Third-Party Data Sharing - Controllers And Joint Controllers

 

Last Updated: 12 November 2024  

As stated in our Privacy Statements, we share personal data with third parties for various purposes. Many of the third parties with whom we share your personal data act as our processors, meaning that they may only process your personal data to provide the contracted service on our behalf and not, with limited exceptions, for any other purpose. In other instances, it is appropriate for the third parties with whom we share your personal data to act as controllers, whether as autonomous controllers or joint controllers with us, when they process your personal data in the context of their business relationship with us.  

 

A controller, under data protection law, is, broadly speaking, any party that determines what personal data is collected and the purposes for which it can be used. There are obvious examples where this needs to be the case, for example travel suppliers (eg airlines, hotels, vacation rental property owners, activity suppliers, cruise operators and car rental companies) are all autonomous controllers as they will each have their own relationship with you once we have facilitated a booking for you with them.  

 

We have set out examples of the controller relationships we share with third parties below. This list is illustrative and intended to assist your understanding. It is not exhaustive. Where a third party has been specifically or generally referenced, you may refer to their privacy policy for information on their collection and use of personal data. You will find more information on the purposes for our data sharing in our Privacy Statement.  

 

  • Travel suppliers (airlines, hotels, vacation rental property owners or management companies, car rental services, cruise ship operators, activities or tour providers). 

  • Fraud prevention activities, including background checks, identity verification, risk solutions and sanctions screenings. We carry out these checks on Expedia customers as well as on behalf of third-party partners, such as American Express who contract these services from us.  

  • Advertising intermediaries, such as The Trade Desk, Rokt, and Criteo, that enable us to display and/or measure effectiveness of personalized ads for third party products displayed in our apps. We share data – including advertising or device identifier, hashed email address, approximate location, current trip or booking information, and ad interaction data – with these intermediaries to enable their services and for such other purposes as disclosed in their privacy notices.  

  • Research partners, including those performing surveys or research projects in partnership with us or on our behalf 

  • Social media, media agencies, search engines and other online platforms, such as Meta, TikTok, X, Pinterest, Snap, Google, and Microsoft, that help us target our online marketing. These third parties may combine this information with other information they have about you and in limited circumstances may be acting as a joint controller.  

  • Payment processors and other payment intermediaries, insurers and financing partners, such as Klarna and Hyperwallet 

  • Accountants, consultants, lawyers and other professional service providers