By the nature of their business, you'd think hoteliers would have some concern for their customers' privacy. To judge by their privacy and website terms, however, Hilton.com thinks publishing your credit card number is within its rights.

A few days ago, a reader was trying to book a room for the 4th of July at an Embassy Suites, one of many hotel chains owned by Hilton Hotels Corporation (HHC). "When I was about to reserve through their site, which was running a deal better than Travelocity offered, I decided to glance at the privacy clause," wrote the reader. "I found it to be quite interesting. Go to www.hilton.com and click on 'Privacy & Security' and then read section IV. See if I'm interpreting it correctly. The way I read it, all information that you submit as part of a transaction, like booking a room, is now theirs. They reserve the right to do whatever they want with the info, including publish it. That info would include my name, address, credit card number, etc. I booked with Sheraton instead."

Well, yes, I'd say the reader was interpreting it correctly. "You agree that HHC shall own all Information," Hilton's terms state baldly. Further, it says that "such Information belongs to HHC and is not personal or private proprietary information ... (and) may be processed, used, reproduced, modified, adapted, translated, used to create derivative works, shared, published and distributed by HHC in its sole and absolute discretion in any media and manner irrevocably in perpetuity in any location throughout the universe..." Nowhere in the 7000-plus words of what's supposedly a privacy policy does Hilton put any constraints or limitations on how it may use information supplied by customers on its websites.

All in all, it's a remarkable document. Not only is it the worst privacy policy from a legitimate company that I've seen, the identical document also doubles as Hilton's website "Site Usage" agreement. So along with claiming the right to use your information in any manner it sees fit, Hilton also disclaims all warranties, denies all damages, forsakes all responsibility for its negligence, requires you to indemnify Hilton and its partners against all legal actions, no matter how justified, that you or someone else might bring against it, etc.

Hilton's privacy policy/usage agreement even outdoes most software license agreements in claiming to represent a binding legal contract. At one point, it even states that in clicking OK to this agreement you almost surely didn't actually read that you "hereby acknowledge that you have been advised by your legal counsel" to give up your legal rights. In fact, as I was first reading it, I thought it odd how Hilton's legalese goes on and on about subjects like publishing rights and idea submissions that would seem to have very little to do with a hotel chain's website. There was something vaguely familiar about the language, as if ...

And then I saw why. Down near the bottom is a statement that your use of the site authenticates that you have entered into the agreement under the various electronic signatures acts and ... the Uniform Computer Information Transactions Act. Yes, UCITA rears its ugly head once again. It's almost as if whoever wrote Hilton's terms used UCITA and associated commentary as a template.

If you'd like to see Hilton's privacy/site usage terms for yourself, you have many sites from which to choose. Not only is it at Hilton, but what appears to be the identical document serves as the "Privacy & Security" and "Site Usage" terms at the websites for Conrad, Doubletree, Embassy Suites, Hampton Inns and more. Read enough of it to get the general flavor and I think you'll agree with the reader, and me, that it would be a good idea to stay at the Sheraton instead.

--------------------

Post your comments about this column below or write me directly at Foster@gripe2ed.com. To receive this column every week in my free e-mail newsletter, please go to my subscription page and follow the instructions to opt-in for the EdFoster mailing list.