PEGASUS PRIVACY STATEMENT

EU-U.S. PRIVACY SHIELD

 

Pegasus respects your privacy and is committed to protecting it. This Privacy Statement is meant to inform you of how we collect, use and protect your personal information, and the choices you have in this regard.

In particular, Pegasus is committed to complying with the European Community Directive on Data Protection, commonly referred to as the "EU Privacy Directive". Pegasus has chosen to comply with the EU Privacy Directive by certifying our compliance with the U.S. Department of Commerce's "Privacy Shield" program, as more fully described below in this Privacy Statement.

 

APPLICATION OF THIS PRIVACY STATEMENT

This Privacy Statement applies to Pegasus Solutions Companies and each of its controlled subsidiaries (collectively, "Pegasus"). This Privacy Statement applies to all of Pegasus' products and services, as well as each of Pegasus' websites collecting personal information, including without limitation Pegasus.io. A more complete description of Pegasus products and services and be found at Pegasus.io. As described below, this Privacy Statement also applies to Pegasus Human Resources information concerning Pegasus employees in the European Union.

Pegasus' services relate primarily to travel-related reservations, and most commonly involve processing relating to hotel room reservations. However, Pegasus' processing services may apply to other types of transactions, such that references below to "hotels" or "hotel companies" may apply to other types of transactions you may seek to conduct. For example, Pegasus may process commission transactions relating to your car rental, train reservation or airline reservation.

This Privacy Statement applies to "personal information," meaning such information that is easily identifiable with a specific individual. This Privacy Statement does not apply to statistical or other information from which your personally identifiable information cannot be determined.

 

HOW WE COLLECT INFORMATION

Pegasus may obtain information about you in connection with our service offerings in several ways, including through central reservation systems, call centers, travel agents, Internet websites and database networks. For example, personal information is generally collected in connection with a hotel reservation you make using one of our systems or the system of one of our hotel or travel agent customers.

 

TYPES OF INFORMATION WE COLLECT

Pegasus generally collects only such personal information as is reasonably necessary to facilitate reservation, payment and commission processing transactions. Such information may include without limitation such basic information as your name, address, telephone and credit card information. Other information collected may include travel agent information, airline flight information, frequent guest/loyalty program numbers or membership information, other group discount program affiliations, hotel and room rate information, arrival and departure dates as well as special accommodation requirements.

Pegasus generally does not require or request any "sensitive data", that is, information pertaining to racial or ethnic origins, political or religious beliefs, union membership, health or sex life. However, we may collect certain sensitive data solely in order to facilitate the accommodation of any special considerations you may have in connection with your reservation, such as special medical or dietary requirements. In addition, sensitive data could be inferred from your group or loyalty program information, or from other special preferences you may provide in connection with your reservation. However, Pegasus does not use or share any such information for any purpose other than as described below.

 

HOW WE USE YOUR INFORMATION

We use your personal information to facilitate the provision of our services, and allow your chosen hotel company, travel agent or other service provider to provide its services to you. Specifically, your personal information is used to process your hotel reservation, as well as to process any commission or other amounts that may be payable to your travel agent or other intermediary in connection with your reservation. Credit card information is used only for payment processing and fraud prevention.

Any "sensitive data" is collected only to facilitate accommodation of any special considerations you may have in connection with your reservation, and/or to process your reservation transactions properly, such as at the appropriate group discount rate.

We may use your personal information in order to update you with our marketing activities. However, you may opt-out of receiving such information at any time. We have no control over whether your personal information is used for marketing or other activities by your hotel company, travel agent or other intermediary.

 

WHO WE SHARE YOUR INFORMATION WITH; YOUR INFORMATION AND THIRD-PARTY PAYERS

Pegasus does not sell, rent or lease your personal information to others. Pegasus will not share your personal information with third parties except in connection with the provision of our services to you and/or your hotel company, travel agent or other intermediary. We have no control over whether your personal information is used for marketing or other activities by your hotel company, travel agent or other intermediary.

Pegasus contracts with third-party service providers in connection with the performance of our services. For example, Pegasus uses certain banking institutions to process commission payments. Such third-party service providers are generally required to keep confidential the information received on behalf of Pegasus and may not use any such personal information for any purpose other than to carry out the services they are performing for Pegasus. These service providers may change or we may contract with additional service providers to better serve our customers.

Pegasus may share your personal information across its various business entities and service lines, all of which are generally subject to the requirements of this Privacy Statement. Pegasus may also combine with or be acquired by another business entity, in which case your information may be shared with such entity.

Pegasus will not otherwise share personal information with any other third parties without your permission, unless we assess such disclosure to be required by law.

 

YOUR CHOICES, PRIVACY PREFERENCES AND OPTING OUT

Since we generally only provide information to your hotel company, travel agent or other intermediary in connection with your transactions, if you do not wish for such third parties to obtain your personal information, then please be aware that we may not be able to process your intended transaction. If you still do not wish for us to share your information with such parties, then contact our Privacy Office at the contact information listed below.

If you do not wish for your personal information to be disclosed to any of our third-party service providers, please contact our Privacy Office at the contact information listed below. Within a reasonable time after receiving your request to not distribute your personal information to such third parties, we will either cease any further distribution to such third parties or notify you if such cessation is not reasonably practicable. Please keep in mind that if Pegasus cannot disclose or share your information with such third parties, then we may not be able to provide you with all or certain of our reservation, transaction processing or other services.

Pegasus may send marketing information about its products and services to its affiliated travel agents, hotel companies and other business partners, but such marketing information generally will not contain your personal information. Pegasus generally does not send marketing information to individual providers of personal information. However, if you are receiving Pegasus marketing materials and do not wish to receive such materials, please contact our Privacy Office at the contact information listed below. Pegasus generally has no control over the marketing and other onward distribution activities of travel agents, hotel companies and other participants in your transactions.

Pegasus will make all reasonable efforts to honor your preferences.

 

COOKIES

When someone visits our website, we collect standard internet log information and details of visitor behavior patterns. We do this to find out things such as the number of visitors to different parts of the site. We collect this information in a way which does not identify anyone. We do not make any attempt to find out the identities of those visiting any of our websites. We will not associate any data gathered from this site with any personally identifying information from any source. We will be up front about this if we do want to collect personally identifiable information through our website. We will make it clear when we collect personal information and will explain what we intend to do with it. The text below explains the cookies we use and why.

By continuing to browse the website, you are agreeing to our use of cookies as set out by this policy.

Information About Cookies

A cookie is a small file of letters and numbers that, if you agree to their use, is stored on your browser or the hard drive of your computer or device.  They contain information that is transferred to your hard drive. The cookies that we could use can be split into the following categories:

  • Strictly necessary cookies. These are cookies that are required for the operation of the website. They include, for example, cookies that enable you to log into parts of the website.
  • Analytical/performance cookies. These cookies allow us to recognize and count the number of visitors to the website and to see how they move around within the website when they are using it.  This helps us to improve the way the website works, for example, by ensuring that users are finding what they are looking for easily.
  • Functionality cookies. These are used to recognize you when you return to the website. This enables us to personalize our content for you, greet you by name and remember your preferences.
  • Targeting cookies. These cookies record your visit to the website, the pages you have visited and the links you have followed. We may share this information with third parties (see our Privacy Policy for more information on how we use information we collect from you).
  • Commercial app cookies. These cookies are used as part of Pegasus’s hosted applications, products and services that hotel clients make available to end users. These cookies include those that are strictly necessary, performance, targeting, and functionality.

The Cookies We Use

 Cookie Name 

 Vendor 

 Purpose 

Category

 AWSELB 

Amazon 

AWS Elastic Load Balancer 

Performance

 __utma 

Google 

Google Analytics (1) 

Targeting

 __utmb 

Google 

Google Analytics 

Targeting

 __utmc 

Google 

Google Analytics 

Targeting

 __utmz 

Google 

Google Analytics 

Targeting

 _gauges_unique_hour 

Gauges 

Gauges Analytics 

Performance

 _gauges_unique_day 

Gauges 

Gauges Analytics 

Performance

 _gauges_unique_month 

Gauges 

Gauges Analytics 

Performance

 _gauges_unique_year 

Gauges 

Gauges Analytics 

Performance

 _gauges_unique 

Gauges 

Gauges Analytics 

Performance

 apex__product 

SalesForce 

SalesForce Analytics 

Strictly Necessary

 __hstc 

HubSpot 

HubSpot Analytics 

Targeting

 __hssrc 

HubSpot 

HubSpot Analytics 

Targeting

 __hssc 

HubSpot 

HubSpot Analytics 

Targeting

 hsPagesViewedThisSession 

HubSpot 

HubSpot Analytics 

Strictly Necessary

 hubspotutk 

HubSpot 

HubSpot Analytics 

Strictly Necessary

 hubspot.hub.id 

HubSpot 

HubSpot Authentication 

Strictly Necessary

 hubspotauth 

HubSpot 

HubSpot Authentication 

Strictly Necessary

 hubspotauthcms 

HubSpot 

HubSpot Authentication 

Strictly Necessary

 hubspotauthremember 

HubSpot 

HubSpot Authentication 

Functionality

hs_lang_switcher_choice

HubSpot 

HubSpot Authentication 

Functionality

_hs_opt_out

HubSpot

Opt out of HubSpot tracking

Targeting

__hs_do_not_track

HubSpot

Prevent HubSpot tracking

Functionality

__hs_testcookie

HubSpot

Test HubSpot tracking

Functionality

hubspotutktzo

HubSpot

Time Zone Offset

Functionality

hs_ab_test

HubSpot

 Used for AB Testing within the website

Functionality

<id>_key

HubSpot

 ID of your session

Functionality

hs-messages-is-open

HubSpot

 Website, messaging waiting for user

Functionality

hs-messages-hide-welcome-message

HubSpot

Hide Welcome Message Popups

Functionality

__hluid

HubSpot

In-app usage tracking

Targeting

mp_id_mixpanel

Mixpanel

In-app usage tracking

Targeting

messagesUtk

HubSpot

Track visitors using messages

Targeting

ASP.NET_SessionId

OHVIBE

IBE – Used for Session ID

Commercial app

VisitorLocationID

OHVIBE

Website Page Session Tracking

Commercial app

Jsaction

OHVIBE

JavaScript Action Session

Commercial app

Teasermultiroomversion

OHVIBE

Ads/Promos in IBE

Commercial app

Notes:

(1) These cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited.

(2) These cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited. This cookie is deleted when you close your browser.

(3) These cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited.

(4) This cookie is set by our internet booking engine platform to record the visitor's progression during the booking process. This cookie is deleted when a user closes their browser.

(5) This cookie is used to record that users have initiated a multiple room booking. It collects information in an anonymous form. This cookie expires when you close your browser.

Third parties (including, for example, advertising networks and providers of external services like web traffic analysis services) may also use cookies, over which we have no control. These cookies are likely to be analytical/performance cookies or targeting cookies. This privacy notice does not cover the links within this site linking to other websites not owned by Pegasus. We encourage you to read the privacy statements on the other websites you visit.

How You Can Block Cookies

You can block cookies by not providing affirmative consent to cookies while using our website, or by activating the setting on your browser that allows you to refuse the setting of all or some cookies. Blocking cookies may affect your ability to use the website. In particular, you may not be able to access all or parts of the website or use the functionalities contained on it.

 

ACCESS TO AND ACCURACY OF YOUR INFORMATION

Pegasus strives to keep your personal information accurate. We have implemented technology, management processes and policies to maintain data accuracy. Upon request to our Privacy Office, we will use all reasonable efforts to provide you with access to your information, including the opportunity to change your information. To protect your privacy and security, we will also take reasonable steps to verify your identity before granting access to your data. Certain areas of Pegasus' websites may limit access to specific individuals through the use of passwords and other personal identifiers.

The most effective way to ensure the accuracy of your personal information in our records is to take care that you, your hotel, your agent or other intermediary inputs your information correctly.

 

DATA RETENTION

We keep your personal information on Pegasus systems only so long as we need it to fulfill the purposes described in this Policy. This is also the case for anyone that we share your personal information with and who carries out services on our behalf. Retention periods can vary significantly based on the type of information and how it is used. Our retention periods are based on criteria that include legally mandated retention periods, pending or potential litigation, our intellectual property or ownership rights, contract requirements, operational directives or needs, and historical archiving. When we no longer need to use your personal information and there is no need for us to keep it to comply with our legal or regulatory obligations, resolve disputes and enforce our agreements, we’ll either remove it from our systems or anonymize it so that we can't identify you.

 

KEEPING YOUR INFORMATION SECURE

Pegasus is committed to protecting the information that you and our customers and business partners provide to us. To prevent unauthorized access or disclosure, to maintain data accuracy, and to ensure the appropriate use of the information, Pegasus has in place appropriate physical and managerial procedures to safeguard the information we collect. Our data centers and systems employ various layers of access codes and monitoring to prevent unauthorized access, and authorized access to your personal information is generally restricted to our representatives with a reasonable need for such access. We generally employ 128-bit encryption methods when collecting or transferring sensitive data such as credit card information.

Each Pegasus employee is generally subject to a confidentiality agreement, which would further restrict unauthorized disclosure of your personal information. Credit card numbers are used only for processing payments and fraud prevention.

 

HUMAN RESOURCES INFORMATION

Pegasus collects certain personal information about its employees in the European Union, which Pegasus uses solely in connection with Pegasus' employment-related activities. Employee information may also be shared with Pegasus entities or third-party service providers (such as Pegasus' benefits providers) outside of the EU solely in connection with Pegasus' employment-related activities. Pegasus has reasonable security measures to protect such personal information. Pegasus employees should contact their supervisor or the Human Resources department if they have more questions about their personal information, including their options regarding access and preferences.

 

CHANGES TO THIS PRIVACY STATEMENT

If there are updates to the terms of Pegasus' Privacy Statement, we will post those changes and update the revision date in this document, so you will always know what information we collect online, how we use it, and what choices you have. For material changes to this Privacy Statement, Pegasus will use all commercially reasonable efforts to post notice of such change prior to implementation.

 

EEA RESIDENT

If you are a resident of the European Economic Area, you have the following data protection rights:

  • Contact us at privacy@pegasus.io if you wish to access, correct, update or request erasure of your personal information.
  • In addition, you can object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information. Again, you can exercise these rights by contacting us at privacy@pegasus.io.
  • You have the right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the "unsubscribe" or "opt-out" link in the marketing emails we send you.
  • Similarly, if we have collected and processed your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
  • You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority.

See Privacy Office Contact Information section for contacting our Data Protection Officer.

We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws. Notwithstanding the foregoing, we reserve the right to keep any information in our archives that we deem necessary to comply with our legal obligations, resolve disputes and enforce our agreements—as set forth in the data retention section above.

 

OVERSIGHT AND ENFORCEMENT

Pegasus complies with and adheres to the EU-U.S. Privacy Shield framework as set forth by the U.S. Department of Commerce. Pegasus has certified that it adheres to the Privacy Shield principles of:

  • Notice
  • Choice
  • Accountability for Onward Transfer
  • Security
  • Data Integrity and Purpose Limitation
  • Access
  • Recourse, Enforcement and Liability

Additionally, once a year, Pegasus will sign a statement verifying the Privacy Statement's compliance with the Privacy Shield principles, and verifying Pegasus' compliance with such Privacy Statement.

More information on the program can be found at https://www.privacyshield.gov.

Under the Privacy Shield framework, privacy complaints can be referred to an independent dispute resolution mechanism. We use JAMS Privacy Shield Program operated by JAMS Arbitration, Mediation, and ADR Services. If you feel that we have not satisfactorily addressed your complaint, you can visit JAMS website at http://www.jamsadr.com/ for more information on how to file a complaint. If neither Pegasus nor JAMS resolves your complaint, you may pursue binding arbitration through the Privacy Shield Panel.

Pegasus has further committed to cooperate with EU data protection authorities (DPAs) with regard to unresolved complaints concerning human resources data transferred from the EU in the context of the employment relationship.

Pegasus sometimes provides personal information to third parties to perform services on our behalf. If we transfer personal information received under the Privacy Shield to a third party, the third party's access, use, and disclosure of the personal data must also be in compliance with our Privacy Shield obligations, and we will remain liable under the Privacy Shield for any failure to do so by the third party unless we prove we are not responsible for the event giving rise to the damage.

Pegasus is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). Pegasus may be required to disclose personal information that we handle under the Privacy Shield in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

 

PRIVACY OFFICE CONTACT INFORMATION

Our Privacy Office and Data Protection Officer can be contacted at:

privacy@pegasus.io, or

Privacy Office

Pegasus Solutions Companies

14000 North Pima Road, Suite 200

Scottsdale, Arizona 85260

 

Within a reasonable time after receiving your request or inquiry, we will attempt to respond to you or otherwise address your concern.

Privacy Statement last revised 21 May 2018