It's not 90's anymore, with HTTPS protocol and other standards VPN doesn't do much in terms of privacy protection or cybersecurity. It basically just hides that you visited IHG website from your ISP (and instead passes the data to your VPN provider). Not sure what the big deal is here, just turn it off and book your hotel like 99% of their customers do without any problems.