CruiseDesk® Privacy
Statement
Last Modified: February
28, 2023
Please read the
following statement (“Privacy Statement”) to learn about our privacy
practices. This Privacy Statement explains how we collect, use, and disclose
data when you use our platform and associated services, and tells you how to
contact us.
Privacy Statement Summary
This is a summary
of our Privacy Statement. To review our Privacy Statement in full please scroll
down.
What does this
Privacy Statement cover?
This Privacy Statement
is designed to describe:
· How and what type
of personal information we collect and use
· When and with
whom we share your personal information
· What choices you
can make about how we collect, use, and share your personal information
What personal information do we
collect and use, and how do we collect it?
We collect
personal information when:
· You give us the information
· We collect it automatically
· We receive it
from others
When you create
an account on one of our sites, sign up to receive offers or information, or
otherwise use our platform, you give us your personal information. We also
collect such information through automated technology such as cookies placed on
your browser, with your consent where applicable, when you visit our sites. We
also receive information from business partners and other third-parties,
which help us improve our platform and associated tools and services, update
and maintain accurate records, potentially detect and investigate fraud, and
more effectively market our services.
How is your personal information
shared?
Your personal
information may be shared with third parties for several purposes, including:
to help provide you information, services, assist with your use of our
services, communicate with you (including when we send information on products
and services or enable you to communicate with others), and comply with the
law, where applicable, depending on your interaction with the site. The full
Privacy Statement below details how personal information is shared.
What are your rights and choices?
You can exercise
your data protection rights in various ways. For example, you can opt out of
marketing by clicking the “unsubscribe” link in the emails, in your account as
applicable, or contacting our customer service. Our full Privacy Statement has
more information about the options and data protection rights available to you.
How to contact us
More information
about our privacy practices is in our full Privacy Statement below. Please
contact us as to ask questions about how we handle your personal information or
make requests about your personal information.
Privacy Statement
Categories of Personal
Information We Collect
Sharing of Personal Information
International Data Transfer &
Privacy Shield
Categories of Personal Information We Collect
We receive and
store any information you provide to us through the Site or given to us in any
other way. This includes information that can identify you, such as your first
and last name, telephone number and postal and email addresses (“personal
information”). We may collect the following categories of personal
information:
· Name, email
address, telephone number, business, and billing addressees
· Payment
information such as payment card number, expiration date, and billing address
where required
· Non-specific
geolocation data
· Images, videos,
and other recordings
· Social media
account ID and other publicly available information
· Communications
with us
· Searches you
conduct, transactions, and other interactions with you on our online services
· Other
communications that occur through the platform among partners and travelers,
and in-group chat and traveler-collaboration tools
· The searches and
transactions conducted through the platform
· Data you give us
about other people associated with you or your company
· We also may
periodically obtain both personal and non-personal information about you from
affiliated entities, business partners and other independent third-party
sources.
Sensitive
Personal Information. We only collect sensitive personal information either
with consent or in accordance with local law. This may include information
which could reveal your racial or ethnic origin, religious or philosophical
beliefs, sexual orientation, trade union or other professional membership, and
health or disability information.
Automatic
Collected Information. We automatically collect some information about your
computer and your online activity when you visit the Site. For example, we may
collect your IP address and information about what web browser software you use
to access the Site (such as Google Chrome, Firefox, Safari
or Internet Explorer) and referring website. Where permitted by local law, we
may also automatically collect information you enter into
any data fields shown on the Site, including your email address and log-in
credentials. We may also collect information about your online activity, such
as trips viewed or bookings made. Our goals in
collecting this automatic information include helping to customize your user
experience and inhibiting fraud.
Use of Personal Information
We use
information about you for the following general purposes:We use information about you for the
following general purposes:
· Provide you with
the products and services you request;
· Communicate with
you in general;
· Respond to your
questions and comments;
· Measure interest
in and improve our products, services and the Site;
· Customize your
experience with this Site;
· Solicit information
from you, including through surveys; to resolve disputes, or troubleshoot problems;
· Prevent,
investigate or take action on potentially prohibited or illegal activities;
· Enforce the
Site’s Terms of Use;
· Activities
related to our business; and
· As otherwise
described to you at the point of collection.
Email
Communications. We want to make it easy for you to take advantage of
opportunities on our Site. One way we do this is by sending you email messages
that contain information about your apparent interests. We believe these email
messages will provide you with useful information about opportunities available
to Expedia partners through our Site. Please note that you will have the
opportunity to choose not to receive these email messages in any such email we
send.
Clickstream data. In certain
instances, we may use clickstream data to render an illustration of your usage
of our site. Clickstream data is the collection of a sequence of events that
represent visitor actions on a website. We may reconstruct your site journey
modeled on the timing and location of your actions. This data is primarily used
for customer service purposes, to verify the legitimacy of a claim, or to
defend ourselves. This data may also be used for other internal purposes such as
improving the user experience on our website and identifying website
malfunctions.
Sensitive
Personal Information. We will only use your sensitive personal information for
the purposes for which it was collected.
Lawful bases for
processing:
We will collect
personal information from you only (i) where the
personal information is necessary to perform a contract with you (e.g., manage
your booking, process payments, or create an account at your request), (ii)
where the processing is in our legitimate interests and not overridden by your
rights (as explained below), or (iii) where we have your consent to do so
(e.g., sending you marketing communications where consent is required). In some
cases, we will have a legal obligation to collect personal information from you
such as where it is necessary to use your transaction history to complete our
financial and tax obligations under the law.
If we ask you to
provide personal information to comply with a legal requirement or to perform a
contract with you, we will make this clear at the relevant time and advise you
whether the provision of your personal information is mandatory or not (as well
as of the possible consequences if you do not provide your personal
information).
Certain countries
and regions allow us to process personal information on the
basis of legitimate interests. If we collect and use your personal
information in reliance on our legitimate interests (or the legitimate
interests of any third-party), this interest will typically be to operate or
improve our platform and communicate with you as necessary to provide our
services to you, for security verification purposes when you contact us, to
respond to your queries, undertaking marketing, or for the purposes of
potentially detecting or preventing illegal activities.
We may use
artificial intelligence, machine learning, and other automated decision-making
to enhance your user experience and keep our site safe.
For example, we
may use it in relation to:
· the sort order
you see on our site,
· destinations, property or activity recommendations,
· flight price
insights and alerts,
· the content you
upload on our site (e.g., images of your properties) to ensure they meet our
quality or formatting requirements, and to identify relevant amenities included
in your listing,
· the reviews you
share with us to ensure they do not contain identifiable personal information
or to assess customer satisfaction,
· the prevention
and detection of breach of our terms and conditions or other fraudulent
activities to keep our site safe,
· our language and
dialects within our virtual agents’ experience.
Automated
decisions may be made by putting your personal information into a system and
the decision is calculated using automatic processes.
We will not
engage in automated decision-making that involves a decision with legal or
similarly significant effects solely based on automated processing of personal
information, unless you: (1) explicitly consented to the processing, (2) the
processing is necessary for entering into a contract, or (3) when otherwise
authorized by applicable law.
You may have
rights in relation to automated decision making, including the ability to
request a manual decision-making process instead or contest a decision based
solely on automated processing. If you want to know more about your data
protection rights, please see the Your Rights and Choices section below.
USING THE MOBILE PHONE AND TABLET APPS (THE “MOBILE APPS”)
When you use an
Expedia Mobile App, including the CruiseDesk® app, we collect
and use information about you in the same way and for the same purposes as we
do when you use our Site.
In addition to
this, we also use some other information that we collect automatically when you
use our Mobile Apps. Specifically:
· Device and
telephone connectivity information such as your carrier, network type, network
operator, subscriber identity module ("SIM") operator, and SIM
country
· Operating system
and version
· Device model
· Performance and
data usage
· Usage data, such
as dates and times the app accesses our servers, the features and links clicked
in the app, searches, transactions, and the data and files downloaded to the app
· Device settings
selected or enabled, such as Wi-Fi, Global Positioning System
("GPS"), and Bluetooth (which may be used for location services,
subject to your permission as explained below)
· Mobile device
settings
· Other technical
information such as app name, type, and version as needed to provide you with services
Permissions for
Location-Based Services
Depending on your
device’s settings and permissions and your choice to participate in certain
programs, we may collect the location of your device by using GPS signals, cell
phone towers, Wi-Fi signals, Bluetooth or other
technologies. We will collect this information, if you opt in through the app
or other program (either during your initial login or later) to enable certain
location-based services available within the app (for example, locating
available lodging closest to you). To disable location capabilities of the app,
you can log off or change your mobile device’s settings.
Mobile App
Analytics
Depending on your
device’s settings and permissions and your choice to participate in certain
programs, we may use technology to track where you chose to download our app
and to measure advertising effectiveness. When we use this kind of technology,
we will use privacy enhancing technologies such as de-identification,
pseudonymization, encryption and improved notice where possible.
Sharing of Personal Information
We share your personal
information as described below and in this Privacy Statement, and as permitted
by applicable law.
· Expedia Group
Companies. We share your personal information within the Expedia Group
companies, listed at expediagroup.com. Expedia Group companies either
autonomously or as joint data controllers, where applicable share, access and
use your personal information as described in this Privacy Statement. The
Expedia Company responsible for the Expedia site you are using (including to
make your booking) will be the main company responsible for your Personal
Information, known as the controller. Where you use multiple Expedia sites,
then each controller of those sites may act together to give you access to
services such as our combined loyalty program, single account access to all our
sites (each as they become available where you are) and for other support
functions and operations to manage and improve our services across the Expedia
Group companies. These are called joint controllers. This will not affect any
marketing preferences that you have made and not updated with any particular Expedia Group company.
· Third-party
service providers. We share personal information with third-party
vendors who provide services or functions on our behalf, including business analytics,
customer service, and fraud prevention. Third-party vendors have access to and
may collect information only as needed to perform their functions and are not
permitted to share or use the information for any other purpose. They are also
required to follow the same data security practices that we ourselves adhere
to.
· Legal rights and
obligations. We may disclose your personal information to enforce our
policies, as necessary to satisfy our tax or regulatory reporting requirements,
or where we are permitted (or believe in good faith that we are required) to do
so by applicable law, such as in response to a request by a law enforcement or
governmental authority, in connection with actual or proposed litigation, or to
protect and defend our property, people and other rights or interests. We may
also share your personal information pursuant to a subpoena or other legal
request, or as necessary to remit certain taxes in the course
of processing payments as required by law or legal process.
· Targeted
Advertising. We may disclose your Automatically Collected Information to
our third-party marketing partners for targeted advertising. This may be
considered “sharing” data under California law. Subject to certain limitations,
some US residents have the right to opt out of having their personal
information shared for this purpose. For more information, see the Your Rights
and Choices section below. You should note that by opting out of these types of
disclosures, you may limit our ability to customize your experience with
content that may be of interest to you or to provide you with a better travel
experience. View our Cookie Statement for more information
on our use of tracking technology for the purposes of targeted advertising.
· Companies within
our corporate family. To the extent that our corporate affiliates have
access to your information, they will follow practices that are at least as
restrictive as the practices described in this Privacy Statement.
· Corporate
Transactions. We may share your personal information in connection with a
corporate transaction, such as a divestiture, merger, consolidation
or asset sale, or in the unlikely event of bankruptcy.
Other than as set
forth above, you will be notified when personal information about you will be
shared with third parties, and you will have an opportunity to choose not to
have us share such information.
We also may share
aggregate or anonymous information with third parties, including advertisers
and investors. This information does not contain any personal information and
is used to develop content and services we hope you will find of interest.
YOUR RIGHTS AND CHOICES
You have certain
rights and choices with respect to your personal information, as described
below:
· If you no longer
wish to receive marketing and promotional emails, you may unsubscribe by
clicking the ‘unsubscribe’ link in the email. You can also contact us as
outlined below in the Contact Us section. Please note that if you choose to
unsubscribe from or opt out of marketing emails, we may still send you
important transactional and account-related messages from which you will not be
able to unsubscribe
· You can control
our use of certain cookies by following the guidance in our Cookie Statement.
· You can access,
amend, inquire about deletion of, or update the accuracy of, your information
at any time by contacting us
· If we are
processing your personal information on the basis of
consent, you may withdraw that consent at any time by contacting us. Withdrawing
your consent will not affect the lawfulness of any processing that occurred
before you withdrew consent and it will not affect our
processing of your personal information that is conducted in reliance on a
legal basis other than consent
Certain countries
and regions provide their residents with additional rights relating to personal
information. These additional rights vary by country and region and may include
the ability to:
· Request a copy of
your personal information
· Request
information about the purpose of the processing activities
· Delete your
personal information
· Object to our use
or disclosure of your personal information
· Restrict the
processing of your personal information
· Opt-out of the
sale of your personal information
· Port your
personal information
· Request
information about the logic involved in our automated decision-making used in
our fraud prevention practices and the result of such decisions
For more
information on what data subject rights may be available to you, please
click here.
In addition to
the above rights, you may have the right to complain to a data protection
authority about our collection and use of your personal information. However,
we encourage you to contact us first so we can do our best to resolve your
concern. You may submit your request to us using the information in the Contact
Us section. We respond to all requests we receive from individuals wanting to
exercise their personal data protection rights in accordance with applicable
data protection laws. Should you have the right to appeal a decision to not take action on a request under applicable law, instructions
on how to make that appeal will be included in our response to you.
International data transfer
The personal
information that we process may be accessed from, processed
or transferred to countries other than the country in which you reside. Those
countries may have data protection laws that are different from the laws of
your country.
The servers for
our platform are located in the United States, and the
Expedia Group companies and third-party service providers operate in many
countries around the world. When we collect your personal information, we may
process it in any of those countries. Our employees may access your personal
information from various countries around the world. The transferees of your
personal data may also be located in countries other
than the country in which you reside.
We have taken
appropriate steps and put safeguards in place to help ensure that any access,
processing and/or transfer of your personal information remains protected in
accordance with this Privacy Statement and in compliance with applicable data
protection law. Such measures provide your personal information with a standard
of protection that is at least comparable to that under the equivalent local
law in your country, no matter where your data is accessed from, processed
and/or transferred to.
Such measures
include the following:
· Adequacy
decisions of the European Commission confirming an adequate level of data
protection in respective non-EEA countries.
· Ensuring that the
third-party partners, vendors and service providers to
whom data transfers are made have appropriate mechanisms in place to protect
your personal information. For instance, our agreements signed with our
third-party partners, vendors and service providers incorporate strict data
transfer terms (including, where applicable, the European Commission's Standard
Contractual Clauses issued by the European Commission and/or United Kingdom,
for transfers from the EEA/UK), and require all contracting parties to protect
the personal information they process in accordance with applicable data
protection law. Our agreements with our third-party partners, vendors and
service providers may also include, where applicable, their certification under
the EU-U.S. and/or Swiss-U.S. Privacy Shield certification, or reliance on the
service provider's Binding Corporate Rules, as defined by the European
Commission.
· Intra-group
agreements in place for our group companies which incorporate strict data
transfer terms (including, where applicable, Standard Contractual Clauses
issued by the European Commission and/or United Kingdom, for transfers from the
EEA/UK) and require all group companies to protect the personal information
they process in accordance with applicable data protection law.
· Carrying out
periodic risk assessments and implement various technological and organization
measures to ensure compliance with relevant laws on data transfer.
Privacy Shield
Certain Expedia
Group U.S. affiliates have certified to the EU-U.S. and Swiss-U.S. Privacy
Shield frameworks and that we adhere to the Privacy Shield Principles of
Notice, Choice, accountability for Onward Transfers, Security, Data Integrity
and Purpose Limitation, Access, and Recourse, Enforcement, and Liability for
personal information from the EU, Switzerland, and the United Kingdom. Such
Expedia Group U.S. affiliates will continue to adhere to the Privacy Shield
frameworks and Principles even though the CJEU determined in July 2020 that the
EU-U.S. Privacy Shield framework is no longer an adequate transfer mechanism
for the transfer of EU personal information to the U.S. In addition, Expedia
Group maintains intra-group Standard Contractual Clauses where applicable to
cover the transfer of EU personal information to the U.S. Our certifications
can be found here. For more
information about the Privacy Shield principles, please visit: www.privacyshield.gov. For more on our
adherence to the Privacy Shield Frameworks, please see information posted here.
Security
We want you to
feel confident about using the Site and we are committed to protecting the
information we collect. While no website can guarantee security, we have
implemented appropriate administrative, technical and
physical security procedures to help protect the personal information you
provide to us.
Our cybersecurity
team develops and deploys technical security controls and measures to ensure
responsible data collection, storage, and sharing that is proportionate to the
data’s level of confidentiality or sensitivity. We take efforts to continuously
implement and update security measures to protect your information from
unauthorized access, loss, destruction, or alteration. We hold our
data-handling partners to equally high standards.
External links
This Privacy
Statement does not apply to third-party websites that may be accessed via links
included on this Site. Privacy statements posted on third-party websites will
outline procedures for collecting, using and
disclosing personal information on those websites.
Record Retention
We will retain
your personal information in accordance with all applicable laws, for as long
as it may be relevant to fulfill the purposes set forth in this Privacy
Statement, unless a longer retention period is required or permitted by law.
When we delete
your personal information, we use industry standard methods to ensure that any
recovery or retrieval of your information is impossible. We may keep residual
copies of your personal information in backup systems to protect our systems
from malicious loss. This data is inaccessible unless restored, and all
unnecessary information will be deleted upon restoration.
The criteria we
use to determine our retention periods include:
· The duration of
our relationship with you, or recent bookings or other transactions you have
made on our platform
· Whether we have a
legal obligation related to your personal information, such as laws requiring
us to keep records of your transactions with us
· Whether there are
any current and relevant legal obligations affecting how long we will keep your
personal information, including contractual obligations, litigation holds,
statutes of limitations, and regulatory investigations
· Whether your
information is needed for secure backups of our systems
Updates to Privacy Statement
We may update
this Statement in response to changing laws or technical or business
developments. If we propose to make any material changes, we will notify you by
means of a notice on this page. You can see when this Privacy Statement was last
updated by checking the “last updated” date displayed at the top of this
Statement.
Contact Us
All notices
should be sent to: Expedia Group Att: Lodging Product
Marketing, 1111 Expedia Group Way W., Seattle WA 98119
Questions? Visit
our Contact Us page.