As a global company, we operate in jurisdictions with different data privacy laws. We, in particular, comply with Regulation No. 2016/679, commonly known as the General Data Protection Regulation (“GDPR”).
- Personal information we collect
We collect personal information about you to provide you with our services, including facilitating your reservations and travel arrangements.
In doing so, we may collect the following types of personal information:
- Contact information, including your name, postal or residential address, email address, telephone number, and other contact information.
- Passport information, including your passport number, passport expiration date, and date of birth.
- Billing or payment information, such as your credit card number, cardholder name, expiration date, authentication code, and billing address.
- Loyalty program details (such as frequent flyer details).
- Information about your health (if disclosed).
- Your device ID, device type, geographic location information, computer and connection information, statistics on page visits, traffic to and from the website, advertising data, IP address, and standard web registration information.
- Details of the products and services that we have provided or consulted about, including any additional information necessary to deliver those products and services and respond to your inquiries.
- Any additional information related to you that you provide to us through the use of our website, in person, or through other websites or accounts from which you allow us to collect information.
- Information provided to us through customer reviews or surveys.
- Any other personal information that may be necessary to facilitate your dealings with us.
- When we collect personal information
We may collect personal information directly from you or from third parties, such as when someone else makes a travel reservation on your behalf (for example, a family member or friend). We may collect the following information when you or a third party acting on your behalf:
- Register on our website.
- Place an order on our website.
- Communicate with us through correspondence, chats, email, or when you share information with us from other social applications, services, or websites; or otherwise, you interact with our website, services, content, and advertising.
- How we use your information
We may use the information we collect from you to provide our services to you and improve your experience with us, including to:
- Personalize your experience and allow us to deliver the type of content and product offerings that interest you most
- Improve our website to provide you with a better service
- Provide you with better service to respond to your customer service requests.
- Administer a contest, promotion, survey, or other website feature.
- So you can quickly process your transactions
- To ask you for ratings and reviews of services or products
- To follow up after purchase (live chat, email)
- Disclosure of personal information
- Our agencies related to the travel and corporate service providers you have booked with (such as airlines, accommodation providers, tour operators, and other travel service providers
- Our employees and agents
- Third-party providers and service providers (including providers for the operation of our website and/or our business or in connection with the supply of our products and services)
- Payment system operators (for example, merchants who receive card payments)
- Our existing or potential agents, business partners, or partners
- Our sponsors or promoters of any competition that we carry out through our services
- Anyone to whom our assets or businesses (or any part of them) are transferred, or to whom they will potentially be transferred
- Other entities, including government agencies, regulatory bodies, and law enforcement agencies, or as required, authorized or permitted by law.
- Cross-border disclosure of personal information
We may disclose your personal information to international third parties, including countries outside the European Economic Area (EEA) (collectively, “Cross-Border Disclosure”), generally to arrange travel with a travel service provider on your behalf. Whenever we make cross-border disclosures, we will do so in accordance with applicable law and we will ensure that you are afforded a similar degree of protection by implementing appropriate safeguards.
Cross-border disclosures outside the EEA will only be made:
- To a country recognized by the European Commission as a provider of an adequate level of protection
- To a country that does not offer adequate protection, but whose transfer has been governed by the standard contractual clauses of the European Commission, or by implementing other appropriate cross-border transfer solutions to provide adequate protection.
- How we protect your personal information
Your personal information is contained behind secure networks and is only accessible to a limited number of people who have special access rights to those systems, and must keep the information confidential. Your personal information is generally stored in accordance with applicable law and for the corresponding statutory limitation period. We do not use scanning and/or vulnerability scanning.
We implement a variety of physical, administrative, and technical measures to maintain the security of your personal information. While we take reasonable steps to protect your personal information from misuse, interference, loss, and unauthorized access, we cannot guarantee the security of your personal information due to the inherent risks associated with the transmission of personal information over the Internet and where there has been a hardware or software failure, or when other circumstances arise beyond our control.
- CAN-SPAM Law
The CAN-SPAM Act is a law that establishes the rules for commercial email, establishes the requirements for commercial messages, gives recipients the right not to have emails sent to them, and establishes harsh penalties for violations.
We collect your email address to:
- Send information, answer inquiries and/or other requests or questions
- Process orders and send information and updates related to orders;
- Send you additional information related to your product and/or service
- Market to our mailing list or continue to send emails to our customers after the original transaction has been made.
- In accordance with the CAN-SPAM Act, we are committed to doing the following:
- Do not use false or misleading email addresses or subjects
- Identify the message as an advertisement in some reasonable way
- Include the physical address of our company or site headquarters
- Monitor compliance with third-party email marketing services, if any are used
- Allow users to unsubscribe through the link at the bottom of each email
- Honor unsubscribe / opt-out requests promptly.
- Your personal information rights
Under applicable law, including the GDPR, you have certain rights in relation to your personal information. These include:
- Request access to the personal information that you have provided to us through the use of our services, including the provision of a copy of that personal information
- Request that we add, update, or correct any personal information associated with your account
- Request the deletion of your personal information
- Restrict the processing of your personal information
- Object to the processing of your personal information
- Request that we transmit your personal information to a third party.
The personal information provided by you must not be false or misleading. We assume that the information you provide us is accurate and will be updated when relevant personal information changes. You can choose not to provide us with certain information. Please note that by doing so, your ability to use some parts of our services may be hampered. If you choose to deactivate your account, some of the information associated with your account may be kept for internal purposes, including for backing up data, assisting with investigations, and complying with applicable law.
We reserve the right to deny you access for any reason permitted by applicable law. If we deny access or amendment, we will provide you with written reasons for such denial, unless it is unreasonable to do so and, where required by local data protection laws, we will record your request and the denial of the request in our records.
We will respond to any privacy-related request within a reasonable time. Please note that we may need to verify your identity when you request access to your personal information.
If you want to make a request related to privacy, please contact us.