Backroads Privacy Policy

Effective date: December 17, 2025

Thank you for visiting Backroads’ online and mobile resources and for viewing this privacy and data security statement. Our privacy statement, contained on the page below, serves to give notice about the types of personal information we collect, how we use it, with whom and why we share it, and what we do to try to protect it. We delve into those matters in a fair amount of detail. We encourage you to read it carefully; in the meantime, you may want to review this summary:

Summary of How We Handle Personal Information

What Do We Collect?

We collect and retain certain personal information from a variety of different data subjects. Our privacy statement applies mostly to those who visit and use our online and mobile resources, from whom we collect very little information unless it is voluntarily submitted to us. Learn about the categories of personal information we collect from all four groups of data subjects outlined below. 

Why Do We Use It?  

We use personal information received from visitors and users of our online and mobile resources to communicate directly with them. We provide further detail about our use of personal information.

When Do We Share It?

We share personal information when needed to fulfill our legal obligations and when our vendors and business partners need it to perform under the contracts we have with them. We provide further detail about our sharing of personal information. We do not sell or rent any personal information collected on our website from any group of data subjects to third-party data brokers or marketing companies.

How Do We Protect It?

We’ve invested in a Security Program that addresses both technical and operational matters. Our program includes incident response and management and vendor oversight components.

Your Privacy Choices and Rights

You do not have to provide personal information to enjoy most of the features of our online and mobile resources. Moreover, you can opt out of certain activities like newsletters and announcements. 

Contacting Our Privacy Office

If you have any questions about our privacy and data security policies, procedures and practices, including anything we say in this privacy statement, we encourage you to contact our Privacy Office.  

Address: 801 Cedar Street, Berkeley, CA 94710, USA  

Email: privacy@backroads.com

Phone:  800-462-2848

Webform: backroads.com/privacy-request

This privacy statement was amended as of December 17, 2025 and is effective as of that date. The English language version of this privacy statement is the controlling version regardless of any translation you may attempt.  

Please note that use of our online and mobile resources is also governed by our Terms of Use (“Terms”) which contain a class action waiver and mandatory arbitration clause governing all privacy-related complaints and disputes except those falling under General Data Protection Regulation (defined below). We encourage you to read the Terms carefully.

Navigating Through this Statement

Use the links below to navigate to areas of this statement that apply specifically to you or which may otherwise be of interest:

Some Important Vocabulary

From Whom Do We Collect Personal Information?

What Personal Information Do We Collect?

How Do We Use the Personal Information We Collect?  

When/With Whom Do We Share Personal Information?  

How Do We Protect Collected Personal Information?

Your Rights and Options

Children’s Privacy

Comprehensive Privacy Laws

Changes to this Privacy Statement

Contacting Us

Some Important Vocabulary

Although not itself a contract, this privacy statement is an important document that explains how we address some of our legal obligations and your related legal rights involving personal information. Clarity is therefore important. We’ll use this section to let you know about some words that have special meanings whenever you see them in this statement. Let’s start with the word “statement” itself: when we reference “this statement,” “this privacy statement” and “our statement,” we mean the Privacy and Data Security Statement you are reading now. Wherever we say “Company,” “we,” “us,” or “our,” we mean Backroads. We use the words “you” and “your” to mean you, the reader, and other visitors to our online and mobile resources who are, in all cases, over the age of 18. This age requirement is discussed in more detail later in this statement. We also want to be very clear about exactly what parts of the Company are covered by, and adhere to, the policies and procedures explained in this statement.  

When we talk about our “online and mobile resources,” we mean all websites, portals or other features we operate to allow you to interact with us and our systems, as well as the mobile apps we’ve created and distributed to let you interact with the content we provide. An “affinity action” is when you “follow,” “like” or take a similar or analogous action on our external social media presence. 

Finally, and perhaps most importantly, when we refer to “personal information,” we mean any information, data or data element, whether in electronic or other form, that, alone or in combination with other elements, can be used to distinguish, trace, or discover your identity. Certain data privacy laws include specific elements or defined terms for what they consider to be personal information (sometimes also referred to as “personal data”). Where such data privacy laws apply, then the term “personal data” includes the specific elements and defined terms required by such laws.  

From Whom Do We Collect Personal Information?

We collect personal information from four groups of data subjects:

  • Customers  
  • Our workforce and job applicants
  • Third-party vendors and business partners  
  • Visitors to, and users of, our online and mobile resources  

The categories of information we collect from each of these groups, and the ways in which we use it, differs. As you may have noticed, it’s possible that the same person could fall into more than one group. For instance, an employee might, on their day off, visit one of our general websites. Most of this statement addresses our processing and sharing of personal information collected from visitors to and users of our online and mobile resources. The immediately following paragraphs provide a quick summary overview about everyone else.  

Customers

Typically, the types of personal information collected from our customers are contact information, including name, email address and phone number, as well as demographics, payment data and other information related to traveling (including medical information and passport data). We use that information to create an account, process transactions and facilitate participation in our trips, send important information related to trips, respond to inquiries and fulfill any other business purposes consistent with this statement. 

When booking a trip, our customers enter into contracts with us. That contract is separate from this statement and has its own terms and conditions for notice of collection of personal information and governing our overall confidentiality, data privacy and data security obligations. As a result, those terms, and not this statement, apply to the personal information of customers.  

Our Workforce and Job Applicants

We collect and retain the types of professional or employment-related personal information all employers collect about its existing and former workforce and new job applicants. We provide legally required notices of collection and describe our use and sharing of the personal information of our workforce and applicants in greater detail in confidential internal human resource manuals and documents accessible to members of our workforce, or by publication on the proprietary workforce/applicant portals and apps we operate. In some cases, such portals and apps may be operated by third parties who transfer the personal information to us. In those situations, the legal responsibility to provide notice usually rests with the third party, not us.

Third-Party Vendors and Business Partners  

Like all large corporate enterprises, we buy goods and services, lease equipment and office space and attend industry events. In doing so, we interact with many existing and potential vendors and business partners from whom we necessarily collect certain personal information in connection with our contractual and business relationships. This information is typically limited to minimum business contact information. We use and share personal information collected from our vendors and business partners to manage, administer and perform under our contracts with them or share information about our products. We describe our use of vendor and business partner personal information in greater detail in our confidential contracts with those parties or on the internal vendor management portals we operate.  

Visitors and Users of Our Online and Mobile Resources

If you visit and/or use our online and mobile resources, we collect, retain and share certain personal information about you. The remainder of this privacy statement applies entirely to such visitors and users of our online and mobile resources. Thus, the words “you” and “your” mean only that category of data subjects.  

What Personal Information Do We Collect?  

Generally, we collect personal information through automated/technical means and when you voluntarily provide it to us. We describe that automatic collection here. We describe that type of voluntary submission immediately below.  By using our online and mobile resources, you are signifying to us that you agree with this section of our privacy statement and that we may use and disclose your information as described.

Voluntarily Submitted Information

If you choose to participate in or make use of certain activities and features available via our online and mobile resources, you will need to provide us with information about yourself. The types of personal information you will be submitting to us in those situations is almost always limited to basic identifiers such as your name, email address, mailing address and phone number. Here are some of the ways you voluntarily give us your personal information:

  • Emails and Texts: If you choose to send us an email from our “contact us” link or a similar link, you will be giving us your email address and any other personal information that may be in your message or attached to it. The same is true if you send us a text message.  
  • Creating Accounts; Signing up for Newsletters: If we make an account creation feature available to the general public (that is, to visitors/users who are not our customers or workforce members) you will be giving us at least your email address and potentially other identifiers. The same is true if you sign up to receive a newsletter or other informational or marketing material we publish.
  • Registering for Events: When you register for events, conferences or programs we ourselves may host (rather than outsource to a third-party event manager with its own privacy policies), you will be submitting the types of identifiers described above. If the event requires a fee, we may also ask you to submit credit card or other financial information.  
  • Purchasing from Our Online Store: If you buy merchandise or other items from our online store, you will be asked to provide payment information (such as credit card details, billing address and related transaction information). This information is used only to process your order and complete the transaction.  
  • Social Media and Community Features: Some of our online and mobile resources may offer social media-like community features letting users post messages, comments and/or upload images or other files and materials (“Interactive Areas”). If you choose to make use of these Interactive Areas, the information you post, including your screen name and any other personal information, will be in the public domain and not covered/protected by this statement and may be retained indefinitely. We are not responsible for the disclosure of your personal information you submit in connection with Interactive Areas, nor for how others may use that information. If you would like to request that we remove a posting, please contact us with sufficient detail to help us locate the content. Removal is at our discretion.
  • Customer Portals and Job Applicants: Some of our online and mobile resources are used to help us serve our customers and allow candidates to apply for available jobs. We discuss personal information submitted in those situations elsewhere in this statement such as here.

If you prefer we not receive the above-described personal information, please don’t submit it. This means you shouldn’t participate in the applicable activities on, or use the applicable features available from, our online and mobile resources. Such participation and use is strictly your choice. By not participating, you may limit your ability to take full advantage of the online and mobile resources, but most of the content in our online and mobile resources will still be available to you and we never discriminate on the basis of how much information you provide.

Automatically Collected Information

When you visit or use our online and mobile resources, basic information about your internet/electronic activity is automatically collected through your browser via tracking technologies, such as “cookies.” As just about everyone knows by now, cookies are small text files downloaded onto your computer or mobile device. Cookies allow us to collect your IP address and recognize your computer or mobile device and store some information about your preferences for using our online and mobile resources or past actions, such as:

  • Browser and operating system used
  • Date, time and length of visits
  • Pages visited, graphics viewed and any documents downloaded
  • Other sites accessed from our online and mobile resources or used to navigate to our online and mobile resources

Additional information about cookies and tracking technologies is available here.  

If you access our online and mobile resources from a phone or other mobile device, the mobile services provider may transmit to us certain information such as uniquely identifiable mobile device information. That, in turn, allows us to collect mobile phone numbers and associate them with the mobile device identification information. Some mobile phone service providers also operate systems that pinpoint the physical location of devices and we may receive this geolocation data as well.  

Finally, when you use our online and mobile resources, we may allow third-party service providers to place their own cookies or similar technologies in order to engage in the same types of collection we describe above. For example, we use third-party “web analytics” services such as those offered by Google Analytics. For more information on how Google specifically uses this data, go to www.google.com/policies/privacy/partners/. You can learn more about how to opt out of Google Analytics by going to https://tools.google.com/dlpage/gaoptout.  

User Beware: External Sites, Apps, Links and Social Media

We maintain a presence on one or more external social media platforms such as Instagram, Facebook, YouTube and LinkedIn. We may further allow the community features of our online and mobile resources to connect with, or be viewable from, that external social media presence. Similarly, our online and mobile resources may contain links to other websites or apps controlled by third parties.  

We are not responsible for either the content on, or the privacy practices of, social media platforms, or any third-party sites or apps to which we link. Those apps, sites and platforms are not controlled by us and therefore have their own privacy policies and terms of use. To be clear: neither this statement nor the terms of use appearing on or in any of our online and mobile resources apply to our social media presence or any third-party sites or apps to which we may link. That means even if you take an affinity action on our specific social media presence, and identifiers about you are automatically collected and given to us as a result, that collection and transfer is governed by the privacy policies and terms of the applicable social media platform and are not our responsibility.  

If you have questions about how those apps, sites and platforms collect and use personal information, you should carefully read their privacy policies and contact them using the information they provide. In addition, certain coalitions of advertisers allow consumers to opt out of receiving interest-based advertising from members of those coalitions. You can visit the Digital Advertising Alliance and Network Advertising Initiative to opt out of receiving interest-based advertising from members of these coalitions. You will need to exercise these opt outs on each browser on each device for which you wish to opt out of interest-based advertising.

How Do We Use the Personal Information We Collect?  

We use the personal information we collect only in the manner and through the means allowed by applicable law. That means we determine whether we have a lawful basis/legitimate business purpose to use your personal information before doing so. As stated in applicable law, such lawful bases/legitimate business purposes include receiving express consent, operating our business, performing a contract and complying with a legal obligation. More specifically, we use the personal information of each group of data subjects as follows:

We use the automatically collected personal information described here to compile generic reports about popular pages/features of our online and mobile resources, to see how users access our online and mobile resources, and in some cases (such as affinity actions), send materials to you. We use the personal information you voluntarily submitted, as described here, to respond back directly to you and/or send you the information you requested or about which you inquired. We also may use any such personal information you provide to customize our programs and newsletters to make them more relevant to you. We do not sell or rent personal information automatically collected or which you voluntarily provide when using our online and mobile resources.  

We use and retain your personal information in accordance with applicable law and as long as necessary to carry out the purposes described above in accordance with our internal data retention procedures. The criteria used to determine the retention periods include: (1) how long the personal information is needed in connection with the purposes for which we use it; (2) the type of personal information collected; and (3) whether we are subject to a legal, contractual or similar obligation to retain the personal information (e.g., mandatory data retention laws, government orders to preserve personal information relevant to an investigation, or personal information that must be retained for the purposes of litigation or disputes).  

When/With Whom Do We Share Personal Information?  

We may share your personal information as described below. This sharing applies to the personal information of all four groups of data subjects.

Affiliates

We may share personal information with other corporate affiliates who will use such information in the same way as we can under this statement.  

Legal Requirements  

We may disclose personal information to government authorities, and to other third parties when compelled to do so by such government authorities, or at our discretion or otherwise as required or permitted by law, including responding to court orders and subpoenas.  

To Prevent Harm  

We also may disclose such information when we have reason to believe that someone is causing injury to or interference with our rights or property, or harming or potentially harming other persons or property.

Business Sale/Purchase  

If we, or any of our affiliates, sell or transfer all or substantially all of our assets, equity interests or securities, or are acquired by one or more third parties as a result of an acquisition, merger, sale, reorganization, divestiture, consolidation or liquidation, personal information may be one of the transferred assets.

Vendors and Business Partners

We also share personal information with our vendors and business partners who need it to perform under the contracts we have with them. As part of our Security Program, we have adopted standards for vendors and business partners who receive personal information from us. We attempt to bind such vendors and business partners to those standards via written contracts. Such standards include expectations that when we share personal information with our vendors and business partners, they will comply with all applicable privacy and data security laws and regulations and our Security Program and will contractually require and cause their subcontractors and agents to do the same.  

For any personal information our vendors and business partners process or store at their own locations, we further expect them to use technology infrastructure meeting, at least at the facilities level, minimum recognized standards for security controls. Such recognized standards include those published by the International Standards Organization, the National Institute of Standards and Technology or any reasonably equivalent standards.  

Please note, however, that we cannot guarantee that all of our vendors and business partners will agree to the above-described contractual requirements; nor can we ensure that, even when they do agree, they will always fully comply.  

In some jurisdictions, our transfer of information to third-party providers for marketing and advertising purposes could be defined as “selling” personal information or “sharing” personal information for “cross-context behavioral advertising.” We may transfer the following categories of information to third parties for marketing and advertising purposes: (1) persistent identifiers, such as unique device identifiers, email addresses, account information, IP addresses, information related to your browser and operating system or any information that you provided through the site; and (2) user activity data, such data generated through your activities on our online and mobile resources.  

Disclosing your Personal Information. We may disclose the categories of personal information described in this Statement for the business and commercial purposes described in this Privacy Policy to the categories of third parties as described in this Privacy Policy, which may include: (1) ) our business and marketing partners, including advertising networks; (3) data analytics providers. We use and partner with different types of entities to assist with our daily operations and to manage our online and mobile resources.

How Do We Protect Collected Personal Information?  

Our Data Security Program

We have adopted, implemented and maintain an enterprise-wide corporate information security and privacy program that includes technical, organizational, administrative and other security measures designed to protect, as required by applicable law, against reasonably anticipated or actual threats to the security of your personal information (the “Security Program”). Our Security Program was created by referencing widely recognized industry standards such as those published by the International Standards Organization and the National Institute of Standards and Technology. It includes, among many other things, procedures for assessing the need for, and as appropriate, either employing encryption and multi-factor authentication or using equivalent compensating controls. We therefore have every reason to believe our Security Program is reasonable and appropriate for our business and the nature of foreseeable risks to the personal information we collect. We further periodically review and update our Security Program, including as required by applicable law.  

Our Incident Response and Management Plan  

Despite the significant investment we’ve made in, and our commitment to, the Security Program including enforcement of our third party oversight procedures, we cannot guarantee that your personal information, whether during transmission or while stored on our systems, otherwise in our care, or the care of our vendors and business partners, will be free from either failed or successful attempts at unauthorized access or that loss or accidental destruction will never occur. Except for our duty under applicable law to maintain the Security Program, we necessarily disclaim, to the maximum extent the law allows, any other liability for any such theft or loss of, unauthorized access or damage to, or interception of any data or communications including personal information.  

All that said, as part of our Security Program, we have specific incident response and management procedures that are activated whenever we become aware that your personal information was likely to have been compromised. Those procedures include mechanisms to provide, when circumstances and/or our legal obligations warrant, notice to all affected data subjects within the timeframes required by law, as well as to give them such other mitigation and protection services (such as the credit monitoring and ID theft insurance) as may be required by applicable law. We further require, as part of our vendor and business partner oversight procedures, that such parties notify us immediately if they have any reason to believe that an incident adversely affecting personal information we provided to them has occurred.  

Your Rights and Options

If we are using your personal information to send you marketing materials, such as newsletters or product alerts via text or email, you may opt out by following the opt-out instructions in the email or other communication (e.g., by responding to the text with “STOP”). In addition, certain of our online and mobile resources will provide a centralized opt-out link allowing you to opt out of any programs in which you may have enrolled using that particular online and mobile resource. When we receive your request, we will take reasonable steps to remove your name from our distribution lists, but it may take time to do so. You may still receive materials for a period of time after you opt out. In addition to opting out, you have the ability to access, amend and delete your personal information by contacting us using the contact information below. Opting out of or changing affinity actions or other submissions or requests made on our external social media presence, will likely require that you do so directly on that applicable platform as we do not control their procedures.  

Do Not Track and Global Privacy Control  

Certain browsers and plug-ins allow users to send signals such as Do Not Track (“DNT”) or Global Privacy Control (“GPC”). While we do not respond to DNT signals, we do honor GPC signals as a valid request to opt out of the sale or sharing of your personal information where required by applicable law.  

When we receive a GPC signal, we will process it as a request to opt out of any sale or sharing of your personal information that occurs via cookies or similar tracking technologies on our website. Please note that this opt-out mechanism applies only to the specific browser or device on which the signal is sent, and you may need to adjust your settings on each browser or device you use.  

Children's Privacy

Federal law imposes special restrictions and obligations on commercial website operators who direct their operations toward, and collect and use information from children under the age of 13. We take those age-related requirements very seriously, and, consistent with them, do not intend for our online and mobile resources to be used by anyone under the age of 18, and certainly not by children under the age of 13. Moreover, we do not knowingly collect personal information from website visitors under the age of 18. If we become aware that anyone under the age of 18 has submitted personal information to us via our online and mobile resources, we will delete that information and not use it for any purpose whatsoever. We encourage parents and legal guardians to talk with their children about the potential risks of providing personal information over the internet.

Comprehensive Privacy Laws

Privacy and data protection laws vary around the world and among the individual United States. Our obligations arising under the majority of the world’s privacy laws, including US federal and most state laws, are satisfied by individual risk assessments that we conduct to ensure we act reasonably and responsibly when processing your personal data. In some jurisdictions, however, privacy laws grant you, the data subject, certain specific rights regarding your personal data. We refer to these types of privacy laws as “Comprehensive Privacy Laws.” Examples of Comprehensive Privacy Laws include the respective versions of the General Data Protection Regulation adopted in the European Economic Area and the United Kingdom (“GDPR”)and the consumer privacy statutes of several US states, such as the California Consumer Privacy Act as amended by the California Privacy Rights Act (collectively, “CCPA”) and similar laws in Connecticut, Colorado, Utah and Virginia.  

Whether and how a particular Comprehensive Privacy Law applies to us involves a complex assessment of factors such as the degree to which we direct our business at the residents of a particular jurisdiction, the volumes of data we collect from that jurisdiction and other similar elements.  At this time, we believe that the nature, scope and locations of our business activities make us subject only to the CCPA and GDPR. As such, when we collect personal data from California residents, we become subject to, and those residents have rights under, CCPA. This section of our statement is used explain your rights under those laws. For purposes of this section, the words “you” and “your” mean only California consumers (as defined by CCPA), data subjects who were located in the European Economic Area or United Kingdom at the time their data was collected and those data subjects protected by any other Comprehensive Data Privacy Laws we may later determine apply to us. Questions about how the Comprehensive Privacy Laws of jurisdictions other than the foregoing might apply to us can be directed to us through the contact information.

Your Rights under Applicable Comprehensive Privacy Laws

You have the following rights under the CCPA and GDPR. It’s important to us that you know that if you exercise these rights, we will not discriminate against you by treating you differently from other residents who use our sites and mobile resources or purchase our services but did not exercise their rights. Where applicable based on privacy laws in your jurisdiction, you may have certain rights you can request that we fulfill. These rights may include:

  • Right to Know: You have the right to request that we disclose the information that we have collected about you and identify the purposes for which the information was used, whether and to whom it was shared, and what sources it was obtained from.  
  • Right to Delete: You have the right to request that we delete information that we maintain about you, subject to certain exceptions.
  • Right to Correct: You have the right to correct any information that we store about you.
  • Right to Opt Out of Your Personal Information Being Sold or Shared: You may opt-out of us sharing or selling your information by contacting us at privacy@backroads.com or by visiting us at Backroads.com/privacy-request.
  • Right to Opt Out of Targeted Advertising: You have the right to request that we opt you out of targeted advertising. Find the "Manage Cookies" link in the website footer.
  • Right to Opt Out of Profiling or Automated Decision-Making: You have the right to not be subject to profiling or automated decision making in furtherance of decisions that produce legal or similarly significant effects.  
  • Right to Withdraw Consent from Processing: If we have collected and processed your information based on your consent, then you can withdraw your consent at any time.  
  • Right to Data Portability: You have the right to request that we provide you with a copy of your information on file with us.  
  • Right Not to Receive Discriminatory Treatment: Exercising your rights under this Privacy Statement will not result in any discrimination by us. We will treat you the same as any other user.
  • Right to Complain: You have the right to complain to your state’s Attorney General. For more information, please contact your state’s Attorney General.  
  • Right to Appeal: If you make a request to exercise any of the applicable data access rights and we are unable to comply with your request, you may request to appeal our decision. To appeal any data privacy request decision, please contact us by emailing us at privacy@backroads.com with the subject line “Data Access Request Appeal.” If after you complete the appeal process with us, you are still not satisfied with our response, you may contact your state’s Attorney General to file a complaint.  
  • Right to Object to Processing: Under GDPR, you have the right to object to the processing of your personal information under the following circumstances:
    • Legitimate Interests: If the basis for which the processing occurs is in our legitimate interests or in the performance of a task carried out in the public interest. If you object, we will stop processing your personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or we require the personal information to establish, exercise or defend a legal claim.

How to Exercise Your Rights under CCPA

You, or an authorized agent acting on your behalf, can exercise the above Right to Know up to two different times every 12 months. To exercise any of these rights, contact us at privacy@backroads.com, backroads.com/privacy-request or 800-462-2848. We may ask you to fill out a request form. The CCPA only allows us to act on your request if we can verify your identity and/or your agent’s authority to make the request, so you will also need to follow our instructions for identity verification.  If you make a verifiable request per the above, we will confirm our receipt and respond in the time frames prescribed by the CCPA.  

How to Exercise Your Rights under GDPR

In order to exercise any of the rights detailed in this Privacy Statement, please contact us at privacy@backroads.com. We may require additional information from you to help us verify your identity and state or country of residence, and to otherwise process your request. The verification steps may vary depending on the sensitivity of the information and whether you have an account with us. If we are unable to verify your identity, we may deny your requests to know or delete. You can designate an authorized agent to submit requests on your behalf. However, we will require written proof of the agent’s permission to do so and must verify your identity directly.  

Lodging a Complaint

You have the right to complain to your data protection authority about our collection and use of your personal information. Please contact your local data protection authority for more information.  

Retaining Your Personal Information

We will store and retain your personal information in accordance with applicable law and as long as necessary to carry out the purposes described in this Section in accordance with our internal data retention procedures. The criteria used to determine the retention periods include:

  • How long the personal information is needed in connection with the applicable purposes for which we use it;  
  • The type of personal information collected; and  
  • Whether we are subject to a legal, contractual or similar obligation to retain the personal information (e.g., mandatory data retention laws, government orders to preserve personal information relevant to an investigation, or personal information that must be retained for the purposes of litigation or disputes).  

International Transfers

We may disclose your personal information for the purposes described herein to recipients (including affiliates) located in countries outside of the European Economic Area (“EEA”), Switzerland and the UK, including in the US, which may not have data protection laws equivalent to those in the EEA, Switzerland and/or the UK. We have entered into EU standard contractual clauses (“Model Contracts”) for transfers of personal information. Where we transfer personal information to recipients outside of the EEA, Switzerland and/or the UK, we will enter into a Model Contract with the recipient or seek assurances from the recipient that another appropriate safeguard is in place to protect the personal data transferred. You can request further details in relation to international transfers, including a copy of the Model Contracts, by contacting us at privacy@backroads.com.

Our EU Representative

The contact information for our EU representative is:

Stacy Loucks 
Stadsplateau 2, 3521 AZ, Utrecht
+31 (30) 7995051
sloucks@backroads.com

Data Protection Officer

If you would like to contact our Data Protection Officer, you can do so by sending an email to privacy@backroads.com.

Changes to this Privacy Statement

We reserve the right to change or update this statement from time to time. Please check our online and mobile resources periodically for such changes since all information collected is subject to the statement in place at the time of collection. Typically, we will indicate the effective/amendment date at the beginning of this statement. If we feel it is appropriate, or if the law requires, we’ll also provide a summary of changes we’ve made near the end of the new statement.  

Contacting Us

If you have questions about our privacy statement or privacy practices, please contact our Privacy Office: