CLOUDBEDS PRIVACY POLICY

You may access the previous version of our Privacy Policy containing our California Privacy Notice and EU Privacy Policy here.

Download the Current Privacy Policy

This Privacy Policy describes the privacy practices of Digital Arbitrage, Inc. d/b/a Cloudbeds and its affiliated companies (“Cloudbeds”, “we”, “us” and/or “our”), for data and personal information we collect:

• Through websites owned and operated by us, including https://www.cloudbeds.com/ and other websites owned or controlled by Cloudbeds (“Sites”);
• Through software applications (including chat functionality and other automated tools) made available by us for use through computers and mobile devices (“Apps”);
• Through social media pages that we control from which you are accessing this Privacy Policy (“Social Media Pages”);
• Through communications that we send to you that link to this Privacy Policy and through your communications with us online or in person;
• From other third party sources such as public databases, marketing partners, etc.

In this Privacy Policy we refer to the Sites, Apps, Social Media Pages and Offline Interactions as the “Services”. 

Please note that this Privacy Policy does not apply to our processing of personal information on behalf of and subject to the instructions of third parties such as airlines, car rental companies and other service providers, companies that organize or offer packaged travel arrangements, marketing partners, or certain corporate customers.

Travelers please note, if you are booking stays or travel services with a travel provider, Cloudbeds may provide the platform through which such actions occur. However, your interactions, including any personal information that you share with a travel provider, are subject to the privacy policies of each such travel provider. 

California Notice at Collection/State Privacy Rights Notice: See the State Privacy Rights Notice section below for important information about your rights under applicable state privacy laws.

Notice to European users: If you are located in the European Economic Area (“EEA”) or the United Kingdom (“UK”) (referred to below as “Europe” and “European”), see the Notice to European users below.

Cloudbeds may provide additional or supplemental privacy policies to individuals for specific products or services that offer at the time we collect personal information. For example, this Privacy Policy does not apply to personal information that we collect from Cloudbeds employees, partners, contractors or job candidates. Such information is subject to separate privacy policies. 

You can download a printable copy of this Privacy Policy.

INDEX

• Personal information We Collect 
• How We Use Your Personal Information 
• How We Share Your Personal information
• Your Choices with Respect to Your Personal information 
• Security
• Third Party Sites
• International Data Transfers
• Children
• Changes to this Privacy Policy
• State Privacy Rights Notice
• European Privacy Rights Notice
• Changes to this Privacy Policy
• How to Contact Us and Exercise Your Rights 

Personal information we collect

INFORMATION YOU PROVIDE TO US

We receive and store any personal information you post to the Sites or provide to us when you set up a user account, sign up for our newsletters or promotions, purchase services, or make a reservation for travel services through one of our Services.  You can choose not to provide such personal information, in which case you will not be able to access or use portions of the Sites or some of their features.

• Contact data, such as your first and last name, salutation, billing and mailing addresses, phone number, email address, professional title, and company name.
• Demographic data, such as your city, state, country of residence, and postal code.
• Communications data, including details from our interactions with you via various channels such as:
  • Electronic Communications: Information from emails, online chats, and messages you send through our Services.
  • SMS/Text Messages: If you opt into our SMS/MMS messaging programs, we will collect and use your mobile phone number to send messages as described in our SMS/MMS Terms. Additionally, we also collect content and metadata (e.g., date, time) of text messages you send to or receive from us. 
  • Phone Calls: Details from phone conversations with our representatives, which may include call duration, time, and, where permitted by law, recorded content.
  • Support: Screenshots, videos, or other information you provide to our support team to assist with inquiries or investigations.
• User-Generated Content (UGC), including photographs, videos, reviews, and other content you upload or share through our Services or on social media platforms that we access, including any metadata associated with such content.
• Online identifiers and account information, such as your username or passwords for any of our websites.
• Payment and transactional data, including payment card information or bank account numbers used to bill for our services and your billing and payment history.
• .
• Marketing data, such as your preferences for receiving our marketing communications and details about your engagement with them.
• Audio, electronic, and visual information, such as video and voice recordings of conversations with you as permitted by law.
• Professional or employment-related information, such as your job title, employer information, work history and education information, such as the schools you attended.
• Other data not specifically listed here, which we will use as described in this Privacy Policy  or as otherwise disclosed at the time of collection.

THIRD PARTY SOURCES

We may combine personal information we receive from you with personal information we obtain from other sources, such as:

• Public sources, such as government agencies, public records, social media platforms, and other publicly available sources.
• Private sources, such as data providers, social media platforms, data licensors, account intelligence providers (who help us identify the types of visitors to our Services), and entities to which we provide services (which may include your employer).
• Partner organizations, such as the travel and accommodations providers with whom we work.
• Marketing partners, such as joint marketing partners and event co-sponsors.

AUTOMATED COLLECTION

We, our service providers and our business partners may automatically receive and store certain types of information about you, your computer or mobile device, and you interaction with our Services over time, our communications and other online services such as:  

• Log data – Our web servers may collect “log data.” Log data provides aggregate information about the number of visits to different pages on the Sites. Third-party vendors may also collect aggregate log data independently from us.
• Web beacons – Some of the pages on the Sites may contain electronic images known as web beacons that allow use to count the number of users who have visited those pages.  These collect only limited information such as a cookie number, time and date of a page view, and a description of the page on which the web beacon resides.  These web beacons do not carry any personal information and you cannot opt-out or refuse them.  However, where they operate with cookies, you can render them ineffective by opting out of cookies or changing the cookie setting in your browser.
• Communication interaction data such as your interactions with our email (sent by us, and/or our marketing service providers), chat messages, voicemail, text or other communications (e.g., whether you open and/or forward emails) – we may do this through use of pixel tags (which are also known as clear GIFs), which may be embedded invisibly in our emails. 

(collectively, “Device Data”)

COOKIES

Some of our automatic data collection is facilitated by cookies and similar technologies. For more information, see our Cookie Policy. 

DETAILS ABOUT OTHERS

We may collect contact details about individuals whom you refer to us for services. Please do not refer someone to us or share their contact details with us unless you have their permission to do so.

SENSITIVE DATA

Except for biometric data (see below), we do not collect sensitive data, for example, health data, or data revealing racial or ethnic origin, from visitors to the Sites.

BIOMETRIC DATA

Solely if you expressly opt-in, we may collect biometric information, such as facial recognition data or fingerprints to enhance the security of your account through Multi-Factor Authentication (MFA). This information will be used solely for identity verification purposes and will not be shared with third parties except as necessary to provide our services or as required by law. We retain biometric data only as long as needed for authentication purposes and will delete it securely in accordance with our data retention policy. By enrolling in MFA, you consent to the collection and use of your biometric information as described herein.

How we use your personal information

We are fully committed to providing you with information about the collection and use of Personal information furnished by, or collected from, those using the Services. It is our practice not to ask you for Personal information unless we need it or intend to use it. The purposes for collecting your Personal information are as follows:

Services and Operations, including: 

• Communicate with you about the Services;
• Provide customer service and support;
• Process payments, including conducting authentication;
• Notify you of changes to our Services;
• Send you information you have requested;
• Process entries to a competition or promotion;
• Carry out obligations under any contract we have with you;
• In connection with the creation and maintenance of your user account;
• In connection with the processing, fulfillment, and shipment of any products or services you purchase;
• Administer membership and activity in rewards programs; 
• Process transactions with partners;
• Tailor your user experience on the Sites; and
• Perform functions as otherwise described to you at the time of collection.

UGC

When you submit content to our platform, such as comments, reviews, or media files, please be aware that this information may be publicly accessible. We may share your UGC with other users, display it on our website, or distribute it through various media channels. By providing this content, you consent to its public dissemination and acknowledge that it may be viewed by others.

Research and Development

We may use your personal information for research and development purposes, including to analyze and improve the Services and our business and to develop new products and services. As part of these activities, we may create aggregated, de-identified and/or anonymized data from personal information we collect. We make personal information into de-identified or anonymized data by removing information that makes the data personally identifiable to you. We may use this aggregated, de-identified or otherwise anonymized data and share it with third parties for our lawful business purposes, including to analyze and improve the Services and promote our business and will not attempt to reidentify any such data.

Marketing

• Communicate with you by email, regular mail, telephone, or mobile devices, about products or services that may be of interest to you either from us or from other third parties;
• Develop and deliver our newsletter;
  Develop and display third-party content and advertising tailored to your interests on the Sites;

You may opt-out of our marketing communications as described in the Opt out of communications section below.

Service Improvement and Analytics

We may use your personal information to analyze your usage of the Services, improve the Services, improve the rest of our business, help us understand user activity on the Services, including which pages are most and least visited and how visitors move around the Services, as well as user interactions with our emails, and to develop new products and services.

Legal Compliance and Protection

• Comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas, investigations or requests from, or cooperate with government authorities;
• Protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims); 
• Audit our internal processes for compliance with legal and contractual requirements or our internal policies;
• Enforce the terms and conditions that govern the Services; and
• Prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.

New Purposes

We may use your personal information for reasons not described in this Privacy Policy where permitted by law and when the reason is compatible with the purpose for which we collected it. 

Retention

We generally store/retain your personal information as long as reasonably necessary to fulfill the purposes described in this Privacy Policy, as we determine is necessary for business records, and as required under applicable law. To determine the appropriate retention period for personal information, we may consider factors such as the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements. In some cases, we may specifically ask you for your consent to collect, use or share your personal information, such as where required by law. 

When we no longer require the personal information we have collected about you, we may either delete it or de-identify, aggregate or anonymize it. If we de-identify, aggregate or anonymize your personal information (so that it can no longer be associated with you), we may use this information indefinitely without further notice to you.

How we share your personal information 

OUR PRACTICES

We do not sell personal information in exchange for monetary compensation. However, we may share certain personal information as defined under California Civil Code Section 1798.140(ad), which may be considered a “sale” or “sharing” under applicable privacy laws. Specifically, we may share personal information with select third-party service providers, including data analytics providers, advertising partners, and social networks, to enhance user experience, measure site traffic, and deliver targeted advertising. These third parties may collect or receive information about your interactions with our website. To opt-out of this, please visit our Do Not Sell or Share My Personal Information page.

We may share your information with the following parties and as otherwise stated in this Privacy Policy, in other applicable notices, or as notified at the time of collection:

• Affiliates. Cloudbeds’ affiliates.
• Service Providers. The third parties that provide services on our behalf or help us operate the Services, or our business (such as information technology and software services, mailing services, marketing services, event management services, and cyber and physical security services).
• Third Parties You Designate. Third parties where you have instructed us or provided your consent to do so (for example travel or accommodations providers with whom you are booking or otherwise transacting business). We will share personal information that is needed for these other companies to provide the services that you have requested.
• Other Third Parties. Third parties, such as social sites (including Facebook and Instagram), to which you subscribe in order for you to link to them through our site and view our content through those sites. 
• Business and Marketing Co-Sponsors. Third parties with whom we co-sponsor marketing or promotions. 
• Legal Compliance. As we believe is necessary to comply with applicable laws, statutes, or regulations, and/or to enforce this Privacy Policy and the Terms and to protect our rights and the rights of others. And as required by a court or government agency or to respond to a claim by you or a third party.
• Assignment/Corporate Change. As part of a transfer of our assets, for example in the event of a merger, acquisition, corporate change or, in the unlikely event of a bankruptcy, involving Cloudbeds.

Other Privacy Policies

Any third parties to whom we may disclose personal information may have their own privacy policies that describe how they use and disclose personal information. Those policies will govern use, handling, and disclosure of personal information once we have shared it with those third parties as described in this Policy. If you want to learn more about their privacy practices, we encourage you to visit the websites of those third parties.

Your choices with respect to your personal information

In this section, we describe the rights and choices available to all users. If you are a resident of a state that provides additional rights (e.g., California and Virginia), you may find additional information about your rights in the State Privacy Rights Notice section below. If you are located in the EEA or the UK, see the European Privacy Rights Notice section below.

• Opt-out of communications. You may opt-out of marketing-related emails by following the opt-out or unsubscribe instructions at the bottom of the email. You may opt-out of marketing-related texts by texting STOP in response to a marketing text from us. Please note that if you choose to opt-out of marketing-related emails and/or texts, you may continue to receive service-related and other non-marketing emails and/or texts.  
• Cookies. For information about cookies employed by the Services and how to control them, see our Cookie Notice.
• Do Not Track. Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.
• Blogs.The Site may offer publicly accessible blogs and social forums where you may post photos, videos and information about yourself and your experience at the Properties. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. To request removal of your personal information from our blog or social pages, contact us at privacy@Cloudbeds.com.  In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why.  Alternatively, if you used a third party application to post such information, you can remove it by logging into that application and removing the information, or by contacting the appropriate party for such third party application.
• Testimonials.We display personal testimonials of satisfied customers on our site in addition to other endorsements.  With your consent we may post your testimonial along with your name.  If you wish to update or delete your testimonial, you can contact us at privacy@Cloudbeds.com.
• Storage.If you would like us to delete the personal information you have provided to us, please contact us at privacy@Cloudbeds.com and we will respond in a reasonable time. Please note that some or all of this information may be required in order for you to make use of services and features available via the Sites.  If you remove this information, you may no longer be able to use these features.
  Declining to provide information. We need to collect personal information to provide certain services. If you do not provide the information we identify as required or mandatory, we may not be able to provide those services.

Security Safeguards

We have reasonable security measures in place to protect against loss, misuse and alteration of personal information under our control. When you enter personal information to book a reservation or set up an account, we encrypt that information using secure socket layer technology (SSL).  In addition, electronically stored personal information is stored and backed-up on a secure network with firewall protection and access to our electronic information systems requires user authentication via password or similar means. We also employ access restrictions, limiting the scope of employees who have access to personal information. While we strive to safeguard personal information, we cannot guarantee or warrant the security of any information you disclose or transmit to us and you do so at your own risk.  

Third Party Sites

The Sites may contain links to other websites. We do not control, and make no representations whatsoever regarding, such other websites or the products and services offered by or through websites accessed through links on the Sites, even those with which we may have an affiliation. If you decide to access third party websites linked through the Sites you do so at your own risk. You should carefully review the Privacy Policy and terms of these websites. 

International data transfers

We are headquartered in the United States and may use service providers that operate in other countries. Your personal information may be transferred to the United States or other locations where privacy laws may not be as protective as those in your state, province, or country.
If you are located in the EEA or the UK, see the European Privacy Rights Notice below.

Children

The Services are not directed at children, and we do not knowingly collect personal information directly from users under the age of 13 or from other websites or services directed at children. Consistent with the Federal Children’s Online Privacy Protection Act of 1998 (COPPA), we will not knowingly request or collect personal information from any child under age 13 without obtaining the required parental consent.

Changes to this Privacy Policy

We reserve the right to modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy and posting it on the Site or other appropriate means. Any modifications to this Privacy Policy will be effective upon our posting the modified version (or as otherwise indicated at the time of posting). In all cases, your use of the Services after the effective date of any modified Privacy Policy indicates your acknowledging that the modified content of the Privacy Policy applies to your interactions with the Services and our business.

How to contact us

If you have questions or concerns regarding this Privacy Policy or our processing of personal information, you may contact us as follows:

• Complete and submit this form 
• Regular Mail: 
  Digital Arbitrage, Inc.
  3033 Fifth Ave Ste 100
  San Diego, CA 92103
  

STATE PRIVACY RIGHTS NOTICE

This section provides additional information to individuals in states with privacy laws that provide additional rights to their residents, including the California Consumer Privacy Act (“CCPA”), the Virginia Consumer Data Protection Act (“CDPA”), the Colorado Privacy Act (“CPA”), and the Connecticut Personal Data Privacy and Online Monitoring Act (collectively the “State Privacy Laws”). 

This section describes how we collect, use, and share Personal information (as defined below) of residents of these states and the rights these users may have with respect to their Personal information. Please note that not all rights listed below may be afforded to all users and that if you are not a resident of one of these states with State Privacy Laws, you may not be able to exercise these rights. In addition, we may not be able to process your request if you do not provide us with sufficient detail to allow us to confirm your identity or understand and respond to it. 

For purposes of this section, the term “Personal Information” has the meaning given to “personal data,” “personal information” or other similar terms in applicable State Privacy Laws and does not include information exempted from the scope of the State Privacy Laws, such as publicly available information. In some cases, we may provide a different privacy policy to certain categories of residents of these states, such as job applicants, in which case that notice will apply instead of this section. “Sensitive Personal Information” has the meaning given to “sensitive personal information” under applicable State Privacy Laws. 

Your privacy rights. The State Privacy Laws may provide residents with some or all of the rights listed below. However, these rights are not absolute and some State Privacy Laws do not provide these rights to their residents.  Therefore, we may decline your request in certain cases as permitted by law. We do not “sell” or “share” Personal iInformation in exchange for monetary consideration. We do share personal information for other benefits as defined by Cal. Civ. Code 1798.140(ad) and some of these activities may be deemed a ‘sale’ under applicable law. Select third-parties, such as advertising technology partners, data analytics providers, and social networks, may collect or receive information so that Cloudbeds can engage in targeted advertising. You have a right to direct us not to sell or share your Personal Information. Cloudbeds does not knowingly sell or share the personal information of consumers under 16 years of age. We do not engage in any “Profiling” (as such term is defined under applicable State Privacy Laws) in furtherance of decisions that produce legal or similarly significant effects about you, where regulated by applicable State Privacy Laws. We also do not use or disclose Sensitive Personal Information for purposes that California residents have a right to limit under the CCPA, and where required by applicable State Privacy Laws, we obtain your consent before we collect Sensitive Personal information from you.

DISCLOSURE OF PERSONAL INFORMATION WE COLLECT ABOUT YOU

You have the right to know:

• The categories of personal information we have collected about you;
• The categories of sources from which the personal information is collected;
• Our business or commercial purpose for collecting or selling personal information;
• The categories of third parties with whom we share personal information, if any; and
• The specific pieces of personal information we have collected about you.

Please note that we are not required to:

• Retain any personal information about you that was collected for a single one-time transaction if, in the ordinary course of business, that information about you is not retained;
• Reidentify or otherwise link any data that, in the ordinary course of business, is not maintained in a manner that would be considered personal information; or
• Provide the personal information to you more than twice in a 12-month period.

PERSONAL INFORMATION SOLD OR USED FOR A BUSINESS PURPOSE

In connection with any personal information we may sell or disclose to a third party for a business purpose, you have the right to know:

• The categories of personal information about you that we sold and the categories of third parties to whom the personal information was sold; and
• The categories of personal information that we disclosed about you for a business purpose.

You have the right under the CCPA and certain other privacy and data protection laws, as applicable, to opt-out of the sale of your personal information. If you exercise your right to opt-out of such sale of your personal information, we will refrain from selling your personal information unless you subsequently provide express authorization for the sale of your personal information. To opt-out of the sale of your personal information, enter your email address in the following form:

RIGHT TO DELETION

Subject to certain exceptions set out below, on receipt of a verifiable request from you, we will:

• Delete your personal information from our records; and
• Direct any service providers to delete your personal information from their records.

Please note that we may not delete your personal information if it is necessary to:

• Complete the transaction for which the personal information was collected, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, provide a good or service requested by you, or reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform a contract between you and us;
• Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity;
• Debug to identify and repair errors that impair existing intended functionality;
• Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law;
• Comply with the California Electronic Communications Privacy Act;
• Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when our deletion of the information is likely to render impossible or seriously impair the achievement of such research, provided we have obtained your informed consent;
• Enable solely internal uses that are reasonably aligned with your expectations based on your relationship with us;
• Comply with an existing legal obligation; or
• Otherwise use your personal information, internally, in a lawful manner that is compatible with the context in which you provided the information.

PROTECTION AGAINST DISCRIMINATION

You have the right to not be discriminated against by us because you exercised any of your rights under the CCPA or other state laws. This means we cannot, among other things:

• Deny goods or services to you;
• Charge different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties;
• Provide a different level or quality of goods or services to you; or
• Suggest that you will receive a different price or rate for goods or services or a different level or quality of goods or services.

Please note that we may charge a different price or rate or provide a different level or quality of goods and/or services to you, if that difference is reasonably related to the value provided to our business by your personal information.

EXERCISING YOUR RIGHT TO KNOW, ACCESS, APPEAL, CORRECT AND DELETE PERSONAL INFORMATION

You may submit requests to exercise your right to information/know, access, appeal, correction, or deletion by calling us at +1 at (858) 345-5316 (toll-free in the U.S. only) or by completing our online data subject request form available at Data Privacy Request.

VERIFICATION OF IDENTITY; AUTHORIZED AGENTS

We may need to verify your identity in order to process your information/know, access, appeal, correction, or deletion requests and reserve the right to confirm your residency. To verify your identity, we may require government identification, a declaration under penalty of perjury, or other information, where permitted by law.

Under some State Privacy Laws, you may enable an authorized agent to make a request on your behalf.  However, we may need to verify your authorized agent’s identity and authority to act on your behalf.  We may require a copy of a valid power of attorney given to your authorized agent pursuant to applicable law. If you have not provided your agent with such a power of attorney, we may ask you to take additional steps permitted by law to verify that your request is authorized, such as by providing your agent with written and signed permission to exercise your State Privacy Laws rights on your behalf, the information we request to verify your identity, and confirmation that you have given the authorized agent permission to submit the request. 

CATEGORIES OF PERSONAL INFORMATION WE COLLECT USE AND DISCLOSE

We have summarized the Personal Information we collect and may disclose to third parties by reference below to both (i) the categories defined in the Personal information We Collect section of this Privacy Policy above and (ii) the categories of Personal information specified in the CCPA (Cal. Civ. Code §1798.140). We may use each of the categories of Personal information below for the purposes identified in the How We Use Your Personal information section of this Privacy Policy above (except for any Sensitive Personal information, which will only be processed for the purposes for which it was collected and as otherwise specifically permitted by applicable law, including applicable State Privacy Laws). This section also describes our practices currently and during the 12 months preceding the effective date of this Privacy Policy. Information you voluntarily provide to us, such as in free-form webforms, may contain other categories of Personal information not described below. More information about the categories of sources from which we collect Personal information and the purposes for collecting or disclosing Personal information are described above in this Privacy Policy.

Any request for a disclosure required under this California law should be sent to us via email at support@cloudbeds.com or via regular mail at:

Digital Arbitrage, Inc.

3033 Fifth Ave Ste 100

San Diego, CA 92103

Please note that under this law, we are not required to respond to your request more than once in a calendar year, nor are we required to respond to any request that is not sent to the email or mailing address designated above.

“Do not track”:  Section 22575 of the California Business & Professions Code requires website and online service operators to disclose whether they honor web browser “Do Not Track” settings.  We support and honor “Do Not Track” web browser settings.  If you enable Do Not Track settings in the browser you are using, we will not collect, store, or use personal information about websites you visit using that browser other than privacy@Cloudbeds.com and our other Sites. Other parties, however, may not honor Do Not Track signals. These parties may collect personal information about your online activities over time and across different web sites when you visit the Sites, for example by using cookies on our Sites. We have no access to or control over other parties’ personal information collection practices, even those with which we may have an affiliation. You should carefully review the Privacy Policy and terms of any website you visit. For more information about Do Not Track, please visit www.allaboutdnt.org.

Nevada privacy rights

Chapter 603A of the Nevada Revised Statutes permits a Nevada resident to opt out of future sales of certain covered information that a website operator has collected or will collect about the resident. If you are a Nevada resident, you may submit a request to opt out of potential future sales under Nevada law by contacting us as indicate below. Please include sufficient information for us to identify you in your email, such as information about stays, or, if applicable, your account information. Please note we will take reasonable steps to verify your identity and the authenticity of the request. 

EUROPEAN PRIVACY RIGHTS NOTICE

The Sites are hosted in and provided from the United States.  If you use the Sites from the European Union, Canada, or other regions with laws governing data collection and use that may differ from U.S. law, please note that you are transferring your personal information to the United States for storage and processing. The United States does not have the same data protection laws as the EU, Canada, and some other regions. Also, we may transfer your data from the United States to other countries or regions in connection with storage and processing of data, fulfilling your requests, and operating our business. By providing any information, including personal information, you consent to the transfer of that information to the United States and the use of your personal information, in accordance with this Policy.   

The information provided in this “Notice to European users” section applies only to individuals in the United Kingdom (“UK”) and the European Economic Area (“EEA”) (hereafter collectively referred to as “Europe” as defined at the top of this Privacy Policy).

Personal information. References to “personal information” in this Privacy Policy are equivalent to “personal data” governed by European data protection legislation – i.e., any information relating to an identified or identifiable natural person. It does not include “anonymous data” (i.e., information where the identity of individual has been permanently removed).

Controller. Cloudbeds is responsible for your personal data. Cloudbeds is a corporation formed under the laws of the State of Delaware, United States of America. For the purposes of European data protection legislation, your data will be controlled by Cloudbeds.

Data Protection Officer. Our data protection officer can be contacted at: privacy@cloudbeds.com or at the following postal address: 3033 Fifth Ave #100, San Diego, California 92103.

Legal bases for processing. In respect of each of the purposes for which we use your personal information, the European data protection legislation requires us to ensure that we have a legal base for that use. The legal bases of our processing of your personal information as described in this Privacy Policy will depend on the type of personal information and the specific context in which we process it. However, the legal bases we typically rely on are set out in the table below. If you have questions about the legal basis of how we process your personal information, contact us at privacy@cloudbeds.com:

Your rights. Subject to certain exemptions, and in some cases dependent upon the processing activity we are undertaking, you may have the following rights under data protection laws:

1. Right of access: You have the right to ask us for copies of your personal information.
2. Right to rectification: You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
3. Right to erasure: You have the right to ask us to erase your personal information in certain circumstances.
4. Right to restriction of processing: You have the right to ask us to restrict the processing of your personal information in certain circumstances.
5. Right to object to processing: You have the right to object to the processing of your personal information in certain circumstances.
6. Right to data portability: You have the right to ask that we transfer the personal information you gave us to another organization, or to you, in certain circumstances.
7. Right to withdraw consent at any time: Where we are relying on consent to process your personal data, you have the right to withdraw your consent at any time. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent.

Exercising These Rights. You may submit these requests by email to privacy@cloudbeds.com or at the following postal address: 3033 Fifth Ave #100, San Diego, California 92103. We may request specific information from you to help us confirm your identity and process your request. Whether or not we are required to fulfill any request you make will depend on a number of factors (e.g., why and how we are processing your personal information), if we reject any request you may make (whether in whole or in part) we will let you know our grounds for doing so at the time, subject to any legal restrictions.

Your Right to Lodge a Complaint with Your Supervisory Authority. In addition to your rights outlined above, if you are not satisfied with our response to a request you make, or how we process your personal information, you can make a complaint to the data protection regulator in your habitual place of residence.

• For users in the European Economic Area – the contact information for the data protection regulator in your place of residence can be found here: https://edpb.europa.eu/about-edpb/board/members_en
• For users in the UK – the contact information for the UK data protection regulator is below:
  • The Information Commissioner’s Office
  • Water Lane, Wycliffe House Wilmslow – Cheshire SK9 5AF
  • Tel. +44 303 123 1113
  • Website: https://ico.org.uk/make-a-complaint/

Onward transfer

Except as otherwise provided in this Privacy Policy, we only disclose personal information to third parties who reasonably need to have access to it for the purpose of the transaction or activity for which it was originally collected or to provide services to or perform tasks on our behalf or under our instruction. All such third parties must agree to use such the personal information we provide to them only the purposes for which we have engaged them and they must either: (a) comply with a mechanism permitted by the applicable EU & Swiss data protection law(s) for transfers and processing of personal information; or (b) agree to provide adequate protections for the personal information that are no less protective than those set out in this Privacy Policy.  Where we have knowledge that an entity to whom we have provided personal information is using or disclosing personal information in a manner contrary to this Privacy Policy, we will take reasonable and appropriate steps to prevent, remediate or stop the use or disclosure.

You can obtain further information or a copy of or access safeguards under which your personal information is transferred outside of the EEA and/or UK by contacting us at 3033 Fifth Ave #100, San Diego, California 92103.

Profiling

We may analyze personal information we have collected about you to create a profile of your interests and preferences so that we can contact you with information that is relevant to you.  We may make use of additional information about you when it is available from external sources to help us do this effectively.  We may also use personal information about you to detect and reduce fraud and credit risk.  

If you have questions or complaints regarding this Policy or our handling of your personal information, please contact support@cloudbeds.com. We will promptly investigate and attempt to resolve complaints and disputes in a manner that complies with the principles described in this Privacy Policy.  Residents of Switzerland should contact us with questions at the same address.

Enforcement and disputes

We commit to resolve complaints about your privacy and our collection or use of your personal information.  If you do not receive timely acknowledgement of your request or have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact us as set out in the “How to contact us” section above.

In addition to the above, you may complain to your home data protection authority and can invoke binding arbitration for some residual claims not resolved by other redress mechanisms.  Contact details for the EU data protection authorities can be found at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm

Other terms and conditions

Your access to and use of the Sites and our Services are also subject to our Terms.  

Effective March 2025