Privacy Policy
The Ministry of Tourism, Investments & Aviation of the Commonwealth of The Bahamas (“we,” “us,” “our”) respects your privacy and is committed to protecting your personally identifiable information. We have adopted this privacy policy (“Privacy Policy”) to explain what information may be collected on this site (“Site”) and how such information may be used and/or shared with others. This Privacy Policy applies solely to information collected through this Site and not through any other sources. This Privacy Policy is subject to the terms of Use posted on this Site. Please return to this Site and review this Privacy Policy from time to time, as it may be amended without notice. Any changes to this Privacy Policy will be effective immediately upon the posting of the revised Privacy Policy on this Site. Your use of this Site constitutes your agreement to this Privacy Policy.
This Privacy Policy covers the collection, use, storage, treatment, and disclosure of personal information we collect when you visit or use any of the websites that are owned, published, or operated by us (individually, the “website” and collectively, the “websites”). It also covers personal information disclosed to us via mail, our websites, or telemarketing. This Privacy Policy does not describe privacy policies and practices of websites and platforms that we do not provide, including those linked to, or integrated with, our websites (e.g., Facebook or our sponsors or customers). It also does not cover personal information you may choose to share with other users of our websites.
By using our website, you signify your consent to the collection, use, storage, treatment, and disclosure of your personal information in accordance with this Policy. If you do not agree with this policy, do not use our website.
CHILDREN’S PERSONAL INFORMATION
Our websites are not directed to children under the age of 16. We do not knowingly collect any personal information concerning or from children under the age of 16, except when consent is provided by a parent or guardian. If we learn that we have collected personal data from a child under 16 without parental consent, we will take steps to delete the information as soon as possible.
NON-PERSONALLY IDENTIFIABLE INFORMATION WE COLLECT
From time to time we automatically collect certain non-personally identifiable information when you visit any one of our websites, such as the time and date of your visit, the pages that you access, the website from which you linked to our website, the sections of the website you visit, and the number of times you return to the website. This information is not used to identify you, but is used in the aggregate for our internal marketing, system administration, website improvements and other similar purposes.
COOKIES
Our website uses Cookies. Cookies are small text files that are downloaded to the browser of a computer, tablet, or smartphone used to visit a website. A Cookie will identify your browser, help you log in and improve the navigation of a website. We use Cookies to help us improve the performance of our website.
Cookies allow us to review the number of visitors to our website and a visitor’s usage patterns; to track key performance indicators such as pages visited, frequency of visits, downloads, and other statistical information; whether a visitor views the mobile or desktop version of our website; to recognize you if you return to our website; to store information about your past visits, and to remember your preferences.
EXAMPLES OF COOKIES WE USE:
- Session Cookies. We use Session Cookies to operate our website.
- Preference Cookies. We use Preference Cookies to remember your preferences and various settings.
- Security Cookies. We use Security Cookies for security purposes.
You may be able to disallow Cookies by modifying the settings in your browser. To learn more about Cookies, and how to disallow or manage them go to: http://www.allaboutcookies.org. If you choose not to accept Cookies, you may be unable to access certain parts or pages or our website. Your non-personally identifiable information may be disclosed to others and permanently archived for future use.
PERSONAL
During your use of our website, you may be asked to voluntarily provide certain personal information for purposes such as facilitating communications with you or for applying for access to certain special features or areas of the websites. This may include information such as name, address, telephone numbers, company name, job function, and email address.
We also automatically collect certain usage details, IP addresses, and browser information. When you visit our website, we collect technical information such as the identity of your Internet Protocol (IP) address, your computer or device’s operating system and browser type, geo-location data, and the pages of our website that you visit. Most browsers transmit this type of information to websites automatically. We collect this information to administer and manage our website, to ensure that it functions properly and to review aggregate information.
Except as described above, we do not collect any personal information about you other than personal information which you expressly choose to submit to us directly or through our service providers, such as our telemarketers.
HOW WE USE THE INFORMATION WE COLLECT
We use the information collected from us and/or our services providers (e.g., Listrak, Rack Space, Amazon Web Services, and others) as follows:
- to contact and correspond with you and to respond to your inquiries;
- to improve our website;
- to target advertisements or other content on the website to products or services that may be of interest to you;
- to allow you to participate in interactive features of our website when you choose to do so;
- to monitor the usage of our website;
- to detect, prevent, and address technical issues;
- to analyze trends, administer the website, track users’ movements around the website, and to gather demographic information about our user base as a whole; and
- to offer media products you request, or as otherwise permitted by law.
We may also use information we collect to analyze user behavior as a measure of interest in, and use of our website, and may disclose such analyses to advertisers or other third parties in the form of aggregate data, such as overall patterns or demographic reports that do not describe or identify any individual user.
We may disclose personal information about you to third parties: (i) if we have a good-faith belief that we are permitted or required to do so by law or legal process, (ii) to service providers who require access to such information for the carrying out of their mandate, (iii) to respond to legal claims, (iv) to protect our rights, property or safety or the rights, property or safety of others, or (v) to the resulting organization if we are involved in a merger or other reorganization. The disclosures referred to in this section may include transfers to entities located in other countries. Such transfers may include third parties located in other countries (such as Canada, Mexico, Caribbean, South America and EU countries). We have not confirmed that all such countries apply the same standards as required under the European General Data Privacy Regulations (“GDPR”); therefore, some risk exists regarding such transfers if the third parties are in countries where the European Commission has not made an adequacy determination nor adopted appropriate safeguards.
USER-PROVIDED INFORMATION AND OTHER PARTIES
If you post information on our website, or disclose it to any other party through our website, you should be aware that your information may then be made available to others.
We may provide the information you provide us on a confidential basis with partners, contractors, vendors, or service providers for whom we provide services or that support our operations and our website, but only for those purposes. This may include, for instance, deploying marketing or informational emails and providing personalized web content.
We may also use the information to send emails to you on behalf of a sponsor. If a recipient of an email clicks on a sponsored link, we may share the following information with that sponsor: name, address, telephone numbers, company name, job function, and email address. We will not share this information as to persons who have opted out of receiving advertising emails or have requested that we not share personal information.
We may also share your personal information with courts, law enforcement authorities, regulators, or other parties when it is reasonably necessary for the establishment, exercise or defense of a legal or equitable claim, or for purposes of an alternative dispute resolution process; to comply with a subpoena or court order, legal process, or other legal requirement or when we believe in good faith that such disclosure is necessary to comply with the law, prevent imminent physical harm or material financial loss; to investigate, prevent or take action concerning illegal activities, suspected fraud, threats to us or our property; or as necessary in connection with an investigation of fraud, intellectual property infringement, piracy or other unlawful activity.
LINKS TO SOCIAL MEDIA AND THIRD-PARTY WEBSITES
Our website may include links to blogs, social media and third-party websites. These third-party sites have their own privacy policies and terms of use and are not controlled by this Privacy Policy or the terms of our website’s disclaimer. You should carefully review any terms, conditions and policies of such third-party sites before visiting them or supplying them with any personal information. If you follow a link to any third-party site, any information you provide that site will be governed by its own terms of use and privacy policy and not this Privacy Policy.
We are not responsible for the privacy or security of any information you provide to a third-party website or the information practices used by any third-party site, including links to any third-party site from our website. We make no representations, express or implied, concerning the accuracy, privacy, safety, security or the information practices of any third-party site. The inclusion of a link to a third-party site on our website does not constitute any type of endorsement of the linked site by us. We are not responsible for any loss or damage you may sustain resulting from your use of any third-party website or any information you share with a third-party website.
STORING AND SECURING YOUR PERSONAL INFORMATION
Your information may be subject to foreign laws and accessible to foreign governments, tribunals, law enforcement, and regulatory agencies. To help protect the confidentiality of your personal information, we employ security safeguards appropriate to the sensitivity of the information (including encryption in transit and at rest) and we limit access to your personal information solely to those employees, representatives and agents who require such information for the fulfillment of their functions and/or the carrying out of their mandates. We will keep such information only as long as necessary to fulfill the business purposes for which it was provided and to meet legal obligations. We will not use your personal information for making any automated decisions affecting your legal rights or for creating profiles other than as described in this Policy.
No method of data storage or data transmission can be guaranteed to be completely secure. Your use of our website, and any personal information you transmit to us, is at your own risk.
ANALYTICS
We may use third-party service providers and applications to monitor and analyze the use of our website. This may include access to personal information as well.
GOOGLE ANALYTICS
Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our website. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.
You can opt-out of having made your activity on our websites available to Google Analytics by installing the Google Analytics opt-out browser add-on https://tools.google.com/dlpage/gaoptout for your web browser. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js, and dc.js) from sharing information with Google Analytics about visits activity and prevents your data from being collected and used by Google Analytics. For more information on the privacy practices of Google, please visit the Google Privacy Terms web page: http://www.google.com/intl/en/policies/privacy/
BEHAVIORAL MARKETING
We use remarketing services to advertise on third party websites to you after you visited our website. We and our third-party vendors use Cookies to inform, optimize and serve ads based on your past visits to our website.
GOOGLE ADWORDS
Google AdWords’ remarketing service is provided by Google Inc. You can opt-out of Google Analytics for Display Advertising and customize the Google Display Network ads by visiting the Google Ads Settings page: http://www.google.com/settings/ads.
For more information on the privacy practices of Google, please visit the Google Privacy Terms web page: http://www.google.com/intl/en/policies/privacy/.
FACEBOOK
Facebook’s remarketing service is provided by Facebook Inc.
You can learn more about interest-based advertising from Facebook by visiting this page: https://www.facebook.com/help
To opt-out from Facebook's interest-based ads follow these instructions from Facebook: https://www.facebook.com/help/568137493302217
Facebook adheres to the Self-Regulatory Principles for Online Behavioral Advertising established by the Digital Advertising Alliance. You can also opt-out from Facebook and other participating companies through the Digital Advertising Alliance in the USA http://www.aboutads.info/choices/, the Digital Advertising Alliance of Canada in Canada http://youradchoices.ca/ or the European Interactive Digital Advertising Alliance in Europe http://www.youronlinechoices.eu/, or opt-out using your mobile device settings. For more information on the privacy practices of Facebook, please visit Facebook's Data Policy: https://www.facebook.com/privacy/explanation.
UPDATING, CORRECTING OR WITHDRAWING YOUR PERSONAL INFORMATION
It is important that the personal information we have about you is accurate. If any of the personal information you provide us should ever change, for instance if you change your email address or phone number, or should you wish to change your preferences, to stop receiving announcements from us, to correct any inaccurate personal information about you, or to delete any personal information that you provided through your visits to our website, please let us know by sending an email to tourism@bahamas.com. We are not responsible for any losses that could arise from any inaccurate, deficient, or incomplete personal information that you provide us.
For security reasons, we may need to request specific information from you to help us confirm your identity, before we correct, update or delete any personal information you provide us.
RIGHT TO ACCESS AND/OR CORRECT PERSONAL INFORMATION
At any time after we collect your personal information, you will have a right to access and/or to correct it. You may make such a request by sending a written request by email to tourism@bahamas.com.
RIGHT TO WITHDRAW CONSENT
At any time after we collect your personal information, you will have an opportunity to withdraw your consent to its use or disclosure. You may make such a request by sending an email to tourism@bahamas.com.
E-MAIL
If you have any questions regarding this Policy or our privacy practices, or the privacy policy and practices of our domestic or foreign service providers, you can contact us at tourism@bahamas.com.
If you contact us by e-mail, you should be aware that e-mail transmissions might not be secure. Information you send by e-mail could be viewed in transit by a third party. We will have no liability for disclosure of your information due to errors or unauthorized acts of third parties during transmission.
CALIFORNIA RESIDENTS
This section of our Privacy Policy applies only to persons who are California residents.
The California Consumer Privacy Act (“CCPA” or “Act”) grants residents of the State of California certain privacy rights in their personal information
PERSONAL INFORMATION
The CCPA defines personal information as information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.
Personal information under the CCPA, however, does not include the following:
- Deidentified or aggregated consumer information.
- Publicly available information from federal, state, or local government records.
Other information is excluded from the scope of the CCPA:
- Medical or health information covered by the Health Insurance and Portability and Accountability Act of 1966 (“HIPAA”) and the California Confidentiality of Medical Information Act (“CIMIA”).
- Personal information covered by the Gramm-Leach-Bliley Act (“GBLA”), and the California Financial Information Privacy Act (“FIPA”).
- Personal information covered by the Driver’s Privacy Protection Act of 1994.
- Personal information collected, processed, disclosed, or sold for use in a report or by the user of a report under the Fair Credit Reporting Act (“FCRA”).
The categories of personal information collected and the purposes for which personal information may be used are described above in the sections entitled “Personal information we collect,” “How we use the information we collect,” and “User-provided information and other parties.”
YOUR CCPA PRIVACY RIGHTS
The CCPA, where applicable, provides California residents with the right to request for disclosure of
- Categories of any personal information collected about you.Specific pieces of personal information collected about you.
- Categories of sources of any personal information collected about you.
- The business or commercial purpose for collection or selling personal information.
- Categories of third parties with whom your personal information was shared.
- Categories of any personal information disclosed about you for a business purpose in the preceding 12 months.
- Your right to request deletion of any personal information about you that was collected from you, subject to certain exceptions outlined below.
- Your right not to receive discriminatory treatment for the exercise of your privacy rights conferred by CCPA.
REQUESTS TO DELETE PERSONAL INFORMATION
CCPA, where applicable, provides a right to request the deletion of any of your personal information collected from you. This must be made in a verifiable request. Once we receive and confirm your request, we will delete the information from our records unless an exception applies. CCPA, where applicable, provides that we are not required to comply with a request to delete personal information if the information is necessary to:
- Comply with a legal obligation.
- Complete the transaction for which the information was collected, provide a good or service you requested, perform a contract with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or take actions reasonably anticipated in the context of our ongoing business relationship with you.
- Detect security incidents, protect against deceptive, malicious, fraudulent, or illegal activity, or to prosecute those responsible for that activity.
- Debug products, services, or applications to identify and repair errors that impair existing functionality.
- Exercise free speech rights, ensure the rights of others to exercise their free speech rights, or exercise another right provided by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code 1546, et. Seq.)
- Enable solely internal uses that are compatible with the context in which the personal information was provided.
HOW TO EXERCISE YOUR PRIVACY RIGHTS
You can exercise these rights in several ways. You can make a request by calling 1.800.224.2627, by submitting a request via email at tourism@bahamas.com, by submitting a request on our website, www.bahamas.com/ or by sending a written request to The Bahamas Ministry of Tourism and Aviation, P.O. Box N-3701, Nassau, Bahamas. Attention: Digital Media Department. Additionally, regarding sale of personal information as defined in CCPA, you may make that request at our “Do Not Sell My Personal Information” form at www.bahamas.com/privacy-policy.
You may make the request on your own behalf or on behalf of your minor child. Another person who is legally authorized to act on your behalf may also submit a request for you. Please describe your request in sufficient detail to allow us to understand the nature of the request, evaluate and respond to it. Because CCPA allows certain disclosures and actions only upon receipt of a “verifiable consumer request,” please provide sufficient information with you request to allow us to verify that you are the person, or an authorized representative of that person, about whom we collected personal information.
HOW WE WILL VERIFY AND RESPOND
Before we respond to any request involving personal information, CCPA, where applicable, requires that we confirm the identity of the person making the request, and if the request is made on behalf of another person, his or her authority to make the request on the other person’s behalf. Accordingly, we reserve the right to deny any request where we are unable to satisfactorily confirm the identity or the right of the person to make the request. We will attempt to verify your identity by matching any information provided in the request against the personal information already in our possession. If you have authorized someone else to make a request on your behalf, we will attempt to verify the identity of that person and that you have authorized that person to submit a request on your behalf, which may include requesting a copy of any written authorization or power of attorney applicable to the request.
The amount of information we may require in our verification process will depend on a variety of factors including the nature of the request, the type, sensitivity, and value of the personal information in our possession, the potential risk of harm that could result from unauthorized access or deletion of your personal information, the likelihood that fraudulent or malicious actors would seek your information, and whether the information provided to us is sufficient to protect against fraudulent requests or being fabricated or spoofed. For example, we may require more points of confirmation if the request is to disclose specific pieces of information rather than only categories of information in our possession. During our verification process, we may request additional information from you. Any such additional information will be used only for purposes of verification of the request.
We will endeavor to respond within forty-five (45) days of receipt of a verifiable consumer request. If, however, we are unable to respond within that time, we will notify you of the reason and the additional time needed to make our response. CCPA permits us to extend the time of our response by up to an additional 45 days.
If we deny a request in whole or in part, we will explain the reasons for our denial.
CCPA’S LIMITATIONS ON DISCLOSURES
We are not obligated under CCPA to respond to any request where compliance or disclosure would violate an evidentiary privilege under California law or conflict with federal or state law.
CCPA does not require that we provide personal information to a consumer more than twice in a twelve month period. Any disclosures we make in response to a request will cover only the twelve month period preceding the request.
We will not charge a fee to process or respond to your request and will provide the information free of charge. Where a person’s requests are repetitive, manifestly unfounded, or excessive, CCPA authorizes us to either charge a reasonable fee that takes into account our administrative costs, or refuse to act on the request and notify the person making the request the reason for our refusal. If we determine that a request warrants a fee, we will explain our decision and will endeavor to provide a cost estimate.
Regulations proposed by the California Attorney General prohibit us from disclosing specific pieces of personal information if the disclosure creates a substantial, articulable, and unreasonable risk to the security of that information or the security of our systems or networks. The proposed regulations further prohibit us from disclosing in response to a consumer’s request a Social Security Number, driver’s license number, other government identification number, financial account numbers, health insurance or medical identification numbers, account passwords, or security questions and answers.
NON-DISCRIMINATION
We will not discriminate against you for exercising any of your CCPA rights. This means, for instance, that we will not deny you services or charge you a different price, including a discount or other benefit, or impose a penalty for the exercise of your CCPA rights.
OTHER CALIFORNIA PRIVACY RIGHTS
The California Civil Code permits California Residents with whom we have an established business relationship to request that we provide you with a list of certain categories of personal information that we have disclosed to third-parties for their direct marketing purposes during the preceding calendar year. To make such a request please send an email to tourism@bahamas.com. Please mention that you are making a “California Shine the Light” inquiry.
VISITORS FROM OUTSIDE THE UNITED STATES
If you are visiting our website from outside the United States (“U.S.”), any information you voluntarily provide via our website and any technical information from the browser of your computer, tablet, or mobile device will be transferred out of your country and into the U.S.. The protections available to the privacy of your personal information in the U.S. may significantly differ from the protections available in your country. If you do not want any personal information to be transferred to the U.S., please do not provide that information to us via our website.
VISITORS FROM THE EUROPEAN UNION
The GDPR extends certain rights to natural persons in the EU involving the privacy of their personal information.
We are the data controller for any personal information provided to us from persons in the EU. We do not have a representative in the EU. As noted earlier, we may transfer your personal data to another country or international organization as needed.
We will retain any personal information that you provide us for as long as necessary to fulfill the business purposes for which it was provided and to meet legal obligations, unless you request that information be deleted at an earlier date. If that information is subject to a litigation hold, or is required to assert or defend a legal claim, then we will hold that information until the claim or action is finally resolved.
The GDPR grants EU residents with the right to request that we update, correct, or complete his or her personal information, and to delete or erase any of that personal information from our records. It grants EU residents with the right to object to processing of personal information in certain instances, such as for direct marketing purposes. The GDPR also grants EU residents with the right to restrict the processing of personal information when you believe the information in our possession is inaccurate, that our processing is unlawful, that we no longer need the information for purposes of the processing, or where you have objected to that processing. You may withdraw your consent at any time to our possession or processing of your personal information. EU residents also have a right to request access to their personal information, and to request certain information about its processing. The GDPR also grants EU residents with the right to obtain a copy of any personal information that is processed by automated means which you voluntarily provided to us in a commonly used, structured, machine-readable format, or to have that information transferred to another controller when it is technically feasible. An EU resident can exercise any of these rights by sending an email to tourism@bahamas.com.
You also have the right to lodge a complaint with the competent supervisory authority of an EU member state.
We will review any requests we receive from EU residents and will endeavor to respond in a timely manner. For security reasons, we may request specific information from you to help us confirm your identity before taking action on any request, and to ensure your right of access and the exercise of any GDPR right does not adversely affect the rights of others.
We reserve the right to refuse to act on a request, or to charge a reasonable administrative fee when a request is either manifestly unfounded or excessive because of its repetitive character, and to charge a reasonable administrative fee to requests for further or additional copies.
VISITORS FROM THE UNITED KINGDOM
We manage your data in line with our responsibilities under the United Kingdom General Data Protection Regulation, as supplemented by the Data Protection Act 2018 (the “Act”). Where you provide personal information via our website, it will only be used as specified on the relevant pages of the site, or if we are required to do so by law – for example, by court order, or to prevent fraud or other crime. All information will be held and used in accordance with the Act. You have the following rights in relation to the personal information you provide to us:
You have the right to ask for copies of your personal information;
You have the right to ask us to rectify any inaccurate information;
You have the right to ask us to update your personal information if it changes;
You have the right to request we erase the personal information we hold, or you can object to our processing your information, in certain circumstances.
You can exercise any of these rights by sending an email to tourism@bahamas.com. You can also lodge a complaint about the collection and use of your personal information with the Information Commissioner. They can be contacted at icocasework@ico.org.uk or at Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.
CHANGES TO THIS POLICY
We reserve the right to change or update this policy, or any other policies or practices, at any time, at our sole discretion, and without notice or liability to you or any other person. Any changes or updates will be effective immediately upon posting to our website. The collection, use, and disclosure of your personal information by us will be governed by the version of this policy in effect at that time. New versions of this policy will be posted here. Your continued use of our website will signify that you consent to the collection, use, and disclosure of your personal information in accordance with the changed policy. Accordingly, we recommend that you periodically review this policy to ensure that you are familiar with its most current version.