INFORMATION WE COLLECT AND USE
“Personal information” is data that identifies, relates to, describes, can be used to contact, or could reasonably be linked directly or indirectly to you. For purposes of this Policy, there is no meaningful distinction between the terms “personal information” and “personal data.”
Personal Information We Collect Directly From You. As you visit or use our Services, we collect the following categories of personal information directly from you:
- Personal details (such as your name, age, birthday, gender)
- Contact information (such as email address, address, phone number)
- Booking information (such as, for each traveler, the traveler’s name, frequent flyer details, passport number, redress control number, country of citizenship, booking reference number, and itinerary, which may include name of airline or carrier, hotel accommodation and/or vessel, port of destination, port of arrival, date and time of departure and/or check-in, date and time of arrival and/or check-out, meal preferences, luggage information, and layover information)
- Account information (such as login credentials, including email address and password, and account settings)
- Social media data (if you choose to link your Hotello account with a social media account, Hotello may collect personal information such as name, age, gender, photograph, and other personal information relating to your social media account)
- Billing information (we do not store any card details / card related data or any other type of confidential payment details. All data will be processed at our payment gateway service provider.)
- Your contacts (such as contact information of people you add to, or notify of, your reservations or itineraries through our Services)
- Your preferences (such as your home airport, seating preferences, meal preferences, communication preferences, and other preference information you provide us)
- Reviews you submit (including any screenname you publish under or any personal information you include about yourself or others in such review)
- Content you publish (including your travel recommendations and any personal information you include about yourself or others, or in content you publish in your Guide or other mediums provided by us)
- Photos of you (such as when you add a photo of yourself to your profile, upload photos to a review, or link your social media account to your Hotello account)
- Communications you send us (such as questions, conversations, complaints, or other information that you may submit to our support team)
- Promotion information (if you choose to participate in a contest, sweepstakes, or similar campaign, we will collect any information you provide in relation to such activity, such as photos, images, captions, or other content, in accordance with the terms provided at that time)
- Other information you may provide (including other information you provide about yourself or others through our Services or to which you provide us with access via third-party platforms)
You may choose not to provide some of the personal information described above. Please note, however, that many of our Services require some personal information to operate, so if you choose not to provide the personal information necessary to operate and provide you with a particular Service or feature of that Service, you may not be able to use that Service or feature.
We do not proactively collect sensitive personal information, such as health-related information. However, our Services include text boxes that are designed for you to describe certain details about your travel preferences or special requests that you want us or our travel partners to know. Please be aware that information you freely submit in these boxes may reveal to us or to the travel partners or third parties with whom we share information certain information that may be considered sensitive personal information under applicable law (for example, information about dietary restrictions or disability accommodations). Sensitive personal information you voluntarily submit is processed on the basis of your consent, which you may revoke at any time by contacting us at the details set out in the How to Contact Us section below.
Personal Information Generated By Us. As you use our Services, we generate certain personal information about you, including through automatic data collection and by inferences based on the information we collect about you and your activity. We may automatically collect information about your interactions with the Services or communications you receive (such as email) using certain technologies, such as cookies, web beacons and other technologies (see our Cookies and Interest-Based Advertising Policy for more details). We generate the following categories of personal information about you:
- Device information. When you visit or use our Services, we automatically collect certain information about your device (e.g., your mobile device, computer, or tablet), including information about your hardware and software, device configuration, and nearby networks. Such data may include data about your device operating systems, browsers, and other software installed on your device; such as IP address or other device identifier; country of origin, region and language settings; and information about domain servers and wireless or network access points near your device.
- Usage and performance information. We also automatically collect personal information about your usage of the Services, including information about your searches, statistics about the travel itineraries you share with us, how you interact with the features of our Services and the links you click, your preferences, access times, referring URL, and performance of our Services.
- Location information. If you use our Services, we automatically collect approximate location information about you (such as your city) or, with your consent, precise geographic location data from your mobile device when the app is running and when it is not running, depending on the choices you make when you are asked to consent to our collection of location information. The technologies we use to determine your location may include IP address mapping, cell tower position, Wi-Fi position and GPS signals. We may use and store this information to provide and improve features of our Services, for example, to tailor our Services on a needs-based manner to better facilitate your requests (such as helping you find the hotel closest to you) and to provide you with more relevant content in the cities you visit (such as sending you marketing communications relating to goods or services in your current city, including local accommodations and travel options). Hotello does not have control over your device settings, but we do recommend enabling location services on your device so you can take advantage of the location-based features and functionality offered. Please see the Your Rights and Choices section below for more information about how to adjust your preferences, including those related to location information.
- Inferences about you. We combine the information we collect, generate, or otherwise obtain to draw inferences about your preferences and interests in order to provide and personalize our Services and tailor the advertising we and our partners display or offer to you.
- Emails you synchronize with your Trips account. If you sign up to synchronize your email inbox to your Trips account, you authorize us to access the emails in the email accounts you have connected to your Trips account in order to create travel itineraries. This involves automatically scanning your inbox at regular intervals to identify emails that are booking confirmations, which are then parsed automatically or manually for relevant travel details and imported into our Trips service (along with a copy of the email, which is saved to your Trips account). See the Trips Services section below for more information.
Personal Information We Obtain from Third Parties. We may also receive certain categories of personal information from third parties, such as third-party websites, applications, social media networks, and services (each, a “third-party platform”), our group companies, travel partners, and other third parties, including individuals who have shared their travel itineraries with you through our Trips service. If you are an existing Hotello user, we will combine this information with information we collect through our Services and use and share it for the purposes described below. The categories of personal information we may obtain from third parties includes:
- Your name
- Email address or other contact information
- Social media data, if you connect to our Services using a social media third-party platform or interact with Hotello by liking or commenting on our social media pages or content, we may receive information from that social media third-party platform about those interactions and from your social media profile (e.g., name, age, gender, photograph, and other personal information related to that account)
- Browsing, purchase, usage and advertising details, including information about restaurant or travel accommodations and bookings you make through our group companies and travel partners (for example, if you book a flight through one of our group companies, we or our travel partners may receive the general location of your destination and use that information to provide recommendations for hotels or other accommodations or complementary services); how you use third-party websites, applications, and services; information relating to your interactions with our advertising and marketing materials; and demographic information about users of our Services.
HOW WE USE YOUR INFORMATION
We use your personal information for the following purposes (“Purposes”), to:
- Provide the Services, which includes providing you with the services, products, and functionality offered through our Services and fulfilling your requests, including, but not limited to: facilitating and processing bookings with our travel partners, reviewing travel partners, paying for travel partners’ products and services through our Services, and notifying people you add to, or otherwise request to notify of, your bookings through the Services
- Providing Trips/My Trips services, including automatically creating a “Trips/My Trips” account for you if you make a booking using our Services. This account collects your travel information to create and maintain your travel itineraries, which you can then share with others. If you sign up for the synchronization of your emails to our Trips/My Trips service, we access the emails in the email accounts you have connected to your Trips/My Trips account, to regularly review these emails in order to identify those that are booking confirmations that we can import into our Trips/My Trips service, to parse these emails and to add the information we have collected (including a copy of the email to your Trips/My Trips account) (see below for more detail on Trips/My Trips Services)
- Authenticate your account credentials and identify you, as necessary to log you in to the Services and ensure the security of your account
- Show your reservations and bookings made through the websites, applications, and services of our group companies, such as Booking.com or OpenTable, on your account page
- Communicate with you about your account or use of our Services, products, and/or functionality (e.g., soliciting reviews and feedback, sending alerts and notifications you have subscribed to, providing updates regarding itineraries processed by our Trips service, sending you booking confirmations, sending you information servicing and administrative emails or other notices required by law); respond to, or follow up on, your comments and questions; and otherwise provide customer service (see below for more detail on Electronic Communications)
- Send you marketing communications, including communicating with you about services or products offered by Hotello, our group companies, or our business partners and other marketing communications that we believe you would be interested in, as permitted by law (see below for more detail on Electronic Communications and Your Choices and Rights)
- Operate and improve our Services and develop new products and services, including using analytics to better understand how you use our Services for purposes of product, website, application and service development and to enhance the user experience
- Process and deliver contest entries and rewards
- Provide services and information to travel partners, such as providing user feedback and usage details
- Tailor your experience with our Services, such as by making inferences or combining different pieces of information we have collected about you to offer better search results or otherwise tailor our Services to you according to your preferences or restrictions. For example, if you frequently book rooms at four-star hotels and rent cars when you travel, we may prioritize four-star hotels in your search results or bring you a combined package offer for hotel and car, or prioritize accommodations you have previously booked
- Provide you more relevant advertising on and off our Services, including to show you personalized offers and advertising on and off our Services. For example, if you tend to book rooms at four-star hotels and often travel to Tokyo, we may display advertising for a four-star Tokyo hotel to you on our Services or work with our travel partners and advertising partners to display advertisements for four-star Tokyo hotels to you on other websites you visit.
- Protect against, investigate, and deter fraudulent, unauthorized, or illegal activity
- Comply with our policies, procedures and legal obligations, including complying with law enforcement or government authority requests, addressing litigation-related issues, and exercising rights or obligations conferred by law
- As otherwise consented to by you and as required or permitted by applicable law. If you give your consent to any further use of personal information, you can withdraw that consent at any time by contacting us using the details set out below.
You have choices about your personal information, and in some circumstances, you may have the right to opt out or object to our uses of your personal information for these Purposes. For more information, or to exercise these or other rights (where available), see the Your Choices and Rights section below.
Trips/My Trips Services. If you register for an account, send a booking confirmation to our Trips/My Trips service or make a booking through our Services, you will have access to our Trips/My Trips service, where we will collect your travel information to create and maintain your travel itineraries. If you directly send us booking confirmation emails, you authorize us to parse these emails automatically or manually and to add the information you provide to your Trips/My Trips account, along with other information that we have collected (including saving a copy of the original email to your Trips/My Trips account). If you sign up for the synchronization of your emails to our Trips/My Trips service, you authorize us to access the emails in the email accounts you have connected to Trips/My Trips, to regularly review these emails in order to identify those that are booking confirmations that we can import into our Trips/My Trips service, to parse these emails automatically or manually and to add the information we have collected to your Trips/My Trips account (including saving a copy of the original email to your Trips/My Trips account). To the extent permissible by our email synchronization partners, we use the information in your Trips/My Trips account to show you more relevant search results (e.g., accommodations you previously booked) or to provide you statistics about your travels, and we may use such information for marketing communications as described above. If you use or have itineraries as part of our Trips/My Trips Service, you can send or grant access to your itinerary to anyone you choose. Your itinerary may contain enough details (e.g., booking reference codes) to allow the recipient to cancel or modify your booking, perform a check-in, etc.
Electronic Communications. Consistent with the above Purposes and as permitted by applicable law, we may communicate with you via electronic messages, including email, text message, or mobile push notification to:
- Send you information relating to our products and Services. This may include booking confirmations and updates, receipts, technical notices, updates, security alerts, and support and administrative messages.
- Our Role as Data Controller. For purposes of European Union law and similar data protection regimes, we generally act as a data controller, meaning we determine the purposes and means of processing your personal information. Our travel partners to whom we may connect you to make reservations are also data controllers. To learn more about how a travel partner may use your personal information, you should review its privacy notice.
Processing Bases and Consequences. When we process your personal information, we rely on the following legal bases:
- Performance of the contract we have with you (for example, if you use our Services to book a flight, we will process your information in order to allow the relevant airline partner to complete and administer that booking).
- Compliance with legal obligations to which we are subject (such as when we are obliged to comply with lawful requests from competent authorities such as law enforcement).
- To serve our legitimate interests (such as tailoring your experience with our Services, carrying out online advertising, and for fraud detection), provided that such processing does not outweigh your rights and freedoms. The processing must also be pursuant to other applicable legal bases for data processing, especially provisions set out under local law.
When we use personal information to meet our legitimate interests, we take steps to ensure that your rights to your personal information are not infringed.
- Consent. To the extent that a legal ground described above would not apply to processing of your personal information by us, we will seek your consent for such specific purpose in accordance with applicable law (such as sending direct marketing messages by electronic means, like email, without an exception from the requirement to obtain consent).
Aggregate Information. We aggregate personal information collected directly from you, information generated about you by us, and information obtained from third parties (with your consent, where required) with personal information collected about other users in order to produce general statistics that cannot be linked to you or any other specific user. Information that has been aggregated and de-identified is no longer considered “personal information” and may be subsequently used for any purpose.
Anonymized Information. We may process information that cannot be linked to you or any other specific user using any means available to us, either because it was collected anonymously or has been subsequently anonymized. Information that is anonymous or has been anonymized is no longer considered “personal information” and may be subsequently used for any purpose.
With your consent, where required, we may contact you at the mobile phone number that you provide to us by way of direct dial calls, autodialed and prerecorded message calls, and text messages in connection with the above Purposes.
HOW WE SHARE YOUR INFORMATION
We disclose the personal information we collect (or otherwise generate or obtain) as follows:
- With our travel partners. We share your information with our travel partners to provide the Services (such as connecting users with airlines or online travel agents to book a flight or other travel service, and sharing personal details, contact information, passport information, preferences, requests, accommodations, and other information with the airline or online travel agent) and for our travel partners' own purposes, which may include marketing or advertising purposes (see below for more detail on Sharing with Travel Partners).
- With our group companies in our corporate family. We share your information with our group companies within our corporate family, including but not limited to for the Purposes described above, to provide you with integrated products and services, and for our and their marketing purposes (see below for more detail on Sharing with Our Group Companies).
- With other business partners. We share information with other third-party business partners for their own marketing purposes, including sharing with online advertisers or advertising technology (“ad tech”) companies to provide you with targeted advertising and marketing communications, where permitted under law (see below for more detail on Sharing with Our Business Partners).
- Trips shared by you. If you use or have itineraries as part of our Trips Service, you can send or grant access to your itinerary through our Services to anyone you choose. See the Trips Services section above for more detail.
- With social networking services. We share (or facilitate your sharing of) your information with social networking services when you use our Services to connect and share your information publicly or with friends or when you use our Services to connect with us on, share on, or use third-party social networking platforms and services (see below for more detail on Sharing with Social Networking Services).
- Third-party services or applications you use to log into your account. If you use a third-party service or application (e.g., Facebook) to log into your Hotello account, we share certain personal information with that third party.
- Reviews you submit. If you provide us with a review of your trip, you authorize us to publish it on all our Services under the screenname you provided and to share it with travel partners. You also authorize us to aggregate your review with other reviews.
- Content you publish. If you publish travel recommendations as part of Guides or other mediums provided by us, you authorize us to publish it on all our Services.
- To process payments. We do not store any card details / card related data or any other type of confidential payment details. All data will be processed at our payment gateway service provider.
- With other service providers. We share information with third-party vendors, consultants, and other service providers who perform services or functions on our behalf (see below for more detail on Sharing with Other Service Providers).
- In the event of a corporate transaction. We may disclose or transfer your information to a third party if we sell, transfer, divest, or disclose all or a portion of our business or assets to another company in connection with or during negotiation of any merger, financing, acquisition, bankruptcy, dissolution, transaction, or proceeding.
- To protect rights and property. We may disclose your information to third parties when we believe in good faith that disclosure is necessary to protect our rights, our property, the integrity of the Services, personal safety, or the interests of you or any other person, and to detect, prevent and/or otherwise address fraud, risk management, security or technical issues.
- To comply with and as required by law. We may disclose your personal information to government authorities or other relevant third parties in order to comply with applicable legal requirements, judicial proceedings, court orders, legal process, or lawful requests from governmental authorities.
- Aggregate information. We share aggregate statistical data for the improvement of our Services. We may also share aggregate or de-identified information with third parties at our discretion.
- At your request. We also share your information as directed or requested by you, or subject to your consent.
In some circumstances, you may have the right to opt out or object to our sharing of your information with certain third parties. For more information, or to exercise these or other rights, see the Your Choices and Rights section below.
When you make a request, we also share with the travel partner additional information about you, such as information about your travel activity and history, and/or information that we collect from you and third parties. Travel partners use this information for their own purposes, which may include to improve their products or services and to provide you with targeted advertising and marketing communications, where permitted under law.
- Provide you with integrated services (including to administer and manage reservations, bookings, services, and payments across our affiliated platforms).
- Provide personalized offers or send you marketing communications with your consent or as otherwise permitted by applicable law.
- Enable “single sign-on”, i.e., allowing you to log into a shared account for multiple Booking Holdings Inc. brands using a single set of log-in credentials, which allows us to, for example, show your reservations and bookings made through the websites, applications, and services of our group companies on your account page, and allow our group companies to show information in your respective account(s) with them.
- Provide customer support services.
- Detect, prevent, and investigate fraud and misuse of our services, other illegal activities, and data breaches.
- Analyze how users use our independent and affiliated platforms, including so that we may improve existing products and services and develop new features, products, and services that may be of interest to our users.
- Ensure compliance with applicable law.
To learn more about your choices related to how we share your information with our group companies (including our subsidiaries, our parent company, and its other subsidiaries), please see the Your Choices and Rights section below.
For example, if you frequently search for flights from Seattle to Paris around certain holidays, we may share that information with a particular airline partner so it can better understand which of our customers are interested in flights from Seattle to Paris on certain dates. The airline partner may then, for example, use this information to offer you a promotion.
To learn more about your choices related to how we share your information with our business partners, please see the Your Choices and Rights section below.
- When you use a credit or debit card to secure a booking or reservation through our Services, we provide your credit or debit card account information (including card number and expiration date, and if required by the travel partner, CVV number) to the applicable travel partner to process the transaction.
- When you provide your credit or debit card account information through our Services, you will have the option to save your information to your account for future use. If you choose not to save your credit or debit card account information to your account, we will delete your credit or debit card account information after the transaction is complete.
- For information about the security of your payment information, see the How We Store and Protect Your Information section below.
HOW WE STORE AND PROTECT YOUR INFORMATION
Hotello maintains commercially-reasonable technical, administrative, and physical security measures designed to protect your information from loss, misuse, unauthorized access, disclosure, alteration, and destruction.
When your payment information is being transmitted to our Services or through our Services, it will be protected by cryptographic protocols. To be clear, Hotello only stores your payment information if you choose to save that information to your account. When you submit a booking or reservation, we transfer your payment information to the applicable travel partner to process the transaction. Our contracts with third parties that receive your payment information require them to keep it secure and confidential.
However, we cannot guarantee that transmissions of your payment information or your other information will always be secure or that unauthorized third parties will never be able to defeat the security measures taken by Hotello or our third-party service providers. Except to the extent that liability cannot be excluded or limited due to applicable law, we assume no liability or responsibility for disclosure of your information due to errors in transmission, unauthorized third-party access, or other causes beyond our control. You play an important role in keeping your information secure. You should not share your user name, password, or other security information for your Hotello account with anyone. If we receive instructions using your user name and password, we will assume you have authorized the instructions. If you have reason to believe that your interaction with us is no longer secure (e.g., if you feel that the security of any account you might have with us has been compromised),
Retention. We may retain your personal information for as long as your account is active and for a period of time thereafter to allow you to re-activate your account without loss of information. We may also retain your personal information as necessary to:
- Maintain logs and business records for analysis, security, and/or audit purposes
- Comply with record retention requirements under the law
- Deal with any complaints regarding the Services; and
- Comply with our legal obligations, protect or defend our rights, resolve disputes and enforce our contracts
When you use or visit the Services, we collect information about your usage and activity using cookies, web beacons, and other technologies. Third parties may also view, edit, or set their own cookies. We and our third-party service providers, affiliates, and other business partners may also place web beacons for these third parties. The use of these technologies by third parties is subject to their own privacy policies and is not covered by this Policy, except as required by law. See our Cookies Policy for more details.
YOUR CHOICES AND RIGHTS
Email. If you no longer want to receive marketing and promotional emails from Hotello, you may click on the “unsubscribe” link in such emails to opt out of future marketing email communications. If you have a Hotello account, you may also opt out of marketing emails in your account settings. Please note that even if you opt out of receiving marketing communications from one or all of our Services, we will still send you service-related communications, such as confirmations of any future bookings you make.
Push Notifications (on Mobile Devices). You can use the settings on your mobile device to enable or turn off mobile push notifications from Hotello.
Text Messages. If you no longer want to receive text messages from Hotello, reply STOP (or as otherwise instructed) to the text message. If you have a Hotello account, you may also adjust your account settings to opt out of text messages.
Application Location. As explained in more detail in the Information We Collect and Use section above, we collect information about your location if you enable location services through the settings in your mobile device, or with your consent, as may be required by law. You can change the privacy settings of your device at any time to turn off the sharing of this location information with our Services. If you choose to turn off location services, this could affect certain features of our Services. If you have specific questions about the privacy settings of your device, we suggest you contact the manufacturer of your device or your mobile service provider for help.
What are Cookies?
What types of Cookies are used on our Sites and what do we use them for?
We use “first-party cookies,” i.e., those that are used solely by us or by third parties who act only on our instructions or on our behalf. These types of cookies are used for our own analysis of our own Sites, or to provide functionality such as remembering your language preference.
Other cookies on our Sites are used both by us for the purposes described in this policy and by third parties for purposes where those third parties may wish to combine information from our Sites with information from other sites to improve their services. For example, these types of cookies may be used for interest-based advertising purposes.
The cookies used on our Sites, by either us or by third parties, can be “session” cookies, or “persistent” cookies. “Session” cookies are deleted automatically when you close your browser, and are used for things like ensuring you are kept logged in as you navigate around our Sites. “Persistent” cookies remain stored on your device or browser even after you close it. These cookies are used, for example, to recognize you when you come back to our Sites.