PRIVACY POLICY

OUR MISSION
At Arras Management, we are dedicated to protecting your privacy and safeguarding your personally identifiable information.

INFORMATION COLLECTION
Our main purpose in collecting your personal information is to provide you with a streamlined experience in making reservations at Arras Management. We only collect information about you that we consider necessary for achieving this. Personally identifiable information is only obtained when making a reservation. All identifiable information provided will not be disclosed to anyone unless we are specifically requested to do so. Arras Management does not give or sell to anyone any information we collect on our site.
We sometimes use data collection devices such as "cookies" on certain pages of the Site to measure effectiveness and safety. A "cookie" is a small file that gets placed on your hard drive that helps us provide our services. You are free to decline cookies if you choose to.

SECURITY
At Arras Management, we take security seriously. When users make a reservation, we use every precaution to safeguard it online and offline.
Your payment and personal information is always safe. Our Secure Sockets Layer (SSL) software is the industry standard and encrypts all of your personal information, including credit card number, name, and address, so that it cannot be read over the internet.

POLICY MODIFICATIONS
Arras Management may amend this Privacy Statement from time to time in order to meet changes in the regulatory environment, business needs, or to satisfy the needs of our guests, properties, strategic marketing partners, and service providers.

GENERAL DATA PROTECTION REGULATION (GDPR)
Arras Management has measures in place which meet the principles of data protection by design and data protection by default (per GDPR Article 25). Additionally, we have verified that our vendors and partners are in compliance with the GDPR or plan to be in compliance before May 25, 2018. If you have a GDPR question or concern or would like to receive a full copy of our GDPR addendum to this privacy policy, please email us at [email protected]

WHAT DOES THIS PRIVACY POLICY COVER?
This privacy policy describes the privacy practices of Arras Management’s website.

ARRAS MANAGEMENT EMAILS
Emails we send you may include a technology (called a web beacon) that tells Arras Management whether you have received or opened the email, or clicked a link in the email. If you do not want us to collect this information from Arras Management marketing emails, you can opt out of receiving Arras Management marketing emails.

ARRAS MANAGEMENT ONLINE ADVERTISING
Arras Management advertises online in a variety of ways, including displaying Arras Management ads to you on other companies' websites and apps. We collect information such as which ads are displayed, which ads are clicked on, and on where the ad was displayed.

BUTTONS, TOOLS, AND CONTENT FROM OTHER COMPANIES
Arras Management website may include buttons, tools, or content that link to other companies’ services (for example, a Facebook "Like" button). We may collect information about your use of these features. In addition, when you see or interact with these buttons, tools, or content, or view a Arras Management web page or app containing them, some information from your browser may automatically be sent to the other company. Please read that company’s privacy policy for more information.

ARRAS MANAGEMENT SOCIAL NETWORKING PAGES AND SOCIAL SIGN-ON SERVICES
Arras Management has its own pages on many social networking sites (for example, the Arras Management Facebook page). We may collect information when you interact with our social networking pages.

HOW DOES ARRAS MANAGEMENT USE THE INFORMATION IT COLLECTS ABOUT ME?
Arras Management uses the information we collect about you in several ways, such as:

• Better understanding how our website is being used so we can improve it and engage and retain users
• Diagnosing problems in our website
• Tailoring a website or Arras Management ad to your likely interests
• Sending you information about Arras Management, special offers, and similar information
• Conducting market research about our guests, their interests, and the effectiveness of our marketing campaigns
• Reducing fraud and protecting you as well as Arras Management

WHAT ARE COOKIES AND HOW DOES ARRAS MANAGEMENT USE THEM?
As with most websites, Arras Management uses cookies and similar technologies to make our website work as well as to learn more about our users and their likely interests.
Arras Management website may also use cookies and similar technologies from other companies that allow us to gather additional information to measure and improve the effectiveness of the Arras Management website.

DOES ARRAS MANAGEMENT SHARE MY PERSONAL INFORMATION?
Arras Management works with companies that help us run our business. These companies provide services such as delivering customer support, processing credit card payments, and sending emails on our behalf. In some cases, these companies have access to some of your personal information in order to provide services to you on our behalf. They are not permitted to use your information for their own purposes.
Arras Management may also share your personal information:

• When you agreed to the sharing
• When we are required to provide information in response to a subpoena, court order, or other applicable law or legal process
• When we have a good faith belief that the disclosure is necessary to prevent or respond to fraud, defend our websites against attacks, or protect the property and safety of Arras Management, our customers and users, or the public
• If we merge with or are acquired by another company, or if all or a substantial portion of our assets are acquired by another company. In those cases, your information will likely be one of the assets that is transferred
• We may share or publish aggregate information that doesn’t specifically identify you, such as statistical information about visitors to our website or statistical information about how guests use our website.

HOW CAN I REVIEW OR UPDATE MY PERSONAL INFORMATION?
Under the law of some countries, you may have the right to access the information Arras Management holds about you, correct mistakes in that information, and to delete personal information that we no longer have business reasons for retaining. You can request that we remove your email address from our marketing database or provide you a copy of your personal information, please email your request to [email protected]. Please note that we need to retain certain information about you for legal and internal business reasons, such as fraud prevention.

WILL ARRAS MANAGEMENT MARKET TO ME?
Arras Management and companies we hire to help us market our websites on our behalf may use your information to provide you with information and offers related to Arras Management. We give you choices regarding our marketing practices.

RETENTION OF YOUR PERSONAL INFORMATION
We will retain your personal information only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your information to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

WILL THIS PRIVACY POLICY CHANGE?
Occasionally, we may change this privacy policy to allow Arras Management to use or share your personal information in a different way. We encourage you to periodically review the Arras Management Privacy Policy for the latest information on our privacy practices.

INFORMATION REGARDING YOUR DATA PROTECTION RIGHTS UNDER GENERAL DATA PROTECTION REGULATION (GDPR)
For the purpose of this Privacy Policy, we are a Data Controller of your personal information.
If you are from the European Economic Area (EEA), our legal basis for collecting and using your personal information, as described in this Privacy Policy, depends on the information we collect and the specific context in which we collect it. We may process your personal information because:

• We need to perform a contract with you, such as when you create a Policy with us
• You have given us permission to do so
• The processing is in our legitimate interests and it's not overridden by your rights
• For payment processing purposes
• To comply with the law

If you are a resident of the European Economic Area (EEA), you have certain data protection rights. In certain circumstances, you have the following data protection rights:
The right to access, update or to delete the personal information we have on you

• The right of rectification
• The right to object
• The right of restriction
• The right to data portability
• The right to withdraw consent

Please note that we may ask you to verify your identity before responding to such requests.
You have the right to complain to a Data Protection Authority about our collection and use of your personal information. For more information, please contact your local data protection authority in the European Economic Area (EEA).

"DO NOT SELL MY PERSONAL INFORMATION" NOTICE FOR CALIFORNIA CONSUMERS UNDER CALIFORNIA CONSUMER PRIVACY ACT (CCPA)
Under the CCPA, California consumers have the right to:

• Request that a business that collects a consumer's personal data disclose the categories and specific pieces of personal data that a business has collected about consumers.
• Request that a business delete any personal data about the consumer that a business has collected.
• Request that a business that sells a consumer's personal data, not sell the consumer's personal data.