Version 1.0 | Updated: May 8, 2026
This Privacy Notice explains how Emerging Travel Group (“ETG”, “we” or “us”) collects, uses, and protects your personal data. It applies to your use of RateHawk at www.ratehawk.com, our mobile applications, and any related digital services or booking tools (“RateHawk”). Below, we describe what information we gather, why we need it, how we keep it safe, and what rights you have regarding your personal data.
1. Definitions
Booking means a combination of your actions resulting in an order for accommodation and other travel services available on the Website. Provision of Personal Data is a necessary condition for making a valid Booking.
Account means a section of the Website for registered Users, containing Booking management tools.
Personal Data means any information relating to an identified or identifiable natural person, which makes it possible to determine your identity. This may include data about other people you make Bookings for.
Service means our multifunctional online hotel and travel services booking platform available at https://www.ratehawk.com, including mobile versions, downloadable software, mobile applications, and related services.
User means a capable individual over 18 years of age who visits the Website and/or uses the Service, or a person for whom a Booking is made. "User" may also refer to an authorized representative of a legal entity.
Website refers to https://www.ratehawk.com and all related web properties.
2. Who Is Processing Your Personal Data?
Your personal data is processed by the ETG entity that provides services in your country. The processing of your personal data is carried out by Leaside Services Limited (located at 17 Karaiskaki Street, Office 22, Agaia Triada, Limassol, 3032, Cyprus), acting as the owner and operator of the Service, together with the specific legal entity within the ETG that determines the purposes and means of processing your personal data (“Controller”), as identified for your contract in the table below. Where these entities collectively manage your data in accordance with Applicable Law (including as Joint Controllers, where such a concept exists), we have entered into an internal agreement to coordinate our privacy practices and allocate roles to ensure efficiency and compliance.
Under this arrangement, Leaside Services Limited is responsible for the overall technical infrastructure of the Website, general security measures, and providing the platform for data collection. The entity identified in your particular contract serves as your primary point of contact for exercising your privacy rights and handling inquiries. Other group entities participate in the processing to provide unified management, consolidated internal reporting, and centralized technical support across our global infrastructure. Regardless of this internal allocation, you may exercise your rights in respect of and against each of these entities.
|
Company |
Registration number |
Business Address |
|
Leaside Services Limited |
HE342401 |
17 Karaiskaki Street, Office 22, Agaia Triada, Limassol, Cyprus, 3032 |
|
Emerging Travel Inc. |
4869611 |
1000 N West Street, Suite 1200, Wilmington, DE 19801, USA |
|
EMERGING TRAVEL UK LIMITED |
12185384 |
Office 2.05, 256–260 Old Street, Albert House, London, UK |
|
Emerging Travel Germany ETG GmbH |
HRB 213546 |
Friedrichstraße 171, 10117 Berlin, Germany |
|
Emerging Travel Kazakhstan LLP |
BIN 191240026456 |
Office SP2-18, 280 Baizakova Street, Bostandykskiy District, 050040, Almaty, Republic of Kazakhstan |
|
Smart Middle East Travel Agency L.L.C |
1803677 |
Office P2A-J08, WHP2 Block A, Dubai Industrial City, Saih Shuaib 3, Dubai, UAE |
|
Emerging Travel Asia PTE. LTD |
201927854K |
300 Tampines Avenue 5 #09-02, Tampines Junction, Singapore 529653 |
|
Emerging Travel Italy S.R.L. |
MI-2673890 |
Via Cosimo Del Fante 6, CAP 20122, Milan (MI), Italy |
|
Emerging Travel Brasil LTDA |
CNPJ 62.048.487/0001-30 |
Clelia Street, 2208, Suite 1707 Room 01, Agua Branca, São Paulo, 05042-001, Brazil |
Pursuant to the GDPR, if the companies listed above, as controllers, are established outside the European Union, they have designated Leaside Services Limited as their representative in the European Union.
3. Information We Collect
We process your personal data only to the extent necessary to achieve the specific purposes outlined below. The following table details the categories of data we collect and our legal basis for processing them:
|
Purpose |
Data processed |
Legal basis |
|
Account Creation |
|
Contract |
|
Online booking (hotels) |
|
Contract |
|
Online booking (flights) |
|
Contract |
|
Online booking (car rental) |
|
Contract |
|
Online booking (transfers) |
|
Contract |
|
Online booking (trains) |
|
Contract |
|
General customer support |
|
Contract |
|
Corporate website management |
IPdevice ID, browser, pages visited, timestamps, email interactions |
Legitimate interest (to maintain a secure and reliable service) |
|
Payment processing |
Cardholder name, billing address, card number, expiration date, CVV; payment account data |
Contract |
|
Product personalization |
Email, phone number, booking history, cookies, preferences |
Legitimate interest (to provide personalized travel recommendations, and enhance user experience through behavioral modeling and content tailoring) |
|
Reminder for incomplete bookings |
Email, selected service details |
Legitimate interest (to facilitate bookings completion) |
|
Cookie tracking, web & app analytics |
Cookies, device identifiers, usage behavior |
Consent (for cookies, if required by applicable legislation) |
|
Antifraud screening |
IP address, transaction data, registration details, technical logs, booking history |
Legitimate interest (to maintain platform security and prevent financial loss) |
|
Track product performance |
Behavioral and browsing data, Transaction data, Connection and session data |
Legitimate interest (to analyze service usage, identify technical issues, and improve overall product functionality) |
|
Manage quality of customer support interactions |
Audio recordings |
Legitimate interest (to monitor service standards, provide staff training, and ensure consistent resolution of customer inquiries) |
|
Use consumer insights in product design (UX) |
Audio, video recordings, name, contact details, survey responses |
Consent |
|
Loyalty program |
Loyalty program data, Transaction data |
Legitimate Interest (to operate loyalty programs, reward repeat customers, and enhance brand engagement) |
|
Accounting and invoicing |
Full name, Postal address, Email address, Bank account details, Transaction data, Tax and social security number |
Legal Obligation |
|
Email marketing and newsletters |
Email engagement data |
Consent |
|
Complaints and dispute resolution |
Booking reference, Transaction data, Reasons of modification/cancellation, Full name, Booking details, Email address, Identification documents, Phone number |
Legitimate interest (to handle and resolve customer claims, protect legal rights, and improve service quality) |
To use the Service, providing certain information is a contractual requirement.
This includes information necessary for Account registration, processing and confirming reservations, customer support, and payment processing. While you are not legally required to provide your personal data, failure to provide this mandatory information will result in the inability to register your Account.
Furthermore, we will be unable to conclude or execute the agreement with you, and you will be unable to use the functionality of the Service.
3.1 Retention Periods
We process your personal data until the purpose of the processing has been achieved.
The actual retention period depends on the personal data processed and the country where the processing takes place.
We may continue to process your personal data, even after you deleted it from our applications, if such processing is required by law or is necessary to protect our rights and interests or the rights and interests of third parties, in particular in the context of court proceedings.
The ability to delete data may also be limited by laws relating to freedom of expression and information.
4. Data Sharing and Third-Party Services
We share Personal Data only where necessary to provide the Service, comply with legal obligations, pursue legitimate interests, or if you give us your consent for such sharing.
Recipients may include travel service providers (such as hotels, airlines, and car rental companies) to fulfill and manage bookings; payment service providers and financial institutions to process payments, handle chargebacks, and prevent fraud; and third-party service providers supporting IT, hosting, security, analytics, marketing, and customer support. We also share data with business, distribution, advertising, and fraud prevention partners, as well as companies within our corporate group for operational and administrative purposes.
Personal Data may be disclosed to competent public authorities, courts, or regulators where required by law, and to potential acquirers or successors in connection with mergers, acquisitions, or similar corporate transactions. In such cases, data will remain subject to protections consistent with this Policy.
We may also share aggregated or anonymized data that does not identify individuals for reporting, business, marketing, or research purposes.
4.1 The Service may contain features or links to web sites and services provided by third parties.
We may disclose your Personal data to companies affiliated with ETG, non-ETG companies or other third parties and partners for purposes such as:
Complying with court orders and other legal processes;
To assist with identity verification, and to prevent fraud and identity theft;
Enforcing our agreements and property rights.
Assisting us in providing you with our services.
Please note that the operations of the companies mentioned above in Section 4 of this Privacy Notice are subject to their own terms of service and privacy policies, as well as applicable laws and international standards. Any service providers we work with are required to comply with our data privacy and security requirements. They are not allowed to use your Personal Data for any purpose other than those specified in this Privacy Notice. We require all companies, including those that act on our behalf, to protect any Personal Data they receive in compliance with this Privacy Notice. We strictly prohibit them from using your Personal Data for any purpose other than those specified in this Privacy Notice.
4.2 Artificial Intelligence (AI)
We use AI technologies in our customer support services to enhance efficiency and responsiveness. These features include chatbots for initial query handling, natural language processing for routing inquiries, automated response suggestions, and support ticket categorization.
The AI services operate under a Zero Data Retention Policy. This means your Personal Data is not stored by the AI system and is not used to train AI models in any case. AI interactions are monitored for quality and accuracy, and you can request human support at any time. You may opt out of AI-assisted support, and all AI interactions can be reviewed by human agents. Sensitive matters are automatically escalated to human support.
We do not currently engage in automated decision-making, including profiling, that produces legal or similarly significant effects on individuals.
4.3 Data transfer
Please note that your data may be transferred to and processed in countries outside your country of residence. Where such transfers occur, we ensure that appropriate safeguards are in place to protect your Personal Data in accordance with applicable data protection laws and industry standards.
When transferring data to third-party service providers, we apply a risk-based approach: assessing the legal and regulatory environment of the destination country, implementing contractual protections with our partners, and applying technical and organizational security measures proportionate to the risks involved.
In some cases, transfers may be necessary to fulfil a contract with you — for example, when you make a booking, your details may need to be shared with a travel provider or business partner located in another country. In all such cases, we take appropriate steps to ensure your data remains protected regardless of where it is processed.
4.4 Additional information
Any information the User provides on third-party sites or services is provided directly to the operators of such services and is subject to those operators’ policies, if any, governing privacy, and security, even if accessed through the Service. We are not responsible for the content or privacy and security practices and policies of third-party sites or services to which links or access are provided through the Service. We encourage the User to learn about third parties’ privacy and security policies before providing them with information.
5. Interest Based Advertising
We may engage in interest-based advertising, which involves collecting information across websites, applications, and devices to infer user interests and deliver more relevant advertisements. We work with advertising networks, attribution providers, and business partners to promote our products and services through emails and ads on third-party platforms. These activities may involve the use of cookies, pixels, mobile advertising identifiers, and similar technologies.
6. More on Cookies
For more details on how we use cookies, including the types of cookies we use, their purposes, and how you can manage your cookie preferences, please refer to our Cookie Policy
7. Minors and children’s privacy
Protecting the privacy of young children is especially important. Our Service is not directed to children under the age of 18, and we do not knowingly collect Personal Data from children under the age of 18 without obtaining parental consent. If you are under 18 years of age, then please do not use or access the Service at any time or in any manner. If we learn that Personal Data has been collected on the Service from persons under 18 years of age and without verifiable parental consent, then we will take the appropriate steps to delete this information. If you are a parent or guardian and discover that your child under 18 years of age has obtained an Account on the Service, then you may alert us at [email protected] and request that we delete that child’s Personal Data from our systems.
If you have any questions regarding this topic, please contact us as indicated in “How to Contact Us” section.
8. Security Measures
We implement industry-standard security measures to protect your Personal Data. Administrative safeguards include data protection policies and procedures, employee training on data security, and incident response and breach notification procedures.
Technical safeguards include encryption of data in transit and at rest, network protection and segmentation, access controls including multi-factor authentication and role-based access, application-level security controls, and real-time threat detection and monitoring.
Physical safeguards include secure data centers with 24/7 monitoring, restricted physical access, environmental controls, and disaster recovery and backup systems. Organizationally, only authorized personnel access Personal Data on a need-to-know basis. We conduct regular security audits and assessments and maintain third-party security certifications.
You can help us protect your data by choosing strong, unique passwords and enabling two-factor authentication. Don't share your Account credentials with others and always log out from shared devices. Keep your contact information up to date and report suspicious activity immediately.
9. The User’s Rights
You have a number of rights under privacy laws. The rights you have depend on the purpose for which we process your personal data, and the applicable law.
You can always access, rectify, or erase your personal data yourself after logging into the application using our authentication tool.
You may exercise the following rights by contacting our customer support team through our applications, or refer to the How to Contact Us section.
9.1 Right of access
You have the right to request confirmation as to whether your personal data is being processed and, where that is the case, access to the personal data and information regarding the processing (such as the purposes, categories of data, and recipients).
9.2 Right to rectification
You have the right to ask us to update or rectify information that you believe is incorrect, inaccurate, or outdated. You also have the right to ask us to complete any information that you believe is incomplete.
9.3 Right to withdraw consent
Where processing is based on your consent, you have the right to withdraw it at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.
9.4 Right to erasure
You have the right to request the deletion of your personal data in certain circumstances, for example, where the data is no longer necessary for the original purposes, or if you withdraw your consent. Please note that this right might be the subject to exceptions under applicable laws (e.g., for compliance with a legal obligation)
9.5 Right to restriction of processing
You have the right to request that we suspend the processing of your data, other than for storage purposes, in specific cases established by Applicable Law, such as when you contest the accuracy of the data, the processing is unlawful, the data is required for legal claims, or you have exercised your right to object and are awaiting verification of overriding legitimate grounds
9.6 Right to data portability
Where processing is based on consent or a contract and carried out by automated means, you have the right to receive your data in a structured, commonly used, and machine-readable format
9.7 Right to object
You have the right to object to the processing of your personal data if you consider that the processing violates your rights. Please note that the right to object can only be exercised if we are processing your data on the basis of legitimate interests or public interest.
9.8 Right to lodge a complaint
We are always ready to consider your complaints and suggestions. Please send them to our customer support team. If you believe that your rights have been violated, you have the right to lodge a complaint with a relevant supervisory authority.
10. Changes and Updates to this Notice
Please revisit this page periodically to stay aware of any changes to this Notice, which we may update from time to time. If we modify the Notice, we will make it available through the Service, and indicate the date of the latest revision, and will comply with applicable law. In the event of significant changes, we will provide you with appropriate notice. The "Updated" date at the beginning of this document indicates when the latest changes were made. The User’s continued use of the Service after the revised Notice has become effective indicates that the User has read, understood and agreed to the current version of the Notice.
11. How to Contact Us
If you have any questions, concerns, or requests regarding your personal data, please contact our Data Protection Officer at [email protected], or by the address of the relevant entity indicated in Chapter 2 of the Notice.