Last Revised on June 26, 2025
This privacy policy (“Privacy Policy”) for Sion Inc. ( “Company”, “we”, “us” “our”) describes how we collect, use and disclose information about users of the Company’s website (https://sioncentral.com/), applications, services, tools and features, (collectively, the “Services”). For the purposes of this Privacy Policy, “you” and “your” means you as the user of the Services.
The Company offers a web-based travel agent commission management service offered to our business customers (the “Platform”). This Privacy Policy is not intended to describe information the Company handles on behalf of those business customers as part of making the Platform available to them, e.g., information about individual users of the Platform, which should be made available by the relevant business customer directly to those individuals.
Our Services are aimed at our business customers and their employees, independent contractors, and customers. Where our Platform is made available to you through your employer or other third party (in their capacity as our business customer), that third party is primarily responsible for information about you and you should contact that third party with questions or requests regarding their collection and use of your personal data. We are not responsible for the third parties’ privacy or security practices which may be different from this Privacy Policy.
Please read this Privacy Policy carefully. By using, accessing, or downloading any of the services, you agree to the collection, use, and disclosure of your information as described in this Privacy Policy. If you do not agree to this Privacy Policy, please do not use, access, or download any of the services.
UPDATING THIS PRIVACY POLICY
We may modify this Privacy Policy from time to time in which case we will update the “Last Revised” date at the top of this Privacy Policy. If we make material changes to the way in which we use information we collect, we will use reasonable efforts to notify you (such as by emailing you at the last email address you provided us, by posting notice of such changes on the Services, or by other means consistent with applicable law) and will take additional steps as required by applicable law. If you do not agree with any updates to this Privacy Policy please do not access or continue to use the services.
COMPANY’S COLLECTION AND USE OF INFORMATION
When you access or use the Services, we may collect certain categories of information about you from a variety of sources. You may choose to not provide some of this information, but doing so may prevent you from using or accessing these features.
Some features of the Services may require you to directly enter certain information about yourself. Information that you directly submit through our Services may include:
Basic contact details, such as your name, email and Company. We collect basic contact details to communicate with you and provide you with products and services.Any other information you choose to include in communications with us, for example, when sending a message through the Contact Us or Get in Touch web forms or the chat feature on our website.If you are a customer of one of our business customers and use our Platform, we may also collect additional information for purposes of providing our services offered through the Platform, such as your date of birth, loyalty program number, dietary preferences and reservation details.We also automatically collect certain information about your interaction with the Services (“Usage Data”). To do this, we may use cookies or other tracking technologies (“Tracking Technologies”). Usage Data may include:
Unique device identifierDevice type, such as your phone, computer, or tabletIP addressLog dataOther information regarding your interaction with the Services, such as clickstream data and ad impressionsWe use the information we collect automatically to provide the Services, tailor features and content to you and, in an aggregated form, to run analytics to better understand user interaction with the Services.
We may obtain information about you from outside sources. Such information may include:
If you are an employee or customer of one of our business customers, information we collect about you from this third party, including information stored on other applications managed by this third party.Information from third parties that you choose to share with us, for example, if you choose to interact with our Services via social media platforms, such as LinkedIn, Facebook or Instagram. This information is used to communicate with you.
Any information we process from outside sources will be treated in accordance with this Privacy Policy. We are not responsible or liable for the accuracy of the information provided to us by third parties (including your employer) and are not responsible for any third party’s policies or practices. See Section 5 below for more information.
In addition to the foregoing, we may use any of the above information to comply with any applicable legal obligations, to enforce any applicable terms of service, and to protect or defend the Services, our rights, and the rights of our users or others.
BENEFICIARY INFORMATION
In connection with our commission processing and payout services, we may collect and process information about individuals or entities designated as beneficiaries of payments—such as travel agents, sub-agents, or other recipients (“Beneficiaries”). This information may be submitted directly by the Beneficiary or provided to us by our business customers.
Types of Beneficiary information we may collect include:
- Full name and contact details
- Bank account or payment details
- Tax documentation (e.g., W-9, W-8BEN)
- Country of residence or incorporation
- Any other information required to fulfill payouts or comply with legal obligations
We use this data to:
- Process and disburse payments on behalf of our customers
- Generate and issue invoices on behalf of the Beneficiary, where applicable
- Comply with legal, tax, or regulatory requirements
- Prevent fraud and ensure proper payment reconciliation
Legal basis for processing (UK and EU residents):
We process this data under the following lawful bases:
- Performance of a contract (when the Beneficiary has a direct agreement or request)
- Legitimate interests (in providing commission reconciliation and payout services on behalf of our customers)
- Legal obligation (e.g., financial and tax reporting compliance)
We rely on our customers to confirm that they have the necessary authority and lawful basis to provide this information to us. If you are a Beneficiary and would like to request access to or deletion of your data, please contact us at support@sioncentral.com.
HOW THE COMPANY SHARES YOUR INFORMATION
In certain circumstances, the Company may share your information with third parties for legitimate purposes subject to this Privacy Policy.
Such circumstances may include:
- With vendors or other service providers, such as
-- Payment processors, such as Stripe
-- Data analytics vendors, such as Google Analytics
-- Cloud storage providers, such as MongoDB Atlas
-- Website Chat providers, such as Intercom
- With our affiliates or other entities within our corporate group
- To comply with applicable law or any obligations thereunder, including cooperation with law enforcement, judicial orders, and regulatory inquiries
- In connection with an asset sale, merger, bankruptcy, or other business transaction
- To enforce any applicable terms of service
- To ensure the safety and security of the Company and/or its users
- When you request us to share certain information with third parties, such as when you request an integration with another third party that you have a relationship with
- With professional advisors, such as auditors, law firms, or accounting firms
COOKIES AND OTHER TRACKING TECHNOLOGIES
Do Not Track Signals
Your browser settings may allow you to transmit a “Do Not Track” signal when you visit various websites. Like many websites, our website is not designed to respond to “Do Not Track” signals received from browsers. To learn more about “Do Not Track” signals, you can visit http://www.allaboutdnt.com/.
Cookies and Other Tracking Technologies
Most browsers accept cookies automatically, but you may be able to control the way in which your devices permit the use of Tracking Technologies. If you so choose, you may block or delete our cookies from your browser; however, blocking or deleting cookies may cause some of the Services, including any portal features and general functionality, to work incorrectly.
If you have questions regarding the specific information about you that we process or retain, as well as your choices regarding our collection and use practices, please contact us using the information listed below.
To opt out of tracking by Google Analytics, click here.
THIRD PARTY WEBSITES AND LINKS
We may provide links to websites or other online platforms operated by third parties. If you follow links to sites not affiliated or controlled by us, you should review their privacy and security policies and other terms and conditions. We do not guarantee and are not responsible for the privacy or security of these sites, including the accuracy, completeness, or reliability of information found on these sites. Information you provide on public or semi-public venues, including information you share on third-party social networking platforms (such as Facebook or Twitter) may also be viewable by other users of the Services and/or users of those third-party online platforms without limitation as to its use by us or by a third party. Our inclusion of such links does not, by itself, imply any endorsement of the content on such platforms or of their owners or operators, except as disclosed on the Services.
DATA SECURITY
Please be aware that, despite our reasonable efforts to protect your information, no security measures are perfect or impenetrable, and we cannot guarantee “perfect security.” Please further note that any information you send to us electronically, while using the Services or otherwise interacting with us, may not be secure while in transit. We recommend that you do not use unsecure channels to communicate sensitive or confidential information to us.
CALIFORNIA PRIVACY RIGHTS
Sharing for Direct Marketing Purposes
We do not share personal information as defined by California Civil Code Section 1798.83 (“Shine The Light Law”) with third parties for their direct marketing purposes.
DSAR (Data Subject Access Requests)
As part of our commitment to protecting your privacy and in compliance with the General Data Protection Regulation (GDPR) and UK GDPR, you have the right to access your personal data held by Sion. If you wish to exercise your right to access the personal data we hold about you, you may submit a Data Subject Access Request (DSAR).
How to Submit a DSAR
You can submit a DSAR through our customer support channels (email or via our support chat). To verify your identity and ensure the security of your personal information, we may request additional information such as government-issued identification or other means of identity validation.
DSAR Fulfillment Process
- Verification: Upon receiving your DSAR, we will verify your identity using the information associated with your account (e.g., account metadata, email match). If necessary, we may ask for a government-issued ID or equivalent documentation.
- Processing: As a data processor, Sion will forward your request to the relevant data controller (typically the hotel or supplier) if the request pertains to data not under our direct control.
- Completion: If we are instructed by the data controller to proceed, we will compile the relevant data (e.g., booking information, logs) and securely deliver it to the controller. If you submitted the request directly to us, we will provide you with the data within the required 30-day timeframe or inform you of any delays.
- Notification: We will notify you of the status of your request and any necessary actions to be taken.
PDER (Right to Erasure)
You have the right to request the erasure of your personal data under GDPR and UK GDPR, also known as the Right to Erasure (PDER). If you wish to exercise this right, you may submit a PDER request.
How to Submit a PDER Request
You can submit a PDER request through our customer support channels (email or via our support chat). As with DSAR requests, we will verify your identity to ensure that the request is legitimate before proceeding.
PDER Fulfillment Process
- Verification: Upon receiving your PDER request, we will verify your identity to ensure the request is from the rightful individual.
- Eligibility Check: We will assess whether the data in question can be deleted under our policies and any relevant legal or contractual obligations. If data must be retained for legal or contractual reasons, we will inform you of the reason for the retention.
- Data Deletion: If eligible for deletion, we will remove the data from our systems and subprocessors, where feasible. The deletion will be completed within 30 calendar days from the request.
- Confirmation: After deletion, we will send you a confirmation email to notify you that your data has been erased.
- Logging: All PDER requests will be logged internally to ensure compliance with our data retention and processing policies. These logs will be retained for at least 12 months
HOW TO CONTACT US
Should you have any questions about our privacy practices or this Privacy Policy, please email us at support@sioncentral.com or contact us at 108 Main Street, Suite 1, Oceanport, NJ 07757 and / or 732-542-1575.
