Privacy and cookie statements
- Privacy Statement for Business Partners
- Privacy Statement for Booking Holdings Financial Services
Privacy Statement for Booking Holdings Financial Services
In addition to the Privacy Statement for Booking.com Business Partners, the Booking Holdings Financial Services (BHFS) privacy statement applies in connection with BHFS' payment services for accommodation partners.
Introduction
First things first – your privacy is important to us. You place your trust in us by using our services, and we value that trust. That means we’re committed to protecting and safeguarding any personal data you give us. This privacy statement describes how we use and process your personal data. It also tells you what rights you can exercise in relation to your personal data and how you can contact us.
This is the privacy statement for Booking Holdings Financial Services (BHFS). As you know, BHFS offers payment and financial services to business partners of Booking.com B.V. (Booking.com), and we may collect information related to them and other people in connection with our services.
This privacy statement will apply in addition to the Booking.com Privacy Statements for customers and business partners. If you're a business partner looking for the Booking.com Privacy Statement, click here. If you're a booker, click here.
We are a controller of your personal data. This means we determine why and how we use information about you. In some circumstances, we'll do so jointly with Booking.com, and we agreed with them that they'll be the contact point for you in relation to that arrangement. See the Booking.com Privacy Statements above for more information.
This privacy statement applies to our collection and use of personal data. This includes any personal data you may provide as part of any contract you enter into with us and any personal data you provide or we collect (or is available to us) through your use of our services or otherwise. We may provide other notices on specific occasions when we're collecting or processing personal data about you so that you're fully aware of how and why we're using your data. This statement supplements those and isn't intended to override them.
We might amend this privacy statement from time to time, so we recommend checking this privacy statement occasionally to stay informed of how we use your data.
Terms we use in this Privacy Statement
BHFS, us, our, or we means Booking Holdings Financial Services. There’s more about who we are below.
Our services means the Payments by Booking Service we provide to business partners of Booking.com.
Personal data means any information about an identifiable living individual. This may include your name, title, date of birth, gender, address, email address, phone number, bank account details, or information about you in your identification documents.
You means an individual using our or Booking.com's services or any other individual whose personal data we may collect through their interactions with us, from our group companies, third parties, or by other means.
Who we are
The following entities make up BHFS:
Booking Holdings Financial Services International Limited, 70 Sir John Rogerson’s Quay, Dublin 2, Ireland
Booking Holdings Financial Services UK Limited, 280 Bishopsgate, London, EC2M 4RB, United Kingdom.
This privacy statement applies to the processing of personal data by any of the entities making up BHFS.
All of the entities that make up BHFS are wholly owned subsidiaries of Booking Holdings Inc. For more information about Booking Holdings Inc. and our wider group of companies, visit the Booking Holdings website.
Keeping your information accurate and up to date
It's important that the personal data we hold about you is accurate and current. If that information is incorrect or your personal data changes, please update your details in the Booking.com online portal, website, or mobile app.
What kind of personal data do we collect?
We collect personal data about business partners when they register and apply for our services. This includes personal data about business partners’ representatives, directors, owners, authorized signatories, and bank account holders. We also collect personal data about business partners because they use our services and in order to process payments.
As a regulated payment services provider, we (and our service providers, on our behalf) carry out identity verification and screening checks designed to ensure that our payment services aren't used for unlawful, fraudulent, or dishonest purposes.
We may obtain information about you from Booking.com, authorized third-party data providers, and credit reference agencies in order to carry out these checks.
We may also collect personal data about bookers (guests who have booked accommodations on the Booking.com website) to provide our services or to comply with our legal or regulatory obligations. This data may be collected directly by us, from Booking.com or from other third parties we use to provide our services.
Find more information about the personal data we process here:
| Category | Examples | Source |
|---|---|---|
| Identity data |
| You/Your representative |
| Biometric data |
| You |
| Contact data |
|
|
| Contractual and customer service data |
|
|
| Financial data |
|
|
| Background data |
|
|
| Screening data |
|
|
If we ask you to provide us with your personal data to enable us to comply with our legal or contractual obligations, or to enter into a contract with you and you fail to do so, we may not be able to enter into a contract with you and provide you with our services.
If you provide any of the above personal data about another person, it's your responsibility to ensure that they've had an opportunity to read this privacy statement. By providing their personal data, you acknowledge and confirm that they are aware of and have agreed to submitting their information.
Why do we collect and use your personal data?
We use personal data related to business partners’ directors, authorized signatories, and owners to provide our services.
We also use personal data related to business partners or their representatives to promote and develop our services and operate our business. In addition, we use personal data to fulfill our legal obligations and exercise our legal rights.
We collect and use personal data related to bookers to provide our services or to comply with our legal or regulatory obligations (e.g. carrying out an investigation in order to comply with anti-money laundering regulations).
We must identify lawful grounds to use personal data. Our lawful ground for using personal data to provide our services is that using the personal data is necessary for the performance of a contract we have with you, or to take steps at your request before entering a contract with you.
We also rely on other lawful grounds when promoting and developing our services, or when meeting our legal obligations or exercising our legal rights. For example, we'll process your personal data to meet our legal and regulatory obligations as a payment and financial services provider. We'll also use your personal data for the purposes of any legitimate interest we identify and communicate to you in advance or as set out below.
We'll only use your personal data for the purposes of a legitimate interest when there's no unfair impact on you. Finally, we may ask you for your consent in order to process your personal data for a particular purpose. In such a case, you always have the right to withdraw such consent anytime.
Find more information on our lawful grounds for collecting and processing personal data here:
| Purpose/Activity | Category | Lawful ground |
|---|---|---|
| Assessing applications for our services |
| Taking steps at your request before entering a contract with you |
| Verifying your identity |
| Your explicit consent |
| Providing our services to you or your organization (including customer support) |
|
|
| Processing payments from you |
| Performance of our contract with you |
| Sending you messages about your use of our services |
| Performance of our contract with you |
| Compliance with laws and regulations, including anti-money laundering and financial services regulations and guidelines, managing financial crime risks (including monitoring transactions) |
| Our legal obligations and legitimate interests in detecting, preventing, and investigating unlawful or fraudulent acts or dishonesty |
| Developing and improving our services |
| Our legitimate interest in developing and improving our services |
| Investigations and claims |
| Our legitimate interest in bringing or defending legal and regulatory claims |
| Business intelligence, performance metrics, and analytics |
| Our legitimate interest in understanding the performance and use of our services |
| Sharing personal data with our group companies for operational, compliance, or other business purposes |
| Our or our group companies’ legitimate interests and legal obligations to receive and share personal data |
| Information security |
| Our legitimate interests and legal obligations to implement measures to protect information, including personal data |
| Marketing |
| Our legitimate interest in promoting or offering our services. You can object to the processing of your personal data for this purpose anytime |
How do we share your data with third parties?
We may share your personal data with Booking.com, our other group companies, external service providers, and other third parties to provide our services and operate our business. We have strict contracts in place with them restricting how they can use your personal data.
We may also share your personal data with Booking.com and our other group companies for other purposes, for example, to support them in meeting their legal obligations. Where Booking.com and our other group companies use personal data for their own purposes, their use of personal data is described in their own privacy statements.
In addition, we may share personal data with courts, law enforcement, or other authorities such as financial services regulators or tax authorities to meet our legal or regulatory obligations, or where in our reasonable opinion sharing information is necessary, for example, to protect our rights or interests.
We may also share personal data with potential buyers, our group companies, and/or business partners where necessary for a reorganization, restructuring, merger, sale, or transfer of assets involving BHFS, or our services.
Find more information about what personal data we share with each type of service provider or third party here:
| Service provider/Third-party type | Category |
|---|---|
| Banks and payment processors |
|
| Identity verification service providers |
|
| Cloud and other service providers |
|
| Fraud detection and screening providers |
|
| Financial services regulators (UK Financial Conduct Authority, Central Bank of Ireland), courts, law enforcement, and other official authorities |
|
| Our group companies, potential investors, purchasers of the company, or assets |
|
| Law firms and professional services firms (e.g. auditors, tax advisors) |
|
International transfer and recipients of personal data
Some of our service providers are based outside the UK and European Economic Area (EEA) in countries that aren't recognized as providing an adequate level of data protection. When we transfer personal data to service providers based in those countries, we put in place appropriate safeguards to protect your personal data, for example, standard data protection clauses, as approved by the European Commission and the UK.
Contact us if you'd like further details about our data transfers or the standard data protection clauses we've put in place.
What retention procedures do we have in place?
We retain your personal data while we still require it to provide you or your organization with our services or to keep appropriate records in accordance with applicable laws, regulatory guidance, and industry practices. In practice, this means that we'll retain personal data related to you for as long as you (or your organization) are a customer of BHFS and for a further archive period in accordance with UK, Irish, or other applicable laws.
Find more information about our retention periods here:
| Category | Retention period |
|---|---|
| For the period you're a customer of BHFS, plus an extra six-year archive period |
| For up to 72 hours |
| For the period you're a customer of BHFS, plus an extra ten-year archive period |
| For the period you're a customer of BHFS, plus an extra six-year archive period |
| For up to six years after you stop being a customer of BHFS |
We'll only keep personal data for longer than these periods where necessary for our legal obligations or to exercise our legal rights.
What rights do you have?
Depending on where you're located or the BHFS entity processing your personal data, different rights may apply to the processing of personal data as set out in this privacy statement. If you're in or accessing our services from the UK or EEA, you have the right to:
Access your personal data to see what information about you we process
Object to particular ways we're using your personal data, for example, where the processing of your personal data is based on legitimate interest
Erasure of your personal data
Portability of your personal data you've provided to us to other organizations
Correct and update your personal data if it's inaccurate
Restrict the use of your personal data while concerns you raise are resolved
Complain to your supervisory authority, see details below
Withdraw your consent
Be aware that these rights aren't absolute and there are situations where they can't be exercised or aren't relevant.
How to contact us
To contact us about your rights or any other data protection issue, please use:
You can contact a supervisory authority in the EEA in the place where you live or work, or in the place where you think an issue related to your personal data has arisen. You can find a list of national supervisory authorities in the EEA on the European Data Protection Board website. You can also contact the supervisory authority in the UK, the Information Commissioner’s Office (ICO).