Certain Expedia Group companies have certified to the EU-U.S. and Swiss-U.S. Privacy Shield frameworks and the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfers, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement, and Liability for personal information from the European Union, Switzerland, and the United Kingdom. Our certifications can be found here. For more information about the Privacy Shield principles, please visit: www.privacyshield.gov.
We will only process personal information in ways that are compatible with the purposes outlined above in our Privacy Statement (or those that you later authorize). Before using your personal information for materially different purposes or disclosing it to independent third-parties, we will provide you with the opportunity to opt out. Further choices and means you have for limiting the use and disclosure of your personal information are set out in the “Your Rights and Choices” section of our Privacy Statement posted within each of our Expedia Group company sites. As explained in each such Privacy Statement, we may provide your personal information to third-parties who perform services on our behalf. If we transfer personal information received under the Privacy Shield to a third-party agent or service provider and they process your personal information in a manner inconsistent with the Privacy Shield Principles, we will remain liable under the Privacy Shield unless we can prove we are not responsible for the event giving rise to the damage.
Under certain circumstances, we may be required to disclose your personal information in response to valid requests by public authorities, including to meet national security or law enforcement requirements.
You may have the right to access personal information that we hold about you and request that we correct, amend, or delete it if it is inaccurate or processed in violation of the Privacy Shields.
In compliance with the Privacy Shield Principles, we commit to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact us at privacy@expedia.com and we will respond to your inquiry promptly. If we are unable to satisfactorily resolve your complaint, or we fail to acknowledge your complaint in a timely fashion, we have further committed to cooperate and comply with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints concerning data transferred from the EU and Switzerland. Individuals may also have the opportunity under certain conditions to invoke binding arbitration for complaints regarding the Privacy Shield not resolved by the above mechanisms. See here for additional information about binding arbitration.
For purposes of enforcing compliance with the Privacy Shield frameworks, we are subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission and the U.S. Department of Transportation.