Contractual Measures

Third Parties

We ensure that our third-party partners, vendors and service providers to whom data transfers are made have appropriate mechanisms in place to protect personal information.

Our agreements with our third-party partners, vendors and service providers incorporate strict data transfer terms (including, where applicable, the European Commission's Standard Contractual Clauses issued by the European Commission and/or the United Kingdom, for transfers from the EEA/UK), and require all contracting parties to protect the personal information they process in accordance with applicable data protection law. They also require third parties to indicate, where applicable, reliance by a third party on their EU-US DPF certification (and any other country specific extension of that certification, including Swiss-US DPF and UK extension) or any other safeguards (eg Binding Corporate Standards for intragroup transfers).

Expedia Group

We have intragroup agreements in place for our Group companies which incorporate strict data transfer terms (including, where applicable, Standard Contractual Clauses issued by the European Commission and/or United Kingdom, for transfers from the EEA/UK) and set out our intention to rely on our EU/US (DPF certification for so long as it is valid and approved, including any country specific extensions to that certification, eg Swiss or UK.)

These Agreements also set out measures required to be taken by Group companies to require all group companies to protect the personal information they process in accordance with applicable data protection law.