Privacy Policy

Privacy Policy

PRIVACY STATEMENT

H.I.S. Travel Nederland B.V. (”We”) are committed to protecting and respecting your privacy. 

This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. By visiting [aula-europe.com] (our site) you are accepting and consenting to the practices described in this policy.

The data controller is H.I.S. Travel Nederland B.V. with registered address at Arent Janszoon Ernststraat 595 E-1 1082 LD Amsterdam.

Our data protection officer can be contacted by completing the contact form.  A link to this form can be found at the end of this Privacy Statement in Section 9 “Contact”. 

1. INFORMATION WE COLLECT 

We will collect and process the following data about you:

Information you give us. This is information about you that you give us by filling in forms on our site or by corresponding with us by phone, e-mail or otherwise. It includes information you provide when you register to use our site, subscribe to our service, make a booking using our site, when you contact our customer service team or when you report a problem with our site. The information you give us may include your name, address, e-mail address and phone number, payment information, information about your personal preference and information about people travelling with you e.g. the number of people in your group and the age ranges.

Information we collect about you. With regard to each of your visits to our site we will automatically collect the following information: 

  • technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform.
  • information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from our site (including date and time) properties you viewed or searched for’ page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any phone number used to call our customer service number.

Information we receive from other sources. This is information we receive about you if you use any of the other websites we operate or the other services we provide. We are also working closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies). 

Special Category Data. We do not generally collect or process special category data. However, we will ask for a copy of your identification document(s) on arrival at your booked accommodation.  This may be biometric. We take copies of these documents and send them to the relevant authorities (see the Disclosure of Your Information: Competent Authorities, section below) . We do not keep copies of your identification documents once we have passed them on to the relevant authorities as required by local law.

Information about other individuals. If you give us information on behalf of someone else (such as someone travelling in your group or accompanying you) you confirm that the other person has appointed you to act on his/her behalf and has agreed that you can:

  • give consent on his/her behalf to the processing of his/her personal data;
  • receive on his/her behalf any data protection notices; and
  • give consent to the transfer of his/her personal as contemplated in this Privacy Statement.

COOKIES  

Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site. For detailed information on the cookies we use and the purposes for which we use them see our Cookie policy.

The user can in fact access what we offer on the website without cookies. Most browsers are set up to accept cookies automatically. But you can deactivate the storage of cookies or set your browser to notify you as soon as cookies are used and you can refuse the storage of cookies.

2. USES MADE OF THE INFORMATION

We use information held about you in the following ways:

  • to provide you with our services, and to carry out our obligations arising from any contracts entered into between you and us and to provide you with the information that you request from us;
  • to provide you with information about other goods and services we offer that are similar to those that you have already purchased or enquired about;
  • to notify you about changes to our service;
  • to ensure that content from our site is presented in the most effective manner for you and for your computer;
  • to administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
  • to allow you to participate in interactive features of our service, when you choose to do so;
  • as part of our efforts to keep our site safe and secure including detection and prevention of fraud and other illegal and unwanted activities;
  • similarly for risk assessment purposes such as authentication of users and reservation;
  • to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you;
  • to make suggestions and recommendations to you and other users of our site about goods or services that may interest you or them;
  • to handle and resolve legal disputes, for regulatory investigations and compliance, to enforce our terms of use or to comply with lawful requests from law enforcement agencies.

Information we receive from other sources. 

We may receive information about you from third parties with whom we do business including other accommodation platform providers through which you may book accommodation managed by us. (See “Disclosure of Your Information: Business Partners”, section below.)

We will combine this information with information you give to us and information we collect about you. We will use this information and the combined information for the purposes set out above (depending on the types of information we receive).

Providing your personal data to us is voluntary. However, we may only be able to provide you with certain services if we cannot collect some personal data. For instance, we can’t process your booking if we don’t collect your name and contact details.

Call Monitoring and Recording

When you make calls to our customer service team, we may use an automated telephone number detection system to match your telephone number to your existing reservations. This can help save time for both you and our customer service staff. However, our customer service staff may still ask for authentication, which helps to keep your reservation details confidential.

During calls with our customer service team, live listening might be carried out or calls might be recorded for quality control and training purposes. This includes the use of the recordings for the handling of complaints, legal claims and for fraud detection.

Not all calls are recorded, and recordings are kept for a limited amount of time before being automatically deleted. An exception to this rule would be if we have a legitimate need to keep the recordings longer for fraud investigation or legal purposes.

Credit Checking

To enable us to make credit decisions about you and for fraud prevention and money laundering purposes, we may search the files of credit reference and fraud prevention agencies (who will record the search). We may disclose information about how you conduct your account to such agencies and your information may be linked to records relating to other people living at the same address or who you have told us are travelling with you and with whom you are financially linked. Other credit providers may use this information to make credit decisions about you and the people with whom you are financially associated, as well as for fraud prevention, debtor tracing and money laundering purposes. If you provide false or inaccurate information and we suspect fraud, we will record this. We may also report our suspicions to the appropriate law enforcement and regulatory agencies.

Marketing and Opting Out

If you have given permission (or opted in to receive our newsletter and other material from us), we may contact you by telephone, sms/text message, fax or email about products, services, promotions, special offers that may be of interest to you. If you prefer not to receive any direct marketing communications from us, you can opt out at any time. See Section 8 “Your Rights”, below.

If you have given permission, we may share your personal data with organisations who are our business partners and we or they may contact you (unless you have asked us or them not to do so) by mail, telephone, sms, text message, fax or email, about  products, services, promotions, special offers that may be of interest to you. If you prefer not to receive any further direct marketing communications from our business partners, you can opt out at any time. See Section 8 “Your Rights”, below.

3. LEGAL BASIS FOR PROCESSING YOUR INFORMATION

Performance of a Contract

Where you provide us with information in order to make a booking we rely on the legal basis that the processing of your personal data is necessary for the performance of a contract, specifically to finalise and administer your booking.

If the required personal data is not provided, we cannot finalise the booking, nor can we provide customer service. 

Legitimate Interests

We rely on our legitimate commercial business interest to provide our services, to prevent fraud and to improve our services.

When using personal data to serve our, or a third party's legitimate interest, we will always balance your rights and interests in the protection of your personal data against our own rights and interests or those of the third party. 

You have a right to object and to seek to restrict such processing. See Section 8 “Your Rights” for more information on how to exercise your right to object.

We will consider several factors when assessing an objection including: our users’ reasonable expectations; the benefits and risks to you, us, other users, or third parties; and other available means to achieve the same purpose that may be less invasive and do not require disproportional effort. If your objection is upheld, we will cease processing your information, unless the processing is based on compelling legitimate grounds or is needed for legal reasons. 

Compliance with Legal Obligations

We also rely, where applicable, on compliance with legal obligations (such as law enforcement requests or in compliance with requirements to register the identity of visitors/tourists staying in our accommodation with local authorities).

Consent

Finally, where needed under applicable law, we will obtain your consent prior to processing your personal data, including for email marketing purposes or as otherwise required by law.

Where you have given your permission and you change your mind and you no longer wish to receive marketing and promotional communications from us, you may unsubscribe or opt-out of receiving them by following the instructions included in each communication or by contacting us. See Section 9 “Contact” below.

We will also offer you the opportunity to choose (opt-out) whether your personal data is (a) to be disclosed to a third party, or (b) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by you.

See Section 8 “Your Rights” below for more information about what you can do in relation to your personal data collected and used by us.

4. DISCLOSURE AND SHARING OF YOUR INFORMATION

Third-party service providers 

We use service providers from outside of our corporate group to support us in providing our services. These include:

  • Customer support
  • Market research
  • Fraud detection and prevention (including anti-fraud screening)
  • Payment
    We use third parties to process payments, handle chargebacks or provide billing collection services. We may provide of a copy of your reservation confirmation or the IP address used to make your reservation to the payment providers. We may also share information with relevant financial institutions, if we consider it strictly necessary for fraud detection and prevention purposes.
  • Marketing services
    We may share personal data with advertising partners, including your email address, as part of marketing services via third parties (to ensure that relevant advertisements are shown to the right audience). We use techniques such as hashing to enable the matching of your email address with an existing customer database, so that your email address cannot be used for other purposes. For information on other personalised advertisements and your choices, please read our Cookie Statement.
  • Advertising partners
    We may use advertising partners, such as metasearch providers, to allow you to compare our offers with the offers of other online booking agents. When you make a reservation on our site after using an advertising partner, we will send the details of the reservation that you made on our site to that partner.

All third party service providers that we use are required to continue to adequately safeguard your personal data. For more information about these third parties click here

Competent authorities 

We may be required to register your details including a copy of your identification document with the local authorities situated where you are staying in accommodation provided by us.  

We may disclose personal data to law enforcement authorities to the extent that it is required by law or is strictly necessary for the prevention, detection or prosecution of criminal acts and fraud, or if we are otherwise legally obliged to do so. 

We may need to further disclose personal data to competent authorities to protect and defend our rights or properties, or the rights and properties of our business partners. 

Business partners 

We work with many business partners around the world. These business partners distribute or advertise our services.

When you make a booking on one of our business partners’ websites or apps, certain personal data that you give them, such as your name and email address, your address, payment details and other relevant information, will be forwarded to us to finalise and manage your booking.

If customer service is provided by the business partner, we will share relevant reservation details with them (as and when needed) in order to provide you with appropriate and efficient support.

When you make a booking through one of our business partners’ websites, the business partners can receive certain parts of your personal data related to the specific reservation and your interactions on these partner websites. This is for their commercial purposes.

When you make a reservation on a business partners’ website, please also take the time to read their privacy notice if you’d like to understand how they process your personal data.

For fraud detection and prevention purposes, we may also exchange information about our users with business partners – but only when strictly necessary

Corporate Group

We may share your personal information with any member of our group. (For more information on our group members please check our site or contact us. See Section 9 “Contact” below.)

We will disclose your personal information to third parties: 

  • In the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets.
  • If H.I.S. Travel Nederland B.V. sells its assets or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.

5. DATA STORAGE AND TRANSFERS

All information you provide to us is stored on secure servers located in EU-West. (You can get more information about the location of the servers where your information is stored and processed by visiting Amazon Elastic Compute Cloud Documentation.). As a company providing services internationally, we may receive and transfer information all over the world. Consequently, your personal information may be used, stored and processed outside of the country where you entered that information or from which we collected it.
 It may also be processed outside the location from which it was collected by staff operating in different locations who work for us or for one of our suppliers. This includes staff engaged in, among other things, the fulfilment of your booking and the provision of services.

You can obtain more information about our third party suppliers and their locations and processing activities here click here or by contacting us. See Section 9 “Contact” below.

Wherever we are required to transfer your personal information, regardless of where this occurs, we have taken steps to ensure that your information is treated securely and in accordance with this Privacy Statement and all applicable data protection laws and regulations. Where we are required to make contractual arrangements to ensure that your personal data is still protected in line with European standards we have done this. You can ask for more details of these contractual arrangements by contacting us. See Section 9 “Contact” below.

6.SECURITY 

We will use technical and organisational measures to safeguard your personal data, for example:

  • access to your account is controlled by a password and username that are unique to you;
  • we store your personal data on secure servers;
  • We use trusted PCI DSS compliant 3rd party payment provider;
  • We use WAF and SSL encryption to improve the security of the communication to the server.

Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

7. FOR HOW LONG DO WE KEEP YOUR DATA

We’ll keep your personal data for as long as we think it's necessary to enable you to use our services or to provide our services to you (including maintaining your user account, if you have one), to comply with applicable laws, resolve any disputes and otherwise to allow us to conduct our business, including to detect and prevent fraud or other illegal activities.

We use the following criteria to determine whether or not we need to continue keep your data:

  • fulfilment of a booking, 
  • if you or we close your customer account, 
  • if you unsubscribe or opt out from communications, 
  • if we are required to keep a copy of your data by law or statutory regulation.

You also have the ability to request that we delete your personal data at any time. See the Section 8 “Your Rights”.

8. YOUR RIGHTS 

Right to ask us to stop contacting you with direct marketing. Even if you have accepted the processing of your personal data for marketing purposes (by ticking the relevant box), you have the right to ask us to stop processing your personal data for such purposes. Let us know what method of contact you are not happy with if you are unhappy with certain ways of contacting you only (for example, you may be happy for us to contact you by email but not by telephone). 

Right to request a copy of your information. You can request a copy of your information which we hold (this is known as a subject access request). If you would like a copy of some or it, please contact us and let us know the information you want a copy of, including any account or reference numbers, if you have them. Any subject access request may be subject to a reasonable fee to cover the cost of providing you with details of the information we hold about you.  

Right to correct any mistakes in your information. You can require us to correct any mistakes in your information which we hold free of charge. If you would like to do this, please contact us and let us know the information that is incorrect and the information you want it replaced with. 

Right to request we cease processing your information. You may request that we cease processing your personal data.  If you make such a request, we shall retain only the amount of personal data pertaining to you that is necessary to ensure that no further processing of your personal data takes place. 

Right to request deletion of your information. You can ask us to erase all your personal data (also known as the “right to be forgotten”) in the following circumstances:

  • it is no longer necessary to hold that Personal Data with respect to the purpose for which it was originally collected or processed;
  • you wish to withdraw your consent to us holding and processing your personal data;
  • you object to us holding and processing your personal data (and there is no overriding legitimate interest to allow us to continue doing so); 
  • the personal data has been processed unlawfully; or
  • the personal data needs to be erased in order for us to comply with a particular legal obligation.

Unless we have reasonable grounds to refuse to erase your personal data, all requests for erasure shall be complied with.

9. CONTACT  

Questions, comments and requests regarding this Privacy Statement are welcomed and should be addressed through the contact form Contact Us Please use these contact details to exercise your rights as outlined in Section 8 “Your Rights” above.

10. COMPLAINTS

If you have any complaints about the way in which we collect, store and use your information, and these have not been addressed by contacting us first, you can contact the supervisory authority in  the Netherlands, the Dutch Data Protection Authority (Dutch DPA): Contact Autoriteit Persoonsgegevens

11. LINKS TO OTHER WEBSITES

Our site may contain links to websites of our business partners and other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over other websites and their content. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this Privacy Statement. You should exercise caution and look at the privacy statement applicable to the website in question.

12. CHANGES TO OUR PRIVACY STATEMENT  

Any changes we make to our Privacy Statement in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our Privacy Statement.


Last Updated: 21 May 2021.

Services