Last Updated in January 2023
1. Information we collect
We collect information about you that you provide to us when using the Site, such as your name, address, phone number, credit card details, e-mail address, accommodation name, accommodation location and/or length of stay, and your Hotel Chevra account password for accommodation reservations.
By visiting our Site, we may also automatically collect certain usage information, such as your IP address, geographic data, country, search preferences related to specific searches, browser, and information about your device’s operating system, application version, language settings, and pages that have been shown to you. If you are using a mobile device to access our mobile app or mobile optimized Site, we might also collect information that identifies your mobile device, such as the device ID, location of the device (with your consent), and device-specific settings and characteristics.
If you need to get in touch with our customer support team, or reach out to us through other means (such as through social media, or communicating with your accommodation through us), we will collect the information you may choose to provide through such contact.
Where you submit reviews regarding your accommodation or other ancillary services available on our website through us, we will collect information from you included in your reviews, including your first name and country of residence.
You can decide to participate in our referral programs or other promotions, and doing this will also mean providing us with personal data. In addition to that, you can provide us with feedback or ask for help with using the Sites or our various communications platforms.
Accommodation partners may share information about you with us too – this may happen if you have questions about your pending booking or if disputes arise regarding your booking.
Where required by law, we rely on the following legal bases to process personal information:
- Necessity to Perform Contract with You – we need to process your information in order to provide our travel reservation services to you, answer questions and requests from you, and provide customer support;
- Our Legitimate Interests – we process your information for security and safety; debt recovery purposes; to detect and prevent fraud; to protect and defend the rights or property of others, or our own rights and interests; to analyze, improve, customize and provide our reservation travel and related services to you; and to respond to domestic and foreign law enforcement requests, court orders, and legal process;
- Compliance with Legal Obligations – we need to process your information to comply with relevant laws and regulatory requirements;
- Protect Vital Interest – we may need to process your information in case of emergency involving an individual’s life or health.
2. How we use the information we collect
We may use information collected through the Site to:
- Provide you with the requested services, such as creating a user account, processing and confirming your reservation, and communicating with you about services requested (e.g., pre-reservation or post booking chat support (excluding credit card number), special request, cancellations, rewards
- Send you email marketing communications about products and services that may be relevant to you
- Conduct surveys or provide you with information about our services on our Site or on other websites you may visit
Maintain and improve the Site, tailor the user experience (including indicating/providing advertisements about
- products and services of Hotel Chevra or third parties that may be relevant to users or that users may be interested in), and for internal training
- Protect the security of you and the Site
- Exercising a right or obligation conferred or imposed by law, including responding to request and legal demands
When you make a reservation on one of our business partners’ websites or apps, we may also receive certain information such as your name and reservation information, including the accommodation reserved, in order to process your reservation and identify which channel your reservation has originated from.
During calls with our customer support team, live listening may be done or calls may be recorded for quality and reference purposes which includes the usage of the recordings for the handling of claims, training and fraud detection purposes. If you would prefer that your call was not recorded, you can opt out by stating this, or by hanging up. Call recordings are kept for a limited amount of time and automatically deleted thereafter, unless HotelChevra.com has a legitimate interest to keep such recording for a longer period, including for fraud investigation and legal purposes.
If you have not finalized a reservation online, we may send you up to two reminders to continue with your reservation. We believe that this additional service is useful to you because it allows you to carry on with a reservation without having to search for the accommodation again or fill in all the reservation details from scratch. These reminders are one-time only communications and reservation information used for such reminders will be deleted from our systems in accordance with our data retention policy detailed below.
Please note that the confirmation emails and text messages sent after your booking are not marketing messages. These messages are part of your accommodation reservation process. Respectively, they contain information for you to check in at your booked accommodation and a separate invitation to complete the guest review form. You will continue to receive them, even if you have opted out of our marketing messages
As mentioned above, if you are completing the booking for another person who will stay at the reserved accommodation, you also have the option to insert the guest’s email address for the purpose that the guest will receive the reservation confirmation and a separate invitation to complete a guest review.
Communications on the Site
We offer you and accommodation partners various means to communicate about accommodations and existing reservations, directing the communications through the Site. You can contact us with questions about your reservation or about your accommodation via the Site, and via other channels that we may make available.
We may access communications and may use automated systems to review, scan, and analyze communications for security purposes; fraud prevention; compliance with legal and regulatory requirements; investigations of potential misconduct; product development and improvement; research; customer engagement, including to provide you with information and offers that we believe may be of interest to you; and customer or technical support. We reserve the right to block the delivery of or review communications that we, in our sole discretion, believe may contain malicious content, spam, or may pose a risk to you or, accommodation partners, us, or others. Note, all communications sent or received using the Site’s communication tools will be received and stored by us. Business partners through whose platform you made the reservation and accommodation partners may choose to communicate with you directly via email or other channels that we do not control.
3. Mobile Devices
With your consent, we may send you push notifications with information about your reservation, guest reviews, potential future stays, or as part of any Agoda programs that you participate in, including coupons. You may grant us access to your location information or contact details in order to provide services requested by you. When you upload a picture from your mobile device, your picture may also be tagged with your location information. Please read the instructions of your mobile device to understand how to change the settings and enable the sharing of such information or the receipt of (or opt out of receiving) push notifications (including Software Development Kit (“SDK”) and push token data). Different device operating systems may have different default settings, so please familiarize yourself with such settings governing push notifications.
4. Sharing your information
In connection with your visit to our Site and use of our services, we may share your information as follows:
- Travel Supplierssuch as accommodation properties (e.g., the specific accommodation that you have requested us to reserve) and/or third party accommodation suppliers (e.g., Booking.com), airline, car rental, insurance, and, where available, activity providers, who fulfil your travel reservations. These suppliers may contact you as necessary to obtain additional information about you, facilitate your travel reservation including communicating with you prior to arrival about your upcoming stay, or respond to a review you may submit in accordance with their own independent privacy policies.
Third Party Service Providers who provide data processing services to us (for example web hosting), or
- who otherwise process personal information for purposes such as credit card and payment processing, business analytics, customer service, marketing, or distribution of surveys, to facilitate the delivery of online services and advertising tailored to your interests, and/or fraud prevention. Our third party service providers will only process information as needed to perform their functions. They are not permitted to share or use the information for any other purpose.
- Business Partnerswith whom we may jointly offer products or services, or whose products or services may be offered on our Sites. You can tell when a third-party business partner is involved in a product or service you have requested because their name will appear, either alone or with ours. If you choose to access these optional services, we will on occasion share your personal information with those partners. Examples of business partners would be (i) a third-party loyalty program that you will earn points for, through a booking, or (ii) a third-party tour or activity provider that we share information with in connection with tours/activities you book through our Site.
- Our Affiliated Group Companies – our affiliated (group) companies who have access to this information with our permission and who need to know or have access to this information in order to: perform the service requested by you (including to make, administer, and manage reservations or handle payments, “single sign-on”, and customer service); analyze how you use our independent and affiliated platforms, improve and provide new and personalized offers, products and services, and marketing; detect, prevent, and investigate fraudulent transactions and/or activities, other illegal activities, and data breaches; internal (audit/compliance) investigations; or as otherwise required or permitted by applicable law.
- Where Required or Permitted by Law– such as to protect ourselves against liability, to respond to subpoenas, judicial processes, legitimate requests, warrants or equivalent by law enforcement officials or authorities, to investigate fraud or other wrongdoing or as otherwise required or necessary in order to comply with applicable law, protect our legitimate interests or to the purchasers in connection with any sale, assignment, or other transfer of all or a part of our business or company. We may also, in compliance with applicable law, disclose your information to enforce or apply the terms and conditions applicable to our services or to protect the rights, property, or safety of Hotel Chevra, our users, or others.
- Business Reorganization– such as part of any sale, assignment or other transfer of our business, or transition of service to another provider. We will ask for your consent if required by applicable law.
5. Country-specific privacy rights
USA, California Privacy Rights
Under the California Consumer Privacy Act (“CCPA”), as amended by the Consumer Privacy Rights Act (“CPRA”) (collectively, “California Privacy Law”), we provide specific disclosures about how we use and disclose your information. This section covers how we have collected, used, disclosed and otherwise processed your personal data over the past 12 months, as well as additional rights you may have with respect to your personal data. This section does not reflect our processing of personal data where an exception under California law applies.
- CA Personal Data. Consistent with the “Information We Collect”section above, we may collect and process certain categories of information about California residents (“CA Personal Data”), such as:
- Identifiers: name, address, phone number, e-mail address, passport details, Hotel Chevra account password, IP address, device ID, cookie ID, information collected via Cookies;
- Commercial Information: payment card details, name of and details about your accommodation, services purchased, search preferences, transaction history, demographic information;
- Internet or Other Electronic Network Activity: browser, operating system, application version, pages shown;
- Geolocation Data:precise location of your mobile device or images uploaded from your mobile device;
- Audio Information: we may record your calls to our support team with your permission;
- Inferences: drawn from the information collected; and
- Other Information:information associated with a tour or activity booking, including your passport details, date of birth, height and weight, pick-up location, your preferred tour/activity language, and information about any special requirements that we need to consider in connection with your participation in the respective tour/activity.
Certain CA Personal Data that we collect about you may be considered Sensitive Personal Information within the meaning of California Privacy Law, including: passport details (for transactional purposes), payment card information (for billing and transactional purposes in connection with accommodation services purchased), and precise geolocation information (for providing services). HotelChevra.com only uses and discloses Sensitive Personal Information as necessary in connection with the performance of services and the provision of goods, compliance with federal, state, or local laws, and as otherwise permitted by California Privacy Law.
Sources of CA Personal Data. Consistent with the “Information We Collect” section
- above, we may collect personal data directly from you, as well as from Travel Suppliers, Accommodation Partners, Business Partners (including social media), and our Affiliated Group Companies.
- Use of CA Personal Data. We process your personal data for the business and commercial purposes consistent with the “How We Use the Information We Collect” section above.
- CA Personal Data Disclosed to Third Parties.
- Disclosure of Personal CA Personal Data for Business Purposes:We disclose the following categories of personal data for business purposes: Identifiers, Commercial Information, Internet or Other Electronic Network Activity, Geolocation Data, Audio Information, and Other Information to web hosting, payment card and payment processing, business analytics, customer service, and business partners.
Disclosure of CA Personal Data for Commercial Purposes: We disclose the following categories of personal data for commercial purposes: Identifiers (specifically, preferences and interests on our Site, collected via Cookies to advertising
- technology providers and, in limited instances, email addresses in hashed format, to social media companies, marketing, and survey service providers.) These are sharing activities that are considered a sale under California Privacy Law.
- Retentionof CA Personal We retain your personal data consistent with the “Data Retention” section below.
- California Privacy Rights.As a California resident and subject to certain exceptions, you may have the right to request: (i) deletion of your CA Personal Data; (ii) correction of inaccurate CA Personal Data; (iii) the right to know/access the categories of CA Personal Data that we collect about you, including the specific pieces of CA Personal Data; (iv) the categories of CA Personal Data disclosed for a business purpose; and (v) information about the categories of CA Personal Data about you that we have shared (as such term is defined under California Privacy Law) and the categories of third parties to whom the CA Personal Data was shared. You may make your request by contacting us or via firstname.lastname@example.org
To protect your privacy and security, we will verify your identity before responding to such request, and may request you provide us with information matching the identifiers and commercial information already maintained by Hotel Chevra about you or additional proof where necessary. If you are making this request on behalf of someone else, we may request the authorized agent provide us with a copy of a valid power of attorney or evidence of the written authorization. You will not be penalized for exercising your rights to your CA Personal Data.
Authorized Agent. You can designate an authorized agent to make a request under California law on your behalf in certain circumstances. If you use an authorized agent for this purpose, we may ask you to verify your identity or that you provided the authorized agent signed permission to submit a request on your behalf. If you provide an authorized agent with power of attorney pursuant to Probate Code sections 4000 to 4465, it may not be necessary to perform these steps, and we will respond to any request from such authorized agent in accordance with California law.
Right to Non-Discrimination and Notice of Financial Incentive. We will not discriminate against you by offering you different pricing or products, or by providing you with a different level or quality of products, based solely upon your exercising your rights under applicable law. To the extent Hotel Chevra engages in financial incentives in connection with sweepstakes, loyalty programs, competitions, or other activities, we will provide information describing the material terms of the program and will obtain opt-in consent from users before they participate. Users can opt-out from a program at any time by following the instructions provided in such terms.
Disclosure / Transfer of Information
We will maintain the confidentiality of your information, but may provide or transfer your information to third parties as detailed above under “Sharing Your Information,” which may include transferring your information to persons to whom we are required to make disclosures to under applicable law within or outside China.
Our Site may use and allow third parties to place cookies (session and persistent), pixels/tags, SDKs, application program interfaces (“APIs“), and other technologies (collectively, “Cookies“) on our Site that may collect and store certain information about you. Some of these Cookies are necessary to provide, secure, and maintain the basic functions of the Site, such as to keep you logged in while your visit our Site (“Functional Cookies”), while other Cookies are used to provide you with a better user experience, such as:
Perform non-essential website analytics, such as impression reporting, demographic reporting and interest reporting. This may include the recording of mouse clicks, movements, page scrolling and restricted text entered into our Site forms through selected third parties but we will take sufficient
- precautions to ensure that personal information will not be collected during such recordings e.g. through the adoption of irreversible masking. Website analytics is used to improve our Site and services; and
- To provide you advertising tailored to your interest (collectively, “Non-Functional Cookies”).
Our use of Functional Cookies and Non-Functional Cookies is subject to geographic implementation as detailed below.
EU/UK Site Visitors
For individuals that access our Site from within the European Union (“EU”) or the United Kingdom (“UK”) (“EU/UK Site Visitors”), we may use Functional Cookies on the Site.
We do not use Non-Functional Cookies on the Site that we offer within the EU or the UK.
Non-EU/UK Site Visitors
For individuals that access our Site from a jurisdiction outside of the EU and the UK (“Non-EU/UK Site Visitors”), we may use both Functional Cookies and Non-Functional Cookies on the Site. In addition, below we have provided information for Non-EU/UK Site Visitors specific to our use of Non-Functional Cookies on the Site that we offer outside of the EU and the UK.
Interest Based Advertising
We may allow certain third parties to place Non-Functional Cookies on our Site to collect information about your online activities on our Site (e.g., pages visited on the Site and searches you performed) and over time and across different websites you may visit. This information is used to provide advertising tailored to your interests from us (via email, on our Site, and on other websites) and by third parties on other websites you may visit, also known as interest based advertising, and to analyze the effectiveness of such interest based advertising. We may also share one-way hashed information with third party partners (e.g., Facebook) who may combine hashed information with other identifiers in order to serve custom Hotel Chevra advertisements on other websites or mobile apps based on your prior visits to the Site. Hotel Chevra neither supports nor endorses the goals, causes, or statements of any websites or mobile apps that display our advertisements.
We may also combine information collected through Non-Functional Cookies and certain usage information from a particular browser or mobile device with another computer or device that may be linked to you (cross-device tracking) to optimize our services and provide tailored HotelChevra communications and advertisements to you. If you do not want HotelChevra to combine such information for its optimization of communications to you please unsubscribe from the HotelChevra communications i.e. the newsletter.
Please review your Internet browser settings, typically under the sections “Help” or “Internet Options,” to exercise choices you have for certain Functional Cookies and Non-Functional Cookies. If you disable or delete certain Functional Cookies or Non-Functional Cookies in your Internet browser settings, you might not be able to access or use important functions or features of this Site, and you may be required to re-enter your log-in details.
7. Opting out of marketing communications from us
You can opt out of receiving marketing communications from us at any time by using the “Unsubscribe” link in each newsletter or communication, or through your HotelChevra account (if you’ve created one) – the email subscriptions settings is under “Profile”.
8. International transfers
In connection with the purposes described above, your information may be stored in locations outside of your home country, which may have different standards of data protection than your home country. We provide appropriate protections for cross-border transfers as required by law for international data transfers, including information transferred to third parties. With respect to such transfers from the European Economic Area (“EEA“) to the United States and other non-EEA jurisdictions, we may rely on the EU Model Clauses and/or the need to process your information in order to provide the requested services (performance of a contract) to transfer your information. As permitted by applicable law, you may request details about the suitable safeguards we have in place by contacting us as detailed below.
9. Information from other partners
On occasion, affiliated entities, business partners, or other third party providers may share information with us. One example is if you access or sign in to our Site through social media, such as Facebook Connect, we may collect information from you such as your username, and other information made available to us via such services, or – another example – your credit card issuer might, via Visa or Mastercard, provide us with your new card details, when the card we have on file is replaced. In general, your ability to provide such information is through the service provider themselves and you can change those settings in your account settings of the relevant service provider. In general, we may work with our partners to improve and personalize your use of our website in accordance with this policy.
10. Protecting your information
We maintain reasonable physical, electronic, and organizational security measures to protect your information against accidental or unlawful destruction or accidental loss, alteration, or unauthorized disclosure or access. We use Secure Socket Layer technology to encrypt credit card information during transit. Through your personal account, you also have the ability to save credit card details for faster future bookings and payments. Your card details are encrypted and you can always log in to your personal account to delete, edit, or add certain credit card details. For security reasons, the number cannot be edited (but the card details can be deleted). When viewing card details, only the last 4 digits of the number will be visible. Please note that we will store the last 4 digits of your credit card securely upon any booking made (this is required to manage any refund requests for that booking).
We will retain your personal data, including Sensitive Personal Information, for as long as necessary to provide and secure our Sites and services, and to exercise our legal rights, protect our or other’s interests, and comply with our legal or regulatory obligations. We decide how long we need information on a case-by-case basis. When HotelChevra no longer needs to use your information, we will – unless we need to keep your information to comply with applicable legal or regulatory obligations or the information is required to carry out corporate tasks and conduct our business – remove it from our systems and records where feasible, and/or deactivate it or take other reasonable steps to properly anonymize it so that you can no longer be identified from it.
11. How cou can access or change your information
You can easily correct your account name, the booking holder name (subject to the cancellation policy attached to the booking) and contact number at any time by signing in to your account on the website. Alternatively, please contact us via our email@example.com to exercise any of the following rights:
- Access: You are entitled at any time to obtain information about your personal information that we store, in accordance with applicable law and without any fee. However, in exceptional cases we ask you to pay reasonable fees before we provide the information if permitted by applicable law.
- Rectification: You may request that we rectify any of your personal information that is incomplete or incorrect.
- Deletion:You may request that we delete your account.
- Restrictions of Processing: You may ask us to cease processing of your personal information for example if you have objected to the processing and the existence of legitimate grounds is still under consideration.
- Objection: You may object, at any time, to your personal information being processed for direct marketing purposes.
- Right to Revoke Consent: You have the right to withdraw your consent at any time, without affecting the lawfulness of our processing based on such consent before it was withdrawn.
- Data Portability: If applicable, you may request us to send you your personal information which we store, in a commonly used and machine readable format which shall be decided at our sole discretion.
To protect your privacy and security, we will verify your identity before responding to such request, and your request will be answered within a reasonable timeframe. We may not be able to allow you to access certain personal information in some cases e.g. if your personal information is connected with personal information of other persons, or for legal reasons. In such cases, we will provide you with an explanation why you cannot obtain this information. We may also deny your request for deletion or rectification of your personal information due to statutory provisions, especially those affecting our accounting processes, processing of claims, for fraud detection or prevention purposes, and mandatory data retention, which may prohibit deletion or anonymization.
13. Links to third party websites
14. Additional considerations
A Special Note About Minors
Our Site is not directed to minors under the age of 18. Where required by applicable law, we may ask for certain information about children from parents or guardians to process a booking or provide other services. If you are a parent, and believe we may have inadvertently collected personal data from a minor, please notify us, and we will remove that personal data and unsubscribe that minor from any of our electronic marketing lists. Minors can normally accompany their parent(s) or legal custodian(s) who have booked an accommodation, unless prohibited by an accommodation property’s policies.
15. Contacting us