Last Updated: February 5, 2021
Wotif.com, part of the Expedia Group, (“we” or “us”) values you as our customer and recognizes that privacy is important to you. This Privacy Statement explains how we collect, use, and disclose data when you use our platform and associated services, and tells you how to contact us.
This is a summary of our Privacy Statement. To review our Privacy Statement in full, please click here, or scroll down.
This Privacy Statement is designed to describe:
We collect personal information when:
When you create an account on one of our sites, sign up to receive offers or information, or make a booking using our platform, you give us your personal information. We also collect such information through automated technology such as cookies placed on your browser, with your consent where applicable, when you visit our sites or download and use our Apps. We also receive information from affiliated companies within Expedia Group, as well as business partners and other third-parties, which help us improve our platform and associated tools and services, update and maintain accurate records, potentially detect and investigate fraud, and more effectively market our services.
Your personal information may be shared to help you book your travel and/or vacation, assist with your travel and/or vacation stay, communicate with you (including when we send information on products and services or enable you to communicate with travel providers and/or property owners), and comply with the law. The full Privacy Statement details how personal information is shared.
You can exercise your data protection rights in various ways. For example, you can opt out of marketing by clicking the “unsubscribe” link in the emails, in your account as applicable, or contacting our customer service. Our Privacy Statement has more information about the options and data protection rights available to you.
More information about our privacy practices is in our full Privacy Statement. You can also contact us as described below in the “Contact Us” section to ask questions about how we handle your personal information or make requests about your personal information.
For more information about the data controller and/or EU Representative for personal information we process, please click here.
When you use our platform, Apps, or associated tools or services, we may collect the following kinds of personal information from you as needed:
When you install any of our apps or use our platform, we automatically collect the following types of information from your device:
When you download and use any of our mobile apps, we collect certain technical information from your device to enable the app to work properly and as otherwise described in this Privacy Statement. That technical information includes:
Depending on your device’s settings and permissions and your choice to participate in certain programs, we may collect the location of your device by using GPS signals, cell phone towers, Wi-Fi signals, Bluetooth or other technologies. We will collect this information, if you opt in through the app or other program (either during your initial login or later) to enable certain location-based services available within the app (for example, locating available lodging closest to you). To disable location capabilities of the app, you can log off or change your mobile device’s settings.
We use your personal information for various purposes described below, which depend on the site you visit or the app you use.
Your Use of Online Sites, Apps, and Services:
Communications and Marketing:
Other Business Purposes and Compliance
We will collect personal information from you only (i) where the personal information is necessary to perform a contract with you (e.g., manage your booking, process payments, or create an account at your request), (ii) where the processing is in our legitimate interests and not overridden by your rights (as explained below), or (iii) where we have your consent to do so (e.g., sending you marketing communications where consent is required). In some cases, we will have a legal obligation to collect personal information from you such as where it is necessary to use your transaction history to complete our financial and tax obligations under the law.
If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences if you do not provide your personal information).
Certain countries and regions allow us to process personal information on the basis of legitimate interests. If we collect and use your personal information in reliance on our legitimate interests (or the legitimate interests of any third-party), this interest will typically be to operate or improve our platform and communicate with you as necessary to provide our services to you, for security verification purposes when you contact us, to respond to your queries, undertaking marketing, or for the purposes of potentially detecting or preventing illegal activities.
We may in some cases use automated decision-making, for example, in relation to assessing fraudulent transactions or suspicious activity on our site. As part of this processing, automated decisions may be made by putting your personal information into a system and the decision is calculated using automatic processes. If you pose a fraud risk, this may affect your ability to book on our site. You may have rights in relation to automated decision making, including the ability to request a manual decision-making process instead or contest a decision based solely on automated processing. If you want to know more about your data protection rights, please see the Your Rights and Choices section below.
We share your personal information as described below and in this Privacy Statement, and as permitted by applicable law.
You have certain rights and choices with respect to your personal information, as described below:
Certain countries and regions provide their residents with additional rights relating to personal information. These additional rights vary by country and region and may include the ability to:
For more information on what data subject rights may be available to you, please click here.
In addition to the above rights, you may have the right to complain to a data protection authority about our collection and use of your personal information. However, we encourage you to contact us first so we can do our best to resolve your concern. You may submit your request to us using the information in the Contact Us section. We respond to all requests we receive from individuals wanting to exercise their personal data protection rights in accordance with applicable data protection laws.
The personal information we process may be transmitted or transferred to countries other than the country in which you reside. Those countries may have data protection laws that are different from the laws of your country.
The servers for our platform are located in the United States, and the Expedia Group companies and third-party service providers operate in many countries around the world. When we collect your personal information, we may process it in any of those countries.
We have taken appropriate steps and put safeguards in place to help ensure that your personal information remains protected in accordance with this Privacy Statement. For example, any data transfers between our group companies are governed by our intragroup agreements which incorporate strict data transfer terms (including the European Commission's Standard Contractual Clauses, for transfers from the EEA) and require all group companies to protect the personal information they process in accordance with applicable data protection law. In addition, certain Expedia Group U.S. affiliates have certified with the EU-U.S. and Swiss-U.S. Privacy Shield, as explained below in the "Privacy Shield" section.
We also require that third-party service providers to whom a data transfer is made has appropriate safeguards in place to protect your personal information, in compliance with applicable data protection law. The particular measures used will depend on the service provider, and our agreements with them may include European Commission approved Standard Contractual Clauses, the service provider's certification under the EU-U.S. and/or Swiss-U.S. Privacy Shield certification, or reliance on the service provider's Binding Corporate Rules, as defined by the European Commission.
Certain Expedia Group U.S. affiliates have certified to the EU-U.S. and Swiss-U.S. Privacy Shield frameworks and that we adhere to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfers, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement, and Liability for personal information from the EU, Switzerland, and the United Kingdom. Such Expedia Group U.S. affiliates will continue to adhere to the Privacy Shield frameworks and Principles even though the CJEU determined in July 2020 that the EU-U.S. Privacy Shield framework is no longer an adequate transfer mechanism for the transfer of EU personal information to the U.S. In addition, Expedia Group maintains intra-group Standard Contractual Clauses where applicable to cover the transfer of EU personal information to the U.S. Our certifications can be found here. For more information about the Privacy Shield principles, please visit: www.privacyshield.gov. For more on our adherence to the Privacy Shield Frameworks, please see information posted here.
We want you to feel confident about using our platform and all associated tools and services, and we are committed to taking appropriate steps to protect the information we collect. While no company can guarantee absolute security, we do take reasonable steps to implement appropriate physical, technical, and organizational measures to protect the personal information that we collect and process.
We will retain your personal information in accordance with all applicable laws, for as long as it may be relevant to fulfill the purposes set forth in this Privacy Statement, unless a longer retention period is required or permitted by law. We will deidentify, aggregate, or otherwise anonymize your personal information if we intend to use it for analytical purposes or trend analysis over longer periods of time.
The criteria we use to determine our retention periods include:
Cookies are small pieces of text sent as files to your computer or mobile device when you visit most websites. Cookies may be delivered by us (first party cookies) or delivered by a third-party partner or supplier (third-party cookies). Cookies are either session cookies or persistent cookies. Session cookies enable sites to recognize and link the actions of a user during a browsing session and expire at the end of each session. Persistent cookies help us recognize you as an existing user and these cookies are stored on your system or device until they expire, although you can delete them before the expiration date.
Other similar technologies
All of the technologies described above will be collectively referred to in this Cookie Statement as “cookies”.
The types of information that we collect through cookies include:
See the Categories of Personal Information We Collect section above for more information on what types of information are collected automatically.
Certain cookies are required or “essential” for our sites to function as intended. Essential cookies are necessary for you to navigate our site and use certain features like logging in to your account and managing your bookings. These cookies are also used to remember security settings that allow access to particular content. Lastly, we use essential cookies to collect information on which web pages visitors go to most, so we can improve our online services. You are not able to opt out of essential cookies.
Other Types of Cookies
We also use other types of cookies to make our site engaging and useful to you:
Some analytics cookies can perform tasks essential and/or functional to online services like enabling site improvements and testing changes on a site.
You can choose not to receive tailored online advertising on this site and other sites and learn more about opting out of having your information used for tailored advertising purposes by accessing one of the following resources:
Note that if you choose not to receive tailored ads, you will still see online advertisements, but they will be general and less relevant to you.
Some web browsers may transmit "do-not-track" signals to sites with which the browser communicates. Because of differences in how web browsers incorporate and activate this feature, it is not always clear whether users intend for these signals to be transmitted, or whether users are even aware of them. Participants in the leading Internet standards-setting organization that is addressing this issue are in the process of determining what, if anything, sites should do when they receive such signals. We currently do not take action in response to these signals. If and when a final standard is established and accepted, we will reassess our sites’ responses to these signals and make appropriate updates to this Cookie Statement.
If you have any questions or concerns about our use of your personal information, please contact us via the Privacy Section on our Customer Services Portal here. For a list of the Expedia Group companies, click here.
For more information about the data controller and/or EU Representative for personal information we process, please click here.
We may update this Privacy Statement in response to changing laws or technical or business developments. You can see when this Privacy Statement was last updated by checking the “last updated” date displayed at the top of this Statement.
The Help portion of the toolbar on most browsers will tell you how to prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. Please note that if you refuse to accept cookies, you may not be able to access many of the travel tools offered on our sites.
In addition to the above cookies, we use Local Shared Objects, also referred to as “flash cookies,” on our web site. These are used to enhance your user experience, for example, by storing your user preferences and settings, such as your volume/mute settings, and in connection with animated content on our website. Local Shared Objects are similar to browser cookies, but can store data more complex than simple text. By themselves, they cannot do anything to or with the data on your computer. Like other cookies, they can only access personally identifiable information that you have provided on this site, and cannot be accessed by other websites. To find out more about flash cookies or how to disable them, please click here.
This site may also use Web beacons (also known as clear gifs, pixel tags or Web bugs), which are tiny graphics with a unique identifier, similar in function to cookies, that are placed in the code of a Web page. We use Web beacons to monitor the traffic patterns of users from one page within our sites to another, to deliver or communicate with cookies, to understand whether you have come to our site from an online advertisement displayed on a third-party website, and to improve site performance. We also may allow our service providers to use Web beacons to help us understand which emails have been opened by recipients and to track the visitor traffic and actions on our site. This helps us measure the effectiveness of our content and other offerings
Data collected by business partners and ad networks to serve you with relevant advertising. The advertisements you see on this website are served by us or by our service providers. We also allow third parties to collect information about your online activities through cookies and other technologies. These third parties include (1) business partners, who collect information when you view or interact with one of their advertisements on our sites; and (2) advertising networks, which collect information about your interests when you view or interact with one of the advertisements they place on many different websites on the Internet. The information gathered by these third parties is used to make predictions about your characteristics, interests or preferences and to display advertisements on our sites and across the Internet tailored to your apparent interests. We do not permit these third parties to collect personal information about you (such as email address) on our site, nor do we share with them any personal information about you.
Data collected by companies that operate cookie-based exchanges to serve you with relevant advertising. Like other companies operating online, we participate in cookie-based exchanges where anonymous information is collected about your browsing behaviour through cookies or other technologies and segmented into different topics of interest (such as travel). These topics of interest are then shared with third parties, including advertisers and ad networks, so they can tailor advertisements to your apparent interests. We do not share personal information (such as your email address) with these companies and we do not permit these companies to collect any such information about you on our site. Please click here to learn more about cookie-based exchanges, including how to access information about the topics of interest associated with cookies on your computer and how to decline participation in these programs.
When you use an Wotif Mobile App, we collect and use information about you in the same way and for the same purposes as we do when you use our website.
In addition to this, we also use some other information that we collect automatically when you use our Mobile Apps. Specifically:
We want you to feel confident about using this website to make travel arrangements, and we are committed to protecting the information we collect. While no website can guarantee security, we have implemented appropriate administrative, technical, and physical security procedures to help protect the personal information we collect about you. For example, only authorized employees are permitted to access personal information, and they may only do so for permitted business functions. In addition, we use encryption when transmitting your sensitive personal information between your system and ours, and we employ firewalls and intrusion detection systems to help prevent unauthorized persons from gaining access to your information.
If you are visiting our website or using the Mobile Apps from Australia or from any other country outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States (where our servers are located and our central database is operated) or another country where those third parties with whom we share it as described in this Policy are located. The data protection and other laws of the United States and other countries might not be as comprehensive as those in your country, but please be assured that we take steps to ensure that your privacy is protected (however, such steps may not expressly require the overseas recipient to comply with applicable Privacy Law). By using our services and providing information to us, you consent to your information being transferred to our facilities and the facilities of those third parties with whom we share it as described in this Policy.
Expedia, Inc., 333 108th Ave. NE, Bellevue, WA 98004 USA