Booking means a combination of the User’s actions, as a result of which the User, having accepted the Booking Terms and Conditions, generates and submits an order for accommodation and other services available on the Website. Provision of the Personal Data by the User is a necessary and crucial condition for making a valid Booking. “Booking” can also be referred to an order for accommodation completed by the User through the Service.
Data Controller means the Russian company Hotel Booking LLC, state registration number 1157746695644.
Personal Account means a section of the Website for registered Users, containing the Booking managing tools. The Personal Account is generated either as the result of the Booking or by deliberate creation of the Personal Account by the User on the Website.
Personal Data means any information relating to an identified or identifiable natural person, which makes possible to determine the User’s identity. Such information may also include data about other people the User makes Bookings for.
Service means a multifunctional information technological online hotel and other travel services booking platform available on the Website, including versions and modifications designed for mobile devices, and all related web sites, downloadable software, mobile applications (including tablet applications), and other services provided by us or our partners and on which a link to this Policy is displayed. The User is granted access to the Service under the terms of a free, simple and non-exclusive license.
User means a capable individual over 18 years of age, who is visiting the Website and/or uses the Service.
2. The Information We Collect on the Service
We collect different types of information from or through the Service. The legal bases for Ostrovok’s processing of Personal Data are primarily that the processing is necessary for providing the booking services in accordance with Booking Terms and Conditions, and that the processing is carried out in Ostrovok’s legitimate interests, which are further explained in the section “How We Use the Information We Collect”. We may also process other data upon the User’s consent, asking for it as appropriate.
2.1 User-provided Information. When the Service is used, User may provide, and we may collect, some of the User’s Personal Data. Examples of Personal Data include the User’s name, surname, passport details, residency, email address, mailing address, mobile phone number, cookie files, and credit card or other billing information. Personal Data also includes other information, such as geographic area or preferences, when any such information is linked to information that identifies a specific individual. User provides us with Personal Data in various ways on the Service. For example, we may collect a User’s Personal Data when User registers for a Personal Account, uses the Service, or sends us customer service -related requests.
2.2 “Automatically Collected” Information. When the User uses the Service, we may automatically record certain information from the User’s device by using various types of technology, including cookies, “clear gifs" or “web beacons.” This “automatically collected” information may include IP address or other device address or ID, web browser and/or device type, the web pages or sites visited just before or just after using the Service, the pages or other content the User views or interacts with on the Service, and the dates and times of the visit, access, or use of the Service. We also may use these technologies to collect information regarding the User’s interaction with email messages, such as whether the User opens, clicks on, or forwards a message.
2.4 Information from other sources. We may obtain information, including Personal Data, from third parties and sources other than the Service, such as our partners, advertisers, credit rating agencies, and Integrated Services. If we combine or associate information from other sources with Personal Data that we collect through the Service, we will treat the combined information as Personal Data in accordance with this Policy.
2.5 Personal information the User gives us about others. Of course, the User might not simply be booking accommodation and other travel services for him/her-self. The User may be travelling with other guests whose details the User provides as part of the Booking, or the User may make a Booking on behalf of someone else. At this point we have to point out that it’s the User’s responsibility to ensure that the person or people the User has provided personal information about are aware that the User’s done so, have given their consent, and have accepted this Policy.
2.6. Payment information. Such as name, billing address, account number, andpayment card details (including card number, expiration date and security code) forpayments processed by us. To the extent any payments are processed by any other thirdparties such as PayPal or Apple Pay, then the privacy policies of those parties shall governsuch information.
3. How We Use the Information We Collect
3.1 We use the information that we collect in a variety of ways in providing the Service and operating our business, including the following:
(i) General Use. We use Personal Data and other information collected through the Service to (a) register the User with the Website and create his/her Personal Account, (b) provide the User with the requested services (mainly to process and confirm the User’s reservation with the accommodation provider or other supplier) (c) provide the User with information about our services on the Website or on other websites and to communicate with the User (including by post-booking chat support) to the extent necessary to provide such requested services, (d) build features that will make the services available on the Website easier to use, (e) conduct surveys, (f) for an improved user experience, internal training and general optimization purposes, (g) for the detection and prevention of fraud and other illegal or unwanted activities or (h) contact the User in case there is any issue with his/her Booking. This includes faster purchase requests, better customer support and timely notice of new services and special offers.
(ii) Operations. We use the information to operate, maintain, enhance and provide all features of the Service, to provide the services and information that the User requests, to respond to comments and questions, to resolve any incidents and to provide support to the User of the Service.
(iii) Improvements. We use the information to understand and analyze the usage trends and preferences of our Users, to improve the Service, and to develop new products, services, feature, and functionality. Should this purpose require Ostrovok to process Personal Data, then the data will only be used in anonymized or aggregated form.
(iv) Marketing Activities & Reminders: We also use the User’s information for marketing activities, as permitted by law. For example: when the User makes a Booking with us, set up a Personal Account, complete or enter details into a booking form, or provide us with his/her contact details we may use the User’s contact information to send the User news of products and services relevant and useful for travelers. With the User’s consent – if consent is required under local law – we may also send the User other regular newsletters by email. The User can opt out, or unsubscribe, from marketing communications at any time using the “Unsubscribe”. Based on the information the User shares with us, individualized offers may be shown to him/her on the Website, in mobile apps or on third-party websites, including social media sites. These might be offers that the User can book directly on the Website, or third-party offers or products we think the User might find interesting.
If the User has not finalized a booking online, we may send the User a reminder to continue with his/her booking. We believe that this additional service is useful to the User because it allows the User to carry on with a booking without having to search for the travel services again or fill in all the booking details from scratch.
When the User participates in other promotional activities, including but not limited to our referral programs, relevant information will be used to administer these promotions.
Please note that the confirmation emails and text messages sent after the Booking completion, as well as the guest review emails sent after the User’s departure, are not marketing messages. These messages are part of the Booking process. Respectively, they contain information to check in at the User’s booked services, and tools to optionally rate that services after the use of them. The User will continue to receive them, even if he/she has opted out of our marketing messages.
We may use the User’s email address or other information to contact that User and responding to and handling any requests he/she have made or with updates on promotions and events, relating to products and services offered by us and by third parties we work with.
(v) Cookies and tracking technologies. We use automatically collected information and other information collected on the Service through cookies and similar technologies to: (i) personalize our Service, such as remembering the User’s information so that the User will not have to re-enter it during a visit or on subsequent visits; (ii) provide customized advertisements, content, and information; (iii) monitor and analyze the effectiveness of the Service and third-party marketing activities; (iv) monitor aggregate site usage metrics such as total number of visitors and pages viewed; and (v) track the User’s entries, submissions, and status in any promotions or other activities on the Service. The User can obtain more information about cookies by visiting http://www.allaboutcookies.org. The User can also learn more about cookies and tracking technologies and how we use them on the Website below under the section “More on Cookies.”
3.2 To process Personal Data as described above, we rely on the following legal bases:
(i) Performance of a contract: The use of the User’s Personal Data is necessary to perform the contract that the User has with us. When the User uses our services to make a Booking, we will use the User’s Personal Data to carry out our obligation to complete and administer that Booking in accordance with the accepted Bookings terms and Conditions.
(ii) Legitimate interests: We may use the User’s Personal data for our legitimate interests, such as to provide the User with the best suitable content of the Website, emails and newsletters, to improve and promote our products and services and the content on the Website, and for administrative, fraud detection and legal purposes.
(iii) Consent: We may rely on the User’s consent to use his/her Personal Data for certain marketing purposes. The User may withdraw his/her consent at any time by contacting us as described in the section “How to Contact Us” or through the Personal Account settings (if any).
(iv) Compliance with a legal obligation required by law. Ostrovok may, in compliance with applicable law, disclose Personal Data to protect ourselves against liability, to respond to subpoenas, judicial processes, legitimate requests, warrants or equivalent by law enforcement officials or authorities, to investigate fraud or other wrongdoing or as otherwise required or necessary in order to comply with applicable law, protect our legitimate interests or to the purchasers in connection with any sale, assignment, or other transfer of all or a part of our business or company.
We may also, in compliance with applicable law, disclose Personal Data to enforce or apply the terms and conditions applicable to our services or to protect the rights, property or safety of Ostrovok, our Users or others.
4. To Whom We Disclose Information
4.1 Except as described in this Policy, we will not intentionally disclose the Personal Data that we collect or store on the Service to third parties without the consent of the applicable User. We may disclose information to third parties if the User consents to us doing so, as well as in the following circumstances:
Providers of travel services that the User’s booked. In order to complete the Booking, we transfer relevant reservation details to third parties which travel services the User has booked on the Website. This may include name, surname, passport details, residency, contact details, payment details, the names of guests travelling with the User and any preferences the User specified when the User made the Booking. If the User has a query about his/her Booking, we may contact service providers and ask them to handle such request. Unless payment is made during the book process via the Service, we will forward the User’s credit card details to an appropriate service provider for further handling (assuming the User has provided us with those details during his/her booking process). In cases of reservation-related disputes, we may provide the service provider with information about the booking process as needed. This may include a copy of the reservation confirmation as proof that the Booking was actually made.
Third-party Personal Data processor. We may use service providers to process Personal Data on our behalf. This processing is for several purposes, including for example sending out marketing material. Third party service providers are bound by confidentiality clauses and are not allowed to use Personal Data for other purposes.
Payment providers and (other) financial institutions. When a chargeback is requested for the Booking by either the User or by the holder of the credit card used to make the Booking, we may need to share certain booking details with the payment service provider and the relevant financial institution to handle the chargeback. This may also include a copy of the reservation confirmation or the IP address used to make the Booking. We may furthermore share information with relevant financial institutions, if we consider it strictly necessary for fraud detection and prevention purposes.
Competent authorities. We disclose Personal Data to law enforcement insofar as it is required by law or is strictly necessary for the prevention, detection or prosecution of criminal acts and fraud. We may need to further disclose Personal Data to competent authorities to protect and defend our rights or properties, or the rights and properties of our business partners.
Business partners. We work with many business partners around the world. Some of these business partners distribute or advertise our services, as well as help our other business partners distribute and advertise their own travel-related services. This may mean that their services are integrated into our website/apps, they have been enabled to show the User a customized advertisement, or Ostrovok online reservation services are integrated in their websites and/or apps.
When the User makes a reservation on one of our business partners’ websites or apps, certain personal data that the User gives them will be forwarded to us. If customer service is provided by the business partner, Ostrovok will share details relevant to the Booking with the business partners (as and when needed) in order to provide the User with appropriate and efficient support. When the User makes a booking through one of our business partners’ websites, the business partners may receive certain parts of Personal Data related to the specific booking. This is for their own internal purposes (such as analytical purposes) and, if requested by the User, for the administration of loyalty programs or marketing.
When the User makes a booking on a business partners’ website, the User should also take the time to read their privacy policies if the User wishes to understand how these business partners may process Personal Data. When we offer the User travel-related products and/or services, the User’s information may be shared with the offering business partners to handle or administer his/her order. For fraud detection and prevention purposes and as strictly necessary, we may also exchange information about our Users with business partners.
Advertising partners. As a way of marketing Ostrovok services via third party business partners (to ensure relevant advertisements are shown to the right audience), we may share personal data with advertising partners. This includes an email address. We strive to only share email addresses in a hashed form so they can be matched to an existing customer database. We strive not to share email addresses for any other purpose. For more information, please read sections “More on Cookies” and “The User’s choices”.
4.2 Different service providers. We work with third party service providers who provide website, application development, hosting, maintenance, and other services for us. These third parties may have access to, or process Personal Data as part of providing those services for us. We limit the information provided to these service providers to that which is reasonably necessary for them to perform their functions, and our contracts with them require them to maintain the confidentiality of such information.
4.3 Non-Personally Identifiable Information. We may make certain automatically-collected, aggregated, or otherwise non-personally-identifiable information available to third parties for various purposes, including (i) compliance with various reporting obligations; (ii) for business or marketing purposes; or (iii) to assist such parties in understanding our Users’ interests, habits, and usage patterns for certain programs, content, services, and/or functionality available through the Service.
4.4 Law Enforcement, Legal Process and Compliance. We may disclose Personal Data or other information if required to do so by law or in the good-faith belief that such action is necessary to comply with applicable laws, in response to a facially valid court order, judicial or other government subpoena or warrant, or to otherwise cooperate with law enforcement or other governmental agencies.
We also reserve the right to disclose Personal Data or other information that we believe, in good faith, is appropriate or necessary to (i) take precautions against liability, (ii) protect ourselves or others from fraudulent, abusive, or unlawful uses or activity, (iii) investigate and defend ourselves against any third-party claims or allegations, (iv) protect the security or integrity of the Service and any facilities or equipment used to make the Service available, or (v) protect our property or other legal rights, enforce our contracts, or protect the rights, property, or safety of others.
5. Third-Party Services
The Service may contain features or links to web sites and services provided by third parties. Any information the User provides on third-party sites or services is provided directly to the operators of such services and is subject to those operators’ policies, if any, governing privacy and security, even if accessed through the Service. We are not responsible for the content or privacy and security practices and policies of third-party sites or services to which links or access are provided through the Service. We encourage the User to learn about third parties’ privacy and security policies before providing them with information.
6. Interest Based Advertising
Interest based advertising is the collection of data from different sources and across different platforms in order to predict an individual’s preferences or interest and to deliver to that individual, or his/her computer, smart phone or tablet, advertising based on his/her assumed preference or interest inferred from the collection of data pertaining to that individual or others who may have a similar profile or similar interests.
We work with a variety of third parties to attempt to understand the profiles of the individuals who are most likely to be interested in Ostrovok products or services so that we can send them promotional emails, or serve our advertisements to them on the websites and mobile apps of other entities.
These third parties include: (a) advertising networks, which collect information about a person’s interests when that person views or interacts with one of their advertisements; (2) attribution partners, which measure the effectiveness of certain advertisements; and (3) business partners, which collect information when a person views or interacts with one of their advertisements.
In collaboration with these third parties, we collect information about our customers, prospects and other individuals over time and across different platforms when they use these platforms or interact with them. Individuals may submit information directly on the Websites or on platforms run by third parties, or by interacting with us, our advertisements, or emails they receive from us or from third parties. We may use special tools that are commonly used for this purpose, such as cookies, beacons, pixels, tags, mobile advertising IDs, flash cookies, and similar technologies. We may have access to databases of information collected by our business partners.
The information we or third party collect enables us to learn what purchases the person made, what ads or content the person sees, on which ads or links the person clicks, and other actions that the person takes on our Sites, or in response to our emails, or when visiting or using third parties’ platforms.
We, or the third parties with which we work, use the information collected as described above to understand the various activities and behaviors of our customers, the Website visitors and others. We, or these third parties, do this for many reasons, including: to recognize new or past visitors to our Sites; to present more personalized content; to provide more useful and relevant ads - for example, if we know what ads the User is shown we can try not to show him/her the same ones repeatedly; to identify visitors across devices, sales channels, third party websites, or to display or send personalized or targeted ads and other custom content that is more focused on a person’s perceived interest in products or services similar to those that we offer.
Our interest-based ads may be served to the User in emails or on third-party platforms. We may serve these ads about our products or services or send commercial communications directly ourselves or through these third parties.
The Users may opt out of receiving interest based advertising-by-advertising networks that may be delivered to them on our platform and other websites by visiting the following websites: http://www.aboutads.info/consumers; and http://www.networkadvertising.org. These features will opt out the User out of many – but not all - of the interest-based advertising activities in which we or third parties engage.
ADARA: ADARA's cookie collects information about your travel activities and preferences that allows Ostrovok and/or approved 3rd party companies to engage with you through personalized, relevant adverts when you're browsing other websites and social media platforms, and through ADARA analytics services. You can learn more about ADARA and opt out at https://www.adara.com/privacy-promise.
7. More on Cookies
7.1 A cookie is a small amount of data that is placed in the browser of the User’s computer or on his/her mobile device. So-called “first party cookies” (not as much fun as they sound) are cookies which are served by the entity operating the domain through which the cookie is served. Ostrovok’s own cookies are therefore “first party cookies”. In case we allow others to service cookies through the Service, these cookies are so-called “third party cookies”.
In addition, there is a difference between session cookies and permanent cookies. Session cookies will only exist until the User closes his/her browser. Permanent cookies have a longer lifespan and are not automatically deleted once the User closes the browser. We strive to serve cookies or allow the serving of cookies with a maximum lifespan of 5 years. Only in exceptional circumstances, such as for security purposes and where absolutely necessary, will a cookie have a longer lifespan than that.
Next to cookies, other tracking technologies are used which are similar to cookies. These can include web beacons (also known as pixel tags, web bugs or gifs), tracking URLs or software development kits (SDKs). A web beacon is a tiny graphic image of just one pixel that can be delivered to the User’s computer as part of a web page request, in an app, in an advertisement or in an HTML email message. Pixels can be used to retrieve information from the User’s device, such as the device type or operating system, IP address, and time of visit. They are also used to serve and read cookies in the browser. Tracking URLs are used to understand from which referring website the Service is used. SDKs are small pieces of code included in apps, which function like cookies and web beacons. All these technologies are hereinafter together referred to in this section as “Cookies”.
7.2 The Following Types of Cookies Are Used on the Website.
Technical Cookies. We try to give our visitors an advanced, user-friendly website and apps that adapt automatically to their needs and wishes. To achieve this, we use Technical Cookies to show the User the Service, to make them function correctly, to create the User account, to sign the User in and to manage Bookings. These Technical Cookies are absolutely necessary for the Service to function properly.
Analytics Cookies. We use these Cookies to gain insight into how our visitors use the Service. This means we can find out what works and what doesn't, optimize and improve the Service, understand the effectiveness of advertisements and communications, and ensure we continue to be interesting and relevant. The data we gather can include which web pages the User has viewed, which referring/exit pages he/she has entered and left from, which platform type he/she has used, which emails the User has opened and acted upon, and date and time stamp information.
It also means we can use details about how the User has interacted with the Service, such as the number of clicks he/she makes on a given page, his/her mouse movements and scrolling activity, the search words he/she uses and the text he/she enters into various fields. We make use of Analytics Cookies as part of our online advertising campaigns to learn how Users interact with our website or apps after they have been shown an online advertisement. This may include advertisements on third-party websites. Analytics Cookies may also be used to enable our business partners to learn if their customers make use of offers integrated into their websites.
Commercial Cookies. We use third-party cookies as well as our own to display personalized advertisements on our websites and on other websites. This is called “retargeting”, and it is based on browsing activities, such as the destinations the User has been searching for, the accommodation the User has viewed and the prices he/she has been shown.
7.3 Important information.
The information gathered by these third parties is used to make predictions about the User’s interests or preferences so that they can display advertisements or promotional material on the Website and on other sites across the Internet tailored to the User’s apparent interests.
The business partners and advertising networks that serve interest-based advertisements have limited access to a small amount of information about the User’s profile and device, which is necessary to serve the User advertisements that are tailored to his/her apparent interests. It is possible that they may reuse this small amount of information on other sites or services.
We do not share with these third parties any information that would readily identify the User (such as email address); however, these third parties may have access to information about the User’s device (such as IP or MAC address). We do not have access to, or control over, the technologies that these third parties may use to collect information about the User’s interests, and the information practices of these third parties are not covered by this Policy. Other than as discussed in this Policy, we have no control over these third parties.
8. Minors and children’s privacy
Protecting the privacy of young children is especially important. Our Service is not directed to children under the age of 18, and we do not knowingly collect Personal Data from children under the age of 18 without obtaining parental consent. If you are under 18 years of age, then please do not use or access the Service at any time or in any manner. If we learn that Personal Data has been collected on the Service from persons under 18 years of age and without verifiable parental consent, then we will take the appropriate steps to delete this information. If you are a parent or guardian and discover that your child under 18 years of age has obtained an Account on the Service, then you may alert us at firstname.lastname@example.org and request that we delete that child’s Personal Data from our systems.
9. Data Security and Retention
We follow generally accepted industry standards to protect the information submitted to us, both during transmission and once we receive it. We maintain appropriate administrative, technical and physical safeguards to protect Personal Data against accidental or unlawful destruction, accidental loss, unauthorized alteration, unauthorized disclosure or access, misuse, and any other unlawful form of processing of the Personal Data in our possession. This includes, for example, firewalls, password protection and other access and authentication controls. We use SSL technology to encrypt data during transmission through public internet, and we also employ application-layer security features to further anonymize Personal Data.
If we learn of a security systems breach, we will inform the User and the authorities of the occurrence of the breach in accordance with applicable law.
In accordance with European data protection laws, we observe reasonable procedures to prevent unauthorized access to, and the misuse of, Personal Data. Only authorized personnel are permitted to access personal data in the course of their work.
We only retain the Personal Data collected from a User for as long as the User’s Personal Account is active or otherwise for a limited period of time as long as we need it to fulfill the purposes for which we have initially collected it, unless otherwise required by law.
10. The User’s Choices
10.1 Access, Correction, Deletion. We respect the User’s privacy rights and provide him/her with reasonable access to the Personal Data that he/she may have provided through the use of the Services. If the User wishes to access or amend any other Personal Data we hold about him/her, or to request that we delete or transfer any information about him/her that we have obtained, the User may contact us as set forth in the section “How to Contact Us”. At the User’ request, we will have any reference to his/her deleted or blocked in our database.
The User may update, correct, or delete his/her Personal Account information and preferences at any time by accessing his/her Personal Account settings page on the Service. Please note that while any changes the User makes will be reflected in active user databases instantly or within a reasonable period of time, we may retain all information the User submits for backups, archiving, prevention of fraud and abuse, analytics, satisfaction of legal obligations, or where we otherwise reasonably believe that we have a legitimate reason to do so. The User can also delete his/her Personal Account accessing the settings section in it.
The User may decline to share certain Personal Data with us, in which case we may not be able to provide to him/her some of the features and functionality of the Service.
The User can also withdraw his/her accept to this Policy in his/her Personal Account at any time. In case the User does this, Ostrovok cease the processing of his/her Personal Data based on consent, but will continue to process it on other legitimate grounds which do not require his/her consent (please, see clause 3.2 of the section “How We Use the Information We Collect”).
At any time, the User may object to the processing of his/her Personal Data, on legitimate grounds, except if otherwise permitted by applicable law. If the User believes his/her right to privacy granted by applicable data protection laws has been infringed upon, he/she may contact us at email@example.com. The User also has a right to lodge a complaint with data protection authorities and request any other information he/she is interested in due to his/her Personal Data processing.
10.2 Opting out from Commercial Communications. If the User receives commercial emails from us, he/she may unsubscribe at any time by following the instructions contained within the email, or by sending an email to the address provided in the section “How to Contact Us”.
Please be aware that if the User opts-out of receiving commercial email from us or otherwise modifies the nature or frequency of promotional communications he/she receives from us, it may take up to 3 (three) business days for us to process such request. Additionally, even after the User opts-out from receiving commercial messages from us, he/she will continue to receive administrative messages from us regarding the Service.
11. Changes and Updates to this Policy
Please revisit this page periodically to stay aware of any changes to this Policy, which we may update from time to time. If we modify the Policy, we will make it available through the Service, and indicate the date of the latest revision, and will comply with applicable law. The User’s continued use of the Service after the revised Policy has become effective indicates that the User has read, understood and agreed to the current version of the Policy.
12. How to Contact Us
Please contact us with any questions or comments about this Policy, your Personal Data, our use and disclosure practices, or your consent choices by email at firstname.lastname@example.org, or by phone number +7 499 215-65-25, or by the legal address of the Data Controller.
Last update: May 1, 2018