Privacy Policy

At JUMPEOPLE, we value and respect your privacy. For this reason, we have designed our privacy policy to ensure that your personal information is handled securely, transparently, and in compliance with applicable laws. Our commitment is to provide you with a trustworthy and clear experience when interacting with our website.

I. GENERAL TERMS

The company JUMPEOPLE CORP., with its registered office at Financial Park, Office 41G, Avda. de la Rotonda, Costa del Este, Panama City, District of Panama, Republic of Panama, hereinafter referred to as the "Operator," guarantees users of the website the right to choose whether to provide their information. The Operator informs that:

1. Its website uses "cookies" technology and geolocation services. You can configure your browser to be notified when cookies are received or to block their installation.

2. Cookies are small text files sent by the website server and stored on the user's device. The default cookie settings allow the information contained in them to be read only by their originating server.

3. Cookies are used to store information related to the user's interaction with the server. Cookies enable:
   a. Storing information that enhances the user experience on our site, such as remembering usernames (after logging in), so users don’t need to re-enter their username and password each time they access a subpage of the website;
   b. Adapting website content to the user's preferences and optimizing the use of the website; these files allow the user's device to be recognized and the website to be displayed appropriately, tailored to their individual needs and device used;
   c. Collecting aggregated and anonymous statistical data to better understand how users interact with the website. This allows for continuous improvement of the website’s structure and content based on user expectations.

4. The website employs two primary types of cookies: "session cookies" and "permanent cookies." Session cookies are temporary files stored on the user’s device until they log out, leave the website, or close the browser. Permanent cookies are stored on the user’s device for a specified duration set in their parameters or until deleted by the user.

5. On the website, JUMPEOPLE CORP. also employs certain third-party mechanisms, including those of partners and advertisers, such as functionalities related to social networks of Meta Platforms, Inc., Alphabet Inc., Crimtan Group, and others, which directly result in cookies from these entities being stored on the user’s device.

6. When web browser software, by default, permits the storage of cookies on the user’s device, users can modify their browser settings to manage or delete cookies (of any type) at any time. For geolocation services, the user consents directly by accepting the browser's settings.

7. Restrictions on the use of cookies may impact some functionalities available on the website or prevent its use.

8. Cookies never contain personal data of users.

9. Information stored in cookies or access to it does not cause changes to the user’s device configuration or the software installed on the device.

The User agrees to send personal data from our platform to the Service Provider for the purpose of invoicing, issuing tickets, passes, and other documents for services the User has paid for.

II. PERSONAL DATA PROTECTION POLICY

1. This text ("Personal Data Protection Policy," hereinafter referred to as the "PDP Policy") outlines the purposes for which the Operator will collect information using clear and specific forms requiring affirmative action (e.g., checking a box). Additionally, records of consent will be stored to ensure transparency and compliance. The categories of entities that may access your personal data, as well as your rights regarding the processing of such data, will be specified. This policy aligns with the implementation of new data processing requirements derived from applicable personal data protection legislation, namely Law 81 of March 26, 2019 and Executive Decree 285 of May 28, 2021 ("DEJ 285") of the Republic of Panama. Your personal data will only be processed if you grant your consent to the Operator. If you believe your data protection rights have been violated, you may file a complaint with the National Authority for Transparency and Access to Information (ANTAI), the supervisory entity for personal data protection in the Republic of Panama.

2. The PDP Policy is part of the Operator's privacy policy, which also addresses the use of cookies.

3. The PDP policy refers to the data collected by the website, the mobile application, and the Customer Service Center.

4. The data controller for your personal data (processed for the purposes specified below) is the Operator, with its registered office at Financial Park, Office 41G, Avda. de la Rotonda, Costa del Este, Panama City, Republic of Panama, and email: privacy@jumpeople.com.

5. The data controller has appointed a Data Protection Officer (hereinafter: "DPO"). You can contact the DPO regarding any matters related to the processing of your personal data, as well as for questions regarding your rights. The DPO is obligated to maintain secrecy and confidentiality while performing their duties, in compliance with applicable community or national law.
   Email: privacy@jumpeople.com

   The DPO's responsibilities include:
   a. Informing the data controller and employees involved in personal data processing of their obligations and duties under this regulation regarding data protection, as well as providing related advice;
   b. Monitoring compliance with Law 81, DEJ 285 of the Republic of Panama, and the policies of the data controller or processor, including assigning responsibilities, raising awareness, training staff involved in processing operations, and conducting related audits;
   c. Ensuring the protection of personal data when transferring it to countries lacking regulations equivalent to Panama’s Law 81, implementing standard contractual clauses, and requiring partners to adhere to international security and privacy standards;
   d. Receiving such requests, providing recommendations for data protection impact assessments, and monitoring their implementation;
   e. Cooperating with the supervisory authority, which is the Government Innovation Authority;
   f. Acting as a point of contact for the supervisory authority regarding processing-related matters and conducting relevant consultations as applicable.

6. At JUMPEOPLE, we recognize the importance of protecting minors’ privacy. We do not intentionally collect or process personal data of individuals under 18 years old. Data provided by a responsible adult for minors will only be processed for purposes such as managing bookings or requested services, ensuring confidentiality and security at all times.

7. The data controller ensures that your personal data will only be processed for specific, explicit, and legitimate purposes and will not be processed beyond these purposes. If the data controller wishes to process your personal data for purposes other than those specified, you will be notified separately to provide consent.
   The purposes for processing personal data include:

   Data will be retained as long as necessary to provide services, comply with legal requirements, resolve disputes, and conduct operational activities (e.g., fraud detection). Retained data will be subject to this Privacy Policy.

   • Creating and managing an account on jumpeople.com, verifying data, managing transactions, and providing personalized content.
   • Managing service requests, such as hotel bookings or ticket purchases, to efficiently process and complete services.
   • Conducting marketing activities, such as sending personalized emails or displaying targeted advertisements based on user interests.
   • Sending newsletters and personalized price alerts to keep you informed of offers.
   • Utilizing geolocation data (if enabled) to display personalized ads based on location.
   • Complying with legal obligations, such as tax or regulatory requirements, protecting the platform against unauthorized access, and maintaining system integrity.
   • Performing statistical analyses to improve services and user experience.
   • Handling inquiries, processing requests, and improving service quality.
   • Managing employee, collaborator, or board member data related to orders, tax information, and contractual rights.

8. You may revoke your consent for processing your personal data at any time. This can be done at the data controller's headquarters or through the corresponding form on the website (section: Contact). Revoking consent does not affect the lawfulness of processing carried out before withdrawal.

9. You can object to the processing of your personal data at any time. Once an objection is filed, the data controller may no longer process your data unless justified by significant legal grounds. Objections related to marketing purposes require no justification and will cease immediately upon objection.

10. Beyond withdrawing consent or filing objections, you have the right to access, obtain copies, transfer, rectify, delete, limit processing, and exclude data from automated decisions. These rights can be exercised via the User Profile section on the website or at the data controller's headquarters.

11. You can delete your account directly from the "Your Account" section. Note that even after account deletion, associated data will be securely retained for up to 5 years for legal or claims-related purposes, after which it will be permanently erased.

12. Personal data is obtained directly from you (e.g., account creation, transaction management). Data from other sources is only collected from public sources for service-related purposes.

13. Providing data is always voluntary but necessary to achieve the specified objectives.

14. Personal data may be shared with entities providing chosen services (e.g., airlines, hotels, insurance companies, payment processors). Only authorized employees or subcontractors with relevant agreements will access this data. Contact the DPO for details.

III. PRIVACY POLICY - PRINCIPLES RELATED TO DATA PROCESSING BY OTHER SERVICE PROVIDERS

1. Social networks. This site uses plugins for social networks from the following providers:

a. Facebook, Instagram (operator: Meta Platforms, Inc., 1601 S. California Ave, Palo Alto, California, 94304, United States).

b. YouTube (YouTube LLC, 901 Cherry Avenue, San Bruno, California, 94066, United States).

c. X (operator: X Corp., 1355 Market Street, Suite 900, San Francisco, California, 94103, United States).

d. LinkedIn (LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, California, 94085, United States).

e. TikTok (TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland).

2. These plugins typically collect user data by default and send it to the corresponding provider's server. By clicking on the symbol, you activate the plugin and give your consent for your data to be transferred to the corresponding provider.

3. The social media plugins integrated into our website are managed directly by the providers of these services. Our website only redirects the User to these plugins, and their operation depends on logging into the corresponding social network. If the User is not logged into that social network during their visit to our website, no association is made between the collected information and their social network profile. For more information about the scope, details, and purpose of data processing, as well as rights and privacy settings options, we recommend reviewing the corresponding Service Provider Policies.

4. Additionally, the service provider may send messages to individuals who accept such communications and/or when necessary for the provision of services through email tools provided by SendGrid (1801 California St., Denver, Colorado 80202, United States of America) under the terms established at: https://sendgrid.com/en-us/policies/security.

SendGrid is a service used to send emails to users who have given their consent or when necessary for the provision of our services. This provider facilitates the distribution of messages through its platform, ensuring the secure and efficient delivery of emails.

IV. ANALYSIS OF USER BEHAVIOR ON THE SITE

a. Google Analytics

This website uses Google Analytics, a website analysis service provided by Google Inc., 1600 Amphitheater Parkway, Mountain View, California, 94043, United States. This service allows linking data from multiple devices to a user identifier and analyzing actions performed by that user across devices (Firebase and Optimize services are also used).

Google will use this information at the website operator's request to analyze users' use of the site, prepare reports on their activity, and provide other services related to the website and Internet usage to the website operator. Data processing for these purposes also corresponds to the legitimate interest of the website operator. You can find more information about this service's terms of use and data protection at https://www.google.com/analytics/terms/, https://policies.google.com/?hl=es.

The user can prevent the generation of cookies through their web browser settings. Users can manage their cookie preferences through an interactive panel on the website. This panel allows them to enable or disable specific cookies according to their purpose (functional, analytical, advertising). In this case, the User may not fully benefit from all the website's functions. You can also prevent Google from collecting and processing data generated by cookies and data related to your website usage (including your IP address) by downloading and installing the plugin available at https://tools.google.com/dlpage/gaoptout?hl=es. Click here if you want to set an opt-out cookie. On mobile devices, the features described above are implemented by Firebase under the terms established at https://firebase.google.com/support/privacy.

b. Google Ads and conversion tracking

To offer services best suited to Users' expectations, the website uses Google's advertising display system and Google conversion tracking functionality to personalize online ads based on users' interests and location. The IP anonymization option is controlled by the Google Tag Manager through its internal configuration. This configuration has been designed to include the anonymity required by law for privacy protection, including IP addresses. Ads are displayed based on search requests on websites within the Google Display Network. The user can also choose the type of Google ads they see or disable Google ads based on interests through the ads settings page.

If you do not wish to receive personalized ads, you can opt-out by disabling the option in the Google ads settings page.

Refer to Google's privacy policy for more information on how Google manages cookies.

c. Google Tag Manager

This website uses Google Tag Manager, a service provided by Google Inc., located at 1600 Amphitheater Parkway, Mountain View, California, 94043, United States. This service tracks and analyzes tools like Google Analytics without the need to directly modify the website's code.

Google uses the information collected through Google Tag Manager at the website operator's request to optimize tag management and improve website functionality. This data processing corresponds to JUMPEOPLE's website's legitimate interest in ensuring efficient management and adequate platform analysis. More information about Google Tag Manager's terms of use and policy can be found at https://www.google.com/analytics/terms/tag-manager/.

d. Meta Pixel

This website uses Meta Pixel, a program by Meta Platforms, Inc., operating under the name Meta, previously known as Facebook, Inc., and TheFacebook, Inc.

Meta Pixel is a tool provided by Meta that allows tracking the actions users perform on our website. By installing Meta Pixel, we can collect data on how visitors interact with our page, such as the pages they visit or whether they make a purchase. This information helps us improve our services, personalize the browsing experience for our users, and display more relevant ads. By using our website, users consent to the collection of this data through Meta Pixel in accordance with our privacy policies. More information about Meta Pixel: https://www.facebook.com/business/tools/meta-pixel

e. Crimtan

This website also uses Crimtan's analysis and optimization services to offer a personalized experience and improve the effectiveness of advertising campaigns. Crimtan collects and processes data related to your interactions on the website, allowing analysis of user behavior across multiple devices and delivering content tailored to your interests.

The data collected by Crimtan is used to:

• Understand and analyze how users interact with the website.
• Optimize advertising campaigns and improve their relevance to the user.
• Provide a personalized and segmented experience based on interests and browsing patterns.

This data processing is carried out in accordance with the legitimate interests of the website operator to improve content, offered services, and targeted advertising campaigns.

Technology Used
Crimtan uses technologies such as cookies and tracking pixels (small images or pieces of code placed on a website to collect data about user activity, such as visited pages or time spent on the site, helping analyze and improve the online experience) to collect information about website activity, including pages visited, time spent, and interactions performed. This data is analyzed in aggregate form and not personally identified unless the user has explicitly consented.

More information about Crimtan: https://crimtan.com/terms/

V. PAYMENT PROCESSING

a. To process payments through the available methods, such as credit or debit cards, Apple Pay, Google Pay, or other authorized systems, the necessary data will be securely transferred to:

b. Stripe, Inc. (South San Francisco, California, United States) https://stripe.com/esus/legal/ssa

c. The aforementioned entity will use the data to carry out the agreed transaction through our website to enable transactions to be sent to one or more acquiring payment networks, for example:

• Technical receipt of information regarding the status of transactions,
• Reporting, including information related to transactions, service fees, chargebacks, funds, disputes, etc.
• Tokenization service,
• Fraud verification and risk management,
• Technical integration support.

d. The transfer of data related to transactions and cards is necessary to provide card payment services. However, we do not directly process this data. Our role is limited to sending the necessary information to manage the transaction, while Stripe is responsible for validating and processing payments in accordance with its own policies and security standards.

VI. ADDITIONAL INFORMATION:

The user agrees that before using each service, they have read the terms and conditions and privacy policies of each company not affiliated with JUMPEOPLE, including but not limited to payment processors, hotels, car rentals, tourism plans, and flights, among others.

The user is responsible for reading and accepting these terms before requesting any service or providing their personal data. Any updates to our privacy policy will be published on our website and will be available for consultation at all times.

This text ("Personal Data Protection Policy", hereinafter referred to as the "PDP policy") will present you with the purposes for which the Operator (hereinafter: controller) will process your personal data, and for how long it will do so. It will specify the categories of entities that may have access to your personal data, as well as the rights that correspond to you in relation to the processing of your data. The policy in question is closely related to the need to implement the new data processing requirements, derived from the applicable legislation relating to the protection of personal data, i.e. Law 81 of March 26, 2018 ("Law 81") and Executive Decree 285 of May 28, 2021 ("DEJ 285"). Your personal data will only be processed if you give the Operator your consent to do so. 

1. The PDP policy is part of the Operator's privacy policy, which also regulates the issue of the use of cookies.
    
2. The PDP policy refers to data collected by the website and mobile application, as well as through the telephone call center.
    
3. The controller of your personal data (processed for the purposes specified below) is the Operator, domiciled at Financial Park, Office 41GH, Avda. de la Rotonda, Costa del Este, Panama City, Republic of Panama, with telephone No. +(507) 6939 8800 and mail info@jumpeople.com.
    
4. The Data Controller has appointed a Data Protection Officer (hereinafter referred to as "Delegate"). You can contact the delegate to discuss any matter related to the processing of your personal data, as well as in case of doubts regarding the rights to which you are entitled. The delegate must maintain secrecy and confidentiality when carrying out his or her duties, complying with the relevant Community or national law. Email: privacy@jumpeople.com
    
5. The responsibilities of the delegate are as follows:
   
   a. inform the controller and employees involved in the processing of personal data about their responsibilities and duties under this Regulation with regard to data protection, as well as provide advice in this regard;
   
   b. monitor compliance with Law 81 and DEJ 285 and the policies of the controller or processor of personal data, including the distribution of responsibilities, awareness-raising activities, training of personnel involved in the processing operations and associated audits;
   
   c. upon receipt of such a request, provide recommendations for the purposes of the data protection impact assessment and monitor implementation;
   
   d. collaborate with the control authority, which is the Government Innovation Authority;
   
   e. to serve as a point of contact for the supervisory authority with respect to matters relating to processing and, as applicable, to make enquiries on any other relevant matter.
    
6. The data controller ensures that it will process your personal data only for specific, express and legitimate purposes and that it will not process such data in a broader scope, contrary to the aforementioned purposes. The purpose of data processing is the reason for processing the data. In the event that the controller wishes to process your personal data for purposes other than those specified above, you will receive a separate communication to inform you about the new purpose and to give your consent whether or not you accept that your personal data will be used for this new purpose. The purposes of the data processing are indicated in the table below.
    
7. At any time, you may revoke your consent granted to the controller for the processing of your personal data. You can revoke consent at the controller's head offices or via the appropriate form on the www.jumpeople.com website (section: Contact). The withdrawal of consent does not affect the compliance with the law of the processing carried out up to the time of withdrawal. In the event of withdrawal of consent, the controller will assess whether it still has grounds for data processing.
    
8. Remember that you can always, at any time, object to the processing of your personal data. Once you have objected, the controller will no longer be able to process your personal data, unless it indicates the existence of important and justified legal grounds permitting the processing, overriding the interests, rights and freedoms of the person concerned, or grounds for the determination, investigation or defence of claims.It should be noted that, in cases of processing of personal data for the marketing purposes of the jumpeople.com services, it is not necessary to justify the objection with a particular situation, and after the objection has been filed, the controller may no longer process the personal data for the marketing purposes of the jumpeople.com services in the area in which such data has been processed. An objection can be lodged at the controller's head office or via the appropriate form on the www.jumpeople.com website (section: Contact).
    
9. Apart from the right to revoke the consent provided and to object, you have the right to access your data, including obtaining a copy of the data, as well as the right to transfer, rectification and deletion, restriction of processing and opting them out of the decision based solely on automated processing, including profiling, having legal effects or having a similar essential impact. The aforementioned rights can be exercised: at the central offices of the data controller or through the corresponding form on the www.jumpeople.com website (section: ) You can also rectify your data by accessing your account.
   In addition, you can delete your account at any time by logging into Your account in accordance with the terms of use or by requesting it at the controller's head offices or via the relevant form on the www.jumpeople.com website (section: Contact).
    
10. We will obtain your personal data directly from you (through the account, when managing transactions, etc.). Data from other sources may be obtained only from public information sources and for the purposes of providing the service. This is information from entities that provide the service you have purchased (airlines, hotels, etc.). The scope of the data will include only the information necessary to confirm the payment of the order.
     
11. The provision of data is always voluntary, although it is necessary for the fulfilment of the aforementioned objectives.
     
12. The personal data processed for the purpose of providing the service in accordance with the terms of use are disclosed to the entities that provide the chosen service for the benefit of the user (including their subcontractors), such as airlines, hotels, insurance companies, payment processing intermediaries, GDS (Global Distribution System), etc. Regardless of the purpose of the data processing, it can only be accessed by authorised employees and subcontractors of the controller with whom the controller has entered into relevant contracts relating to the provision of data (for more details, please contact the Data Protection Officer).