Last updated: October 30, 2023

1. Web analytics and statistics / Google Analytics

The Service Sites use Google Analytics, a web analytics service provided by Google LLC. (“Google”). Google uses cookies (see above), which are stored on the user's computer and allow us to analyze the use of the Service Sites. The information generated by the cookie about the use, including the user’s current, but truncated IP addresses are transmitted to a Google server in the USA and stored there. Since we have activated IP anonymization, your IP address will be truncated by Google within a European Union member state or a member state of the European Economic Area before transmission to the USA. Only in exceptional circumstances will the full IP address be transferred from the EU and truncated in the USA. Google will use this information on our behalf to evaluate the use of the Service Sites, compiling reports on the activities of users of our services, and to provide other services associated with internet use. In addition, Google may also transfer this information to third-parties if required to do so by law or where such third-parties process the information on Google's behalf. The IP address sent by your browser to Google Analytics will not be merged with other Google data.

You can prevent the installation of cookies by changing the settings of your browser. Please note, however, that this may prevent some of our services’ feature from working correctly. Alternatively, you can prevent the collection of cookie data and your website usage data (including your IP address) by Google and the processing of such data by Google by downloading and installing a browser plugin available at: http://tools.google.com/dlpage/gaoptout.

In addition, you can disable data processing by Google Analytics by clicking on the following link:
Deactivate Google Analytics

This sets an opt-out cookie that prevents the future collection of your data when visiting the Service Sites. Please note that it must be reset when you delete all cookies in your browser.

This website utilizes Google Analytics with the extension “_anonymizeIP()”. This extension ensures the processing of truncated IP addresses, so that no direct personal identification via IP addresses is possible.

Personal data associated with cookies, user identifiers (e.g., User-ID) and advertising identifiers (e.g., DoubleClick cookies, Android’s Advertising ID, Apple’s Identifier for Advertisers) will be deleted automatically after 14 months.

Use of Google Analytics is in accordance with the requirements agreed between the German data protection authorities and Google. Please find additional information here: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Usage terms: http://www.google.com/analytics/terms/de.html, Privacy information: http://www.google.com/intl/de/analytics/learn/privacy.html, Privacy policy: http://www.google.de/intl/de/policies/privacy.

Google has incorporated the EU Standard Contractual Clauses, https://policies.google.com/privacy/frameworks?hl=en-US.

2. Social Plugins

The Service Sites use what are referred to as social plugins by the following social media providers:

We use the so-called 2-click solution. If you visit the Service Sites, no personal data is transferred to the plugin provider. You can recognize the plugin provider by the label or logo on the button. We permit you to communicate directly with the plugin provider via the button.

Only if you click the button and activate the plugin, the plugin provider receives the information that you have visited the respective page of the Service Sites. In addition, the information mentioned under Sec. 1 above is transferred by your browser to the plugin provider. If you have an account with the plugin provider, and are logged in, the provider may relate your visit to the Service Sites and your additional interaction with the social plugin (e.g. clicking on the “Like” button) to your user account (e.g. your Facebook account).

We have no influence on the data collected and processed by the plugin provider, nor do we know the full extent of the data processing, purposes, retention terms and deletion of data by the plugin provider. Please find additional information regarding data processing by the plugin provider in their respective privacy policies linked above. These policies also include information regarding your rights and privacy-related configuration options.

3. Data Breaches

In the unlikely event of any unauthorized access or acquisition of your personal data, or if we experience a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, your personal data, where such breach poses a significant risk of harm to your rights and freedoms, we will promptly notify you without undue delay and, where feasible, not later than 72 hours after having become aware of it. In such case, we will also inform governmental authorities of such breach as required by applicable law.

The Dimuonnoi applications (collectively referred to as the “App”) are alternative ways to access offers and services provided by dimuonnoi.vn. The App records, processes and utilizes data in the same way as the Service Sites, for the same purposes and on the same legal basis. The contents of this portion of the privacy policy apply to the App.

1. Additional use of app-specific data

When using the App, dimuonnoi.vn can access additional data relating to the App and your mobile device, e.g. the device name, device manufacturer, model, operating system version, app version or SDK version and the device number (IMEI), advertising identifiers (e.g. Android’s Advertising ID, Apple’s Identifier for Advertisers). If you are using an Android device, the App can also detect what Google services you have subscribed to and can prevent your device from going into standby while the App is running.

The App, for both Android and iOS, requires your permission in order to function properly. Once you grant such permission, the App may record your device’s geolocation to use it for processing your query (e.g., filling in your location in the search form, to provide location-based services, or to suggest relevant content based on your location). Your location data is transmitted through an encrypted connection. If you use GPS, the App will detect your precise location. The data is used to fill in the search form and will not be stored otherwise. You may use your device’s settings menu to disable location data collection at any time.

2. Statistics and analytics

We use data analytics services to create statistics and analytics regarding your use of the App, the Service Sites, and our services. Data analytics services also assist when transitioning to our partner’s websites or services. We use the IP address and device identifier of your mobile device for such purposes. In addition, we may use such information to create cross-device, pseudonymous usage profiles (“cross-device-tracking”). You can disable the analytics functionality at any time in the App preferences.

In our apps, we use ''Google Analytics'' and “Firebase Analytics” as analytics services provided by Google LLC. (“Google”). Google provides SDKs (software development kits), which are stored on the user's device and allow us to analyze their use of the App. The information generated by the SDKs about such use, including the user’s current, but truncated IP address, are transmitted to a Google server in the USA and stored there. Since we have activated IP anonymization, your IP address, if collected in the EU, will be truncated by Google within a European Union member state or a member state of the European Economic Area before transmission to the USA. Only in exceptional circumstances will the full IP address be transferred and truncated in the USA. Google will use this information on our behalf to evaluate the use of the App, compile reports on the activities of users of our services, and to provide other services associated with internet use. In addition, Google may also transfer this information to third-parties if required to do so by law or where such third-parties process the information on Google's behalf. The IP address sent by your App to Google Analytics or Firebase will not be merged with other Google data.

If you are using the App, you can disable data processing by Google Analytics or by Firebase by using the switch at the bottom of this page.

This app utilizes Google Analytics with the extension “_anonymizeIP()”. This ensures processing of truncated IP addresses, so that no direct personal identification via IP addresses is possible.

Please find additional information regarding Google Analytics here:

• Usage terms: http://www.google.com/analytics/terms/de.html,
• Privacy information: http://www.google.com/intl/de/analytics/learn/privacy.html,
• Privacy policy: http://www.google.de/intl/de/policies/privacy

Google has incorporated the EU Standard Contractual Clauses https://policies.google.com/privacy/frameworks?hl=en-US.

3. Push messages

If you have configured your mobile device accordingly, the App may send you push messages, e.g. to provide updates on dimuonnoi.vn, status updates, marketing campaigns and other news, or to notify you of new services, products, and features. Push messages may also include advertising for dimuonnoi.vn or third-party offers (e.g. travel, accommodation).

You can withdraw your consent to receive marketing push messages at any time, free of charge, by disabling marketing push messages in the App settings or by deactivating push messages in your device’s operating system preferences.

We use Braze (114 Sansome St Suite 1200, San Francisco, CA 9410) to send newsletters and push notifications based on your searches. You can find more information regarding data processing by Braze and your rights and options regarding protecting your personal data here:https://www.braze.com/privacy/

1. Data transmission related to bookings

a) Transportation provider

When you make a booking on the Service Sites or the App, we will transmit any personal data (including loyalty program membership information) required to execute such booking to the respective transportation provider (e.g. airline, railway or coach operator) so that the transportation provider can process your booking and produce any personalized tickets that may be required. Such a third-party will then process your personal data under its own responsibility and in accordance with its own privacy policies. We therefore strongly recommend that you carefully review the privacy policy for each such transportation service provider prior to making your booking.

This data transfer requires that your explicit consent is given for each booking process, pursuant to Art. 6(1)(a) GDPR.

To the extent that we participate in a corporate transaction, divestiture, merger, consolidation, or asset sale, or in the unlikely event of bankruptcy, we will inform the buyer that it shall only use your personal information for the purposes disclosed in this privacy policy. From time to time, we may also share aggregate or anonymous information with third-parties, including advertisers and investors. For example, we may tell our investors the number of visitors that the Service Sites receive on a monthly basis, or we may tell advertisers where the most popular travel destinations are each month.

b) Payment providers

The payment details (credit card information) for bookings made directly on the Service Sites or through the App are processed by a trusted internet payment processor, who will transmit your data directly to the relevant credit card company.

In order to ensure that the credit card is being used by its legitimate owner, and to prevent cases of online fraud, encrypted credit card information is transferred to an external payment security service for auditing purposes. This transfer may also include additional personal data.

Your credit card data is processed by trusted and reliable internet payment processors. Your credit card details are encrypted (usually using the SSL protocol) before transmission to the payment processor. Your credit card data will not be disclosed to us by the payment processors.

c) Accommodation providers

In addition, the basic information of your query (such as destination and travel time) will be forwarded to the accommodation service providers displayed in the search window (e.g. Booking.com or Airbnb) - but only if you have explicitly included the respective service provider in the search query by selecting a checkbox. The service provider will then present you with non-binding offers matching your search query in a new window or tab. A transfer of personal data (except for the IP address) does not take place on our side.

2. Other service providers

We may use third party service providers, in particular for technical and business services, tax advisors and legal counsel. This may include hosting providers, including a content delivery network to cache and provide content, statistics and analytics, providers to handle service desk and support data, provision of CRM systems, sending of newsletters/mailings, spam and fraud prevention, IT service and development providers.

These service providers receive personal data solely for the performance of their services for us on our behalf. They are contractually obliged not to use personal data for other purposes.

We will only process personal information in ways that are compatible with the purposes outlined in this privacy policy (or those you later authorize). We process your personal data for the following purposes and on the following legal basis:

a) Pursuant to Art. 6(1)(b) GDPR to enter into, perform, modify or terminate a contractual relationship with you, in particular:

• to enable your access and use of the Service Sites and the App,
• to facilitate your search queries and bookings,
• to perform our contractual obligations,
• to personalize your ticket or booking and to contact you with regards to the booking process or your user account, for example to send you travel documents,
• to facilitate your account login on the Service Sites or the App (user account functionality), to recognize you as a user and spare you from re-entering your data upon your revisits to the Service Sites or the App.

b) Pursuant to Art. 6(1)(f) GDPR based on our legitimate interests,

• to improve the Service Sites, Apps and our other services and to adapt them to the needs of our users,
• to perform internal quality checks,
• to prevent, detect, process and investigate malfunctions, incidents, fraudulent or other illegal activities, or mitigate the risk of occurrence of the aforementioned events,
• to ensure network and information security,
• to create statistics on access channels, the use the Service Sites and App and the frequency of transition to our partner’s websites and services,
• for internal accounting and invoicing purposes with the respective transportation providers, accommodation or other partners and service providers,
• to personalize the Service Sites, the App, and our offers,
• to display advertisements and special offers that may match your interests (or reduce your exposure to advertising and special offers which you may find uninteresting),
• for marketing purposes and to optimize our marketing measures,
• to enable your interaction with social networks and other users, in order to improve our offers and make it more interesting for our users, to contact you, if requested by you or as necessary to fulfil the contract or as otherwise permitted by law,
• for the purpose of business process outsourcing to affiliated companies,
• enforcing obligations owed to us, and contractual terms and conditions,
• accounting, risk management and record keeping.

When using personal data to serve the above-mentioned legitimate interests, we will always balance your rights and interests in protecting your personal data against the rights and interests of our company, our affiliates, and trusted third-parties.

c) Pursuant to Art. 6(1)(a) GDPR based on your consent,

• to send you newsletter emails or other marketing push messages (see above),
• to transfer data for certain bookings to our partner Amadeus and to transfer Facebook Data (see above).

d) Pursuant to Art. 6(1)(c) GDPR to comply with legal obligations, e.g. to observe retention periods required by trade or tax law or to comply with obligations to disclose data based on a legally binding court decision or official order.

In addition to the right to revoke your consent given to us, where applicable, you have the right to request access to (Art. 15 GDPR) and rectification (Art. 16 GDPR) or erasure (Art. 17 GDPR) of personal data or restriction of processing (Art. 18 GDPR), the right to object (Art. 21 GDPR) and the right to data portability (Art. 20 GDPR).

We may make changes or updates to this privacy policy from time to time or as required in response to changing legal, technical or business developments. When we update our privacy policy, we will take appropriate measures to inform you, consistent with the significance of the changes we make, and in accordance with applicable law. You can see when this policy was last updated by viewing the “last updated’ date displayed at the top of this privacy policy.