We take privacy seriously. The purpose of this document is to provide you with information on Hex's use of your personal data in accordance with applicable law, including, but not limited to, the California Consumer Privacy Act (as amended) and, in respect of any EU data subjects, the EU General Data Protection Regulation (together, the "Data Protection Legislation").
If you access or use the Platform, Hex will ask for, collect, and store Personal Data about you (your “Personal Data”). We would not be able to provide the Platform without the Personal Data you provide us, which is why we want you to know that we take our responsibility to protect your Personal Data very seriously. We also want to make very clear how we use your Personal Data so that you can make informed choices about your use of our Platform.
This document (our “Privacy Policy”) explains how we collect and use your Personal Data, how and with whom we share your Personal Data, and how we protect your Personal Data. This Privacy Policy applies to our website located at https://www.my-hex.com and the Platform and is subject to the Hex Terms of Service (“Terms”). All undefined capitalized terms have the same definition used in our Terms.
If you do not want us to collect Personal Data from you or share Personal Data with any third parties or otherwise disclose your Personal Data, you should not use or access the Platform.
For traveler bookings and commission data we receive from hotels, Hex acts as the hotel's processor and processes such personal data on the hotel's documented instructions to reconcile commissions and remit payments. We do not use traveler data for marketing or any other independent purpose and we restrict visibility of travelers details solely to the booking agency for reconciliation. For our Agent Directory, platform analytics, fraud prevention/security, support records and our own business operations, Hex acts as an independent controller.
| Categories of Personal Data | Examples | Sources of Personal Data | Purposes for Personal Data Collection |
|---|---|---|---|
| Identifiers | Traveler and Travel Agent full names | Hotel reports; Hotel PMS/CRS integrations; Travel Agents via online forms | Identify and reconcile bookings; commission payments; enable communication between hotels and travel agents |
| Contact Information | Postal address, phone number, email address (Travel Agents) | Travel Agents via online forms; Hotel reports; IATAN/ARC database | Account management and communication between hotels and travel agents |
| Reservation Information | Reservation number, stay dates, hotel name | Hotel reports, Hotel PMS/CRS integrations | Commission reconciliation; booking identification |
| Internet or other electronic network activity information | IP address and related website usage data (anonymized) | Google Analytics | Website analytics and improvement |
| Business Information | Production data, and affiliations | Hotel reports; Hotel PMS/CRS integrations; Travel Agents via online forms; IATAN/ARC database | Validate agent performance; facilitate targeted business opportunities and recommendations |
| Geolocation Data | Approximate location derived from IP address (anonymized) | Google Analytics | Determine eligibility to access the Platform; analytics |
Except as described in this Privacy Policy and unless otherwise expressly authorized by you in writing, Hex will never share, sell, or communicate your Personal Data to or with anyone for any reason. We only share and disclose your Personal Data with the following third parties. We have categorized each party so that you may easily understand the purpose of our data collection.
| Categories of third parties with whom Personal Data has been shared | Why we share your Personal Data | Is Personal Data shared for a business purpose? |
|---|---|---|
| Purchasers of Our Business | We may share or transfer your Personal Data in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company. | Yes |
| Law Enforcement | We may share your Personal Data in order to comply, as necessary, with applicable laws and regulatory requirements, as well as legal process, respond to mandatory legal or governmental requests or demands for information, enforce our agreements, policies, procedures and terms of service, and protect ourselves, our customers, or the general public from illegal activities. | No |
| Analytics Providers (e.g., Google Analytics) | We share anonymized website usage data (IP address) with Google Analytics to assess and improve site performance. | Yes |
| Hotels (Platform Clients) | We share Travel Agent business contact information and professional data to facilitate direct communication regarding bookings, commission reconciliation, and business development. | Yes |
| Service Providers (e.g. Google LLC, Amazon Web Services Inc.) | We share your personal data to host, store, secure, transmit, and support the Platform. These providers act only under our instructions and must not use the data for their own purposes. | Yes |
We use Google Analytics to collect aggregated, anonymized information about how users interact with the Platform. This data does not identify individual travelers or Travel Agents and is used solely to improve our services.
We also use cookies and other activity tracking tools to help the website work better. These tools allow us to:
We use cookies and trackers to assign you a unique identifier so we can record:
You can block cookies at any time using your web browser settings, but doing so may limit your browsing experience and your ability to use certain features of the website. We do not currently respond to “Do Not Track” or DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online, as there is no uniform standard for compliance. However, users can manage cookies via browser settings.
How Long Do We Keep Your Personal Data?
We keep your Personal Data only for as long as necessary to achieve the purposes described in this Privacy Policy. All Personal Data is retained for the duration of the Agreement, and for a period of sixty (60) days following its termination to allow for commission reconciliation and dispute resolution, after which we delete or de‑identify the information unless we are legally required or have a legitimate business need to retain it longer. We conduct periodic reviews to ensure retention aligns with purposes, and data may be anonymized earlier upon request where feasible. We may retain de-identified/aggregated data beyond these periods.
As a California consumer, you have the following choices regarding our use and disclosure of your Personal Data subject to certain limitations under the California Consumer Privacy Act (“CCPA”):
To submit a request to exercise any of the rights described above, you may email us at privacy@my-hex.com or sending a letter with your request to 19225 NE 18th Ave, Miami Fl, 33179. We may verify your identity before responding to your request.
Consumer Request by an Authorized Agent
If any authorized agent submits a consumer request under the CCPA on your behalf, we require the authorized agent to submit the following information so that we can confirm their authority to act on your behalf:
If you are a resident of the European Economic Area, your business contact and professional information is protected as personal data and you have the following data protection rights:
Our legal basis for collecting and using the Personal Data described above will depend on the Personal Data concerned and the specific context in which we collect it.
However, we will normally collect Personal Data from you only (i) where we need the Personal Data to carry out our obligations under the Terms; (ii) where the processing is in our legitimate interests and not overridden by your rights; or (iii) where we have your consent to do so. We have a legitimate interest in operating our Platform and improving our Platform, or for the purposes of detecting or preventing illegal activities.
If we ask you to provide Personal Data to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your Personal Data is mandatory or not (as well as of the possible consequences if you do not provide your Personal Data).
Due to the international nature of our business, your Personal Data may be transferred to jurisdictions that do not offer equivalent protection of personal data as under the Data Protection Legislation. In such cases, we will process Personal Data or procure that it be processed in accordance with the requirements of the Data Protection Legislation, which may include having appropriate contractual undertakings in legal agreements with service providers who process Personal Data on our behalf.
In particular, we store and process your Personal Data on Amazon Web Services (AWS) servers located in Virginia, United States (us-east-1), and may transfer it to other regions in accordance with this Privacy Policy to support our global operations and to comply with applicable laws.
We will not take decisions producing legal effects concerning you, or otherwise significantly affecting you, based solely on automated processing of your personal data, unless we have considered the proposed processing in a particular case and concluded in writing that it meets the applicable requirements under the applicable laws and regulations, including the Data Protection Legislation.
We are committed to protecting the privacy and confidentiality of your Personal Data. We limit access to your Personal Data to our authorized employees or agents and we contractually require our business partners and service providers to limit their use of your Personal Data. We also maintain physical, technical, and administrative safeguards to protect your Personal Data against loss, misuse, damage or modification, and unauthorized access or disclosure. In the event of a data breach, we will promptly notify affected individuals and relevant authorities in accordance with applicable laws, such as CCPA, GDPR, and LFPDPPP. We also monitor Platform activity to detect and prevent unauthorized use or sharing of your data.
We may use de-identified/aggregated production signals to generate non-determinative recommendations (e.g. highlight agencies that hotels should engage for business opportunities). We do not make decisions with legal or similarly significant effects solely by automated means. Where required, you may opt-out of profiling used for marketing/visibility, and you can update your visibility at any time by contacting privacy@my-hex.com
The website may contain links to other websites or apps. Your access to and use of such linked sites is not governed by this Privacy Policy but, instead, is governed by the privacy policies of those third-party websites. We are not responsible for the Personal Data practices of such third-party websites. Please review the privacy policies of such sites before you disclose your Personal Data to them.
The Platform is not intended for children. We do not knowingly collect, use, sell, or share any Personal Data from anyone under the age of 16. If we become aware that a child under the age 16 has provided Personal Data to us, we will delete it. We do not market products or services for use by children.
We may change this Privacy Policy from time to time to reflect changes in our practices concerning the collection, use, and sharing of Personal Data. The revised Privacy Policy will be effective immediately upon posting to the website, by notification through the website or through email. If you continue to use the website after we make changes then you will be deemed to have agreed to the changes, so please check this Privacy Policy periodically for updates.
If you have any questions or concerns about this Privacy Policy, please contact: privacy@my-hex.com.