Connectivity Providers – Privacy Terms

1. Definitions.

1.1 “Applicable Data Protection Law” means any applicable laws and regulations in any relevant jurisdiction, relating to the use or processing of personal data.

1.2 Each of “personal data”, “personal data breach”, “processing”, “processor” has the meaning given to it or an equivalent term under Applicable Data Protection Law.

2. Roles and responsibilities.

2.1 The parties acknowledge and affirm that you operate solely as a service provider/ processor on behalf of the Property and not for us. As between us and you, you are responsible for complying with all applicable privacy and data protection laws and obligations as they relate to your processing of any personal data contemplated by this Agreement. You represent and warrant that to the extent you process personal data in connection with this Agreement and/or personal data is transmitted and/or received via the APIs: (i) you do so at the direction of the Property and not at the direction of us, and (ii) if required by Applicable Data Protection Law, you have a written agreement with the Property that addresses your role and responsibilities with respect to personal data relating to this Agreement.

2.2. End users. You are solely responsible for posting any privacy notices and obtaining any consents from your end users required under Applicable Data Protection Law for their use of your Connection.

2.3. Use of personal data. Unless you receive consent directly from the customer, you will not engage and you will not cause any of your affiliates to, directly or indirectly, engage in any marketing, promotional, or similar communications with any customer that has booked a room through our platform.

3. PCI Compliance

PCI DSS. If you process, store, transmit or otherwise have access to any payment information (including, without limitation, credit and debit card numbers and other financial information), you represent and warrant that you are presently in compliance and will remain in compliance with the current Payment Card Information Data Security Standard (“PCI DSS”). If you work with a third-party payment processor, you represent and warrant that any such payment processor you utilize is presently in compliance and will remain in compliance with the current PCI DSS from time to time. You will provide us with a copy of your and/or your third-party payment processor’s PCI DSS Attestation of Compliance annually at the time of filing or upon request.

4. Breaches

4.1 Data security. You will establish and maintain appropriate administrative, technical, and physical safeguards to protect the security, confidentiality and integrity of Confidential Information and personal data in your possession or control. Without limiting the foregoing, you will ensure that all personal data is encrypted in transit and stored using industry standard encryption. Each party shall have in place and will maintain, or will establish and maintain, adequate security procedures and controls to prevent a personal data breach in its possession or control.

4.2 Personal data breach and other violations. In the event of any kind of personal data breach, or violation of Applicable Data Protection Law, you shall, in your role as service provider/ processor on behalf of the Property, promptly notify such Property of such incident and work expeditiously with the Property to address all obligations, legal and otherwise, related to such incident, breach or violation.