Privacy and cookie statements

  • Privacy Statement for Business Partners
  • Privacy Statement for Booking Holdings Financial Services

Privacy Statement for Business Partners

This privacy statement applies to all Booking.com business partners, including accommodation partners, other trip providers, and vendors, as well as the employees, contractors, or representatives of these parties.

This Privacy Statement explains how the Booking.com group of companies processes personal data concerning individuals, employees, owners, or representatives acting on behalf of our (existing, former, or potential) Business Partners.

In this document, Booking.com group companies may be referred to as “we,” “us,” “our,” or “Booking.com.” Individuals, employees, owners, or representatives acting on behalf of our Business Partners may be referred to together or separately as “you,” “your,” or “Business Partners.”

Within the context of this Privacy Statement, the term “Business Partners” may refer to:

  • Trip providers,

  • Travel agencies,

  • Third party vendors,

  • Ground transportation companies,

  • Payment service providers,

  • Other business partners enabling Trip reservations through their websites and/or apps (or other means),

  • And natural or legal persons maintaining a business relationship with a Booking.com group company.

Note that companies using our “Booking.com for Business” services to facilitate Trip reservations for their staff are instead subject to our Privacy and Cookie Notice for customers.

This Privacy Statement applies to any Booking.com group company responsible for the processing of personal data concerning a Business Partner. Depending on the nature of the business relationship, different Booking.com group companies may be responsible for the processing of that personal data.

For example, Booking.com B.V., located in Amsterdam, the Netherlands, is responsible for the processing of Trip Provider data. This Privacy Statement also applies to Booking Brasil Serviços de Reserva de Hotéis Ltda, located in São Paulo, Brazil, when processing the personal data of accommodation partners in Brazil.

To find out if and to what extent other Booking.com group companies are responsible for the processing of your personal data, please review the information provided below. Information is also provided in your agreement with Booking.com and made available on our online platforms (such as sign up pages or procurement management platforms). Alternatively, you can contact us at dataprotectionoffice@booking.com.

For more information about how Booking.com uses cookies on dedicated Business Partner websites and apps, please refer to our Cookie Statement.

Terms we use in this Privacy Statement

“Trip” refers to the various travel products and services that can be ordered, acquired, purchased, bought, paid for, rented, provided to, reserved by, combined by, or consumed by end users, from the Trip Provider.

“Trip Provider” means the provider of accommodation (e.g., hotel, motel, apartment, bed & breakfast, landlord, and generically referred to as “accommodation partner”), attractions (e.g., (theme) parks, museums, sightseeing tours), transportation provider (e.g., car rentals, cruises, rail, taxi, airport rides, coach tours, transfers), tour operators, travel insurances, and any other travel or related product or service as from time to time available for Trip Reservation on our platforms.

“Trip Service” means the online purchase, order, (facilitated) payment or reservation service as offered or enabled by Booking.com in respect of various products and services as from time to time made available by Trip Providers on the platform.

“Trip Reservation” means the order, purchase, payment, booking, or reservation of a Trip.

Data collection

The personal data Booking.com collects in regards to Business Partners depends on the context of the business relationship and their interaction with Booking.com, the choices made by the Business Partner and the products, services, and features they use.

Please note that the data items in the sections below are only considered “personal data” when concerning a natural person (meaning an individual human being). These data items are not considered “personal data” when concerning a legal person or entity.

If you're a Business Partner in the state of California, in addition to the information here you have certain additional rights outlined in the section of our privacy statement applicable to California.

The personal data Booking.com collects about our Business Partners can include the following:

Personal data you give to us

  • Contact detailsWe collect contact data from our Business Partners, such as first and last name, date of birth (as required), addresses, business email addresses, telephone, and fax numbers.
  • Financial dataWe collect data necessary for payment and invoicing purposes (including your bank details, bank account number, and VAT number) and data otherwise necessary for the processing of credit slips.
  • Verification detailsBooking.com can ask (representatives of) Business Partners to provide a copy of company registration documents, their ID card or passport, a photo, a video, or other relevant information to verify the authenticity of the Business Partner. This may also include proof-of-licenses or tax information.
  • Other data
    • When a Business Partner communicates with Booking.com, we collect and process information about these communications. During calls with our support center, live listening may be conducted and calls may be recorded for quality control and training purposes. These recordings may also be used for the handling of claims and fraud detection purposes.
    • Recordings are kept for a limited amount of time before being automatically deleted, unless Booking.com has a legitimate interest to keep the recording for longer. This only happens in exceptional cases, such as for fraud investigation, compliance, and legal purposes.

Information we collect automatically

Depending on the business relationship, Booking.com may also collect information automatically—some of which may be personal data. This data is collected when a Business Partner uses online services such as a registration form, a user account (e.g., for the Extranet or partner center), a vendor management platform, or a Booking.com app, like Pulse.

The data collected may include:

  • Language settings,

  • IP address,

  • Location,

  • Device settings,

  • Device operating system,

  • Log information,

  • Time of usage,

  • URL requested,

  • Status report,

  • User agent (information about the browser version),

  • Result (viewer or booker),

  • Browsing history,

  • User Booking ID,

  • Device identifiers such as Android ID, MAC Address, IMEI,

  • And the type of data viewed.

Personal data you give to us about others

By sharing other individuals’ personal data for business purposes—such as data belonging to your staff members—you confirm that these individuals have been informed about the use of their personal data by Booking.com in accordance with this privacy statement. You also confirm that you have obtained all necessary consent, as required by the laws and regulations applicable to you.

Other information we receive from other sources

  • Information on insolvenciesIn insolvency matters, Booking.com can receive information relating to Business Partners from insolvency administrators, courts, or other public authorities.
  • Data related to law enforcement and tax authority requestsLaw enforcement or tax authorities can contact Booking.com with additional information about Business Partners in the event that they are affected by an investigation.
  • Fraud detection and prevention, risk management, and complianceIn certain instances, and as permitted by applicable law, Booking.com may need to collect data through third-party sources for fraud detection and prevention, risk management, and compliance purposes.

Processing purposes

Booking.com uses the previously described Business Partner information, some of which may be personal data, as relevant, for the following purposes:

A. Registration and administration

Booking.com uses account details, contact details, and financial data to manage the business relationship with the Business Partner. This includes for registration and verification purposes.

Certain information, including a Business Partner’s name and address, can be used for other purposes in accordance with the agreement entered into between the Business Partner and Booking.com. An example of this would be using an accommodation partner’s contact details to enable Trip Reservations at their property through a third-party website.

B. Customer service

Booking.com uses the information provided by Business Partners (which may include personal data) to provide support services—for example, to respond to requests, questions, or concerns from Business Partners or customers.

C. Other activities, including marketing

If a potential Business Partner has not finalized online registration, Booking.com may send a reminder to complete the registration process. We believe that this additional service is useful to our (future) Business Partners because it allows them to complete the registration without having to fill out all registration details again.

Booking.com may invite Business Partners to attend and host events that we think might be relevant or of interest to them. We may also use personal data to offer and host online forums that enable Business Partners to find answers to frequently asked questions about the offering and usage of Booking.com products and services.

As relevant to the business relationship, Booking.com uses personal data for communications, including providing information about system or product updates, sending the Booking.com newsletter, inviting Business Partners to participate in referral programs or competitions (such as Booking Hero) or for other marketing communications. When we use personal data to send direct marketing messages electronically, we will offer appropriate opt-out options.

D. Messaging tools

Booking.com may offer Business Partners different means to communicate with (prospective or existing) guests before or after a reservation.

Business Partners can also contact Booking.com to forward reservation information or questions to guests, or communicate with guests using alias emails, which always include Booking.com as a recipient.

Booking.com may access communications between Business Partners and guests. We also use automated systems to review, scan, and analyze communications for the following purposes:

  • Security,

  • Fraud prevention,

  • Compliance with legal and regulatory requirements,

  • Investigations of potential misconduct,

  • Product development and improvement,

  • Research,

  • Customer engagement (including to provide guests with information or offers we believe may be of interest to them),

  • And customer or technical support.

Communications sent or received using Booking.com communication tools will be received and stored by Booking.com.

E. Analytics, improvement, and research:

Booking.com uses information provided to us, which may include personal data, for analytical purposes. This is part of our drive to improve Booking.com products and services and enhance user experience.

This data can also be used for testing purposes, troubleshooting, and to improve the functionality and quality of Booking.com’s online services. We also invite Business Partners to participate in surveys and conduct other market research from time to time.

Certain Business Partners may be invited to join a dedicated online platform to interact with Booking.com and/or exchange experiences with other Business Partners.

Please consult the information Booking.com provides when you are invited to participate in a survey, market research or to join an online platform, to understand how your personal data may be treated differently than described in this Privacy Statement.

F. Security, fraud detection, and prevention

We process the information provided to us, which may include personal data, in order to investigate, prevent, and detect fraud and other illegal acts. This may be personal data a Business Partner has provided to Booking.com, for example, for verification purposes as part of the registration process, personal data collected automatically, or personal data obtained from third-party sources (including from guests).

Booking.com may also use personal data to facilitate investigation and enforcement by competent authorities, where necessary. For these purposes, personal data may be shared with law enforcement authorities.

Booking.com can also use personal data for risk assessment and security purposes, including the authentication of users, and we use third-party service providers for third-party risk management. These providers help us to assess the business risk profile of our Business Partners. They may also provide us with third-party due diligence reports, which, as permitted by applicable law, may include possible information about criminal convictions and offenses of owners or Business Partners.

G. Legal and compliance

In certain cases, Booking.com needs to use the information provided (which may include personal data) to handle and resolve legal disputes or for regulatory investigations, risk management, and compliance. We may also use it to enforce our agreement(s) with Business Partners or solve a complaint or claim involving a guest, as reasonably expected, and in accordance with internal policies and procedures.

In addition, we may need to share information about Business Partners (including personal data) where required by law or strictly necessary to respond to requests from competent authorities. This includes tax authorities, courts, other governmental, and public authorities or local municipalities (e.g., in relation to short-term rental laws).

If we use automated means to process personal data, which produces legal effects or significantly affects you or other natural persons, we will implement suitable measures to safeguard yours or the other person’s rights and freedoms. This includes the right to obtain human intervention.

Legal bases

As applicable for purposes A and B, Booking.com relies on the legal basis that the processing of the personal data is necessary for the performance of the agreement between the Business Partner and Booking.com. If the required information is not provided, Booking.com cannot register a Trip Provider or otherwise work with a Business Partner, nor can we provide customer service.

In view of purposes C to G, Booking.com relies on its legitimate interest to provide its services or obtain services from Business Partners, to prevent fraud and to improve its services. When using personal data to serve Booking.com’s or a third party's legitimate interest, we will always balance the impacted individual’s rights and the protection of their information against Booking.com’s and/or the third party’s rights and interests.

For purposes F and G, Booking.com also relies, where applicable, on compliance with legal obligations (such as lawful law-enforcement requests). Finally, where needed under applicable law, Booking.com will obtain your consent prior to processing personal data, including for marketing purposes or as otherwise required by law.

If you wish to object to the processing set out under C to E and are unable to find a way to opt out directly (for example, in your account settings), please contact dataprotectionoffice@booking.com.

California Business Partners, please go to the California section of this Privacy Statement for more information about your specific rights and how to exercise them.

Data sharing

  • Sharing with affiliatesIn order to support the use of the Booking.com services, your information (which may include personal data) may be shared with members of the Booking.com corporate group. To find out everything you need to know about the Booking.com corporate group, visit our About Booking.com page.
  • Sharing with third partiesWe share Business Partners’ information (which may include personal data) with third parties, as permitted by law and as described below:
    • Service providers (incl. suppliers). We share personal data with selected third-party service providers to provide our products and services, prevent and detect fraud, store data, and otherwise support our business processes, or so they can conduct business on our behalf.
    • Payment Providers and other financial institutions. To process payments between a Business Partner and Booking.com or a guest and a Business Partner, relevant personal data is shared with payment providers and other financial institutions.
    • Sanction list screening or risk management as required by applicable law.
    • Compelled disclosure. When legally required, strictly necessary for the performance of our services, in legal proceedings, or to protect our rights or the rights of other members of the Booking Holdings Inc. group or users, we disclose personal data to law enforcement authorities, investigative organizations, or other group members.
  • Sharing and disclosure of aggregated dataWe may share information with third parties in an aggregate form and/or another form that does not allow the recipient to identify you, for example, for industry analysis or demographic profiling.

Data sharing within the Booking Holdings Inc. corporate group

Booking.com is part of the Booking Holdings Inc. corporate group. For more information about the group, visit the Booking Holdings website.

Booking.com may receive personal data about Business Partners from other companies in the Booking Holdings Inc. corporate group, or we may share Business Partners’ personal data with those companies. This is done for the purposes as described below, subject to any contractual terms.

To provide an example of this inter-group collaboration, Booking.com works closely with Rentalcars.com to offer ground transportation services to its customers, either directly or through our Business Partners.

All companies within the Booking Holdings Inc. group may need to exchange Business Partners’ personal data to ensure we protect all users from fraudulent activities on its online platforms.

The purposes for data sharing within the Booking Holdings Inc. group of companies are:

  • A. To provide services, including reservation services, to manage Business Partner accounts (including vendor management), and to provide support,

  • B. To prevent, detect, and investigate fraudulent and other illegal activities,

  • C. For analytical and product improvement purposes,

  • D. To personalize online services or send marketing with the recipient’s consent (or as otherwise permitted by applicable law),

  • E. To ensure compliance with policies and applicable laws.

Booking.com relies on our legitimate interest and that of the Booking Holdings Inc. group companies’ to receive and share personal data as described under A to D. This is in order to provide services or obtain services from Business Partners, including to improve these services and to prevent fraud.

When using personal data to serve Booking.com’s or a third party's legitimate interest, Booking.com will always balance the impacted individual’s rights and interests in the protection of their personal data with the rights and interests of Booking.com or the third party.

For purpose E, Booking.com relies also, where applicable, on compliance with legal obligations (such as in matters of lawful law-enforcement requests).

If you wish to object to the processing set out under A to D, and are unable to find a way to opt out directly (for example, in your account settings), please contact dataprotectionoffice@booking.com.

Data sharing with Booking.com Transport Limited

Booking.com Transport Limited (“BTL”), also trading as Rentalcars.com, is a private limited liability company, incorporated under the laws of the United Kingdom with offices at 6 Goods Yard Street, Manchester, M3 3BG, United Kingdom.

BTL is part of the Booking Holdings Inc. corporate group, and the ground transportation services offered through Booking.com’s websites and apps are operated by BTL under the Booking.com brand.

Booking.com B.V. operates the BTL affiliate partner sign-up page and account management process. The information collected from BTL Business Partners during this sign-up and account management process, which may include personal data, is shared with BTL for the purposes set out in this Privacy Statement.

If you are a BTL Business Partner and have questions or concerns about the processing of your personal data, or you want to exercise the rights you have under this Privacy Statement, please contact BTL at dataprotectionofficer@rentalcars.com.

International data transfers

The transmission of Business Partners’ personal data, as described in this Privacy Statement, may include overseas transfer of this data. This may be to countries whose data protection laws are not as comprehensive as those of the country or countries in which you initially provided the information, including within the European Union. In such cases, we will protect your personal data as described in this Privacy Statement.

Where required by European law, we will put appropriate safeguards in place to ensure that such transfers comply with European privacy law. In particular, when personal data is transferred to third-party service providers, we establish and implement appropriate contractual, organizational, and technical measures with such providers.

These measures can be established using “Standard Contractual Clauses,” approved by the European Commission, by examining the countries data may be transferred to and imposing specific technical and organizational security measures. Where applicable, you can ask us for a copy of these contractual agreements using the contact details provided below.

Security

We have procedures in place to prevent unauthorized access to and misuse of personal data.

We use appropriate business systems and procedures to protect and safeguard information, including personal data. We also use security procedures and technical and physical restrictions for accessing and using the personal data on our servers. Only authorized personnel are permitted to access personal data in the course of their work.

Data retention

We will retain personal data for as long as deemed necessary to manage the business relationship with a Business Partner, to provide Booking.com services to a Business Partner and to comply with applicable laws (including those regarding document retention), resolve disputes or claims with any parties, and as otherwise necessary to allow us to conduct our business.

All personal data we retain about you as a Business Partner is subject to this Privacy Statement and our internal retention guidelines. If you have questions about the specific retention periods for the various types of personal data we process, please get in touch using the contact details below.

Your choices and rights

Depending on where you are located or the Booking.com entity processing your personal data, different rights may apply to the processing of that data, as set out in this privacy statement. As applicable:

  • You can ask us for a copy of the personal data we hold about you,

  • You can inform us of any changes to your personal data, or you can ask us to correct any of the personal data we hold about you,

  • In certain situations, you can ask us to erase, block, or restrict the personal data we hold about you, or object to particular ways in which we are using your personal data,

  • In certain situations, you can also ask us to send the personal data you have given us to a third party.

Where we are using your personal data on the basis of your consent, you are entitled to withdraw that consent at any time, subject to applicable law. Where we process your personal data based on legitimate interest or public interest, you also have the right to object at any time, subject to applicable law.

Regardless of your location or the Booking.com entity with which you are contracted, we rely on our Business Partners to ensure that the personal data we hold is complete, accurate, and current. Please always inform us promptly of any changes to or inaccuracies in your personal data.

If your business has agreements with a different entity to Booking.com B.V. and you would like further information about the relationship between that entity and Booking.com B.V., you can contact us at any time. You should also do so if you would like to exercise your rights regarding the personal data processed about you as part of that business relationship.

Contact us

If you have questions, requests, or concerns about how we process your personal data, or would like to exercise any of the rights you have under this Privacy Statement, contact our data protection officer at dataprotectionoffice@booking.com. You can also contact your local data protection authority.

We address privacy specific questions, requests, and concerns that are reported to us using internal policies and procedures based on applicable privacy laws, regulations, and guidance. We revisit and enhance these policies and procedures regularly, also taking into account Business Partner feedback.

Changes to this Privacy Statement

Just as our business is always changing, this Privacy Statement also changes from time to time. If we plan to make material changes or changes that have an impact on you, we will always contact you in advance. An example of this kind of change would be if we were to start processing your personal data for purposes that aren’t detailed above.

Jan 11, 2023