Privacy Notice for California Residents

Effective Date: December 15, 2022

This Privacy Notice for California Residents supplements the information contained in Travelzoo’s Privacy Policy (available at: and applies solely to all visitors, users, and others who reside in the State of California (”consumers” or “you”). We adopt this notice to comply with the California Privacy Rights Act of 2020 (CPRA), which will supersede the California Consumer Privacy Act of 2018 (CCPA), and any terms defined in the CPRA have the same meaning when used in this notice.

Information We Collect

Our website collects information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“personal information”). In particular, when you use any of Travelzoo’s products and services, including our websites, email newsletters and mobile application (the “Services”), Travelzoo collects the following categories of personal information (including within the last twelve (12) months):




A. Identifiers.

A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.


B. Categories of personal information listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).

A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.

Some personal information included in this category may overlap with other categories.


C. Characteristics of protected classifications under California or federal law.

Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).


D. Commercial information.

Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.


E. Biometric information.

Genetic, physiological, biological, or behavioral characteristics, including an individual’s deoxyribonucleic acid (DNA), that can be used, singly or in combination with each other or with other identifying data, to establish individual identity. Biometric information includes, but is not limited to, imagery of the iris, retina, fingerprint, face, hand, palm, vein patterns, and voice recordings, from which an identifier template, such as a faceprint, a minutiae template, or a voiceprint, can be extracted, and keystroke patterns or rhythms, gait patterns or rhythms, and sleep, health, or exercise data that contain identifying information.


F. Internet or other similar network activity.

Browsing history, search history, and information regarding a consumer’s interaction with an internet website, application, or advertisement.


G. Geolocation data.

Physical location or movements.


H. Sensory data.

Audio, electronic, visual, thermal, olfactory, or similar information.


I. Professional or employment-related information.

Current or past job history or performance evaluations.


J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).

Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.


K. Inferences drawn from other personal information.

Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.


L. Sensitive personal information

Government-issued identifying numbers, e.g. drivers license, passport, or social security number; financial account details that allow access to an account, such as a credit card number and access code; genetic data; precise geolocation; race or ethnicity; religious or philosophical beliefs; union membership; the contents of a user's mail, email, or text messages (unless your business is the intended recipient); biometric data, when collected for the unique identification of a user; health data, when collected and analyzed; sexual orientation or sex life, when collected and analyzed.


Personal information does not include:

Where Your Information is Collected

Travelzoo obtains the categories of personal information listed above from the following categories of sources:

How We Use Your Information

We may use or disclose the personal information we collect for one or more of the following business purposes:

Travelzoo will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.

How Long We Retain Your Information

We do not retain your personal information or sensitive personal information for each disclosed purpose for which the personal information was collected for longer than is reasonably necessary for that disclosed purpose.

What Information We Disclose and to Whom

Sales of Personal Information

Sell,” “selling,” “sale,” or “sold,” means selling, renting, releasing, disclosing, disseminating, making available, transferring or otherwise communicating orally, in writing, or by electronic or other means a consumer’s personal information by the business to a third party for monetary or other valuable consideration.

In the preceding twelve (12) months, Travelzoo has not sold personal information.

Sharing of Personal Information

Share” or “sharing” means the non-monetary exchange of personal information between a business and a third party for the purposes of cross-contextual behavioral advertising. It includes sharing for free, for monetary gain, or any other consideration of value. Third parties do not include a business that a consumer intentionally interacts with (here, Travelzoo) and service providers or contractors that provide services to Travelzoo for specified business purposes.

Travelzoo discloses some of the personal information it collects from you to service providers or contractors that provide services to Travelzoo for a specified business purpose, which is not considered “sharing” pursuant to the CPRA.

Travelzoo also participates in cross-contextual behavior advertising and uses third party cookies and pixels, which would be considered sharing personal information with a third party pursuant to the CPRA. Travelzoo respects your right to opt-out of this “sharing” by providing you with a link on the homepage which states “DO NOT SELL OR SHARE MY PERSONAL INFORMATION”. By clicking this link, you will ensure that Travelzoo does not share any personal information collected by Travelzoo through your applicable device/browser with third parties. The link will change to “YOUR PERSONAL DATA IS NOT BEING SOLD OR SHARED” when that preference has been properly activated. If there are any issues with the link, please contact us, as set forth below.

Disclosures of Personal Information for a Business Purpose

We engage certain trusted third parties to perform functions and provide services to us, including hosting and maintenance, error monitoring, debugging, performance monitoring, billing, customer relationship, database storage and management, and direct marketing campaigns. We may share your personal information with service providers or contractors, but only to the extent necessary to perform these functions and provide such services. We also require these service providers or contractors to maintain the privacy and security of the personal information they process on our behalf.

In the preceding twelve (12) months, Travelzoo has disclosed the following categories of personal information for the following business purposes:

  1. Auditing related to counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards.
  1. Helping to ensure security and integrity to the extent the use of the consumer’s personal information is reasonably necessary and proportionate for these purposes.
  1. Debugging to identify and repair errors that impair existing intended functionality.
  1. Short-term, transient use, including, but not limited to, non-personalized advertising shown as part of a consumer’s current interaction with the business, provided that the consumer’s personal information is not disclosed to another third party and is not used to build a profile about the consumer or otherwise alter the consumer’s experience outside the current interaction with the business.
  1. Performing services on behalf of the business, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services on behalf of the business.
  1. Providing advertising and marketing services, except for cross-context behavioral advertising, to the consumer provided that, for the purpose of advertising and marketing, a service provider or contractor shall not combine the personal information of opted-out consumers that the service provider or contractor receives from, or on behalf of, the business with personal information that the service provider or contractor receives from, or on behalf of, another person or persons or collects from its own interaction with consumers.
  1. Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by the business, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by the business.

Disclosure of Sensitive Personal Information

The only type of sensitive personal information collected by Travelzoo is credit card information, for purposes of allowing you to purchase a voucher from Travelzoo or book a hotel stay through Travelzoo’s hotel platform. Travelzoo does not retain the credit card information, other than the last four digits. Travelzoo therefore already limits the use of sensitive personal information to that which is necessary to perform the services reasonably expected by an average consumer who requests those services or for a business purpose as defined under the CPRA. If you have further questions about disclosure of sensitive personal information, please contact us, as set forth below.

Your Rights and Choices

The CPRA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CPRA rights and explains how to exercise those rights.

Note, if you exercise any of your privacy rights under the CPRA, you will continue to receive equal service and pricing from Travelzoo.

Right to Know What Personal Information is Being Collected, Sold or Shared and to Whom. Right to Access Personal Information.

You have the right to request that Travelzoo disclose certain information to you about our collection and use of your personal or sensitive information over the past 12-months. Once we receive and confirm your verifiable consumer request, we will disclose to you:

Right to Correct Inaccurate Personal Information

You have the right to request that we correct any inaccuracies of your personal information that we collected from you and retained, taking into account the nature of the personal information and the purposes of the processing of the personal information. Once we receive and confirm your verifiable consumer request, we will use commercially reasonable efforts to correct your personal information, as you direct.

Right to Delete Personal Information

You have the right to request that Travelzoo delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.

We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:

Right to Opt Out of Sale or Sharing of Personal Information

You have the right to opt out of your personal data being shared with a third party, subject to certain exceptions (Travelzoo does not sell and has never sold your personal information). You may exercise this right by clicking on the link on the homepage for California residents, which states “DO NOT SELL OR SHARE MY PERSONAL INFORMATION”. Once we receive and confirm your verifiable consumer request to opt out of sharing your personal data with third parties, we will use commercially reasonable efforts to remove (and direct our service providers, contractors or third parties to remove, as applicable) your personal information, unless an exception applies or we do not otherwise share your personal information.

Right to Limit Disclosure of Sensitive Information

 You have the right to limit the disclosure of your sensitive personal information, to the extent that a company may disclose sensitive personal information that is not necessary for the performance of its services. Travelzoo only collects certain sensitive personal information when submitted directly by you and as set forth above, Travelzoo already limits the disclosure of such sensitive personal information.

Exercising Your Rights

To exercise the rights described above, please submit a verifiable consumer request to us by either:

Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.

The verifiable consumer request must:

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.

Making a verifiable consumer request does not require you to create an account with us.

We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

Response Timing and Format

We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to 45 days), we will inform you of the reason and extension period in writing.

If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.

Any disclosures we provide will only cover the 12-month period preceding the receipt of a verifiable consumer request, but no more than twice in a 12-month period. The response we provide will also explain the reasons we cannot comply with a request, if applicable.

For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance, specifically a .csv file.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.


We will not discriminate against you for exercising any of your CPRA rights. Unless permitted by the CPRA, we will not:

Changes to Our Privacy Notice

Travelzoo reserves the right to amend this privacy notice at our discretion and at any time. When we make changes to this privacy notice, we will post the updated notice on our website and update the notice’s effective date. Your continued use of our website following the posting of changes constitutes your acceptance of such changes

Contact Information

If you have any questions or comments about this notice, the ways in which Travelzoo collects and uses your information described below and in the Privacy Policy, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us at:


Postal Address:

Legal Department
590 Madison Avenue
35th Floor
New York, NY 10022

Last updated: December 15, 2022

Change log:

December 15, 2022: We continuously strive to be as transparent as possible about how we process your data. Therefore, we have updated the Privacy Notice for California Residents to include the new regulations regarding California Privacy Rights Act of 2020 (CPRA) which will supersede the California Consumer Privacy Act of 2018 (CCPA) when it goes into effect on January 1, 2023.