What personal information do we collect and why?
The personal information that we may collect about you broadly falls into the following categories:
Information that you provide directly to us
We may ask you to provide personal information directly to us. For example, we may ask you to provide your contact details such as full name, telephone number and email address in order to:
– provide the services and information you request;
– subscribe you to our marketing communications or newsletters; and/or
– submit enquiries to us.
You may also be required to provide additional information if you participate in a survey or questionnaire.
Your personal information may also be linked to Cookies to enable the proper operation of our Online Services and collect information on how you used our Online Services.
Cookies and other technologies
– To help us recognise your browser as a previous visitor and save and remember any preferences that may have been set while your browser was visiting our site.
– To help measure and research the effectiveness of website features and offerings, advertisements, and email communications (by determining which emails you open and act upon).
The Help portion of the toolbar on most browsers will tell you how to prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether.
This site may also use web beacons (also known as clear gifs, pixel tags or Web bugs), which are tiny graphics with a unique identifier, similar in function to cookies, that are placed in the code of a web page. We use web beacons to monitor the traffic patterns of users from one page within our sites to another, to deliver or communicate with cookies, to understand whether you have come to our site from an online advertisement displayed on a third-party website, and to improve site performance. We also may allow our service providers to use web beacons to track the visitor traffic and actions on our site. This helps us measure the effectiveness of our content and other offerings.
Who do we share your personal information with?
We may disclose your personal information to the following categories of recipients:
- Third party services providers who provide data processing services to us (for example, to support the delivery of; provide functionality on; or help to enhance the security of our Online Services), or who otherwise process personal information for purposes such as credit card processing, business analytics, customer service, marketing, distribution of surveys or sweepstakes programs, to facilitate the delivery of online advertising tailored to your interests and fraud prevention. Where third-party service providers have access to data they will only collect information as needed to perform their functions. They are not permitted to share or use the information for any other purpose.
- Any competent law enforcement body, regulatory, government agency, court or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your interests or those of any other person;
- When we believe it is appropriate to investigate, prevent, or take action regarding illegal or suspected illegal activities; to protect and defend the rights, property, or safety of our company or this website, our customers, or others; and in connection with our Terms of Service and other agreements;
- Any other person with your consent to the disclosure.
- We also may share aggregate or anonymous information with third parties, including advertisers and investors. This information does not contain any personal information and is used to develop content and services we hope you will find of interest.
How do we use your information?
We use the information we collect to:
- fulfil the transactions that you make or request;
- provide you with information you request;
- verify your identity for fraud prevention purposes;
- communicate with you in general;
- provide customer services related to your requests;
- administer and operate our Services;
- measure interest in and improve our products, services, and website functionality;
- otherwise customise your experience with this website;
- obtain information from you, including through feedback you give or surveys you complete;
- carry out statistical analysis about the use of our website and the services we offer to improve each aspect of what we do;
- protect our rights as a company including our intellectual property, for example;
- resolve disputes or troubleshoot problems;
- prevent potentially prohibited or illegal activities;
- as otherwise described to you at the point of collection.
How do we protect your personal information?
We want you to feel confident about using our Online Services to make travel arrangements, and we are committed to protecting the information we collect. While no Online Services can guarantee absolute security, we have implemented appropriate technical and organisational measures to protect the personal information that we collect and process about you. For example, we use encryption when transmitting your sensitive personal information between your system and ours, and we employ firewalls and intrusion detection systems to help prevent unauthorised persons from gaining access to your information. In addition, only authorised employees are permitted to access personal information, and they may only do so for permitted business functions.
International data transfers
Your personal information may be transferred to, and processed in, countries other than the country in which you are resident and outside of the EEA. These countries may have data protection laws that are different to the laws of your country (and, in some cases, may not be as protective).
Specifically, the servers of our Online Services are located in the US, and our group companies and third party service providers operate around the world. This means that when we collect your personal information we may process it in any of these countries.
We ensure that any of our third party service providers to whom a data transfer is made has appropriate safeguards in place to protection your personal information. The adequacy mechanism may be (i) adequate country status, i.e., based in a country that the European Commission has deemed “adequate” since its data protection standards are similar to the European Union; (ii) Standard Contractual Clauses; or (iii) the EU-US and Swiss-US Privacy Shield.
Certain Expedia Group U.S. affiliates have certified to the EU-U.S. and Swiss-U.S. Privacy Shield frameworks and that we adhere to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfers, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement, and Liability for personal information from the EU, Switzerland, and the United Kingdom. Such Expedia Group U.S. affiliates will continue to adhere to the Privacy Shield frameworks and Principles even though the CJEU determined in July 2020 that the EU-U.S. Privacy Shield framework is no longer an adequate transfer mechanism for the transfer of EU personal information to the U.S. In addition, Expedia Group maintains intra-group Standard Contractual Clauses where applicable to cover the transfer of EU personal information to the U.S. Our certifications can be found here. For more information about the Privacy Shield principles, please visit: www.privacyshield.gov. For more on our adherence to the Privacy Shield Frameworks, please see the information posted here.
Under certain circumstances, we may be required to disclose your personal information in response to valid requests by public authorities, including to meet national security or law enforcement requirements.
You may have the right to access personal information that we hold about you and request that we correct, amend or delete it if it is inaccurate or processed in violation of the Privacy Shields.
If you have any inquiries or complaints about our handling of your personal information under the Privacy Shields, you should first contact us at firstname.lastname@example.org and we will respond to your inquiry promptly. If we are unable to satisfactorily resolve your complaint, or we fail to acknowledge your complaint in a timely fashion, we have further committed to cooperate and comply with the panel of European data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner in the resolution of any Privacy Shield complaints. Individuals may also have the opportunity under certain conditions to invoke binding arbitration for complaints regarding the Privacy Shield not resolved by the above mechanisms. See here for additional information about binding arbitration.
For purposes of enforcing compliance with the Privacy Shield frameworks, we are subject to the investigatory and enforcement powers of the US Federal Trade Commission.
We retain the personal information we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax or accounting requirements).
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise the data or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
We will anonymise or aggregate your data if we intend to use it for analytical purposes or trend analysis over longer periods.
Your information rights
You can access, update and review your personal information. If you make such a request, we are entitled to request appropriate identification before servicing such a request.
- You may receive communications from us related to our Services, including service announcements, administrative messages and surveys relating either to your experience or transactions on this Site, without offering you the opportunity to opt out of receiving them.
- You have the right to opt-out of marketing communications we send you at any time.You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails we send you. We reserve the right to email you with respect to important notices, even if you have requested not to receive emails from us.
- Please also note that we may retain certain information associated with you, including for analytical purposes as well as for record-keeping integrity.
Your data protection rights (for EEA residents)
If you are a resident of the European Economic Area, you additionally have the following data protection rights:
- If you request access to your personal information, we will confirm whether we hold your information and provide you with a copy, explaining how we process it and why, how long we store it for and your rights associated with it.
- If you request deletion of your personal information, we will erase it. Please do note that we will need to retain any information that we require to fulfil our legal obligations or to establish, exercise or defend a legal claim.
- Similarly, if we have collected and processed your personal information with your consent, then you can withdraw your consent at any time.Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
- You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority. Contact details for data protection authorities in the European Economic Area, Switzerland and certain non-European countries (including the US and Canada) are available here).
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.
This is a general audience site and does not offer services directed to children. Should a child whom we know to be under 13 send personal information to us, we will use that information only to respond directly to that child to inform him or her that we must have parental consent before receiving his or her personal information.
Changes to This Notice and How to Contact Us
How you can contact us