Global Privacy Policy

Last updated June 29th, 2020

Vindow, Inc., and its affiliated companies (“Vindow” or “We” or “Us”), respect your privacy and we are committed to protecting Your privacy through our compliance with this policy.

This policy describes our practices in connection with information that we collect through Vindow’s software platforms and applications (collectively our “Applications”) as well as Vindow’s privacy practices in relation to the use of Vindow’s website(s) located at and other Vindow websites, if any, that link to this policy) and external marketing activities.

This Policy also describes Your data protection rights, including a right to object to some of Vindow’s processing of that data. This Policy does not apply to information collected by any third party, including through any third-party application or content (including advertising) that links to or is accessible from our software applications or websites.

This policy applies to the following classification of individuals that interact with Vindow:

Customers are individuals that are employees or associates of Vindow’s direct customers (such as hotel owners/operators/managers, and third party accommodation purchasers) including customer personnel that are assigned a login ID and are authorized to access and use our software applications pursuant to an active Vindow Master Services Agreement, Terms, Statement of Work, and/or pursuant a temporary license as the case may be. Additionally, Customers include individuals who self-register to access our software applications.

Customer Business Contacts are individuals that interact with our Customers through our software applications. These include but are not limited to our Customers’ current and prospective clients, hotel guests or other business contacts.

Individuals and prospective customers who interact with Vindow’s websites to read about Vindow products and services, download a marketing literature/collateral, or sign up for an online demonstration), as well as those who attend Vindow marketing events, and whom we meet at a tradeshow or learn about through a referral from third parties or other external sources.

What types of personally identifiable data do our Customers collect?

The Vindow software applications are flexible and allow our Customers to collect a variety of personal data from and about their Customer Business Contacts, including name, organization, title, postal address, e-mail address, telephone number, fax number, social media account ID, credit or debit card number and other information including but not limited to interests, opinions, activities, age, gender, education and occupation.

Vindow’s use of personal information collected through our software applications shall be limited to the purpose of providing the Service(s) for which our Customers have engaged Vindow, to improve our Services, or as required or otherwise permitted by law. If you do not agree with our policies and practices, you may choose not to use our Applications.

How do Vindow Customers collect personally identifiable data?

1. When Customer Business Contacts voluntarily and explicitly enter personal data into Vindow’s software applications.

2. When our Customers enter Customer Business Contacts into Vindow’s software applications, when permitted, including by having a legitimate business interest or obtaining explicit consent from a Customer Business Contact.

3. Automatically, as Customer Business Contacts interact with Vindow’s software applications, using commonly used information gathering technologies such as cookies.

How do Vindow Customers use personally identifiable data?

If a Customer Business Contact chooses to use Vindow’s software applications to conduct business with a Customer (for example: register for or check into a hotel property, download a mobile application, or send or respond to a Request for Proposal (a “RFP”)), any information provided in connection with that interaction will be transferred to, and under the control of, the Customer.

Vindow Customers will also have access to information (including personal data and Vindow software application usage data) related to how Customer Business Contact interact with the Vindow software applications they use. In such instances, the Customers act as data controllers towards the Customer Business Contact, under the European Economic Area (“EEA”) data protection laws. Therefore, Vindow cannot and does not take responsibility for the privacy practices of Customers. The information practices of our Customers are governed by their respective privacy policies. We encourage Customer Business Contacts to review the Customers’ privacy policies to understand those practices and procedures.

Does Vindow use or sell personal data collected by our Customers?

Vindow does not use personal data of our Customer Business Contacts for any purposes other than to provide services that our Customers have contracted us to provide through our software applications and business services, as noted below, to improve our services, or as required or otherwise permitted by law. Vindow does not sell personal data of our Customer Business Contacts.

How does Vindow collect and process personal data from our Customers and their Customer Business Contacts?

Vindow collects personal data from Vindow’s Customers in order to facilitate communication and delivery of the software applications that our Customers are interested in or contract us to provide. By way of an example, Vindow may collect Customer contact information, whether through the execution of a contract, use of our services, a form on our website, queries submitted to our chat agent, an interaction with our sales or customer support team, or a response to one of our surveys or marketing emails. Vindow may also collect credit card information (e.g., credit card number and expiration date, billing address, etc.) or other customary bank information needed for billing and payment purposes.

Vindow may record Customer telephone calls made to our customer support team for legitimate business interests related to providing customer support, compliance with laws, training, and quality assurance. Vindow retains such recordings until 90 days after the date of recording unless otherwise needed for contract implementation or further employee training.

Vindow and Vindow’s vendors collect Customer usage information about how Vindow Customers interact with Vindow’s software applications and business services. This includes which webpages You visit, what You click on, when/how You perform certain actions, what language preferences You have, what you purchase, among other things.

Vindow processes Customer’s and their Customer Business Contacts’ personal data in the following manners: (i) to disclose to Vindow subsidiaries and affiliates for the purpose of providing Services to Vindow’s Customers and their Customer Business Contacts; (ii) to disclose to contractors, service providers, and other third parties as reasonably necessary or prudent to provide, maintain and support Vindow’s software applications for our Customers and their Customer Business Contacts, such as, for example, payment processors and data center or Web hosting providers; (iii) to deliver the Services that Vindow’s Customer has contracted Vindow to provide through the Vindow software applications such as: (a) when a Vindow Customer submits an RFP to an accommodation provider on the Vindow platform, or to a Customer’s Business Contact as directed by the Customer, Vindow will contact that party and disclose information, which contains personal data, necessary for that Customer to respond to the RFP; (b) when a Customer or Customer Business Contact uses their social media credentials to share information on their social media platform or to log into one of Vindow’s software applications, Vindow will share information with that party’s social media account provider. The information Vindow shares will be governed by the social media site’s privacy policy; and (c) to disclose to Customers, as directed by a Customer or consented to by a Customer Business Contact, such as actively consenting to share information in a Vindow mobile application; (iv) to deliver to a third party in the event of a merger, divestiture, restructuring, recapitalization, reorganization, dissolution or other sale or transfer of some or all of Vindow’s assets, whether as a continuing operating business or as part of a bankruptcy, liquidation or similar proceeding, in which personal data held by Vindow about Vindow’s Customers and Customer Business Contacts is among the assets transferred; (v) for Vindow’s internal business purposes that include administering access and use of Vindow’s software applications, business intelligence, data analysis, securely identifying Customers upon logging onto any Vindow software application, enhancing or modifying Vindow’s software applications, billing for Services, and operating the Vindow business; (vi) when Vindow believes to be necessary or appropriate: (a) under applicable law, including laws outside Your country of residence; (b) to respond to requests from public and government authorities including public and government authorities outside Your country of residence; and (c) to protect against or identify fraudulent transactions; and for other any other purposes when Customer Business Contacts provide explicit consent.

Vindow aggregates and anonymizes information about (i) Customers and Customer Business Contacts, and (ii) uses that information in order to improve Vindow’s software applications and to create benchmarks, indexes, and other business intelligence products and services. None of the aggregated and anonymized information or data contains personally identifiable information.

What is the legal basis for Vindow to process personally identifiable information from the European Economic Area (EEA)?

For individuals that are from the EEA, Vindow’s legal basis for collecting and using that person’s personally identifiable information will be Vindow’s legitimate interest where the processing is in Vindow, or a third party’s, legitimate interests and not overridden by the individual’s data protection interests, or fundamental rights and freedoms. Vindow’s legitimate interests are to provide individuals with access to the Vindow software applications, and features and functionality of the Vindow platform; to send individuals information they have requested; to ensure the security of Vindow’s software applications by trying to prevent unauthorised or malicious activities or conduct; and/or to enforce compliance with Vindow’s Terms of Use, contracts and other policies. In some EEA countries, Vindow is relying on consent as a legal basis for using this information for marketing purposes.

How long does Vindow store personal information collected by Vindow’s Customers?

When Vindow processes personal information for Vindow’s legitimate business interests described herein, unless otherwise provided in Vindow’s contract with Vindow’s Customer, Vindow processes the data until 90 days after the termination of the contract, at which time Vindow removes it from Vindow’s production environment. After a period of 13 months, we remove the data from our backup media.

Vindow’s processes and procedures to access, correct or delete personally identifiable information.

In countries, including countries in the EEA, as well as in some U.S. states, upon their request, Customer Business Contacts have the right to access their personally identifiable information and, if necessary, have it amended, deleted or restricted. Customer Business Contacts can also ask for some types of personal data to be delivered to them, or another organization they nominate, in a structured and machine-readable format for legitimate business purposes.

Where Vindow processes Your personally identifiable information on the basis of Your consent, You have the right to withdraw Your consent. The withdrawal of consent to process personally identifiable information shall not affect the lawfulness of Vindow processing Your personally identifiable information based on consent prior to Your withdrawal of consent. Customer Business Contacts in the EEA also have the right to complain to a supervisory authority, such an employer, for data protection in the country where they live, or where they work.

Vindow processes Customer Business Contacts’ data, including personally identifiable information at the direction of our Customers and has no direct control or ownership of the personally identifiable information or data that Vindow process. Vindow Customers are exclusively responsible for complying with any regulations or laws requiring notice, disclosure or obtaining consent prior to transferring the data to Vindow for any processing purposes. Any Customer Business Contact that seeks to access, correct or delete data, should direct their query to the Customer. If the Customer requests Vindow to remove the personal data of a Customer Business Contact to comply with data protection regulations, Vindow will process this request within the required time under the applicable regulation or law. Furthermore, Vindow will not accommodate a request to change information if Vindow believes the change would violate any law or legal requirement or cause the information to be inaccurate. In such instances, Vindow will inform the Customer about the legal obligations that prevents Vindow from fulfilling the request.

How to access, correct, or delete Your personal information?

Any Customer can access, correct or delete their data, or their Customer Business Contact data by submitting a request on our website at Vindow will process this request within the required time under the applicable regulation or law.

Vindow will maintain an audit history of any requests to access, correct or delete personally identifiable information to maintain a record of compliance with regulatory requirements.

Notice to California residents: California law provides residents of California with specific rights regarding Your personally identifiable information including (i) the right to request that Vindow disclose certain information to You about Vindow’s collection and use of Your personal information over the past 12 months; (ii) the right to request that Vindow deletes any of Your personal information that Vindow has collected from You, subject to certain exceptions; and (iii) the right to opt-out of the sale of Your personal information.

To make such a request, click below to submit a webform, call +1.786.759.1217, or send a letter to:

Vindow Inc.
95 Merrick Way 3rd Floor
Coral Gables, Florida 33134

Pursuant to law, please note that Vindow is only required to respond to two (2) such requests per individual per year. You also have the right not to be discriminated against if You exercise any of Your rights pursuant to California privacy law.

Vindow may have collected the following categories of personally identifiable information of California residents in the past 12 months: (i) personal identifiers such as a name, postal address, Internet Protocol address, email address, or other similar identifiers; (ii) categories of information described in California Civil Code Section 1798.80(e); (iii) characteristics of protected classifications under California or federal law; (iv) commercial information, including records of products or services purchased or considered; (v) Internet or other electronic network activity information; (vi) geolocation data; (vii) audio and visual information, such as customer service calls recordings, photographs, and media; (viii) professional or employment-related information; education information; and any inferences drawn from any of the information identified above.

This information is collected and used for the purposes disclosed in this Privacy Policy. If a Vindow Customer or visitor wishes to have their information excluded from this type of disclosure please contact Vindow via the information provided herein. Vindow may have disclosed any of the above categories of personally identifiable information pursuant to an individual’s consent or under a written contract with a service provider for a business purpose in 12 months immediately preceding the posting of this updated Privacy Policy.

How does Vindow process data from Visitors?

Vindow processes Visitor data separately and distinctly from the way Vindow processes Customer and Customer Business Contact data. By visiting Vindow’s websites, attending Vindow marketing events online, via telephone, on site, at a third party location, or providing Vindow with Your personally identifiable information, Visitors consent to the collection, processing and storage of their personally identifiable information as described herein.

Personal information of Visitors collected by Vindow.

Vindow collects personal information including name, title, postal address, e-mail address, telephone number, social media account identification, company information including financial and billing information when purchasing Vindow Products and Services, survey responses, message board posts, chat messages, contest entries and promotional enquiries. Vindow may collect this Visitor information through a form on our website, queries submitted to our chat agent, an interaction with our sales or customer support team, when registering for an event, or a through a response to one of our surveys or marketing messages, and/or emails. Vindow uses this information to provide You with additional details about Vindow’s services, conduct research, generate business intelligence, provide whitepapers, or to contact You after Your visit.

Vindow also collects personal data from various third party sources, such as public databases, joint marketing partners, and social media platforms. If a Visitor elects to connect their social media account to their account for Vindow’s websites, certain personally identifiable data from the social media account will be shared with Vindow, which may include personally identifiable data that is part of the Visitor’s profile or their friends’ profiles. This may include but shall not be limited to: (i) name; (iI) personal or work email; (iv) Company or other organization; (v) telephone and/or fax number; (vi) city of residence; and postal zip code.

If You believe that someone else has provided us with Your personally identifiable information and You would like to request Vindow to remove it from our database, please submit a request as stated herein. Additionally, Vindow and our analytics service providers collect personal data from cookies and similar technologies to collect information about the pages Visitors view, links Visitors click on, Visitors’ web browser information, Visitors’ IP address and other actions Visitors may take when accessing Vindow’s websites.

Vindow’s use of Visitor’s personal information

Vindow processes Visitor personal data to: (i) determine how our websites are accessed; (ii) personalize Your browsing experience and present products, features, and functionality that may be more relevant and applicable to You; (iii) investigate and identify website technical problems; (iv) discover, investigate and remediate fraudulent or illegal activity; (v) communicate notices related to product, service, or policy changes; (vi) respond to product and service inquiries; (vii) send information regarding product announcements, newsletters, whitepapers, other relevant offers, and upcoming promotions or events; (viii) plan and host corporate events, host online forums and social networks in which Visitors may participate; (ix) analyze and/or identify new prospective users; (x) create tailored advertising, sales and promotional programs; and (xi) invoice customers for Vindow’s Services and assess the financial capability of prospective customers to afford Vindow’s Products and Services. solutions.

Where Vindow processes Visitor personally identifiable data for marketing purposes or with Visitor consent, we process the data until the Visitor asks us to refrain from doing so. In general it takes Vindow up to thirty 30 days to implement such a request, but in no event longer than required by applicable law. Vindow will not retain Visitor personal data longer than the statutory retention period permitted in the local jurisdictions where Vindow Services are marketed and provided. Vindow also retains a record of when Visitors have asked Vindow not to send direct marketing or to process Visitor data indefinitely so that we can respect the Visitor’s request in the future.

Vindow may also engage with business partners to jointly offer Products, Services or other programs and we may share personal data if You purchase or show interest in any jointly-offered products or services.

Does Vindow process information of children under the age of 16?

None of Vindow’s Products and Services are directed to children under 16 years of age. Vindow does not directly solicit or knowingly collect personally identifiable data from children under 16. If Vindow discovers that Vindow have unintentionally collected personally identifiable information from children under the age of 16, Vindow will delete as soon as practicable.

Where does Vindow transfer the data it processes?

EU-U.S. and Swiss-U.S. Privacy Shield

Vindow Inc., have certified that they adhere to the EU-U.S. and Swiss-U.S. Privacy Shield Principles. Vindow is committed to subjecting all personal data received from European Union (EU) member countries, the United Kingdom (UK), and Switzerland, in reliance on the Privacy Shield Frameworks to the Framework’s applicable Principles.

Vindow is responsible for the processing of personally identifiable data Vindow receives, under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. Vindow complies with the Privacy Shield Principles for all onward transfers of personally identifiable data from the EU, UK, and Switzerland, including the onward transfer liability provisions.

With respect to personally identifiable data received or transferred pursuant to the Privacy Shield Framework, Vindow is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain circumstances, Vindow may be required to disclose personally identifiable data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact us as stated herein.

Personally identifiable data may be accessed by Vindow personnel providing services in any country where Vindow may have facilities or in which we engage IT service providers. This means that Vindow will transfer personal data outside the European Economic Area or US. In these circumstances, Vindow uses standard contract clauses approved by the European Commission to protect personally identifiable information data.

How does Vindow secure the data it processes?

Vindow uses a variety of organizational, technical, and administrative measures and controls to protect data within Vindow’s organization. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If You have reason to believe that Your interaction with Vindow is no longer secure, please contact Vindow immediately.

For details about any privacy questions related to Vindow’s Privacy Policy, please contact the Chief Technology Officer at

Vindow Inc.
95 Merrick Park 3rd Floor
Coral Gables, Florida 33134

Vindow shall update this Privacy Policy to reflect changes to Vindow’s information practices. If Vindow makes any material changes Vindow will notify You by means of a notice on this website thirty (30) days prior to the changes becoming effective, or by email which will be sent to the e-mail address specified in your account seven (7) days prior to the changes becoming effective. Any changes to the Privacy Policy are effective immediately upon publication for new Visitors, Customers and Customer Business Contacts. Vindow encourages You to periodically review this page for the latest information regarding Vindow’s privacy practices.

Vindow is an innovative sourcing platform that utilizes artificial intelligence to simplify the complex procurement processes.