Policies
At WebBeds, we pride ourselves on leading the way in online travel and becoming the best possible partner to the travel trade. This extends to the ways in which we manage the personal information of our clients and suppliers and the individuals who are, or who work for or on behalf of, our customers. We will always be transparent about how we collect and use personal information and how we protect privacy.
At WebBeds FZ-LLC (“WebBeds”, “we”, “us”, “our”), we pride ourselves on leading the way in online travel. This extends to the ways in which we manage your personal information. We will always be transparent about how we collect and use your personal information and how we protect your privacy.
This Privacy Notice describes how we collect, use and process information about you, when you make an enquiry or booking with us.
We are always happy to answer any questions you may have, or to provide you with any additional information that you may need Please see the “Contact Us” section at page bottom, for details on how to get in touch with us.
We review this Privacy Notice regularly to ensure that we’re being transparent about how we use your personal information. Any changes to this Privacy Notice will be reflected on our website and will take effect on the date of publication.
We are WebBeds FZ-LLC (also trading as Sunhotels, Lots of Hotels, FIT Ruums and Destinations of the World (“DOTW”),), a company registered in Dubai, United Arab Emirates with company number 91277. Our registered office is at Suite 3212-3216 Al Shatha Tower, PO Box 502115, Dubai Media City, Dubai, United Arab Emirates.
We offer a range of travel and accommodation booking services across our websites, channels and platforms. We refer to all of these services, together with our applications and websites as "Services" in this Privacy Notice.
For the purposes of the General Data Protection Regulation 2016/679 (“GDPR”) and the UAE Data Protection Law (Federal Law No. 45 of 2021), we are an independent “data controller” for the processing of personal information we collect in order to supply our Services and perform our business functions and activities, including:
We are firmly committed to ensuring the privacy of the personal information we collect and to maintaining safeguards to protect personal information in our care. There may be instances where your local data protection laws impose more restrictive information handling practices than the practices set out in this Privacy Notice. Where this occurs, we will adjust our information handling practices in your jurisdiction, to comply with these local data protection laws.
When you make a booking with us, we may collect the following information from you:
There is no law that compels us to collect this personal information, and you may choose not to provide your personal information to us but if you choose not to provide your personal information to us, we may not be able to provide you with our Services.
From time to time, we will also collect information which is considered sensitive information or referred to as “special category” personal information. This is most likely to include:
Direct Collection
We collect personal information directly from you when you make travel or accommodation enquiries and bookings via the Services and when you submit payment for bookings made via the Services. We may also collect personal information from you when you email us, contact us to exercise your individual rights, or otherwise engage with us.
Indirect Collection
We also collect your personal information from third-parties (for example, travel agencies) you have authorised to make a travel or accommodation enquiry or booking on your behalf.
If a travel agent is arranging travel or accommodation on your behalf, this travel agent will also be an independent data controller of the personal information they collect from you, to facilitate your travel or accommodation booking. Please see the travel agent’s privacy policy for information about how they collect and handle your personal information.
Our primary purpose in collecting your personal information is to help provide a smooth and efficient booking process. Having your information allows us to provide our Services to you, make your booking experience quick and easy, and provide you with a better user experience.
Further information about the specific purposes for which we use the personal information we collect, and the legal basis of our processing for those purposes, can be found below.
To provide the Services and personalise your experience
We use personal information about you to provide the Services to you, to facilitate any travel or accommodation services your request or purchase with us and to process transactions with you, (on the basis of performing our contract with you). We will only process special categories of personal information where necessary to facilitate your needs (where we, or a third party authorised by you, have obtained your consent to process this information).
To process and facilitate transactions and payments
We will use your personal information to process transactions and payments, such as payments for accommodation bookings, and to collect and recover money owed to us (on the basis of performing our contract with you and on the basis of our legitimate interest to recover any debts due to us);
To manage our relationship with you
We will use your personal information to manage our relationship with you. This includes notifying you of updates to our terms or to this Privacy Notice, or changes to the Service (on the basis of performing our contract with you, or to comply with our legal obligations).
To communicate with you about the Services
We use your contact information to send transactional communications via email and within the Services, including confirming bookings, reminding you of payments due, responding to your comments, questions and requests, providing customer support, and sending you notices (on the basis of performing our contract with you, or on the basis of our legitimate interests to provide you with customer service). We also send you communications as you onboard to a Service to help you become more proficient in using that Service. These communications are part of the Services and in most cases, you cannot opt-out of them. If an opt-out is available, you will find that option within the communication itself or in your account settings.
For research and development
We are always looking for ways to make our Services smarter, faster, more secure and useful to you. We use collective learnings about how people use our Services and feedback provided directly to us to troubleshoot and to identify trends, usage, activity patterns and areas for integration and improvement of the Services. For example, to improve a certain feature, we automatically analyse recent interactions of users and how often they use the feature to gather the most relevant information. We automatically analyse and aggregate frequently used searches to improve the accuracy and relevance of suggested products. In some cases, we apply these learnings across our Services to improve and develop similar features or to better integrate the services you use. We also test and analyse certain new features with some users before rolling the feature out to all users. We use personal information for this purpose on the basis of our legitimate interests in presenting you and other consumers with the right kinds of products and content and to improve our products and Services.
To ensure security and protect our business interests
We will use your information to ensure the security of our Services, buildings, and people, including to protect against and investigate and deter against fraudulent, unauthorised or illegal activities, systems testing, maintenance and development (on the basis of our legitimate interests to operate a safe and lawful business, where we have a legal obligation to do so, for establishing exercising or defending legal claims or for reasons of substantial public interest).
To comply with our legal obligations, policies and procedures
We will use your personal information to enable us to:
This may include sharing your information with our lawyers, technical advisors, law enforcement and other regulatory bodies where necessary.
What is our ‘legitimate interest'?
In certain circumstances (as outlined above), we may use your personal information to pursue legitimate interests of our own or that of third parties, provided that your interests and fundamental rights do not override those interests. By “legitimate interests” we mean our interests in conducting and managing our business activities and to ensure that we are guaranteeing the best service and experience for you, our Guests.
Where we use your information for our legitimate interests, we make sure that we take into account any potential impact that this use may have on you. We won’t use your information if we believe your interests override ours unless we have other lawful grounds to do so (such as with your consent, or if we have a legal obligation). If you have any questions or concerns about our processing of your personal information, please refer to the “Your individual rights” section below.
As we outline in “Your individual rights” below, you will have the right to object to our using your information for our legitimate interests. However, please keep in mind that your objection to this sort of processing may affect our ability to carry out the tasks that we have set out above.
If we make any changes to our purpose of processing personal information that we process based on your consent (such as our processing of your “special category” information), you will be notified, and we will obtain your consent again.
If we do collect and handle personal information based on your consent, you may withdraw your consent at any time, by contacting us.
To complete your booking, we need to pass your information on to third parties, including our suppliers and service providers.
We will only share your personal information with a third party if it is necessary for us to provide you with our Services. We have contractual provisions in place with all third parties we share personal information with, to ensure they handle this information with care, comply with all applicable laws and do not use your personal information for any other purpose.
The types of third parties that we may share your personal information with, to help us operate, provide, improve, integrate, customise and support our Services, are listed below.
Third-Parties
We share personal information with third parties that are providing part of your travel itinerary, such as our hotel and accommodation providers, tour operators and vehicle rental companies, where you have requested bookings with them.
We work with third-party service providers to provide website and application development, hosting, maintenance, backup, storage, virtual infrastructure, payment processing, analysis and other services for us, which may require them to access or use information about you. If a service provider needs to access information about you to perform services on our behalf, they do so under close instruction from us, including policies and procedures designed to protect your information.
Compliance with Enforcement Requests and Applicable Laws; Enforcement of Our Rights
In exceptional circumstances, we may share information about you with a third party if we believe that sharing is reasonably necessary to:
Sharing with affiliated companies
We share and transfer personal information with affiliated entities in the Web Travel Group as part of our global operations. We may also share or transfer information in connection with any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company. You will be notified via email and/or a prominent notice on the Services if a transaction takes place, as well as any choices you may have regarding your information.
We collect information globally. As part of our global operations, we may transfer, process and store your information with affiliates and suppliers in countries outside of your country of residence. We primarily store information in the United States, Australia and Ireland.
We may also transfer, process and store your information outside of your country of residence to wherever our third-party service providers operate for the purpose of providing you with the Services.
Whenever we transfer your information, we take all necessary steps to protect it and ensure we comply with the applicable laws.
Disclosure of information outside the EEA
In order to continue providing you with our services, we may need to disclose your personal information to recipients in other jurisdictions, including to our related entities, or our third-party service providers (such as our data hosting provider located in the US).
For transfers from the EEA (or the UK, as applicable) to countries in relation to which the European Commission has granted GDPR adequacy determinations, we rely on those adequacy determinations. This includes personal data transferred from the European Union to Andorra, Argentina, Canada, Faroe Islands, Guernsey, Israel, Isle of Man, Japan, Jersey, New Zealand, South Korea, Switzerland, the United Kingdom, United States (but only in relation to commercial organizations participating in the EU-US Data Privacy Framework) and Uruguay. We also rely on appropriate and suitable safeguards such as the European Commission’s Standard Contractual Clauses, including the UK’s international data transfer agreement (IDTA), addendum for transfers of personal data, which require all recipients of personal data to protect personal data they process from the European Economic Area and the UK in accordance with relevant data protection laws. We will ensure your personal data is treated in accordance with this Privacy Notice and with all relevant data protection laws wherever we process it.
Information storage and security
We use reasonable technical and organizational measures to secure your personal information.
We use reputable data hosting service providers in the United States, Australia and Ireland to host the information we collect. We take steps to ensure that any personal information we store with our data hosting service providers is adequately safeguarded (including contractual provisions, appropriate supervision and assessment where necessary).
We cannot guarantee the security of any information or data you provide online. In the event of a serious security incident involving your personal information, we will notify you and report the incident to the relevant authorities as required by applicable law.
Security of transactions
Our secure booking server uses encryption to ensure industry-standard levels of security. This is shown by the padlock in the closed position at the base of your browser screen. Any information, including credit card details, that you enter and submit on this page will be encrypted and securely transmitted. When your transaction is complete your information is stored in an encrypted state. All information transmitted on the booking page is done using Transport Layer Security (TLS) 1.2.
We retain the personal information you provide when making a booking via the Services for the duration of your trip, and for a reasonable period thereafter, in case of any issues.
We also retain some of your information as necessary to:
Where we retain information for Service improvement and development, we take steps to eliminate information that directly identifies you, and we only use the information to uncover collective insights about the use of our Services, not to specifically analyse personal characteristics about you.
Once personal information is no longer needed to fulfil the purpose for which it was collected, we will take reasonable steps to securely destroy or de-identify that information unless we are prevented from doing so by law. If destruction or de-identification is not possible (for example, because the information has been stored in backup archives), then we will securely store your information and isolate it from any further use until deletion is possible.
We want to assure you that you have control of the information you choose to provide to us. Subject to certain exemptions and depending on the applicable data protection laws (including in some cases, upon our legal basis for processing your information), there are a number of rights you have over your personal information. Below is a summary of these rights and how you can exercise them:
California Consumer Protection (Residents of California only)
If you are a resident of California, you can request the deletion of your personal information. There are several exemptions to your right to deletion, such as in cases where we need to retain your personal information in order to:
Subject to the exemptions above, and verification of your request, we will delete your information in accordance with your request. In case of any inconsistencies between this section and the rest of this Privacy Notice, these provisions prevail.
For all requests, you may contact us via email.
To exercise your individual rights, you may contact us at any time, using the details in the ‘Contact Us’ section below.
When you make such requests, we will respond within 30 days of receipt. If there is a delay or dispute as to whether we have the right to continue using your personal information, we will restrict any further use of your information until the request is honoured or the dispute is resolved. We may ask you for additional information to confirm your identity and for security purposes, before disclosing the personal information requested by you. We reserve the right to charge a fee when permitted by law (for example, if your request is manifestly unfounded or excessive).
Your request and choices may be limited in certain cases: for example, if fulfilling your request would reveal information about another person, or if you ask to delete information which we are permitted by law or have compelling legitimate interests to keep. You will not be discriminated against for having exercised your individual rights.
If you have unresolved concerns, you may also have the right to complain to a data protection authority in the country where you live, where you work or where you feel your rights were infringed. A list of data protection authorities in the EEA can be found on the official website of the European Data Protection Board.
Manage cookies
You can find more information about managing browser-based cookies in our Cookies Policy.
Other requests
In some cases, you may ask us to stop accessing, storing, using and otherwise processing your personal information where you believe we don't have the appropriate rights to do so. For example, if you believe a booking was made for you without your permission, please contact us.
Our policy towards children
The Services are not directed to individuals under 14. We do not knowingly collect personal information from children under 14 without parental or guardian consent unless allowed by relevant local laws. If we become aware that information about a minor has been collected without the appropriate consent or approval, we will take steps to delete such information. If you become aware of any circumstance where we have collected information about a minor without the appropriate consent or approval, please contact us.
Changes to our Privacy Policy
We may change this Notice from time to time. We will post any changes on this page and, if the changes are significant, we will notify you by sending you an email notification. We encourage you to review this Notice whenever you use the Services to stay informed about our information practices and the ways you can help protect your privacy.
If you disagree with any changes to this Notice, you will need to stop using the Services.
If we make any changes to how you can exercise your individual rights, we will notify you.
If you have any questions about this Privacy Notice or our privacy practices, if you need to access this Privacy Notice in a different format, or if you would like to exercise your individual rights, please contact our Data Protection Officer at:
Email: personaldata@webbeds.com
Download printable PDF versions of our Privacy Policies below.
Guest Privacy Notice
7 May, 2026
Privacy Policy
7 May, 2026
To be the most trusted, agile and value driven partner in our industry - powered by a culture where our people thrive, innovation flourishes, and our hunger to win delivers lasting impact for our customers.
Empower our people to deliver exceptional value through integrity, respect and relentless curiosity - challenging conventions, embracing change and working together to create superior outcomes for our customers.