myservice · Legal Documentation

Terms, Privacy & Legal

Everything that governs your use of myservice — your rights as a guest, a service provider, and a data subject across 220+ countries.

Last updated: May 2026

220+Countries

3.3M+Hotels

GDPREU Compliant

CCPACA Compliant

DSAEU DSA Ready

myservice is an online travel agent (OTA) and marketplace intermediary operating in 220 countries, providing live hotel search and booking powered by RateHawk. These documents govern your use of the Platform and describe your rights as a guest, a service provider, and a data subject.

When you book a hotel through myservice, your accommodation contract is formed directly with the hotel. myservice facilitates the transaction and is not a party to that contract. Your consumer rights are protected under the laws of your country of residence — including EU GDPR, UK consumer law, and California CCPA — regardless of our primary jurisdiction in Pakistan.

Contents

1. Terms of Use
2. Privacy Policy
3. Cookie Policy
4. Reviews Policy
5. Digital Services Act (EU)
6. Hotel Booking Terms
7. General Services Terms
8. Regional Laws & Your Rights
9. Governing Law & Disputes
10. Contact Us

1. Terms of Use

1. Acceptance of Terms

By accessing and using the myservice online travel platform (the "Platform"), you confirm that you are at least 18 years of ageand agree to comply with and be bound by these Terms of Use (the "Terms"). If you do not agree to these Terms, you must not use the Platform.

myservice operates as an online travel agent (OTA) and marketplace intermediary. When you book a hotel or accommodation through the Platform, the contract for accommodation is formed directly between you (the "Guest") and the hotel or accommodation provider (the "Hotel"). myservice facilitates the transaction but is not a party to that contract. By completing a booking you also accept the Hotel's own cancellation policy and house rules, which are displayed at the time of booking.

2. Modification of Terms

We reserve the right to modify these Terms at any time. For material changes that may affect your rights or obligations, we will provide at least 30 days' advance notice by posting a prominent notice on the Platform or notifying you by email. Your continued use of the Platform after the notice period constitutes your acceptance of the updated Terms. For non-material changes (e.g., typographical corrections, clarifications), changes take effect upon posting.

3. User Responsibilities

You agree to use the Platform only for lawful purposes and in accordance with these Terms. You must not engage in any activities that may harm or disrupt the Platform or interfere with other users' enjoyment of the Platform.

4. Account Registration

To access certain features of the Platform, for instance to search and book hotel accommodations, you may be required to create an account. You agree to provide accurate and complete information during registration and to update your information as necessary. You are responsible for maintaining the confidentiality of your account credentials and for all activities that occur under your account.

5. Prohibited Activities

You agree not to engage in the following prohibited activities:

Sharing personal contact details (phone number, email, social media links) through any channel other than the designated Platform fields.
Using the Platform for any illegal or unauthorized purpose.
Impersonating any person or entity or falsely misrepresenting your affiliation with any person or entity.
Uploading or transmitting content that is unlawful, defamatory, obscene, or otherwise objectionable.
Distributing viruses, malware, or other harmful code.
Attempting to gain unauthorized access to any part of the Platform or its related systems.
Making fraudulent bookings, false cancellation claims, or abuse of refund processes.

6. Intellectual Property

All content and materials on the Platform, including but not limited to text, graphics, logos, and software, are the property of myservice or its licensors and are protected by intellectual property laws. You may not use, reproduce, or distribute any content from the Platform without express written permission.

7. Termination

We reserve the right to terminate or suspend your account and access to the Platform at our sole discretion, without notice, for any reason, including but not limited to violations of these Terms.

8. Disclaimers

The Platform is provided "as is" and "as available" without any warranties of any kind, either express or implied. We disclaim all warranties, including but not limited to implied warranties of merchantability and fitness for a particular purpose. Hotel listings, images, and descriptions are provided by Hotels and third-party data providers; myservice does not warrant their accuracy or completeness.

9. Limitation of Liability

To the fullest extent permitted by law, myservice's liability to you in connection with any booking shall not exceed the total amount you paid for that booking. We shall not be liable for any indirect, incidental, special, consequential, or punitive damages, or any loss of profits or revenues, whether incurred directly or indirectly, or any loss of data or use, arising from your use of the Platform or from the acts or omissions of any Hotel.

10. Governing Law

These Terms shall be governed by and construed in accordance with the laws of the Islamic Republic of Pakistan. Any disputes arising out of or relating to these Terms shall be resolved as set out in the Governing Law and Dispute Resolution section below.

11. Contact Information

For any questions or concerns regarding these Terms, please contact us at [email protected]

12. Force Majeure

Neither myservice nor any Hotel shall be liable for failure or delay in performance resulting from causes beyond reasonable control, including but not limited to: acts of God, natural disasters, pandemics, epidemic disease, war, terrorism, government-imposed travel restrictions, strikes, or infrastructure failures. In such events, myservice will facilitate communication between you and the Hotel regarding cancellation, rebooking, or voucher options, subject to the Hotel's own force majeure policy and applicable law.

13. Severability

If any provision of these Terms is found to be unenforceable or invalid under applicable law, that provision shall be modified to the minimum extent necessary to make it enforceable, or severed if modification is not possible. The remaining provisions shall continue in full force and effect.

14. Entire Agreement

These Terms, together with the Privacy Policy, Cookie Policy, and any booking confirmation you receive, constitute the entire agreement between you and myservice regarding your use of the Platform and supersede all prior agreements, representations, or understandings.

15. Waiver

Failure by myservice to enforce any right or provision of these Terms shall not constitute a waiver of that right or provision. Any waiver must be in writing and signed by an authorised representative of myservice.

16. Class Action Waiver & Arbitration

To the fullest extent permitted by applicable law, you agree to resolve disputes with myservice on an individual basis only, and not as part of any class, consolidated, or representative action. Any dispute not resolved through informal negotiation shall be submitted to binding individual arbitration under the rules of the Pakistan Centre for International Investment and Commercial Arbitration (PCICICA), with the seat of arbitration in Islamabad, Pakistan, conducted in English.

30-Day Opt-Out: You may opt out of this arbitration agreement by sending written notice to [email protected] within 30 days of first accepting these Terms. Your notice must include your name, email address, and a clear statement that you are opting out.

This clause does not apply to EU/EEA consumers to the extent it conflicts with mandatory EU consumer protection law.

17. EU Right of Withdrawal Waiver

Important Notice for EU/EEA ConsumersEU Directive 2011/83/EU grants consumers a 14-day right to withdraw from distance contracts. However, under Article 16(l) of that Directive, this right does not applyto contracts for accommodation services to be provided on specific dates. By completing a hotel booking on myservice, you expressly acknowledge and accept that the right of withdrawal does not apply to your reservation and that the Hotel's cancellation policy governs any cancellation or refund.

2. Privacy Policy

1. Introduction

myservice ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy describes how we collect, use, and safeguard your personal information when you use our Platform to search and book hotel accommodations across 220 countries. myservice (registered in Pakistan) is the data controller. Live hotel rates and inventory are powered by RateHawk / Emerging Travel Group, a separate data processor.

2. Information We Collect

We may collect the following categories of personal data:

Identity Data: Full name, date of birth, nationality, passport or national ID number (required by certain hotels or local law).
Contact Data: Email address, phone number, billing address.
Booking Data: Check-in/check-out dates, room type, number of guests, special requests, dietary requirements, accessibility needs, travel preferences, and loyalty program numbers where provided.
Payment Data: Credit/debit card details processed by PCI DSS-compliant payment processors. myservice does not store full card numbers.
Usage Data: IP address, browser type, device identifiers, pages visited, session duration, and search queries on the Platform.
Communications Data: Messages sent to customer support, booking correspondence, and chat interactions.
Cookie Data: As described in the Cookie Policy below.

3. How We Use Your Information

We use your personal data for the following purposes, each with a legal basis under GDPR Art. 6 where applicable:

Booking fulfillment (Art. 6(1)(b) — contract performance): To process and manage your hotel reservation, transmit necessary guest details to the Hotel, and communicate confirmation, changes, and cancellations.
Payment processing (Art. 6(1)(b)): To charge you for bookings, process refunds, and detect fraud.
Legal compliance (Art. 6(1)(c)): To comply with tax, anti-money laundering, and other legal obligations. Passport/ID data may be collected where required by local law.
Legitimate interests (Art. 6(1)(f)): For fraud prevention, platform security, service improvement, and anonymised analytics. We balance these interests against your data protection rights.
Consent (Art. 6(1)(a)): For marketing communications, non-essential cookies, and personalised hotel recommendations. You may withdraw consent at any time.

4. Data Sharing and Disclosure

We share your personal data only in the following circumstances:

Hotels and Accommodation Providers: We transmit your booking and guest details to the Hotel necessary to fulfill your reservation.
RateHawk / Emerging Travel Group: Our rate and inventory provider receives booking data to confirm reservations with hotels worldwide.
Payment Processors: PCI DSS-compliant processors (such as Stripe, Adyen, or equivalent) who handle card transactions under data processing agreements.
Analytics Providers: Tools such as Google Analytics under data processing agreements, using anonymised or aggregated data where possible.
Legal / Regulatory Authorities: Where required by law, court order, or to protect the rights and safety of myservice or others.
Business Transfers: In connection with a merger, acquisition, or sale of assets, with appropriate contractual data protection safeguards.

5. Data Security

We implement reasonable technical and organisational measures to protect your personal data, including TLS encryption in transit, encryption at rest, and access controls. Payment card data is processed exclusively by PCI DSS-compliant processors. No method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

6. Your Rights

GDPR Rights — EU/EEA UsersUnder the General Data Protection Regulation, you have the right to:

Access (Art. 15): Request a copy of your personal data.
Rectification (Art. 16): Request correction of inaccurate or incomplete data.
Erasure / "Right to be Forgotten" (Art. 17): Request deletion of your data, subject to legal retention obligations.
Restriction (Art. 18): Request that we limit how we process your data.
Portability (Art. 20): Receive your data in a structured, machine-readable format.
Object (Art. 21): Object to processing based on legitimate interests, including direct marketing.
No Automated Decisions (Art. 22): Not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects.
Withdraw Consent: At any time, without affecting prior processing.
Lodge a Complaint: With your local EU/EEA data protection supervisory authority.

Additional Rights — California Residents (CCPA/CPRA)

Right to Know: What personal information we collect, use, and disclose.
Right to Delete: Request deletion of your personal information.
Right to Opt-Out of Sale:We do not sell personal information. If this changes, a "Do Not Sell My Personal Information" link will appear on the Platform.
Right to Non-Discrimination: Exercising privacy rights will not result in denial of service or different pricing.
Right to Correct: Request correction of inaccurate personal information.

To exercise any of these rights, contact: [email protected]

7. International Data Transfers

Your data may be transferred to and processed in countries outside your home country, including Pakistan (where our servers are located) and countries where Hotels and our technology partners operate. For transfers from the EU/EEA, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission. For transfers from the UK, we use the UK International Data Transfer Agreement (IDTA). For other international transfers, we implement equivalent contractual data protection safeguards.

8. Data Retention

We retain personal data only as long as necessary for the purposes described in this Policy:

Data Type

Retention Period

Booking & transaction records

7 years (tax & legal compliance)

Account data

Until account deletion requested

Marketing consent records

Until opt-out + 3 years

Analytics / cookie data

Up to 13 months

Customer support communications

3 years from resolution

Guest reviews

5 years from submission

9. Children's Privacy

The Platform is intended for users aged 18 and over. We do not knowingly collect personal information from children under 18. If you believe a child has provided us with personal data, please contact [email protected] and we will delete it promptly.

10. No Automated Decision-Making with Legal Effects

myservice does not use automated decision-making or profiling that produces legal effects or similarly significant effects on users. Hotel search results and recommendations are generated algorithmically to improve relevance but do not make binding decisions about your eligibility to book or any other legal matter.

11. Data Protection Officer

We have appointed a Data Protection Officer (DPO) to oversee compliance with this Privacy Policy and applicable data protection laws.
Contact: [email protected]
Please mark your correspondence "Attention: Data Protection Officer".

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified via the Platform or email with at least 30 days' notice. Your continued use of the Platform after the effective date constitutes acceptance of the updated Policy.

13. Contact Us

For general privacy questions: [email protected]
For data subject rights requests: [email protected]
For general inquiries: [email protected]

3. Cookie Policy

1. Introduction

Our Platform uses cookies and similar technologies to enhance your browsing experience, remember your preferences, and help us understand how our Platform is used. This Cookie Policy explains what cookies are, how we use them, and how you can control them.

We only place non-essential cookies with your prior consent, which you can manage at any time via your browser settings or the Cookie Preferences link in the Platform footer.

2. What Are Cookies?

Cookies are small text files placed on your device by websites you visit. They help the website remember your preferences and provide a more personalised experience. Similar technologies such as local storage and session storage may be used for equivalent purposes.

3. Types of Cookies We Use

Essential Cookies — Required for the Platform to function (e.g., session authentication, booking cart, security tokens). These cannot be disabled. No consent required under the ePrivacy Directive. Duration: session or up to 1 year.
Performance Cookies — Collect anonymised information about how visitors use the Platform (page views, error rates, load times) to help us improve. We use tools such as Google Analytics. Consent required. Duration: up to 13 months.
Functional Cookies — Allow the Platform to remember your preferences such as language, currency, last search, and previously viewed hotels to provide a more personalised experience. Consent required. Duration: up to 12 months.
Targeting / Advertising Cookies — Used to deliver relevant hotel offers and advertisements based on your browsing interests, and to measure campaign effectiveness. These may be set by third-party advertising partners. Consent required. Duration: up to 13 months.

4. Cookie Duration Summary

Cookie Type

Max Lifespan

Essential

Session – 12 months

Performance

13 months

Functional

12 months

Targeting / Advertising

13 months

We do not set cookies with a lifespan exceeding 5 years.

5. How to Manage Cookies

You can control and manage cookies in several ways:

Browser settings:Most browsers allow you to view, block, or delete cookies. Consult your browser's help documentation (Chrome, Firefox, Safari, Edge) for instructions.
Cookie Preference Centre:You can update your consent for non-essential cookies at any time by clicking "Cookie Preferences" in the footer of any page.
Google Analytics Opt-Out: Install the Google Analytics Opt-out Browser Add-on at tools.google.com/dlpage/gaoptout.

Please note: blocking essential cookies will impair the Platform's functionality, including the ability to complete bookings.

6. Changes to This Policy

We may update this Cookie Policy from time to time. Any changes will be posted on the Platform with a revised "Last Updated" date.

7. Contact Us

If you have any questions about our use of cookies, please contact us at [email protected].

4. Reviews Policy

1. Verified Bookings Only

Verified Bookings OnlyReviews on myservice may only be submitted by guests who have completed a stay booked through the Platform. This ensures all reviews reflect genuine experiences.

Review invitations are sent automatically after checkout. Reviews submitted outside this window or from unverified accounts will not be published.

2. Review Standards

By submitting a review, you agree that your content:

Reflects your honest, first-hand experience of the stay.
Is not fake, incentivised, sponsored, or submitted in exchange for any benefit from the Hotel or any third party.
Does not contain defamatory, harassing, discriminatory, obscene, or unlawful content.
Does not include personal information about Hotel staff or other guests.
Is relevant to the accommodation experience (not unrelated complaints about travel or personal circumstances).

3. Moderation

myservice reserves the right to remove, edit, or decline to publish any review that violates these standards, contains prohibited content, or is flagged as fraudulent. We are not obligated to publish every review submitted. Moderation decisions are final but may be appealed by contacting [email protected].

4. Hotel Right to Respond

Hotels listed on myservice may post a public reply to guest reviews. Hotel responses must comply with the same content standards as guest reviews. myservice reserves the right to remove responses that violate these standards.

5. Liability for Review Content

Reviews represent the opinions of individual guests and do not reflect the views of myservice. myservice is not responsible for the accuracy, completeness, or legality of user-submitted review content. If you believe a review contains defamatory or illegal content, please report it to [email protected] with the review details and grounds for removal.

6. Review Data Retention

Published reviews are retained for 5 years from the date of submission, or until a deletion request is approved. Review scores contribute to a Hotel's overall rating during the period the review is live.

5. Digital Services Act (EU)

Digital Services Act ComplianceEU Only

This section describes myservice's compliance with EU Regulation 2022/2065 (the Digital Services Act, "DSA"), which came into full effect on 17 February 2024 for all online platforms serving users in the European Union.

1. Illegal Content Reporting

If you encounter content on myservice that you believe is illegal under EU or national law (including fraudulent listings, illegal offers, or hate speech), you may report it to our DSA single point of contact:

DSA Contact PointEmail: [email protected]
We will acknowledge your report promptly and take appropriate action in accordance with the DSA.

2. Recommendation System Transparency

Hotel search results on myservice are ranked using a relevance algorithm that considers factors including: availability for your dates, guest ratings, price competitiveness, property quality indicators, and booking popularity. Hotels that pay for promotional placement are clearly labelled as "Sponsored" in search results. No unlabelled paid ranking is used.

3. Complaints Mechanism

EU users may submit complaints about our content moderation decisions (including review removals, listing suspensions, or account actions) by contacting [email protected]. We commit to:

Acknowledging complaints within 5 business days.
Providing a substantive response or resolution within 6 weeks of receipt.
Offering escalation to an out-of-court dispute settlement body where required by the DSA.

4. Transparency Reporting

myservice publishes an annual transparency report disclosing, among other things, the average monthly active users of the Platform in the EU, the number of content moderation actions taken, and information about our notice and action procedures, in accordance with DSA Article 15.

5. AI & Chatbot Disclosure

Our Platform includes an AI-powered hotel assistant chatbot. This tool is automated and not a human agent. Conversations may be logged for quality assurance and compliance purposes, as described in our Privacy Policy. You may request to speak with a human agent at any time by contacting [email protected].

General Terms Across All Services

1. Dispute Resolution

Procedures for handling disputes and complaints. Contact information for customer service will be provided.

2. Liability and Insurance

General liability coverage details and professional indemnity insurance information will be provided, by the service provider himself.

3. Privacy Policy

Details on how personal data is collected, used, and protected. Compliance with relevant data protection laws will be ensured.

4. Terms of Use

Guidelines for using the web app, including user responsibilities and acceptable use policies.

5. Amendments

Procedures for updating terms of service and notification processes for changes will be provided.

6. Governing Law

Jurisdiction and applicable laws for any disputes.

Hotel Booking Terms

1. Platform Role & Intermediary Disclaimer

myservice is an Online Travel Agent (OTA) — not the HotelWhen you book a hotel through myservice, you are entering into a contract directly with the hotel or accommodation provider ("Hotel"). myservice facilitates the transaction as a marketplace intermediary and is not a party to the accommodation contract. Hotel-specific policies — including cancellation terms, house rules, and check-in requirements — are set by individual Hotels and are presented to you at the time of booking.

Hotel inventory and live pricing are powered by RateHawk (Emerging Travel Group), a global hotel technology platform.

2. Booking & Cancellation Policy

The cancellation policy applicable to your booking is displayed on the hotel listing page and in your booking confirmation email. There are three policy types:

Fully Flexible

Free cancellation up to the deadline shown at booking. Refunds processed within 5–10 business days to your original payment method.

Partially Refundable

A cancellation fee applies after a specified date. The fee amount and deadline are shown before you confirm. The refundable portion is returned within 5–10 business days.

Non-Refundable

No refund is available on cancellation or no-show. The full booking amount is charged at the time of reservation.

To cancel, log in to your myservice account, go to "My Bookings", and follow the cancellation steps — or contact [email protected]. Cancellations must be made before the deadline shown in your confirmation to qualify for any refund.

3. No-Show Policy

If you do not arrive at the hotel on the check-in date without cancelling, it will be treated as a "no-show". For non-refundable and partially refundable bookings, the applicable charge will be retained. For fully flexible bookings, a no-show may result in cancellation of any remaining nights. Please contact the Hotel or myservice as early as possible if you are unable to arrive.

4. Check-In & Check-Out

Standard check-in and check-out times are set by each Hotel and displayed on the hotel listing. As a general guide:

Standard check-in: 2:00 PM (14:00) local hotel time
Standard check-out: 12:00 PM (noon) local hotel time

Early check-in or late check-out is subject to availability and may incur additional charges set by the Hotel. A valid government-issued photo ID and the payment card used for booking are required at check-in. Some Hotels require a passport for foreign nationals, as required by local law.

5. Overbooking Policy

Hotels occasionally experience overbooking due to operational reasons beyond myservice's control. In such cases, the Hotel is responsible for relocating you to a comparable or superior property of equivalent or higher star rating, at no additional room-rate cost to you. myservice will assist with communication to facilitate resolution. If you are affected by an overbooking, contact [email protected] immediately.

6. Pricing & Fees

Price Accuracy: Rates are sourced live from RateHawk and updated in real time. The price shown at the "Confirm Booking" step is the final price charged, inclusive of taxes and fees displayed at that step.

Platform Service Fee: myservice may charge a platform service fee on certain bookings. Any such fee is itemised and shown clearly before you confirm. The service fee is non-refundable unless myservice caused the cancellation.

Damage Deposits: Some Hotels require a refundable security deposit at check-in, held directly by the Hotel. The amount and terms are shown on the hotel listing. Disputes regarding damage deposits are between you and the Hotel — myservice is not responsible for their collection or refund.

7. Guest Conduct & House Rules

By completing a booking, you agree to comply with the Hotel's house rules, which are displayed on the hotel listing page. These may include policies on smoking, pets, visitors, noise, and dress code. Hotels retain the right to refuse admission or require guests to vacate if house rules are violated, which may result in forfeiture of the booking amount without recourse against myservice.

8. Visa, Travel Documents & Entry Requirements

It is your sole responsibility to ensure you hold valid travel documents (passport, visa, entry permits) required for your destination. myservice provides no warranty regarding visa or entry requirements and accepts no liability for denied entry or deportation. We recommend consulting the official embassy or consulate website of your destination country before booking.

9. Accessible Accommodation

We are committed to supporting guests with accessibility needs. Hotel listings display accessibility features where provided by the Hotel. If you require specific accessible accommodation, we recommend contacting the Hotel directly before booking to confirm availability. myservice will make reasonable efforts to communicate accessibility requests to Hotels on your behalf.

10. Hotel Star Ratings & Images

Star ratings displayed are sourced from third-party classification bodies and may not conform to national hotel grading standards in all countries. Property images are provided by Hotels and may not reflect exact current property condition or the specific room assigned. myservice does not warrant the accuracy of star ratings or property images.

11. Force Majeure

Neither myservice nor the Hotel shall be liable for inability to perform obligations due to events beyond reasonable control, including but not limited to: natural disasters, pandemics, acts of terrorism or war, government-imposed travel restrictions, or infrastructure failures. In such circumstances, myservice will work with Hotels to offer rebooking, vouchers, or refunds where permitted by applicable law and the Hotel's own force majeure policy.
Guests are strongly advised to purchase comprehensive travel insurance covering trip cancellation, medical emergencies, and travel disruption before booking.

12. Property Delisting & Bed Bank Conflicts

myservice sources hotel inventory through RateHawk (Emerging Travel Group) and other wholesale bed banks. As a result, your property may appear on the Platform without a direct commercial agreement with myservice. If you are a property owner or authorised representative and wish to request delisting, or if you have identified a conflict — such as incorrect rates, unauthorised content, rate parity violations, or a listing you did not consent to — please follow the process below.

Grounds for a delisting or conflict request:

Your property is listed without your knowledge or authorisation via a bed bank or wholesaler.
Rates displayed do not reflect your contracted or published rates (rate parity breach).
Property name, description, images, or amenities are inaccurate or outdated.
Your property has permanently closed, changed ownership, or rebranded.
You have terminated your agreement with the upstream distributor (e.g. RateHawk) and require removal from downstream OTAs.

How to submit a request:

Email [email protected] with the subject line "Property Delisting Request" or "Bed Bank Conflict".
Include: property name, full address, your role and contact details, a description of the issue, and any supporting documentation (e.g. rate sheets, distributor correspondence, ownership proof).

Processing timeline:

We will acknowledge your request within 5 business days.
Verified delisting requests are actioned within 14 business days of confirmation.
Rate or content corrections sourced from RateHawk are escalated directly to Emerging Travel Group; resolution timelines depend on the upstream distributor and may take up to 30 days.

If your property appears via RateHawk or another bed bank, myservice is not the original source of the listing. The most effective route for permanent removal is to first terminate the listing at the distributor level — myservice will follow suit once the upstream feed is updated. Contact us if you need guidance on which distributor to approach.

myservice reserves the right to retain a property listing while an active, confirmed booking exists for that property, in order to honour existing guest reservations. Delisting will take effect after all existing confirmed bookings have been fulfilled or cancelled.

Terms for Travel Agency / TCM Services

1. Service Description

Our platform supports travel planning and management services including flight bookings, hotel reservations, tour packages, and custom itineraries designed for leisure and business travel.

2. Professional Responsibilities

The travel agency must:

Client-Centric Approach: Prioritize individual travel needs with personalized itinerary planning.
Transparent Communication: Clearly convey all travel details including schedules, pricing, and changes.
Vendor Coordination: Collaborate efficiently with airlines, hotels, and local tour operators to secure the best services.
Timely Updates: Keep clients informed about any changes or updates to their travel plans.
Ethical Standards: Uphold high ethical and professional standards in all client interactions.

3. Payment Terms

Payment details include:

Payment Options: Credit/debit cards, bank transfers, and secure online payment gateways.
Commission Structure: Clearly defined commissions and service fees should be outlined.
Refund & Cancellation: Specify conditions for refunds or itinerary changes, including timelines and fees.

4. Additional Terms

Data Security: Protect all customer data using robust security measures.
Dispute Resolution: Implement clear procedures for handling service disputes or issues.
Service Updates: Communicate any changes in service offerings or policies in a timely manner.

Terms for Car Rental & Mobility Management Services

1. Service Description

Our platform provides vehicle rental and mobility management solutions for both individual and corporate clients. Services include short-term rentals, long-term leasing, and tailored mobility solutions.

2. Professional Responsibilities

The car rental service provider must:

Vehicle Maintenance: Ensure all vehicles are well-maintained, regularly serviced, and meet safety standards.
Accurate Information: Provide clear details about vehicle models, features, and rental terms.
Customer Support: Offer prompt assistance for reservations, issues, or emergencies.
Regulatory Compliance: Abide by all local traffic, licensing, and rental regulations.
Professional Service: Maintain a courteous and efficient rental process from booking to return.

3. Payment Terms

Payment arrangements include:

Accepted Payment Methods: Credit/debit cards, online banking, and corporate invoicing.
Deposit Requirements: A refundable deposit may be required depending on the vehicle category and rental duration.
Cancellation & Refund: Clearly state terms for cancellation fees, refund timelines, and penalties for early return.

4. Additional Terms

Insurance & Liability: Include mandatory insurance coverage and define liability for damages.
Data Protection: Ensure secure handling of personal and payment data.
Fleet Management: Regularly update vehicle availability and ensure quality control across the fleet.

Terms for Corporate Traveler Services

1. Service Description

This service is designed specifically for corporate travelers. It facilitates comprehensive travel management including flight bookings, hotel reservations, transportation arrangements, and expense tracking to streamline business travel.

2. Professional Responsibilities

The service provider must:

Corporate Focus: Cater to the unique needs of business travelers, ensuring efficient and timely travel arrangements.
Accurate Itineraries: Provide detailed and accurate travel itineraries covering flights, accommodations, and ground transport.
Expense Management: Assist in tracking and managing travel expenses and reimbursements.
Confidentiality: Safeguard all corporate and traveler data with strict confidentiality protocols.
Responsive Support: Offer dedicated customer support to address any travel-related issues promptly.

3. Payment Terms

Payment arrangements include:

Corporate Billing: Tailored invoicing and billing options designed for corporate accounts.
Accepted Methods: Credit/debit cards, bank transfers, or direct corporate billing.
Refund & Adjustments: Clearly defined policies for handling cancellations, itinerary changes, or expense adjustments.

4. Additional Terms

Data Security: Implement robust security measures to protect sensitive corporate data.
Compliance: Adhere to corporate travel policies and industry best practices.
Continuous Improvement: Regularly collect and act on feedback to enhance service quality.

8. Regional Laws & Your Rights

myservice operates in 220 countries. Below is a summary of the key data protection laws, consumer rights frameworks, and tourism regulations that apply in the major jurisdictions where we operate. Expand a country to see your local rights and the applicable law. These summaries are for informational guidance only — for the authoritative text, refer to the official legislation or contact us at [email protected].

South Asia

SAARC — South Asian Association for Regional Cooperation

8 Member StatesNo unified DPLSAFTABilateral consumer agreements

SAARC has no binding regional data protection instrument. Each member state operates its own national law (or draft). Cross-border consumer rights enforcement relies on bilateral agreements. The SAARC Agreement on Trade in Services covers digital services but lacks a dedicated privacy chapter.

PakistanPECA 2016 · NTP

Primary jurisdiction: High Court of Islamabad governs disputes.
Prevention of Electronic Crimes Act 2016 covers digital offences on the Platform.
No comprehensive data protection law enacted yet; draft Personal Data Protection Bill applies in spirit.
Consumer rights governed by Competition Commission of Pakistan (CCP) and provincial consumer courts.
Payments regulated by State Bank of Pakistan (SBP) electronic money regulations.

myservice is registered in Pakistan. Pakistani law is the default governing law for all users unless a carve-out applies.

IndiaDPDPA 2023

Digital Personal Data Protection Act 2023 (DPDPA) — enforceable from 2025.
Right to access, correct, erase, and nominate a representative for your data.
Data Fiduciary obligations: purpose limitation, storage limitation, security safeguards.
Cross-border transfers permitted to countries on the approved "white list" issued by the Central Government.
Consumer Protection Act 2019 governs booking disputes; National Consumer Disputes Redressal Commission (NCDRC) has jurisdiction.
RBI guidelines on payment aggregators apply to all India-facing transactions.
Tourism regulation varies by state; hotel licensing governed by Ministry of Tourism.

Grievance officer contact: [email protected] (India queries). Response within 24 hours as required by DPDPA.

BangladeshDigital Security Act 2018

Digital Security Act 2018 — primarily governs cybercrime; limited personal data protection provisions.
Personal Data Protection Act (draft, 2022) — not yet enacted as of 2026.
Bangladesh Telecommunication Regulatory Commission (BTRC) oversees digital services.
Bangladesh Tourism Board (BTB) licenses accommodation.
No dedicated data protection supervisory authority established yet.

Sri LankaPDPA No. 9 of 2022

Personal Data Protection Act No. 9 of 2022 — enacted August 2022, phased enforcement.
Rights: access, correction, erasure, portability, objection to automated decisions.
Personal Data Protection Authority established as supervisory body.
Sri Lanka Tourism Development Authority (SLTDA) licenses accommodation.
Consumer Affairs Authority (CAA) handles booking disputes.

NepalIndividual Privacy Act 2018

Individual Privacy Act 2018 — basic constitutional right to privacy; no comprehensive data protection law.
Draft data protection legislation under review as of 2026.
Nepal Tourism Board (NTB) licenses accommodation.
Consumer Protection Act 2018 covers service disputes.

GCC — Gulf Cooperation Council

Gulf Cooperation Council

6 Member StatesGCC PDPF 2021Customs UnionCommon MarketUnified Tourism Standards

The GCC Personal Data Protection Framework (PDPF, 2021) provides a common baseline across all 6 member states. Individual states have enacted their own laws — UAE, Saudi Arabia, Bahrain, Oman, and Qatar have comprehensive laws; Kuwait operates a fragmented framework. All GCC hotel bookings require passport presentation under local law. The GCC Tourism Ministerial Committee works toward unified accommodation standards and cross-border consumer protection.

United Arab EmiratesPDPL 2021 · DIFC · ADGM

UAE Federal Decree-Law No. 45 of 2021 (PDPL) — fully applicable.
Rights: access, correction, erasure, withdrawal of consent, data portability.
Separate frameworks apply in free zones: DIFC Data Protection Law 2020 and ADGM Data Protection Regulations 2021.
DTCM (Dubai) and DCT (Abu Dhabi) license all hotel properties listed on the Platform.
VAT of 5% applies to hotel accommodation; Tourism Dirham levy is Hotel-specific.
Disputes: UAE Consumer Protection Law No. 15 of 2020; complaints to UAE Consumer Protection Authority.

UAE hotel bookings may require passport scan at check-in by federal law.

Saudi ArabiaSaudi PDPL 2021

Personal Data Protection Law (PDPL), Royal Decree No. M/19 — effective September 2023.
Rights: access, correction, erasure (right to be forgotten), data portability, objection to automated processing.
Cross-border transfers permitted only to countries with equivalent protection or with SAMA/NDMO approval.
Saudi Commission for Tourism and National Heritage (SCTH) licenses all hotels.
VAT of 15% applies to hotel accommodation.
Tourism tax: Municipal Fee 5% of room rate applies in most cities.

Alcohol is prohibited in Saudi Arabia. Hotel listings may reflect Sharia-compliant amenities.

QatarLaw No. 13 of 2016

Personal Data Privacy Protection Law No. 13 of 2016.
Rights: access, correction, erasure. Controller must appoint a data protection officer.
Ministry of Commerce and Industry supervises data protection compliance.
Tourism Council of Qatar licenses hotels; online booking platforms require registration.
VAT is not currently levied in Qatar (as of 2026).

KuwaitCybercrime Law 2015

No comprehensive data protection law; fragmented protection under Cybercrime Law No. 63 of 2015 and Commercial Law.
Ministry of Commerce and Industry oversees consumer protection.
Kuwait Tourism Authority (KTA) regulates hotel operations.
No VAT currently in Kuwait (as of 2026).

BahrainPDPL 2018

Personal Data Protection Law (PDPL) 2018 — one of the first comprehensive data laws in the MENA region.
Rights: access, rectification, erasure, restriction, objection.
Personal Data Protection Authority (PDPA) is the supervisory authority.
Tourism Regulatory Authority (TRA) licenses hotels and OTAs.
VAT of 10% applies in Bahrain.

OmanPDPL 2022

Personal Data Protection Law (Royal Decree No. 6/2022) — effective 2023.
Rights include access, correction, erasure, portability, and objection.
National Centre for Information Technology (NCIT) supervises compliance.
Oman Tourism Development Company (Omran) oversees hotel licensing.
VAT of 5% applies to accommodation.

BRICS+ — Major Emerging Economies

BRICS+ Bloc (expanded 2023)

10+ EconomiesBRICS AI Governance 2023No unified DPLData sovereignty focus

BRICS+ (expanded in 2023 to include Egypt, Ethiopia, Iran, Saudi Arabia, UAE, and Argentina) has no binding data protection instrument. The 2023 Johannesburg Declaration encourages data sovereignty and responsible AI governance. Each member operates under its own national law; cross-border data flows are governed by bilateral agreements. Saudi Arabia and UAE have their own laws and also participate in the GCC framework.

BrazilLGPD 2018

Lei Geral de Proteção de Dados (LGPD) — Law No. 13.709/2018, modelled on GDPR.
Rights: confirmation, access, correction, anonymisation, portability, deletion, information about sharing, revocation of consent.
ANPD (Autoridade Nacional de Proteção de Dados) is the supervisory authority.
EU Commission granted Brazil adequacy recognition in 2024.
Consumer Defense Code (CDC) — Law 8.078/1990 governs booking disputes.
Brazilian operations handled by Booking Brasil Serviços (entity model); myservice applies equivalent protections.

LGPD requires a local DPO (Encarregado). Contact: [email protected].

RussiaFZ-152 · Data Localization

Federal Law No. 152-FZ on Personal Data — last amended 2022.
Data localization: personal data of Russian citizens must be stored on servers located in Russia.
Roskomnadzor (RKN) is the supervisory authority.
Rights: access, correction, erasure, objection, withdrawal of consent.
Note: International sanctions may restrict access to myservice services for some Russian users.

IndiaDPDPA 2023

See South Asia — India above.

ChinaPIPL 2021 · DSL 2021

Personal Information Protection Law (PIPL) — effective November 2021.
Data Security Law (DSL) — effective September 2021.
Rights: access, correction, deletion, portability, explanation of automated decisions.
Cross-border transfers require: security assessment by CAC (for important data), standard contractual clauses (SCCs), or certification by a CAC-approved body.
Ministry of Culture and Tourism licenses hotels; online booking platforms require ICP filing.
Alipay and WeChat Pay are standard payment methods; international cards accepted at most hotels.

China-specific data localization requirements may affect how we store and process your data if you are a China resident.

South AfricaPOPIA 2021

Protection of Personal Information Act (POPIA) — No. 4 of 2013, fully enforceable since July 2021.
Rights: access, correction, deletion, objection, file complaint with Information Regulator.
Information Regulator of South Africa is the supervisory authority.
Consumer Protection Act No. 68 of 2008 governs booking disputes.
South African Tourism (SAT) and GRASA license accommodation.

EgyptDPL 151 of 2020

Personal Data Protection Law No. 151 of 2020 — fully enacted.
Rights: access, correction, erasure, restriction, portability, objection.
Ministry of Communications and Information Technology (MCIT) supervises compliance.
Egyptian Tourism Authority (ETA) licenses accommodation.
VAT of 14% applies; hotel-specific municipality tax also applies.

EthiopiaDraft DPL

No comprehensive data protection law enacted as of 2026; draft legislation in progress.
Computer Crimes Proclamation No. 958/2016 provides limited digital protections.
Ethiopian Tourism Organization (ETO) licenses hotels.

Americas

USMCA · OAS · Mercosur · Andean Community

USMCA Chapter 19OAS Model Privacy LawMercosur Res. 31/2022No Americas-wide DPL

The US–Mexico–Canada Agreement (USMCA) Chapter 19 mandates free cross-border data flows and prohibits data localisation among signatories. The OAS (Organization of American States) has adopted a Model Privacy Law framework. Mercosur Resolution 31/2022 establishes data protection principles for Argentina, Brazil, Paraguay, and Uruguay. No single Americas-wide binding data protection treaty exists.

United StatesCCPA/CPRA · Multi-State

No federal privacy law as of 2026; state laws apply based on your residency.
California: CCPA/CPRA — rights to know, delete, correct, opt-out of sale, and non-discrimination. See Privacy Policy.
Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Texas (TDPSA), Utah (UCPA) — similar rights frameworks.
Federal Trade Commission (FTC) Act — unfair or deceptive practices.
Americans with Disabilities Act (ADA) — accessible booking experience required; contact us for accessibility support.
No federal OTA-specific regulation; consumer protection varies by state.
Disputes: contact us at [email protected]; arbitration clause applies (see Terms of Use §16).

For California residents: "Do Not Sell or Share My Personal Information" — we do not sell personal data. See Privacy Policy §6.

CanadaPIPEDA · Law 25 (QC)

Federal: PIPEDA (Personal Information Protection and Electronic Documents Act) — Bill C-27/CPPA pending as of 2026.
Quebec: Law 25 (Bill 64) — most stringent provincial law; rights: access, correction, portability, withdrawal.
British Columbia & Alberta: PIPA (Personal Information Protection Act).
Office of the Privacy Commissioner of Canada (OPC) is the federal supervisory authority.
Competition Bureau Canada handles booking disputes.
GST/HST applies to accommodation services; rate varies by province.

MexicoLFPDPPP 2010

Federal Law on Protection of Personal Data Held by Private Parties (LFPDPPP) — 2010.
ARCO Rights: Access, Rectification, Cancellation, Opposition.
INAI (Instituto Nacional de Transparencia) is the supervisory authority.
Consumer protection: PROFECO (Federal Consumer Protection Agency) handles complaints.
Hotel Tax: 3% federal lodging tax applies; state taxes vary.

ArgentinaPDPL 25.326

Personal Data Protection Law No. 25.326 — 2000, undergoing reform.
Rights: access, rectification, deletion, confidentiality.
AAIP (Agencia de Acceso a la Información Pública) is the supervisory authority.
Consumer Protection Law No. 24.240 governs booking disputes.

ColombiaLaw 1581 of 2012

Statutory Law 1581 of 2012 on Personal Data Protection.
Rights: access, update, rectify, suppress, revoke authorisation, file complaints.
SIC (Superintendencia de Industria y Comercio) is the supervisory authority.
Consumer Statute Law 1480 of 2011 covers booking disputes.

ChileLaw 19.628 (reform pending)

Law 19.628 on the Protection of Private Life — undergoing major reform as of 2026.
Rights: access, correction, cancellation (ARCO model).
SERNAC (National Consumer Service) handles consumer complaints.

PeruLPDP 29733

Personal Data Protection Law No. 29733 (2011) and its Regulation DS 003-2013-JUS.
Rights: access, rectification, cancellation, opposition (ARCO).
ANPD (Autoridad Nacional de Protección de Datos) is the supervisory authority.
Consumer Protection Code (Law 29571) governs booking disputes.
Tourism services regulated by MINCETUR (Ministry of Foreign Trade and Tourism).

Europe

European Union / European Economic Area (EU/EEA)

27 EU States3 EEA StatesGDPR (2016/679)DSA (2022/2065)EU AI ActPSD2Package Travel Directive

The EU operates the world's most comprehensive data protection regime under GDPR, which applies uniformly across all 27 EU member states. Iceland, Liechtenstein, and Norway participate in the EEA and apply GDPR via the EEA Agreement. The DSA and EU AI Act add platform accountability and AI transparency obligations. Switzerland maintains adequacy recognition under both EU GDPR and UK GDPR via its revised nFADP (2023). All EU/EEA consumers retain mandatory statutory rights regardless of governing-law clauses.

European Union / EEAGDPR · DSA · AI Act

GDPR (Regulation 2016/679) — comprehensive rights: access, rectification, erasure, portability, restriction, objection, no automated decisions. See Privacy Policy §6.
Digital Services Act (DSA, Regulation 2022/2065) — see DSA section.
EU AI Act (2024) — AI systems used in booking must comply with transparency and risk requirements.
EU Consumer Rights Directive 2011/83/EU — right of withdrawal does not apply to accommodation contracts (Art. 16(l)); see Terms §17.
Package Travel Directive 2015/2302/EU — applies if myservice combines travel elements into a package.
PSD2 (Directive 2015/2366) — Strong Customer Authentication (SCA) applies to EU card payments.
Supervisory authority: your local EU/EEA data protection authority (list at edpb.europa.eu).

ODR platform: ec.europa.eu/consumers/odr. ADR available on request.

United KingdomUK GDPR · DPA 2018

UK GDPR and Data Protection Act 2018 — equivalent rights to EU GDPR.
International transfers: UK IDTA (International Data Transfer Agreement) applies.
ICO (Information Commissioner's Office) is the supervisory authority.
Consumer Rights Act 2015 and Consumer Contracts Regulations 2013 govern booking disputes.
Package Travel and Linked Travel Arrangements Regulations 2018 applies to travel packages.
UK ADR schemes available for consumer disputes.

RussiaFZ-152

See BRICS+ — Russia above.

TurkeyKVKK / LPPD 2016

Law on the Protection of Personal Data (KVKK/LPPD) No. 6698 — 2016, modelled on EU GDPR.
Rights: access, correction, deletion, objection, data portability.
KVKK (Personal Data Protection Authority) supervises compliance.
Ministry of Culture and Tourism regulates hotels; booking platforms require registration.

SwitzerlandnFADP 2023

Revised Federal Act on Data Protection (nFADP) — fully in force September 2023.
Rights: access, correction, erasure, portability, objection to automated decisions.
FDPIC (Federal Data Protection and Information Commissioner) supervises compliance.
Switzerland has adequacy recognition under both EU GDPR and UK GDPR.
Swiss Tourism (Schweiz Tourismus) oversees destination marketing; cantonal licensing for accommodation.
Consumer protection via Consumer Information Act and Unfair Competition Act.

Switzerland is not an EU or EEA member but operates under equivalent data protection standards.

Asia-Pacific

ASEAN Framework on Personal Data Protection & APEC Privacy Framework

10 ASEAN MembersASEAN PDPF 2016APEC Privacy FrameworkCBPR SystemRCEP digital chapter

ASEAN adopted the Framework on Personal Data Protection in 2016, providing non-binding principles. The APEC Privacy Framework (revised 2015) and Cross-Border Privacy Rules (CBPR) system offer a voluntary certification mechanism. The Regional Comprehensive Economic Partnership (RCEP) digital trade chapter encourages data flow facilitation. Individual member states have enacted varying levels of national legislation — Singapore, Australia, and Japan have the most mature frameworks.

ChinaPIPL · DSL

See BRICS+ — China above.

JapanAPPI 2022

Act on the Protection of Personal Information (APPI) — amended 2022.
Rights: access, correction, suspension of use.
PPC (Personal Information Protection Commission) is the supervisory authority.
Japan Tourism Agency (JTA) licenses accommodation. Minpaku (short-term rentals) have separate regulation.
Consumption Tax (10%) applies to hotel accommodation.

South KoreaPIPA · Act on Promotion of IT

Personal Information Protection Act (PIPA) — comprehensive framework.
Rights: access, correction, deletion, suspension of processing.
PIPC (Personal Information Protection Commission) supervises compliance.
Cross-border transfers require user consent or standard contracts.
Korea Tourism Organization (KTO) certifies accommodation.

AustraliaPrivacy Act 1988 (amended)

Privacy Act 1988 — Australian Privacy Principles (APPs), significantly amended 2024.
Rights: access, correction, complain to OAIC (Office of the Australian Information Commissioner).
Notifiable Data Breaches (NDB) scheme: we will notify you and OAIC of eligible breaches.
Australian Consumer Law (ACL) — Schedule 2 of the Competition and Consumer Act 2010 — governs booking disputes.
ACCC (Australian Competition and Consumer Commission) handles consumer complaints.
GST of 10% applies to accommodation.

New ZealandPrivacy Act 2020

Privacy Act 2020 — 13 Information Privacy Principles (IPPs).
OPC (Office of the Privacy Commissioner) supervises compliance.
Mandatory breach notification to OPC and affected individuals.
Consumer Guarantees Act 1993 covers service quality expectations.

SingaporePDPA 2012 (amended)

Personal Data Protection Act (PDPA) 2012, amended 2020.
Rights: access, correction, data portability, withdrawal of consent.
PDPC (Personal Data Protection Commission) supervises compliance.
Singapore Tourism Board (STB) licenses hotels.
GST of 9% applies to accommodation.

MalaysiaPDPA 2010

Personal Data Protection Act 2010.
Rights: access, correction, withdrawal of consent, prevent data processing for direct marketing.
PDPD (Personal Data Protection Department) supervises compliance.
Ministry of Tourism, Arts and Culture (MOTAC) licenses hotels.
Service Tax of 6% applies to accommodation.

IndonesiaPDP Law 2022

Personal Data Protection Law (PDP Law) — enacted October 2022, transition period until 2024.
Rights: access, correction, deletion, withdrawal of consent, objection.
Ministry of Communication and Information Technology (Kominfo) supervises.
Ministry of Tourism and Creative Economy licenses accommodation.
VAT of 11% applies to tourism services.

PhilippinesDPA 2012

Data Privacy Act of 2012 (Republic Act 10173).
Rights: information, access, objection, erasure, portability, complaint.
NPC (National Privacy Commission) supervises compliance.
DOT (Department of Tourism) accredits hotels; booking platforms require DOT registration.

ThailandPDPA 2019

Personal Data Protection Act B.E. 2562 (2019) — effective 2022.
Rights: access, correction, erasure, portability, objection, restriction.
Office of the Personal Data Protection Committee (PDPC) supervises.
Tourism Authority of Thailand (TAT) licenses accommodation.
VAT of 7% applies; hotel-specific tax may also apply.

VietnamPDPD Decree 13/2023

Decree 13/2023/ND-CP on Personal Data Protection — effective July 2023.
Rights: know, consent, access, withdraw, delete, restrict processing, object.
Ministry of Public Security supervises compliance.
General Department of Tourism licenses accommodation.
VAT of 10% applies to accommodation.

IndiaDPDPA 2023

See South Asia — India above.

Africa

African Union — Malabo Convention & AU Digital Transformation Strategy

55 AU MembersMalabo Convention (2014)In force 2023AU Digital Strategy 2020–2030~36 national DPLs enacted

The AU Convention on Cyber Security and Personal Data Protection (Malabo Convention, 2014) entered into force in June 2023 after reaching the required 15 ratifications. The AU Digital Transformation Strategy 2020–2030 calls for harmonised data protection laws. As of 2026, approximately 36 of the 55 AU member states have enacted dedicated data protection legislation, making Africa one of the fastest-growing regions for data privacy law adoption.

South AfricaPOPIA 2021

See BRICS+ — South Africa above.

NigeriaNDPA 2023 · NDPR 2019

Nigeria Data Protection Act (NDPA) 2023 — most comprehensive data law in West Africa.
Rights: access, rectification, erasure, portability, objection.
NDPC (Nigeria Data Protection Commission) supervises compliance.
Consumer Protection Council (CPC) handles booking disputes.
Nigeria Tourism Development Corporation (NTDC) regulates accommodation.

KenyaDPA 2019

Data Protection Act No. 24 of 2019.
Rights: access, correction, deletion, objection, portability.
ODPC (Office of the Data Protection Commissioner) supervises.
Tourism Regulatory Authority (TRA-Kenya) licenses hotels.
VAT of 16% applies; Tourism Levy of 2% of hotel revenue also applies.

EgyptDPL 151 of 2020

See BRICS+ — Egypt above.

GhanaDPA 2012

Data Protection Act 2012 (Act 843).
Rights: access, correction, deletion, object to direct marketing.
Data Protection Commission (DPC) supervises.
Ghana Tourism Authority (GTA) regulates hotels.

MoroccoLaw 09-08

Law No. 09-08 on the protection of individuals with regard to the processing of personal data.
CNDP (Commission Nationale de contrôle de la protection des Données à caractère Personnel) supervises.
Ministry of Tourism regulates hotel licensing.

RwandaLaw No. 058 of 2021

Law No. 058 of 2021 Relating to the Protection of Personal Data and Privacy.
Rights: access, correction, deletion, portability, objection.
National Cyber Security Authority (NCSA) supervises compliance.
Rwanda Development Board (RDB) licenses accommodation; Kigali Convention Centre is the flagship hospitality venue.
Rwanda is regarded as one of Africa's strongest data protection frameworks.

TanzaniaPDPA 2022

Personal Data Protection Act 2022 — enacted but implementation regulations pending.
Rights: access, correction, erasure, objection.
Tanzania Communications Regulatory Authority (TCRA) oversees compliance.
Tanzania Tourist Board (TTB) licenses accommodation.

SenegalLaw 2008-12

Law No. 2008-12 on the Protection of Personal Data — one of West Africa's earliest DPLs.
CDP (Commission de Protection des Données Personnelles) is the supervisory authority.
Ministry of Tourism licenses hospitality businesses.

Middle East (Non-GCC)

No unified regional framework

Varied national lawsArab League ICT frameworkNo binding regional DPL

The Arab League's Information and Communications Technology framework is non-binding and does not include a comprehensive data protection instrument. Each country operates its own national regime. Israel has an EU-equivalent adequacy decision; Jordan and Lebanon are in earlier stages of drafting.

JordanPersonal Data Law (Draft)

No comprehensive data protection law enacted as of 2026; draft law under review.
Computer Crimes Law No. 30 of 2010 provides limited digital protections.
Jordan Tourism Board (JTB) regulates accommodation.

LebanonElectronic Commerce Law

No dedicated data protection law; Law 81 of 2018 on Electronic Transactions provides baseline.
Ministry of Tourism licenses hotels.

Governing Law

These Terms and Policies are governed by the laws of the Islamic Republic of Pakistan. For users located in Pakistan, any unresolved disputes will be subject to the jurisdiction of the High Court of Islamabad.

EU/EEA Users: If you are ordinarily resident in the European Union or European Economic Area, the application of Pakistani law does not deprive you of the protection afforded by the mandatory provisions of the consumer protection laws of your country of residence. You retain the right to bring proceedings before the competent courts of your EU/EEA country of residence and to submit complaints to your national data protection supervisory authority.

UK Users: If you are ordinarily resident in the United Kingdom, you retain the right to bring proceedings before UK courts and to the protections available under UK consumer law.

California Residents: You have additional rights under the California Consumer Privacy Act (CCPA/CPRA) as described in our Privacy Policy.

Dispute Resolution

We encourage you to first contact us directly at [email protected] to resolve any dispute informally. We are committed to resolving concerns promptly and fairly. Please provide full details of the issue, your booking reference (if applicable), and the resolution you are seeking. We will respond within 14 business days.

Binding Arbitration

If informal resolution fails, and unless you opt out as described in Section 16 of the Terms of Use, any dispute arising from or related to these Terms or your use of the Platform shall be submitted to binding individual arbitration under the rules of the Pakistan Centre for International Investment and Commercial Arbitration (PCICICA). The seat of arbitration shall be Islamabad, Pakistan, and proceedings shall be conducted in English.

30-Day Arbitration Opt-OutYou may opt out of binding arbitration by sending written notice to [email protected] within 30 days of first accepting these Terms. Include your name, email address, and a clear statement that you are opting out. Disputes not subject to arbitration shall be resolved exclusively in the courts of Islamabad, Pakistan, subject to the EU/EEA and UK carve-outs above.

Class Action Waiver: To the fullest extent permitted by law, you agree that arbitration will be conducted on an individual basis only, and not as a class action, consolidated action, or representative action. This waiver does not apply to EU/EEA consumers to the extent it conflicts with mandatory EU consumer protection law.

EU Alternative Dispute Resolution & ODR

EU/EEA ConsumersIn accordance with EU Directive 2013/11/EU on consumer ADR and EU Regulation 524/2013 on online dispute resolution, EU consumers may refer unresolved disputes to a certified alternative dispute resolution (ADR) entity. The European Commission provides an Online Dispute Resolution (ODR) platform at: ec.europa.eu/consumers/odr

You may also contact us at [email protected] to request information about available ADR entities in your country. The arbitration and class action waiver clauses above do not apply to EU/EEA consumers to the extent they conflict with mandatory EU consumer protection law.

UK Consumers

UK consumers may use the UK's certified ADR schemes or seek redress through UK courts, in addition to the informal resolution process described above. For information on UK ADR schemes applicable to travel services, visit the Civil Aviation Authority website or your relevant trade association.

Customer Care (Preferred)[email protected]

Privacy & Data Rights[email protected]

Legal & Arbitration[email protected]

DSA Contact (EU)[email protected]

Phone+92 (340) 71 09 705

Head Office204 Urban Blvd, Bahria Enclave Islamabad Pakistan

myservice · Legal Documentation

Terms, Privacy & Legal

Everything that governs your use of myservice — your rights as a guest, a service provider, and a data subject across 220+ countries.

Last updated: May 2026

220+Countries

3.3M+Hotels

GDPREU Compliant

CCPACA Compliant

DSAEU DSA Ready

Contents

1. Terms of Use
2. Privacy Policy
3. Cookie Policy
4. Reviews Policy
5. Digital Services Act (EU)
6. Hotel Booking Terms
7. General Services Terms
8. Regional Laws & Your Rights
9. Governing Law & Disputes
10. Contact Us

1. Terms of Use

1. Acceptance of Terms

2. Modification of Terms

3. User Responsibilities

4. Account Registration

5. Prohibited Activities

You agree not to engage in the following prohibited activities:

Sharing personal contact details (phone number, email, social media links) through any channel other than the designated Platform fields.
Using the Platform for any illegal or unauthorized purpose.
Impersonating any person or entity or falsely misrepresenting your affiliation with any person or entity.
Uploading or transmitting content that is unlawful, defamatory, obscene, or otherwise objectionable.
Distributing viruses, malware, or other harmful code.
Attempting to gain unauthorized access to any part of the Platform or its related systems.
Making fraudulent bookings, false cancellation claims, or abuse of refund processes.

6. Intellectual Property

7. Termination

We reserve the right to terminate or suspend your account and access to the Platform at our sole discretion, without notice, for any reason, including but not limited to violations of these Terms.

8. Disclaimers

9. Limitation of Liability

10. Governing Law

11. Contact Information

For any questions or concerns regarding these Terms, please contact us at [email protected]

12. Force Majeure

Neither myservice nor any Hotel shall be liable for failure or delay in performance resulting from causes beyond reasonable control, including but not limited to: acts of God, natural disasters, pandemics, epidemic disease, war, terrorism, government-imposed travel restrictions, strikes, or infrastructure failures. In such events, myservice will facilitate communication between you and the Hotel regarding cancellation, rebooking, or voucher options, subject to the Hotel's own force majeure policy and applicable law.

13. Severability

14. Entire Agreement

15. Waiver

16. Class Action Waiver & Arbitration

17. EU Right of Withdrawal Waiver

2. Privacy Policy

1. Introduction

2. Information We Collect

We may collect the following categories of personal data:

Identity Data: Full name, date of birth, nationality, passport or national ID number (required by certain hotels or local law).
Contact Data: Email address, phone number, billing address.
Booking Data: Check-in/check-out dates, room type, number of guests, special requests, dietary requirements, accessibility needs, travel preferences, and loyalty program numbers where provided.
Payment Data: Credit/debit card details processed by PCI DSS-compliant payment processors. myservice does not store full card numbers.
Usage Data: IP address, browser type, device identifiers, pages visited, session duration, and search queries on the Platform.
Communications Data: Messages sent to customer support, booking correspondence, and chat interactions.
Cookie Data: As described in the Cookie Policy below.

3. How We Use Your Information

We use your personal data for the following purposes, each with a legal basis under GDPR Art. 6 where applicable:

Booking fulfillment (Art. 6(1)(b) — contract performance): To process and manage your hotel reservation, transmit necessary guest details to the Hotel, and communicate confirmation, changes, and cancellations.
Payment processing (Art. 6(1)(b)): To charge you for bookings, process refunds, and detect fraud.
Legal compliance (Art. 6(1)(c)): To comply with tax, anti-money laundering, and other legal obligations. Passport/ID data may be collected where required by local law.
Legitimate interests (Art. 6(1)(f)): For fraud prevention, platform security, service improvement, and anonymised analytics. We balance these interests against your data protection rights.
Consent (Art. 6(1)(a)): For marketing communications, non-essential cookies, and personalised hotel recommendations. You may withdraw consent at any time.

4. Data Sharing and Disclosure

We share your personal data only in the following circumstances:

Hotels and Accommodation Providers: We transmit your booking and guest details to the Hotel necessary to fulfill your reservation.
RateHawk / Emerging Travel Group: Our rate and inventory provider receives booking data to confirm reservations with hotels worldwide.
Payment Processors: PCI DSS-compliant processors (such as Stripe, Adyen, or equivalent) who handle card transactions under data processing agreements.
Analytics Providers: Tools such as Google Analytics under data processing agreements, using anonymised or aggregated data where possible.
Legal / Regulatory Authorities: Where required by law, court order, or to protect the rights and safety of myservice or others.
Business Transfers: In connection with a merger, acquisition, or sale of assets, with appropriate contractual data protection safeguards.

5. Data Security

6. Your Rights

GDPR Rights — EU/EEA UsersUnder the General Data Protection Regulation, you have the right to:

Access (Art. 15): Request a copy of your personal data.
Rectification (Art. 16): Request correction of inaccurate or incomplete data.
Erasure / "Right to be Forgotten" (Art. 17): Request deletion of your data, subject to legal retention obligations.
Restriction (Art. 18): Request that we limit how we process your data.
Portability (Art. 20): Receive your data in a structured, machine-readable format.
Object (Art. 21): Object to processing based on legitimate interests, including direct marketing.
No Automated Decisions (Art. 22): Not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects.
Withdraw Consent: At any time, without affecting prior processing.
Lodge a Complaint: With your local EU/EEA data protection supervisory authority.

Additional Rights — California Residents (CCPA/CPRA)

Right to Know: What personal information we collect, use, and disclose.
Right to Delete: Request deletion of your personal information.
Right to Opt-Out of Sale:We do not sell personal information. If this changes, a "Do Not Sell My Personal Information" link will appear on the Platform.
Right to Non-Discrimination: Exercising privacy rights will not result in denial of service or different pricing.
Right to Correct: Request correction of inaccurate personal information.

To exercise any of these rights, contact: [email protected]

7. International Data Transfers

8. Data Retention

We retain personal data only as long as necessary for the purposes described in this Policy:

Data Type

Retention Period

Booking & transaction records

7 years (tax & legal compliance)

Account data

Until account deletion requested

Marketing consent records

Until opt-out + 3 years

Analytics / cookie data

Up to 13 months

Customer support communications

3 years from resolution

Guest reviews

5 years from submission

9. Children's Privacy

10. No Automated Decision-Making with Legal Effects

11. Data Protection Officer

12. Changes to This Policy

13. Contact Us

For general privacy questions: [email protected]
For data subject rights requests: [email protected]
For general inquiries: [email protected]

3. Cookie Policy

1. Introduction

We only place non-essential cookies with your prior consent, which you can manage at any time via your browser settings or the Cookie Preferences link in the Platform footer.

2. What Are Cookies?

3. Types of Cookies We Use

Essential Cookies — Required for the Platform to function (e.g., session authentication, booking cart, security tokens). These cannot be disabled. No consent required under the ePrivacy Directive. Duration: session or up to 1 year.
Performance Cookies — Collect anonymised information about how visitors use the Platform (page views, error rates, load times) to help us improve. We use tools such as Google Analytics. Consent required. Duration: up to 13 months.
Functional Cookies — Allow the Platform to remember your preferences such as language, currency, last search, and previously viewed hotels to provide a more personalised experience. Consent required. Duration: up to 12 months.
Targeting / Advertising Cookies — Used to deliver relevant hotel offers and advertisements based on your browsing interests, and to measure campaign effectiveness. These may be set by third-party advertising partners. Consent required. Duration: up to 13 months.

4. Cookie Duration Summary

Cookie Type

Max Lifespan

Essential

Session – 12 months

Performance

13 months

Functional

12 months

Targeting / Advertising

13 months

We do not set cookies with a lifespan exceeding 5 years.

5. How to Manage Cookies

You can control and manage cookies in several ways:

Browser settings:Most browsers allow you to view, block, or delete cookies. Consult your browser's help documentation (Chrome, Firefox, Safari, Edge) for instructions.
Cookie Preference Centre:You can update your consent for non-essential cookies at any time by clicking "Cookie Preferences" in the footer of any page.
Google Analytics Opt-Out: Install the Google Analytics Opt-out Browser Add-on at tools.google.com/dlpage/gaoptout.

Please note: blocking essential cookies will impair the Platform's functionality, including the ability to complete bookings.

6. Changes to This Policy

We may update this Cookie Policy from time to time. Any changes will be posted on the Platform with a revised "Last Updated" date.

7. Contact Us

If you have any questions about our use of cookies, please contact us at [email protected].

4. Reviews Policy

1. Verified Bookings Only

Verified Bookings OnlyReviews on myservice may only be submitted by guests who have completed a stay booked through the Platform. This ensures all reviews reflect genuine experiences.

Review invitations are sent automatically after checkout. Reviews submitted outside this window or from unverified accounts will not be published.

2. Review Standards

By submitting a review, you agree that your content:

Reflects your honest, first-hand experience of the stay.
Is not fake, incentivised, sponsored, or submitted in exchange for any benefit from the Hotel or any third party.
Does not contain defamatory, harassing, discriminatory, obscene, or unlawful content.
Does not include personal information about Hotel staff or other guests.
Is relevant to the accommodation experience (not unrelated complaints about travel or personal circumstances).

3. Moderation

4. Hotel Right to Respond

5. Liability for Review Content

6. Review Data Retention

5. Digital Services Act (EU)

Digital Services Act ComplianceEU Only

1. Illegal Content Reporting

DSA Contact PointEmail: [email protected]
We will acknowledge your report promptly and take appropriate action in accordance with the DSA.

2. Recommendation System Transparency

3. Complaints Mechanism

EU users may submit complaints about our content moderation decisions (including review removals, listing suspensions, or account actions) by contacting [email protected]. We commit to:

Acknowledging complaints within 5 business days.
Providing a substantive response or resolution within 6 weeks of receipt.
Offering escalation to an out-of-court dispute settlement body where required by the DSA.

4. Transparency Reporting

5. AI & Chatbot Disclosure

General Terms Across All Services

1. Dispute Resolution

Procedures for handling disputes and complaints. Contact information for customer service will be provided.

2. Liability and Insurance

General liability coverage details and professional indemnity insurance information will be provided, by the service provider himself.

3. Privacy Policy

Details on how personal data is collected, used, and protected. Compliance with relevant data protection laws will be ensured.

4. Terms of Use

Guidelines for using the web app, including user responsibilities and acceptable use policies.

5. Amendments

Procedures for updating terms of service and notification processes for changes will be provided.

6. Governing Law

Jurisdiction and applicable laws for any disputes.

Hotel Booking Terms

1. Platform Role & Intermediary Disclaimer

2. Booking & Cancellation Policy

The cancellation policy applicable to your booking is displayed on the hotel listing page and in your booking confirmation email. There are three policy types:

Fully Flexible

Free cancellation up to the deadline shown at booking. Refunds processed within 5–10 business days to your original payment method.

Partially Refundable

A cancellation fee applies after a specified date. The fee amount and deadline are shown before you confirm. The refundable portion is returned within 5–10 business days.

Non-Refundable

No refund is available on cancellation or no-show. The full booking amount is charged at the time of reservation.

3. No-Show Policy

4. Check-In & Check-Out

Standard check-in and check-out times are set by each Hotel and displayed on the hotel listing. As a general guide:

Standard check-in: 2:00 PM (14:00) local hotel time
Standard check-out: 12:00 PM (noon) local hotel time

5. Overbooking Policy

6. Pricing & Fees

7. Guest Conduct & House Rules

8. Visa, Travel Documents & Entry Requirements

9. Accessible Accommodation

10. Hotel Star Ratings & Images

11. Force Majeure

Neither myservice nor the Hotel shall be liable for inability to perform obligations due to events beyond reasonable control, including but not limited to: natural disasters, pandemics, acts of terrorism or war, government-imposed travel restrictions, or infrastructure failures. In such circumstances, myservice will work with Hotels to offer rebooking, vouchers, or refunds where permitted by applicable law and the Hotel's own force majeure policy.
Guests are strongly advised to purchase comprehensive travel insurance covering trip cancellation, medical emergencies, and travel disruption before booking.

12. Property Delisting & Bed Bank Conflicts

Your property is listed without your knowledge or authorisation via a bed bank or wholesaler.
Rates displayed do not reflect your contracted or published rates (rate parity breach).
Property name, description, images, or amenities are inaccurate or outdated.
Your property has permanently closed, changed ownership, or rebranded.
You have terminated your agreement with the upstream distributor (e.g. RateHawk) and require removal from downstream OTAs.

How to submit a request:

Email [email protected] with the subject line "Property Delisting Request" or "Bed Bank Conflict".
Include: property name, full address, your role and contact details, a description of the issue, and any supporting documentation (e.g. rate sheets, distributor correspondence, ownership proof).

Processing timeline:

We will acknowledge your request within 5 business days.
Verified delisting requests are actioned within 14 business days of confirmation.
Rate or content corrections sourced from RateHawk are escalated directly to Emerging Travel Group; resolution timelines depend on the upstream distributor and may take up to 30 days.

If your property appears via RateHawk or another bed bank, myservice is not the original source of the listing. The most effective route for permanent removal is to first terminate the listing at the distributor level — myservice will follow suit once the upstream feed is updated. Contact us if you need guidance on which distributor to approach.

Terms for Travel Agency / TCM Services

1. Service Description

Our platform supports travel planning and management services including flight bookings, hotel reservations, tour packages, and custom itineraries designed for leisure and business travel.

2. Professional Responsibilities

The travel agency must:

Client-Centric Approach: Prioritize individual travel needs with personalized itinerary planning.
Transparent Communication: Clearly convey all travel details including schedules, pricing, and changes.
Vendor Coordination: Collaborate efficiently with airlines, hotels, and local tour operators to secure the best services.
Timely Updates: Keep clients informed about any changes or updates to their travel plans.
Ethical Standards: Uphold high ethical and professional standards in all client interactions.

3. Payment Terms

Payment details include:

Payment Options: Credit/debit cards, bank transfers, and secure online payment gateways.
Commission Structure: Clearly defined commissions and service fees should be outlined.
Refund & Cancellation: Specify conditions for refunds or itinerary changes, including timelines and fees.

4. Additional Terms

Data Security: Protect all customer data using robust security measures.
Dispute Resolution: Implement clear procedures for handling service disputes or issues.
Service Updates: Communicate any changes in service offerings or policies in a timely manner.

Terms for Car Rental & Mobility Management Services

1. Service Description

2. Professional Responsibilities

The car rental service provider must:

Vehicle Maintenance: Ensure all vehicles are well-maintained, regularly serviced, and meet safety standards.
Accurate Information: Provide clear details about vehicle models, features, and rental terms.
Customer Support: Offer prompt assistance for reservations, issues, or emergencies.
Regulatory Compliance: Abide by all local traffic, licensing, and rental regulations.
Professional Service: Maintain a courteous and efficient rental process from booking to return.

3. Payment Terms

Payment arrangements include:

Accepted Payment Methods: Credit/debit cards, online banking, and corporate invoicing.
Deposit Requirements: A refundable deposit may be required depending on the vehicle category and rental duration.
Cancellation & Refund: Clearly state terms for cancellation fees, refund timelines, and penalties for early return.

4. Additional Terms

Insurance & Liability: Include mandatory insurance coverage and define liability for damages.
Data Protection: Ensure secure handling of personal and payment data.
Fleet Management: Regularly update vehicle availability and ensure quality control across the fleet.

Terms for Corporate Traveler Services

1. Service Description

2. Professional Responsibilities

The service provider must:

Corporate Focus: Cater to the unique needs of business travelers, ensuring efficient and timely travel arrangements.
Accurate Itineraries: Provide detailed and accurate travel itineraries covering flights, accommodations, and ground transport.
Expense Management: Assist in tracking and managing travel expenses and reimbursements.
Confidentiality: Safeguard all corporate and traveler data with strict confidentiality protocols.
Responsive Support: Offer dedicated customer support to address any travel-related issues promptly.

3. Payment Terms

Payment arrangements include:

Corporate Billing: Tailored invoicing and billing options designed for corporate accounts.
Accepted Methods: Credit/debit cards, bank transfers, or direct corporate billing.
Refund & Adjustments: Clearly defined policies for handling cancellations, itinerary changes, or expense adjustments.

4. Additional Terms

Data Security: Implement robust security measures to protect sensitive corporate data.
Compliance: Adhere to corporate travel policies and industry best practices.
Continuous Improvement: Regularly collect and act on feedback to enhance service quality.

8. Regional Laws & Your Rights

South Asia

SAARC — South Asian Association for Regional Cooperation

8 Member StatesNo unified DPLSAFTABilateral consumer agreements

PakistanPECA 2016 · NTP

Primary jurisdiction: High Court of Islamabad governs disputes.
Prevention of Electronic Crimes Act 2016 covers digital offences on the Platform.
No comprehensive data protection law enacted yet; draft Personal Data Protection Bill applies in spirit.
Consumer rights governed by Competition Commission of Pakistan (CCP) and provincial consumer courts.
Payments regulated by State Bank of Pakistan (SBP) electronic money regulations.

myservice is registered in Pakistan. Pakistani law is the default governing law for all users unless a carve-out applies.

IndiaDPDPA 2023

Digital Personal Data Protection Act 2023 (DPDPA) — enforceable from 2025.
Right to access, correct, erase, and nominate a representative for your data.
Data Fiduciary obligations: purpose limitation, storage limitation, security safeguards.
Cross-border transfers permitted to countries on the approved "white list" issued by the Central Government.
Consumer Protection Act 2019 governs booking disputes; National Consumer Disputes Redressal Commission (NCDRC) has jurisdiction.
RBI guidelines on payment aggregators apply to all India-facing transactions.
Tourism regulation varies by state; hotel licensing governed by Ministry of Tourism.

Grievance officer contact: [email protected] (India queries). Response within 24 hours as required by DPDPA.

BangladeshDigital Security Act 2018

Digital Security Act 2018 — primarily governs cybercrime; limited personal data protection provisions.
Personal Data Protection Act (draft, 2022) — not yet enacted as of 2026.
Bangladesh Telecommunication Regulatory Commission (BTRC) oversees digital services.
Bangladesh Tourism Board (BTB) licenses accommodation.
No dedicated data protection supervisory authority established yet.

Sri LankaPDPA No. 9 of 2022

Personal Data Protection Act No. 9 of 2022 — enacted August 2022, phased enforcement.
Rights: access, correction, erasure, portability, objection to automated decisions.
Personal Data Protection Authority established as supervisory body.
Sri Lanka Tourism Development Authority (SLTDA) licenses accommodation.
Consumer Affairs Authority (CAA) handles booking disputes.

NepalIndividual Privacy Act 2018

Individual Privacy Act 2018 — basic constitutional right to privacy; no comprehensive data protection law.
Draft data protection legislation under review as of 2026.
Nepal Tourism Board (NTB) licenses accommodation.
Consumer Protection Act 2018 covers service disputes.

GCC — Gulf Cooperation Council

Gulf Cooperation Council

6 Member StatesGCC PDPF 2021Customs UnionCommon MarketUnified Tourism Standards

United Arab EmiratesPDPL 2021 · DIFC · ADGM

UAE Federal Decree-Law No. 45 of 2021 (PDPL) — fully applicable.
Rights: access, correction, erasure, withdrawal of consent, data portability.
Separate frameworks apply in free zones: DIFC Data Protection Law 2020 and ADGM Data Protection Regulations 2021.
DTCM (Dubai) and DCT (Abu Dhabi) license all hotel properties listed on the Platform.
VAT of 5% applies to hotel accommodation; Tourism Dirham levy is Hotel-specific.
Disputes: UAE Consumer Protection Law No. 15 of 2020; complaints to UAE Consumer Protection Authority.

UAE hotel bookings may require passport scan at check-in by federal law.

Saudi ArabiaSaudi PDPL 2021

Personal Data Protection Law (PDPL), Royal Decree No. M/19 — effective September 2023.
Rights: access, correction, erasure (right to be forgotten), data portability, objection to automated processing.
Cross-border transfers permitted only to countries with equivalent protection or with SAMA/NDMO approval.
Saudi Commission for Tourism and National Heritage (SCTH) licenses all hotels.
VAT of 15% applies to hotel accommodation.
Tourism tax: Municipal Fee 5% of room rate applies in most cities.

Alcohol is prohibited in Saudi Arabia. Hotel listings may reflect Sharia-compliant amenities.

QatarLaw No. 13 of 2016

Personal Data Privacy Protection Law No. 13 of 2016.
Rights: access, correction, erasure. Controller must appoint a data protection officer.
Ministry of Commerce and Industry supervises data protection compliance.
Tourism Council of Qatar licenses hotels; online booking platforms require registration.
VAT is not currently levied in Qatar (as of 2026).

KuwaitCybercrime Law 2015

No comprehensive data protection law; fragmented protection under Cybercrime Law No. 63 of 2015 and Commercial Law.
Ministry of Commerce and Industry oversees consumer protection.
Kuwait Tourism Authority (KTA) regulates hotel operations.
No VAT currently in Kuwait (as of 2026).

BahrainPDPL 2018

Personal Data Protection Law (PDPL) 2018 — one of the first comprehensive data laws in the MENA region.
Rights: access, rectification, erasure, restriction, objection.
Personal Data Protection Authority (PDPA) is the supervisory authority.
Tourism Regulatory Authority (TRA) licenses hotels and OTAs.
VAT of 10% applies in Bahrain.

OmanPDPL 2022

Personal Data Protection Law (Royal Decree No. 6/2022) — effective 2023.
Rights include access, correction, erasure, portability, and objection.
National Centre for Information Technology (NCIT) supervises compliance.
Oman Tourism Development Company (Omran) oversees hotel licensing.
VAT of 5% applies to accommodation.

BRICS+ — Major Emerging Economies

BRICS+ Bloc (expanded 2023)

10+ EconomiesBRICS AI Governance 2023No unified DPLData sovereignty focus

BrazilLGPD 2018

Lei Geral de Proteção de Dados (LGPD) — Law No. 13.709/2018, modelled on GDPR.
Rights: confirmation, access, correction, anonymisation, portability, deletion, information about sharing, revocation of consent.
ANPD (Autoridade Nacional de Proteção de Dados) is the supervisory authority.
EU Commission granted Brazil adequacy recognition in 2024.
Consumer Defense Code (CDC) — Law 8.078/1990 governs booking disputes.
Brazilian operations handled by Booking Brasil Serviços (entity model); myservice applies equivalent protections.

LGPD requires a local DPO (Encarregado). Contact: [email protected].

RussiaFZ-152 · Data Localization

Federal Law No. 152-FZ on Personal Data — last amended 2022.
Data localization: personal data of Russian citizens must be stored on servers located in Russia.
Roskomnadzor (RKN) is the supervisory authority.
Rights: access, correction, erasure, objection, withdrawal of consent.
Note: International sanctions may restrict access to myservice services for some Russian users.

IndiaDPDPA 2023

See South Asia — India above.

ChinaPIPL 2021 · DSL 2021

Personal Information Protection Law (PIPL) — effective November 2021.
Data Security Law (DSL) — effective September 2021.
Rights: access, correction, deletion, portability, explanation of automated decisions.
Cross-border transfers require: security assessment by CAC (for important data), standard contractual clauses (SCCs), or certification by a CAC-approved body.
Ministry of Culture and Tourism licenses hotels; online booking platforms require ICP filing.
Alipay and WeChat Pay are standard payment methods; international cards accepted at most hotels.

China-specific data localization requirements may affect how we store and process your data if you are a China resident.

South AfricaPOPIA 2021

Protection of Personal Information Act (POPIA) — No. 4 of 2013, fully enforceable since July 2021.
Rights: access, correction, deletion, objection, file complaint with Information Regulator.
Information Regulator of South Africa is the supervisory authority.
Consumer Protection Act No. 68 of 2008 governs booking disputes.
South African Tourism (SAT) and GRASA license accommodation.

EgyptDPL 151 of 2020

Personal Data Protection Law No. 151 of 2020 — fully enacted.
Rights: access, correction, erasure, restriction, portability, objection.
Ministry of Communications and Information Technology (MCIT) supervises compliance.
Egyptian Tourism Authority (ETA) licenses accommodation.
VAT of 14% applies; hotel-specific municipality tax also applies.

EthiopiaDraft DPL

No comprehensive data protection law enacted as of 2026; draft legislation in progress.
Computer Crimes Proclamation No. 958/2016 provides limited digital protections.
Ethiopian Tourism Organization (ETO) licenses hotels.

Americas

USMCA · OAS · Mercosur · Andean Community

USMCA Chapter 19OAS Model Privacy LawMercosur Res. 31/2022No Americas-wide DPL

United StatesCCPA/CPRA · Multi-State

No federal privacy law as of 2026; state laws apply based on your residency.
California: CCPA/CPRA — rights to know, delete, correct, opt-out of sale, and non-discrimination. See Privacy Policy.
Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Texas (TDPSA), Utah (UCPA) — similar rights frameworks.
Federal Trade Commission (FTC) Act — unfair or deceptive practices.
Americans with Disabilities Act (ADA) — accessible booking experience required; contact us for accessibility support.
No federal OTA-specific regulation; consumer protection varies by state.
Disputes: contact us at [email protected]; arbitration clause applies (see Terms of Use §16).

For California residents: "Do Not Sell or Share My Personal Information" — we do not sell personal data. See Privacy Policy §6.

CanadaPIPEDA · Law 25 (QC)

Federal: PIPEDA (Personal Information Protection and Electronic Documents Act) — Bill C-27/CPPA pending as of 2026.
Quebec: Law 25 (Bill 64) — most stringent provincial law; rights: access, correction, portability, withdrawal.
British Columbia & Alberta: PIPA (Personal Information Protection Act).
Office of the Privacy Commissioner of Canada (OPC) is the federal supervisory authority.
Competition Bureau Canada handles booking disputes.
GST/HST applies to accommodation services; rate varies by province.

MexicoLFPDPPP 2010

Federal Law on Protection of Personal Data Held by Private Parties (LFPDPPP) — 2010.
ARCO Rights: Access, Rectification, Cancellation, Opposition.
INAI (Instituto Nacional de Transparencia) is the supervisory authority.
Consumer protection: PROFECO (Federal Consumer Protection Agency) handles complaints.
Hotel Tax: 3% federal lodging tax applies; state taxes vary.

ArgentinaPDPL 25.326

Personal Data Protection Law No. 25.326 — 2000, undergoing reform.
Rights: access, rectification, deletion, confidentiality.
AAIP (Agencia de Acceso a la Información Pública) is the supervisory authority.
Consumer Protection Law No. 24.240 governs booking disputes.

ColombiaLaw 1581 of 2012

Statutory Law 1581 of 2012 on Personal Data Protection.
Rights: access, update, rectify, suppress, revoke authorisation, file complaints.
SIC (Superintendencia de Industria y Comercio) is the supervisory authority.
Consumer Statute Law 1480 of 2011 covers booking disputes.

ChileLaw 19.628 (reform pending)

Law 19.628 on the Protection of Private Life — undergoing major reform as of 2026.
Rights: access, correction, cancellation (ARCO model).
SERNAC (National Consumer Service) handles consumer complaints.

PeruLPDP 29733

Personal Data Protection Law No. 29733 (2011) and its Regulation DS 003-2013-JUS.
Rights: access, rectification, cancellation, opposition (ARCO).
ANPD (Autoridad Nacional de Protección de Datos) is the supervisory authority.
Consumer Protection Code (Law 29571) governs booking disputes.
Tourism services regulated by MINCETUR (Ministry of Foreign Trade and Tourism).

Europe

European Union / European Economic Area (EU/EEA)

27 EU States3 EEA StatesGDPR (2016/679)DSA (2022/2065)EU AI ActPSD2Package Travel Directive

European Union / EEAGDPR · DSA · AI Act

GDPR (Regulation 2016/679) — comprehensive rights: access, rectification, erasure, portability, restriction, objection, no automated decisions. See Privacy Policy §6.
Digital Services Act (DSA, Regulation 2022/2065) — see DSA section.
EU AI Act (2024) — AI systems used in booking must comply with transparency and risk requirements.
EU Consumer Rights Directive 2011/83/EU — right of withdrawal does not apply to accommodation contracts (Art. 16(l)); see Terms §17.
Package Travel Directive 2015/2302/EU — applies if myservice combines travel elements into a package.
PSD2 (Directive 2015/2366) — Strong Customer Authentication (SCA) applies to EU card payments.
Supervisory authority: your local EU/EEA data protection authority (list at edpb.europa.eu).

ODR platform: ec.europa.eu/consumers/odr. ADR available on request.

United KingdomUK GDPR · DPA 2018

UK GDPR and Data Protection Act 2018 — equivalent rights to EU GDPR.
International transfers: UK IDTA (International Data Transfer Agreement) applies.
ICO (Information Commissioner's Office) is the supervisory authority.
Consumer Rights Act 2015 and Consumer Contracts Regulations 2013 govern booking disputes.
Package Travel and Linked Travel Arrangements Regulations 2018 applies to travel packages.
UK ADR schemes available for consumer disputes.

RussiaFZ-152

See BRICS+ — Russia above.

TurkeyKVKK / LPPD 2016

Law on the Protection of Personal Data (KVKK/LPPD) No. 6698 — 2016, modelled on EU GDPR.
Rights: access, correction, deletion, objection, data portability.
KVKK (Personal Data Protection Authority) supervises compliance.
Ministry of Culture and Tourism regulates hotels; booking platforms require registration.

SwitzerlandnFADP 2023

Revised Federal Act on Data Protection (nFADP) — fully in force September 2023.
Rights: access, correction, erasure, portability, objection to automated decisions.
FDPIC (Federal Data Protection and Information Commissioner) supervises compliance.
Switzerland has adequacy recognition under both EU GDPR and UK GDPR.
Swiss Tourism (Schweiz Tourismus) oversees destination marketing; cantonal licensing for accommodation.
Consumer protection via Consumer Information Act and Unfair Competition Act.

Switzerland is not an EU or EEA member but operates under equivalent data protection standards.

Asia-Pacific

ASEAN Framework on Personal Data Protection & APEC Privacy Framework

10 ASEAN MembersASEAN PDPF 2016APEC Privacy FrameworkCBPR SystemRCEP digital chapter

ChinaPIPL · DSL

See BRICS+ — China above.

JapanAPPI 2022

Act on the Protection of Personal Information (APPI) — amended 2022.
Rights: access, correction, suspension of use.
PPC (Personal Information Protection Commission) is the supervisory authority.
Japan Tourism Agency (JTA) licenses accommodation. Minpaku (short-term rentals) have separate regulation.
Consumption Tax (10%) applies to hotel accommodation.

South KoreaPIPA · Act on Promotion of IT

Personal Information Protection Act (PIPA) — comprehensive framework.
Rights: access, correction, deletion, suspension of processing.
PIPC (Personal Information Protection Commission) supervises compliance.
Cross-border transfers require user consent or standard contracts.
Korea Tourism Organization (KTO) certifies accommodation.

AustraliaPrivacy Act 1988 (amended)

Privacy Act 1988 — Australian Privacy Principles (APPs), significantly amended 2024.
Rights: access, correction, complain to OAIC (Office of the Australian Information Commissioner).
Notifiable Data Breaches (NDB) scheme: we will notify you and OAIC of eligible breaches.
Australian Consumer Law (ACL) — Schedule 2 of the Competition and Consumer Act 2010 — governs booking disputes.
ACCC (Australian Competition and Consumer Commission) handles consumer complaints.
GST of 10% applies to accommodation.

New ZealandPrivacy Act 2020

Privacy Act 2020 — 13 Information Privacy Principles (IPPs).
OPC (Office of the Privacy Commissioner) supervises compliance.
Mandatory breach notification to OPC and affected individuals.
Consumer Guarantees Act 1993 covers service quality expectations.

SingaporePDPA 2012 (amended)

Personal Data Protection Act (PDPA) 2012, amended 2020.
Rights: access, correction, data portability, withdrawal of consent.
PDPC (Personal Data Protection Commission) supervises compliance.
Singapore Tourism Board (STB) licenses hotels.
GST of 9% applies to accommodation.

MalaysiaPDPA 2010

Personal Data Protection Act 2010.
Rights: access, correction, withdrawal of consent, prevent data processing for direct marketing.
PDPD (Personal Data Protection Department) supervises compliance.
Ministry of Tourism, Arts and Culture (MOTAC) licenses hotels.
Service Tax of 6% applies to accommodation.

IndonesiaPDP Law 2022

Personal Data Protection Law (PDP Law) — enacted October 2022, transition period until 2024.
Rights: access, correction, deletion, withdrawal of consent, objection.
Ministry of Communication and Information Technology (Kominfo) supervises.
Ministry of Tourism and Creative Economy licenses accommodation.
VAT of 11% applies to tourism services.

PhilippinesDPA 2012

Data Privacy Act of 2012 (Republic Act 10173).
Rights: information, access, objection, erasure, portability, complaint.
NPC (National Privacy Commission) supervises compliance.
DOT (Department of Tourism) accredits hotels; booking platforms require DOT registration.

ThailandPDPA 2019

Personal Data Protection Act B.E. 2562 (2019) — effective 2022.
Rights: access, correction, erasure, portability, objection, restriction.
Office of the Personal Data Protection Committee (PDPC) supervises.
Tourism Authority of Thailand (TAT) licenses accommodation.
VAT of 7% applies; hotel-specific tax may also apply.

VietnamPDPD Decree 13/2023

Decree 13/2023/ND-CP on Personal Data Protection — effective July 2023.
Rights: know, consent, access, withdraw, delete, restrict processing, object.
Ministry of Public Security supervises compliance.
General Department of Tourism licenses accommodation.
VAT of 10% applies to accommodation.

IndiaDPDPA 2023

See South Asia — India above.

Africa

African Union — Malabo Convention & AU Digital Transformation Strategy

55 AU MembersMalabo Convention (2014)In force 2023AU Digital Strategy 2020–2030~36 national DPLs enacted

South AfricaPOPIA 2021

See BRICS+ — South Africa above.

NigeriaNDPA 2023 · NDPR 2019

Nigeria Data Protection Act (NDPA) 2023 — most comprehensive data law in West Africa.
Rights: access, rectification, erasure, portability, objection.
NDPC (Nigeria Data Protection Commission) supervises compliance.
Consumer Protection Council (CPC) handles booking disputes.
Nigeria Tourism Development Corporation (NTDC) regulates accommodation.

KenyaDPA 2019

Data Protection Act No. 24 of 2019.
Rights: access, correction, deletion, objection, portability.
ODPC (Office of the Data Protection Commissioner) supervises.
Tourism Regulatory Authority (TRA-Kenya) licenses hotels.
VAT of 16% applies; Tourism Levy of 2% of hotel revenue also applies.

EgyptDPL 151 of 2020

See BRICS+ — Egypt above.

GhanaDPA 2012

Data Protection Act 2012 (Act 843).
Rights: access, correction, deletion, object to direct marketing.
Data Protection Commission (DPC) supervises.
Ghana Tourism Authority (GTA) regulates hotels.

MoroccoLaw 09-08

Law No. 09-08 on the protection of individuals with regard to the processing of personal data.
CNDP (Commission Nationale de contrôle de la protection des Données à caractère Personnel) supervises.
Ministry of Tourism regulates hotel licensing.

RwandaLaw No. 058 of 2021

Law No. 058 of 2021 Relating to the Protection of Personal Data and Privacy.
Rights: access, correction, deletion, portability, objection.
National Cyber Security Authority (NCSA) supervises compliance.
Rwanda Development Board (RDB) licenses accommodation; Kigali Convention Centre is the flagship hospitality venue.
Rwanda is regarded as one of Africa's strongest data protection frameworks.

TanzaniaPDPA 2022

Personal Data Protection Act 2022 — enacted but implementation regulations pending.
Rights: access, correction, erasure, objection.
Tanzania Communications Regulatory Authority (TCRA) oversees compliance.
Tanzania Tourist Board (TTB) licenses accommodation.

SenegalLaw 2008-12

Law No. 2008-12 on the Protection of Personal Data — one of West Africa's earliest DPLs.
CDP (Commission de Protection des Données Personnelles) is the supervisory authority.
Ministry of Tourism licenses hospitality businesses.

Middle East (Non-GCC)

No unified regional framework

Varied national lawsArab League ICT frameworkNo binding regional DPL

JordanPersonal Data Law (Draft)

No comprehensive data protection law enacted as of 2026; draft law under review.
Computer Crimes Law No. 30 of 2010 provides limited digital protections.
Jordan Tourism Board (JTB) regulates accommodation.

LebanonElectronic Commerce Law

No dedicated data protection law; Law 81 of 2018 on Electronic Transactions provides baseline.
Ministry of Tourism licenses hotels.

Governing Law

Dispute Resolution

Binding Arbitration

EU Alternative Dispute Resolution & ODR

UK Consumers

Customer Care (Preferred)[email protected]

Privacy & Data Rights[email protected]

Legal & Arbitration[email protected]

DSA Contact (EU)[email protected]

Phone+92 (340) 71 09 705

Head Office204 Urban Blvd, Bahria Enclave Islamabad Pakistan