1. Purpose of Policy
2. What types of information do we collect?
The type of personal information that we collect and hold about you depends on the type of dealings that you have with us.
- For example, in order to process a request or enquiry from you, we may need to know all or some of the following: your full name, address, telephone number, e-mail address, your current location, and, in the case of a member's listing, a method of payment.
- We may also gather information from cookies or web beacons. You can find out more about how they operate in the relevant section of this policy below.
- We also collect IP addresses, mobile device identifier details, your location, navigation and click-stream data, the time of accessing the Site, homes you viewed, what you searched for, the duration of your visit, and other details of your activity on the Site.
- If you ask us to connect with other sites (for example if you ask us to connect with your Facebook account) we may get information that way too.
- Information that we collect from third parties, such as credit information which we use to prevent and detect fraud, information from your mobile provider if you are accessing the Site over a mobile device or information from a third party such as a social media or travel opinions site where you have asked us to share your data with them.
- We may collect reviews written by travellers on a property they stayed in (“Traveller Reviews”) and/or written by owners on a Traveller’s stay (“Owner Reviews”). Traveller Reviews are displayed on our Site, while Owner Reviews will only be disclosed to owners who receive an inquiry or booking request from that traveller. Owner Reviews enable an owner to know more about the traveller who has contacted them and therefore increase trust in our platform. Owners must comply with law and this includes not using any information about a traveller to discriminate against such traveller.
Sensitive information is personal information such as health information and information about racial or ethnic origin that is generally afforded a higher level of privacy protection. We only collect sensitive information where it is reasonably necessary for our business functions and you have consented, or we are required to do so by law.
Information other than personal information ("non-personal information")
When you visit the Site, some of the information that is collected about your visit is not personal information, because it does not reveal your identity. We use this information to help us improve our services. We may aggregate this information for our own statistical purposes. Provided that it remains anonymous, we may disclose that aggregated information to third parties for marketing or other business related purposes.
We gather and share information concerning the usage of the Site by members and travellers with one or more third-party tracking companies for the purpose of reporting statistics. In this connection, some of the pages you visit on our Site use electronic images placed in the web page code, called pixel tags (also called a "clear GIFs" or "Web Beacons") that can serve many of the same purposes as cookies.
Web beacons may be used to track the traffic patterns of users from one page to another in order to maximize web traffic flow. Our third-party advertising service providers may also use Web Beacons to recognize you when you visit the Site and to help determine how you found the Site. If you would like more information about this practice and to know your choices about not having this information used by these companies, click here: http://networkadvertising.org/consumer/opt_out.asp
3. How do we collect personal information?
Methods of collection
We will collect personal information by lawful and fair means as required by the Privacy Act. We will also collect personal information directly from you where this is reasonable and practicable.
We collect personal information in a number of ways, including:
- Directly from you in person, by email, over the telephone, through written communications (such as letters and faxes) or by you completing forms or submitting information on the Site;
- Through our Site, for example if you make an enquiry to a property owner, or if you purchase a subscription to list advertise your property;
- From third parties, including:
- direct marketing database providers,
- our related companies,
- public sources, such as telephone directories, membership lists of business, professional and trade associations, ASIC searches;
- From our own records of your use of our services.
4. Why do we collect, hold, use and disclose your personal information?
The main purposes for which we collect, hold, use and disclose personal information are:
- To identify you and verify your identity;
- To communicate with you about our services;
- To contact you from time to time with critical user or service updates;
- To assist people you have done business with. For example if you are an owner and a traveller who has booked or enquired with you needs your details we may pass them on; if you are a traveller and an owner you have booked with needs to contact you we may give them your details;
- To customize, measure and improve our services, content and advertising;
- To compare information for accuracy, and verify it with third parties;
- for any other purposes that you have consented to.
Where we have your express or implied consent, or where we are otherwise permitted by law, we may contact you with information about our products and the services on the Site, or those of our HomeAway group and/or our affiliates. You can opt out of receiving these communications at any time, by either contacting Customer Support, or by using the unsubscribe facility that we include in our commercial electronic messages (i.e., email) to opt out of receiving those messages.
5. To whom do we disclose your personal information?
We may disclose your personal data to enforce our policies, or where we are permitted to do so by applicable law, such as in response to a valid, legally-compliant request by a law enforcement or governmental authority, or in connection with actual or proposed litigation, or to protect our property, people and other rights or interests.
We may also share your personal data with:
- One of our partners if you've requested their services or if you’ve requested to be provided with information by them;
- Another member if you have done business with them;
- Companies in the HomeAway group and/or affiliates;
- Other companies we work with to feature all or part of our member’s property listings or otherwise provide promotional or other services related to our or HomeAway group’s business. This might include featuring your listings and photographs on other websites;
- Any third party you have asked us to share your personal data with – such as Facebook if you have asked us to connect with your Facebook account; or
- Our contracted services providers, including:
- Information technology service providers (including cloud services providers);
- Marketing, communications and research agencies;
- Mailing houses, postal, freight and courier service providers;
- Printers and distributors of direct marketing materials;
- External business advisers (such as recruitment advisers, auditors and lawyers);
- When creating a profile on our Site, the information in your profile will available to be viewed by other users of our Site;
- We will display your name (taken from your profile) with any content that you contribute to the Site (including reviews).
If you choose to send an enquiry to a member on a Site, your personal information, including your email address and any other information you supply (unless the Site specifies otherwise), will be visible to the relevant member so that they can reply directly to you. Enquiries sent using the HomeAway system are also available for review to a limited number of customer service employees, who may be asked by a member or others for their past enquiry information.
In the case of these contracted service providers, we may disclose personal information to the service provider and the service provider may in turn provide us with personal information collected from you in the course of providing the relevant products or services.
We may de-identify and aggregate the personal information of you and others for our own statistical purposes. Provided that it remains permanently de-identified, we may disclose that aggregated information to third parties or publish it for marketing or research purposes.
If you post comments or otherwise communicate publicly with other users via our Site, any information about yourself that you include in the communication may be stored on the Site and accessed by other users. For this reason, we encourage you to use discretion when deciding whether to post any information that can be used to identify you.
6. Cross border disclosure of personal information
HomeAway is part of the HomeAway, Inc. group which operates in a number of international jurisdictions, including the US and the United Kingdom.
As a result, your personal data may be transferred, stored and processed in the United States, United Kingdom, or any other country in which we or our affiliates, subsidiaries, partners or agents maintain facilities. These data processors, acting under our instructions (or those of one of our partners) may be engaged in, among other things, the fulfillment of your information requests and the provision of support tools and services on the Site. They may also be helping us maintain the integrity and security of the Site, including emails and messaging platforms on the Site.
If you do not agree to the transfer of your personal information outside Australia, please contact us via the details set out in Section 10.
HomeAway Group and Safe Harbor
You can find details of the HomeAway group and the companies in it in its initial, annual and quarterly filings made with the United States Securities and Exchange Commission on Forms S-1, 10-K and 10-Q, which can be accessed here: http://investors.homeaway.com/sec.cfm
HomeAway, Inc. complies with the US Department of Commerce’s Safe Harbor scheme, and has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about this scheme and see the information we have filed with the Department of Commerce here: http://export.gov/safeharbor/
7. Data quality and security
We hold personal information in a number of ways, including in electronic databases, email contact lists, and in paper files held in secure premises. We take reasonable steps to:
- Make sure that the personal information that we collect, use and disclose is accurate, up to date and complete and (in the case of use and disclosure) relevant;
- Protect the personal information that we hold from misuse, interference and loss and from unauthorised access, modification or disclosure;
- Destroy or permanently de-identify personal information that is no longer needed for any purpose that is permitted under the Act.
We implement a range of physical and electronic security measures to protect the personal information that we hold, including:
- mandatory password protection on all computers (users are required to change their passwords at regular intervals);
- hardware encryption on desktops, laptops and portable storage devices;
- secure hard copy document, electronic storage media and hardware disposal procedures;
- key card-restricted access to all offices;
- firewall and antivirus/malware software; and
- training and workplace policies.
While HomeAway strives to protect the personal information and privacy of users of the Site, we cannot guarantee the security of any information that you disclose online and you disclose that information at your own risk. If you are concerned about sending your information over the internet, you can contact us by telephone or post.
While no system is completely secure, we believe the measures implemented by the Site reduce our vulnerability to security problems to a level appropriate to the type of data involved. We have security measures in place to protect our user database and access to this database is restricted internally. However, it remains each user's responsibility:
- To protect against unauthorized access to your use of the Site;
- To ensure no-one else uses the Site while the user's machine is "logged on" to the Site (including by logging on to your machine through a mobile, Wi-Fi or share access connection you are using);
- To log off or exit from Site when not using it; and
- Where relevant, to keep your password or other access information secret. Your password and log in details are personal to you and should not be given to anyone else or used to provide shared access for example over a network; and
- To maintain good internet security. For example if your email account or Facebook account is compromised this could allow access to your account with us if you have given us those details and/or permitted access through those accounts. If your email account is compromised it could be used to ask us to reset a password and gain access to your account with us. You should keep all of your account details secure. If you think that any of your accounts has been compromised you should change your account credentials with us, and in particular make sure any compromised account does not allow access to your account with us. You should also tell us as soon as you can so that we can try to help you keep your account secure and if necessary warn anyone else who could be affected.
If you have asked us to share data with third party sites, however (such as Facebook) their servers may not be secure. Credit card information is generally stored by our credit card processing partners and we ask them to keep that data secure. We also use third parties to help us optimize our website flow, content and advertising (see below).
Note that, despite the measures taken by us and the third parties we engage, the internet is not secure, and others may nevertheless unlawfully intercept or access private transmissions or data. As such, except to the extent liability cannot be excluded due to the operation of statute, HomeAway excludes all liability (including in negligence) for the consequences of any unauthorised access to your personal information. Please notify us immediately if you become aware of any breach of security.
Phishing or False emails
If you receive an unsolicited email that appears to be from us or one of our members that requests personal information (such as your credit card, login, or password), or that asks you to verify or confirm your account or other personal information by clicking on a link, that email was likely to have been sent by someone trying to unlawfully obtain your information, sometimes referred to as a "phisher" or "spoofer." We do not ask for this type of information in an email. Do not provide the information or click on the link. Please contact us at Customer Support.
Third party websites
8. Access and correction of your personal information
You have a right to request access to or correction of your personal information held by us. If you wish to access, correct or update any personal information we may hold about you, please contact us as set out below. However, we may charge for providing access to this information and we may refuse access where the Act allows us to do so.
If you have an online account via the Site, you can access and change some of your personal information by logging in to your account and following the instructions on the Site.
If you do not have an account, you can request access to the personal information that we hold about you and request corrections by contacting our Privacy Officer (see section 10 below).
9. Complaints process
We will take any privacy complaint seriously. We will aim to resolve any such complaint in a timely and efficient manner, and our target response time is 30 days. We request that you cooperate with us during this process and provide us with relevant information we may require.
We expect our procedures will deal fairly and promptly with your complaint. However, if you remain dissatisfied, you can also make a formal complaint with the Office of the Australian Information Commissioner (which is the regulator responsible for privacy in Australia):
Director of Compliance
Office of the Australian Information Commissioner
GPO Box 5218
Sydney NSW 2001
Phone: 1300 363 992
10. Contact Us
Please contact our Privacy Officer if you have any queries about the personal information that we hold about you or the way we handle that personal information:
HomeAway Privacy Officer
Level 18, 100 William Street,
11. Changes to this Policy