Last updated: February 1, 2022
Except as otherwise noted in this Privacy Notice, Southwest Vacations® is a data controller and a member of the Apple Leisure Group® (ALG) of companies, which means that we manage how and why the information you provide to us is processed. This Privacy Notice may be amended or updated from time to time to reflect changes in our practices with respect to the Processing of your information, or changes in applicable law.
Please note that Southwest Vacations and the Apple Leisure Group of companies are now subsidiaries of Hyatt Hotels Corporation. However, this Privacy Notice only applies to the processing of Personal Information undertaken by Southwest Vacations. It does not apply to processing by other members of the Apple Leisure Group or processing by the Hyatt Group.
We encourage you to read this Privacy Notice carefully, and to regularly check this page to review any changes we might make.
“Personal Information” means information from which any individual is directly or indirectly identifiable.
“Process”, “Processing” or “Processed” means anything that is done with any Personal Information, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
"Controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller.
“Hyatt Group” means Hyatt Hotels Corporation, its direct and indirect subsidiaries (with the exception of the Apple Leisure Group companies), its affiliates, and the separate and distinct legal entities that manage, operate, franchise, license, own and/or provide services to the various locations operating under or in connection with a Hyatt brand.
Information we collect
We may Process the following categories of Personal Information about you:
We may also collect:
Sensitive personal information
We may collect or otherwise process sensitive personal information about race or ethnicity, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health, sexual preference, any actual or alleged criminal offences or penalties, or any other information that may be deemed to be sensitive (collectively, “sensitive personal information”) in the ordinary course of our business except where we are explicitly given consent to support the booking process. Save to the extent required by law, you are not obliged to provide any of your Sensitive Personal Information, and should you choose not to, this will not prevent you from purchasing any products or services. (except in some jurisdictions, we will ask that you grant that consent separately).
The services are not intended for use by children, especially those under 13. No one under the age of 13 should provide any Personal Information or use our public discussion areas, forums or chats. Minors under the age of 18 are not permitted to make purchases through the services or to obtain coupons or codes from the services to purchase goods or services on third party websites. If, notwithstanding these prohibitions, your children disclose information about themselves in our public discussion areas, consequences may occur that are not intended for children (for example, they may receive unsolicited messages from other parties). If it is discovered that we have collected Personal Information from someone under 13, we will delete that information immediately.
How we collect information
We may collect Personal Information about you from the following sources:
We always care about your safety. When you visit our facilities you will notice that we have implemented CCTV systems in order to register the activity in public areas. These video records will not be shared outside of Apple Leisure Group unless there is a valid legal or government requirement to do so.
In all public areas that are being video recorded you will find a visible sign board that states you agree to be video recorded if you use our facilities.
Automatic decision-making processes
Southwest Vacations does not use automatic decision-making processes. If we start using that technology to process your Personal Information in the future, we will let you know and inform you of your rights.
Purposes for which we may process your information
The purposes for which we may Process Personal Information, subject to applicable law, include:
When we process your Personal Information as one of our customers or someone else with whom we do business, we do so in the legitimate interests of the purposes listed above, because of the legal compliance we are subject to, or because the information is required to fulfil contractual obligations to you.
Disclosures of your personal data
We may have to share your personal data with the parties set out below for the purposes set out above:
We require all service providers and third parties to respect the security of your personal data and to treat it in accordance with the law.
We do not allow our third parties and service providers to use your personal data for their own purposes without your consent and only permit them to process your personal data for specified purposes and in accordance with our instructions.
International transfers of information
Because of the international nature of our business, we may need to transfer your Personal Information within the ALG group of companies, and to third parties, in connection with the purposes set out in this Privacy Notice. For this reason, we may transfer your Personal Information to other countries that may have different laws and data protection compliance requirements to those that apply in the country in which you are located. Transfers of Personal Information often occur so that we may provide you with services you’ve asked for. Having a contractual relationship is usually a permissible reason for transferring Personal Information in countries with privacy regulations. Where it’s not, we’ll seek to put in place additional technical and contractual measures to protect your Personal Information.
In accordance with the above, we may send your Personal Information to the following countries where Apple Leisure Group has operations and partnership with services providers:
Where your personal data is shared with the Hyatt Group, your personal data may be shared with any of the locations in which an entity in that group operates a hotel where you or someone you are connected with has booked a stay (a list of these can be found by selecting “All” at www.hyatt.com/explore-hotels) and their major business locations, which, in addition to those set out in the bullet point list above, includes locations in Hong Kong (SAR) and Germany.
We have implemented appropriate technical security measures in order to protect Personal Information during international transfers, in compliance with applicable laws.
Where you have made a reservation for accommodation or travel arrangements which are located or otherwise due to be fulfilled outside your origin country, we will have to transfer your personal data to the suppliers fulfilling or providing those travel arrangements in order to make your booking and for those suppliers to be able to provide you with the travel arrangements you have booked.
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data. Contact details can be found at the bottom of this Privacy Notice.
We take every reasonable step to ensure that your Personal Information that we Process is accurate and up to date. When you inform us that your Personal Information is inaccurate, we will correct or erase it.
See the How to contact us section at the bottom of this Privacy Notice for contact methods.
Know your rights
In accordance with different Data Protection Regulations a person has the right to request
See the How to contact us section at the bottom of this Privacy Notice for contact methods.
At any time, you can request us to delete your data but keep in mind that we might not be able to do so if there is a valid legal or business requirement to keep it.
Your information is required to provide you with products and services. Deletion or restriction of certain data may prevent us from providing the services you requested. You also have the right to file a complaint with the Data Protection Authorities in your location of residence.
No fee usually required
You will not usually have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
Time limit to respond
We try to respond to all legitimate requests within 30 days. Occasionally it may take us longer than 30 days if your request is particularly complex or you have made several requests. In this case, we will notify you and keep you updated.
We take reasonable steps to ensure that your Personal Information is only processed and stored for the minimum period necessary for business and legal requirements. We will only use your data for the reasons you provided it to us, and for legal reporting purposes.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
Cookies/automated collection of information and third-party policies
Southwest Vacations currently uses "cookies" on our site. Our cookies tag each visitor's browser with a random, unique number. The cookie simply assigns a number and does not disclose any personal information about the person using the browser. By noting where these uniquely numbered browsers go on our site, we can study traffic patterns and site usage, and improve our site to better fit our customers' needs.
We may connect information collected automatically with information we already have about you in order to identify you as a Southwest Vacations guest, including from third parties or service providers (for example, Google Analytics) to whom you have given permission for this purpose. This allows us to provide you with a personalized experience regardless of how you interact with us online, in store, mobile, etc.
Cookies, tracking & interest-based advertising
The help the function of your browser it should contain instructions on how to set your computer to accept all cookies, to notify you when a cookie is issued or to not receive cookies at any time. If you set your device to not receive at any time, certain personalized services cannot be provided to you, and accordingly, you may not be able to take full advantage of all of our features (i.e. you will be able to browse the site but will not be able to make a purchase).
If you reside in California, you may also make the following more specific requests with respect to your Personal Information in accordance with applicable law:
As is the case for all consumers regardless of residency, we will not discriminate against you because you exercised any of these rights. Note that for purposes of these rights, Personal Information does not include information about job applicants, employees and other of our personnel; information about employees and other representatives of third-party entities we may interact with in their business or commercial capacity; or information we have collected as a service provider to our clients.
California residents can exercise these rights online by emailing or calling us using the contact information below. We may deny certain requests, or fulfil a request only in part, based on our legal rights and obligations. For example, we may retain Personal Information as permitted by law, such as for tax or other record-keeping purposes, to maintain an active account, and to process transactions and facilitate customer requests.
We will take reasonable steps to verify your identity prior to responding to your requests. The verification steps will vary depending on the sensitivity of the Personal Information and whether you have an account with us.
California residents may designate an authorized agent to make a request on their behalf. When submitting the request, please ensure the authorized agent is identified as an authorized agent and ensure the agent has the necessary information to complete the verification process.
For purposes of exercising these rights, please note the following regarding how we collect and use your Personal Information as described in this Privacy Notice, including in the previous 12 months:
How to contact us