WebBeds B2B Partner Privacy Notice Overview
At WebBeds FZ-LLC (“WebBeds,” “we,” “us,” “our”), we pride ourselves on leading the way in online travel and becoming the best possible partner to the travel trade. This extends to the ways in which we manage the personal information of our clients and suppliers and the individuals who are, or who work for or on behalf of, our clients and suppliers (together referred to as ‘B2B Partners’). We will always be transparent about how we collect and use personal information and how we protect privacy.
This Privacy Notice describes how we collect, use and process personal information in the context of performing our obligations to, and managing our business relationship with, our B2B Partners.
This Privacy Notice does not apply to any personal information our B2B Partners collect independently and provide to us during the course of our business relationship (including the personal information of customers and guests of our B2B Partners).
When we collect, use and process personal information relating to the customers and guests of our B2B Partners (in accordance with the provisions of the applicable contract or data processing agreement), the WebBeds Guest Privacy Notice will apply.
We are always happy to answer any questions you may have, or to provide you with any additional information that you may need. Please see the “Contact Us” section below, for details on how to get in touch with us.
We review this Privacy Notice regularly to ensure that we’re being transparent about how we use your personal information. Any changes to this Privacy Notice will be reflected on our website and will take effect on the date of publication.
Who are we?
We are WebBeds FZ-LLC (also trading as Sunhotels, Lots of Hotels, FIT Ruums, Destinations of the World (“DOTW”) and/or JacTravel), a company registered in Dubai, United Arab Emirates with company number 91277. Our registered office is at Suite 3212-3216 Al Shatha Tower, PO Box 502115, Dubai Media City, Dubai, United Arab Emirates. We offer a range of travel and accommodation booking services across our websites, channels and platforms. We refer to all of these services, together with our applications and websites as "Services" in this Privacy Notice.
For the purposes of the General Data Protection Regulation 2016/679 (“GDPR”), and to the extent that we process personal information of our B2B Partners, e are an independent “data controller”. Any personal information we collect and process in this context, is necessary to enable us to manage our business relationship with our B2B Partners, supply our Services and perform our business functions and activities, including:
- our provision of travel and accommodation booking services;
- the facilitation of payments for travel and accommodation services;
- marketing our Services; and
- our compliance with our policies, procedures and legal
We are firmly committed to ensuring the privacy of the personal information we collect and to maintaining safeguards to protect personal information in our care. There may be instances where your local data protection laws impose more restrictive information handling practices than the practices set out in this Privacy Notice. Where this occurs, we will adjust our information handling practices in your jurisdiction, to comply with these local data protection laws.
Types of personal information we collect and how we collect it
The types of information we collect will differ, depending on our relationship with you. Most of the information we collect from our B2B Partners is business information.
In certain circumstances, we may need to collect certain types of personal information from our B2B Partners, where necessary to provide access to our Services, to manage our ongoing business relationships and to fulfil our legal and contractual obligations. Some of the information we collect from our B2B Partners may include personal information, such as:
- Business contact information, including business contact name and business contact details, such as business email address, business phone number, business address and business Skype address; and
- Business payment and billing information, such as business credit card and bank account
We collect this personal information from our B2B Partners when:
- a user account is created by our B2B Partners, or by us on their behalf, in order to enable access to the Services,
- our B2B Partners (or individuals acting for or on their behalf) use our Services, to enquire about or arrange bookings via the Services; and
- payments for bookings are submitted via the
We also collect personal information via our customer support channels (including via our website or customer support team) and when our B2B Partners otherwise engage with us, via phone or email.
How we use the personal information we collect
We collect personal information in order to manage our business relationships and continue providing our Services. Having this information enables the efficiency of our Services and allows us to continue fulfilling our obligations to our B2B Partners.
Further information about the specific purposes for which we use the personal information we collect, and the legal basis of our processing for those purposes, can be found below.
To provide the Services
We use the personal information we collect to provide our Services, and to verify the identities of individuals using our Services (on the basis of performing our contractual obligations).
To process and facilitate transactions and payments
We will use the personal information we collect to process transactions and payments, such as payments for accommodation bookings, and to collect and recover money owed to us (on the basis of performing our contractual obligations and on the basis of our legitimate interest to recover any debts due to us);
To manage our business relationships
We will use personal information we collect to manage our business relationships with our B2B Partners. This includes notifying our B2B Partners of updates to our terms or to this Privacy Notice, or changes to the Services (on the basis of performing our contractual obligations or to comply with our legal obligations).
To communicate with our B2B Partners about the Services
We use contact information we collect from our B2B Partners to send transactional communications via email and within the Services, including confirming bookings, reminders of payments due, responding to questions and requests, providing customer support, and sending notices (on the basis of performing our contractual obligations, or on the basis of our legitimate interests to provide customer service to our B2B Partners). We also send communications during the process of Service onboarding, to help our B2B Partners become more proficient in using our Services. These communications are part of the Services and in most cases, cannot be opted -out of. If an opt-out is available, that option will be found within the communication itself (e.g. by selecting the option to
“unsubscribe” in an email we have sent), or within the account settings of the Services.
To market, promote and drive engagement with the Services
We use B2B Partner contact information and information about how B2B Partners use the Services, to identify and send promotional communications that may be of specific interest, including by email. These communications are aimed at driving engagement and maximising the value of the Services to our B2B Partners, including information about the latest offers and promotions that we think may be of interest. We use B2B Partner contact information for this purpose on the basis of our legitimate interests to provide marketing communications, where we may lawfully do so.
To provide and improve customer support and to respond to requests
We use B2B Partner contact information to resolve issues, to respond to requests for assistance and to ensure quality assurance and security, on the basis of our legitimate interest in improving our customer support. We also use your personal information to process and respond to requests to exercise individual rights, in order to comply with our legal obligations.
For research and development
We are always looking for ways to make our Services smarter, faster, more secure and useful to you, our B2B Partners. We use collective learnings about how our Services to troubleshoot and to identify trends, usage, activity patterns and areas for integration and improvement of the Services. For example, to improve a certain feature, we automatically analyse recent interactions of users and how often they use the features of the Services to gather the most relevant information. We automatically analyse and aggregate frequently used searches to improve the accuracy and relevance of suggested products. In some cases, we apply these learnings across our Services to improve and develop similar features or to better integrate the Services. We also test and analyse certain new features with some users before rolling the feature out to all users. We use personal information for this purpose on the basis of our legitimate interests to present our B2B Partners with the right kinds of products and content and to improve our products and Services.
To ensure security and protect our business interests
We will use personal information where necessary to ensure the security of our Services, buildings, and people, including to protect against and investigate and deter against fraudulent, unauthorised or illegal activities, systems testing, maintenance and development (on the basis of our legitimate interests to operate a safe and lawful business, and where we have a legal obligation to do so, for establishing exercising or defending legal claims or for reasons of substantial public interest).
To comply with our legal obligations, policies and procedures
We will use personal information where necessary to enable us to:
- comply with our policies and procedures;
- comply with our legal obligations (for example, our financial and tax reporting obligations, and to adhere to court orders or warrants); and
- enforce our legal rights and protect the rights, property and safety of our staff and
This may include sharing your personal information with our lawyers, technical advisors, law enforcement and other regulatory bodies where necessary.
What is our ‘legitimate interest”?
In certain circumstances (as outlined above), we may use your personal information to pursue legitimate interests of our own or that of third parties, provided that your interests and fundamental rights do not override those
interests. By “legitimate interests,” we mean our interests in conducting and managing our business activities and
ensuring that we are guaranteeing the best service and experience for you.
Where we use personal information for our legitimate interests, we make sure that we take into account any potential impact that this use may have on you. We won’t use your information if we believe your interests override ours, unless we have other lawful grounds to do so (such as with your consent, or if we have a legal obligation). If you have any questions or concerns about our processing of your personal information, you may contact us at any time.
As we outline in the “Your individual rights” section below, you will have the right to object to our using your personal information for our legitimate interests. However, please keep in mind that your objection to this sort of processing may affect our ability to carry out the tasks that we have set out above.
How we share the personal information we collect
We will only share personal information we collect with a third party if it is necessary for us to provide our Services. We have contractual provisions in place with all third parties we share personal information with, to ensure they handle this information with care, comply with all applicable laws and do not use this personal information for any other purpose.
We work with third-party service providers to provide website and application development, hosting, maintenance, backup, storage, virtual infrastructure, payment processing, fraud detection, analysis and other services for us, which may require them to access or use information about we have collected from you. If a service provider needs to access this information to perform services on our behalf, they do so under close instruction from us, including policies and procedures designed to protect personal information.
We work with a global network of partners who help us market and promote our products (for example, by providing consulting and sales services), who generate leads for us, help us improve our products and Services and resell our Services. We may share personal information we have collected with these partners in connection with these Services, such as to assist with marketing and promotions, or as part of our agreement with them.
In exceptional circumstances, we may share personal information we have collected with a third party if we believe that sharing is reasonably necessary to:
- comply with any applicable law, regulation, legal process or governmental request, including to meet national security requirements;
- enforce our agreements, policies and terms of service;
- protect the security or integrity of our products and services;
- protect WebBeds, our customers or the public from harm or illegal activities; or
- respond to an emergency which we believe in good faith requires us to disclose information to assist in preventing the death or serious bodily injury of any
We share and transfer personal information with our affiliated entities as part of our global operations. We may also share or transfer information in connection with any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company. Our B2B Partners will be notified via email and/or a prominent notice on the Services if a transaction takes place, as well as any necessary choices available concerning B2B Partner information.
How we transfer personal information we collect internationally
We collect information globally. As part of our global operations, we may transfer, process and store B2B Partner information with our affiliates and suppliers in countries outside of your country of residence. We primarily store information in the United States, Australia and Ireland.
We may also transfer, process and store information outside of your country of residence to wherever our third- party service providers operate for the purpose of providing you with the Services. You can find more information about our global third-party service providers here.
Whenever we transfer personal information, we take all necessary steps to protect it and to ensure we comply with the applicable laws.
Disclosure of information outside the EEA
In order to continue providing our Services, we may need to disclose information to recipients in other jurisdictions, including to our related entities, our suppliers, or our third-party service providers (such as our data hosting provider located in the US). To the extent that such a disclosure includes the personal information of our B2B Partners located in the EEA, we implement adequate or appropriate safeguards to ensure it is properly protected.
For transfers from the EEA (or the UK, as applicable) to New Zealand, we rely on an adequacy decision of the European Commission. In dealing with transfers from the EEA (or the UK, as applicable) to countries that have not been approved by the European Commission, we will rely on the EU Commission-approved Standard Contractual Clauses (SCC’s) and/or the need to process your personal information in order to provide the Services, to safeguard the transfer of your personal information. The SCC’s form part of our Data Protection Terms with our B2B Partners.
How we store and secure the personal information we collect Information storage and security
We use reasonable technical and organisational measures to secure the personal information we hold.
We use reputable data hosting service providers in the United States, Australia and Ireland to host the information we collect. We take steps to ensure that any personal information we store with our data hosting service providers is adequately safeguarded (including contractual provisions, appropriate supervision and assessment where necessary).
We cannot guarantee the security of any information or data you provide online. In the event of a serious security incident involving your personal information, we will notify you and report the incident to the relevant authorities as required by applicable law.
Security of transactions
Our secure booking server uses encryption to ensure industry-standard levels of security. This is shown by the padlock in the closed position at the base of your browser screen. Any information, including credit card details, submitted on this page will be encrypted and securely transmitted. When your transaction is complete, your information is stored in an encrypted state. All information transmitted on the booking page is secured using Transport Layer Security (TLS) 1.2.
How long we keep your personal information
Information we collect from our B2B Partners will be retained for the duration of our contractual relationship, and for a reasonable period thereafter. We retain this information as reasonably necessary to:
- maintain our business records (for analysis, security, tax and/or audit purposes);
- handle any complaints or disputes regarding the Services;
- comply with our legal obligations and protect or defend our legal rights;
- enforce our contractual obligations and agreements; and
- support our business operations and continue to develop and improve our
Where we retain information for Service improvement and development, we take steps to eliminate identifiable information, and we only use the information to uncover collective insights about the use of our Services, not to specifically analyse personal characteristics.
We retain information about your marketing preferences for a reasonable period from the date you last expressed interest in our Services, such as when you last opened an email from us or ceased using the Services. We retain information derived from cookies and other tracking technologies for a reasonable period from the date such information was created.
Once personal information is no longer needed to fulfil the purpose for which it was collected, we will take reasonable steps to securely destroy or de-identify that information unless we are prevented from doing so by law. If destruction or de-identification is not possible (for example, because the information has been stored in backup archives), then we will securely store your information and isolate it from any further use until secure deletion is possible.
Your individual rights
We want to assure you that you have control of the information you choose to provide to us. Subject to certain exemptions and depending on the applicable data protection laws (including in some cases, upon our legal basis for processing your information), there are a number of rights you have over your personal information. Below is a summary of these rights and how you can exercise them:
- You have the right to be informed of how we collect and handle your information, as we seek to do in this Privacy
- You have the right to request access to the information that we hold about
- You may have the right to receive a copy of any information we hold about you (or request that we transfer this to another service provider) in a structured, commonly used, machine-readable format in certain circumstances (where we are processing this information on the basis of your consent, or where the processing is conducted on the basis of a contract);
- You have the right to request we correct any personal information we hold about you if you think it is incorrect, or
- In certain circumstances, you may have the right to ask us to limit or cease our processing of we hold about
- You have the right to ask us not to process your information for marketing purposes (see ‘Opt-out of communications’ below). Please note that we may still need to send you communications relating to your account or your use of the
- You may have the right to object to our processing of your personal information when such processing is based on our legitimate interests (see “What is our legitimate interest?” above). Before using your personal information for our legitimate interests, we balance these interests against your rights and freedoms; however, if you consider that you have grounds to object to this, you can explain this to us, and we will review your
- You may have the right to obtain an explanation of, and object to, any automated decision-making (including profiling) which produces a legal effect or similarly significant effects. We do use your information to personalise the Services and the offers you receive; however we do not engage in automated processing with legal or similarly significant
- In cases where we process your personal information based on your consent, you can withdraw your consent at any time by contacting us. This does not affect the legality of any processing carried out before you withdrew your
- If you have unresolved concerns, you also have the right to complain about us to the relevant data protection authority in the country where you live, where you work or where you feel your rights were
Please note that, notwithstanding the rights listed above, we reserve the right to retain certain information for our record-keeping purposes, and to defend ourselves against any legal claims.
Exercising your individual rights
You can exercise your individual rights at any time, by contacting us using the details in the ‘Contact Us’ section below.
When you make such requests, we will respond within 30 days of receipt. If there is a delay or dispute as to whether we have the right to continue using your personal information, we will restrict any further use of your information until the request is honoured or the dispute is resolved. We may ask you for additional information to confirm your identity and for security purposes, before disclosing the personal information requested by you. We reserve the right to charge a fee when permitted by law (for example, if your request is manifestly unfounded or excessive).
Your request and choices may be limited in certain cases: for example, if fulfilling your request would reveal information about another person, or if you ask to delete information which we are permitted by law or have compelling legitimate interests to keep. You will not be discriminated against for having exercised your individual rights.
If you have unresolved concerns, you may also have the right to complain to a data protection authority in the country where you live, where you work or where you feel your rights were infringed. A list of data protection authorities in the EEA can be found on the official website of the European Data Protection Board.
Opt-out of marketing communications
You may opt-out of receiving marketing or promotional communications from us, by using the unsubscribe link within each email, updating your email preferences within your Service account settings menu, or by contacting us as provided below to have your contact information removed from our promotional email list or registration database. You can also opt out of some notification messages in your account settings.
Other important privacy information
Our policy towards children
The Services are not directed to individuals under 14. We do not knowingly collect personal information from children under 14 without parental or guardian consent unless allowed by relevant local laws. If we become aware that information about a minor has been collected without the appropriate consent or approval, we will take steps to delete such information. If you become aware of any circumstance where we have collected information about a minor without the appropriate consent or approval, please contact us using the contact details below.
We may change this Notice from time to time. We will post any changes on this page and, if the changes are significant, we will notify you by sending you an email notification. We encourage you to review this Notice whenever you use the Services to stay informed about our information practices and the ways you can help protect your privacy.
If you disagree with any changes to this Notice, you will need to stop using the Services. If we make any changes to how you can exercise your individual rights, we will notify you.
If you have any questions about this Privacy Notice or our privacy practices, if you need to access this Privacy Notice in a different format, or if you would like to exercise your individual rights, please contact our Data Protection Officer, by email or phone, at: