This Privacy Notice (“Notice”) sets out Gen TAO LTD, a company incorporated in Ireland, owner of the collective brand USIT which represents trading names including but not limited to USIT.ie, J1online.ie, CampUSA.ie, USAvisa.ie, StudentTravel.com (collectively referred to in this document as “USIT”, “we” “our” or “us”) protects the privacy of your personal information.
We need to collect, use and disclose personal information to perform our business functions and activities, including making and managing work and travel bookings and visa applications on behalf of our customers. We are firmly committed to protecting the privacy and confidentiality of personal information and to maintaining various physical, electronic and procedural safeguards to protect personal information in our care.
The collective brand USIT offers a range of specialist travel experiences including the J1 Summer Work and Travel visa, Work and Travel Visas, Internships to destinations around the world. As well as niche programmes we also offer adventure trips, Flights, Insurance and much more.
This Notice will apply to how we handle your personal information how it is collected, used and disclosed. When we provide our services to you it is necessary to process your data. In some cases, we may require your consent to process your data such as marketing activities. If you do not agree with any part of this Notice, you must not provide your personal information to us. If you do not provide us with your personal information, or if you withdraw a consent that you have given under this Notice, this may affect our ability to provide services to you or negatively impact the services we can provide to you. For example, most visa applications must be made under the participant’s full name and must include contact details and appropriate identification (e.g. passport details/copy). We cannot make an application for you without that information.
Please note that our website and other digital platforms may contain links to third party websites or digital platforms which are provided for your convenience. We are only responsible for the privacy practices and security of our own digital platforms.
If you have any questions about this privacy notice or about your personal data, please email us at firstname.lastname@example.org.
The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified by reference to an identifier. This definition provides for a wide range of personal identifiers to constitute personal data, including name, identification number, location data or online identifier, reflecting changes in technology and the way organisations collect information about people. The GDPR applies to both automated personal data and to manual filing systems where personal data are accessible according to specific criteria. This could include chronologically ordered sets of manual records containing personal data.
Generally, the type of personal information we collect about you is the information that is needed to facilitate your work and travel bookings or enquires and to arrange travel or other related services and/or products on your behalf.
We therefore typically process the following types of personal information about you:
- contact information (such as name, residential/mailing address, telephone /mobile number, email address)
- payment account information (credit/debit card details, including card type, card number, security number and expiry date)
- passport details
- date of birth
- work history, cover letter, curriculum vitae or resume
- information about your health issues (if any)
- other details relevant to your work and travel arrangements or required by the relevant service provider(s) (e.g. sponsors, airlines, Embassies and accommodation or tour providers)
- to communicate with you if any products or services you have requested are unavailable
When you contact us for other purposes, we may also collect personal information about you in relation to those purposes. For example, we may collect your personal information so we can contact you about a competition you have entered (e.g. if you win) or to respond to an enquiry or feedback you have sent to us. We also collect information that is required for use in the business activities of USIT and our related entities, including for example, financial details necessary in order to process various transactions, video surveillance footage used for security purposes, and other relevant personal information you may elect to provide to us.
In some circumstances, we may collect personal information from you which may be regarded as sensitive information under GDPR. Sensitive information may include (without limitation) your racial or ethnic origin, criminal record and the alleged commission of an offence, biometric and genetic information, and health information. We will only collect sensitive information in compliance where it is reasonably necessary for, or directly related to, one or more of our functions or activities (e.g. to process a visa application), unless we are otherwise required or authorised to do so by law.
We will only collect personal information in compliance with GDPR. We usually collect your personal information from the information you submit during the course of your relationship with us. We will collect this information directly from you unless it is unreasonable or impracticable to do so. If you do not agree to this policy, please do not use our websites. Your continued use of the websites following the posting of changes to this policy will be deemed your acceptance of those changes
Generally, this collection will occur:
- when you deal with us either in person, by telephone, WhatsApp, letter, email.
- when you sign up to receive communications from us at an event in one of our branches, at a college stand/talk, or in another public event we attend
- when you visit any of our websites; or
- when you connect with us via social media
- when you purchase or make enquiries about work and travel arrangements or other products and services
- Unless you choose to do so under a pseudonym or anonymously, we may also collect your personal information (other than sensitive information) when you complete surveys or provide us with feedback. In some circumstances, it may be necessary for us to collect personal information about you from a third party. This includes where a person makes a booking on your behalf which includes travel arrangements to be used by you (e.g. a family or group booking, or a travel booking made for you by your employer). Where this occurs, we will rely on the authority of the person making the booking to act on behalf of any other traveller on the booking.
Where you make a travel booking on behalf of another person (e.g. a family or group booking or a travel booking made for an employee), you are responsible for informing those other parties about this privacy notice and we will handle their data in accordance with this notice.
We make every effort to maintain the accuracy and completeness of your personal information which we store and to ensure that all your personal information is up to date. However, you can assist us with this considerably by promptly contacting us if there are any changes to your personal information or if you become aware that we have inaccurate personal information relating to you. Please see contact details below. We will not be responsible for any losses arising from any inaccurate, inauthentic, deficient or incomplete personal information that you, or a person acting on your behalf, provide to us.
We will only process your information, where:
- you have given your consent to such processing (which you may withdraw at any time)
- the processing is necessary to provide our services to you
- the processing is necessary for compliance with our legal obligations; and/or
- the processing is necessary for our legitimate interests or those of any third-party recipients that receive your personal information
In detail: Where you contact us in relation to a work & travel programme or holiday, the purpose for which we collect your personal information is generally to provide you with information about your enquiry and/or to assist you with booking on to a programme and/or travel related products and services. However, the purpose for collection may differ depending on the circumstances as disclosed in this Notice (e.g. collection of your personal information for the purpose of your participation in a competition, provision of feedback, etc.).
When you book a work and travel programme or otherwise arrange travel related products and services through us, we usually act as an agent for the relevant travel and visa service providers (e.g. for a US Sponsor appointed by the US State Department). In this case, we process your personal information as necessary to provide the services you requested from us. This usually includes collecting personal information about you both for our internal purposes as described in this Notice and for the visa and or travel service provider for whom we act as agent (e.g. to provide you with the booked services). For example, if you book a ‘J-1 Summer and Work and Travel Programme’ through us, then we use your personal information to enable your visa to be processed and disclose it to the US Sponsor and US Embassy.
We may therefore share your information with our visa and travel service providers such as sponsor agencies, employers, airlines, or other providers, who fulfil your programme bookings. Please note that these service providers also may use your personal information as described in their respective privacy notice and may contact you as necessary to obtain additional information about you, facilitate your travel reservation, or provide you with your requested services. We encourage you to review the privacy notices of any third-party travel service providers whose products you purchase through us. We will provide you with copies of all relevant travel service provider terms, conditions and privacy notices on your request.
We act as agent for or on behalf of many service providers around the world, so it is not possible for us to set out in this Notice all the travel service providers for whom we act or their locations. For more information about the disclosure of personal information to travel service providers located overseas see below under ‘personal information transferred overseas’. If you are reading this Notice because you are booking on a specific programme, holiday, tour, service you will be notified in more detail through your agent and/or in the terms and conditions who our specific partners are with regard your booking.
If you have any concerns regarding the transfer of your personal information to one of our service providers, or if you wish to contact us for further information, please refer to the “Contact” section below.
The purposes for which we collect personal information further include:
- identification of fraud or error
- regulatory reporting and compliance
- developing and improving our products and services and those of our related entities
- servicing our relationship with you by, among other things, creating and maintaining a customer profile to enable our brands to service you better or presenting options on our website we think may interest you based on your browsing and preferences
- involving you in market research, gauging customer satisfaction and seeking feedback regarding our relationship with you and/or the service we have provided
- for research and analysis in relation to our business and services, including but not limited to trends and preferences in sales and travel destinations and use of our websites
- internal accounting and administration
- to comply with our legal obligations and any applicable customs/immigration requirements relating to your travel; and
- other purposes as authorised or required by law (e.g. to prevent a threat to life, health or safety, or to enforce our legal rights)
- we may monitor or record telephone calls for security purposes, to improve the quality of services that we provide to you. In the issue of a dispute or complaint we may use these telephones calls to help clarify said dispute
Where permitted by GDPR, we may use your personal information to send you targeted marketing activities relating to our products and services (and those of third parties) that we think may interest you, unless you have requested not to receive such information. These may include, but are not limited to, mail outs, electronic marketing and notifications as described below, and telephone calls). We will only use your personal information to send electronic marketing materials to you (including e-newsletters, email and SMS,) if you have opted-in to receive them.
Should you no longer wish to receive promotional/marketing material from us, participate in market research or receive other types of communication from us, please refer to the “Contact” section below. You can unsubscribe from receiving electronic marketing materials by following the unsubscribe prompt in your email and SMS. Please also see the “Your rights” section of this Notice to learn about your ability, at any time, to opt out or limit the use of your browsing behaviour for online behavioural advertising purposes.
We do not and will not sell your personal information. We will only disclose your personal information to third parties in the ways set out in this Notice and as set out below, and in accordance with GDPR. Note that, in this Notice, where we say “disclose”, this includes to transfer, share (including verbally and in writing), send, or otherwise make available or accessible your personal information to another person or entity.
Your personal information may be disclosed to the following types of third parties:
- our contractors, suppliers and service providers, including without limitation: in each of the circumstances set out in “How do we use your personal information?
- travel service providers such as sponsor agencies, embassy’s, travel wholesalers, tour operators, airlines, hotels, car rental companies, transfer handlers and other related service providers
- suppliers of IT based solutions that assist us in providing products and services to you (such as any external data hosting providers we may use)
- An Post, courier services when sending you direct mail
- external business advisers (such as lawyers, accountants, and auditors)
- any third party to whom we assign or novate any of our rights or obligations
- a person making your travel booking on your behalf, where you are travelling on a booking made on your behalf by another person (for example, a family member, friend or work colleague)
- a person who can verify to us that they have a relationship with you (e.g. a family member) where you are not contactable, the person has been submitted by you as your next of kin, and the request is, in our opinion, in your interest (for example, where we are concerned about your welfare or a sponsor agency is concerned for your welfare or the next of kin needs to undertake action on your behalf due to unforeseen circumstances)
- as required or authorised by applicable law, and to comply with our legal obligations if needed
- customs and immigration to comply with our legal obligations and any applicable customs/immigration requirements relating to your travel
- government agencies and public authorities to comply with a valid and authorised request, including a court order or other valid legal process
- various regulatory bodies and law enforcement officials and agencies, including to protect against fraud and for related security purposes; and
- enforcement agencies where we suspect that unlawful activity has been or may be engaged in and the personal information is a necessary part of our investigation or reporting of the matter
- when we send you mail shots or email marketing we will use Mailchimp to do this and your data will be stored here – more information here
- if you fill out a form on our web platforms you may do so through Wufoo. Find more info here
Other than the above, we will not disclose your personal information without your consent unless we reasonably believe that disclosure is necessary to lessen or prevent a threat to life, health or safety of an individual or to public health or safety or for certain action to be undertaken by an enforcement body (e.g. prevention, detection, investigation, prosecution or punishment of criminal offences), or where such disclosure is authorised or required by law (including applicable privacy / data protection laws).
On our websites, you may choose to use certain features that can be accessed through, or for which we partner with, other entities that are not otherwise affiliated with us. These features, which include, a currency exchange agency, social networking and geo-location tools, are operated by third parties, including social networks, and are clearly identified as such. These third parties may use or share personal information in accordance with their own privacy policies. We strongly suggest you review the third parties’ privacy policies if you use the relevant features.
We may disclose your personal information to certain overseas recipients, as set out below. We will ensure that any such international transfers are either necessary for the performance of a contract between you and the overseas recipient or are made subject to appropriate or suitable safeguards as required by GDPR. We will provide you with copies of the relevant safeguard documents on your request.
It is possible that information will be transferred to an overseas recipient (other than any of our overseas related entities) located in a jurisdiction where you will not be able to seek redress under GDPR and that does not have an equivalent level of data protection as in Ireland or the U.K. To the extent permitted by GDPR, we will not be liable for how these overseas recipients handle, store and process your personal information.
Our service providers located overseas: In providing our services to you, it may be necessary for us to disclose personal information to relevant overseas work and travel service providers. We deal with many different providers all over the world, so the location of a service provider relevant to your personal information will depend on the services being provided. The relevant service providers will in most cases receive your personal information in the country in which they will provide the services to you or in which their business or management is based.
Our third-party service providers located overseas: We may also disclose your personal information to third parties located overseas for the purpose of performing services for us. Generally, we will only disclose your personal information to these overseas recipients in connection with facilitation of your programme or travel booking and/or to enable the performance of administrative and technical services by them on our behalf. We use key service providers located in the USA, UK, Australia, Canada, New Zealand. We also deal with many different service providers all over the world, so it is not possible for us to set out in this Notice all of the different countries to which we may send your personal information. However, if you have any specific questions about where or to whom your personal information will be sent, please refer to the “Contact” section below.
We will retain your personal data only for as long as is necessary for the purposes for which it was collected and to meet the legal and business requirements of managing your customer account and experience with us. In particular:
- We will retain personal data that is necessary for us to provide you with a product or service that you have requested or purchased for as long as it takes us to provide that product or service
- We will retain your contact details for marketing purposes for as long as we have your permission to send you marketing information or for as long as we are permitted to do so, subject to your right to object at any stage
- We will retain records of any transactions you enter with us or products or services you receive for up to seven years. This is so that we can respond to any complaints or disputes that arise in that period; USIT is not responsible for any third party’s actions or their security controls with respect to information that third parties may collect or process via their websites, services or otherwise
- We will destroy or de-identify personal information once we no longer require it for our business purposes, you request it, or as required by our retention period or by law
The General Data Protection Regulation (GDPR) strengthens your rights over how companies use your data. A summary of these rights is as follows:
- The right to insist that brands who hold your data are transparent about how they use your personal information, and fair in the way they process and use it.
- The right to access your personal information.
- The right to insist that companies correct any mistakes in the information they hold.
- The right to erase or delete your personal information in certain situations.
- The right to receive a copy of your personal data held by a company, in certain situations.
- The right to opt-out of direct marketing.
- The right to object to automated decision processes which significantly affect or disadvantage you, in certain circumstances
- The right to object to continued processing of your personal information, in certain circumstances
- The right to restrict the way that companies process your personal information, in certain circumstances.
If you wish to:
- update, modify, delete or obtain a copy of the personal information that we hold on you; or
- restrict or stop us from using any of the personal information which we hold on you, including by withdrawing any consent you have previously given to the processing of such information; or
- where any personal information has been processed based on your consent or as necessary to perform a contract to which you are a party, request a copy of such personal information in a suitable format
you can request this by emailing us at the address set out in the contact us section below. You will receive acknowledgement of your request and we will advise you of the timeframe within which you will receive your information in accordance with GDPR.
We endeavour to respond to such requests within a month or less as per GDPR regulations, although we reserve the right to extend this period for complex requests. We will update you if this is the case.
We reserve the right to deny you access for any reason permitted under applicable laws. Such exemptions may include a country’s national security. If we deny access or correction, we will provide you with written reasons for such denial unless it is unreasonable to do so and, where required by GDPR, will note your request and the denial of same in our records.
Further correspondence regarding your request should only be made in writing to the Data Protection Commissioner at the address set out below. You must always provide accurate information and you agree to update it whenever necessary. You also agree that, in the absence of any update, we can assume that the information submitted to us is correct, unless we subsequently become aware that it is not correct.
You can at any time tell us not to send you marketing communications by email by clicking on the unsubscribe link within the marketing emails you receive from us or by opting out of text messages within the SMS you have received from us. Please note if you want to opt out of both email and SMS you will need to do so through those two channels. They are exclusive of each other. You can also contact us at the information below and state what you would like to be opted out of.
In any of the situations listed above, we may request that you prove your identity by providing us with a copy of a valid means of identification in order for us to comply with our security obligations and to prevent unauthorised disclosure of personal information.
We reserve the right to charge you a reasonable administrative fee for any manifestly unfounded or excessive requests concerning your access to your personal information, and for any additional copies of the personal information you request from us.
Our websites may use social media features and widgets (such as “Like” buttons/widgets) These are provided and operated by third party companies (e.g. Facebook) and either hosted by a third party or hosted directly on our website or mobile application. These features may collect information such as the page you are visiting on our website/mobile application, your IP address, and may set cookies to enable the social media feature to function properly.
If you are logged into your account with the third-party company, then the third-party may be able to link information about your visit to and use of our website to your social media account with them. Similarly, your interactions with these features may be recorded by the third party. You can manage the sharing of information and opt out from targeted marketing via your privacy settings for the third-party social media platform.
When you access our website, or open electronic correspondence or communications from us, our servers and email broadcast provider may record data regarding your device and the network you are using to connect with us, including your IP address. An IP address is a series of numbers which identify your computer, and which are generally assigned when you access the internet.
We may use IP addresses for system administration, investigation of security issues and compiling anonymised data regarding usage of our website. We may also link IP addresses to other personal information we hold about you and use it for the purposes described above (e.g. to better tailor our marketing and advertising materials, provided you have opted in to receive electronic marketing).
You may correct or update your personal information at any time by emailing us at email@example.com. Please include your booking reference number/s, name, address, date of birth and email address when you contact us as this helps us to ensure that we accept amendments only from the correct person.
We will securely retain your data for as long as is reasonably necessary and in accordance with GDPR. The length we will hold your data for will depend on the programme you have booked with us. Please see the terms and conditions relating to the specific programme you have booked for more detail. If you wish to submit a request that your data be deleted, please email us at firstname.lastname@example.org
We will respond to any enquiries or complaints received as soon as practicable.
We may amend this Notice from time to time. If we make a change to the Notice, the revised version will be posted on our website. We will post a prominent notice on our website to notify you of any significant changes to our Notice and indicate at the end of the Notice when it was most recently updated. It is your responsibility, and we encourage you, to check the website from time to time to determine whether there have been any changes. If we update our Notice, in certain circumstances, we may seek your consent.
This Privacy Notice was last updated on 20th September 2020.