Snapshot of the source text at fetch time — not a live mirror of the policy page.
Plain-English summary
Hotels.com may collect your personal data from affiliated companies, business partners, and other third parties for various purposes including improving services and marketing (data_use-1). Your personal data may be shared to facilitate travel bookings, assist with your stay, communicate with you, and comply with laws (data_use-2). The company may process your data based on 'legitimate interest' for purposes such as platform operation, communication, security verification, marketing, and fraud detection (data_use-3). Personal data is also used for marketing and advertising, including targeted ads and personalized offers (data_use-4), and for market research, analytics, and training to improve services (data_use-5). Additionally, your data is used for security and compliance, including identity verification, fraud prevention, and responding to legal requests (data_use-6). The service collects and uses images, videos, and recordings, including facial photographs from social media, for booking, communication, marketing, loyalty, research, and security (data_use-7). Your communications with the service, such as emails, chats, and calls, are collected and used for a variety of purposes including customer service, marketing, and security (data_use-8). Site interaction data, such as searches and preferences, are collected and widely used for platform functions, customer service, marketing, loyalty, research, and security (data_use-9). Finally, data you provide about friends, connections, and co-travelers is collected and used for extensive purposes, including bookings, marketing, and security (data_use-10).
90% confidence
Ask Verbaterm
Follow up on findings with grounded answers from this review. Not legal advice.
Risk Flags
Critical terms that can significantly impact users, often involving limitations on rights, potential for unexpected charges, or broad data use permissions that go beyond typical expectations. These items are high-severity concerns that users should be aware of immediately.
Not clearly stated: No high-severity clauses that directly state material, hard-to-reverse harm, such as unrecoverable money, lasting privacy exposure, loss of account access, weakened dispute rights, or broad ownership/control of user content, were clearly stated in the provided text.
Data Use
This section outlines how your personal data is collected, processed, and shared. It details the types of data collected, the purposes for its use, and who it may be shared with, including third parties. Understanding these practices is crucial for evaluating your privacy.
Not clearly stated: No additional data use practices that could be classified as medium or high severity were found.
medium95% confidence confidence
Data collection from third parties
Personal data may be received from affiliated companies within Expedia Group, business partners, and other third parties to improve the platform and services, maintain accurate records, detect fraud, and market services.
Why it matters: Your personal data may be collected from sources other than directly from you, including other companies within their group, business partners, and other third parties, affecting the scope of data collected about you.
We also receive personal data from affiliated companies within Expedia Group, as well as business partners and other third parties, which help us improve our platform and associated tools and services, update and maintain accurate records, potentially detect and investigate fraud, and more effectively market our services.
* You give us the personal data, paragraph 2 · Citation strength: strong
low95% confidence confidence
Purposes for sharing personal data
Personal data may be shared for purposes such as booking travel, assisting with travel, communicating with you (including sending information on products/services or enabling communication with travel providers), and complying with applicable law.
Why it matters: Your personal data may be shared with various entities for purposes related to your travel bookings, communications, and legal compliance.
Your [personal data may be shared](https://www.hotels.com/legal/privacy#_Sharing_of_Personal) for several purposes, including to help you book your travel/vacation, assist with your travel and/or vacation stay, communicate with you (including when we send information to you on products and services or enable you to communicate with travel providers and/or property owners), and to comply with applicable law.
* You give us the personal data, paragraph 4 · Citation strength: strong
medium90% confidence confidence
Use of legitimate interests for data processing
Personal data processing may be based on 'legitimate interest,' meaning it serves the company's interests and is not overridden by user rights. This includes operating/improving the platform, communication, security verification, marketing, and detecting/preventing illegal activities.
Why it matters: Your personal data may be processed based on the company's 'legitimate interests,' which can encompass various operational, marketing, and security purposes, and this processing relies on the company's assessment that these interests do not override your rights.
Legitimate interest: this means the processing is in our legitimate interests and those interests are not overridden by your rights (as explained below): * Certain countries and regions allow us to process personal data on the basis of legitimate interests. If we collect and use your personal data in reliance on our legitimate interests (or the legitimate interests of any third party), this interest will typically be to operate or improve our platform and communicate with you as necessary to provide our services to you, for security verification purposes when you contact us, to respond to your queries, to undertake marketing, or for the purpose of detecting or preventing illegal activities.
Lawful bases for processing:, paragraph 4 · Citation strength: strong
low95% confidence confidence
Use of personal data for marketing and advertising
Personal data is collected and used for marketing and advertising purposes, including contacting users for marketing, analyzing browsing/purchase history for optimized advertising, providing personalized discounts, measuring marketing effectiveness, administering promotions, and delivering targeted advertising.
Why it matters: Your personal data, including browsing and purchase history, may be used to deliver targeted marketing and advertising, affecting the offers and content you see.
* Analyze information such as browsing and/or purchase history and use the result to optimize advertising and marketing in accordance with your interests and preferences. * Provide discounts or member prices based on information such as your loyalty membership, search and browsing histories, geo-location, interests and preferences. * Measure and analyze the effectiveness of our marketing and promotions. * Administer promotions like contests, sweepstakes, and similar giveaways. * Deliver targeted advertising and advertising based on your profile and identifiers (e.g. user ID, device advertising ID, email address, phone number).
Categories of Personal Data and Why We Collect and Use it, paragraph 4 · Citation strength: strong
low90% confidence confidence
Use of personal data for market research, analytics, and training
Personal data is used for market research, analytics, and training to improve services, including surveys, data analytics, maintaining/improving sites and apps, monitoring communications for quality control/training/dispute resolution, and creating aggregated/anonymized data.
Why it matters: Your personal data and communications may be used for internal business purposes such as improving services and training staff, and may also be aggregated or anonymized for broader use.
Market Research, Analytics, and Training Purposes to improve our Services – including to: * Conduct surveys, market research, and data analytics. * Maintain, improve, research, and measure the effectiveness of our sites and apps, activities, tools, and services. * Monitor or record calls, chats, and other communications with our customer service team and other representatives, as well as platform communications between or among partners and travelers for quality control, training, dispute resolution, and as described in this Privacy Statement. * Create aggregated or otherwise anonymized or deidentified data, which we may use and disclose without restriction where permissible.
Categories of Personal Data and Why We Collect and Use it, paragraph 6 · Citation strength: strong
low95% confidence confidence
Use of personal data for security and compliance
Personal data is used for security and compliance, including promoting security, verifying customer identity, preventing fraud, defending against claims, managing risks, and complying with applicable laws and governmental requests.
Why it matters: Your personal data may be used for security measures, fraud prevention, and to ensure compliance with legal obligations, which could involve sharing your data with law enforcement or other legal authorities.
* Promote security, verify the identity of our customers, prevent and investigate fraud and unauthorized activities, defend against claims and other liabilities, and manage other risks. * Comply with applicable laws (for example, complying with tax, audit, accounting and other legal obligations, complying with laws requiring us to share personal data with tax authorities and other government bodies, laws requiring us to suspend fraudulent accounts, moderate or remove illegal content and violations),
* Security and Compliance Purposes – including to:, paragraph 1 · Citation strength: strong
medium90% confidence confidence
Collection and use of images, videos and recordings
Images, videos, and recordings, including facial photographs from social media accounts connected to your profile, are collected and used for purposes such as booking, communication, marketing, loyalty programs, market research, and security.
Why it matters: Your images, videos, and recordings, including facial photographs from connected social media accounts, can be collected and used for a broad range of purposes, including facilitating bookings, marketing, and security.
when you create an account using social media sign-in) | * Platform Usage and Booking Purposes * Communication and Customer Service Purposes * Marketing and Advertising Purposes * Loyalty Purposes Market Research, Analytics, and Training Purposes to improve our Services * Security and Compliance Purposes | * Directly from you * From other Expedia Group companies * Automatically from your device * From third parties, such as our business and affiliate partners and authorized service providers | * Performance of a contract with you, such as to facilitate a booking or listing * Legitimate interest, such as allowing you to have a photo associated with your profile, which may be visible to only
* Respond to data requests from:, paragraph 4 · Citation strength: strong
medium90% confidence confidence
Collection and use of communications with the service
Communications with the company, including emails, chat transcripts with virtual agents/AI assistants, and call recordings, are collected and used for various purposes including platform usage, customer service, marketing, loyalty, market research, and security/compliance.
Why it matters: Your communications with the company, such as emails, chat transcripts, and call recordings, may be collected and used for a wide array of business purposes, including marketing, research, and security, which means these interactions are not strictly private or limited to resolving your immediate inquiry.
providers | * Legal obligation, such as to respond to law enforcement requests (where legally permitted) * Performance of a contract with you (and any co-traveler), such as to facilitate customer service interactions * Legitimate interest (of you or a co-traveler), such as responding to complaints or concerns * Consent (including consent of a parent/guardian for the use of child data), where requested
* Respond to data requests from:, paragraph 4 · Citation strength: strong
medium90% confidence confidence
Collection and use of site interaction data
Site interaction data, such as searches, transactions, saved preferences, and interactions via text/voice, are collected and used broadly for platform usage, customer service, marketing, loyalty, market research, and security/compliance.
Why it matters: Your detailed site interactions, including searches, transactions, preferences, and voice/text interactions, are collected and used for numerous purposes, which means your activity on the platform is extensively tracked and analyzed.
Site interaction data - including searches you conduct, transactions, saved travel preferences and other interactions via text or voice with you on our platform (including interactions you may have with our AI Agents and AI filters), online services and apps | * Platform Usage and Booking Purposes * Communication and Customer Service Purposes * Marketing and Advertising Purposes * Loyalty Purposes * Market Research, Analytics, and Training Purposes to improve our Services * Security and Compliance Purposes | * Directly from you * From other Expedia Group companies * Automatically from your device * From third parties, such as our business and affiliate partners and authorized service
* Respond to data requests from:, paragraph 4 · Citation strength: strong
medium90% confidence confidence
Collection and use of data about friends, connections, and co-travelers
Data you provide about other people, such as travel companions, individuals for whom you make bookings, those planning trips with you, or friends you refer, may be collected and used for various purposes including booking, communication, marketing, loyalty, market research, and security/compliance.
Why it matters: The service collects and uses data about other individuals you provide, such as travel companions or referrals, for various extensive purposes, potentially impacting their privacy based on your actions.
our AI Agent travel assistant, where available), and friends you refer to us. | * Platform Usage and Booking Purposes * Communication and Customer Service Purposes * Marketing and Advertising * Loyalty Purposes * Market Research, Analytics, and Training Purposes to improve our Services * Security and Compliance Purposes | * Directly from you * From other Expedia Group companies * From third parties, such as our business and affiliate partners and authorized service providers | * Performance of a contract with you (and any co-traveler), such as facilitating a booking * Legitimate interest (of you or a co-traveler), such as providing personalized services * Consent (including consent you may
* Respond to data requests from:, paragraph 4 · Citation strength: strong
Cancellation and Renewal
This section examines the policies regarding service cancellation and automatic renewals. It highlights any clauses that might make it difficult to cancel, outlines auto-renewal terms, and details refund eligibility. Users should review these terms to understand their commitments and options for managing their service.
Not clearly stated: The provided text does not contain information about cancellation processes, auto-renewal mechanisms, or refund conditions for services.
Gotchas
This section covers any less-obvious clauses that could lead to unexpected outcomes or costs for users. It includes practices that, while not necessarily malicious, might be disadvantageous or surprising, such as limitations on liability, changes to terms, or specific usage restrictions.
Not clearly stated: No clauses that clearly describe unexpected outcomes or costs for users were found within the provided text.
Protections
This section highlights clauses that are designed to protect users, such as explicit commitments to data minimization, strong data security practices, clear consent requirements, or user control over their information. These provisions enhance user trust and safety.
Not clearly stated: No clauses that clearly describe strong user protections (e.g., data minimization, strong security, clear consent, user controls) were found within the provided text.
Report an issue
Flag a citation problem, stale policy text, or incorrect company match.
Verbaterm boundaries
This public review is informational only and is not legal advice. Verbaterm shows only findings tied to the cited source snapshot above.