Emalltravel.com values you as our customer and recognizes that privacy is important to you. This Privacy Statement explains how we collect, use, and disclose data when you use our platform, your rights in determining what we do with the information that we collect or hold about you, and tells you how to contact us.
Privacy Statement Summary
This is a summary of our Privacy Statement. To review our privacy Statement in full, please scroll down.
What does this Privacy Statement cover?
This Privacy Statement is designed to describe:
- How and what type of personal information we collect and use
- When and with whom do we share your personal information
- How you can access and update your information.
What personal information do we collect and use, and how do we collect it?
We collect personal information when:
- You give us the information
- We collect it automatically
- We receive it from others
When you create an account on our site, or make a booking using our platform, you give us your personal information. We also collect such information through automated technology such as cookies placed on your browser, with your consent where applicable, when you visit our site.
How is your personal information shared?
Your personal information may be shared for several purposes, including to help you book your hotel, assist with your hotel booking, communicate with you (including when we send information on products and services or enable you to communicate with property owners), and comply with the law. The full Privacy Statement below details how personal information is shared below.
What are your rights and choices?
You can exercise your data protection rights in various ways. For example, by contacting our customer service. Our Privacy Statement has more information about the options and data protection rights and choices available to you.
How to contact us
More information about our privacy practices is in our full Privacy Statement. You can also contact us as described below in the “Contact Us” section to ask questions about how we handle your personal information or make requests about your personal information.
- Categories of Personal Information We Collect
- Use of Personal Information
- Sharing of Personal Information
- Your Rights and Choices
- International Data Transfer
- Privacy Shield
- Record Retention
- Cookie Statement
- Contact Us
- Updates to the Privacy Statement
Categories of Personal Information We Collect
When you use our platform, we may collect the following kinds of personal information from you as needed:
- Name, username, email address, telephone number, and home, business, and billing addresses (including street and postal code)
- Government-issued Identification required for booking or identity verification, such as a passport, driver’s license, government redress numbers, and country of residence (for travel insurance purposes), and for vacation property owners, a tax identification number
- Payment information such as payment card number, expiration date, billing address, and financial account number
- Travel-related preferences and requests, such as favorite destinations and accommodation types, and special dietary and accessibility needs, as available
- Birth date and gender
- Images (including facial photographs), videos, and other recordings
- Social media account ID and other publicly available information
- Searches you conduct, transactions, and other interactions with you on our online services
- The searches and transactions conducted through the platform
- Data you give us about other people, such as your travel companions or others for whom you are making a booking
- Information we receive about you may include updated contact information, demographic information, and purchase history, which we may add to your account or profile and use for market research and analysis.
We collect sensitive personal information either with consent or under local law. This may include information that could reveal your racial or ethnic origin, religious or philosophical beliefs, sexual orientation, and health or disability information. When you use our platform, we automatically collect the following types of information from your device (“Automatically Collected Information”):
- IP address
- Device type
- Unique device identification numbers
- Internet browser type (such as Firefox, Safari, Chrome, and Internet Explorer)
- Internet Service Provider
- Operating System
- Mobile carrier
- How your device has interacted with our online services, including the pages accessed, links clicked, trips viewed, and features used, along with associated dates and times
- Details of any referring website or exit pages, as well as general geographic location (such as at the country or city level)
Use of Personal Information
We use your personal information for various purposes described below, which depend on the site you visit.
Your Use of Online Sites, Apps, and Services:
- Book the requested property/hotel booking.
- Provide services related to the booking and/or account.
- Create, maintain, and update user accounts on our platform and authenticate you as a user.
- Maintain your search and booking history, and similar information about your use of the Emall Travel platform and services, as otherwise described in this Privacy Statement.
- Enable and facilitate the acceptance and processing of payments, and other transactions.
- Help you to use our services faster and easier through features like the ability to sign in using your account within the online services.
Conduct surveys, market research, and data analytics
- Maintain, improve, research, and measure the effectiveness of our sites, and services.
- Create aggregated or otherwise anonymized or deidentified data, which we may use and disclose without restriction where permissible.
- Promote security, verify the identity of our customers, prevent and investigate fraud and unauthorized activities, defend against claims and other liabilities, and manage other risks.
- Comply with applicable laws, protect our and our users’ rights and interests, defend ourselves, and respond to law enforcement, other legal authorities, and requests that are part of a legal process.
- Comply with applicable security and anti-terrorism, anti-bribery, customs and immigration, and other such due diligence laws and requirements. Operate our business for lawful business purposes and as permitted by law.
The Emall Travel company, which is responsible for the Emall Travel site you are using (including making your booking), will be the main company responsible for your personal information, known as the controller.
Sensitive Personal Information
We will only use your sensitive personal information for the purposes for which it was collected.
Lawful bases for processing:
We will collect personal information from you only (i) where the personal information is necessary to perform a contract with you (e.g., manage your booking, process payments, or create an account at your request), (ii) where the processing is in our legitimate interests and not overridden by your rights (as explained below), or (iii) where we have your consent to do so (e.g., sending you marketing communications where consent is required). In some cases, we will have a legal obligation to collect personal information from you, such as where it is necessary to use your transaction history to complete our financial and tax obligations under the law.
If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as the possible consequences if you do not provide your personal information). Certain countries and regions allow us to process personal information based on legitimate interests. If we collect and use your personal information in reliance on our legitimate interests (or the legitimate interests of any third party), this interest will typically be to operate or improve our platform and communicate with you as necessary to provide our services to you, for security verification purposes when you contact us, to respond to your queries, to undertake marketing, or to potentially detect or prevent illegal activities.
We may use artificial intelligence, machine learning, and other automated decision-making to enhance your user experience and keep our site safe.
For example, we may use it concerning:
- the sort order you see on our site,
- destinations or property recommendations,
- the content you upload on our site (e.g., images of your properties) to ensure they meet our quality or formatting requirements and to identify relevant amenities included in your listing,
- the reviews you share with us to ensure they do not contain identifiable personal information or to assess customer satisfaction,
- the prevention and detection of breaches of our terms and conditions or other fraudulent activities to keep our site safe,
- our language and dialects within our virtual agents’ experience.
Automated decisions may be made by putting your personal information into a system, and the decision is calculated using automatic processes.
We will not engage in automated decision-making that involves a decision with legal or similarly significant effects solely based on the automated processing of personal information unless you: (1) explicitly consent to the processing, (2) the processing is necessary for entering into a contract; or (3) when otherwise authorized by applicable law.
Sharing of Personal Information
We share your personal information as described below, in this Privacy Statement, and as permitted by applicable law.
- Third-party service providers: We share personal information with third parties in connection with the delivery of services to you and the operation of our business (for example, to provide credit card processing, customer service, business analytics, fraud prevention, and compliance services). These third-party service providers are required to protect the personal information we share with them and may not use any directly identifying personal information other than to provide the services we contracted them for. They are not allowed to use the personal information we share for purposes of their direct marketing (unless you have separately consented with the third party under the terms provided by the third party).
- Travel suppliers: We share personal information with travel-related suppliers such as hotels, managers, and, where available, those who fulfill your booking. Please note that travel suppliers may contact you to obtain additional information if and as required to facilitate your booking.
- Legal rights and obligations: We may disclose your personal information and associated records to enforce our policies; as necessary to satisfy our tax or other regulatory reporting requirements, including the remission of certain taxes in the course of processing payments; or where we are permitted (or believe in good faith that we are required) to do so by applicable law, such as in response to a subpoena or other legal request, in connection with actual or proposed litigation, or to protect and defend our property, people, and other rights or interests.
- Corporate transactions: We may share your personal information in connection with a corporate transaction, such as a divestiture, merger, consolidation, assignment, asset sale, or the unlikely event of bankruptcy. In the case of any acquisition, we will inform the buyer that they must use your personal information only for the purposes disclosed in this Privacy Statement.
Your Rights and Choices
You have certain rights and choices concerning your personal information, as described below:
- If you have an account with us, you may change your communication preferences by either (1) logging in and updating the information in your account or (2) contacting us.
- You can control our use of certain cookies by following the guidance in our Cookie Statement, which is included below in this Privacy Statement.
- You can access, amend, inquire about the deletion of, or update the accuracy of your information at any time by either logging into your account or contacting us.
- If we are processing your personal information based on consent, you may withdraw that consent at any time by contacting us. Withdrawing your consent will not affect the lawfulness of any processing that occurred before you withdrew consent, and it will not affect our processing of your personal information that is conducted in reliance on a legal basis other than consent.
Certain countries and regions provide their residents with additional rights relating to personal information. These additional rights vary by country and region and may include the ability to:
- Request a copy of your personal information.
- Request information about the purpose of the processing activities.
- Delete your personal information.
- Object to our use or disclosure of your personal information
- Restrict the processing of your personal information.
- Opt out of the sale of your personal information.
- Port your personal information
- Request information about the logic involved in our automated decision-making used in our fraud prevention practices and the result of such decisions.
For questions about privacy, your rights and choices, and for you, or (where applicable) your authorized agent to request to amend or update your information, or to inquire about deletion of your information, please contact us.
In addition to the above rights, you may have the right to complain to a data protection authority about our collection and use of your personal information. However, we encourage you to contact us first so we can do our best to resolve your concern. You may submit your request to us using the information in the "Contact Us" section.
We respond to all requests we receive from individuals wanting to exercise their personal data protection rights under applicable data protection laws. Should you have the right to appeal a decision to not take action on a request under applicable law, instructions on how to make that appeal will be included in our response to you.
International Data Transfer
The personal information we process may be accessed, processed, or transferred to countries other than the country in which you reside. Those countries may have data protection laws that are different from the laws of your country.
When we collect your personal information, we may process it in any of those countries. Our employees may access your personal information from various countries around the world. The transferees of your personal data may also be located in countries other than the country in which you reside.
We have taken appropriate steps and put safeguards in place to help ensure that any access, processing, and/or transfer of your personal information remains protected in accordance with this Privacy Statement and in compliance with applicable data protection laws. Such measures provide your personal information with a standard of protection that is at least comparable to that under the equivalent local law in your country, no matter where your data is accessed from, processed, and/or transferred.
Such measures include the following:
- Adequacy decisions of the European Commission confirm an adequate level of data protection in respective non-EEA countries.
- Ensuring that the third-party partners, vendors, and service providers to whom data transfers are made have appropriate mechanisms in place to protect your personal information. For instance, our agreements signed with our third-party partners, vendors, and service providers incorporate strict data transfer terms (including, where applicable, the European Commission's Standard Contractual Clauses issued by the European Commission and/or the United Kingdom, for transfers from the EEA/UK), and require all contracting parties to protect the personal information they process in accordance with applicable data protection law. Our agreements with our third-party partners, vendors, and service providers may also include, where applicable, their certification under the EU-U.S. and/or Swiss-U.S. Privacy Shield certification, or reliance on the service provider's Binding Corporate Rules, as defined by the European Commission.
- Carrying out periodic risk assessments and implementing various technological and organizational measures to ensure compliance with relevant laws on data transfer.
We want you to feel confident about using our platform and all associated tools and services, and we are committed to taking appropriate steps to protect the information we collect. While no company can guarantee absolute security, we do take reasonable steps to implement appropriate physical, technical, and organizational measures to protect the personal information that we collect and process.
We will retain your personal information in accordance with all applicable laws, for as long as it may be relevant to fulfill the purposes set forth in this Privacy Statement, unless a longer retention period is required or permitted by law. We will deidentify, aggregate, or otherwise anonymize your personal information if we intend to use it for analytical purposes or trend analysis over longer periods of time.
When we delete your personal information, we use industry-standard methods to ensure that any recovery or retrieval of your information is impossible. We may keep residual copies of your personal information on backup systems to protect our systems from malicious loss. This data is inaccessible unless restored, and all unnecessary information will be deleted upon restoration.
The criteria we use to determine our retention periods include:
- The duration of our relationship with you, including any open accounts you may have with Expedia Group companies, or recent bookings or other transactions you have made on our platform
- Whether we have a legal obligation related to your personal information, such as laws requiring us to keep records of your transactions with us
- Whether there are any current and relevant legal obligations affecting how long we will keep your personal information, including contractual obligations, litigation holds, statutes of limitations, and regulatory investigations
- Whether your information is needed for secure backups of our systems
Types of cookies and similar technologies
Cookies are small pieces of text sent as files to your computer or mobile device when you visit most websites. Cookies may come from either us (first-party cookies) or a third-party partner or supplier (third-party cookies). Cookies are either session cookies or persistent cookies. Session cookies enable sites to recognize and link the actions of a user during a browsing session and expire at the end of each session. Persistent cookies help us recognize you as an existing user, and these cookies are stored on your system or device until they expire, although you can delete them before the expiration date.
Other similar technologies
- Web beacons, gifs, and clear gifs are tiny graphics, each with a unique identifier, that are embedded invisibly on sites and in emails. Web beacons allow us to know if a certain page was visited or if ad banners on our sites and other sites are effective. We also use web beacons in our HTML-based emails to let us know whether our emails have been opened by recipients, which helps us gauge the effectiveness of certain communications, promotions, and marketing campaigns.
- Proximity-based beacons send one-way signals over very short distances, to communicate with associated mobile apps installed on your phone. They can notify you, for example, about experiences related to your trip and alert you to related deals or promotions. Beacons communicate with your device only when you are in close proximity and only if you have given consent within the relevant mobile application.
- Pixels are small objects embedded into a web page that are not visible to the user. We use pixels to deliver cookies to your computer, facilitate the log-in process, monitor the activity on our sites, and deliver online advertising.
- Tags are short pieces of HTML code that instruct your browser to request certain content from an ad server.
- Local Storage Objects, such as HTML 5, are used to store content and preferences.
All of the technologies described above will be collectively referred to in this Cookie Statement as "cookies."
- Help us improve your experience when visiting our sites.
- Fulfill transactions and ensure our sites perform as intended.
- Remember your preferences, such as language, region, or currency.
- Enable you to return to previous travel searches.
- Identify errors on our sites.
- Help with data protection and potentially detect and investigate malicious or fraudulent activity.
- Help us understand traffic to our site, including the time and date of the visit, the time and date of the last visit, and other information.
- Analyze how well our sites are performing.
Types of information collected by cookies
The types of information that we collect through cookies include:
- IP address
- Device ID
- Viewed pages
- Browser type
- Browsing information
- Operating system
- Internet Service Provider
- Whether you have responded to, or interacted with, an advertisement
- Referring or referred links or URLs
- Features used and activities engaged in on our sites and in our apps
Types and functions of cookies
Certain cookies are required, or "essential," for our sites to function as intended. Essential cookies are necessary for you to navigate our site and use certain features, like logging in to your account and managing your bookings. These cookies are also used to remember security settings that allow access to particular content. Lastly, we use essential cookies to collect information on which web pages visitors visit most, so we can improve our online services. You are not able to opt out of essential cookies.
Other Types of Cookies
We also use other types of cookies to make our site more engaging and useful to you:
- Functional Cookies. We want to make sure that when you visit our site, your preferences (such as your preferred language), settings, and previous searches are remembered. Functional cookies enhance your experience on any Expedia Group company’s site.
- Performance Cookies. We use performance cookies to:
- Understand our site’s performance and how it is used, including the number of visitors, how long you stay on the site, and which parts of the site you visit. We can see details about how visitors interacted with the site, like the number of clicks visitors made on a given page, their mouse movements and scrolling activity, the search words visitors used, and the text visitors entered into various fields.
- Test different designs and features for our site.
- Monitor how our visitors reach our sites.
- Improve our services, including your experience on our site.
Some analytics cookies can perform tasks essential and/or functional to online services, like enabling site improvements and testing changes on a site.
How can you manage your cookies?
Do-Not-Track Signals and Similar Mechanisms
Some web browsers may transmit "do-not-track" signals to sites with which the browser communicates. Because of differences in how web browsers incorporate and activate this feature, it is not always clear whether users intend for these signals to be transmitted, or whether users are even aware of them. Participants in the leading Internet standards-setting organization that is addressing this issue are in the process of determining what, if anything, sites should do when they receive such signals. We currently do not take action in response to these signals. If and when a final standard is established and accepted, we will reassess our sites’ responses to these signals and make appropriate updates to this Cookie Statement.
If you have any questions or concerns about our use of your personal information or wish to inquire about our personal information handling practices, and exercise your rights to access, correct, or inquire about the deletion of personal information, please contact us at firstname.lastname@example.org.
If you have an unresolved privacy or data use concern that we have not satisfactorily addressed, please contact us at email@example.com.
Updates to Privacy Statement
We may update this Privacy Statement in response to changing laws or technical or business developments. You can see when this Privacy Statement was last updated by checking the “last updated” date displayed at the top of this Statement.