We only use information for which consent has been given, and involved in the following situations: service delivery (e.g. bookings, etc), legal compliance or obligations, or other normal business reasons. Below, find explanations of each of these situations.
We use your data to provide or facilitate contracts you are trying to execute, most often a booking with a travel supplier, or with us. There are a number of ways this might occur.
We may need to retain and use your information in connection with legal claims, or for compliance, regulatory and auditing purposes. For example we may retain information where we are required by law, or if we are compelled to do so by a court order or regulatory body. Also, when you exercise any applicable legal rights you have to access, amend or delete your personal data, we may request identification and verification documents from you for the purpose of confirming your identity.
We also use data to improve our services and to protect or further our legitimate interests. This represents a range of important things like security and fraud, and malicious attack prevention, to helping us see whether a fancy new feature is popular or panned by our users. Examples of this type of usage include:
Personalising your experience involves us creating a profile of your activity on our services, such as page views, clicks and viewing of specific routes and offers. Ultimately, these combine to improve the features we offer, the level of personalization and the quality and efficiency of the user experience.
Where we process your personal data based on a legitimate interest we will only do so where the processing is relevant and limited to what is necessary for the purpose it was collected for. And we will always ensure our legitimate interests don’t unfairly impact on your own rights and freedoms.
We will explicitly obtain your consent for purposes such as:
Where we process personal data based only on your consent, you can withdraw this consent at any time either by using the functionality provided within the appropriate product feature or by contacting us.
For site usage, booking, and app usage, your consent is provided via acceptance of the terms of service, your usage of the application or site being contingent upon this. This consent can also generally be withdrawn by user request, or cessation of use of the Wego site.
As users visit our sites or use our apps, there is a myriad of of information collected and stored about their experience. There’s little point in collecting more than is needed, so we stick to the important things. Here are some examples of how we collect only what’s required.
We can’t help you plan and book your dream trip without information. So, when you use our services, we have to collect, keep and share some personal data and ask that you agree to that in line with this policy. We collect information in a few distinct ways:
Information you choose to give us might include personal data needed for you to book travel for yourself and others. This ranges from the dates and destination you choose in a search, to the basic stuff for making a booking with a Travel Supplier such as names and contact details. It can also include content like the reviews or photographs you upload to our services to share with other travellers. Most importantly, it’s always up to you whether or not you choose to give us this kind of information.
We generate or collect some information from your computer or device automatically as you use our services. This includes stuff like your IP address, information about the device and browser you are using to access our services, the website URL you visited us from and the third party sites you visit when you click on links to exit the Wego site. It also includes details of the bookings you have made via Wego. We may also know your location from your mobile or your IP address. This helps us to improve your experience and make sure you receive the content that’s most relevant to you.
Sometimes we’re given information about you from third parties, depending on how you choose to interact with us. For example, when you come to our website via a promotional partner, or when you log into your Wego account using our social network login feature. And, if you’ve redirected to a Travel Supplier’s website or app to complete your booking, we might collect information from them about whether you went ahead with your trip and what you booked.
Our services are not intended for children under 13 years of age, and no one under the age of 13 should provide any information to, on or via our services. We don’t knowingly collect personal data from children under 13, and will delete any that we learn we have collected or received that was not provided by, or with express consent on behalf of, the child’s parent or legal guardian.
Depending on how you interact with our services, we may collect or process the following categories of personal data via the three different ways explained above.
Our policy on personal data retention is to store data for only as long as is necessary to satify legal requirements, or while we are using it to provide services to you as a customer. For example, fulfilling a booking contract, or for a legitimate business interest. Once this period is complete, we may anonymize and aggregate the date (rendering it non-personally identifiable), or delete it in accordance with best practices. You can ask us to delete your personal data at any time.
We have different retention policies with regard to how we go about keeping the data, the first is where there is a legal obligation to retain data for specific periods of time, and the second takes into account the specific purpose of the data itself – such as during the regular conduct of business.
If you have a Wego account, we will keep personal data such as your email address, name and other details so you can log in and use our applications and web services for as long as you require. We may keep other information not tied to specific users, indefinitely – such IP address activity – which we use to help us understand patterns of network traffic and usage of our products and services and to both improve our offerings and protect our business interests. No matter how long the retention period, you can ask us to delete your personal data in certain circumstances.
There are a few possibilities where we may share information with third parties, first, if you ask us to, second, if it’s a necessary part of the business flow (like a travel partner) or finally where there is a legal requirement. When you leave our site for a travel partner, they will collect data according to their own policies. Some companies that advertise on our sites may also collect information (see “How can I control the advertising I see?”). Finally, there are third parties that help with delivery of services – for instance, payment providers, who use your data on our behalf.
We share information relating to our users with selected third parties who provide us with a variety of different services that support the delivery of our services (let’s call them “Third Party Processors”). These Third Party Processors range from providers of technical infrastructure to customer service and authentication tools. We require any Third Party Processor which handles information on our behalf to do so pursuant to contractual terms which require that the information is kept secure, is processed in accordance with applicable data protection laws, and used only as we have instructed and not for that Third Party Processor’s own purposes (unless you have explicitly consented to them doing so). Third Party Processors may be located in, or process your information, outside of the country in which you are based. Where our use of a Third Party Processor involves the transfer of personal data from within Europe to a location outside of the European Economic Area, we will put in place appropriate measures to ensure that the personal data is adequately protected in that location, most often by applying European Commission-approved standard contractual clauses alongside robust security checks. The types of Third Party Processors we may share elements of your personal data with include:
If you are purchasing travel with a Travel Supplier from within our services’ booking platform (Instant Book via Wego), personal data you submit as part of the booking process may be shared with the relevant Travel Supplier or a third party contracted to provide services on their behalf, in order to allow any booking to be processed. When we do share your personal data in this way, you will have an opportunity to review the Travel Supplier’s privacy policy and any terms and conditions, first. Personal data may also be used by the Travel Supplier for fraud-detection purposes.
We will share personal data with third parties where you have expressly authorised us to do so, for example, if we run a promotion in conjunction with a partner and you instruct us to share your email address with that third party for the purpose of receiving promotional emails.
Certain information may also be collected from you by third parties such as advertisers, marketing networks and affiliates (see the How do we advertise? section below) using cookies and similar technologies. For example, your IP address, and site activity like searches or pages viewed on Wego, may be collected and transmitted to these third parties to allow them to serve relevant advertising to you across the web. The information that is collected in this way will never include your name, contact details or other information that would enable you to be identified in the offline world.
We may disclose your information if it is necessary to enforce our Terms of Service or if necessary to prevent, detect or prosecute illegal or suspected illegal activities, including fraud, or to prevent other damage or where necessary in response to legally binding requests, legal action against us, or to enforce our rights and claims.
Keeping your personal data secure is our highest priority. We limit access to only those Wego employees who have to come into contact with your information to do their jobs and deliver our services. While no website or app can guarantee complete security, we have implemented an organizational security process designed to keep your personal data as safe as possible. Wego uses technical, architectural, and administrative security measures as well as best practice approaches to ensure your data stays private and is used in accordance with your approvals. All our cloud based data storage is provisioned with strict access limitations and encryption at rest on-disc. All transmission of data uses TLS and HTTPS/SSL encryption to ensure the best possible security. We also maintain an end-to-end process of security with our Third Party vendors, which includes security assessments and documentation and status updates on a regular basis.
Privacy and Data Protection are impressed upon all Wego employees through training and enforced policies. We always work with the principle of least privilege (PoLP), which for us means that in each policy or technical system we build, the absolute minimum level of accessibility to data is granted to operate the system, and no more. We also make every effort to eliminate ties to personally identifiable data where possible through techniques like anonymisation. All new systems connected to our data, or changes in data collected will trigger a privacy review and impact assessment to ensure compliance with all our data protection policies.
We store the information we collect from you on secure servers in data centers located in Singapore and the United States, and occasionally on servers located nearer to you, based on legal requirements. We only use major Third Party Cloud Platform suppliers, with audited ISO 27001, 27017, 27018, SOC 1,2,3, CSA Star, and other more local physical and network certifications to ensure the absolute best in class security for our systems and your data.
While some countries we operate from may have different or less stringent data protection and security standards, our policies and technology start from a high common denominator of security. If the local laws in these countries are unique in exceeding this standard, we’ll provide the safeguards needed to protect your data in the prescribed way. We do this through a process of regular review of technical, organisational and administrative security measures, and by monitoring evolving privacy standards around the world.
You may see advertisements when you use our sites or applications. These will either be delivered by us directly or by third party advertising solution providers. Sometimes these advertisements will be personalised to make them relevant to you. In some cases, the personalisation may include details based on previous searches at the hotel or flight level. An example of this might be that you recently searched for a flight to Rome, and Wego might serve an relevant advertisement for hotels in that location. Alternatively, it may be interest based, delivered from a third party ad network that has information about sites you may have interacted with. An example of this might be a third party network that had information you visited a Skiing site, and then selected a Skiing destination for advertisement on Wego. In either case, the personalisation will never include your name or contact details which could be used to identify you in the offline world.
You may also see advertisements for our services once you’ve left Wego and are using non-Wego websites. This can happen where a non-Wego Platform makes advertising space available for sale and Wego, or a Third Party Ad Solution that we work with, purchases that space. These advertisements may be personalised and served to you because of information that Third Party Ad Solutions have collected about you.
The following sections on cookies and tracking codes outline some of the ways you can control what advertisers store about you on your computer, changing these settings allow you to control some of the advertising that can appear. Changing these settings generally result in more generic advertising as they no longer have access to data used to send you the most relevant advertising.
We use a combination of cookies and other technologies such as pixels/web beacons and tracking codes (explained below) to collect information for use in line with the purposes set out in this policy.
Cookies are tiny data files that are stored on your web browser or device. Cookies record things like your preferences and settings, or assist with logging into the site, helping to give us the information we need to provide you with the most consistent and relevant experience. We also use cookies to record information about experiments or new improvements we might test to track how you use our services and find out whether they were effective. Cookies on our website may be set by us, third parties we’re working with, or independent third parties (such as advertisers).
Current web browsers allow you to set notifications for receiving a cookie, giving you the chance to decide whether or not to accept it. They can also be entirely blocked on site by site basis using the same configuration panels. Here are some basic instructions for some popular browsers for controlling your cookie settings:
Web beacons or pixels are extremely small (often the size of 1 pixel, hence the name), transparent image files inside a web page or email. We use them to understand how you interact with Travel Supplier sites you have been redirected to. For example, we might use the beacon to confirm if you completed the booking with them, and what you booked. We also use beacons to gather information such as whether you’ve opened an email, so that we can determine if the content was of interest, and thereby improve the nature of communications with you.
Tracking codes are snippets of code placed in the page to measure things like visits and interactions. We use tracking codes to find out more about how you interact with our websites and applications, advertising, and how you navigate Wego sites.
Wego uses cookies for certain functions which can roughly be categorized into four categories: necessary for operation of the site/application, storing of user preferences, site statistics, and marketing personalisation. The table below outlines Wego’s usage of cookies which originate through third-parties, and their category/purpose.
| Owner | Description | Privacy Policy |
|---|---|---|
| Cedexis | CDN image/content delivery | https://www.google.com/policies/privacy/ |
| Cloudflare | CDN image/content delivery | https://www.cloudflare.com/privacypolicy/ |
| Cloudfront (AWS) | CDN image/content delivery | https://aws.amazon.com/privacy/ |
| cookiebot | Used to track user cookie privacy permissions | https://www.cookiebot.com/en/privacy-policy/ |
| EdgeCast (Verizon) | Used to track user cookie permissions | https://www.verizondigitalmedia.com/policies/edgecast-privacy-policy/ |
| FreshChat | Tool for handling in-app chat and customer care | https://www.freshworks.com/privacy/ |
| Google Analytics | Business and financial reporting | https://www.google.com/policies/privacy/ |
| ub.io | Service used to facilitate bookings with suppliers | https://ub.io/privacy-policy.html |
| Owner | Description | Privacy Policy |
|---|---|---|
| AppsFlyer | Service used to identify the source of app downloads and for related analytics | https://www.appsflyer.com/privacy-policy/ |
| Owner | Description | Privacy Policy |
|---|---|---|
| Google Ads | Used to personalise ads on the Google advertising network | https://policies.google.com/technologies/ads |
| WebEngage | Service used to personalise and track EDM marketing efforts and offers | https://www.appsflyer.com/privacy-policy/ |
While the cookies classified as necessary are required for the proper and safe operation of the site, all other cookies can be opted-out by clicking on the privacy link at the bottom of each page labeled “Cookie Consent”.
If you’ve got a Wego account, you can access, edit, download or delete the key personal data associated with your profile at any time by going to your Profile. From here you can also manage your subscription and marketing preferences. You also have rights in relation to the personal data we have about you, which we explain in more detail below. You can exercise these rights by getting in touch with us via your Profile page.
You have the right to ask us for a copy of your personal data; to correct, delete or restrict processing of your personal data; and to obtain the personal data you have provided to us in a structured, machine readable format. In addition, you can object to the processing of your personal data in some circumstances (in particular, where we don’t have to process the data to meet a contractual or other legal requirement). Where we have asked for your consent, you may withdraw consent at any time. If you ask to withdraw your consent to Wego processing your data, this will not affect any processing which has already taken place at that time. These rights may be limited, for example if fulfilling your request would reveal personal data about another person, or if you ask us to delete information which we are required by law or have compelling legitimate interests to keep. If you have unresolved concerns, you have the right to complain to a data protection authority. To the extent that you’re unable to satisfactorily exercise any of these rights via your Profile, you can do so by contacting our Data Protection Officer by post at Wego, 1 Harbourfront Place, #18-04, HarbourFront Tower One, Singapore 098633, or electronically via your Profile page. If you have unresolved concerns, you have the right to complain to a data protection authority.
Wego is provided by Wego Pte Ltd, a company registered in Singapore.
Wego Pte Ltd is the Data Controller of any information collected from you by us.
Our ACRA company number is: 200506074G
Our registered office address is: 1 Harbourfront Place, #18-04, HarbourFront Tower One, Singapore 098633
If you have questions or suggestions email us at [email protected]