Privacy Statement

This Privacy Statement explains generally how we receive personal information about you, and what we do with that personal information once we have it. This Privacy Statement does not apply to information which does not permit identification of an individual. This Privacy Statement applies regardless of the type of device you use to access our Services. You may choose not to provide certain information to us but doing so may restrict your ability to use our Services.

Collectively, we refer to the Websites, the Apps and our Social Media Pages, as the “Online Services” and, together with offline channels, the “Services.” By using the Services, you agree to the terms and conditions of this Privacy Statement.

Collection of Personal Data

“Personal Data” is data that identify you as an individual or relate to an identifiable individual.

At touchpoints throughout your guest journey, we collect Personal Data in accordance with law, such as:

Name
Gender
Postal address
Telephone number
Email address
Credit and debit card number or other payment data
Language preference
Date and place of birth
Nationality, passport, visa or other government-issued identification data
Important dates, such as birthdays, anniversaries and special occasions
Membership or loyalty program data (including co-branded payment cards, travel partner program affiliations)
Employer details
Prior guest stays or interactions, goods and services purchased, special service and amenity requests
Geolocation information
Social media account ID, profile photo and other data publicly available, or data made available by linking your social media and loyalty accounts

In more limited circumstances, we also may collect:

Data about family members and companions, such as names and ages of children
Biometric data, such as digital images
Guest preferences and personalized data (“Personal Preferences”), such as your interests, activities, hobbies, food and beverage choices, services and amenities of which you advise us or which we learn about during your visit

If you submit any Personal Data about other people to us or our Service Providers (e.g., if you make a reservation for another individual), you represent that you have the authority to do so and you permit us to use the data in accordance with this Privacy Statement.

How we collect personal data

We collect Personal Data in a variety of ways:

you give it to us directly (e.g., when you choose to contact us, or make a request for information, book a reservation online, or create an online profile);
we collect it automatically through our products and Services (e.g., through your use of the Online Services); or
someone else provides us information about you (e.g., when our client or a third party (such as an employer, travel agency, global distribution system, travel supplier, etc.) provides us your information in order for us to perform Services for them.

Collection of Other Data:

“Other Data” is data that generally do not reveal your specific identity or do not directly relate to an individual. To the extent Other Data reveal your specific identity or relate to an individual, we will treat Other Data as Personal Data. Other Data includes but not limited too:

Browser and device data
App usage data
Data collected through cookies, pixel tags and other technologies
Demographic data and other data provided by you
Aggregated data

How we collect other data:

We collect Other Data in a variety of ways:

Your browser or device. We collect certain data through your browser or automatically through your device, such as your Media Access Control (MAC) address, computer type (Windows or Macintosh), screen resolution, operating system name and version, device manufacturer and model, language, internet browser type and version and the name and version of the Online Services (such as the Apps) you are using. We use this data to ensure that the Online Services function properly.
Your use of the Apps. We collect certain data when you download and use an App, such as App usage data, the date and time the App on your device accesses our servers and what data and files have been downloaded to the App based on your device number.
Pixel Tags and other similar technologies. We collect data from pixel tags (also known as web beacons and clear GIFs), which are used with some Online Services to, among other things, track the actions of users of the Online Services (including email recipients), measure the success of our marketing campaigns and compile statistics about usage of the Online Services.
We collect data through Google Analytics technologies to collect and analyze data about use of the Services. These services collect data regarding the use of other websites, apps and online resources. You can learn about Google’s practices by going to www.google.com/policies/privacy/‌partners/ and opt out by downloading the Google Analytics opt out browser add-on, available at https://tools.google.com/dlpage/gaoptout.
Your IP Address. We collect your IP address, a number that is automatically assigned to the computer that you are using by your Internet Service Provider (ISP). An IP address is identified and logged automatically in our server log files when a user accesses the Online Services, along with the time of the visit and the pages that were visited. We use IP addresses to calculate usage levels, diagnose server problems and administer the Online Services. We also may derive your approximate location from your IP address.

Aggregated Data. We may aggregate data that we collect and this aggregated data will not personally identify you or any other user.

Use of Personal Data and Other Data:

We use Personal Data and Other Data to provide you with Services, to develop new offerings and to protect the Megasys, our Subscribers, and our guests as detailed below. In some instances, we will request that you provide Personal Data or Other Data to us directly. If you do not provide the data that we request, or prohibit us from collecting such data, we may not be able to provide the requested Services.

We use Personal Data and Other Data for our legitimate business interests, including the following:

Provide the Services you request:
We use Personal Data and Other Data to provide Services you request, including:
- To facilitate reservations, payment, send administrative information, confirmations or pre-arrival messages, to assist you with meetings and events and to provide you with other information about the area and the property at which you are scheduled to visit
- To complete your reservation and stay, for example, to process your payment, ensure that your room is available and provide you with related customer service

We will use Personal Data and Other Data to manage our contractual relationship with you, because we have a legitimate interest to do so and/or to comply with a legal obligation.

We will use Personal Data and Other Data to provide personalized Services according to your Personal Preferences either with your consent or because we have a legitimate interest to do so.
Business Purposes:

We use Personal Data and Other Data for data analysis, audits, security and fraud monitoring and prevention, developing new goods and services, enhancing, improving or modifying our Online Services, identifying usage trends, determining the effectiveness of our updates to the Online Services.

We use Personal Data and Other Data in this way to manage our contractual relationship with you, comply with a legal obligation and/or because we have a legitimate interest to do so.

Whose information may be processed in connection with the Online Services:

In connection with the Services, we process information about several types of individuals. As discussed further below, the information that we process about an individual may depend on how he or she interacts with the Online Services. These diverse types of individuals include:

Travelers and Those Acting on Their Behalf. Individual consumers and business travelers (“Travelers”) who make reservations or use other travel-related products or services offered by Megasys Subscribers or Travel Suppliers using the Online Services. Subscribers and Travel Suppliers may collect and send Megasys information about Travelers. Subscribers and Travel Suppliers may have collected such information directly from the Traveler, or from another individual who acts on the Traveler’s behalf. Megasys also may receive information about assistants, or other representatives who book travel-related products or services on behalf of other individuals.

Subscriber and Travel Supplier Staff. Megasys may collect information about employees and other individuals associated with Megasys Subscribers and Travel Suppliers. “Subscribers” are travel agents, individuals at travel management companies, corporate travel departments, online travel websites, hoteliers, airlines, and others who subscribe to our Services to search, price, book, ticket, and manage travel services provided by a variety of participating travel suppliers, such as airlines, hotels, cruise lines, car rental companies, rail providers, tour operators, and others (“Travel Suppliers”). For example, if a certain travel agency subscribes to our Services, Megasys might process information about individual travel agents at that agency to help agencies evaluate efficiency.

Disclosure of Personal Data and Other Data:

Our goal is to provide you with the highest level of Services, and to do so, we share Personal Data and Other Data for the following reasons:

When we have asked and received your permission to share it.
When we’re required to provide it to our client or a third party from whom we received your information, or with whom you have a business or employment relationship. (One such example is when we receive your information from a travel agent with whom you do business, and we provide your information on their behalf to a Travel Supplier, such as an airline.)
For processing or providing products and Services to Megasys or to you.
When we provide information to our business partners to enhance the products and Services we offer.
We may use and share the information we gather to comply with law (including cooperation with regulators or officials), legal process or legal advice.
We may share your information when permitted by law if we believe it is reasonably necessary to protect the rights, property or safety of you, our other users, Megasys or the public.
If our organizational structure or status changes (e.g., if we undergo a restructuring, are acquired, or go bankrupt), we may transfer your information to a successor or affiliate.
We may share information we gather to third parties that our clients have a relationship with such as loyalty providers, hotel property management systems, and other designated businesses that are affiliated with our client, in order to provide Services.
We may share information we gather to otherwise operate our business, including to provide travel marketplace and travel management services. For example, information we gather may be shared with travel agents, travel management companies, corporate travel departments, online travel websites, and others, and with Travel Suppliers, such as airlines, hotels, cruise lines, car rental companies, rail providers, tour operators, and others.

Other Uses and Disclosures:

We will use and disclose Personal Data as we believe to be necessary or appropriate: (a) to comply with applicable law, including laws outside your country of residence; (b) to comply with legal process; (c) to respond to requests from public and government authorities, including authorities outside your country of residence and to meet national security or law enforcement requirements; (d) to enforce our terms and conditions; (e) to protect our operations; (f) to protect the rights, privacy, safety or property of the Megasys, you or others; and (g) to allow us to pursue available remedies or limit the damages that we may sustain.

We may use and disclose Other Data for any purpose, except where we are not allowed to under applicable law. In some instances, we may combine Other Data with Personal Data (such as combining your name with your location). If we do, we will treat the combined data as Personal Data as long as it is combined.

Non-Megasys Group Entities

This Privacy Statement does not address, and we are not responsible for the privacy, data or other practices of any entities outside of Megasys. The inclusion of a link on the Online Services does not imply endorsement of the linked site or service by us. We have no control over, and are not responsible for, any third party’s collection, use and disclosure of your Personal Data.

In addition, we are not responsible for the data collection, use, disclosure or security policies or practices of other organizations, such as Facebook, Apple, Google, Microsoft, or any other app developer, app provider, social media platform provider, operating system provider, wireless service provider or device manufacturer, including with respect to any Personal Data you disclose to other organizations through or the Apps or our Social Media Pages.

Security

We seek to use reasonable organizational, technical and administrative measures to protect Personal Data. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of your account has been compromised), please immediately notify us in accordance with the “Contacting Us” section, below. Megasys is not responsible for unauthorized access to such information by hackers or others that obtain access through illegal measures.

The safety and security of your information also depends on you. Any content, including information, that you contribute to be shared, published, or displayed on the Services, or transmitted to other users of the Services, either via the Services or via social networking or other third-party sites available through the Services, is visible to other users and can be read, collected, or used by them. We urge you to be careful about giving out information in public areas of the Services. You understand and acknowledge that, even after removal, copies of your content, including information, that you contribute to be shared, published, or displayed on the Services, or transmitted to other users of the Service, may remain viewable in cached and archived pages, or might have been copied or stored by other users.

Retention

We will retain your Personal Data for the period necessary to fulfill the purposes outlined in this Privacy Statement unless a longer retention period is required or permitted by law.

The criteria used to determine our retention periods include:

The length of time we have an ongoing relationship with you and provide the Services to you (for example, for as long as you have an account with us or keep using the Services)
Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions for a certain period of time before we can delete them)
Whether retention is advisable considering our legal position (such as, for statutes of limitations, litigation or regulatory investigations)

Sensitive Data

Unless specifically requested, we ask that you not send us, and you not disclose, on or through the Services or otherwise to us, any Sensitive Personal Data (e.g., social security numbers, national identification number, data related to racial or ethnic origin, political opinions, religion, ideological or other beliefs, health, biometrics or genetic characteristics, criminal background, trade union membership, or administrative or criminal proceedings and sanctions).

Use of Services by Minors

If you are a parent and believe your child who is under 16 has provided us with personal information without your express consent, please contact us at info@megasyshms.com to have your child’s information removed.

How may I control information about me?

You may access and control the information provided to us in a number of ways.

If you maintain an account with us directly, you may update certain information provided to us in your online account (such as contact details) by logging in to your account and editing that information. To the extent that an employer, travel agency or other entity maintains or manages information on your behalf in an online account with us, you may not be able to update such information yourself but may be able to request that such entity do so for you.

You may accept Cookies or change your Cookies settings by activating the appropriate settings on your browser. Check your browser help to find out how to adjust these settings. Please note that certain features of the Service may not be available once cookies are disabled.

If you have another request regarding your personal information, or if you have any questions or comments about this privacy statement and our privacy practices, please direct such inquiries or requests to Megasys’s Data Protection Officer and the privacy team at: info@megasyshms.com or see “Contacting Us”

If you are dissatisfied, we ask that you contact us first to see if we can resolve the issue. However, if you are an individual in Europe or certain other jurisdictions, you may have the right to lodge a complaint with the supervisory authority in the country in which you live, in which you work, or in the place of the alleged infringement of your privacy rights.

Updates to this privacy statement

The “Last Updated” legend at the top of this page indicates when this Privacy Statement was last revised. Any changes will become effective when we post the revised Privacy Statement on the Online Services. Your use of the Services following these changes means that you accept the revised Privacy Statement. If you would like to review the version of the Privacy Statement that was effective immediately prior to this revision, please contact us at info@megasyshms.com.

EU-Specific Notice

These terms apply to personal information collected by Megasys through the Services if you are an EU resident. Where Megasys collects information directly from you through its Services, such personal information is controlled by Megasys Hospitality Management Solutions, which is headquartered in the United States at 5800 E. Skelly Dr. STE 600 Tulsa, Oklahoma 74135.

The legal basis for processing of your data includes the purposes set forth above in this Privacy Statement. In some cases, we may additionally process your information based on your consent.

Your personal information will not be stored for longer than necessary for the purposes for which they were collected, or in accordance with applicable law.

Subject to applicable law, you have (i) the right to access and request personal information controlled by Megasys, (ii) the right to request the transmission of the personal information you have provided to us to you or another company, (iii) the right to object to uses or disclosures of your personal information, (iv) the right to withdraw your consent in relation to our processing of your personal information based on your consent (however, such withdrawal of consent will not affect the lawfulness of processing based on consent before such withdrawal), (v) the right to request deletion of your personal information and (vi) the right to request that we restrict processing of your personal information.

You may exercise these rights free of charge unless the request is unfounded, excessive, or otherwise unreasonable, for instance, because it is repetitive. In some situations, we may refuse to act or may impose limitations on your rights, as permitted by law. Before Megasys can provide you with any information or correct any inaccuracies, we may ask you to verify your identity and/or provide other details to help us respond to your request. For the exercise of your rights, please contact Megasys’s Representative and/or Data Protection Officer at the location of your choice, below.

If you are dissatisfied, we ask that you contact us first to see if we can resolve the issue. However, if you are an individual in in Europe or certain other jurisdictions, you may have the right to lodge a complaint with an appropriate supervisory authority. The Megasys has identified the Information Commissioner’s Office (“ICO”) in the UK as its lead supervisory authority. The ICO may be contacted at: https://ico.org.uk/.

Megasys’s Data Protection Officer can be contacted at:

info@megasyshms.com; or

Megasys Hospitality Solutions
ATTN: Compliance and Privacy
5800 E. Skelly Dr. STE 600
Tulsa, Oklahoma 74135
United States of America

Megasys’s Representative under the GDPR is Megasys Hospitality Management Solutions and can be contacted at info@megasyshms.com.

Your California Privacy Rights

California law permits users of our Services that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, California residents should send an e-mail to info@megasyshms.com; or

Megasys Hospitality Solutions
ATTN: Compliance and Privacy
5800 E. Skelly Dr. STE 600,
Tulsa, Oklahoma 74135
United States of America

International Transfers

We’re a global organization headquartered in the United States, and our information systems are in United States of America. We also use service providers whose information systems may also be in various countries. This means your personal information might end up in one of those information systems in another country, and that country may have a different level of data protection regulation than yours. By giving us personal information, you expressly consent, or the company from whom we received your personal information consents to the processing of your personal information as described in this document.

No matter what country your personal information is in, we comply with applicable law and will also abide by the commitments we make in this Privacy Statement. Megasys GuestRez is Megasys’s global business-to-business travel marketplace and related solutions for subscribing travel agents, travel management companies, corporate travel departments, online travel websites, and others can use to search, price, book, ticket, and manage travel services provided by a variety of participating travel suppliers, such as airlines, hotels, cruise lines, car rental companies, rail providers, tour operators, and others. For our European operations, the personal and other information that we process about you as part of the Megasys Travel Network is controlled by a Megasys affiliate, sometimes jointly, with our client.

For our non-European operations, and services provided by Megasys Hospitality, we are a processor (or subprocessor) of your personal and other information, and our client is the controller (or processor, if Megasys is a subprocessor) of such information.

With respect to sales leads created by Megasys, and information received from individuals directly contacting us, Megasys is typically a controller of such specific personal information.

Contacting Us

If you have any questions about this Privacy Statement, please contact us at info@megasyshms.com, or by mail:

Megasys Hospitality Systems
ATTN: Compliance and Privacy
5800 E. Skelly Dr. STE 600
Tulsa, Oklahoma 74135
United States of America

Because your email communications to us may not always be secure, please do not include credit card or Sensitive Data in your emails to us.