Privacy & Security

Information collection and use

By using this website, you are acknowledging that you have reviewed the terms of our privacy statement and consent to using data (the privacy statement and consent form) and are agreeing that we may collect, utilise and transfer your personal data and user data in accordance therewith. If you do not agree with these terms, you may choose not to use our site, so please do not provide any personal data through this site. The privacy statement and consent form, make up part of our website Terms of Use and such shall be governed by and construed in accordance with the laws of the state of Florida, United States of America. You are giving consent to submitting any dispute, arising out of your use of this website, to the exclusive jurisdiction of the state of Florida. Lexyl collects user information from several different places on its website.

Changes to the privacy statement and consent form

This site along with our business are constantly changing. As a result, at times it may be necessary for Lexyl to make changes to the privacy statement and consent form. Lexyl reserves the right to update or modify the privacy statement and consent form at any time, sometimes without prior notice. Please review this statement periodically, especially before providing any personal data. This privacy statement and consent form were last updated on 01/05/2018. Continuing to use the site after any changes or revisions to the privacy statement and consent form have been made, will indicate your agreement with the terms of the revised privacy statement and consent form.


'Aggregated Data' includes customer demographics, interests and behaviour based on personal data and other information provided to us, which is compiled and analysed on an aggregate and anonymous basis.

'Personal Data' includes any information that enables an individual to be identified, such as the individual's name and email address.

'Public Information' includes information posted to any areas on the site with public access, such as bulletin boards, chat rooms and comment forums. Please refer to our discussion of 'Public and Unsolicited Information' contained in our Terms and Conditions.

'Unsolicited Information' includes any ideas for new products or modifications to existing products and other unsolicited communications. Personal Data included in Unsolicited Information will be handled in the manner set forth in the privacy statement and consent form.

'User Data' includes any information passively collected from users of the site that does not identify a particular individual, such as statistical information on site usage. The terms 'you', 'your' and 'yours' when used in the privacy statement and consent form means any user of this site.

What information do we collect?

Your information: We collect your personal data such as your name, date of birth, email or postal address when you voluntarily choose to register for or use this site. We use the personal data collected to provide you with a superior customer experience on the site and to improve and market Lexyl Services. Lexyl may store such personal data itself or it may be stored in databases owned and maintained by Lexyl’s affiliates, agents or service providers. Lexyl retains its rights to these databases and the information they contain.

Transfer of your data abroad

By voluntarily providing us with your personal data, you are consenting to our use of it in accordance with the privacy statement and consent form. Due to the nature of the Internet, if you are visiting this site from a country other than the United States, your communications will inevitably result in the transfer of information across international boundaries. By visiting this website you consent to these transfers. If you provide personal data to this Site, you are acknowledging and agreeing that such personal data may be transferred from your current location to the offices and servers of Lexyl and the affiliates, agents and service providers referred to herein located in the United States and in other countries.


In order to use this website, a user must first complete the registration form. During registration, a user is required to give their contact information (name and email address) and to create a username and password. This information is used to contact the user about the services on our site for which they have expressed interest. Lexyl neither requires the user to provide demographic information, such as payscale and gender, nor requires unique identifiers such as a National Insurance number.


A cookie is a piece of data stored on the user's hard drive containing information about the user. Usage of a cookie is in no way linked to any personally identifiable information whilst browsing our website. For instance, by setting a cookie on our website, the user would not have to log in with a password, thereby regularly saving time when they visit our site. Should the user want to temporarily disable this function, they can do so by clicking the log-out link. If a user rejects the cookie, they may still use our site. Cookies can also enable us to track and target the interests of our users to enhance the experience on our site.
To learn more and to manage your cookies preferences, click here:

Log files

We use IP addresses to analyse trends, monitor the site, track user's movement and gather broad demographic information for aggregate use. IP addresses are not linked to personally identifiable information.


This website contains links to other sites. Please be aware that Lexyl Travel Technologies is not responsible for the privacy practices of other sites. We encourage our users, when they leave our site, to read the privacy statements of each and every website that collects personally identifiable information. This privacy statement applies solely to information collected by this website.


All of our users' information, not just the sensitive information mentioned above, is restricted in our offices. Only employees who need the information to perform a specific job (for example, a billing clerk or a customer service representative) are granted access to personally identifiable information. The servers on which we store personally identifiable information are kept in a secure location.

Special offers

We send all new members a welcoming email to verify their password and username. Established members will receive information on new groups or hotel bids relating to their business. Out of respect for the privacy of our users, we present the option of not receiveing these types of communications.

Website activity

Lexyl Travel Technologies uses a third-party tracking utility to track end-user activity on our site via the use of cookies. Activity is tracked in an effort to make our site easy to navigat and to find out which areas of our site are the most popular. The information tracked includes the following: most requested page, least requested page, top entry page, top path through site, the cities which users are visiting from and the average length of time spent on the site.

EU General Data Protection Regulation 'GDPR'

Lexyl shall process personal data only upon the written instruction of its group coordinators and in accordance with our Terms of Use and applicable laws (unless Lexyl is otherwise required to do so in order to comply with applicable law, in which case Lexyl shall inform its group coordinators of such a legal requirement except when prohibited to do so by an applicable law), and the group coordinator confirms that its documented instructions are for Lexyl to process the personal data as necessary for the purposes of our Terms of Use. Lexyl shall inform group coordinators if, in its opinion, an instruction infringes the applicable EU data privacy and security laws;

Lexyl shall, upon termination or expiry of the Terms of Use and upon the group coordinator's request, delete or return to all personal data except for cases where Lexyl is unable to destroy the personal data (due to data backup or legal reasons). Lexyl shall continue to extend indefinitely the protection of these requirements and immediately terminate any further processing of the personal data without the group coordinator's express prior written consent, unless required by applicable law. Lexyl's obligations under these requirements to protect the security of personal data shall override termination of our Terms of Use;

Lexyl shall ensure appropriate operational and technical measures are in place to safeguard personal data against data security breaches;

Lexyl shall notify group coordinators without undue delay if it becomes aware of any actual data security breaches and shall provide reasonable information and cooperation to group coordinators so that group coordinators can fulfil any data-breach reporting obligations it may have under (and in accordance with the timescales required by) applicable data protection legislation;


Lexyl shall, upon request, provide the group coordinator with a list of subcontractors who process personal data;

Lexyl shall only appoint third-party vendors or service providers as subprocessors of personal data where Lexyl:

(A) concludes written contracts with such subprocessors which provide for data protection terms that are no less protective than the terms set out in these requirements;

(B) notifies the group coordinator of any intended additions of or substitutions to existing subprocessors prior to such appointment;

(C) holds the group coordinator fully liable for any breaches of the Terms of Use that are caused by the acts, errors and omissions of its subprocessors;

If the group coordinator has sufficient grounds (regarding data protection) to believe that a subprocessor, appointed by Lexyl, will render Lexyl unable to fulfil its data protection obligations under these requirements, and so the group coordinator may, within 7 days of receipt of notice of their appointment, object to Lexyl's appointment of such a subprocessor, in which case Lexyl will not allow that subprocessor to further access the personal data until the group coordinator has agreed to the appointment or substitution of the subcontractor or until the group coordinator withdraws their objection;

Lexyl shall establish policies and procedures to always provide sufficient and prompt assistance to group coordinators in responding to any and all requests, complaints or other communications received from any individual who is or may be the subject of any personal data processed by Lexyl.

Cross-border data transfers

Lexyl shall not transfer (and shall not permit any third party to transfer) personal data outside the territory of origination unless it takes any required compliance measures to enable such transfer legally; and

With regard to EEA Data, Lexyl shall not transfer (and shall not permit any third party to transfer) such data in any territory outside of the European Economic Area (EEA) unless it takes such measures to ensure that such transfer of EEA Data is consistent with the requirements of chapter V of the GDPR. For the avoidance of doubt, such measures may include Lexyl (or third party, as applicable):

(A) ensuring that it processes the EEA data in a country that has been deemed adequate by the European Commission pursuant to Article 45 of the GDPR;

(B) processing the EEA data pursuant to standard contractual clauses (or 'model clauses') approved by a decision of the European Commission;

(C) processing the EEA data in compliance with binding corporate rules that have been duly authorised by EEA data protection authorities that are competent for the EEA data; and

(D) with respect to transferring the EEA data to the United States, processing such data pursuant to the EU-US and/or Swiss-US Privacy Shield Frameworks, as applicable;

(E) Lexyl shall ensure that any person (including Lexyl's staff, agents and subcontractors) who is authorised to process personal data is subject to a strict duty of confidentiality (whether a contractual or statutory duty) and shall not permit any person to process the personal data who is not under such a duty of confidentiality; and

(F) with regard to EEA Data, Lexyl shall assist group coordinators to conduct data protection impact assessments to the extent such assessments are required by the GDPR, and if necessary, consult with relevant supervisory authorities pursuant to Articles 35-36 of the GDPR.

Please send all personal data removal requests to GDPR[AT] with your group-request ID number in the subject line of the email.