiaries, and/or affiliates for purposes consistent with this Privacy Policy. Our parent companies, subsidiaries, and/or affiliates will be bound to maintain Personal Data in accordance with this Privacy Policy.

More simply put:
We will never sell or trade your contact information to another company, but we may sometimes contact you on behalf of another company with a special offer. We may share your personal information as part of a business sale, merger, etc.

4.3 Use of Cookies

Our website may use "cookies" to help you personalize your online experience. A cookie is a text file that is placed on your hard disk by a web page server. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you and can only be read by a web server in the domain that issued the cookie to you.

One of the primary purposes of cookies is to provide a convenience feature to save you time. The purpose of a cookie is to tell the Web server that you have returned to a specific page. For example, if you register an account with CellarPass, a cookie helps us recall your specific information on subsequent visits. This simplifies the process of recording your personal information, such as billing addresses, shipping addresses, and so on. When you return to our website, the information you previously provided can be retrieved, so you can easily use the features that you customized.

You have the ability to accept or decline cookies. Most Web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you choose to decline cookies, you may not be able to fully experience the interactive features of the Services.

More simply put:
We use cookies to personalize your experience on our website. If you'd rather we didn't, you can change your browser settings to refuse them.

4.4 Marketing

We may use your Personal Data for advertising and marketing purposes to inform you about services, activities and events we believe might be of interest to you on or off the Services including without limitation by phone, SMS messaging, email, display media and targeting other devices (mobile devices, television, tablets). We may also do this on behalf of Businesses, when for example your prior interactions with a Business or the Services indicate you may be interested in certain events or type of activity. You may Opt-out from CellarPass marketing activity by clicking the Unsubscribe link or other provided instruction in emails or SMS messaging. We may also use your personally identifiable information to inform you of other products or services available from CellarPass and its affiliates. CellarPass may also contact you to participate in surveys to conduct research about your opinion of current services or of potential new services that may be offered.

CellarPass keeps track of the pages Guests visit within our websites in order to determine what Services are the most popular. This data is used to deliver customized content and advertising within the websites we operate to users whose behavior indicates that they are interested in a particular subject area. CellarPass uses tracking pixels to collect information that helps us provide our Service to you. Please note that any "do not track" signals sent by your web browser or other mechanism have no effect on the collection of personally identifiable information by CellarPass. In addition, other parties who perform data analytics for CellarPass, such as Google Analytics, AdRoll, Double Click and Hotjar, may collect personally identifiable information about your online activities when you use our Services. Third party affiliates of CellarPass may have different policies with respect to "do not track" signals and CellarPass makes no representations with respect to such policies.

CellarPass uses tracking to create remarketing audiences of users based on user behavior/their visits to our website. CellarPass may also target these users with custom ads based on affinities/interests, geographic and demographic signals. CellarPass only shares browser-level data through third party vendor tracking such as Google Analytics. Users can opt out of these advertising features by visiting Google or resources like the NAI Guest opt-out page. CellarPass may use email addresses to target users with custom ads through 3rd party advertising platforms, websites and social media. CellarPass may from time to time share certain customer information with third parties to perform services (advertising) on our behalf.

CellarPass may, from time to time, contact you on behalf of external business partners about a particular offering that may be of interest to you. In those cases, your unique personally identifiable information (e-mail, name, address, telephone number) is not transferred to the third party without your express consent.

4.5 Third Party Access

If you access our Services through a third party (e.g., Yelp), CellarPass may share personal information and information about your use of our Services with the third party to enable them to facilitate your request as well as contact you regarding their products and/or services. In such cases, the third party's use of information furnished by CellarPass is governed by the third party’s privacy policy. Additionally, you may connect your CellarPass account to social media services, such as Facebook in which case we may collect, use, disclose, transfer and store information relating to your account with the third party. This information may include your Facebook id, profile picture, first name, last name, email, location and friends list and use them to connect with your Facebook account to provide access to and certain functionality on the Services, like sharing activities and events you are interested in or are attending.

CellarPass may provide you with access to contract directly with or integrate with third party services through our Services. When you elect to engage with such third party, we will disclose your Personal Data to other entities in order to fulfill the services you have requested.

4.6 Businesses

We allow Businesses to use our Services to contact Guests for their current and past events, so you may receive emails or other forms of communication (SMS messaging, phone, postal mail) from our system that originate with such Businesses that we are sending on their behalf. If you made a reservation or registered for event on the Services, your Personal Data is available to that Business. However, a Business may also import Personal Data they have from external sources and send communications through the Services on the Business’ behalf. The Business and not CellarPass is responsible for sending such communications.

In addition, when you reserve or register for an activity or event, sign up for communications or otherwise engage with a Business or participate in a Business’ event, that Business will receive your Personal Data. For example, if you provide your name and email address to register for an activity or event, the Business will receive that information. If you transfer a ticket or register a ticket on behalf of someone else, the Business will receive that Personal Data as well. The Business may then send marketing or other communications, which are subject to its own, separate privacy policy. This also applies to providing mobile phone numbers, you may receive messages related to the Service, event, activity or other information in which you expressed having interest.

For fundraising events and pages, we may provide your Personal Data to both the Business and the benefitting Charity to which the fundraising event is linked. In some instances, a Business may appoint a third party to create an event or activity on its behalf (“Third Party Businesses”). For instance, a winery (the Business, in this case) may allow production company (Third Party Business) to create events that will be hosted at the Business’ venue using its CellarPass account. In that case, your Personal Data may be provided to Third Party Businesses on behalf of the hosting Business. This also applies to sweepstakes and contests: we may provide your Personal Data to both the Business and any official sponsor of the contest or sweepstakes.

CellarPass is not responsible for the Businesses, affiliated Charities or Third-Party Businesses in regard to your Personal Data. You should review the policies of Businesses, Charities or Third Party Businesses associated with an activity, event, or contest/sweepstakes you are interested in before providing your Personal Data or other information in relation to that activity, event, fundraising page or contest/sweepstakes.

4.7 Specific Purpose

If you provide Personal Data for a certain purpose, we may use the information in connection with that purpose. For example, if you contact us by email, we will respond to you using the email address provided to answer your question or resolve your problem.

4.8 Legal Requirements

CellarPass may disclose personal information when we are required to or we believe it is appropriate to comply with the law (e.g., a lawful subpoena, warrant or court order); to enforce or apply this Privacy Policy or our other policies or agreements; to initiate, render, bill, and collect for amounts owed to us; to protect our or our users' rights, property or safety; to protect our users from fraudulent, abusive, or unlawful use of the Services; or if we believe that an emergency involving the danger of death or serious physical injury to any person requires or justifies disclosure of personal information.

4.9 Aggregated Data

To better understand and provide our Users with the best experience, we often conduct research on our customer demographics, behaviors, preferences, and interests based on Personal Data. This research is usually completed on an aggregate basis that does not identify you. Once Personal Data is in an aggregated form, it becomes Non-Personal Data.

More Simply Put:
CellarPass does not sell, rent or lease Personal Data. We value our relationship with you and therefore will not sell your Personal Data to third parties. However, there are certain circumstances in which we may disclose, transfer or share your Personal data with others.

5. Security of your Personal Information

CellarPass secures the personally identifiable information you provide on computer servers in a controlled, secure environment, protected from unauthorized access, use or disclosure. When personal information (such as a credit card number) is transmitted to other websites, it is protected through the use of encryption, such as the Secure Socket Layer (SSL) protocol. Furthermore, once credit card numbers are entered, they are submitted to the payment processor and no longer stored in the Services. We may store Personal Data with third parties to whom we have transferred it in accordance with this Privacy Policy. However, no network, server, database, Internet or email transmission is ever fully secure or free from errors. As such, you should consider carefully what information you provide to us. Please keep this in mind when disclosing any Personal Data.

You are responsible for safeguarding and preventing unauthorized access to the user information and password that you use to access our Services. You agree not to disclose your password to any third-party and you are responsible for any activity using your account, whether or not you authorized that activity. Please immediately notify CellarPass of any unauthorized use of your account.

More simply put:
CellarPass' secure website keeps your personal information safe. You can do your part by keeping your password private.

6. Age Specific Content

Our Services are not intended for use by those under legal drinking age, and such use is prohibited by our Terms of Service. We do not knowingly collect personally identifiable information from Users under the legal drinking age. If you become aware that someone under the legal drinking age has provided us with Personal Information, please contact us as set forth in this Privacy Policy.

More simply put:
No one under 21 years old should use CellarPass services.

7. How to Access, Update or Delete Your Personal Data

You can request access to some of your Personal Data stored by CellarPass. You can also correct, update or delete Personal Data. You may exercise these rights by logging in and visiting the My Account page. Both registered and unregistered users may also exercise these rights by contacting us directly by email or at the address specified below.

If a Guest requests their data to be deleted, CellarPass is authorized to delete or anonymize Personal Data of the requesting Guest from the Services even if that means removing its availability to the Business through the Services. However, if you are a Guest, you understand that even if CellarPass deletes or anonymizes your Persona Data upon your request, your Personal Data may still be available in the Business’ own databases if transmitted to the Business prior to CellarPass receiving or taking action to your request. It is your responsibility to ensure you have no pending reservations or registrations for activities or events on the Services before making your request. You acknowledge that Personal Data deletion or anonymization cannot be undone and may negatively affect any existing reservations and registrations for activities and events that you have registered for and are scheduled to take place after the date of your Personal Data deletion request has been submitted. You agree with these terms and hold CellarPass harmless for any issues or inconveniences related to complying with your Personal Data deletion request.

8. Exclusions

8.1 Third Party Links

This Privacy Policy applies only to the Services. The Services may contain links to other websites not operated or controlled by CellarPass (“Third Party Sites”). This Privacy Policy does not apply to Third Party Sites. Links from the Services do not imply that we have reviewed or endorse the Third-Party Sites. Contact those sites directly for information regarding their privacy policies.

8.2 Providing Personal Data to Others

This Privacy Policy does not apply to any sensitive or Personal Data that you provide to another User or visitor through the Services or any other means, including information posted by you in any public areas of the Services or to Businesses on event pages or through social media platforms.

9. Changes to this Privacy Policy

CellarPass may change the provisions of this Privacy Policy at any time and will always post the most up-to-date version on our website.

More simply put:
This is the most recent version of the privacy policy. If we change it, we'll update it here.

10. International Transfers

The Website is hosted in, and our Services are provided from, the United States. Accordingly, by providing your Personal Information through the Website, you consent to the transfer of your Personal Information from your country of residence to the United States. With regard to data transfers from the European Economic Area to the U.S., we have self-certified to the EU-U.S. Privacy Shield Framework. For more information about our self-certification to the Privacy Shield Framework, please visit here.

More simply put:
CellarPass protects your data by following the Privacy Shield Framework.

11. Contact Information

CellarPass welcomes your comments regarding this Privacy Policy, please contact us.

50 California Street, #1500, San Francisco, CA 94111 or by email legal@cellarpass.com.

More simply put:
Feel free to get in touch with us, we're nice people and love to hear feedback!

12. The EU General Data Protection Regulation (GDPR)

The GDPR requires us to inform you about the legal ground we’re relying on to process any Personal Data about you. The legal grounds for us processing your Personal Data outlined in section 4 above will typically be because:

  • It is necessary for our contractual relationship;
  • the processing is in our legitimate interest as a reservation and event ticketing platform (basically, to maintain the security of our systems and to provide you with customer service, etc.)
  • the processing is necessary for us to comply with our legal or regulatory obligations
  • you provided consent

13. Transfer of Personal Data

As CellarPass provides services internationally, we may need to transfer your Personal Data outside the country from which it was originally provided. This may be to Businesses using the Services, or to Third Parties that we work with who may be located jurisdictions outside the EEA, Switzerland and the IK which have no data protection laws or laws that are not as rigid compared with those in Europe.

Whenever we transfer Personal Data outside of the EEA, Switzerland or the UK, we take legally required steps to make sure that appropriate safeguards are in place to protect your Personal Data. For Personal Data we receive, CellarPass has certified its compliance to the EU-U.S. and Swiss – U.S. Privacy Shield as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data transferred from those countries. We have certified that we adhere to the Privacy Shield principals of Notice, Choice, Accountability for Onward Transfers, Security, Data Integrity & Purpose Limitation, Access and Resource, Enforcement & Liability when processing Personal Data from EEA, Switzerland or the UK in the United States.

14. Personal Data Retention

We retain your Personal Data for as long as necessary to provide you with our Services, or other purposes such as complying with legal obligations, resolving disputes, and enforcing our agreements.

If you have an account with us, we will retain your Personal Data for ninety (90) days after you have requested your account closed or if your account has been inactive for three (3) years.

Data protection law provides you with rights in respect of Personal Data that we hold about you, including the right to request a copy of the Personal Data, request that we rectify, restrict or delete your Personal Data, object to profiling and unsubscribe from marketing communications.

You can exercise most of these rights by logging in and visiting the My Account page or changing the “cookie settings” in your browser (see our Cookie statement above). If you cannot find what you are looking for in My Account page, please contact us by using the information provided in section 10 above. Please note that requests to exercise data protection rights will be reviewed by us on a case-by-case basis. We may require proof of identity in order to comply with your request. There may be circumstances where we are not legally required to comply with your request because of the laws in your jurisdiction or because exemptions provided for in data protection legislation.

If you have questions or complaints on how we handle your Personal Data, please contact us as set forth in section 10 above. If you are not happy with how we have attempted to resolve your complaint, you may contact the relevant data protection authority.

CellarPass as a data controller and data processor

EU data protection law makes a distinction between organizations that process Personal Data for their own purposes (known at “data controllers”) and organizations that process Personal Data on behalf of other organizations (known as “data processors”). If you have a question or complaint about how your Personal Data is handled, these should always be directed to the relevant organization since they are the ones with primary responsibility for your Personal Data.

CellarPass may act as either a data controller or a data processor in respect of your Personal Data, depending on the circumstances.

For example, if you generate a subscription account with us to manage your activities or events, CellarPass will be a data controller in respect to the Personal Data that you provide as part of your account. We will also be a data controller of the Personal Data that we have obtained about the use of the CellarPass Services, which could relate to Businesses or Guests. We use this to conduct research and analysis to help better understand and serve Users of the Services as well as to improve our platform and provide you with targeted recommendations about activities or events we think may be of interest to you.

However, if you register as a Guest, we will process your Personal Data to help administer that activity or event on behalf of the Business (for example: sending confirmation, promotional and feedback emails, processing payments, etc..) and to help the Business manage their event, understand the success of their event and event planning such as through event reports, guest lists, using analytics to determine effectiveness of various sales channels. In these scenarios, CellarPass just provides tools for Businesses; CellarPass does not decide what Personal Data to request on registration forms, nor is it responsible for the continued accuracy of any Personal Data provided. Questions you may have about your Personal Data and your rights under data protection law should therefore be directed to the Business as the data controller, not to CellarPass.

15. California Residents Only

The California Supplemental Privacy Notice discusses California Consumer Privacy Act (CCPA) and applies solely to California residents. It applies to personal data we collect as a business; it does not apply to personal data we collect or otherwise process as a service provider. For or a detailed copy, please view our CCPA Policy.