This privacy and cookie policy (“Policy”) describes how 380 Software LLC (“Company,” “we,” and “our”) collects, uses and shares personal data when using this website www.GoTheos.com (the “Site”) and the THEOS application, (the “Application”), together (the “Services”). Please read the following information carefully to understand our views and practices regarding your personal data and how we will treat it.

Who we are: For the purpose of applicable data protection legislation, the data controller of your personal data is 380 Software LLC of 10845 Griffith Peak Dr., Suite 200, Las Vegas, NV 89135.

Must Read Sections: We draw your attention in particular to the sections entitled “International Data Transfer” and “Your Rights.”

Changes to this Policy: We will post any modifications or changes to the Policy on our Services. We reserve the right to modify the Policy at any time, so we encourage you to review it frequently. The “Last Updated” legend above indicates when this Policy was last changed. If we make any material change(s) to the Policy, we will notify you via email prior to such change(s) taking effect.

1. Purposes of Processing

We collect information about you in a range of forms, including personal data. As used in this Policy, “personal data” is as defined in the General Data Protection Regulation 2018 and any successor legislation, this includes any information which, either alone or in combination with other information we hold about you, identifies you as an individual, including, for example, your name, postal address, email address and telephone number.

We will only process your personal data in accordance with applicable data protection and privacy laws. We need certain personal data in order to provide you with access to the Services. If you created a profile/registered with us, you will have been asked to tick to agree to provide this information in order to access our services, purchase our products, and view our content. This consent provides us with the legal basis we require under applicable law to process your data. You maintain the right to withdraw such consent at any time. If you do not agree to our use of your personal data in line with this Policy, please do not use our Services.

2. Collecting Your Personal Data

We collect information about you in the following ways:

This includes the personal data you provide when:

·        registering to use our Services, including your‎ name, email address, and phone number;

·        reserving a flight using our Services, including your credit card information (credit card name, number, expiration date, CVC code, and address);

·        purchasing a flight using our Services, including passenger names, dates of birth and weights;

·        participating in promotions we run on the Services;

·        completing surveys that we use for research purposes;

·        reporting a problem with our Services or when we provide you with customer support; and

·        corresponding with us by phone, email or otherwise.

We may also get information about you from other sources. These sources may include:

·        our partners who you have agreed to share information with;

·        someone you may have asked to book or to make an inquiry on your behalf using our Services;

·        software telling us how you engage with our Services;

·        data specialists providing us with insights about our members, based on their own aggregated data sets; and

·        government and law enforcement authorities providing us with personal identification and background information when they are involved in official inquiries.

We may add the information we receive from these sources to the information we get from our Services.

We automatically log information about you and your computer or mobile device when you access our Services. For example, when visiting our Services, we and our third-party service providers receive and record information on our server logs from your browser, including your IP address, and from cookies and similar technology. We collect this information about you using cookies. Please refer to the sections on cookies and Pixel Tags below.

We may use automated decision-making and/or profiling in regard to your personal data for some services and products, for example re-sorting the order of homepage cards based on your location and sending e-mails based on location, purchase history, or in-application browsing behavior. You can request a manual review of the accuracy of an automated decision that you are unhappy with or limit or object to such automated decision-making and/or profiling by contacting us at [email protected]

3. COOKIES

We may collect information using “cookies.” Cookies are small data files stored on the hard drive of your computer or mobile device by a website. We may use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your computer or mobile device until you delete them) to provide you with a more personal and interactive experience on Services.

We use two broad categories of cookies:

(1) first-party cookies, served directly by us to your computer or mobile device, which are used only by us to recognize your computer or mobile device when it revisits Services; and

(2) third-party cookies, which are served by service providers on Services, and can be used by such service providers to recognize your computer or mobile device when it visits other websites.

Our Services use the following types of cookies for the purposes set out below:

Essential Cookies

These cookies are essential to provide you with services available through our Services and to enable you to use some of its features. For example, they allow you to log in to secure areas of our Services and help the content of the pages you request load quickly. Without these cookies, the services that you have asked for cannot be provided, and we only use these cookies to provide you with those services.

Functionality Cookies

These cookies allow our Services to remember choices you make when you use our Services, such as remembering your login details and remembering the changes you make to other parts of our Services which you can customize. The purpose of these cookies is to provide you with a more personal experience and to avoid you having to re-enter your preferences every time you visit our Services.

Analytics and Performance Cookies

These cookies are used to collect information about traffic to our Services and how users use our Services. The information gathered does not identify any individual visitor. It includes the number of visitors to our Services, the websites that referred them to our Services, the pages they visited on our Services, what time of day they visited our Services, whether they have visited our Services before, recordings of their sessions visiting our Site, how they use our Services, and other similar information. We use this information to help operate our Services more efficiently, to gather broad demographic information and to monitor the level of activity on our Services.

We use Google Analytics for this purpose. Google Analytics use their own cookies. They are only used to improve how our Services works. You can find out more information about Google Analytics cookies at the following pages: https://developers.google.com/analytics/resources/concepts/gaConceptsCookies

You can find out more about how Google protect your data here: www.google.com/analytics/learn/privacy.html

You can prevent the use of Google Analytics relating to your use of our Services by downloading and installing the browser plugin available via this link: http://tools.google.com/dlpage/gaoptout?hl=en

Targeted and advertising cookies

These cookies track your browsing habits to enable us to show advertising which is more likely to be of interest to you. These cookies use information about your browsing history to group you with other users who have similar interests. Based on that information, and with our permission, third-party advertisers can place cookies to enable them to show adverts that we think will be relevant to your interests while you are on third-party websites.

You can disable cookies which remember your browsing habits and target advertising at you by visiting http://www.youronlinechoices.com/uk/your-ad-choices. If you choose to remove targeted or advertising cookies, you will still see adverts but they may not be relevant to you. Even if you do choose to remove cookies by the companies listed at the above link, not all companies that serve online behavioral advertising are included in this list, and so you may still receive some cookies and tailored adverts from companies that are not listed.

Social Media Cookies

These cookies are used when you share information using a social media sharing button or “like” button on our Services or you link your account or engage with our content on or through a social networking website such as Facebook, X, InstaGram or Google+. The social network will record that you have done this.

You can typically remove or reject cookies via your browser settings. In order to do this, follow the instructions provided by your browser (usually located within the “settings,” “help” “tools” or “edit” facility). Many browsers are set to accept cookies until you change your settings.

Further information about cookies, including how to see what cookies have been set on your computer or mobile device and how to manage and delete them, visit www.allaboutcookies.org

and www.youronlinechoices.com.uk.

If you do not accept our cookies, you may experience some inconvenience in your use of our Services. For example, we may not be able to recognize your computer or mobile device and you may need to log in every time you visit our Services.

4. PIXEL TAGS

We may also use pixel tags (which are also known as web beacons and clear GIFs) on our Services to track the actions of users on our Services. Unlike cookies, which are stored on the hard drive of your computer or mobile device by a website, pixel tags are embedded invisibly on webpages. Pixel tags measure the success of our marketing campaigns and compile statistics about usage of our Services, so that we can manage our content more effectively. The information we collect using pixel tags is not linked to our users’ personal data.

Some Internet browsers may be configured to send "Do Not Track" signals to the online services that you visit. We currently do not respond to do not track signals. To find out more about "Do Not Track," please visit http://www.allaboutdnt.com.

We may use your personal data as follows:

·        to operate, maintain, and improve our Services, products, and services;

·        to manage your account, including to communicate with you regarding your account, if you have an account on our Services;

·        to operate and administer promotions you participate in on our Services;

·        to respond to your comments and questions and to provide customer service;

·        to undertake, or invite you to participate in, market research;

·        to send passenger name and weight information to aircraft Operator for weight, balance, and manifest records;

·        to send information including technical notices, updates, security alerts, and support and administrative messages;

·        with your consent, to send you marketing e-mails about upcoming promotions, and other news, including information about products and services offered by us and our affiliates. You may opt-out of receiving such information at any time: such marketing emails tell you how to “opt-out.” Please note, even if you opt out of receiving marketing emails, we may still send you non-marketing emails. Non-marketing emails include emails about your account with us (if you have one) and our business dealings with you;

·        to process payments you make via our Services and prevent fraudulent transactions;

·        to link or combine user information with other personal data;

·        as we believe necessary or appropriate (a) to comply with applicable laws; (b) to comply with lawful requests and legal process, including to respond to requests from public and government authorities; (c) to enforce our Policy; and (d) to protect our rights, privacy, safety or property, and/or that of you or others; and

·        as described in the “Sharing of your Personal Data” section below.

We may share your personal data as follows:

·        Third Parties Designated by You. We may share your personal data with third parties where you have provided your consent to do so.

·        Our Third Party Service Providers. We may share your personal data with our third party service providers who provide services such as payment processing, user analytics, and email marketing and delivery. These third parties are only permitted to use your personal data to the extent necessary to enable them to provide their services to us. They are required to follow our express instructions and to comply with appropriate security measures to protect your personal data.

·        Affiliates. We may share some or all of your personal data with our affiliates, in which case we will require our affiliates to comply with this Policy. In particular, you may let us share personal data with our affiliates where you wish to receive marketing communications from them.

·        Corporate Restructuring. We may share personal data when we do a business deal, or negotiate a business deal, involving the sale or transfer of all or a part of our business or assets. These deals can include any merger, financing, acquisition, or bankruptcy transaction or proceeding.

·        Other Disclosures. We may share personal data as we believe necessary or appropriate: (a) to comply with applicable laws; (b) to comply with lawful requests and legal process, including to respond to requests from public and government authorities to meet national security or law enforcement requirements; (c) to enforce our Policy; and (d) to protect our rights, privacy, safety or property, and/or that of you or others.

When we use the term “anonymous data,” we are referring to data and information that does not permit you to be identified or identifiable, either alone or when combined with any other information available to a third party.

We may create anonymous data from the personal data we receive about you and other individuals whose personal data we collect. Anonymous data might include analytics information and information collected by us using cookies. We make personal data into anonymous data by excluding information (such as your name) that makes the data personally identifiable to you. We use this anonymous data to analyses usage patterns in order to make improvements to our Services.

Our Services may contain links to our partner sites, such as Axios Media, Inc. (www.axios.com), Vegas Golden Knights (https://www.nhl.com/goldenknights/) other partners. This Policy does not cover the privacy practices of such third parties. These third parties have their own privacy policies and we do not accept any responsibility or liability for their websites, features or policies. Please read their privacy policies before you submit any data to them.

Your information, including personal data that we collect from you, may be transferred to, stored at and processed by us and our affiliates and other third parties outside the country in which you reside, including, but not limited to the United States, where data protection and privacy regulations may not offer the same level of protection as in other parts of the world. By using our Services, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Policy.

We seek to use reasonable organizational, technical and administrative measures to protect personal data within our organization. Unfortunately, no transmission or storage system can be guaranteed to be completely secure, and transmission of information via the internet is not completely secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), please immediately notify us of the problem by contacting us using the details in Section 16 below.

We will only retain your personal data until you close your account unless a longer retention period is required or permitted by law (for example for regulatory purposes).

Our Services are not directed to children under 13. If a parent or guardian becomes aware that his or her child has provided us with information without their consent, he or she should contact us using the details in Section 17 below. We will delete such information from our files as soon as reasonably practicable.

Subject to the following paragraph, we ask that you not send us, and you not disclose, any sensitive personal data (e.g., social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or trade union membership) on or through the Services or otherwise to us.

·        Opt-out. You may contact us anytime to opt-out of: (i) direct marketing communications; (ii) automated decision-making and/or profiling; (iii) our collection of sensitive personal data; (iv) any new processing of your personal data that we may carry out beyond the original purpose; or (v) the transfer of your personal data outside the EEA. Please note that your use of some of the Services may be ineffective upon opt-out.

·        Access. You may access the information we hold about you at any time via your profile or by contacting us directly.

·        Amend. You can also contact us to update or correct any inaccuracies in your personal data.

·        Move. Your personal data is portable – i.e. you to have the flexibility to move your data to other service providers as you wish.

·        Erase and forget. In certain situations, for example when the information we hold about you is no longer relevant or is incorrect, you can request that we erase your data.

If you wish to exercise any of these rights, please contact us using the details in Section 17 below. In your request, please make clear: (i) what personal data is concerned; and (ii) which of the above rights you would like to enforce. For your protection, we may only implement requests with respect to the personal data associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request. We will try to comply with your request as soon as reasonably practicable and in any event, within one month of your request. Please note that we may need to retain certain information for recordkeeping purposes and/or to complete any transactions that you began prior to requesting such change or deletion.

We are committed to resolve any complaints about our collection or use of your personal data. If you would like to make a complaint regarding this Policy or our practices in relation to your personal data, please contact us at: [email protected] We will reply to your complaint as soon as we can and in any event, within 45 days. We hope to resolve any complaint brought to our attention, however if you feel that your complaint has not been adequately resolved, you reserve the right to contact your local data protection supervisory authority.

We welcome your comments or questions about this Policy. You may contact us in writing at [email protected] or 380 Software LLC, 10845 Griffith Peak Dr., Suite 200, Las Vegas, NV 89135.

380 Software LLC commits to cooperate with the panel established by the EU data protection authorities (DPAs) and comply with the advice given by the panel with regard to human resources data transferred from the EU in the context of the employment relationship. Please contact us to be directed to the relevant DPA contacts.

This section applies only to California residents. It describes how we collect, use and share Personal Information of California residents in operating our business, and their rights with respect to that Personal Information. For purposes of this section, “Personal Information” has the meaning given in the California Consumer Privacy Act of 2018 (“CCPA”) but does not include information exempted from the scope of the CCPA.

Your California privacy rights. As a California resident, you have the rights listed below. However, these rights are not absolute, and in certain cases we may decline your request as permitted by law.

·        Information. You can request the following information about how we have collected and used your Personal Information during the past 12 months:

o   The categories of Personal Information that we have collected.

o   The categories of sources from which we collected Personal Information.

o   The business or commercial purpose for collecting and/or selling Personal Information.

o   The categories of third parties with whom we share Personal Information.

o   Whether we have disclosed your Personal Information for a business purpose, and if so, the categories of Personal Information received by each category of third party recipient.

o   Whether we’ve sold your Personal Information, and if so, the categories of Personal Information received by each category of third party recipient.

·        Access. You can request a copy of the Personal Information that we have collected about you during the past 12 months.

·        Deletion. You can ask us to delete the Personal Information that we have collected from you.

·        Opt-in. If we know that you are younger than 16 years old, we will ask for your permission (or if you are younger than 13 years old, your parent’s or guardian’s permission) to sell your Personal Information before we do so.

·        Nondiscrimination. You are entitled to exercise the rights described above free from discrimination. This means that we will not penalize you for exercising your rights by taking actions such as denying you services; increasing the price/rate of services; decreasing service quality; or suggesting that we may penalize you as described above for exercising your rights.

You may exercise your California privacy rights described above as follows:

·        Right to information, access and deletion. You can request to exercise your information, access and deletion rights by:

o   visiting http://www.gotheos.com

o   calling us at 1-702-790-8112

o   emailing [email protected]

We will need to confirm your identity and California residency to process your requests to exercise your information, access or deletion rights. We cannot process your request if you do not provide us with sufficient detail to allow us to understand and respond to it.

The list below summarizes how we collect, use and share Personal Information (“PI”) by reference to the statutory categories specified in the CCPA (defined in the glossary below), and describes our practices during the 12 months preceding the effective date of this Privacy Policy. Categories in the chart refer to the categories described above in the general section of this Privacy Policy. We have not sold your personal information in the preceding 12 months.

·        Identifiers

o   Source of the PI

▪       You

▪       Public sources

▪       Business partners

▪       Our clients

o   Purpose for collection

▪       Service delivery

▪       Research & development

▪       Marketing

▪       Compliance & Operations

o   Categories of third parties to whom we “disclose” the PI for a business purpose

▪       Affiliates

▪       Advertising partners

▪       Service-related third parties

▪       Professional advisors

▪       Authorities and others

▪       Business transferees

o   What we collect

▪       Contact data

▪       Identity data

▪       Data about others

·        Commercial Information

o   Source of the PI

▪       You

▪       Our clients

o   Purpose for collection

▪       Service delivery

▪       Research & development

▪       Marketing

▪       Compliance & Operations

o   Categories of third parties to whom we “disclose” the PI for a business purpose

▪       Affiliates

▪       Advertising partners

▪       Service-related third parties

▪       Professional advisors

▪       Authorities and others

▪       Business transferees

o   What we collect

▪       Contact data

▪       Identity data

▪       Transaction data

▪       Communications

▪       Marketing data

·        Financial Information

o   Source of the PI

▪       You

▪       Public sources

▪       Business partners

▪       Our clients

o   Purpose for collection

▪       Service delivery

▪       Research & development

▪       Marketing

▪       Compliance & Operations

o   Categories of third parties to whom we “disclose” the PI for a business purpose

▪       Affiliates

▪       Service-related third parties

▪       Professional advisors

▪       Authorities and others

▪       Business transferees

o   What we collect

▪       Financial data

·        Online Identifiers

o   Source of the PI

▪       You

▪       Our clients

o   Purpose for collection

▪       Service delivery

▪       Research & development

▪       Marketing

▪       Compliance & Operations

o   Categories of third parties to whom we “disclose” the PI for a business purpose

▪       Affiliates

▪       Service-related third parties

▪       Professional advisors

▪       Authorities and others

▪       Business transferees

o   What we collect

▪       Device data

▪       Identity data

·        Internet or Network Information

o   Source of the PI

▪       You

▪       Automatic collection

o   Purpose for collection

▪       Service delivery

▪       Research & development

▪       Marketing

▪       Compliance & Operations

o   Categories of third parties to whom we “disclose” the PI for a business purpose

▪       Affiliates

▪       Service-related third parties

▪       Professional advisors

▪       Authorities and others

▪       Business transferees

o   What we collect

▪       Device data

▪       Online activity data

·        Geolocation Data

o   Source of the PI

▪       You

▪       Automatic collection

o   Purpose for collection

▪       Service delivery

▪       Research & development

▪       Marketing

o   Categories of third parties to whom we “disclose” the PI for a business purpose

▪       None

o   What we collect

▪       Geolocation data

·        Inferences

o   Source of the PI

▪       Derived from PI you provide

o   Purpose for collection

▪       Service delivery

▪       Research & development

▪       Marketing

o   Categories of third parties to whom we “disclose” the PI for a business purpose

▪       None

o   What we collect

▪       May be derived from your:

▪       Device data

▪       Online activity data

·        Professional or Employment Information

o   Source of the PI

▪       You

o   Purpose for collection

▪       Service delivery

▪       Marketing

o   Categories of third parties to whom we “disclose” the PI for a business purpose

▪       None

o   What we collect

▪       We do not intentionally collect this information but it may be revealed in communications, identity data, or other information we collect

·        Protected Classification Characteristics

o   Source of the PI

▪       You

o   Purpose for collection

▪       Service delivery

o   Categories of third parties to whom we “disclose” the PI for a business purpose

▪       Service-related third parties

o   What we collect

▪       We do not intentionally collect this information but it may be revealed in communications, identity data, or other information we collect

·        Physical Description

o   Source of the PI

▪       You

o   Purpose for collection

▪       Service delivery

o   Categories of third parties to whom we “disclose” the PI for a business purpose

▪       Service-related third parties

o   What we collect

▪       Weight

·        Medical Information

o   Source of the PI

▪       You

o   Purpose for collection

▪       Service delivery

o   Categories of third parties to whom we “disclose” the PI for a business purpose

▪       Service-related third parties

o   What we collect

▪       Allergy information

Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

Bank account number, debit or credit card numbers, insurance policy number, and other financial information.

Precise location, e.g., derived from GPS coordinates or telemetry data.

Real name, alias, postal address, unique personal identifier, customer number, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.

The derivation of information, data, assumptions, or conclusions from any other category of Personal Information to create a profile about a person reflecting the person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities and aptitudes.

Browsing history, search history, and information regarding a person’s interaction with an Internet website, application, or advertisement.

Personal information about an individual’s health or healthcare, including health insurance information.

An online identifier or other persistent identifier that can be used to recognize a person, family or device, over time and across different services, including but not limited to, a device identifier; an Internet Protocol address; cookies, beacons, pixel tags, mobile ad identifiers, or similar technology; customer number, unique pseudonym, or user alias; telephone numbers, or other forms of persistent or probabilistic identifiers (i.e., the identification of a person or a device to a degree of certainty of more probable than not) that can be used to identify a particular person or device.

An individual’s physical characteristics or description (e.g., hair color, eye color, height, weight).

This term is not defined in the CCPA, but likely includes any information relating to a person's current, past or prospective employment or professional experience (e.g., job history, performance evaluations).

Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).

 

 

R1/OCT/25/24/ARF