Privacy Center

Last Updated June 18, 2024

Sojern respects your right to privacy. This Privacy Policy explains who we are, how we collect, share and use personal information about you, and how you can exercise your privacy rights. It applies to individuals who interact with our advertising services (“Services”), access our online properties, including sojern.com (“Website”) or who participate in our recruitment activities. This Privacy Policy does not apply to third-party products or services or the practices of companies that we do not own or control. 

This Privacy Policy does not apply to personal information that Sojern processes on behalf of business customers as part of our Guest Experience Solutions (GES) product. For more information, please see the Guest Experience Solutions Product Privacy Policy.

We recommend that you read this Privacy Policy in full to ensure you are fully informed. This Privacy Policy was written in English and if a translated version conflicts with the English version, the English version controls.

‘Sojern’ is the trading name of Sojern, Inc. and its subsidiaries, headquartered in San Francisco, California, and operating globally. We provide intelligent digital marketing solutions for the travel industry to engage and convert travelers. For more information about Sojern and our Services, visit our Website.

You can visit the Privacy Center for a chart summarizing the categories of personal information we collect, use, and disclose and their different sources, purposes, and disclosures.

Below we describe the personal information that we collect and how we use it: 

1. When providing our Services,
2. On our Website, and 
3. When recruiting candidates for employment.

Providing Our Services

Our Services help businesses identify and advertise to in-market travelers for purposes of online behavioral advertising; optimize advertising campaigns across multiple channels and devices; increase web traffic and brand awareness; and use local market and competitive insights. For more information about our Services, visit our Website. As noted above, this Privacy Policy does not apply to personal information that Sojern processes on behalf of business customers as part of the GES product. For more information, please see the Guest Experience Solutions Product Privacy Policy.

Personal information from our clients’ and partners’ representatives

If you represent a client or partner that is engaging with us to provide Services, we may collect and use personal information which is necessary for our business relationship. We use this personal information to manage our business relationship, administer our Services, and communicate with you. This personal information may include:

• Name and job title;
• Company or organization;
• Contact information, including email address and telephone number;
• Financial information, including payment card and other payment related information;
• Any other personal information relating to you or other third parties which you may provide to us for the purpose of receiving our Services.

When we provide Services for our clients and partners

When clients and partners engage with us to provide Services, we may collect and use your personal information for the performance of those Services. Those Services include:

• Delivering advertising campaigns and more relevant content to our clients’ potential travelers across the Internet, mobile applications, and other channels;
• Tracking travelers across devices and browsers for purposes of online behavioral advertising;
• Creating audience segments, using data collected from our pixels and partners, for our clients to optimize the relevance and performance of their advertising campaigns; and
• Delivering intelligent insights for our clients and partners to better understand their potential customers, the advertisements they see, and how they interact with online content.

To provide our Services we use aggregated and pseudonymized personal information collected directly from our clients, who have access to this information with the consent of their users. We also use aggregated and pseudonymized personal information collected directly from our partners, who have access to this information with the consent of their users. We may also receive aggregated or anonymized information from third-party sources such as data providers. 

Specifically, we may enable clients and partners to use pixels that automatically collect personal information from their online properties to share with us. (Similar technologies to a pixel are used when you view an email from our clients or partners that has a Sojern tag, use a mobile application with a Sojern SDK installed, or see or interact with an online advertisement that was placed through our Services). This personal information may include:

• Pseudonymous IDs, such as cookie ID, mobile advertising ID (MAID), TV identifier, hashed email address, and other persistent alpha-numerical identifiers that do not, by themselves, personally identify a specific individual;
• Technical data, such as IP address, device type, browser type, date and time stamp of clicks and web visits, URLs, and other technical information;
• Customer relationship management (CRM) data belonging to our clients and partners that reflects their online and/or offline interactions with individuals;
• Audience data, such as information of preferences, interests, and consumer segment in aggregated and pseudonymized form.

Our clients and partners may use our pixels to place cookies on your browser or device. Cookies do not tell our clients, partners or us who you are as an individual and where you live. Clients and partners may use information in cookies to tailor online advertising to someone who may share certain interests or propensities with members of an aggregated group, for reporting and analytics about their websites or services, and more. Additionally, our clients, partners, and advertising service providers may request we limit the tracking of ads, and should we receive these requests, we will cease tracking and limit the use of any data collected from our pixels to research and development purposes only. We may use information about cookies to measure the effectiveness of our Services like ad campaigns for our clients and partners. Our clients and partners’ use of our pixels does not mean we endorse their privacy policies or practices. If your personal information is collected and used by other businesses, refer to their terms of use and privacy policies for information about your personal information.

Our Website

The personal information that we may collect about you when you visit our Website broadly falls into the following categories:

Information that you provide voluntarily

We collect personal information that you provide voluntarily through our Website, for example when inquiring about or registering for our Services and events. We may use your information to send marketing and promotional materials to you. The information we collect about you may include some or all of the following:

• Name and job title;
• Company or organization;
• Contact information, including email address and telephone number;
• Demographic information such as preferences and interests;
• Information pertinent to fulfilling our Services to you; and
• Any other personal information that you voluntarily choose to provide to us.

We will be clear with the reasons why we ask you to provide other personal information that was not identified above at the point we collect such information.

Information we collect automatically

When you visit our Website, we may collect certain personal information automatically from your browser, collectively, ‘technical data’. Technical data may include your IP address, internet service provider (ISP), device type, browser type, date and time stamps, cookie data, and other technical information. We collect and use this information to help us understand visitors to our Website, respond to your requests, process transactions you initiate, and improve the quality and relevance of our Website.

Recruiting Candidates

We collect information from and about candidates in connection with available employment opportunities at Sojern. We use your personal information to match your qualifications with the specific roles offered at Sojern. This information may include:

• Resume or curriculum vitae;
• Identification documents;
• Academic records;
• Work history; and
• Employment and personal references.

We may collect sensitive personal information where we have an employment law obligation to do so, the information is relevant to place future employment benefits, or with your explicit consent. We do not use sensitive personal information to determine credit worthiness or eligibility for insurance, employment, housing, etc. We may need to conduct criminal background checks for some candidates for eligibility to work at Sojern. On a voluntary basis, we may also ask you to provide diversity information such as your race/ethnicity or veteran status for diversity monitoring purposes.

We may collect personal information from candidates from the following sources:

• Directly from you, for example, when applying for a position through our careers Website;
• From recruitment agencies that identified you as a potential candidate;
• Through publicly available sources online, for example, where you have a professional profile posted online; and
• By reference or word of mouth, for example, through a referral from an individual connected to you.

We do not direct or advertise our Services to children under the age of thirteen (13) or other minimum age as required by local law. We do not knowingly collect personal information from children. If you are a child or you are a parent or legal guardian of a child and personal information was provided to us, you may alert us at sojernprivacy@sojern.com. We will take steps to delete such personal information from our files as soon as possible.

We may share your personal information with the following categories of recipients:

• To our subsidiaries and affiliates under the Sojern trade name, as well as partners and third party services providers who provide data processing services to us (for example, for Website spam security services; or if you are a candidate, from recruitment agencies we have engaged);
• To any competent law enforcement body, regulator, government agency, court or other third party where we believe disclosure is necessary: (i) as a matter of applicable law or regulation, such as complying with a subpoena or other legal process, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person;
• To a potential buyer (and its agents and advisers) in connection with any proposed purchase, merger or acquisition of any part of our business, provided that we inform the buyer it must use your personal information only for the purposes disclosed in this Privacy Policy; 
• Professional advisors, such as lawyers, auditors, bankers and insurers, where necessary in the course of the professional services that they render to us; and
• To a person you have given us your consent to disclose to.
• You can visit our Partner & Subprocessor List for more information about our data processors.

In addition to the uses of personal information described above, we may use personal information for the following general purposes:

• Where permitted by our client or partner agreements, for internal uses including research, fraud prevention and detection, and product development and improvement;
• To investigate, identify, and respond to fraudulent, harmful, unauthorized, unethical or illegal activity, including cybersecurity threats, and assist others to do the same;
• To respond to law enforcement investigations, including responding to lawful requests and legal process in civil, criminal, or investigative matters, including to meet national security or law enforcement requirements; 
• To enforce agreements, terms and conditions, and policies, and protect our legal rights; and
• To protect the personal safety of you, Sojern employees, our clients and partners or any person.

We rely on a number of legal bases to collect, use, and disclose your personal information, including:

• As necessary to provide the Services and fulfill our contractual obligations;
• With your consent;
• To comply with a legal obligation, court order, or to exercise and defend legal claims;
• To protect your vital interests or those of others; and
• For Sojern’s or a third party’s legitimate interests, and not overridden by your interests and fundamental rights and freedoms.

We use appropriate technical and organizational measures to protect the personal information that we collect and process about you. We have implemented policies that include administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, use, and disclosure. The measures we use are designed to provide a level of security appropriate to the risk of processing your personal information.

We retain personal information we collect from you where we have an ongoing legitimate business need to do so (for example, to provide the Services to you or others, or to comply with applicable legal, tax, or accounting requirements). We also retain and use personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

When we have no ongoing legitimate business need to process your personal information, we either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), we securely store your personal information and isolate it from any further processing until deletion is possible. When it is no longer necessary and relevant to provide our Services, we may aggregate or de-identify your personal information and combine with other non-personal information to provide insights and statistics and improve our products and services.

We retain raw, cookie-level data associated with our Services for up to 24 months. At the time of collection, we may create aggregated data that cannot be re-associated with an individual cookie. We may retain this aggregated data for a longer period as required by law or otherwise necessary to resolve a dispute and enforce our agreements.

Sojern cookies expire in 12 months, although your additional use of other businesses’ websites may result in the placement of a new cookie.

Our Website servers are located in the United States. To deliver our Services, we use a cloud hosting service provider that distributes traffic across servers located in multiple geographies, known as geographic load balancing. Data is then transferred to data centers located in the United States for processing. Our subsidiaries, affiliates, partners, and third party service providers operate around the world. This means that we collect your personal information and it may be processed in countries that may have data protection laws that are different to the laws of your country.

Sojern and its subsidiary, VenueLytics, Inc. comply with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.  Sojern and its subsidiary, VenueLytics, Inc. have certified to the U.S. Department of Commerce that they adhere to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) under the UK Extension to the EU-U.S. DPF.  Sojern and its subsidiary, VenueLytics, Inc. have  certified to the U.S. Department of Commerce that they adhere to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.  If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the UK Extension to the EU-U.S. DPF, or the Swiss-U.S. DPF Principles, the Principles shall govern.  To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

Sojern and its subsidiary, VenueLytics, Inc. are responsible for the processing of personal data they receive, under the DPF, and subsequently transfers to a third party acting as an agent on its behalf.  Sojern and its subsidiary, VenueLytics, Inc. comply with the DPF Principles for all onward transfers of personal data from the EU, UK, and Switzerland, including the onward transfer liability provisions.

The Federal Trade Commission has jurisdiction over Sojern and VenueLytics, Inc.’s compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF. In certain situations, Sojern or its subsidiary, VenueLytics, Inc. may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. 

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Sojern and its subsidiary, VenueLytics, Inc. commit to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF to TRUSTe, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://feedback-form.truste.com/watchdog/request for more information or to file a complaint. These dispute resolution services are provided at no cost to you.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Sojern and its subsidiary, VenueLytics, Inc. commit to cooperate and comply with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF in the context of the employment relationship.

For complaints regarding DPF compliance not resolved by any of the other DPF mechanisms, you have the possibility, under certain conditions, to invoke binding arbitration. Further information can be found on the official DPF website.

Our Standard Contractual Clauses or Data Privacy Framework certification can be provided on request.

You may choose to opt-out of cookie-based targeted advertising from Sojern by following opt-out instructions in the Privacy Center. We comply with opt-out requests by placing an “opt-out” cookie on your computer or device, so, if you clear your cookies on that computer or device, we are unable to read the “opt-out” cookie. You may also change your browser settings so that cookies cannot be placed on your device and modify your mobile device settings for seeing advertisements. Additionally, you may choose to opt-out of receiving browser-based targeted advertisements from us by following opt-out instructions here:

• Digital Advertising Alliance in the U.S. (DAA)
• Digital Advertising Alliance of Canada in Canada (DAAC)
• European Interactive Digital Advertising Alliance in Europe (EDAA). Sojern is a member of the DAA, DAAC, and EDAA and adheres to these organizations’ Self-Regulatory Principles.

If you wish to exercise your privacy rights related to the personal information provided by our clients or partners, we may help by directing your requests to them so they may appropriately respond.

For additional privacy rights that you may have under your local privacy laws, please see the following sections. 

Under applicable privacy laws, you may have the following privacy rights at any time:

• Access: You can request a copy of the personal information we have collected about you.
• Appeal: You can appeal our denial of any request validly submitted.
• Correction: You can ask us to correct inaccurate personal information that we have collected about you. 
• Deletion: You can ask us to delete the personal information that we have collected from you.
• Nondiscrimination: You are entitled to exercise the rights described above free from discrimination as prohibited under applicable privacy laws. 
• Objection: You can object to the processing of your personal information if processed under the “legitimate interests” ground under GDPR, ask us to restrict processing of your personal information, or request we port your personal information;
• Opt-Outs: 
  - You can opt-out of targeted advertising from Sojern; 
  - You can opt-out of marketing communications we send you; and - For United States residents: You may have the right to opt-out of the “sale” or “sharing” of your personal information and the processing of your personal information for targeted advertising purposes, as defined under applicable state-level privacy laws. See the “Additional Information for United States Residents” section below for additional information.‍
• Information: You can request information about our collection, use and disclosure of your personal information, including: (i) a description of the categories of personal information we have collected or shared; (ii) a description of the categories of sources from which we have collected your personal information; (iii) a description of the categories of third parties with whom we have shared your personal information; (iv) a description of our purposes for collecting and sharing your personal information; and (v) if we have used your personal information for direct marketing purposes; 
• If we collected your personal information with your consent, you can withdraw your consent; and 
• You can complain to a data protection authority about our collection and use of your personal information.

Exercising your privacy rights: You can visit the Privacy Center to access/export or delete your personal information, and also opt-out of targeted advertising from Sojern, as described in the section “Opting-Out of Sojern Targeted Advertising”. You can also exercise these and the other privacy rights above by contacting us by email at sojernprivacy@sojern.com. Contact details for data protection authorities in the European Economic Area, Switzerland, and certain non-European countries (including the US, UK, and Canada) are available on the European Commission website. We respond to all requests received from individuals wishing to exercise their privacy rights in accordance with applicable privacy laws.

You may choose to not receive marketing emails by following the “unsubscribe” link found in these emails or emailing us at mktg@sojern.com. 

This section provides additional details to United States residents, in particular, residents of California, Colorado, Connecticut, Montana, Oregon, Utah, Texas, and Virginia, that supplement their privacy rights listed in the “Your Privacy Rights” section above.

Do Not Sell or Share My Personal Information: While we do not sell personal information for monetary compensation, under some United States privacy laws  the disclosure of your pseudonymous personal information to ad exchanges, ad networks, and other companies in the programmatic advertising ecosystem, may constitute a “sale” or “sharing” of personal information, even absent an exchange of money. You have the right to opt-out of “sales”/”sharing” and can submit your opt-out request by visiting the Privacy Center. You can also exercise these rights by contacting us by email at sojernprivacy@sojern.com. You can also exercise your right to opt-out of sales/sharing occurring on the Website by using an opt-out preference signal in your web browser or by using the Do Not Sell or Share My Personal Information link in the Website’s cookie notice. We do not knowingly sell or share the personal information of individuals under 16 years of age.

Verification of Privacy Requests and Authorized Agents: We may need to verify your identity in order to process your information/, access, appeal, correction, or deletion requests and reserve the right to confirm your residency. To verify your identity, we may require government identification, a declaration under penalty of perjury, or other information, where permitted by law. 

Under applicable US privacy laws, you may appoint an authorized agent to exercise your rights on your behalf. However, we may need to verify your authorized agent’s identity and authority to act on your behalf. We may require a copy of a valid power of attorney given to your authorized agent pursuant to applicable law. If you have not provided your agent with such a power of attorney, we may ask you to take additional steps permitted by law to verify that your request is authorized, such as by providing your agent with written and signed permission to exercise your privacy rights on your behalf, the information we request to verify your identity, and confirmation that you have given the authorized agent permission to submit the request. In order for us to honor a request made by your agent, you must submit proof of your written authorization of the agent to sojernprivacy@sojern.com.

Additional Information:

For additional details regarding the collection, “sale”/”sharing”, and disclosure of personal information under the CCPA, please see the Chart of Data Categories, which supplements and is part of this Privacy Policy.

We do not use or disclose sensitive personal information for purposes that California residents have a right to limit under the CCPA.

We do not share your personal information with third parties who are not our clients and partners for their direct marketing unless you authorize us to do so.

We may update this Privacy Policy from time to time in response to legal, technical or business developments, in which case we will revise the “last updated” date at the top of this Privacy Policy. When we update our Privacy Policy, we will inform you by posting a notice on the Website prior to such changes becoming effective, which will be consistent with the significance of the changes we make.

If you have any questions or concerns about our collection or use of your personal information, email us at sojernprivacy@sojern.com. 

The entity that decides how and for what purposes we use your personal information (“data controller”) for the Website and Services is Sojern, Inc. If you are a candidate seeking employment at Sojern, the data controller is the relevant Sojern entity with whom you have engaged. Address details for all Sojern entities are available on the Contact Us page.

You may contact us via postal mail to the addresses below:

Sojern, Inc.
Attention: Privacy
545 Market Street, Floor 4 
San Francisco, CA 94105

EU Representative:

Sojern International Ltd.
Attn: Privacy
34-37 Clarendon Street
Dublin 2
Ireland