trivago's Privacy Notice
Last Updated: December 2022
This Privacy Notice is valid for all websites, applications or other services and offerings (collectively "the Services") operated by trivago N.V and its subsidiaries (“we”, “us”, or “trivago”).
In this Privacy Notice, we provide information about how trivago processes personal data in relation to your use of the Services. Personal data is any data that can be used to identify you, either directly or indirectly.
As a metasearch company, trivago may redirect you to the websites or apps of third parties. Please note that we have no control over these third-party services, and that your use of these third-party services is subject to the privacy policies posted on the corresponding websites or apps, and not to this Privacy Notice.
Continuous technological development, changes to our services, changes to laws, or other reasons may require us to amend our Privacy Notice. We will make changes to this Privacy Notice regularly, and we ask that you keep yourself informed of its contents.
1. Who is responsible for the processing of personal data described in this Privacy Notice?
trivago N.V. controls the processing operations described in this Privacy Notice. trivago is a company incorporated under the laws of the Netherlands, and has its offices at Kesselstraße 5-7, 40221 Düsseldorf, Germany.
To exercise your data protection rights, or to ask a general question about the processing of your personal data by trivago or about this Privacy Notice, you can contact our team by sending an email to privacy@trivago.com.
To contact our data protection officer directly, please send an email to privacy@trivago.com with the subject line "To the attention of the data protection officer". Please note, emails sent to this address will not automatically be confidential/only read by the data protection officer. Should you require a confidential exchange with our data protection officer, please state so in your email to us and we will arrange such an exchange.
2. Your rights
You have the following rights with respect to your personal data. Please refer to Section 1 to get information about how to contact us and to exercise such rights.
2.1 General rights
You have the following legal data protection rights under the relevant legal conditions: the right to information (Article 13 GDPR), the right of access (Article 15 GDPR), the right to deletion (Article 17 GDPR), the right to correction (Article 16 GDPR), the right to restriction of processing (Article 18 GDPR), and the right to data portability (Article 20 GDPR).
2.2. Right to revoke consent
You have the right to revoke consent previously provided to us at any time. The consequence of this will be that we will no longer process your personal data in relation to that consent in the future. The revocation of the consent does not affect the legality of any processing carried out on the basis of the consent up to the time of your revocation thereof.
2.3 Right to object to processing of data based on legitimate interests
If we process your personal data on the basis of legitimate interests, you have the right to object at any time for reasons arising out of your particular situation against such processing. If you object, we will no longer process your personal data unless we can establish compelling and legitimate grounds for processing that outweigh your interests, rights and freedoms, or if the processing aids the enforcing, exercising or defending of legal claims.
2.4 Rights to object to direct marketing
If we process your personal data for the purpose of direct marketing, you have the right to object at any time to such processing. For further details on how to object to any form of direct marketing, please see Section 6.1.
2.5 Right to complain to a supervisory authority
You also have the right to complain to a competent data protection authority if you believe that your personal data is being processed in violation of applicable data protection legislation. You may contact any data protection authority in any member state of the European Union, in particular at your place of residence. The competent supervisory authority for trivago is: Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen, Kavalleriestr. 2-4, 40213 Düsseldorf, Phone: 0211/38424-0, E-Mail: poststelle@ldi.nrw.de.
3. What data we collect from you
When you use our Services, we may process these types of personal data:
- User data
- Personal data collected for the creation of a member account, such as: your name, email address, password.
- Contact details and other information you may share with us, such as your postal address, age, gender, country of residence, social network profiles, messages you sent to our team, feedback, comments, replies to surveys or interviews, participation to any of our promotional activities.
- Usage data
- Information about how you use our Services, including the details inputted by you when you conduct a search using our Services (including destination, date, number of guests, currency), deals viewed, and links clicked.
- Interaction with our marketing communication: we may collect information about your engagement with our direct marketing messages, including our newsletter and push notifications (for instance, analytics on the number of times you open our newsletter or click on hyperlinks in it).
- Booking data: When you use our Services and click a link to an accommodation offer that is listed on our Services, the online booking site making that offer may send us personal data relating to any subsequent booking or reservation that you make on the online booking site.
- Location data: We may process approximate location information based on your IP address (country or city level). Furthermore, with your prior consent, we may use GPS data to provide you with customised search results on your mobile.
- Bank data: Even though we are not directly involved in the accommodation booking and payment process, we may ask you to share, from time to time, your bank details, for example to issue compensation to users.
- Technical data: Examples include IP address, cookies, identification data (session ID, member ID, device ID), access status/HTTP status code, browser software and version, operating system and its interface, internet service provider, language and other configuration settings.
4. Why and how we use your personal data
Below you will find information about (i.) the reasons why we collect and use your personal data, as well as, for each purpose, (ii.) the corresponding legal basis and (iii.) the categories of personal data involved. Your personal data may be used in the following ways:
- Provide our Services, including help you compare accommodation prices and offers, and find your ideal accommodation.
- Legal basis: performance of a contract, consent.
- Categories of personal data used: user data, usage data, booking data, location data, technical data.
- Create and maintain a safe and reliable environment for our Services, including for your trivago user account.
- Legal basis: compliance with legal obligation, legitimate interest.
- Categories of personal data used: usage data, technical data.
- Understand how you use our Services and use the feedback you may send us to improve our Services, identify trends in the industry, and develop new products and features to improve your experience.
- Legal basis: consent, legitimate interest.
- Categories of personal data used: user data, usage data, booking data, technical data.
- Send you direct marketing communication about our Services or related services, provide you with advertisement on our Services as well as on third party websites (whether personalised or not), and otherwise administer promotional activities (such as sweepstakes and similar giveaways).
- Legal basis: consent, legitimate interest.
- Categories of personal data used: user data, usage data, technical data.
- Communicate with you, respond to your questions and comments, and provide customer service.
- Legal basis: performance of a contract, legitimate interest.
- Categories of personal data used: user data, usage data, booking data, bank data.
- Fulfil contractual obligations with third parties, such as online booking sites listing in our Services.
- Legal basis: performance of a contract, legitimate interest.
- Categories of personal data used: user data, usage data, booking data.
- Comply with legal obligations, requests from law enforcement, prevent fraud and establish, exercise or defend legal claims.
- Legal basis: compliance with legal obligation, legitimate interest, performance of a contract.
- Categories of personal data used: user data, usage data, booking data, technical data.
5. With whom we share your data
We may share your personal data with the following categories of recipients, provided there is an appropriate legal basis:
- Our wholly owned subsidiaries.
- Authentication partners: for instance, when you sign in or log into our Services using third-party services such as Facebook, Google or Apple.
- Third party service providers who provide data processing services to us, such as: hosting and storage providers,customer service providers, communications providers, security and fraud prevention providers, debt collectors, analytics, advertising, and marketing providers.
- Third party service providers who provide services to us that are independent data controllers, such as security and fraud prevention services, social media networks and advertising and marketing providers.
- Business partners that we may jointly offer products or services with. These are services offered through our Services in conjunction with other third parties.
- Third party travel suppliers such as hotels, airlines, car hire, insurance, property owners, travel guide or activity providers.
- Law Enforcement Authorities. To prevent, detect and prosecute illegal activities, threats to state or public security and to prevent threats to people’s lives.
- As part of a corporate transaction such as a merger, divesture, consolidation, or asset sale.
If we transfer data to our service providers, they may only use the data to perform their tasks. The service providers have been carefully selected and commissioned by us. They are contractually bound to our instructions, have suitable technical and organisational measures and are regularly monitored by us.
6. Service-specific information
6.1 Newsletter
We offer newsletter services, which may include inspirational travel content, links to surveys or sweepstakes, reminders about the searches you have made through our Services, or other news about our Services, or the services offered by our partners.
By subscribing to our newsletter directly through our Services, you will receive an email in which we ask you to confirm that you are the owner of the email address you have provided. If you do not confirm your sign-up within 24 hours, your personal data will be deleted after one month.
If you no longer wish to receive newsletters from us, you can unsubscribe at any time by using the “unsubscribe” link included in the footer of each of our newsletters, or by contacting our privacy team as described in Section 1 above.
6.2 trivago User Account
trivago user account creation is voluntary but may be required to make full use of the functionality of some of our Services.
You can manage, modify and delete all information in your trivago user account. Please note that, after a certain period of inactivity, we will automatically delete your trivago User Account.
6.3 Business Studio
If you use Business Studio you will receive a personal password-protected account and you can view and manage the data that is stored in that account. Hoteliers who have a trivago Business Studio account may receive direct information about new or additional features.
7. Information on cookies
Whenever you use our Services, we use cookies and other online tracking technologies. In this paragraph, you will find information about what ‘cookies’ are, how they are used by trivago, and how to manage your preferences.
7.1 What are cookies?
Cookies are small text files which are downloaded on your device when you visit a website or an app. Alongside cookies, we may use other tracking technologies such as web beacons, tags or pixels (tiny graphic images placed on a web page, which indicate that such page has been viewed), or Software Development Kits (SDKs – tracking technology stored in an app). In this paragraph, cookies and other tracking technologies will be generally referred to as “cookies”.
Cookies allow websites to recognise users’ devices and to store information about the content users view and interact with, and therefore provide them with a customised experience (for instance, remember preferences and settings).
Cookies can be divided into different categories:
- Depending on their operator:
- First-party cookies are placed by trivago on our websites and apps;
- Third-party cookies are operated on our websites or apps by external providers, such as advertising partners, security providers and social media partners.
- Depending on their duration:
- Session cookies: cookies that are automatically deleted when you close your browser.
- Persistent cookies: cookies that are automatically deleted after a set duration that can vary depending on the cookie. You can delete cookies in your browser security settings at any time.
7.2 How does trivago use cookies?
trivago, or external providers operating third-party cookies on our websites or app, use cookies described in the section above in the following ways:
- Strictly necessary: these cookies are necessary to enable you to use our Services. Without these cookies, our Services cannot be properly provided.
- Functional cookies: these cookies allow us to remember choices you have made on our websites or apps (for instance, the language or currency you have selected) and provide you with enhanced and personalised features. If you do not allow these cookies, then some or all of these functionalities may not perform properly.
- Performance cookies: these cookies, either placed by us or in some cases by our business partners, allow us to collect information about the performance of our Services (i.e. which pages are accessed/used the most or the least). We use this information to maintain, develop and improve our Services. If you do not allow these cookies we will not know when you have visited our websites and apps and will not be able to monitor their performance.
- Marketing cookies: These cookies are set through our websites and apps by our advertising partners. They may be used by these companies to build a profile of your interests and show you relevant ads on third-party websites. If you do not allow these cookies, you will experience less personalised advertising.
Some of the cookies placed on our websites and apps originate from our business partners.
We use tools strictly necessary for website operation based on our legitimate interest to provide the basic functions of our website. In these cases, access to and storage of information in the terminal device is strictly necessary and takes place on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany in accordance with Section 25 (2) TTDSG.
We use all other non-essential (optional) tools that provide additional functions on the basis of your consent. Access to and storage of information in the terminal device then takes place on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany in accordance with Section 25 (1) TTDSG. Data processing using these tools only takes place if we have received your consent for this in advance.
If personal data is transferred to third countries (such as the USA), please refer to section 8 ("Transfer to other countries"), also regarding the risks this may entail.
7.3 How to manage your cookie preferences?
You can withdraw or modify your consent to our use of non-essential cookies at any time by using the corresponding link in the footer of our websites, or by configuring your web browser settings to decline cookies by visiting the “Help” section of your browser’s toolbar. You may also want to visit www.youronlinechoices.com or www.youradchoices.com to learn how to opt out of personalised ads.
On your mobile device, your operating system may allow you to control cookies through its setting function. Refer to your device manufacturer’s instructions for more information. If you choose to decline cookies, some parts of our Services may not work as intended or may not work at all.
8. Transfer to other countries
Because of the global nature of our business, we may share your personal data internationally with our wholly owned subsidiaries, and with our partners and service providers. They may process your personal data in countries where data protection laws may differ from EU laws, or with the law applicable in your country of residence.
Whenever such countries are not subject to a European Commission adequacy decision, we take additional measures to make sure that the transfer of your personal data complies with applicable laws, such as the Standard Contractual Clauses issued by the European Commission.
If a transfer to a third country is provided for and no adequacy decision or appropriate safeguards are in place, it is possible and there is a risk that authorities in the respective third country may gain access to the transferred data in order to collect and analyse it, and that the enforceability of your affected rights cannot be guaranteed.
9. How does trivago protect your data?
As part of our commitment to safeguard your personal data, we have taken appropriate technical and organisational measures to protect your personal data from being accidentally or intentionally manipulated, lost, destroyed, or accessed by unauthorised persons. These include pseudonymization, encryption, firewalls, or access controls. Our security measures are reviewed regularly and updated in keeping up with technological advances.
10. When will your data be deleted?
We keep your personal data only for as long as needed or permitted in light of the purposes for which it was collected and consistent with applicable law. Thereafter, we delete the data immediately, unless we still need the data until the expiry of statutory limitation periods (e.g. for evidence purposes for civil law claims or accounting and tax law reasons), or if there is another legal basis under data protection law for the continued processing of your data in the specific individual case. We will anonymize your data if we intend to use it for analytical statistical purposes over longer periods.