Last Updated: October 12, 2023

This Privacy Policy (“Policy”) outlines how GuestLodgings, Inc. and its affiliated companies (“GuestLodgings,” “we,” “our,” or “us”) collect, use, disclose, and safeguard your personal information concerning your use of our vacation rental services. Your privacy is important to us, and we are committed to protecting your personal information. By accessing or using GuestLodgings’ services, you agree to the practices described in this Policy.

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users who register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights do you have over your data

If you have an account on this site or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Privacy Statement

Information We Collect

When you use our platform, Apps, or associated tools or services, we may collect the following kinds of personal information from you as needed:

• Name, username, email address, telephone number, and home, business, and billing addresses (including street and postal code)
• Government-issued Identification required for booking or identity verification, such as passport, driver’s license, government redress numbers, and country of residence (for travel insurance purposes), and for vacation property owners, tax identification number
• Payment information such as payment card number, expiration date, billing address, and financial account number
• Travel-related preferences and requests such as favorite destination and accommodation types, and special dietary and accessibility needs, as available
• Loyalty program and membership information
• Birth date and gender
• Geolocation
• Images (including facial photographs), videos, and other recordings
• Social media account ID and other publicly available information
• Communications with us (such as recordings of calls with customer service representatives for quality assurance and training purposes)
• Searches you conduct, transactions, and other interactions with you on our online services and Apps
• Other communications that occur through the platform among partners and travelers, and in-group chat and traveler-collaboration tools
• The searches and transactions conducted through the platform
• Data you give us about other people, such as your travel companions or others for whom you are making a booking

We collect sensitive personal information either with consent or in accordance with local law. This may include information that could reveal your racial or ethnic origin, religious or philosophical beliefs, sexual orientation, and health or disability information.

When you install any of our apps or use our platform, we automatically collect the following types of information from your device (“Automatically Collected Information”):

• IP address
• Device type
• Unique device identification numbers
• Internet browser type (such as Firefox, Safari, Chrome, and Internet Explorer)
• Internet Service Provider
• Operating System
• Mobile carrier
• How your device has interacted with our online services, including the pages accessed, links clicked, trips viewed, and features used, along with associated dates and times
• Details of any referring website or exit pages, as well as general geographic location (such as at the country or city level)

Mobile Apps

When you download and use any of our mobile apps, we collect certain technical information from your device to enable the app to work properly and as otherwise described in this Privacy Statement. That technical information includes:

• Device and telephone connectivity information such as your carrier, network type, network operator, subscriber identity module (“SIM”) operator, and SIM country
• Operating system and version
• Device model
• Performance and data usage
• Usage data, such as dates and times the app accesses our servers, the features and links clicked in the app, searches, transactions, and the data and files downloaded to the app
• Device settings selected or enabled, such as Wi-Fi, Global Positioning System (“GPS”), and Bluetooth (which may be used for location services, subject to your permission as explained below)
• Mobile device settings
• Other technical information such as app name, type, and version as needed to provide you with services

Permissions for Location-Based Services:

Depending on your device’s settings and permissions and your choice to participate in certain programs, we may collect the location of your device by using GPS signals, cell phone towers, Wi-Fi signals, Bluetooth, or other technologies. We will collect this information, if you opt-in through the app or other program (either during your initial login or later) to enable certain location-based services available within the app (for example, locating available lodging closest to you). To disable the location capabilities of the app, you can log off or change your mobile device’s settings.

Mobile App Analytics:

Depending on your device’s settings and permissions and your choice to participate in certain programs, we may use technology to track where you chose to download our app and to measure advertising effectiveness. When we use this kind of technology, we will use privacy-enhancing technologies such as de-identification, pseudonymization, encryption, and improved notice where possible.

Use of Personal Information

We use your personal information for various purposes described below, which depend on the site you visit or the app you use.

Your Use of Online Sites, Apps, and Services:

• Book the requested travel or enable vacation property booking
• Provide services related to the booking and/or account
• Create, maintain, and update user accounts on our platform and authenticate you as a user
• Maintain your search and travel history, accommodation and travel preferences, and similar information about your use of Expedia Group’s platform and services, as otherwise described in this Privacy Statement
• Enable and facilitate acceptance and processing of payments, coupons, and other transactions
• Administer loyalty and rewards programs
• Collect and enable booking-related reviews
• Help you to use our services faster and easier through features like the ability to sign in using your account within the online services.

Communications and Marketing:

• Respond to your questions, and requests for information, and process information choices
• Enable communication between you and the travel suppliers like hotels and vacation property owners
• Contact you (such as by text message, email, phone calls, mail, push notifications, or messages on other communication platforms) to provide information like travel booking confirmations and updates, for marketing purposes, or for other purposes as described in this Privacy Statement
• Market our products and services
• Analyze information such as browsing and/or purchase history and use the result to optimize advertising in accordance with your interests and preferences
• Measure and analyze the effectiveness of our marketing and promotions
• Administer promotions like contests, sweepstakes, and similar giveaways

Other Business Purposes and Compliance

• Conduct surveys, market research, and data analytics
• Maintain, improve, research, and measure the effectiveness of our sites and apps, activities, tools, and services
• Monitor or record calls, chats, and other communications with our customer service team and other representatives, as well as platform communications between or among partners and travelers for quality control, training, dispute resolution, and as described in this Privacy Statement
• Create aggregated or otherwise anonymized or deidentified data, which we may use and disclose without restriction where permissible
• Promote security, verify the identity of our customers, prevent and investigate fraud and unauthorized activities, defend against claims and other liabilities, and manage other risks
• Comply with applicable laws, protect our and our users’ rights and interests, defend ourselves, and respond to law enforcement, other legal authorities, and requests that are part of a legal process
• Comply with applicable security and anti-terrorism, anti-bribery, customs and immigration, and other such due diligence laws and requirements
• Operate our business using lawful business purposes and as permitted by law

In certain instances, we may use clickstream data to render an illustration of your usage of our site. Clickstream data is the collection of a sequence of events that represent visitor actions on a website. We may reconstruct your site journey modeled on the timing and location of your actions. This data is primarily used for customer service purposes, to verify the legitimacy of a claim, or to defend ourselves. This data may also be used for other internal purposes such as improving the user experience on our website and identifying website malfunctions.

Sensitive Personal Information

We will only use your sensitive personal information for the purposes for which it was collected.

Lawful bases for processing:

We will collect personal information from you only

• where the personal information is necessary to perform a contract with you (e.g., manage your booking, process payments, or create an account at your request),
• where the processing is in our legitimate interests and not overridden by your rights (as explained below), or
• where we have your consent to do so (e.g., sending you marketing communications where consent is required). In some cases, we will have a legal obligation to collect personal information from you such as where it is necessary to use your transaction history to complete our financial and tax obligations under the law.

If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences if you do not provide your personal information). Certain countries and regions allow us to process personal information on the basis of legitimate interests.

If we collect and use your personal information in reliance on our legitimate interests (or the legitimate interests of any third party), this interest will typically be to operate or improve our platform and communicate with you as necessary to provide our services to you, for security verification purposes when you contact us, to respond to your queries, undertaking marketing, or for the purposes of potentially detecting or preventing illegal activities.

We may use artificial intelligence, machine learning, and other automated decision-making to enhance your user experience and keep our site safe.

For example, we may use it in relation to:

• the sort order you see on our site,
• destinations, property or activity recommendations,
• flight price insights and alerts,
• the content you upload on our site (e.g., images of your properties) to ensure they meet our quality or formatting requirements and to identify relevant amenities included in your listing,
• the reviews you share with us to ensure they do not contain identifiable personal information or to assess customer satisfaction,
• the prevention and detection of breach of our terms and conditions or other fraudulent activities to keep our site safe,
• our language and dialects within our virtual agents’ experience.

Automated decisions may be made by putting your personal information into a system and the decision is calculated using automatic processes.

We will not engage in automated decision-making that involves a decision with legal or similarly significant effects solely based on the automated processing of personal information unless you:

(1) explicitly consented to the processing,

(2) the processing is necessary for entering into a contract, or

(3) when otherwise authorized by applicable law.

You may have rights in relation to automated decision making, including the ability to request a manual decision-making process instead or contest a decision based solely on automated processing.

Sharing of Personal Information

We share your personal information as described below and in this Privacy Statement, and as permitted by applicable law.

• Third-party service providers. We share personal information with third parties in connection with the delivery of services to you and the operation of our business (for example, to provide credit card processing, customer service, business analytics, and fraud prevention and compliance services, and to serve you with advertising tailored to your interests). These third-party service providers are required to protect the personal information we share with them and may not use any directly identifying personal information other than to provide services we contracted them for. They are not allowed to use the personal information we share for purposes of their own direct marketing (unless you have separately consented with the third party under the terms provided by the third party).
• Travel suppliers. We share personal information with travel-related suppliers such as hotels, airlines, car-rental companies, insurance, vacation-rental property owners and managers, and where available, activity providers, rail, or cruise lines who fulfill your booking. Please note that travel suppliers may contact you to obtain additional information if and as required to facilitate your booking or to provide the travel or associated services.
• Business partners and offers. If we promote a program or offer a service or product in conjunction with a third-party business partner, we will share your information with that partner to assist in marketing or to provide the associated product or service. In most of those cases, the program or offer will include the name of the third-party business partner, either alone or with ours, or you will be redirected to the website of that business with notice. An example of such a business-partner relationship would be a third-party loyalty program for which you could earn points by completing a booking on our platform.
• Targeted Advertising. We may disclose your Automatically Collected Information to our third-party marketing partners for targeted advertising. This may be considered “sharing” data under California law. Subject to certain limitations, some US residents have the right to opt out of having their personal information shared for this purpose.
•  You should note that by opting out of these types of disclosures, you may limit our ability to customize your experience with content that may be of interest to you or to provide you with a better travel experience.
• Other Third-Parties. When you access certain features like Facebook’s “Like” button or a single sign-on that allows you to log in with your social media credentials to our online services, you will share information with a third party, like a social media company, such as the fact that you have visited or interacted with us. In the European Economic Area (EEA), Switzerland, and the United Kingdom (UK) we will not load social media sharing or sign-on buttons on our website unless and until you accept our use of cookies and similar technologies. The third-party provider may combine this information with other information they have about you. The personal information shared will be governed by the third-party provider’s privacy policy (including any personal information we may access via the third-party provider). The third-party providers should inform you about how you can modify your privacy settings on their site.
• Legal rights and obligations. We may disclose your personal information and associated records to enforce our policies; as necessary to satisfy our tax or other regulatory reporting requirements, including the remission of certain taxes in the course of processing payments; or where we are permitted (or believe in good faith that we are required) to do so by applicable law, such as in response to a subpoena or other legal request, in connection with actual or proposed litigation, or to protect and defend our property, people and other rights or interests.
• Corporate transactions. We may share your personal information in connection with a corporate transaction, such as a divestiture, merger, consolidation, assignment or asset sale, or in the unlikely event of bankruptcy. In the case of any acquisition, we will inform the buyer it must use your personal information only for the purposes disclosed in this Privacy Statement.

Your Rights and Choices

You have certain rights and choices with respect to your personal information, as described below:

• If you have an account with us, you may change your communication preferences by either (1) logging in and updating the information in your account.
• You can access, amend, inquire about deletion of, or update the accuracy of your information at any time by either logging into your account or contacting us.
• If you no longer wish to receive marketing and promotional emails, you may unsubscribe by clicking the ‘unsubscribe’ link in the email. You can also log into your account to change your communication
• Please note that if you choose to unsubscribe from or opt out of marketing emails, we may still send you important transactional and account-related messages from which you will not be able to unsubscribe
• For our mobile apps, you can view and manage notifications and preferences in the settings menus of the app and of your operating system
• If we are processing your personal information on the basis of consent, you may withdraw that consent at any time by contacting us. Withdrawing your consent will not affect the lawfulness of any processing that occurred before you withdrew consent and it will not affect our processing of your personal information that is conducted in reliance on a legal basis other than consent

Certain countries and regions provide their residents with additional rights relating to personal information. These additional rights vary by country and region and may include the ability to:

• Request a copy of your personal information
• Request information about the purpose of the processing activities
• Delete your personal information
• Object to our use or disclosure of your personal information
• Restrict the processing of your personal information
• Opt out of the sale of your personal information
• Port your personal information
• Request information about the logic involved in our automated decision-making used in our fraud prevention practices and the result of such decisions

For questions about privacy, your rights and choices, and in order for you, or (where applicable) your authorized agent to make a request to amend or update your information, or to inquire about deletion of your information, please contact us.

In addition to the above rights, you may have the right to complain to a data protection authority about our collection and use of your personal information. However, we encourage you to contact us first so we can do our best to resolve your concern. You may submit your request to us using the information in the Contact Us section.

We respond to all requests we receive from individuals wanting to exercise their personal data protection rights in accordance with applicable data protection laws. Should you have the right to appeal a decision to not take action on a request under applicable law, instructions on how to make that appeal will be included in our response to you.

International Data Transfer

The personal information we process may be accessed from, processed or transferred to countries other than the country in which you reside. Those countries may have data protection laws that are different from the laws of your country. Such cross-border transfer of your personal information is necessary for us to service your transaction with us, and for the purposes outlined in this Privacy Statement.

The servers for our platform are located in the United States. When we collect your personal information, we may process it in any of those countries. Our employees may access your personal information from various countries around the world. The transferees of your personal information may also be located in countries other than the country in which you reside.

We have taken appropriate steps and put safeguards in place to help ensure that any access, processing, and/or transfer of your personal information remains protected in accordance with this Privacy Statement and in compliance with applicable data protection law. Such measures provide your personal information with a standard of protection that is at least comparable to that under the equivalent local law in your country, no matter where your data is accessed from, processed and/or transferred to. We will comply with obligations regarding personal information cross-border transfer in accordance with application data protection laws, regulations, and conditions set by the competent authorities. This may include fulfilling obligations such as security assessments and/or certifications and signing agreements with overseas recipients in accordance with the standard contract established by the competent authorities.

Some measures that we have in place include the following:

• Adequacy decisions of the European Commission confirming an adequate level of data protection in respective non-EEA countries
• Ensuring that the third-party partners, vendors, and service providers to whom data transfers are made have appropriate mechanisms in place to protect your personal information. For instance, our agreements signed with our third-party partners, vendors, and service providers incorporate strict data transfer terms (including, where applicable, the European Commission’s Standard Contractual Clauses issued by the European Commission and/or the United Kingdom, for transfers from the EEA/UK), and require all contracting parties to protect the personal information they process in accordance with applicable data protection law. Our agreements with our third-party partners, vendors, and service providers may also include, where applicable, their certification under the EU-U.S. DPF and the UK extension to EU-U.S. DPF and/or Swiss-U.S. DPF certification (and any other country-specific extension to the DPF adopted from time to time), or reliance on the service provider’s Binding Corporate Rules, as defined by the European Commission. In regard to the onward principle of the DPF Frameworks, if Expedia, Inc. learns that a third party is using or disclosing your Personal Information in a manner that is contrary to this Policy, we will take reasonable steps to prevent or stop such use or disclosure. Expedia, Inc. may be liable for onward transfers of Personal Information to third parties in violation of this Policy and the DPF Frameworks (will change defined term if needed based on feedback above).
• Intra-group agreements in place for our Group companies which incorporate strict data transfer terms (including, where applicable, Standard Contractual Clauses issued by the European Commission and/or the United Kingdom, for transfers from the EEA/UK) and require all group companies to protect the personal information they process in accordance with applicable data protection law.

Carrying out periodic risk assessments and implementing various technological and organization measures to ensure compliance with relevant laws on data transfer.

APEC Cross Border Privacy Rules System Participation

HomeAway.com Inc.’s privacy practices, described in this Privacy Statement, comply with the APEC Cross Border Privacy Rules System. The APEC CBPR system provides a framework for organizations to ensure the protection of personal information transferred among participating APEC economies.

Security

We want you to feel confident about using our platform and all associated tools and services, and we are committed to taking appropriate steps to protect the information we collect. While no company can guarantee absolute security, we do take reasonable steps to implement appropriate physical, technical, and organizational measures to protect the personal information that we collect and process.

Our cybersecurity team develops and deploys technical security controls and measures to ensure responsible data collection, storage, and sharing that is proportionate to the data’s level of confidentiality or sensitivity. We take efforts to continuously implement and update security measures to protect your information from unauthorized access, loss, destruction, or alteration. We hold our data-handling partners to equally high standards.

Record Retention

We will retain your personal information in accordance with all applicable laws, for as long as it may be relevant to fulfill the purposes set forth in this Privacy Statement unless a longer retention period is required or permitted by law. We will deidentify, aggregate, or otherwise anonymize your personal information if we intend to use it for analytical purposes or trend analysis over longer periods of time.

When we delete your personal information, we use industry-standard methods to ensure that any recovery or retrieval of your information is impossible. We may keep residual copies of your personal information in backup systems to protect our systems from malicious loss. This data is inaccessible unless restored, and all unnecessary information will be deleted upon restoration.

The criteria we use to determine our retention periods include:

• The duration of our relationship with you, including any open accounts you may have with Expedia Group companies, or recent bookings or other transactions you have made on our platform
• Whether we have a legal obligation related to your personal information, such as laws requiring us to keep records of your transactions with us
• Whether there are any current and relevant legal obligations affecting how long we will keep your personal information, including contractual obligations, litigation holds, statutes of limitations, and regulatory investigations
• Whether your information is needed for secure backups of our systems

Contact Us

If you have any questions or concerns about our use of your personal information or wish to inquire about our personal information handling practices, and exercise your rights to access, correct, or inquire about deletion of personal information, please contact us.

Updates to Statement

We may update this Statement in response to changing laws or technical or business developments. If we propose to make any material changes, we will notify you by means of a notice on this page. You can see when this Privacy Statement was last updated by checking the “last updated” date displayed at the top of this Statement.