Do you have a question or concern about your privacy or would you like to activate a right?
Visit our Customer Services' Portal to find out more . You can submit a request to access or update your information, close your account or delete your data through our portal. We will ensure that our dedicated privacy team gets back to you directly.
Last updated: 07/06/2018
Expedia provides a full range of travel-related services for planning and booking travel. Across our localised sites, customers may book available services such as flights, hotels, vacation rentals, rental cars, rail, cruises, activities, attractions, and travel insurance as well as a selection of vacation packages. Bookings can be made via our Services and through partners' websites. We offer customer support to you through our customer services team to deal with any queries or issues you have with your booking.
If you have any questions or concerns about our use of your personal information, then please contact us via our Customer Services Portal found in the “How to Contact Us” section at the bottom of this policy.
The personal information that we may collect about you broadly falls into the following categories:
We may ask you to provide personal information directly to us. For example, we may ask you to provide your contact details such as full name, telephone number, email address, and date of birth as necessary, in order to:
You will also need to provide your billing information (such as credit card number, cardholder name and expiration date) to make a payment.
You may also be required to provide information about any other travellers on your booking, your marketing preferences, and additional information if you participate in a survey or competition. When creating an account, you will provide a login name/member ID as well as a password.
If you’re an employee of a corporate account, a vendor or other type of business partner such as a Property Owner, Property Manager, travel agent, other information collected can include employer, employee identification number, or other relevant details.
Certain types of personal information, such as some government-issued identification numbers, religion, health or sexuality, are considered sensitive and require additional protection under applicable laws. We limit the circumstances under which we may collect sensitive personal information; examples of this information include the following:
When you visit us on our Online Services, we may collect certain information automatically from your device. In some countries, including countries in the European Economic Area, this information may be considered personal information under applicable data protection laws.
Specifically, the information we collect automatically may include information like your IP address, device type, unique device identification numbers, browser-type (such as Firefox, Safari, or Internet Explorer), your Internet Service Provider (ISP), your operating system and carrier. For website users, details of any referring website or exit pages as well as broad geographic location (e.g., country or city-level location) are also collected.
We may also collect other technical information such as how your device has interacted with our Online Services, including the pages accessed and links clicked, i.e., trips viewed and the time and date of these.
Collecting this information enables us to better understand the visitors who come to our Online Services, where they come from, and what content on our Online Services is of interest to them. We use this information for our internal analytics purposes and to improve the quality and relevance of our Online Services for our visitors, for example, to customize your user experience, tailor your searches and show you advertisements that may be of interest. We also use this automatic information to prevent and detect fraud.
Some of this information may be collected using cookies and similar tracking technology, as explained further under the heading “Cookies and similar tracking technology”
When you use one of your smart phone app, tablet app, or applications for other platforms (collectively “App” or “Apps” as applicable), we also collect:
Information about the functionality of the Apps you access and use. This allows us to identify those areas of the Apps that are of interest to our customers so that we can refine and continuously improve the Apps.
Each App sends us the device's unique device identifier (or "UID"), a sequence of numbers or characters that are unique to your device. We use this only on the first opening of the App so that we can confirm to our advertising networks the number of downloads resulting from clicks on their respective ad banners and other marketing tools. When an email address is provided, we associate this with your current UID/cookie ID for the purposes of providing a seamless experience across your devices.
When you use an App’s ’find hotels near your current location’ or similar features that suggest relevant content based on location, we use information about your current location – provided by your device using GPS or similar technologies – to show relevant content or other localized information. We do not collect location data unless you expressly use a location-based feature, and you can switch off location data collection at any time through your phone settings menu.
Each App will also send us error-reporting information in the event that it crashes or hangs. This enables us to investigate the error and to improve the stability of the App for future releases. As part of these error reports, the App sends us information about the mobile device type and version, the UID, the time the error occurred, the feature being used and the state of the application when the error occurred. We do not use this information for any purpose other than investigating and remedying the error. We may use this information to investigate and remediate the error and to assist you in completing an impacted booking
You always have the ability to control what information a App sends to us. You can exercise this control either by changing the settings of the App under its setting menu or changing the settings of your mobile device. Alternatively, you can remove the App from your device entirely and access our services through our website.
Periodically, we lawfully obtain personal information about you from affiliated entities, business partners and other independent third-party sources and add it to our account information. Examples of information we may receive include: updated contact information like email, purchase history, and demographic information.
When using a social media feature, if you have chosen to include it in your social media account, we may access information such as your name, profile picture, gender, birthday, email address, town or district and any other information you have chosen to make available. Subject to your privacy settings, we access information that you provide to a social media provider regarding your respective locations ("Location Data")to provide you with relevant content. We do not store or use any data related to the friends you are connected with on a social media site.
We may disclose your personal information to the following categories of recipients:
On occasion, we share aggregate or anonymous information with third parties, including advertisers and investors. For example, we may tell our advertisers the number of visitors our website receives or the most popular hotels and vacation destinations. This information does not contain any personal information and is used to develop content and services we hope will be of interest to our users.
Our legal bases for processing personal information (EEA visitors only)
We will normally collect personal information from you only (i) where we need the personal information to perform a contract with you, (ii) where the processing is in our legitimate interests and not overridden by your rights, or (iii) where we have your consent to do so. In some cases, we will have a legal obligation to collect personal information from you such as where it is necessary to use your transaction history to complete our financial and tax obligations under the law.
If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences if you do not provide your personal information).
If we collect and use your personal information in reliance on our legitimate interests (or those of any third party), this interest will normally be to operate our platform and communicate with you as necessary to provide our services to you, for security verification purposes when you contact us and for our legitimate commercial interest, for instance, when responding to your queries, improving our platform, undertaking marketing, or for the purposes of detecting or preventing illegal activities. We may have other legitimate interests and if appropriate we will make clear to you at the relevant time what those legitimate interests are.
How do we determine what our Legitimate Business Interests are?
We carry out an assessment to ensure that:
(i) Our interest in the use of your data is legitimate (i.e., we have a clear business need); and
(ii) The business need, on balance, does not override your privacy rights.
When determining this, we assess the potential impact a specific use of the data may have on you as a customer and weigh this against our own business needs to ensure that we get the balance right. We also apply a series of security measures to minimise any potential risks.
By way of example in practice we would consider that the collection of our customers’ marketing preferences in the course of a booking is a legitimate business interest to have as an online ecommerce company. We believe that this does not unduly impact your privacy rights as you may want to hear about our products and services going forward. However, to protect your privacy rights we ensure that you can opt out of these promotional communications at any time, in your account, in the email itself or through customer services.
In accordance with the legal grounds above, we use the information we collect to:
We want you to feel confident about using our Online Services to make travel arrangements, and we are committed to protecting the information we collect. While no Online Services can guarantee absolute security, we have implemented appropriate technical and organisational measures to protect the personal information that we collect and process about you. For example, we use encryption when transmitting your sensitive personal information between your system and ours, and we employ firewalls and intrusion detection systems to help prevent unauthorised persons from gaining access to your information. In addition, only authorised employees are permitted to access personal information, and they may only do so for permitted business functions.
Your personal information may be transferred to, and processed in, countries other than the country in which you are resident and outside of the EEA. These countries may have data protection laws that are different to the laws of your country (and, in some cases, may not be as protective).
Specifically, the servers of our Online Services are located in the US, and our group companies and third-party service providers operate around the world. This means that when we collect your personal information we may process it in any of these countries.
We ensure that any of our third-party service providers to whom a data transfer is made has appropriate safeguards in place to protection your personal information. The adequacy mechanism may be (i) adequate country status, i.e., based in a country that the European Commission has deemed "adequate" since its data protection standards are similar to the European Union; (ii) Standard Contractual Clauses; or (iii) the EU-US and Swiss-US Privacy Shield.
We retain the personal information we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax or accounting requirements).
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise the data or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
We will anonymise or aggregate your data if we intend to use it for analytical purposes or trend analysis over longer periods.
If you are a resident of the European Economic Area, you have the following data protection rights:
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.
Data collected by this website to serve you with relevant advertising. We are committed to providing you with relevant content and information. To do this, we may, through cookies and other technologies, collect information about your travel-related searches, such as whether you are looking for flights or hotels. We use this information, together with other information we have collected about you, to serve you with more relevant ads on our website, across the internet, and on other devices that you may use. So, for example, if you search for a property in London on this site, you may see an ad for a London travel package on this site or on another website you visit.
Please note that we do not combine the information we collect about your travel-related searches on this website with personal information (such as email address) to serve you with ads across other websites. We also do not share your personal information with third parties so they can serve you with advertisements. You can choose not to receive tailored online advertising on other websites, based on your travel-related searches on this website and learn more about opting out of having your information used for tailored advertising purposes by accessing one of the following resources:
Note that if you choose not to receive tailored ads, you will still see online advertisements, but they will be more general and less relevant to you.
Data collected by business partners and ad networks to serve you with relevant advertising. The advertisements you see on this website are served by us or by our service providers. But we also allow third parties to collect information about your online activities through cookies and other technologies. These third parties include (1) business partners, who collect information when you view or interact with one of their advertisements on our sites; and (2) advertising networks, which collect information about your interests when you view or interact with one of the advertisements they place on many different websites on the Internet. The information gathered by these third parties is used to make predictions about your characteristics, interests or preferences and to display advertisements on our sites and across the Internet tailored to your apparent interests. We do not permit these third parties to collect personal information about you (such as email address) on our site, nor do we share with them any personal information about you.
Data collected by companies that operate cookie-based exchanges to serve you with relevant advertising. Like other companies operating online, we participate in cookie-based exchanges where anonymous information is collected about your browsing behaviour through cookies and other technologies and segmented into different topics of interest (such as travel). These topics of interest are then shared with third parties, including advertisers and ad networks, so they can tailor advertisements to your apparent interests. We do not share personal information (such as your email address) with these companies and we do not permit these companies to collect any such information about you on our site. Please click here to learn more about cookie-based exchanges, including how to access information about the topics of interest associated with cookies on your computer and how to decline participation in these programs.
Do-Not-Track Signals and Similar Mechanisms. Some web browsers may transmit "do-not-track" signals to websites with which the browser communicates. Because of differences in how web browsers incorporate and activate this feature, it is not always clear whether users intend for these signals to be transmitted, or whether they even are aware of them. Participants in the leading Internet standards-setting organization that is addressing this issue are in the process of determining what, if anything, websites should do when they receive such signals. We currently do not take action in response to these signals. If and when a final standard is established and accepted, we will reassess how to respond to these signals.