Privacy Statement

 

Last Updated: September 11, 2023

Hotels.com, LP, a subsidiary of Expedia, Inc. (“we” or “us”) values you as our customer and recognizes that privacy is important to you. This Privacy Statement explains how we collect, use, and disclose data when you use our platform and associated services, your rights in determining what we do with the information that we collect or hold about you and tells you how to contact us.

Privacy Statement Summary

This is a summary of our Privacy Statement. To review our Privacy Statement in full, please click here, or scroll down.

What does this Privacy Statement cover?

This Privacy Statement is designed to describe:

  • How and what type of personal information we collect and use
  • When and with whom we share your personal information
  • What choices you can make about how we collect, use, and share your personal information
  • How you can access and update your information.

What personal information do we collect and use, and how do we collect it?

We collect personal information when:

  • You give us the information
  • We collect it automatically
  • We receive it from others

When you create an account on one of our sites, sign up to receive offers or information, or make a booking using our platform, you give us your personal information. We also collect such information through automated technology such as cookies placed on your browser, with your consent where applicable, when you visit our sites or download and use our Apps. We also receive information from affiliated companies within Expedia Group, as well as business partners and other third-parties, which help us improve our platform and associated tools and services, update and maintain accurate records, potentially detect and investigate fraud, and more effectively market our services. 

How is your personal information shared?

Your personal information may be shared for several purposes, including: to help you book your travel and/or vacation, assist with your travel and/or vacation stay, communicate with you (including when we send information on products and services or enable you to communicate with travel providers and/or property owners), and comply with the law. The full Privacy Statement below details how personal information is shared below.

What are your rights and choices?

You can exercise your data protection rights in various ways. For example, you can opt out of marketing by clicking the “unsubscribe” link in the emails, in your account as applicable, or contacting our customer service. Our Privacy Statement has more information about the options and data protection rights and choices available to you.

How to contact us

More information about our privacy practices is in our full Privacy Statement. You can also contact us as described below in the “Contact Us” section to ask questions about how we handle your personal information or make requests about your personal information.

*****************************

Privacy Statement

Categories of Personal Information We Collect

Mobile Apps

Use of Personal Information

Sharing of Personal Information

Your Rights and Choices

International Data Transfer

Data Privacy Framework

APEC Cross Border Privacy Rules System Participation

Security

Record Retention

Contact Us

Updates to Privacy Statement

Categories of Personal Information We Collect

When you use our platform, Apps, or associated tools or services, we may collect the following kinds of personal information from you as needed:

  • Name, username, email address, telephone number, and home, business, and billing addressees (including street and postal code)
  • Government issued Identification required for booking or identity verification, such as passport, driver’s license, government redress numbers, and country of residence (for travel insurance purposes), and for vacation property owners, tax identification number
  • Payment information such as payment card number, expiration date, billing address, and financial account number
  • Travel-related preferences and requests such as favorite destination and accommodation types, and special dietary and accessibility needs, as available
  • Loyalty program and membership information
  • Birth date and gender
  • Geolocation
  • Images (including facial photographs), videos, and other recordings
  • Social media account ID and other publicly available information
  • Communications with us (such as recordings of calls with customer service representatives for quality assurance and training purposes)
  • Searches you conduct, transactions, and other interactions with you on our online services and Apps
  • Other communications that occur through the platform among partners and travelers, and in-group chat and traveler-collaboration tools 
  • The searches and transactions conducted through the platform
  • Data you give us about other people, such as your travel companions or others for whom you are making a booking
  • Information we receive about you from other Expedia Group companies and third parties such as our business and affiliate partners and authorized service providers which may include updated contact information, demographic information, interests, and purchase history, which we may add to your account or profile and use for market research and analysis

We collect sensitive personal information either with consent or in accordance with local law. This may include information which could reveal your racial or ethnic origin, religious or philosophical beliefs, sexual orientation and health or disability information.

 

When you install any of our apps or use our platform, we automatically collect the following types of information from your device (“Automatically Collected Information”):

  • IP address
  • Device type
  • Unique device identification numbers
  • Internet browser-type (such as Firefox, Safari, Chrome, and Internet Explorer)
  • Internet Service Provider
  • Operating System
  • Mobile carrier
  • How your device has interacted with our online services, including the pages accessed, links clicked, trips viewed, and features used, along with associated dates and times
  • Details of any referring website or exit pages, as well as general geographic location (such as at the country or city-level)

Our Cookie Statement further explains how we use cookies and similar tracking technology.

Mobile Apps

When you download and use any of our mobile apps, we collect certain technical information from your device to enable the app to work properly and as otherwise described in this Privacy Statement. That technical information includes:

  • Device and telephone connectivity information such as your carrier, network type, network operator, subscriber identity module ("SIM") operator, and SIM country
  • Operating system and version
  • Device model
  • Performance and data usage
  • Usage data, such as dates and times the app accesses our servers, the features and links clicked in the app, searches, transactions, and the data and files downloaded to the app
  • Device settings selected or enabled, such as Wi-Fi, Global Positioning System ("GPS"), and Bluetooth (which may be used for location services, subject to your permission as explained below)
  • Mobile device settings
  • Other technical information such as app name, type, and version as needed to provide you with services

Permissions for Location-Based Services:

Depending on your device’s settings and permissions and your choice to participate in certain programs, we may collect the location of your device by using GPS signals, cell phone towers, Wi-Fi signals, Bluetooth or other technologies. We will collect this information, if you opt in through the app or other program (either during your initial login or later) to enable certain location-based services available within the app (for example, locating available lodging closest to you). To disable location capabilities of the app, you can log off or change your mobile device’s settings.

Mobile App Analytics:

Depending on your device’s settings and permissions and your choice to participate in certain programs, we may use technology to track where you chose to download our app and to measure advertising effectiveness. When we use this kind of technology, we will use privacy enhancing technologies such as de-identification, pseudonymization, encryption and improved notice where possible.

Use of Personal Information

We use your personal information for various purposes described below, which depend on the site you visit or the app you use. 

Your Use of Online Sites, Apps, and Services:

  • Book the requested travel or enable vacation property booking
  • Provide services related to the booking and/or account
  • Create, maintain, and update user accounts on our platform and authenticate you as a user
  • Maintain your search and travel history, accommodation and travel preferences, and similar information about your use of Expedia Group’s platform and services, and as otherwise described in this Privacy Statement
  • Enable and facilitate acceptance and processing of payments, coupons, and other transactions
  • Administer loyalty and rewards programs
  • Collect and enable booking-related reviews
  • Help you to use our services faster and easier through features like the ability to sign-in using your account within the online services and sites of some of the Expedia Group companies

Communications and Marketing:

  • Respond to your questions, requests for information, and process information choices
  • Enable communication between you and the travel supplier like hotels and vacation property owners
  • Contact you (such as by text message, email, phone calls, mail, push notifications, or messages on other communication platforms) to provide information like travel booking confirmations and updates, for marketing purposes, or for other purposes as described in this Privacy Statement
  • Market our products and services
  • Analyze information such as browsing and/or purchase history and use the result to optimize advertising in accordance with your interests and preferences
  • Measure and analyze the effectiveness of our marketing and promotions
  • Administer promotions like contests, sweepstakes, and similar giveaways

Other Business Purposes and Compliance

  • Conduct surveys, market research, and data analytics
  • Maintain, improve, research, and measure the effectiveness of our sites and apps, activities, tools, and services
  • Monitor or record calls, chats, and other communications with our customer service team and other representatives, as well as platform communications between or among partners and travelers for quality control, training, dispute resolution, and as described in this Privacy Statement
  • Create aggregated or otherwise anonymized or deidentified data, which we may use and disclose without restriction where permissible
  • Promote security, verify identity of our customers, prevent and investigate fraud and unauthorized activities, defend against claims and other liabilities, and manage other risks
  • Comply with applicable laws, protect our and our users’ rights and interest, defend ourselves, and respond to law enforcement, other legal authorities, and requests that are part of a legal process
  • Comply with applicable security and anti-terrorism, anti-bribery, customs and immigration, and other such due diligence laws and requirements
  • Operate our business using lawful business purposes and as permitted by law

The Expedia company responsible for the Expedia site you are using (including to make your booking) will be the main company responsible for your Personal Information, known as the controller. Where you use multiple Expedia sites, then each controller of those sites may act together to give you access to services such as our combined loyalty program, single account access to all out sites (each as they become available where you are) and for other support functions and operations to manage and improve our services across the Expedia Group companies. These are called joint controllers. This will not affect any marketing preferences that you have made and not updated with any particular Expedia company.

 

Clickstream data

In certain instances, we may use clickstream data to render an illustration of your usage of our site. Clickstream data is the collection of a sequence of events that represent visitor actions on a website. We may reconstruct your site journey modeled on the timing and location of your actions. This data is primarily used for customer service purposes, to verify the legitimacy of a claim, or to defend ourselves. This data may also be used for other internal purposes such as improving the user experience on our website and identifying website malfunctions.

Sensitive Personal Information

We will only use your sensitive personal information for the purposes for which it was collected.

 

Lawful bases for processing:

We will collect personal information from you only (i) where the personal information is necessary to perform a contract with you (e.g., manage your booking, process payments, or create an account at your request), (ii) where the processing is in our legitimate interests and not overridden by your rights (as explained below), or (iii) where we have your consent to do so (e.g., sending you marketing communications where consent is required). In some cases, we will have a legal obligation to collect personal information from you such as where it is necessary to use your transaction history to complete our financial and tax obligations under the law.

If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences if you do not provide your personal information). Certain countries and regions allow us to process personal information on the basis of legitimate interests. If we collect and use your personal information in reliance on our legitimate interests (or the legitimate interests of any third-party), this interest will typically be to operate or improve our platform and communicate with you as necessary to provide our services to you, for security verification purposes when you contact us, to respond to your queries, undertaking marketing, or for the purposes of potentially detecting or preventing illegal activities. 

We may use artificial intelligence, machine learning, and other automated decision-making to enhance your user experience and keep our site safe.

For example, we may use it in relation to:

  • the sort order you see on our site,
  • destinations, property or activity recommendations,
  • flight price insights and alerts,
  • the content you upload on our site (e.g., images of your properties) to ensure they meet our quality or formatting requirements, and to identify relevant amenities included in your listing,
  • the reviews you share with us to ensure they do not contain identifiable personal information or to assess customer satisfaction,
  • the prevention and detection of breach of our terms and conditions or other fraudulent activities to keep our site safe,
  • our language and dialects within our virtual agents’ experience.

Automated decisions may be made by putting your personal information into a system and the decision is calculated using automatic processes.

We will not engage in automated decision-making that involves a decision with legal or similarly significant effects solely based on automated processing of personal information, unless you: (1) explicitly consented to the processing, (2) the processing is necessary for entering into a contract, or (3) when otherwise authorized by applicable law.

You may have rights in relation to automated decision making, including the ability to request a manual decision-making process instead or contest a decision based solely on automated processing. If you want to know more about your data protection rights, please see the Your Rights and Choices section below.

Sharing of Personal Information

We sha