TripAdvisor Data Processing and Sharing Terms for Business Partners

In respect of your continuing business relationship with TripAdvisor, we have implemented a Data Processing Addendum (“DPA”) which shall govern the provision of the applicable TripAdvisor Services you receive from August 1, 2018. Please see below for the DPA applicable to the services your receive.

Data Sharing Terms for All Instant Book Services

These Data Sharing Terms (“Terms”) form an integral part of each written or electronic agreement between TripAdvisor and Partner, on behalf of itself and its affiliates, for the provision of the Instant Book Services from TripAdvisor as identified in the applicable agreement and hereinafter defined as Services (“Services”) (each an “Agreement”). All capitalized terms, where not otherwise defined in these Terms, will have the meanings set forth in the Agreement.

1. General

The purpose of these Terms is to reflect the arrangements between TripAdvisor and Partner that have been put in place to facilitate the sharing of personal data between the parties acting both as data controller.

2. Roles and responsibilities of the parties

2.1.   The parties hereby acknowledge and agree that either party acts as a Controller within the meaning of Regulation (EU) 2016/679 (GDPR), together with any national implementing laws in any member state of the European Union (Data Protection Laws) in respect of the personal data it receives from the other party, and that each party will individually determine the purposes and means of its processing of the personal data.

2.2.   Each parties shall only process personal data in accordance with the requirements of Data Protection Laws, including:

a.   process the personal data lawfully, fairly and in an transparent manner in relation to the data subjects

b.   treat the personal data as confidential and ensures that is employees will treat the personal data as confidential

c.   only process the personal data for limited and specified purposes

d.   not retain the personal data for longer than is necessary to carry out the purposes for which it has obtained the personal data; and

e.   implement appropriate security measures to protect the personal data, including appropriate technical and organisational measures, to protect against unauthorised or unlawful processing and against accidental loss, destruction or damage, including inter alia:

i.   the pseudonymisation and encryption of the personal data

ii.  the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services

iii. the ability to restore the availability and access to the personal data in a timely manner in the event of a physical or technical incident; and

iv.  a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.

                                                                                                                                                                                        2.3.   Where either party becomes aware of inaccuracies of the personal data received from the other party, it will notify the other party thereof.

3. Data breaches

Each party shall notify the other party without undue delay after becoming aware of a notifiable personal data breach within the meaning of article 33 and article 34 of the GDPR. Such notification shall include information that the relevant party reasonably is able to disclose to the other party, taking into account the nature of the personal data and the personal data breach, the information available to the relevant party and any restriction on disclosing the information, such as confidentiality.

4. Data transfers

Each party may transfer the personal data outside the European Economic Area if it complies with the provisions of the Data Protection Laws on the transfer of personal data to third countries.

5. Data subject’s requests ad third party rights

Each party that has disclosed personal data to the other party shall communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with the GDPR to that other party, unless this proves impossible or involves disproportionate effort.

6. Indemnity

Each party will hold the other party harmless of any claims, damages, penalties and any costs or fees, of whatever nature incurred by the party or for which the party may become liable due to any failure by the other party or its employees or agents to comply with any of its obligations under these Terms or any Data Protection Legislation.

7. Other

The Partner confirms that it has the ability and competence to fulfill the obligations set out in these Terms.

Data Processing Addendum for All Internet Advertising Services

This Data Processing Addendum (the “DPA”) forms an integral part of each written or electronic agreement between TripAdvisor and Customer, on behalf of itself and its affiliates, for the provision of Internet Adverstising Services (including those provided via the TripConnect Platform, where applicable) from TripAdvisor as identified in the applicable agreement and hereinafter defined as Services (“Services”) (each an “Agreement”). All capitalized terms, where not otherwise defined in this DPA, will have the meanings set forth in the Agreement. The parties hereby agree as follows:

1. General

The purpose of this DPA is to reflect the arrangements between TripAdvisor and Customer that have been put in place to facilitate the sharing of data between the parties.

2. Cookies

Where a Customer wishes to drop cookies on users’ device or use pixels, trackers, web beacons or other data collecting technology (the “Data Collecting Technology”) for the purpose other than displaying or providing advertising on the Site and tracking conversions and related data, and feed into analytics and measurements, it shall notify TripAdvisor in advance of booking an advertisement and provide all information requested by TripAdvisor regarding such Data Collecting Technology for these purposes.  If TripAdvisor authorises the Customer to use Data Collecting Technology, TripAdvisor will provide written authorisation within the Insertion Order and Customer agrees to use such Data Collecting Technology and all data collected from it solely in the manner disclosed to TripAdvisor. The Customer agrees and warrants that any Data Collecting Technology dropped on the TripAdvisor Site shall expire within 13 months of the date it is first dropped on a user’s browser. The Customer represents and warrants that it shall only drop Data Collecting Technology on the device of any user to whom such advertisement is served, provided that:

a.   the Customer complies with all applicable laws and regulations and all user preferences of which it is aware or should be aware, and shall not cause TripAdvisor to be in breach of any applicable laws, regulations and preferences

b.   the Data Collecting Technology is dropped or used only for the purposes of displaying advertising or analysing impressions, campaign performances and click-through rates, and not for any other purposes (including targeting or retargeting users off TripAdvisor or creating lookalike models); and

c.   the Customer will not disclose the data collected through any such Data Collecting Technology to any third parties, or combine it with any information collected from other sources (including for the purpose of building user profiles).

3. Other

The Customer confirms that it has the ability and competence to fulfill the obligations set out in these Terms

Data Processing Addendum for Review Express Services

This Data Processing Addendum (the “DPA”) forms an integral part of each written or electronic agreement between TripAdvisor and Partner, on behalf of itself and its affiliates, for the provision of the Review Express Services from TripAdvisor as identified in the applicable agreement and hereinafter defined as Services (“Services”) (each an “Agreement”). All capitalized terms, where not otherwise defined in this DPA, will have the meanings set forth in the Agreement.

The parties hereby agree as follows:

1. General

The purpose of this DPA is to reflect the arrangements between TripAdvisor and Partner that have been put in place to facilitate the sharing of data between the parties.

2. Privacy

Without prejudice to, or otherwise limiting the provisions of, Section 4 of the Agreement, Partner ensures that it complies with all applicable laws, including directive 2002/58/EC, relating to the sending of Review Express Emails to End Users. Partner indemnifies TripAdvisor from and against any claims of End Users or competent authorities relating to the sending of Post-trip E-mails to Surveyed Users.

3. Other

The Partner confirms that it has the ability and competence to fulfill the obligations set out in these Terms.

Data Processing Addendum for TripAdvisor Widgets

This Data Processing Addendum (the “DPA”) forms an integral part of each written or electronic agreement between TripAdvisor and You, on behalf of yourself and your affiliates, for the provision of the TripAdvisor Widgets from TripAdvisor as identified in the applicable agreement and hereinafter defined as Services (“Services”) (each an “Agreement”). All capitalized terms, where not otherwise defined in this DPA, will have the meanings set forth in the Agreement. The parties hereby agree as follows:

1. General

The purpose of this DPA is to reflect the arrangements between TripAdvisor and You that have been put in place to facilitate the sharing of data between the parties.

2. Privacy

Without prejudice to, or otherwise limiting the provisions of, Section 9 of the Agreement, You shall comply with all applicable data protection laws, including with respect to the requirements for the use of cookies and other similar technologies by TripAdvisor on your Qualified Website. Furthermore, To the extent necessary, You shall obtain consent on behalf of TripAdvisor for the use of cookie and other similar technologies on the Qualified Website.

3. Other

You confirm that it has the ability and competence to fulfill the obligations set out in these Terms.

© 2020 TripAdvisor LLC All rights booked. Terms of Use | Privacy Policy | Site Map

TripAdvisor LLC is not a booking agent or tour operator, and does not charge any service fees to users of our site. Our partners (airlines, travel providers, and booking agents) who list airfare, tours, and travel packages on TripAdvisor are required to include all fees and surcharges in their listed prices. Examples include the Federal September 11th Security Fee, international departure and arrival taxes and fees, federal excise tax, and other service, handling and miscellaneous fees and surcharges. When you book with one of our partners, please be sure to check their site for a full disclosure of all applicable fees as required by the U.S. Department of Transportation. Airfares are generally quoted per person in USD unless otherwise noted.

For your convenience, TripAdvisor LLC calculates an average price for each hotel, which is based on the rates of available rooms obtained from our booking partners. For tours and attractions, the price displayed is usually the lowest available per person adult price. For any travel packages or deals listed, TripAdvisor LLC does not guarantee any specific rates or prices. In addition, average hotel prices are updated nightly and displayed in your preferred currency using prevailing conversion rates. Since these converted prices are estimates, please check with the booking site for the exact amount and currency.

Furthermore, TripAdvisor LLC makes no guarantees for availability of prices advertised on our site. Listed prices may require a stay of a particular length or have blackout dates, qualifications or restrictions.

TripAdvisor LLC is not responsible for content on external web sites. Taxes, fees not included for deals content.