Information Collection and Use
Changes to Privacy Statement and Consent
This Site and our business change constantly. As a result, at times it may be necessary for LEXYL to make changes to this Privacy Statement and Consent. LEXYL reserves the right to update or modify this Privacy Statement and Consent at any time and from time to time without prior notice. Please review this Statement periodically, and especially before you provide any Personal Data. This Privacy Statement and Consent was last updated on 28/04/2022. Your continued use of the Site after any changes or revisions to this Privacy Statement and Consent shall indicate your agreement with the terms of such revised Privacy Statement and Consent.
"Aggregated Data" includes customer demographics, interests and behavior based on Personal Data and other information provided to us which is compiled and analyzed on an aggregate and anonymous basis.
"Personal Data" includes all information that enables an individual to be identified, including, by way of example, the individual's name and e-mail address. "Personal Data" for all residents of California pursuant to AB-375 includes a real name, alias, postal address, unique personal identifier, online identifier IP address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifier, Characteristics of protected classifications under California or federal law, Commercial information including records of personal property, products or services purchased, obtained or considered, or other purchasing or consuming histories or tendencies, Biometric information, Internet or other electronic network activity information including, but not limited to, browsing history, search history and information regarding a consumer’s interaction with a website, application or advertisement, Geolocation data, Audio, electronic, visual, thermal, olfactory or similar information, Professional or employment-related information, Education information, defined as information that is not publicly available personally identifiable information (PII) as defined in the Family Educational Rights and Privacy Act (20 U.S.C. section 1232g, 34 C.F.R. Part 99), and Inferences drawn from any of the information identified in this subdivision to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, preferences, predispositions, behavior, attitudes, intelligence, abilities and aptitudes.
"Public Information" includes information posted to any public areas of the Site, such as bulletin boards, chat rooms and comment areas. Please refer to our discussion of "Public and Unsolicited Information" contained in our Terms and Conditions.
"Unsolicited Information" includes any ideas for new products or modifications to existing products and other unsolicited communications. Personal Data included in Unsolicited Information will be handled in the manner set forth in this Privacy Statement and Consent.
"User Data" includes all information passively collected from users of the Site that does not identify a particular individual, including, by way of example, statistical information on Site usage. The terms "you", "your" and "yours" when used in this Privacy Statement and Consent means any user of this Site.
What Information Do We Collect?
Information That You Give Us: We collect Personal Data such as your name, telephone number, date of birth, e-mail or mailing address and billing information (such as credit or debit card number, cardholder name, expiration date, and billing address) from you when you voluntarily choose to register for or use this Site. We use the Personal Data that we collect in an effort to provide you with a superior customer experience on the Site and to improve and market LEXYL Services. We receive and store any information you enter on our website or give us in any other way, such as signing up for one of our e-mail newsletters or other services. We may also need you to provide information about your hotel room preferences, request for special services, or any other travelers on your booking, your marketing preferences, and additional information if you participate in a survey or competition. When you make a reservation for someone else through this website, you should obtain the consent of other individuals prior to providing us with their personal information and travel preferences. LEXYL may store such Personal Data itself or it may be stored in databases owned and maintained by LEXYL’s affiliates, agents or service providers. LEXYL retains its rights to these databases and the information contained in them.
When you visit us on our online services, we may collect certain information automatically from your device. In some countries, including countries in the European Economic Area, this information may be considered personal information under applicable data protection laws. Specifically, the information we collect automatically may include, but is not limited to, information like your IP address, device type, unique device identification numbers, browser-type (such as Firefox, Safari, or Internet Explorer), your Internet Service Provider (ISP), your operating system and carrier. For website users, details of any referring website or exit pages as well as broad geographic location (e.g., country or city-level location) may also be collected. We may also collect other technical information such as how your device has interacted with our online services, including the pages accessed and links clicked. Collecting this information enables us to better understand the visitors who come to our online services, where they come from, and what content on our online services is of interest to them. We use this information for our internal analytics purposes and to improve the quality and relevance of our online services for our visitors, for example, to customize your user experience, tailor your searches and show you advertisements that may be of interest. We may also use this automatic information to prevent and detect fraud. This and your personal information may also be linked to Cookies to enable the proper operation of our online services, store your travel searches on our online services, and collect information on how you used our online services. For more information, please see the “Cookies” section below.
If you’re an employee of a corporate account, a vendor or other type of business partner such as a property owner, property manager, travel agent, other information collected can include employer, employee identification number, or other relevant details.
We may also use your personal information for other purposes described in the “How we use your information” section below.
When you use one of your smart phone app, tablet app, or applications for other platforms (collectively “App” or “Apps” as applicable), we may also collect, for example:
Information about the functionality of the Apps you access and use. This allows us to identify those areas of the Apps that are of interest to our customers so that we can refine and continuously improve the Apps. Your device’s unique device identifier (“UID”). Each App sends us the device's UID, a sequence of numbers or characters that are unique to your device. We use this on the first opening of the App so that we can confirm to our advertising networks the number of downloads resulting from clicks on their respective ad banners and other marketing tools. When an email address is provided, we associate this with your current UID/cookie ID for the purposes of providing a seamless experience across your devices. Information about your current location. When you use an App’s ‘find hotels near your current location’ or similar features that suggest relevant content based on location, or otherwise provide location-based services, we use information about your current location – provided by your device using GPS or similar technologies – to show relevant content or other localized information. We do not collect location data unless you expressly use a location-based feature, and you can switch off location data collection at any time through your phone settings menu. Error reporting information. This enables us to investigate the error and to improve the stability of the App for future releases. As part of these error reports, the App sends us information about the mobile device type and version, the UID, the time the error occurred, the feature being used and the state of the application when the error occurred. We may use this information to investigate and remediate the error and to assist you in completing an impacted booking. You have the ability to control what information an App sends to us. You can exercise this control either by changing the settings of the App under its setting menu or changing the settings of your mobile device. Alternatively, you can remove the App from your device entirely and access our services through our website.
When using a social media feature, if you have chosen to include personal information in your social media account, we may access information such as your name, profile picture, gender, birthday, email address, town or district and any other information you have chosen to make available. Subject to your privacy settings, we access information that you provide to a social media provider regarding your respective locations (“Location Data”) to provide you with relevant content. We do not store or use any data related to the friends you are connected with on a social media site.
How we use your information
We use your personal information for the following purposes (“Purposes”), to: Provide the Services, which includes providing you with the services, products, and functionality offered through our Services and fulfilling your requests, including, but not limited to: facilitating and processing bookings with LEXYL and our travel partners, reviewing travel partners, paying for travel partners’ products and services through our Services, Authenticate your account credentials and identify you, as necessary to log you in to the Services and ensure the security of your account Show your reservations and bookings made through the websites, applications, and services of our group companies on your account page. Communicate with you about your account or use of our Services, products, and/or functionality (e.g., soliciting reviews and feedback, sending alerts and notifications you have subscribed to, providing updates regarding itineraries, sending you booking confirmations, sending you information servicing and administrative emails or other notices required by law); respond to, or follow up on, your comments and questions; and otherwise provide customer service. Send you marketing communications, including communicating with you about services or products offered by LEXYL, our group companies, or our business partners and other marketing communications that we believe you would be interested in, as permitted by law. Operate and improve our Services and develop new products and services, including using analytics to better understand how you use our Services for purposes of product, website, application and service development and to enhance the user experience. Process and deliver contest entries and rewards Process your payment information. Provide services and information to travel partners, such as providing user feedback and usage details. Tailor your experience with our Services, such as by making inferences or combining different pieces of information we have collected about you to offer better search results or otherwise tailor our Services to you according to your preferences or restrictions. Provide you more relevant advertising on and off our Services, including to show you personalized offers and advertising on and off our Services. Protect against, investigate, and deter fraudulent, unauthorized, or illegal activity. Comply with our policies, procedures and legal obligations, including complying with law enforcement or government authority requests, addressing litigation-related issues, and exercising rights or obligations conferred by law. As otherwise consented to by you and as required or permitted by applicable law. If you give your consent to any further use of personal information, you can withdraw that consent at any time by contacting us using the details set out below.
Please note that our accountants, internal and external auditors, legal counsel and other professional advisors may have access to your personal information in order to provide us with applicable professional services in connection with our legal compliance requirements, including, without limitation, applicable securities laws or exchange listing rules, or otherwise in connection with our business.
You have choices about your personal information, and in some circumstances, you may have the right to opt out or object to our uses of your personal information for these Purposes. For all residents of California pursuant to AB-375 (a) A consumer shall have the right, at any time, to direct a business that sells personal information about the consumer to third parties not to sell the consumer’s personal information. This right may be referred to as the right to opt-out; (b) A business that sells consumers’ personal information to third parties shall provide notice to consumers, pursuant to subdivision (a) of Section 1798.135, that this information may be sold and that consumers have the “right to opt-out” of the sale of their personal information; c) A business that has received direction from a consumer not to sell the consumer’s personal information or, in the case of a minor consumer’s personal information has not received consent to sell the minor consumer’s personal information shall be prohibited, pursuant to paragraph (4) of subdivision (a) of Section 1798.135, from selling the consumer’s personal information after its receipt of the consumer’s direction, unless the consumer subsequently provides express authorization for the sale of the consumer’s personal information; and (d) Notwithstanding subdivision (a), a business shall not sell the personal information of consumers if the business has actual knowledge that the consumer is less than 16 years of age, unless the consumer, in the case of consumers between 13 and 16 years of age, or the consumer’s parent or guardian, in the case of consumers who are less than 13 years of age, has affirmatively authorized the sale of the consumer’s personal information. A business that willfully disregards the consumer’s age shall be deemed to have had actual knowledge of the consumer’s age. This right may be referred to as the “right to opt in.”
Data obtained through the short code program (SMS) will not be shared with any third-parties for their marketing reasons/purposes.
Sharing of Personal Information
We share personal information with third-parties in connection with the delivery of services to you and the operation of our business (for example, to provide credit card processing, customer service, business analytics, and fraud prevention and compliance services, and to serve you with advertising tailored to your interests). These third-party service providers are required to protect personal information we share with them and may not use any directly identifying personal information other than to provide services we contracted them for. They are not allowed to use the personal information we share for purposes of their own direct marketing (unless you have separately consented with the third-party under the terms provided by the third-party).
Transfer of Your Data Abroad.
By voluntarily providing us with your Personal Data, you are consenting to our use of it in accordance with this Privacy Statement and Consent. Due to the nature of the Internet if you are visiting this Site from a country other than the United States, your communications will inevitably result in the transfer of information across international boundaries. By visiting this web site you consent to these transfers. If you provide Personal Data to this Site, you acknowledge and agree that such Personal Data may be transferred from your current location to the offices and servers of LEXYL and the affiliates, agents and service providers referred to herein located in the United States and in other countries.
In order to use this website, a user must first complete the registration form. During registration a user is required to give their contact information (name and email address) and to create a username & password. This information is used to contact the user about the services on our site for which they have expressed interest. LEXYL does not require the user to provide demographic information, such as income level and gender, nor unique identifiers such as social security number.
A cookie is a piece of data stored on the user's hard drive containing information about the user. Usage of a cookie is in no way linked to any personally identifiable information while on our Web site. For instance, by setting a cookie on our Web site, the user would not have to log in a password, thereby saving time each time they visit our site. Should the user want to temporarily disable this function they can do so by clicking the log-out link. If a user rejects the cookie, they may still use our site. Cookies can also enable us to track and target the interests of our users to enhance the experience on our site.
Learn more and manage your cookies preferences
We use IP addresses to analyze trends, administer the site, track user's movement, and gather broad demographic information for aggregate use. IP addresses are not linked to personally identifiable information.
This Web site contains links to other sites. Please be aware that LEXYL is not responsible for the privacy practices of such other sites. We encourage our users, when they leave our site, to read the privacy statements of each and every Web site that collects personally identifiable information. This privacy statement applies solely to information collected by this Web site.
All of our users' information, not just the sensitive information mentioned above, is restricted in our offices. Only employees who need the information to perform a specific job (for example, a billing clerk or customer service representative) are granted access to personally identifiable information. The servers that we store personally identifiable information on are kept in a secure environment.
We send all new members a welcoming email to verify password and username. Established members will receive information on new groups or hotel bids relating to their business. Out of respect for the privacy of our users we present the option to not receive these types of communications.
Site and Service Updates
We send the user site and service announcement updates. Members are not able to un-subscribe from service announcements, which contain important information about the service. We communicate with the user regarding updates to our site and service and issues relating to their account via email or phone.
Correcting/Updating Personal Information
If a user's personally identifiable information changes (such as zip code), or if a user no longer desires our service, we will endeavor to provide a way to correct, update, or remove that user's personal data.
We use third-party advertising companies to serve ads when you visit our Website. These companies may use information (not including your name, address email address or telephone number) about your visits to this and other Web sites in order to provide advertisements about goods and services of interest to you. If you would like more information about this practice and to know your choices about not having this information used by these companies, you can visit www.networkadvertising.org/managing/opt_out.asp
Notification of Changes
Though we make every effort to preserve user privacy, we may need to disclose personal information when required by law wherein we have a good-faith belief that such action is necessary to comply with a current judicial proceeding, a court order or legal process served on our Web site.
EU General Data Protection Regulation "GDPR"
LEXYL shall ensure appropriate operational and technical measures are in place to safeguard the Personal Data against Data Security Breaches;
LEXYL shall notify group coordinators without undue delay if it becomes aware of any actual Data Security Breaches and shall provide reasonable information and cooperation to Group Coordinator so that Group Coordinator can fulfill any data breach reporting obligations it may have under (and in accordance with the timescales required by) applicable Data Protection Legislation;
LEXYL shall, upon request, provide the group coordinator with a list of subcontractors who Process Personal Data;
LEXYL shall only appoint third party vendors or service providers as sub- processors of the Personal Data where LEXYL:
(A) concludes written contracts with such sub-processors which provide for data protection terms that are no less protective than the terms set out in these Requirements;
(B) notifies group coordinator of any intended additions of or replacements to existing sub-processors prior to such appointment;
If the group coordinator has reasonable data protection grounds to believe that a sub- processor appointed by LEXYL will render LEXYL unable to fulfil its data protection obligations under these Requirements, the group coordinator may, within 7 days of receipt of notice of their appointment, object to LEXYL's appointment of such sub-processor, in which case LEXYL will not allow that sub-processor to further access the Personal Data until the group coordinator has agreed to the appointment or replacement of the subcontractor or until group coordinator withdraws its objection;
LEXYL shall establish policies and procedures to provide all reasonable and prompt assistance to Group Coordinators in responding to any and all requests, complaints, or other communications received from any individual who is or may be the subject of any Personal Data Processed by LEXYL.
Please note that our accountants, internal and external auditors, legal counsel and other professional advisors may have access to your Personal Data in order to provide us with applicable professional services in connection with our legal compliance requirements, including, without limitation, applicable securities laws or exchange listing rules, or otherwise in connection with our business.
Cross border data transfers
LEXYL shall not transfer (and shall not permit any third party to transfer) Personal Data outside the territory of origination unless it takes any required compliance measures to enable such transfer legally; and
With regard to EEA Data, LEXYL shall not transfer (and shall not permit any third party to transfer) such data in any territory outside of the European Economic Area (EEA) unless it takes such measures to ensure that such transfer of EEA Data is consistent with the requirements of Chapter V of the GDPR. For the avoidance of doubt, such measures may include LEXYL (or third party, as applicable):
(A) ensuring that it Processes the EEA data in a country that has been deemed adequate by the European Commission pursuant to Article 45 of the GDPR;
(B) Processing the EEA Data pursuant to Standard Contractual Clauses (or "model clauses") approved by a decision of the European Commission;
(C) Processing the EEA Data in compliance with Binding Corporate Rules that have been duly authorized by EEA data protection authorities that are competent for the EEA Data; and
(D) with respect to transferring the EEA data to the United States, Processing such data pursuant to the EU-U.S. and/or Swiss-U.S. Privacy Shield Frameworks, as applicable;
(E) LEXYL shall ensure that any person (including LEXYL's staff, agents and subcontractors) who is authorized to Process the Personal Data is subject to a strict duty of confidentiality (whether a contractual or statutory duty) and shall not permit any person to Process the Personal Data who is not under such a duty of confidentiality; and
(F) with regard to EEA Data, LEXYL shall assist group coordinators to conduct data protection impact assessments to the extent such assessments are required by the GDPR, and if necessary, consult with relevant supervisory authorities pursuant to Articles 35-36 of the GDPR.
Please send all personal data removal requests to GDPR [AT] hotelplanner.com with your group request ID number in the subject line of the email.