Ahoy! Our team here at GreenstoneApp LLC (herein referred to as “Greenstone”, “we” or “our”) values your trust, and makes it a high priority to ensure the security and confidentiality of the personal information you provide to us. In this Privacy Statement, we describe how we collect, use, share, or otherwise process personal information as a data controller in the course of operating our business, particularly in association with the operation of our main website ( and our other digital properties that reference this Privacy Statement, including our websites, apps, digital communications and other our products and services (collectively “Services”). We encourage you to read our Privacy Statement to learn about our privacy practices.

This Privacy Statement applies to any kind of personal information that Greenstone processes concerning visitors to ( and individuals, employees, owners and other representatives acting on behalf of (existing, former, or potential) Business Partners (collectively “you” or “your”).

This Privacy Statement does not cover our processing of personal information that your customers submit while making their bookings through the integrated Greenstone widget on your website or a third party website (e.g. a blogger or an online platform). For such processing, you are responsible for, and must be able to demonstrate compliance with applicable privacy laws. Within that context you may be legally required to publish a privacy statement or similar documentation on your website. This Privacy Statement also does not apply to personal information processed in connection with job applicants and Greenstone employees.

Terms we use in this Privacy Statement

Within the context of this Privacy Statement, the term “Business Partners” may refer to:

  • Corporate customers using the Services,
  • Online travel agencies,
  • Third party service providers,
  • Other business partners enable activity bookings through their websites and/or apps (or other means),
  • And natural or legal persons maintaining a business relationship with a Greenstone group company.

“Personal information” means any information that identifies, relates to, describes, or can reasonably be linked, directly or indirectly, to a specific natural person. This does not include information concerning a legal person or entity.

Who is the data controller for processing your personal information?

GreenstoneApp LLC controls the processing of personal information, as described in this Privacy Statement. GreenstoneApp LLC is a private limited liability company, incorporated under the laws of the United States and has its office in Chicago, IL.

What kind of personal information does Greenstone collect?

The personal information Greenstone may collect in regards to you depends on the context of the business relationship, the interactions you have with Greenstone and the Services you use. The personal information Greenstone collects and uses may include the following:

Personal information you give to us

Greenstone may collect and use personal information you give to us, for example if you use our Services, fill out a form or when you interact with us:

  • Account and contact information, such as full name, business addresses, business email addresses, business phone number and Greenstone account details.
  • Communication information, such as business contact details and content of correspondence and data exchanged with you by telephone, chat or other means of communication;
  • Geolocation information, such as city, state, province and country.
  • Contract information, such as information on our terms of agreement, and the service (to be) provided;
  • Financial information, such as bank details, bank account information, bills and invoices, tax ID number and other data necessary for payment and invoicing purposes;
  • Verification details, such as a copy of company registration documents or other relevant information to verify the authenticity of your company. This may also include proof-of-licenses or tax information
  • Other information necessarily processed in business relationships or voluntarily provided by you.

Personal information we collect automatically

When you visit our website or use our Services we may automatically collect certain information – some of which may be personal information. The information collected may include:

  • Language settings
  • IP address
  • Location
  • Device settings
  • Device operating system
  • Log information
  • Time of usage
  • URL requested
  • Status report
  • User agent (information about the browser version)
  • Browsing history
  • User ID
  • The type of data viewed

Personal information you give to us about others

By sharing other individuals’ personal information —such as data belonging to your staff members—you confirm (i) that these individuals have been notified of the information from this Privacy statement, including how Greenstone may collect, use, disclose and/or transfer their personal information, (ii) you have obtained any required consent from such an individual and (iii) you have the permission to provide such personal information which permits us to lawfully collect, use, and/or disclose such personal information in accordance to this Privacy Statement.

Personal information we receive from other sources

We may also receive personal information from other sources which may include:

  • Information on your company: we may use business information companies and publicly available sources, such as websites or materials available through search engines, to verify, update and correct information contained in our databases.
  • Data related to law enforcement and tax authority requests: law enforcement or tax authorities can contact Greenstone with additional information about you in the event that you are affected by an investigation.
  • Fraud detection and prevention, risk management and compliance: in certain instances, and as permitted by applicable law, Greenstone may need to collect data through third party sources for fraud detection and prevention, risk management and compliance purposes.

You are not obliged or required to provide any information to us, however if you wish to enter into contracts with us or use our Services, you must also provide us with certain information, as part of your contractual obligation under the relevant contract. When using our website, the processing of technical data cannot be avoided.

Why does Greenstone use your personal information?

Your personal information may be used or disclosed for one or more of the following purposes:

A. Contractual relationship: we use personal information for the conclusion, administration and performance of the contractual relationships. As part of performing the contractual relationship, we process personal information for the administration of the business relationship, to provide contractual services, consulting and for customer service. Accounting, termination and enforcement of legal claims arising from contracts (i.e. debt collection, legal proceedings, etc.) are also part of the performance of the contractual relationship.

B. Customer service: we use personal information to provide you with customer service, respond to your questions and complaints and to monitor and improve our customer service.

C. Account facilities: where a Greenstone account was created for you, we use the account-related information for the purposes of administering and maintaining the Greenstone account, allowing you to manage your reservations.

D. Communicating with you: we may use your personal information for getting in contact with you, including by email, phone, as well as through messenger services, chats, social media, and by letter or other means, to respond to inquiries, the exercise of your rights and to contact you in case of queries. This includes all purposes in relation to which we communicate with you, whether in the context of our contractual relationship, customer service or consulting, and for training and quality assurance purposes.

E. Security, fraud detection and prevention: we may use personal information, in order to investigate, prevent, and detect fraud and other illegal acts to help maintain the safety, security, and integrity of our websites, products and services, databases and other technology assets, and business. This helps us to ensure that you can safely use our Services.

F. Market research: we may use your personal information to invite you to take part in market research. Please see the information that accompanies this kind of invitation to understand what personal information will be collected and how that data is used.

G. Improving and personalizing our website and Services: we may use personal information for analytical purposes to improve our products, services and operations, and for product development, such as retaining and evaluating information on your visits to our website and how you move around different sections of our website for analytics purposes to understand how individuals use our Services so that we can make it more intuitive.

H. Marketing and relationship management: we may use your personal information for marketing purposes and relationship management, for example to send personalized advertising for products and services. This may happen in the form of newsletters and other regular contacts through other channels for which we have contact information from you, but also as part of marketing campaigns (for example events, invitations and surveys). You can object to such contacts at any time or refuse or withdraw consent to or clicking the “Unsubscribe” link included in each marketing communication.

I. Call monitoring: during calls with our customer service team, live listening might be carried out or calls might be recorded for quality control and training purposes. These recordings may also be used for the handling of complaints, legal claims and fraud detection purposes. If a call is recorded, each recording is kept for a limited amount of time before being automatically deleted. This is unless we have determined that it’s necessary to keep the recording, such as fraud investigation, compliance, and legal purposes.

J. Change in ownership or corporate organization: to evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Greenstone’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding. As a result, some or all of your information may be transferred to an entity acquiring all or part of our assets or to another entity with which we have merged.

K. Legal and compliance: we may be required to disclose your personal information to comply with legal obligations, such as financial reporting obligations, compliance screening obligations, to handle and resolve legal disputes or for regulatory investigations, risk management and compliance. In addition, we may need to share information where required by law or strictly necessary to respond to requests from competent authorities. This includes tax authorities, courts, other governmental, and public authorities.

To process your personal information as described above, we rely on the following legal bases:

As applicable for purpose A to D, Greenstone relies on the legal basis that the processing of personal information is necessary for entering into and the performance of a contract. If the required information is not provided, Greenstone cannot finalize and perform the contract, nor can Greenstone provide customer service.

In view of purposes E to J, Greenstone relies on its or a third party’s legitimate business interests, to provide and improve our products and services, communicate with you and send you communications, including marketing communications, and prevent fraud and other illegal acts. If you wish to object to the processing set out under E to J and no opt-out mechanism is available to you directly (for example, in your account settings), please contact us at For purpose K, Greenstone also relies, where applicable, on compliance with legal obligations to which Greenstone is subject.

Finally, where needed under applicable law, Greenstone will obtain your consent prior to processing your personal information, including for email marketing purposes or as otherwise required by law. You may withdraw your consent at any time with effect for the future by contacting us at

In some cases, other legal bases may apply, which we will communicate to you separately as necessary.

Does Greenstone provide personal information to third parties or service providers?

In certain circumstances, we may provide some of your personal information to third parties or service providers:

  • Service providers: we use service providers who assist us in operating our website, conducting our business and perform Services on our behalf, such as web-hosting companies, marketing services, IT providers, analytics providers, customer support services or fraud detection and prevention services.
  • Payment providers and other financial institutions: to process payments between you and Greenstone or a consumer and you, relevant personal information is provided to payment providers and other financial institutions.
  • Business partners: we work with business partners or from time to time, for instance for fraud detection and prevention purposes or to enable them to provide services to you.
  • Competent authorities: we may disclose information to competent authorities insofar as it is required by law or is strictly necessary for the prevention, detection or prosecution of criminal acts and fraud, or when we are otherwise legally obliged to do so. We may also need to disclose information to competent authorities to protect and defend our rights or properties, or the rights and properties of business partners.
  • Corporate purchasers: we may provide your personal information to a corporate purchaser as part of a merger, acquisition or sale of Greenstone company assets, or transition of Greenstone Services to another company.

International transfers

The personal information that we collect from you, as described in this Privacy Statement, could be transferred to or stored in countries which may not have the same data protection laws as the country in which you initially provided the information. In such cases, we will protect your data as described in this Privacy Statement.

This may also be applicable if you are in the European Economic Area (EEA). Countries your data may be transferred to may not have laws that provide the same level of protection for your personal information as laws within the EEA. Where this is the case, we will put appropriate safeguards in place to make sure that these transfers comply with European privacy law.

In particular, when your data is transferred to service providers, we establish and implement appropriate contractual, organisational and technical measures with them. In general, this is done by putting in place Standard Contractual Clauses as approved by the European Commission (which can be accessed here), by examining the countries to which the data may be transferred, and by imposing specific technical and organizational security measures.

You can ask us to see a copy of our implemented safeguards (where possible) using the contact details below.

Children’s Information

Our services aren’t intended for children under 16 years old, and we’ll never collect their information unless it’s provided by (and with the consent of) a parent or guardian. If we become aware that we’ve processed the information of a child under 16 years old without the valid consent of a parent or guardian, we will delete it.

What are your rights

Greenstone operates in jurisdictions that impose varying obligations and that grant individuals differing levels of protection, particularly with respect to personal information. Depending on applicable law, you may have certain rights with respect to your personal information, including:

  • The right to ask for a copy of the personal information we hold about you;
  • The right to ask us to erase, block, correct or restrict the personal information we hold about you, or object to particular ways in which we are using your personal information;
  • The right to request that we provide certain personal information in a commonly used electronic format or transfer it to another data controller; and
  • The right to withdraw consent, where our processing is based on your consent.
If you want to exercise any of the rights described above, please complete and submit your request to us by either:
  • Filling out a Web Form
  • Calling us at (312) 646-0237
  • Mailing us at:

We endeavor to respond to your request electronically, or by mail at your option, within thirty (30) days of its receipt. If we require more time, we will inform you of the reason and extension period in writing. If you have a Greenstone user account, you can access a lot of your personal information through our website or apps. You’ll generally find the option to add, update or remove information we have about you in your account settings.

If you are located in the EEA, the United Kingdom or in Switzerland, you also have the right to lodge a complaint with the competent data protection supervisory authority in your country.

What retention periods does Greenstone put in place?

We’ll keep your personal information for as long as is necessary for the purposes for which we collected it, to comply with our legal and regulatory obligations, to resolve disputes or claims) or storage is a technical requirement, for example in case of backups.

Country-specific provisions

Depending on the law that applies to you, we may be required to provide some additional information. If applicable, you will find additional information for your country or region below.

For California Residents – California Law

This section supplements our Privacy Statement and only applies if you reside in the state of California. Where applicable, it describes how we use and process your personal information and explains your particular rights under California law. Any terms defined in in California law have the same meaning when used in this section.

Below, we describe the categories of personal information we have collect within the last twelve (12) months:

Categories Examples
A. Identifiers Name, alias, address, unique personal identifier, online identifier, IP address, email address, account name or other similar (unique) identifiers
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) A name, signature, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.
Some personal information included in this category may overlap with other categories
C. Protected classification characteristics under California or federal law Your age and gender
D. Commercial information History about the product and services purchased by you
E. Internet activity Browsing history, search history or information about your interactions with our websites and applications
F. Geolocation data Your physical location
G. Visual information Photographs or pictures you upload on your Greenstone account
H. Inferences drawn from other personal information Profile reflecting your preferences and behavior
I. Professional or employment-relation information Job title, occupation and employer details
J. Sensitive personal information Identity document, state identification or passport number, account sign-in details, communications between you and a customer via Greenstone

Please note that because the categories of personal information collected and shared largely depends on how you have interacted with us, not all of the items listed in the tables above will be relevant to you.

If you would like more information about the categories mentioned above, the specific types of personal information we collect, or the purposes for which we collect them, please read the sections of our Privacy Statement titled What kind of personal information does Greenstone collect? and Why does Greenstone use your personal information?

To learn more about the receipt of personal information from and the sharing of personal information with business partners, please read the sections What kind of personal information does Greenstone collect? and Does Greenstone provide personal information to third parties or service providers?

To learn more about our retention procedures, please read the section of our Privacy Statement What retention periods does Greenstone put in place?

We may share certain pieces of your personal information with third parties, which under California law can be treated as a ‘sale’ of information. This may include information related to (A) Identifiers, (D) Commercial information, (F) Geolocation data, (E) Internet activity, and (H) Inferences, as described above.

We may also share your personal information, listed above under A-I for ‘business purposes’ listed in California law, such as to service providers who assist us with securing our services, for payment purposes, customer support services, delivering marketing messages, or advertisements.

For more details, including the recipients of your personal information, you can check out the What kind of personal information does Greenstone collect? and Does Greenstone provide personal information to third parties or service providers?

California law provides you with certain rights, including the right to access specific pieces of personal information, learn about how we process personal information, including disclose or sell personal information, the right to correct your personal information, request deletion of personal information, opt out of ‘sales’, opt out of ‘sharing’ and not to be denied goods or services for exercising these rights.

You may exercise your right to opt out of ‘sales’ or ‘sharing’, your right to request access to or the deletion of your personal information under California law either by:

  • Filling out a Contact Form
  • Calling us at (312) 646-0237
  • Mailing us at 

To otherwise exercise these or any of your other rights under California law, or to contact us with questions and concerns about this Privacy Statement and our practices, you can also contact us at with the subject line: “California Resident Privacy Rights – Request”.

If you are an authorized agent wishing to exercise rights on behalf of a California consumer, please contact us at the email above, attaching a copy of the consumer’s written authorization, designating you as their agent. We may need to verify your identity before completing your rights request.

Greenstone’s services are not directed at children under the age of 16 years. Therefore, Greenstone does not knowingly sell or share the personal information of minors under the age of 16 years without appropriate consent, as required under the California Consumer Protection Act (CCPA).
For US Residents – excluding California residents

If you live in the United States (in a state other than California) the information in this section applies to you in addition to other content in this Privacy Statement. The purpose of this section is to inform you about certain rights that you have in various US States which may be different from those described elsewhere in this Privacy Statement. If you are a resident of California, please go here to learn more about your specific rights.

In addition to the personal data (also referred to as “personal information”) categories listed in this Privacy Statement above, we may also collect the following data about you:

  • Geolocation data (e.g. your physical location)
  • Sensitive Data (citizen or immigration status, data revealing your racial, ethnic origin, religious beliefs, mental or physical health diagnosis or sexual orientation – if provided by you)
  • Inferences (e.g. analytics and preferences)

For more information about the categories mentioned above, specific types of personal data we collect, or the purposes for which we collect them, please refer to the sections of our Privacy Statement entitled What kind of personal information does Greenstone collect? and Why does Greenstone use your personal information?.

To learn more about the receipt of personal data from and the sharing of personal data with business partners, please read the sections What kind of personal information does Greenstone collect? and Does Greenstone provide personal information to third parties or service providers?

We may share certain elements of your personal data with third parties, which under the U.S. State privacy laws may be considered ‘the sale of personal data.’ This may include information related to inferences and analytics. We may also share your personal data with service providers, who assist us with delivering marketing messages or advertisements.

For more details, you can find more information about this in the Does Greenstone provide personal information to third parties or service providers? section of our Privacy Statement.

Your rights under privacy laws include the right of access to your personal data, the right to correct your personal data, the right to request deletion of your personal data and the right to obtain a copy of your personal data. US State privacy laws provide you with certain additional rights which include the right to opt out of: the sale of your personal data, targeted advertising, and profiling that may have a legal impact on you.

Please fill out this form to exercise your right to request access to, to obtain a copy of, and to correct or delete any of your personal data. Please use the same form to opt out of the sale of your personal data, targeted advertising, or profiling.

If you have any questions or concerns about this Privacy Statement, Greenstone’s practices, or to exercise any of your rights by, please contact us by sending an email to with the subject line: ‘US Resident Privacy Rights – Request’.

If you are a parent, legal guardian, or the authorized agent of a consumer and you wish to exercise rights on behalf of a consumer, please contact us Please be aware that we may need to verify your identity and authorization before completing the rights request.

When you exercise your rights, we verify your identity based on whether the name and the email address you provide in the request matches the data you provided when using our services and other verification details. You may authorize another individual to exercise opt out rights on your behalf. If we receive such a request, we will send an email to confirm you authorized the requester to act for you.

Greenstone’s services are not directed at children under the age of 18 years. Therefore, Greenstone does not intentionally collect the personal data of minors and we do not knowingly sell their personal data of minors under the age of 18 years without appropriate consent.

Cookie Statement

Whenever you use our website and Services, we use cookies and similar online tracking technologies (which we’ll also refer to as ‘cookies’ for the purpose of this Cookie Statement). Cookies can be used in various ways, including to make our website work, to analyse traffic, or for advertising purposes. Read on below to learn more about what a ‘cookie’ is, how they’re used and what your choices are.

For a detailed list of Greenstone’s cookies and categorizations please consult our cookie list.

What are cookies and online tracking technologies?

A web browser cookie is a small text file that websites place on your computer’s or mobile device’s web browser. These cookies store information about the content you view and interact with, in order to remember your preferences and settings or analyse how you use our website.

Cookies are divided into ‘first party’ and ‘third party’:

First party cookies are the cookies served by the owner of the domain – in our case that’s Greenstone. Any cookie we place ourselves is a ‘first party cookie’.

Third party cookies are cookies placed on our domains by trusted partners that we’ve chosen to allow to do so. These can be social media partners, advertising partners, security providers and more.

And they can be either ‘session cookies’ or ‘permanent cookies’:
Session cookies only exist until you close your browser, ending what is called your ‘session’. They are then deleted.

Permanent cookies have a range of different lifespans and stay on your device after the browser is closed. On our website, we try to only serve permanent cookies that have a limited lifespan. However, for security reasons, or in other exceptional circumstances, we might sometimes need to give a cookie a longer lifespan.

Web browser cookies may store information such as your IP address or another identifier, your browser type, and information about the content you view and interact with on our website. By storing this information, web browser cookies can remember your preferences and settings for online services and analyse how you use them.

Alongside cookies, we also use tracking technologies that are very similar. Our website, emails and mobile apps may contain small transparent image files or lines of code that record how you interact with them. These include ‘web beacons’, ‘scripts’ and ‘tracking URLs’:

Web beacons have a lot of different names. They might also be known as web bugs, tracking bugs, tags, web tags, page tags, tracking pixels, pixel tags, 1×1 GIFs or clear GIFs. In short, these beacons are a tiny graphic image of just one pixel that can be delivered to your device as part of a web page request or an advertisement. They can be used to retrieve information from your device, such as your device type or operating system, your IP address, and the time of your visit. They are also used to serve and read cookies in your browser or to trigger the placement of a cookie.

Scripts are small computer programs embedded within our web pages that give those pages a wide variety of extra functionality. Scripts make it possible for the website to function properly. For example, scripts power certain security features and enable basic interactive features on our website. Scripts can also be used for analytical or advertising purposes. For example, a script can collect information about how you use our website, such as which pages you visit or what you search for.

Tracking URLs are links with a unique identifier in them. These are used to track which website brought you to this website you’re using. An example would be if you click through from a social media page, search engine or one of our affiliate partners’ websites.

All these tracking technologies are referred to as ‘cookies’ here in this Cookie Statement.

How are cookies used?

Cookies are used to collect information, including:

  • IP address
  • Device ID
  • Viewed pages
  • Browser type
  • Browsing information
  • Operating system
  • Date and time of the visit to the website
  • Language settings
  • Device settings, operating system version and identifier
  • Whether you have responded to an advertisement
  • A referring URL
  • the type of data viewed

They allow you to be recognised as the same user across the pages of a website, across devices, between websites or when you use our apps. When it comes to purpose, they are divided into three categories – functional cookies, analytical cookies and targeting cookies.

Functional cookies (also referred to as necessary cookies) are required to make our website function correctly and are used to create technologically advanced, user-friendly websites and apps that adapt automatically to your needs and preferences, so you can browse and book easily. This also includes enabling essential security and accessibility features. More specifically, these cookies:

Enable our website and apps to work properly, so you can make reservations on the website.

Remember your selected currency and language settings, your past searches and other preferences to help you use our website and apps efficiently and effectively.
Analytical cookies (also referred to as performance cookies) measure and track how our website is used. We use this information to improve the website. More specifically, these cookies:

  • Help us understand how visitors use our website.
  • Help improve our website to make sure we’re interesting and relevant.
  • Allow us to find out what works and what doesn’t on our website.
  • Help us understand the effectiveness of advertisements and communications.
  • Teach us how users interact with our website after they have been shown an online advertisement, including advertisements on third-party websites.
  • Enable our business partners to learn whether or not their customers make use of any offers integrated into our or their websites.

The data we gather through these cookies can include which web pages you have viewed, which referring/exit pages you have entered and left from, which platform type you have used, which emails you have opened and acted upon, and date and time stamp information. It also means we can use details about how you’ve interacted with the site or app, such as the number of clicks you make on a given screen, your mouse movements and scrolling activity, the search words you use and the text you enter into various fields.

We also use targeting cookies to gather information about you over time, across multiple websites, applications, or other platforms. Targeting cookies help us to decide which products, services and interest-based advertisements to show you, both on and off our website and apps. More specifically, these cookies:

Categorize you into a certain interest profile, for instance, on the basis of the websites you visit and your click behavior.

Display personalized and interest-based advertisements both on our website and other websites. This is called ‘retargeting’ and is based on your browsing activities, such as the destinations you’ve been searching for, the accommodation you’ve viewed and the prices you’ve been shown. It can also be based on your shopping habits or other online activities. Retargeting ads can be shown to you both before and after you leave our website, as their purpose is to encourage you to browse or return to our website.

If you prefer, you can adapt your browser settings to choose to have your computer warn you each time a cookie is being sent, or to turn off all cookies. If you have activated a “Do Not Track” functionality on your device or browser, this will only affect cookies, not the remainder of Greenstone’s information collection and disclosure practices described in this Privacy Statement. 
To learn more about (or opt-out from) such advertising, you can visit the websites of the Digital Advertising Alliance at and Networking Advertising Initiative at Google, as a third-party vendor, also uses cookies to serve ads. Google’s use of the DART cookie enables it to serve ads based on your visits to Greenstone’s sites and other sites on the Internet. Users may opt out of the use of the DART cookie by visiting the Google ad and content network privacy policy.

Additional Terms and Conditions

Please also visit our Terms of Service which establishes the use, disclaimers, limitations of liability, and other terms and conditions governing the use of our Services.

Changes to our Privacy Statement

We may modify or amend this Privacy Statement from time to time. Your continued use of our sites or services following the posting of changes will mean you acknowledge that you have been made aware of the new Privacy Statement as modified. If we decide to change our Privacy Statement, we will post those changes on this page and they will be effective immediately.

This Privacy Statement was last modified on Nov 20, 2023.

Contacting Us

If you have any questions or complaints regarding this Privacy Statement, or about our processing of your personal information, please contact us using the information below and we’ll get back to you as soon as possible.

GreenstoneApp LLC
(312) 646-0237