This Privacy Statement explains how the Booking.com group of companies processes personal data concerning individuals, employees, owners, or representatives acting on behalf of our (existing, former, or potential) Business Partners.
In this document, Booking.com group companies may be referred to as ‘we’, ‘us’, ‘our’, or ‘Booking.com’. Individuals, employees, owners or representatives acting on behalf of our Business Partners may be referred to together or separately as ‘you’, ‘your’ or ‘Business Partners’.
Within the context of this Privacy Statement, the term ‘Business Partners’ may refer to:
Trip Providers,
Travel agencies,
Third party vendors,
Ground transportation companies,
Payment service providers,
Other business partners enabling Trip reservations through their websites and/or apps (or other means),
And natural or legal persons maintaining a business relationship with a Booking.com group company.
Please note that companies using our ‘Booking.com for Business’ services to facilitate Trip reservations for their staff are instead subject to our Privacy and Cookie Statement for customers.
This Privacy Statement applies to any Booking.com group company responsible for the processing of personal data concerning a Business Partner. Depending on the nature of the business relationship, different Booking.com group companies may be responsible for the processing of that personal data.
For example, Booking.com B.V., located in Amsterdam, the Netherlands, is responsible for the processing of Trip Provider data. This Privacy Statement also applies to Booking Brasil Serviços de Reserva de Hotéis Ltda, located in São Paulo, Brazil, when processing the personal data of accommodation partners in Brazil.
To find out if and to what extent other Booking.com group companies are responsible for the processing of your personal data, please review the information provided below. Information is also provided in your agreement with Booking.com and made available on our online platforms (such as sign up pages or procurement management platforms). Alternatively, you can contact us at dataprotectionoffice@booking.com.
For more information about how Booking.com uses cookies on dedicated Business Partner websites and apps, please refer to our Cookie Statement.
‘Trip' refers to the various travel products and services that can be ordered, acquired, purchased, bought, paid for, rented, provided to, reserved by, combined by, or consumed by end users, from the Trip Provider.
‘Trip Provider' means the provider of accommodation (e.g. hotel, motel, apartment, bed & breakfast, landlord and generically referred to as ‘accommodation partner’), attractions (e.g. (theme) parks, museums, sightseeing tours), transportation provider (e.g. car rentals, cruises, rail, taxi, airport rides, coach tours, transfers), tour operators, travel insurances and any other travel or related product or service as from time to time available for Trip Reservation on our platforms.
‘Trip Service' means the online purchase, order, (facilitated) payment or reservation service as offered or enabled by Booking.com in respect of various products and services as from time to time made available by Trip Providers on the platform.
‘Trip Reservation' means the order, purchase, payment, booking or reservation of a Trip.
The personal data Booking.com collects in regards to Business Partners depends on the context of the business relationship and their interaction with Booking.com, the choices made by the Business Partner and the products, services and features they use.
Please note that the data items in the sections below are only considered ‘personal data’ when concerning a natural person (meaning, an individual human being). These data items are not considered ‘personal data’ when concerning a legal person or entity.
The personal data Booking.com collects about our Business Partners can include the following:
We collect contact data from our Business Partners, such as first and last name, date of birth (as required), addresses, business email addresses, telephone and fax numbers.
We collect data necessary for payment and invoicing purposes (including your bank details, bank account number and VAT number) and data otherwise necessary for the processing of credit slips.
Booking.com can ask (representatives of) Business Partners to provide a copy of company registration documents, their ID card or passport, a photo, video or other relevant information to verify the authenticity of the Business Partner. This may also include proof-of-licenses or tax information.
When a Business Partner communicates with Booking.com, we collect and process information about these communications. During calls with our support centre, live listening may be conducted and calls may be recorded for quality control and training purposes. These recordings may also be used for the handling of claims and fraud detection purposes.
Recordings are kept for a limited amount of time before being automatically deleted, unless Booking.com has a legitimate interest to keep the recording for longer. This only happens in exceptional cases, such as for fraud investigation, compliance and legal purposes.
Depending on the business relationship, Booking.com may also collect information automatically – some of which may be personal data. This data is collected when a Business Partner uses online services such as a registration form, a user account (e.g. for the extranet or partner centre), a vendor management platform, or a Booking.com app, like Pulse.
The data collected may include:
Language settings,
IP address,
Location,
Device settings,
Device operating system,
Log information,
Time of usage,
URL requested,
Status report,
User agent (information about the browser version),
Result (viewer or booker),
Browsing history,
User Booking ID,
And the type of data viewed.
By sharing other individuals’ personal data for business purposes – such as data belonging to your staff members – you confirm that these individuals have been informed about the use of their personal data by Booking.com in accordance with this privacy statement. You also confirm that you have obtained all necessary consent, as required by the laws and regulations applicable to you.
In insolvency matters, Booking.com can receive information relating to Business Partners from insolvency administrators, courts or other public authorities.
Law enforcement or tax authorities can contact Booking.com with additional information about Business Partners in the event that they are affected by an investigation.
In certain instances, and as permitted by applicable law, Booking.com may need to collect data through third party sources for fraud detection and prevention, risk management and compliance purposes.
Booking.com uses the previously described Business Partner information, some of which may be personal data, as relevant, for the following purposes:
Booking.com uses account details, contact details and financial data to manage the business relationship with the Business Partner. This includes for registration and verification purposes.
Certain information, including a Business Partner’s name and address, can be used for other purposes in accordance with the agreement entered into between the Business Partner and Booking.com. An example of this would be using an accommodation partner’s contact details to enable Trip Reservations at their property through a third party website.
Booking.com uses the information provided by Business Partners (which may include personal data) to provide support services – for example, to respond to requests, questions or concerns from Business Partners or customers.
If a potential Business Partner has not finalised online registration, Booking.com may send a reminder to complete the registration process. We believe that this additional service is useful to our (future) Business Partners because it allows them to complete the registration without having to fill out all registration details again.
Booking.com may invite Business Partners to attend and host events that we think might be relevant or of interest to them. We may also use personal data to offer and host online forums that enable Business Partners to find answers to frequently asked questions about the offering and usage of Booking.com products and services.
As relevant to the business relationship, Booking.com uses personal data for communications, including providing information about system or product updates, sending the Booking.com newsletter, inviting Business Partners to participate in referral programs or competitions (such as Booking Hero) or for other marketing communications. When we use personal data to send direct marketing messages electronically, we will offer appropriate opt-out options.
Booking.com may offer Business Partners different means to communicate with (prospective or existing) guests before or after a reservation.
Business Partners can also contact Booking.com to forward reservation information or questions to guests, or communicate with guests using alias emails, which always include Booking.com as a recipient.
Booking.com may access communications between Business Partners and guests. We also use uses automated systems to review, scan, and analyse communications for the following purposes:
Security,
Fraud prevention,
Compliance with legal and regulatory requirements,
Investigations of potential misconduct,
Product development and improvement,
Research,
Customer engagement ( including to provide guests with information or offers we believe may be of interest to them),
And customer- or technical support.
Communications sent or received using Booking.com communication tools will be received and stored by Booking.com.
Booking.com uses information provided to us, which may include personal data, for analytical purposes. This is part of our drive to improve Booking.com products and services and enhance user experience.
This data can also be used for testing purposes, troubleshooting and to improve the functionality and quality of Booking.com’s online services. We also invite Business Partners to participate in surveys and conduct other market research from time to time.
Certain Business Partners may be invited to join a dedicated online platform to interact with Booking.com and/or exchange experiences with other Business Partners.
Please consult the information Booking.com provides when you are invited to participate in a survey, market research, or to join an online platform, to understand how your personal data may be treated differently than described in this Privacy Statement.
We process the information provided to us, which may include personal data, in order to investigate, prevent and detect fraud and other illegal acts. This may be personal data a Business Partner has provided to Booking.com, for example for verification purposes as part of the registration process, personal data collected automatically, or personal data obtained from third party sources (including from guests).
Booking.com may also use personal data to facilitate investigation and enforcement by competent authorities, where necessary. For these purposes, personal data may be shared with law enforcement authorities.
Booking.com can also use personal data for risk assessment and security purposes, including the authentication of users, and we use third-party service providers for third-party risk management. These providers help us to assess the business risk profile of our Business Partners. They may also provide us with third-party due diligence reports, which, as permitted by applicable law, may include possible information about criminal convictions and offenses of owners or Business Partners.
In certain cases, Booking.com needs to use the information provided (which may include personal data) to handle and resolve legal disputes or for regulatory investigations, risk management and compliance. We may also use it to enforce our agreement(s) with Business Partners or solve a complaint or claim involving a guest, as reasonably expected, and in accordance with internal policies and procedures.
In addition, we may need to share information about Business Partners (including personal data) where required by law or strictly necessary to respond to requests from competent authorities. This includes tax authorities, courts, other governmental and public authorities or local municipalities (e.g. in relation to short-term rental laws).
If we use automated means to process personal data, which produces legal effects or significantly affects you or other natural persons, we will implement suitable measures to safeguard yours or the other person’s rights and freedoms. This includes the right to obtain human intervention.
As applicable for purposes A and B, Booking.com relies on the legal basis that the processing of the personal data is necessary for the performance of the agreement between the Business Partner and Booking.com. If the required information is not provided, Booking.com cannot register a Trip Provider or otherwise work with a Business Partner, nor can we provide customer service.
In view of purposes C to G, Booking.com relies on its legitimate interest to provide its services or obtain services from Business Partners, to prevent fraud and to improve its services. When using personal data to serve Booking.com’s or a third party's legitimate interest, we will always balance the impacted individual’s rights and the protection of their information against Booking.com’s and/or the third party’s rights and interests.
For purposes F and G, Booking.com also relies, where applicable, on compliance with legal obligations (such as lawful law-enforcement requests). Finally, where needed under applicable law, Booking.com will obtain your consent prior to processing personal data, including for marketing purposes or as otherwise required by law.
If you wish to object to the processing set out under C to E and are unable to find a way to opt out directly (for example, in your account settings), please contact dataprotectionoffice@booking.com.
In order to support the use of the Booking.com services, your information (which may include personal data) may be shared with members of the Booking.com corporate group. To find out everything you need to know about the Booking.com corporate group, visit our About Booking.com page.
We share Business Partners’ information (which may include personal data) with third parties, as permitted by law and as described below:
We may share information with third parties in an aggregate form and/or other form that does not allow the recipient to identify you, for example for industry analysis or demographic profiling.
Booking.com is part of the Booking Holdings Inc. corporate group. For more information about the group, please visit the Booking Holdings website.
Booking.com may receive personal data about Business Partners from other companies in the Booking Holdings Inc. corporate group or we may share Business Partners’ personal data with those companies. This is done for the purposes as described below, subject to any contractual terms.
To provide an example of this inter-group collaboration, Booking.com works closely with Rentalcars.com to offer ground transportation services to its customers, either directly or through our Business Partners.
All companies within the Booking Holdings Inc. group may need to exchange Business Partners’ personal data to ensure we protect all users from fraudulent activities on its online platforms.
The purposes for data sharing within the Booking Holdings Inc. group of companies are:
A. To provide services, including reservation services, to manage Business Partner accounts (including vendor management) and to provide support,
B. To prevent, detect and investigate fraudulent and other illegal activities,
C. For analytical and product improvement purposes,
D. To personalise online services or send marketing with the recipient’s consent (or as otherwise permitted by applicable law),
E. To ensure compliance with policies and applicable laws.
Booking.com relies on our legitimate interest and that of the Booking Holdings Inc. group companies’ to receive and share personal data as described under A to D. This is in order to provide services or obtain services from Business Partners, including to improve these services and to prevent fraud.
When using personal data to serve Booking.com’s or a third party's legitimate interest, Booking.com will always balance the impacted individual’s rights and interests in the protection of their personal data with the rights and interests of Booking.com or the third party.
For purpose E, Booking.com relies also, where applicable, on compliance with legal obligations (such as in matters of lawful law-enforcement requests).
If you wish to object to the processing set out under A to D, and are unable to find a way to opt out directly (for example, in your account settings), please contact dataprotectionoffice@booking.com.
Booking.com Transport Limited (‘BTL’), also trading as Rentalcars.com, is a private limited liability company, incorporated under the laws of the United Kingdom with offices at 100 New Bridge Street, London, EC4V 6JA.
BTL is part of the Booking Holdings Inc. corporate group, and the ground transportation services offered through Booking.com’s websites and apps are operated by BTL under the Booking.com brand.
Booking.com B.V. operates the BTL affiliate partner sign-up page and account management process. The information collected from BTL Business Partners during this sign-up and account management process, which may include personal data, is shared with BTL for the purposes set out in this Privacy Statement.
If you are a BTL Business Partner and have questions or concerns about the processing of your personal data, or you want to exercise the rights you have under this Privacy Statement, please contact BTL at dataprotectionofficer@rentalcars.com.
The transmission of Business Partners’ personal data, as described in this Privacy Statement, may include overseas transfer of this data. This may be to countries whose data protection laws are not as comprehensive as those of the country or countries in which you initially provided the information, including within the European Union. In such cases, we will protect your personal data as described in this Privacy Statement.
Where required by European law, we will put appropriate safeguards in place to ensure that such transfers comply with European privacy law. In particular, when personal data is transferred to third-party service providers, we establish and implement appropriate contractual, organisational and technical measures with such providers.
These measures can be established using ‘Standard Contractual Clauses’, approved by the European Commission, by examining the countries data may be transferred to and imposing specific technical and organisational security measures. Where applicable, you can ask us for a copy of these contractual agreements using the contact details provided below.
We have procedures in place to prevent unauthorised access to and misuse of personal data.
We use appropriate business systems and procedures to protect and safeguard information, including personal data. We also use security procedures and technical and physical restrictions for accessing and using the personal data on our servers. Only authorised personnel are permitted to access personal data in the course of their work.
We will retain personal data for as long as deemed necessary to manage the business relationship with a Business Partner, to provide Booking.com services to a Business Partner and to comply with applicable laws (including those regarding document retention), resolve disputes or claims with any parties, and as otherwise necessary to allow us to conduct our business.
All personal data we retain about you as a Business Partner is subject to this Privacy Statement and our internal retention guidelines. If you have questions about the specific retention periods for the various types of personal data we process, please get in touch using the contact details below.
Depending on where you are located or the Booking.com entity processing your personal data, different rights may apply to the processing of that data, as set out in this privacy statement. As applicable:
Where we are using your personal data on the basis of your consent, you are entitled to withdraw that consent at any time, subject to applicable law. Where we process your personal data based on legitimate interest or public interest, you also have the right to object at any time, subject to applicable law.
Regardless of your location or the Booking.com entity with which you are contracted, we rely on our Business Partners to ensure that the personal data we hold is complete, accurate and current. Please always inform us promptly of any changes to or inaccuracies in your personal data.
If your business has agreements with a different entity to Booking.com B.V. and you would like further information about the relationship between that entity and Booking.com B.V., you can contact us at any time. You should also do so if you would like to exercise your rights regarding the personal data processed about you as part of that business relationship.
If you have questions, requests or concerns about how we process your personal data, or would like to exercise any of the rights you have under this Privacy Statement, please contact our data protection officer at dataprotectionoffice@booking.com. You can also contact your local data protection authority.
We address privacy specific questions, requests and concerns that are reported to us using internal policies and procedures based on applicable privacy laws, regulations and guidance. We revisit and enhance these policies and procedures regularly, also taking into account Business Partner feedback.
Just as our business is always changing, this Privacy Statement also changes from time to time. If we plan to make material changes or changes that have an impact on you, we will always contact you in advance. An example of this kind of change would be if we were to start processing your personal data for purposes that aren’t detailed above.
9 Dec 2021