Privacy & cookie statements

Terms we use in this Privacy Statement

“Activities” means the travel design activities executed by Cleo upon request from your side and signature of the contractual documentation to be provided by Cleo.

“Cleo” means Cleo Experience.

“External Providers” means the companies that provide local support services to Cleo for the purpose of the Activities.

“Form” means the form to be filled by you at your first access to Cleo website, in order to be contacted by Cleo and decide whether requesting Cleo to execute any Activity.

“Trip” means the various different travel products and services that can be provided by Cleo through the Activities.

What kind of personal data does Cleo collect?

Cleo collects and uses information you provide to us. When you sign a Form you are (at a minimum) asked for your name and email address. If we are requested by you to start the Activities, we may also ask for your home address, telephone number, payment information, date of birth, the names of the people travelling with you and any preferences you might have for your Trip (such as dietary or accessibility requirements). You might also decide to submit additional information if you deem it is necessary to better enjoy your Trip.

In addition to this, whether or not you end up requesting any Activity, we also collect information from the computer, the date and time you accessed our services, phone, tablet or other device you use to access our services. This includes the IP address, the browser you’re using, the operating system, the software/application version data. We also collect information about clicks and which pages have been shown to you.

If you need to get in touch with us for any issue, contact the External Providers through us, or reach out to us in a different way (such as social media) we’ll collect information from you there, too. This applies whether you are contacting us for a feedback or asking for help using our services.

You might also be invited to write reviews to help inform others about the experiences you had with respect to our Activities. When you write a review on the Cleo platform, we’ll collect any information you’ve included, along with your display name.

If you’re using a mobile device, we collect data that identifies the device, as well as data about your device-specific settings and characteristics, app crashes and other system activity.

There are also situations in which we receive information about you from others or when we automatically collect other information, for example the External Providers. Additionally, we collect information in the regrettable case that we receive a complaint about you from an External Provider, for example in the case of misconduct.

We may also receive information about you in order to show you more relevant ads, such as the additional cookie data Cleo social media partners make available to us.

Why does Cleo collect and use your personal data?

The main reason we ask you for personal details is to help us executing the Activities and ensure you get the best service possible.

We use the information collected about you for many other purposes, for example:

1. When we provide a customer service. Sharing relevant details, such as reservation information with us allows us to respond when you need us. This includes helping you to contact the External Provider and responding to any questions you might have about your Trip (or any other queries, for that matter).
2. We use your information for marketing activities, that include:

• using your contact information to send you regular news about travel-related products and services;
• based on your information, individualised offers might be shown to you on the Cleo website, or on third-party websites/apps (including social media sites) and the content of the site displayed to you might be personalized.

1. Communicating with you: There might be other times when we get in touch, including by email, by post, by phone or by texting you. Which method we choose depends on the contact information you’ve previously shared.
2. We also send you other material related to your Trips, such as how to contact Cleo if you need assistance while you’re away, and information that we feel might be useful to you in planning or getting the best out of your Trip.
3. In case of misconduct, we may send you a notice and/or warning.
4. We also use personal data for analytical purposes and product improvement. This is part of our commitment to making our services better and enhancing the user experience. In this case, we use data for testing and troubleshooting purposes, as well as to generate statistics about our business. The main goal here is to get insights into how our services perform, how they are used, and ultimately to optimise and customise our website and apps, making them easier and more meaningful to use. As much as possible, we strive to use anonymised and de-identified personal data for this analytical work.
5. During and after your Trip, we might invite you to submit a review. We can also make it possible for the people you’re travelling with or whom you’ve booked a reservation for to do this instead. This invite asks for information about the External Providers or the destination. By completing a review, you’re agreeing that it can be displayed (as described in detail in our Terms and Conditions) on, for example, the relevant External Provider information page on our websites, on our social media accounts and social media apps, or on the online platform of the relevant External Provider’s website. This is to inform other travellers about the quality of the Trip you used, the destination you have chosen or any other experiences you choose to share.
6. When you make calls to our customer service we ask for authentication. During the calls live listening might be carried out or calls might be recorded for quality control and training purposes. This includes the usage of the recordings for the handling of complaints, legal claims and for fraud detection. We do not record all calls. In the case that a call is recorded, each recording is kept for a limited amount of time before being automatically deleted. This is unless we have determined that it’s necessary to keep the recording for fraud investigation or legal purposes.
7. To create a trustworthy environment for you, the people you bring with you on your Trip, we continuously analyse and use certain personal data to detect and prevent fraud and other illegal or unwanted activities.
8. We use personal data for risk assessment and security purposes, including when you report a safety concern, or for the authentication of users and reservations. When we do this we may have to stop or put certain Trips on hold until we’ve finished our assessment.
9. Finally, in certain cases, we may need to use your information to handle and resolve legal claims and disputes, for regulatory investigations and compliance, to enforce the Cleo reservation service terms of use or to comply with lawful requests from law enforcement.
10. Providing your personal data to Cleo is voluntary. However, we may only be able to contact you and then start our Activities if we can collect some personal data.
11. If we use automation to process personal data which produces legal effects or similarly significantly affects you, we’ll always implement the necessary measures to safeguard your rights and freedoms. This includes the right to obtain human intervention.

How does Cleo share your data with third parties?

There are different parties integrated into Cleo services, in various ways and for various reasons. The primary reason we share your data is to supply the External Providers with the relevant information to complete our Activities.

In order to complete our Activities, we transfer relevant details to the External Providers. Depending on the Trip and the External Provider, the details we share can include your name, contact and payment details, the names of the people accompanying you and any other information or preferences you specified.

In certain cases, we also provide some additional historical information about you to the External Provider. This includes a confirmation that no misconduct has been reported about you or whether you’ve given reviews about past Activities. If you have a query about your Trip, we may contact the External Provider to handle your request. 

1. In cases of Trip -related claims or disputes, we may provide the External Provider with your contact details and other information about the booking process, as needed to resolve the situation. This can include, but might not be limited to, your email address and a copy of your reservation confirmation.

For completeness, External Providers will further process your personal data outside of the control of Cleo. External Providers may also ask for additional personal data, for instance to provide additional services, or to comply with local restrictions. If available, please read the Privacy Statement of the External Provider to understand how they process your personal data.

2. Certain External Providers may need us to share your personal data with other providers in order to be able to finalise and administer your reservation.

In some cases, if we’re required to by law, we might share your data with governmental or other authorities. We disclose personal data to law enforcement to the extent that it is required by law or is strictly necessary for the prevention, detection or prosecution of criminal acts and fraud, or if we are otherwise legally obliged to do so. We may need to further disclose personal data to competent authorities to protect and defend our rights or properties, or the rights and properties of our business partners.

How does Cleo make use of social media?

At Cleo we use social media in different ways, mainly to promote our products and services and to advertise, improve and facilitate our own services. The use of social media features can result in the exchange of personal data between Cleo and the social media service provider, as we briefly describe below. You are free not to use any of the social media features available to you.

1. We have integrated social media plugins into Cleo website. This means that when you click or tap on one of the buttons (such as Facebook’s ‘Like’ button), certain information is shared with these social media providers. If you’re logged into your social media account when you click or tap one of these buttons, your social media provider may relate this information to your social media account. Depending on your settings, they might also display these actions on your social media profile, to be seen by others in your network.

Your social media provider will be able to tell you more about how they use and process your data when you connect to Cleo through them. This can include combining the personal data they collect when you use Cleo through them with information they collect when you use other online platforms you have also linked to your social media account.

What procedures does Cleo put in place to safeguard your personal data?

We have procedures in place to prevent unauthorised access to, and the misuse of, personal data.

We also use security procedures and technical and physical restrictions for accessing and using the personal data on our servers. Only authorised personnel are permitted to access personal data in the course of their work.

We’ll keep your personal data for as long as is necessary to enable you to use our services or to provide our services to you, to comply with applicable laws, resolve any disputes and otherwise to allow us to conduct our business, including to detect and prevent fraud and/or other illegal activities. All personal data we keep about you as a Cleo customer is covered by this Privacy Statement.

How does Cleo treat personal data belonging to children?

Our services aren’t intended for children under 16 years old, and we’ll never collect their data unless it’s provided by (and with the consent of) a parent or guardian. In the limited circumstances we might need to collect the personal data of children under 16 years old for the purpose of our Activities, this will only be used and collected as provided by a parent or guardian and with their consent.

If we become aware that we’ve processed the information of a child under 16 years old without the valid consent of a parent or guardian, we will delete it.

How can you control the personal data you’ve given to Cleo?

You have the right to review the personal data we keep about you at any time, as follows:

1. You can ask us for a copy of the personal data we hold about you;
2. You can inform us of any changes to your personal data, or you can ask us to correct any of the personal data we hold about you;
3. in certain situations, you can ask us to erase, block, or restrict the processing of the personal data we hold about you, or object to particular ways in which we are using your personal data;
4. in certain situations, you can also ask us to send the personal data you have given us to a third party;
5. where we are using your personal data on the basis of your consent, you are entitled to withdraw that consent at any time subject to applicable law, and
6. where we process your personal data based on legitimate interest or the public interest, you have the right to object to that use of your personal data at any time, subject to applicable law.

We rely on you to make sure that your personal information is complete, accurate and current. Please do let us know about any changes to, or inaccuracies in, your personal information as soon as possible, by sending us a request.

If you want to exercise your right of access or erasure, if you have any requests relating to this Privacy Statement, to exercise any of your other rights, or if you have a complaint, please contact us using the following contact details giulia@cleoexperience.com.

If you’d like to object to your personal data being processed on the basis of legitimate interest and there’s no way to opt out directly, please contact us at giulia@cleoexperience.com.

If you’d like to contact us by post, please address it to giulia@cleoexperience.com.

Who is responsible for the processing of personal data on the Cleo website?

Cleo controls the processing of personal data, as described in this Privacy Statement, except where explicitly stated otherwise.

In doing so, Cleo shall comply with the provisions of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (the “Regulation”), as amended from time to time, while processing the personal data, as defined in the Regulation, in connection with the performance of the Activities.

If you have any questions about this Privacy Statement, or about our processing of your personal data, please contact us at the following email address giulia@cleoexperience.com or the following phone number +39 3313857949 and we’ll get back to you as soon as possible.

Cookie statement

Whenever you use our online services, we use cookies and other online tracking technologies (which we’ll also refer to as ‘cookies’ for the purpose of this Cookie Statement).

Cookies can be used in various ways, including to make the Cleo website work, to analyse traffic, or for advertising purposes.

Read on below to learn more about what a ‘cookie’ is, how they’re used and what your choices are.

What are cookies and online tracking technologies?

A web browser cookie is a small text file that websites place on your computer’s or mobile device’s web browser.

These cookies store information about the content you view and interact with, in order to remember your preferences and settings or analyse how you use online services.

Cookies are divided into ‘first party’ and ‘third party’:

• First party cookiesare the cookies served by the owner of the domain – in our case that’s Cleo. Any cookie we place ourselves is a ‘first party cookie’.
• Third party cookiesare cookies placed on our domains by trusted partners that we’ve chosen to allow to do so. These can be social media partners, advertising partners, security providers and more.

And they can be either ‘session cookies’ or ‘permanent cookies’:

• Session cookiesonly exist until you close your browser, ending what is called your ‘session’. They are then deleted.
• Permanent cookieshave a range of different lifespans and stay on your device after the browser is closed. On the Booking.com platform, we try to only serve permanent cookies (or allow permanent cookies to be served by third parties) that have a limited lifespan. However, for security reasons, or in other exceptional circumstances, we might sometimes need to give a cookie a longer lifespan.

Web browser cookies may store information such as your IP address or another identifier, your browser type, and information about the content you view and interact with on digital services. By storing this information, web browser cookies can remember your preferences and settings for online services and analyse how you use them.

Alongside cookies, we also use tracking technologies that are very similar. Our website, emails and mobile apps may contain small transparent image files or lines of code that record how you interact with them. These include ‘web beacons’, ‘scripts’, ‘tracking URLs’ or ‘software development kits’ (known as SDKs):

• Web beaconshave a lot of different names. They might also be known as web bugs, tracking bugs, tags, web tags, page tags, tracking pixels, pixel tags, 1×1 GIFs or clear GIFs.

In short, these beacons are a tiny graphic image of just one pixel that can be delivered to your device as part of a web page request, in an app, an advertisement or an HTML email message.

They can be used to retrieve information from your device, such as your device type or operating system, your IP address, and the time of your visit. They are also used to serve and read cookies in your browser or to trigger the placement of a cookie.

• Scriptsare small computer programs embedded within our web pages that give those pages a wide variety of extra functionality. Scripts make it possible for the website to function properly. For example, scripts power certain security features and enable basic interactive features on our website.

Scripts can also be used for analytical or advertising purposes. For example, a script can collect information about how you use our website, such as which pages you visit or what you search for.

• Tracking URLsare links with a unique identifier in them. These are used to track which website brought you to the Booking.com website or app you’re using. An example would be if you click through from a social media page, search engine or one of our affiliate partners’
• Software Development Kits (SDKs)are part of our apps’ source code and unlike browser cookies, SDK data is stored in the app storage.

They’re used to analyse how the apps are being used or to send personalised push notifications. To do this, they record unique identifiers associated with your device, like device ID and IP address, as well as your in-app activity and your network location.

All these tracking technologies are referred to as ‘cookies’ here in this Cookie Statement.

How are cookies used?

Cookies are used to collect information, including:

• IP address
• Device ID
• Viewed pages
• Browser type
• Browsing information
• Operating system
• Internet service provider
• Timestamp
• Whether you have responded to an advertisement
• A referring URL
• Features used or activities engaged in on the website/apps

They allow you to be recognised as the same user across the pages of a website, across devices, between websites or when you use our apps. When it comes to purpose, they are divided into three categories – functional cookies, analytical cookies and marketing cookies.

Functional cookies

These are cookies required for our websites and apps to function and they must be enabled in order for you to use our services.

Functional cookies are used to create technologically advanced, user-friendly websites and apps that adapt automatically to your needs and preferences, so you can browse and book easily. This also includes enabling essential security and accessibility features.

More specifically, these cookies:

• Enable our website and apps to work properly, so you can create an account, sign in, and manage your bookings.
• Remember your selected currency and language settings, your past searches and other preferences to help you use our website and apps efficiently and effectively.
• Remember your registration information, so that you don’t have to retype your login credentials each time you visit our website or app. (Don’t worry, passwords will always be encrypted.)

Analytical cookies

These cookies measure and track how our website and apps are used. We use this information to improve our website, apps and services.

More specifically, these cookies:

• Help us understand how visitors and customers like you use Booking.com and our apps.
• Help improve our website, apps, and communications to make sure we’re interesting and relevant.
• Allow us to find out what works and what doesn’t on our website and apps.
• Help us understand the effectiveness of advertisements and communications.
• Teach us how users interact with our website or apps after they have been shown an online advertisement, including advertisements on third-party websites.
• Enable our business partners to learn whether or not their customers make use of any accommodation offers integrated into their websites.

The data we gather through these cookies can include which web pages you have viewed, which referring/exit pages you have entered and left from, which platform type you have used, which emails you have opened and acted upon, and date and time stamp information. It also means we can use details about how you’ve interacted with the site or app, such as the number of clicks you make on a given screen, your mouse movements and scrolling activity, the search words you use and the text you enter into various fields.

Marketing cookies

These cookies are used by Booking.com and our trusted partners to gather information about you over time, across multiple websites, applications, or other platforms.

Marketing cookies help us to decide which products, services and interest-based advertisements to show you, both on and off our website and apps.

More specifically, these cookies:

• Categorise you into a certain interest profile, for instance, on the basis of the websites you visit and your click behaviour. We use these profiles to display personalised content (such as travel ideas or specific accommodations) on Booking.com and other websites.
• Display personalised and interest-based advertisements both on the Booking.com website, our apps and other websites. This is called ‘retargeting’ and is based on your browsing activities, such as the destinations you’ve been searching for, the accommodation you’ve viewed and the prices you’ve been shown. It can also be based on your shopping habits or other online activities.

Retargeting ads can be shown to you both before and after you leave Booking.com, as their purpose is to encourage you to browse or return to our website. You might see these ads on websites, in apps or in emails.

• Integrate social media into our website and apps. This allows you to like or share content or products on social media such as Facebook, Instagram, YouTube, Twitter, Pinterest, Snapchat and LinkedIn.

These ‘like’ and ‘share’ buttons work using pieces of code from the individual social media providers, allowing third party cookies to be placed on your device.

These cookies can be purely functional, but they can also be used to keep track of which websites you visit from their network, to build a profile of your online browsing behaviour and to show you personalised ads. This profile will be partly built using comparable information the providers receive from your visits to other websites in their network.

To read more about what social media providers do with your personal data, take a look at their cookie and/or privacy statements. Be aware that these statements may be updated from time to time.

We work with trusted third parties to collect data. We may also sometimes share information with these third parties, such as your email address or phone number. These third parties might link your data to other information they collect to create custom audiences or deliver targeted ads.

Non-cookie techniques – email pixels

We may also use techniques, such as pixels, which we don’t mark as cookies because they do not store any information on your device.

We sometimes place pixels in emails, such as newsletters. A ‘pixel’ is an electronic file the size of a single pixel, that is placed in the email and loaded when you open it. By using email pixels, we can see if the message was delivered, if and when you read the message and what you click on.

We also receive this information about the push notifications we send you. These statistics provide us with feedback about your reading behaviour, which we use to optimise our messages and make our communication more relevant to you.

What can you choose?

In the settings for browsers like Internet Explorer, Safari, Firefox or Chrome, you can choose which cookies to accept and which to reject. Where you find these settings depends on which browser you use.

If you choose to block certain functional cookies, you may not be able to use some features of our services.

3. In addition to specific settings that we may offer on the Cleo website, you can also opt-out of certain cookies (Analytics, Advertising).

It’s possible that your mobile device allows you to limit information sharing for retargeting purposes through its settings. If you choose to do so, it’s good to be aware that opting out of an online advertising network doesn’t mean you’ll no longer see or be subject to online advertising or marketing analysis. It just means that the network you’ve opted out from will stop delivering ads that are tailored to your web preferences and browsing patterns.

Some websites have ‘Do Not Track’ features that allow you to tell a website not to track you. We’re currently unable to support ‘Do Not Track’ browser settings.

Our cookie statement may also be updated from time to time. If these updates are substantial, particularly relevant to you or impact your data protection rights, we’ll get in touch with you about them. However, we recommend that you visit this page regularly to stay up to date with any other (less substantial or relevant) updates.