Information Stewardship Notice
This document explains how comparisonusvsca handles, retains, and protects details you share with us. The focus is on clarity and your agency—what happens to your information, why it matters, and what control you maintain throughout.
Information We Derive and Record
When you engage with comparisonusvsca, we capture details that enable program delivery, communication, and operational continuity. These details emerge from various interactions—enrollment forms, email exchanges, event registrations, and platform activity.
Identity and Contact Specifics
You provide your name, email address, and phone number when you register for courses, download resources, or reach out for guidance. This foundational layer allows us to respond to inquiries, send program updates, and maintain an ongoing relationship. Without these basics, we cannot acknowledge your participation or deliver what you've requested.
Professional and Educational Background
During enrollment, you may share details about current employment, educational history, career goals, and areas of interest in sustainable tourism. This context helps us tailor recommendations, match you with relevant cohorts, and align program content with your development trajectory. We don't demand exhaustive resumes, but the more we understand your starting point, the more precisely we can guide your path.
Technical and Behavioral Signals
Our platform captures device identifiers, IP addresses, browser types, and session durations. We observe which modules you complete, which resources you access repeatedly, and how long you spend on specific content. These behavioral patterns reveal engagement depth and help us refine module sequences, identify technical bottlenecks, and flag content that needs improvement. For tracking technologies specifically, consult our Cookie Policy.
Payment Information
When you purchase a program or event ticket, we handle billing addresses and transaction records. Credit card data itself moves through our payment processor—we never store full card numbers on our servers. Transaction history remains in our records for refund processing, invoice generation, and financial compliance.
We don't scrape social media profiles or purchase third-party databases to enrich your file. What we know comes directly from what you provide or how you interact with our platform.
How We Apply Information to Operations
Every piece of information serves a functional purpose. We're not hoarding data for speculative future uses—we apply it to tasks that directly support your learning experience and our operational integrity.
Program Delivery and Access Management
Your login credentials grant portal access. Your enrollment status determines which courses appear in your dashboard. Your progress markers trigger automated milestone emails and certificate generation upon completion.
Communication and Support
When you submit a question through our contact form, we use your email to send a response. When you register for a webinar, we send calendar invites and reminder sequences. When a program date shifts, we notify enrolled participants.
Quality Improvement and Curriculum Adjustment
Aggregated engagement metrics reveal which modules cause drop-offs, which exercises generate confusion, and which topics spark repeated questions. We adjust pacing, rewrite unclear sections, and retire outdated material based on these signals.
Financial and Legal Compliance
Transaction records satisfy tax requirements, support audits, and enable refund processing. Your agreement to terms during enrollment creates a contractual record we maintain for dispute resolution and regulatory accountability.
Security and Fraud Prevention
IP addresses and login patterns help us detect account takeover attempts, block automated bot registrations, and identify unusual activity that might signal compromise.
Marketing and Outreach
If you've enrolled in one program and expressed interest in adjacent topics, we may notify you when related courses launch. If you've attended an event, we might invite you to future gatherings. You can decline these messages at any time without affecting access to purchased content.
We don't repurpose your information for unrelated ventures. If we decide to introduce a new use case not covered here, we'll notify you first and provide an opportunity to object or withdraw consent where legally required.
Movement of Information Beyond Our Organization
Most of your data stays within our direct control, but certain functions require sharing with external entities. These relationships are governed by contracts that impose confidentiality and security obligations.
Service Providers and Technical Infrastructure
Our platform runs on cloud hosting services. Email campaigns flow through a third-party marketing automation tool. Video content lives on a streaming provider's servers. Payment processing happens through a PCI-compliant gateway. Each of these providers accesses only the data segments necessary to perform their specific function. They're prohibited from using your information for their own purposes or selling it to others.
Business Transitions and Restructuring
If comparisonusvsca merges with another organization, gets acquired, or undergoes restructuring, your information may transfer to the successor entity. They'll assume the obligations outlined here unless you're notified otherwise. In the event of bankruptcy or dissolution, data handling follows applicable legal procedures.
Legal Demands and Safety Situations
We respond to valid subpoenas, court orders, and law enforcement requests when legally obligated. If we receive an urgent request related to imminent harm or safety threats, we may disclose relevant information without waiting for formal legal process. We don't disclose information in response to informal inquiries or pressure lacking legal foundation.
Public Information and Community Features
If we introduce discussion forums, peer cohort spaces, or public testimonial sections, anything you post there becomes visible to other participants. We can't control how others capture, share, or repurpose content you make publicly available within those spaces.
We do not sell, rent, or broker your personal details to advertisers, data brokers, or marketing aggregators. Revenue comes from program fees and event registrations, not from monetizing your information.
Retention Timelines and Data Disappearance
We keep information as long as it serves an active purpose or satisfies legal requirements. Once those conditions lapse, records move toward deletion or anonymization.
| Data Category | Retention Duration | Deletion Trigger |
|---|---|---|
| Active Account Information | Duration of enrollment plus two years | Account closure request or prolonged inactivity |
| Transaction Records | Seven years from transaction date | Tax and audit compliance periods expire |
| Communication Logs | Three years from last interaction | Support resolution complete and legal hold released |
| Technical Logs and Session Data | Ninety days from collection | Security analysis complete or retention period ends |
| Marketing Consent Records | Duration of consent plus one year | Consent withdrawn or inactivity threshold met |
Deletion doesn't always mean immediate physical erasure from every backup tape. It means the information becomes inaccessible for operational use and gets overwritten during normal system maintenance cycles. Backups eventually age out, typically within six months.
If you request deletion before natural retention periods expire, we'll accommodate unless we have a legal obligation to retain specific records—tax documentation, for instance, or records under litigation hold.
Your Control Mechanisms and Rights
You aren't a passive subject here. You maintain several forms of control over how we handle your information.
Access and Inspection
You can request a copy of the personal details we hold about you. We'll provide this in a structured, commonly used format—usually a spreadsheet or PDF. Expect delivery within fifteen business days of verification. There's no fee for your first request in any twelve-month period; repeated or exceptionally burdensome requests may incur administrative charges.
Correction and Update
If your contact information changes or we've recorded something incorrectly, notify us. You can edit most profile fields directly through your account dashboard. For information you can't self-edit, send a correction request to [email protected].
Deletion and Erasure
You can ask us to delete your account and associated information. We'll honor this unless we're legally required to retain certain records. Deletion is irreversible—you'll lose access to purchased content, certificates, and progress records. If you've made public posts in community forums, those may remain visible unless you delete them before requesting account closure.
Objection and Restriction
You can object to specific uses of your information, particularly for marketing outreach. If you withdraw consent for promotional emails, we'll stop sending them but will still communicate about programs you've enrolled in or transactions you've initiated. You can also request that we temporarily restrict processing while you challenge accuracy or contest our legal basis for handling certain data.
Portability
Where technically feasible, we'll provide your information in a machine-readable format that you can transfer to another service. This applies primarily to account profile details and enrollment history, not to derived analytics or aggregated insights.
Automated Decision-Making
We don't use algorithmic systems to make consequential decisions about your eligibility, pricing, or access without human review. If that changes, you'll have the right to request human intervention and explanation.
Exercising these rights doesn't cost you anything or affect your standing with us. We won't penalize you for making requests, though we may need to verify your identity before processing sensitive actions like deletion or data export.
Security Approach and Remaining Vulnerabilities
We apply multiple layers of technical and organizational safeguards to protect information from unauthorized access, alteration, or destruction. But perfect security doesn't exist—every system carries residual risk.
Technical Safeguards
- Encryption in transit using TLS 1.3 for all connections between your browser and our servers
- Encryption at rest for databases containing personal information
- Multi-factor authentication for administrative access to backend systems
- Regular security patching and vulnerability scanning of infrastructure components
- Firewall rules and network segmentation to limit lateral movement in case of breach
- Logging and monitoring of access attempts with automated alert thresholds
Organizational Controls
- Access to personal information limited to staff members who need it for specific job functions
- Background checks for employees with access to sensitive systems
- Confidentiality agreements and security training for all personnel
- Incident response procedures and data breach notification protocols
- Regular audits of access logs and permission assignments
Residual Risks
Despite these measures, risks remain. Sophisticated attackers might exploit zero-day vulnerabilities. Phishing attacks could compromise user credentials. Insider threats exist despite vetting. Natural disasters or infrastructure failures could cause temporary data unavailability. We carry cyber insurance and maintain disaster recovery plans, but we can't guarantee absolute invulnerability.
If we detect a breach involving your information, we'll notify you within seventy-two hours of discovery, explain what happened, describe what information was affected, and outline steps we're taking to contain the incident and prevent recurrence. If the breach poses significant harm, we'll also notify relevant regulatory authorities.
Your own security practices matter too. Use strong, unique passwords. Enable two-factor authentication if offered. Don't share login credentials. Be skeptical of unsolicited emails asking you to click links or provide information—verify sender authenticity before responding.
Legal Foundations and Regulatory Alignment
We process personal information based on several legal grounds, depending on the nature of the data and your relationship with us.
Contractual Necessity
When you enroll in a program, we need your contact details, payment information, and learning progress data to deliver the service you've purchased. Processing this information fulfills our contractual obligations. Without it, we can't provide access or support.
Legitimate Interests
We process certain data based on legitimate business interests—fraud prevention, system security, product improvement, and operational efficiency. We balance these interests against your rights and don't pursue activities that would cause disproportionate harm or surprise.
Consent
For marketing communications and optional features like community forums, we rely on explicit consent. You can withdraw consent anytime without affecting services you've already purchased.
Legal Compliance
Tax regulations, anti-money laundering rules, and industry-specific requirements compel us to retain certain records for specified durations. We process this information to meet legal obligations, not because we derive operational benefit from it.
Geographic Scope
Our primary operations occur within the United States, but we serve learners globally. If you're located in a jurisdiction with specific privacy regulations—California's CCPA, Europe's GDPR, or similar frameworks—you may have additional rights beyond what's described here. We honor those rights where applicable and will clarify jurisdiction-specific procedures upon request.
International Transfers
Some of our service providers operate servers outside the United States. When we transfer information internationally, we use standard contractual clauses, adequacy determinations, or other approved transfer mechanisms to ensure appropriate safeguards. If you're in a region that restricts cross-border data flows, contact us for specifics about how we handle your information.
Children and Minors
Our programs target working professionals and adults pursuing career development in sustainable tourism. We don't knowingly collect information from individuals under sixteen without parental consent. If we discover we've inadvertently obtained details from a minor, we'll delete that information promptly.
If you're a parent or guardian and believe your child has provided us with information without your knowledge, contact us immediately so we can investigate and take corrective action.
Changes to This Document
This notice evolves as our operations change, regulatory requirements shift, or we introduce new features. We'll update the "Last Updated" date at the top whenever we make substantive revisions. For significant changes affecting how we handle information or your rights, we'll notify you via email or through a prominent notice on our platform at least thirty days before the new version takes effect.
Continuing to use our services after the effective date of changes constitutes acceptance of the revised terms. If you disagree with modifications, your remedy is to discontinue use and request account deletion before the changes take effect.
Questions, Concerns, or Escalation Needs
Reach out through any of these channels if you want to exercise your rights, challenge how we've handled your information, or escalate concerns:
If internal resolution fails, you have the right to lodge a complaint with your local data protection authority or pursue legal remedies through appropriate courts.