View our Accessibility Statement Skip to Main Content

Privacy Policy | Apple Vacations

Last Updated: March 1, 2022

Except as otherwise noted in this Privacy Notice, Apple Vacations is a data controller and a member of the Apple Leisure Group (ALG) of companies, which means that we manage how and why the information you provide to us is processed. This Privacy Notice may be amended or updated from time to time to reflect changes in our practices with respect to the Processing of your information, or changes in applicable law.

Please note that Apple Vacations and the Apple Leisure Group of companies are now subsidiaries of Hyatt Hotels Corporation.  However, this Privacy Notice only applies to the processing of Personal Information undertaken by Apple Vacations.  It does not apply to processing by other members of the Apple Leisure Group or processing by the Hyatt Group.

Definitions

We encourage you to read this Privacy Notice carefully, and to regularly check this page to review any changes we might make.

Personal Information” means information from which any individual is directly or indirectly identifiable.

Process”, “Processing” or “Processed” means anything that is done with any Personal Information, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller.

Hyatt Group” means Hyatt Hotels Corporation, its direct and indirect subsidiaries (with the exception of the Apple Leisure Group companies), its affiliates, and the separate and distinct legal entities that manage, operate, franchise, license, own and/or provide services to the various locations operating under or in connection with a Hyatt brand.

Information We May Collect

We may Process the following categories of Personal Information about you:

  • Personal details: your name; username or log in details; password;
  • Demographic information: gender; age/date of birth; nationality; salutation;
  • Contact details: postal address; telephone and/or mobile number; email address;
  • Consent records: records of any consents you may have given, together with the date and time, means of consent and any related information (e.g., the subject matter of the consent).
  • Purchase and payment details: records of purchases and prices; invoice records; payment records; billing address; payment method; cardholder or accountholder name; payment amount; and payment date.

We may also collect:

  • Information about your use of the services, such as usage data and statistical information, which may be aggregated.
  • Searches for and interactions with e-commerce opportunities, such as merchants and offers contained in the services.
  • Non-precise information about the approximate physical location (for example, at the city or postal code level) of a user’s computer or device derived from the IP address of such computer or device (“GeoIP Data”).
  • Device identification (“ID”), which is a distinctive number associated with a smartphone or similar handheld device but is different than a hardware serial number.
  • Advertising ID, which is a unique, user-resettable identification number for advertising associated with a device (e.g., iOS uses the Identifier for Advertising (or “IDFA”) and Android uses Google Advertising ID).
  • Internet Protocol (“IP”) address, which is a unique string of numbers automatically assigned to your device whenever you access the Internet.
  • Internet connection means, such as internet service provider (“ISP”), mobile operator, WiFi connection, service set identifier (“SSID”), International Mobile Subscriber Identity (“IMSI”) and International Mobile Equipment Identity (“IMEI”).
  • Information collected through the use of cookies, eTags, Javascript, pixel tags, device ID tracking, anonymous identifiers and other technologies, including information collected using such methods and technologies about (i) your visits to, and interaction and engagement with, the services, content and ads on third party websites, applications, platforms and other media channels (“Channels”), and (ii) your interaction with emails including the content and ads therein (collectively, “Online Data”).
  • Device type, settings and software used.
  • Log files, which may include IP addresses, browser type, ISP referring/exit pages, operating system, date/time stamps and/or clickstream data, including any clicks on customized links.
  • Web Beacons, which are electronic files that allow a website to count users who have visited that page or to access certain cookies.
  • Pixel Tags, also known as clear GIFs, beacons, spotlight tags or web bugs, which are a method for passing information from the user’s computer to a third-party website.
  • Local Shared Objects, such as Flash cookies, and Local Storage, such as HTML5.
  • Mobile analytics to understand the functionality of our mobile applications and software on your phone.
Information about your use of the services, such as usage data and statistical information, which may be aggregated.
  • Searches for and interactions with e-commerce opportunities, such as merchants and offers contained in the services.
  • Non-precise information about the approximate physical location (for example, at the city or postal code level) of a user’s computer or device derived from the IP address of such computer or device (“GeoIP Data”).
  • Device identification (“ID”), which is a distinctive number associated with a smartphone or similar handheld device but is different than a hardware serial number.
  • Advertising ID, which is a unique, user-resettable identification number for advertising associated with a device (e.g., iOS uses the Identifier for Advertising (or “IDFA”) and Android uses Google Advertising ID).
  • Internet Protocol (“IP”) address, which is a unique string of numbers automatically assigned to your device whenever you access the Internet.
  • Internet connection means, such as internet service provider (“ISP”), mobile operator, WiFi connection, service set identifier (“SSID”), International Mobile Subscriber Identity (“IMSI”) and International Mobile Equipment Identity (“IMEI”).
  • Information collected through the use of cookies, eTags, Javascript, pixel tags, device ID tracking, anonymous identifiers and other technologies, including information collected using such methods and technologies about (i) your visits to, and interaction and engagement with, the services, content and ads on third party websites, applications, platforms and other media channels (“Channels”), and (ii) your interaction with emails including the content and ads therein (collectively, “Online Data”).
  • Device type, settings and software used.
  • Log files, which may include IP addresses, browser type, ISP referring/exit pages, operating system, date/time stamps and/or clickstream data, including any clicks on customized links.
  • Web Beacons, which are electronic files that allow a website to count users who have visited that page or to access certain cookies.
  • Pixel Tags, also known as clear GIFs, beacons, spotlight tags or web bugs, which are a method for passing information from the user’s computer to a third-party website.
  • Local Shared Objects, such as Flash cookies, and Local Storage, such as HTML5.
  • Mobile analytics to understand the functionality of our mobile applications and software on your phone.

Sensitive Personal Information

We may collect or otherwise process Sensitive Personal Information about race or ethnicity, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health, sexual preference, any actual or alleged criminal offences or penalties, or any other information that may be deemed to be sensitive (collectively, “Sensitive Personal Information”) to the extent required in the ordinary course of our business. Save to the extent required by law, you are not obliged to provide any of your Sensitive Personal Information, and should you choose not to, this will not prevent you from purchasing any products or services from us (except in locations where credit card information may constitute Sensitive Personal Information).

Children. The services are not intended for use by children, especially those under 13. No one under the age of 13 should provide any Personal Information or use our public discussion areas, forums or chats. Minors under the age of 18 are not permitted to make purchases through the services or to obtain coupons or codes from the services to purchase goods or services on third party websites. If, notwithstanding these prohibitions, your children disclose information about themselves in our public discussion areas, consequences may occur that are not intended for children (for example, they may receive unsolicited messages from other parties). If it is discovered that we have collected Personal Information from someone under 13, we will delete that information immediately.

How We Collect Personal Information

We may collect Personal Information about you from the following sources

  • Data you provide: We may obtain your Personal Information when you provide it to us across our services (e.g., where you sign up for emails, newsletters, bulletins, webinars or white papers; register for site membership or create a profile or account on any part of the services; enter a sweepstakes, contest, competition or prize drawing; receive promotional information by SMS text message; participate in surveys; perform search queries through the services; contact us via email, telephone or by any other means; purchase a subscription, software license or product; or when you provide us with your business card, etc.).
  • Relationship data: We may collect or obtain your Personal Information in the ordinary course of our relationship with you (e.g., if you purchase a service from us).
  • Service data: We may collect or obtain your Personal Information when you visit, download, use or register to use any part of our Service.
  • Content and advertising information: If you choose to interact with any third-party content or advertising services, we may receive Personal Information about you from the relevant third party.
  • Third party information: We may collect or obtain your Personal Information from third parties who provide it to us. This may include offline channels such as through telephone or direct mail efforts; from customers, vendors, suppliers, third parties, commercially available or publicly-available sources (e.g., data brokers, data aggregators, public databases, etc.); third party affiliate network operators; referral sources; social network sites or services (e.g., Facebook, Twitter, LinkedIn, etc.). If you use a third party connection or log-in (e.g., Facebook Connect, Twitter, or Google+) to access the services, create a membership or profile on any part of the services, access our content or forward our content to another person, platform or service, we may also receive your username or email address for those third party services or other information available about you or collected from you on those services.

Video Surveillance

We always care about your safety. When you visit our facilities you will notice that we have implemented CCTV systems in order to register the activity in public areas. These video records will not be shared outside of Apple Leisure Group unless there is a valid legal or government requirement to do so.  

In all public areas that are being video recorded you will find a visible sign board that states you agree to be video recorded if you use our facilities.

 

Automatic Decision Making Process

Apple Vacations does not use automatic decision-making processes.  If we start using that technology to process your Personal Information in the future, we will let you know and inform you of your rights.

Purposes For Which We May Process Your Information

The purposes for which we may Process Personal Information, subject to applicable law, include:  

  • Accounts and Personalization: providing personalization for services from Apple Vacations or its partners including (i) management of your account, (ii) posting of your personal reviews, testimonials or comments, (iii) offering of contests, as well as chat areas, forums and communities, and (iv) customer support and relationship management.
  • Offering and Improving the services: operating and managing the services for you; providing personalized content to you; communicating and interacting with you via the services; identifying issues with the services and planning improvements to or creating new services; and notifying you of changes to any of our services.
  • Surveys: engaging with you for the purposes of obtaining your views on our services.
  • Communications: communicating with you via any means (including via email, telephone, text message, social media, post or in person) regarding news items and other information in which you may be interested, subject to ensuring that such communications are provided to you in compliance with applicable law; maintaining and updating your contact information where appropriate; and obtaining your prior, opt-in consent where required. We may provide direct marketing to you.
  • Advertising: providing advertising based on your interests and interactions with the services and channels, including using Personal Information to serve you advertisements on the services and Channels.
  • User Engagement and Purchases: tracking purchase traffic and activity across the Service and on Channels, including review of your browsing history (if available); provision of analytics and measurement of cost of traffic against money being made.
  • Commerce Offerings: using cookies to track your browsing history and the amount of money spent at a particular third-party merchant’s site to offer coupons and other offers that are relevant to your shopping experience; offering of coupons via SMS messages if a mobile phone number is provided.
  • Marketing to Customers: We may market to current and prospective customers who have indicated an interest in doing business with us, or have previously conducted business with us, in order to further generate and promote our business. Such efforts include sending marketing emails or conducting phone calls to drive the purchase of services.
  • IT Administration: compliance audits in relation to internal policies; identification and mitigation of fraudulent activity; and compliance with legal requirements.
  • Security: Cyber-security measures (including monitoring of login records and access details) to help mitigate the risk of and provide the ability to identify and rectify a security incident.
  • Legal Compliance: Subject to applicable law, we reserve the right to release information concerning any user of services when we have grounds to believe that the user is in violation of our Terms and Conditions or other published guidelines or has engaged in (or we have grounds to believe is engaging in) any illegal activity, and to release information in response to court and governmental orders, other requests from government entities, civil subpoenas, discovery requests and otherwise as required by law or regulatory obligations. We also may release information about users when we believe in good faith that such release is in the interest of protecting the rights, property, safety or security Apple Vacations, any of our users or the public, or to respond to an emergency.

When we process your Personal Information as one of our customers or someone else with whom we do business, we do so in the legitimate interests of the purposes listed above, because of the legal compliance we are subject to, or because the information is required to fulfil contractual obligations to you.

Disclosure of Your Personal Data

We may have to share your personal data with the parties set out below for the purposes set out above.

  • Service Providers:
    • Other companies in the Apple Leisure Group or the Hyatt Group acting as processors or controllers who provide the services that make up any booking of travel services that you make with us
    • Suppliers of accommodation and travel services acting as processors or controllers who provide the services that you booked with us.
    • Marketing companies to send information and offers on our behalf.
    • Other companies that provide IT and System administration services.
  • Third Parties:
    • Professional advisers acting as processors or joint controllers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.
    • Regulatory and governmental bodies and other authorities acting as processors or joint controllers who require reporting of processing activities in certain circumstances.
    • Third parties to whom we may choose to transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
    • Apple Leisure Group companies and Hyatt Group companies. How Hyatt Group companies use your personal data is set out in the Hyatt Privacy Policies available here: https://www.hyatt.com/info/privacy-policy
    • Businesses who we have a partnership with to provide related services to our customers. 

We require all service providers and third parties to respect the security of your personal data and to treat it in accordance with the law.
We do not allow our third parties and service providers to use your personal data for their own purposes without your consent and only permit them to process your personal data for specified purposes and in accordance with our instructions.

International Transfers of Information

Because of the international nature of our business, we may need to transfer your Personal Information within the ALG group of companies, and to third parties, in connection with the purposes set out in this Privacy Notice. For this reason, we may transfer your Personal Information to other countries that may have different laws and data protection compliance requirements to those that apply in the country in which you are located.  Transfers of Personal Information often occur so that we may provide you with services you’ve asked for. Having a contractual relationship is usually a permissible reason for transferring Personal Information in countries with privacy regulations.  Where it’s not, we’ll seek to put in place additional technical and contractual measures to protect your Personal Information.

In accordance with the above, we may send your Personal Information to the following countries where Apple Leisure Group has operations and partnership with services providers:

  • United States of America
  • Mexico
  • Dominican Republic
  • Panama
  • Curacao
  • Jamaica
  • Costa Rica
  • Spain
  • St Martin
  • Netherlands
  • United Kingdom
  • Canada
  • Switzerland
  • Aruba
  • Bahamas
  • Colombia
  • Lucia
  • Trinidad & Tobago

Where your personal data is shared with the Hyatt Group, your personal data may be shared with any of the locations in which an entity in that group operates a hotel or where you or someone you are connected with has booked a stay (a list of these can be found by selecting “All” at www.hyatt.com/explore-hotels) and their major business locations, which, in addition to those set out in the bullet point list above, includes locations in Hong Kong (SAR) and Germany. 

We have implemented appropriate technical security measures in order to protect Personal Information during international transfers, in compliance with applicable laws.  
Where you have made a reservation for accommodation or travel arrangements which are located or otherwise due to be fulfilled outside your origin country, we will have to transfer your personal data to the suppliers fulfilling or providing those travel arrangements in order to make your booking and for those suppliers to be able to provide you with the travel arrangements you have booked.

Data Retention

We take reasonable steps to ensure that your Personal Information is only processed and stored for the minimum period necessary for business and legal requirements. We will use your data for the reasons you provided it to us, and for legal reporting purposes.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.