At WebBeds FZ-LLC (“WebBeds,” “we,” “us,” “our”), we pride ourselves on leading the way in online travel and becoming the best possible partner to the travel trade. This extends to the ways in which we manage the personal information of our clients and suppliers and the individuals who are, or who work for or on behalf of, our clients and suppliers (together referred to as ‘B2B Partners’). We will always be transparent about how we collect and use personal information and how we protect privacy.
This Privacy Notice describes how we collect, use and process personal information in the context of performing our obligations to, and managing our business relationship with, our B2B Partners.
This Privacy Notice does not apply to any personal information our B2B Partners collect independently and provide to us during the course of our business relationship (including the personal information of customers and guests of our B2B Partners).
When we collect, use and process personal information relating to the customers and guests of our B2B Partners (in accordance with the provisions of the applicable contract or data processing agreement), the WebBeds Guest Privacy Notice will apply.
We are always happy to answer any questions you may have, or to provide you with any additional information that you may need. Please see the “Contact Us” section below, for details on how to get in touch with us.
We review this Privacy Notice regularly to ensure that we’re being transparent about how we use your personal information. Any changes to this Privacy Notice will be reflected on our website and will take effect on the date of publication.
We are WebBeds FZ-LLC (also trading as Sunhotels, Lots of Hotels, FIT Ruums, Destinations of the World (“DOTW”) and/or JacTravel), a company registered in Dubai, United Arab Emirates with company number 91277. Our registered office is at Suite 3212-3216 Al Shatha Tower, PO Box 502115, Dubai Media City, Dubai, United Arab Emirates. We offer a range of travel and accommodation booking services across our websites, channels and platforms. We refer to all of these services, together with our applications and websites as "Services" in this Privacy Notice.
For the purposes of the General Data Protection Regulation 2016/679 (“GDPR”), and to the extent that we process personal information of our B2B Partners, e are an independent “data controller”. Any personal information we collect and process in this context, is necessary to enable us to manage our business relationship with our B2B Partners, supply our Services and perform our business functions and activities, including:
We are firmly committed to ensuring the privacy of the personal information we collect and to maintaining safeguards to protect personal information in our care. There may be instances where your local data protection laws impose more restrictive information handling practices than the practices set out in this Privacy Notice. Where this occurs, we will adjust our information handling practices in your jurisdiction, to comply with these local data protection laws.
The types of information we collect will differ, depending on our relationship with you. Most of the information we collect from our B2B Partners is business information.
In certain circumstances, we may need to collect certain types of personal information from our B2B Partners, where necessary to provide access to our Services, to manage our ongoing business relationships and to fulfil our legal and contractual obligations. Some of the information we collect from our B2B Partners may include personal information, such as:
We collect this personal information from our B2B Partners when:
We also collect personal information via our customer support channels (including via our website or customer support team) and when our B2B Partners otherwise engage with us, via phone or email.
We collect personal information in order to manage our business relationships and continue providing our Services. Having this information enables the efficiency of our Services and allows us to continue fulfilling our obligations to our B2B Partners.
Further information about the specific purposes for which we use the personal information we collect, and the legal basis of our processing for those purposes, can be found below.
We use the personal information we collect to provide our Services, and to verify the identities of individuals using our Services (on the basis of performing our contractual obligations).
We will use the personal information we collect to process transactions and payments, such as payments for accommodation bookings, and to collect and recover money owed to us (on the basis of performing our contractual obligations and on the basis of our legitimate interest to recover any debts due to us);
We will use personal information we collect to manage our business relationships with our B2B Partners. This includes notifying our B2B Partners of updates to our terms or to this Privacy Notice, or changes to the Services (on the basis of performing our contractual obligations or to comply with our legal obligations).
We use contact information we collect from our B2B Partners to send transactional communications via email and within the Services, including confirming bookings, reminders of payments due, responding to questions and requests, providing customer support, and sending notices (on the basis of performing our contractual obligations, or on the basis of our legitimate interests to provide customer service to our B2B Partners). We also send communications during the process of Service onboarding, to help our B2B Partners become more proficient in using our Services. These communications are part of the Services and in most cases, cannot be opted -out of. If an opt-out is available, that option will be found within the communication itself (e.g. by selecting the option to “unsubscribe” in an email we have sent), or within the account settings of the Services.
We use B2B Partner contact information and information about how B2B Partners use the Services, to identify and send promotional communications that may be of specific interest, including by email. These communications are aimed at driving engagement and maximising the value of the Services to our B2B Partners, including information about the latest offers and promotions that we think may be of interest. We use B2B Partner contact information for this purpose on the basis of our legitimate interests to provide marketing communications, where we may lawfully do so
We use B2B Partner contact information to resolve issues, to respond to requests for assistance and to ensure quality assurance and security, on the basis of our legitimate interest in improving our customer support. We also use your personal information to process and respond to requests to exercise individual rights, in order to comply with our legal obligations.
We are always looking for ways to make our Services smarter, faster, more secure and useful to you, our B2B Partners. We use collective learnings about how our Services to troubleshoot and to identify trends, usage, activity patterns and areas for integration and improvement of the Services. For example, to improve a certain feature, we automatically analyse recent interactions of users and how often they use the features of the Services to gather the most relevant information. We automatically analyse and aggregate frequently used searches to improve the accuracy and relevance of suggested products. In some cases, we apply these learnings across our Services to improve and develop similar features or to better integrate the Services. We also test and analyse certain new features with some users before rolling the feature out to all users. We use personal information for this purpose on the basis of our legitimate interests to present our B2B Partners with the right kinds of products and content and to improve our products and Services.
We will use personal information where necessary to ensure the security of our Services, buildings, and people, including to protect against and investigate and deter against fraudulent, unauthorised or illegal activities, systems testing, maintenance and development (on the basis of our legitimate interests to operate a safe and lawful business, and where we have a legal obligation to do so, for establishing exercising or defending legal claims or for reasons of substantial public interest).
We will use personal information where necessary to enable us to:
This may include sharing your personal information with our lawyers, technical advisors, law enforcement and other regulatory bodies where necessary.
In certain circumstances (as outlined above), we may use your personal information to pursue legitimate interests of our own or that of third parties, provided that your interests and fundamental rights do not override those interests. By “legitimate interests,” we mean our interests in conducting and managing our business activities and ensuring that we are guaranteeing the best service and experience for you.
Where we use personal information for our legitimate interests, we make sure that we take into account any potential impact that this use may have on you. We won’t use your information if we believe your interests override ours, unless we have other lawful grounds to do so (such as with your consent, or if we have a legal obligation). If you have any questions or concerns about our processing of your personal information, you may contact us at any time.
As we outline in the “Your individual rights” section below, you will have the right to object to our using your personal information for our legitimate interests. However, please keep in mind that your objection to this sort of processing may affect our ability to carry out the tasks that we have set out above.
We will only share personal information we collect with a third party if it is necessary for us to provide our Services. We have contractual provisions in place with all third parties we share personal information with, to ensure they handle this information with care, comply with all applicable laws and do not use this personal information for any other purpose.
We work with third-party service providers to provide website and application development, hosting, maintenance, backup, storage, virtual infrastructure, payment processing, fraud detection, analysis and other services for us, which may require them to access or use information about we have collected from you. If a service provider needs to access this information to perform services on our behalf, they do so under close instruction from us, including policies and procedures designed to protect personal information.
We work with a global network of partners who help us market and promote our products (for example, by providing consulting and sales services), who generate leads for us, help us improve our products and Services and resell our Services. We may share personal information we have collected with these partners in connection with these Services, such as to assist with marketing and promotions, or as part of our agreement with them.
In exceptional circumstances, we may share personal information we have collected with a third party if we believe that sharing is reasonably necessary to:
We share and transfer personal information with our affiliated entities as part of our global operations. We may also share or transfer information in connection with any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company. Our B2B Partners will be notified via email and/or a prominent notice on the Services if a transaction takes place, as well as any necessary choices available concerning B2B Partner information.
We collect information globally. As part of our global operations, we may transfer, process and store B2B Partner information with our affiliates and suppliers in countries outside of your country of residence. We primarily store information in the United States, Australia and Ireland.
We may also transfer, process and store information outside of your country of residence to wherever our thirdparty service providers operate for the purpose of providing you with the Services. You can find more information about our global third-party service providers here.
Whenever we transfer personal information, we take all necessary steps to protect it and to ensure we comply with the applicable laws.
In order to continue providing our Services, we may need to disclose information to recipients in other jurisdictions, including to our related entities, our suppliers, or our third-party service providers (such as our data hosting provider located in the US). To the extent that such a disclosure includes the personal information of our B2B Partners located in the EEA, we implement adequate or appropriate safeguards to ensure it is properly protected.
For transfers from the EEA (or the UK, as applicable) to New Zealand, we rely on an adequacy decision of the European Commission. In dealing with transfers from the EEA (or the UK, as applicable) to countries that have not been approved by the European Commission, we will rely on the EU Commission-approved Standard Contractual Clauses (SCC’s) and/or the need to process your personal information in order to provide the Services, to safeguard the transfer of your personal information. The SCC’s form part of our Data Protection Terms with our B2B Partners.
We use reasonable technical and organisational measures to secure the personal information we hold.
We use reputable data hosting service providers in the United States, Australia and Ireland to host the information we collect. We take steps to ensure that any personal information we store with our data hosting service providers is adequately safeguarded (including contractual provisions, appropriate supervision and assessment where necessary).
We cannot guarantee the security of any information or data you provide online. In the event of a serious security incident involving your personal information, we will notify you and report the incident to the relevant authorities as required by applicable law
Our secure booking server uses encryption to ensure industry-standard levels of security. This is shown by the padlock in the closed position at the base of your browser screen. Any information, including credit card details, submitted on this page will be encrypted and securely transmitted. When your transaction is complete, your information is stored in an encrypted state. All information transmitted on the booking page is secured using Transport Layer Security (TLS) 1.2.
Information we collect from our B2B Partners will be retained for the duration of our contractual relationship, and for a reasonable period thereafter. We retain this information as reasonably necessary to:
Where we retain information for Service improvement and development, we take steps to eliminate identifiable information, and we only use the information to uncover collective insights about the use of our Services, not to specifically analyse personal characteristics.
We retain information about your marketing preferences for a reasonable period from the date you last expressed interest in our Services, such as when you last opened an email from us or ceased using the Services. We retain information derived from cookies and other tracking technologies for a reasonable period from the date such information was created.
Once personal information is no longer needed to fulfil the purpose for which it was collected, we will take reasonable steps to securely destroy or de-identify that information unless we are prevented from doing so by law. If destruction or de-identification is not possible (for example, because the information has been stored in backup archives), then we will securely store your information and isolate it from any further use until secure deletion is possible.
We want to assure you that you have control of the information you choose to provide to us. Subject to certain exemptions and depending on the applicable data protection laws (including in some cases, upon our legal basis for processing your information), there are a number of rights you have over your personal information. Below is a summary of these rights and how you can exercise them:
Please note that, notwithstanding the rights listed above, we reserve the right to retain certain information for our record-keeping purposes, and to defend ourselves against any legal claims.
You can exercise your individual rights at any time, by contacting us using the details in the ‘Contact Us’ section below.
When you make such requests, we will respond within 30 days of receipt. If there is a delay or dispute as to whether we have the right to continue using your personal information, we will restrict any further use of your information until the request is honoured or the dispute is resolved. We may ask you for additional information to confirm your identity and for security purposes, before disclosing the personal information requested by you. We reserve the right to charge a fee when permitted by law (for example, if your request is manifestly unfounded or excessive).
Your request and choices may be limited in certain cases: for example, if fulfilling your request would reveal information about another person, or if you ask to delete information which we are permitted by law or have compelling legitimate interests to keep. You will not be discriminated against for having exercised your individual rights
If you have unresolved concerns, you may also have the right to complain to a data protection authority in the country where you live, where you work or where you feel your rights were infringed. A list of data protection authorities in the EEA can be found on the official website of the European Data Protection Board.
You may opt-out of receiving marketing or promotional communications from us, by using the unsubscribe link within each email, updating your email preferences within your Service account settings menu, or by contacting us as provided below to have your contact information removed from our promotional email list or registration database. You can also opt out of some notification messages in your account settings.
The Services are not directed to individuals under 14. We do not knowingly collect personal information from children under 14 without parental or guardian consent unless allowed by relevant local laws. If we become aware that information about a minor has been collected without the appropriate consent or approval, we will take steps to delete such information. If you become aware of any circumstance where we have collected information about a minor without the appropriate consent or approval, please contact us using the contact details below.
We may change this Notice from time to time. We will post any changes on this page and, if the changes are significant, we will notify you by sending you an email notification. We encourage you to review this Notice whenever you use the Services to stay informed about our information practices and the ways you can help protect your privacy.
If you disagree with any changes to this Notice, you will need to stop using the Services.
If we make any changes to how you can exercise your individual rights, we will notify you.
If you have any questions about this Privacy Notice or our privacy practices, if you need to access this Privacy Notice in a different format, or if you would like to exercise your individual rights, please contact our Data Protection Officer, by email or phone, at:
Phone: +613 9828 9500