Last Updated: March 28, 2023
Personal Information Collection
We collect minimal personal information from you as a user of the Site or as a member: your name, your email address, your home club name, your home club membership ID number, and a photograph of you so that host clubs can verify your identity when you visit and contact you if needed.
"Participating clubs" are clubs that participate in Sonato's reciprocity program known as the Sonato Alliance. A "home club" is a club where a member has a regular club membership. A "host club" is a club that is within the network of a member's home club and which the member visits, pursuant to privileges acquired through Sonato. A "network" refers to a group of clubs selected by a participating club, which are mutually eligible to send members to other clubs in the network, and to accept visits from members of other clubs in the network. All clubs in a network must be participating clubs.
When you visit our Site, our site analytics provider collects your IP address and browser (aggregated with our other users). As you visit host clubs, we keep a record of your reservations and visits to assess your usage of Sonato. If you are a participating club, the minimum information we need is your club name and address, management contact information, hours of operation, and your club rules for Sonato members.
Do Not Track Signals
Some mobile and web browsers transmit "do-not-track" signals. Because at this time there is no general agreement on how companies should interpret do-not-track signals, we do not currently respond to do-not-track signals, whether a signal is received on a computer or on a mobile device.
Third Party Applications
Use of Personal Information
We use personal information collected for the following purposes:
- Security. We use your name and email address to securely confirm your identity.
- Processing Transactions and Requests. We use your personal information to process your membership, inquiries, and requests; and communicate with you regarding the status of your membership, inquiries, and requests. We may communicate with you by email, postal mail, telephone, and/or text message. You will have the right to unsubscribe from our notification services at any time by contacting email@example.com and asking to be deleted from our mailing and telephone lists.
- Improving our Site. We may use your personal information, such as club visiting history, to enhance the services we provide and to personalize your experience with Sonato. We use your IP address and browser information (aggregated with other users) to improve our Site and better understand and serve our members.
- Providing Information. We may deliver information that is targeted to your interests, such as travel offerings, administrative notices, product offerings, and communications relevant to your use of the Site. By accepting Sonato's website policies, you expressly agree to receive this information. You may make changes to your email notification preferences at any time by contacting firstname.lastname@example.org and asking to be deleted from our mailing lists.
- Using Service Providers. We may use third parties that we refer to as internal service providers to facilitate or outsource one or more aspects of the business, product, and service operations that we provide to you (e.g., search technology, email delivery) and therefore we may provide some of your personal information directly to these internal service providers who follow industry-standard security policies and are obliged to keep your information confidential.
- Analytics. Sonato uses the services of site analytics providers to analyze traffic and usage on the Site. In the course of providing services, such companies may have access to users' IP addresses on an aggregated basis. We do not make any effort to match IP addresses with other personal information.
- Law Enforcement. Sonato cooperates with law enforcement inquiries, as well as other third parties to enforce laws, such as: intellectual property rights, fraud, and other rights, to help protect you and Sonato. Therefore, in response to a genuine request by law enforcement or other government officials relating to a criminal investigation or alleged illegal activity, we can disclose personal information about you.
- Unintended Access. Third parties may unlawfully intercept or access transmissions or private communications, or users may abuse or misuse your personal information that they collect from the Site. Therefore, although we use industry standard practices to protect your privacy, we do not promise, and you should not expect, that your personal information or private communications will always remain private. In case of a data breach, we would promptly notify our members, participating clubs, and law enforcement.
- Acquisition. In the event of a merger or acquisition, your personal Information may be transferred to the acquiring entity and become subject to the acquirer's data practices.
Disclosure of Personal Information
Your personal details are visible to Sonato's customer service and management personnel but not to other members or any participating club or third parties. If you visit a host club, your name, home club member ID, email address, telephone number, and photograph will be visible to the host club so that they can properly communicate with you and identify you. Your membership records are stored on our secure servers with industry standard encryption. Information from participating clubs is used to evaluate the usage of Sonato and its benefits to participating clubs.
We do not sell your personal information. We understand "sale" to be as defined by the California Consumer Privacy Act ("CCPA") and its implementing regulations.
Cross-Border Data Transfers
Subject to your permission — or as permitted by law — the personal data that you provide to us may be transferred within Sonato across state or country borders. We have adopted globally recognized privacy principles and only collect and/or share your personal information to the extent it is necessary to conduct business and perform requested services. Where personal data originating from the European Economic Area (EEA) is transferred to countries that are not recognized by the European Commission as offering an adequate level of personal information protection, such transfers are covered by alternate safeguards. These include entering into the appropriate data processing agreements, and if required, EU standard contractual clauses for the transfer of information as approved by the European Commission.
Your Privacy Rights and Choices
EEA, United Kingdom and Switzerland Users Only:
If you are a resident of the EEA, United Kingdom, or Switzerland, you have rights to understand and request how we collect, use, and disclose personal information, to the extent permitted by applicable law:
- Right to access your personal information held by us
- Right to rectify inaccurate personal information
- Right to have your personal information erased or deleted
- Right to restrict our processing of your personal information
- Right to data portability or to transfer your personal information
- Right to object to the processing of your personal information Right not to be subject to automated decision-making, including profiling, which produces legal effects
If you would like to exercise your privacy rights above, please contact us via email at email@example.com. If you wish to raise a concern about our use of your personal information, you have the right to do so with your local supervisory authority.
California Users Only:
The California Consumer Privacy Act of 2018 ("CCPA"), effective as of January 1, 2020, requires businesses that collect personal information of California residents to make certain disclosures regarding how they collect, use, and disclose such information. California consumers have the right to request the deletion of their personal data, additional information about our use and disclosure of their personal data, and the specific pieces of personal data we have about them. California consumers also have the right not to receive discriminatory treatment if they exercise the rights listed above.
The California Privacy Rights Act of 2023 (“CPRA”) expands the privacy protections in the CCPA. The CPRA covers personal information collected beginning January 1, 2022. The additional protections added by the CPRA include, but are not limited to, the following rights:
- To know and have access to one’s personal information
- To correct personal information
- To limit use of sensitive personal information (including but not limited to, social security, driver’s license and passport numbers) so they are used only to perform the services, as reasonably expected by a consumer
- To delete personal information
- To opt-out
- To receive equal service and price regardless of the exercise of rights
CPRA imposes the following additional requirements on companies that collect personal information:
- Data retention disclosure
- Vendor and contractor supervision
- Specific clauses required in contracts with vendors and contractors, such as prohibiting:
- Selling and sharing personal information
- Retaining, using or disclosing personal information for any reason other than the contract purposes or outside the business relationship
- Combining personal information from the contract with other personal information
- Audit and certification obligations
- Data minimization
- Companies must implement reasonable security procedures and practices appropriate to the nature of the personal information, to protect the personal information from unauthorized or illegal access, destruction, use, modification, or disclosure.
Email and Marketing
You can stop receiving promotional email communications from us by clicking on the "unsubscribe" link provided in such communications. You can also unsubscribe from our email services at any time by contacting firstname.lastname@example.org and asking to be deleted from our mailing lists. If you are a User, you may modify or delete your information by logging into your account. You may not opt out of service-related communications (e.g., account verification, information about your orders, changes/updates to our services, technical and security notices). Sonato will not send any unsolicited information, including email. You will, however, receive emails that form an essential part of the Site. If you have any questions about reviewing, modifying, or deleting your information, you can contact us directly at email@example.com. However, if we do not have a minimum of contact information for you, host clubs may not accept your visits.
Sonato cares about the security of your information, and uses commercially reasonable physical, administrative, and technological safeguards to preserve the integrity and security of all information collected through the Site. However, no security system is impenetrable and we cannot guarantee the security of our systems. In the event that any information under our control is compromised as a result of a breach of security, Sonato will take reasonable steps to investigate the situation and where appropriate, notify those individuals whose information may have been compromised and take other steps, in accordance with any applicable laws and regulations.
Sonato has a Record Retention Policy and Schedule ("Policy") which calls for the deletion of the routine business information on a periodic basis according to the type of record and the department that generates it. Some important legal documents are retained permanently as required by the Policy. Many records are deleted after one year. To delete your personal information from our records, or to request corrections to your Information, please contact firstname.lastname@example.org. Certain information cannot be deleted if you intend to continue using Sonato, such as your email address, your telephone number, and your home club member ID. If you would like a copy of your information on file with us, please contact email@example.com
We do not knowingly collect personal information from children under 16. If we learn we have collected or received personal information from a child under 16 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 16, please contact us at firstname.lastname@example.org.