Privacy and cookie statements

  • Privacy Statement for Business Partners
  • Privacy Statement for Booking Holdings Financial Services

Privacy Statement for BHFS

In addition to the Privacy Statement for Booking.com Business Partners, the Booking Holdings Financial Services (BHFS) privacy statement applies in connection with BHFS' payment services for accommodation partners.

Introduction

First things first – your privacy is important to us. You place your trust in us by using our services, and we value that trust. That means we’re committed to protecting and safeguarding any personal data you give us. This privacy statement describes how we use and process your personal data. It also tells you what rights you can exercise in relation to your personal data and how you can contact us.

This is the privacy statement for Booking Holdings Financial Services (BHFS). As you know, BHFS offers payment and financial services to business partners of Booking.com B.V. (Booking.com), and we may collect information related to them and other people in connection with our services.

This privacy statement will apply in addition to the Booking.com Privacy Statements for customers and business partners. If you're a business partner looking for the Booking.com Privacy Statement, click here. If you're a booker, click here.

We are a controller of your personal data. This means we determine why and how we use information about you. In some circumstances, we'll do so jointly with Booking.com, and we agreed with them that they'll be the contact point for you in relation to that arrangement. See the Booking.com Privacy Statements above for more information.

This privacy statement applies to our collection and use of personal data. This includes any personal data you may provide as part of any contract you enter into with us and any personal data you provide or we collect (or is available to us) through your use of our services or otherwise. We may provide other notices on specific occasions when we're collecting or processing personal data about you so that you're fully aware of how and why we're using your data. This statement supplements those and isn't intended to override them.

We might amend this privacy statement from time to time, so we recommend checking this privacy statement occasionally to stay informed of how we use your data.

Terms we use in this Privacy Statement

BHFS, us, our, or we means Booking Holdings Financial Services. There’s more about who we are below.

Our services means the Payments by Booking Service we provide to business partners of Booking.com.

Personal data means any information about an identifiable living individual. This may include your name, title, date of birth, gender, address, email address, phone number, bank account details, or information about you in your identification documents.

You means an individual using our or Booking.com's services or any other individual whose personal data we may collect through their interactions with us, from our group companies, third parties, or by other means.

Who we are

The following entities make up BHFS:

  • Booking Holdings Financial Services International Limited, 70 Sir John Rogerson’s Quay, Dublin 2, Ireland

  • Booking Holdings Financial Services UK Limited, 280 Bishopsgate, London, EC2M 4RB, United Kingdom.

This privacy statement applies to the processing of personal data by any of the entities making up BHFS.

All of the entities that make up BHFS are wholly owned subsidiaries of Booking Holdings Inc. For more information about Booking Holdings Inc. and our wider group of companies, visit the Booking Holdings website.

Keeping your information accurate and up to date

It's important that the personal data we hold about you is accurate and current. If that information is incorrect or your personal data changes, please update your details in the Booking.com online portal, website, or mobile app.

What kind of personal data do we collect?

We collect personal data about business partners when they register and apply for our services. This includes personal data about business partners’ representatives, directors, owners, authorized signatories, and bank account holders. We also collect personal data about business partners because they use our services and in order to process payments.

As a regulated payment services provider, we (and our service providers, on our behalf) carry out identity verification and screening checks designed to ensure that our payment services aren't used for unlawful, fraudulent, or dishonest purposes.

We may obtain information about you from Booking.com, authorized third-party data providers, and credit reference agencies in order to carry out these checks.

We may also collect personal data about bookers (guests who have booked accommodations on the Booking.com website) to provide our services or to comply with our legal or regulatory obligations. This data may be collected directly by us, from Booking.com or from other third parties we use to provide our services.

Find more information about the personal data we process here:

Further information about the personal data we collect and process (subject to applicable laws) is here:

Category Examples Source
Identity data
  • First name
  • Last name
  • Maiden name (if applicable)
  • Title
  • Date of birth
  • Country of residence/Citizenship
  • Personal identification numbers (e.g. national insurance, social security number) as permitted under applicable law
  • Passport details, photograph
  • Unique tax reference numbers
  • You/Your representative
  • Booking.com
  • Providers of business information
Biometric data
  • A unique identifier collected by a scan of your photograph using facial recognition technology
You
Contact data
  • Residential and/or business address
  • Email address
  • Phone number
  • You
  • Booking.com
  • Providers of business information
Contractual and customer service data
  • Details of your interactions with BHFS including call recordings
  • Information about your use of the products and services we've contracted to provide you or your organization
  • Information relating to any legal issues or disputes that may arise
  • You
  • Booking.com
Financial data
  • Bank account details
  • Payment details, including payment card details
  • Transaction data
  • You
  • Booking.com
  • Payment processors
Background data
  • Credit references
  • Financial standing
  • Employment positions
  • Credit reference agencies
  • Identity verification providers
  • Providers of business information
Screening data
  • Screening Data
  • Details of transactions
  • Fraud alerts
  • Anti-money laundering alerts
  • Know your customer information (including property and beneficial ownership information, information relating to political exposed persons (PEP))
  • Relevant information in the public domain about you (including info on insolvency filings, director disqualifications, inclusion on sanctions lists, or actual or alleged financial or related crimes)
  • Family/associate/affiliation information in the public domain (e.g. if you're connected to a politically exposed person)
  • Source of wealth and source of funds, where relevant and required by law
  • Employment position/educational details, where relevant
  • You
  • Your bank
  • Payment processors
  • Payment screening providers
  • Providers of business information
  • Third-party data providers

If we ask you to provide us with your personal data to enable us to comply with our legal or contractual obligations, or to enter into a contract with you and you fail to do so, we may not be able to enter into a contract with you and provide you with our services.

If you provide any of the above personal data about another person, it's your responsibility to ensure that they've had an opportunity to read this privacy statement. By providing their personal data, you acknowledge and confirm that they are aware of and have agreed to submitting their information.

Why do we collect and use your personal data?

We use personal data related to business partners’ directors, authorized signatories, and owners to provide our services.

We also use personal data related to business partners or their representatives to promote and develop our services and operate our business. In addition, we use personal data to fulfill our legal obligations and exercise our legal rights.

We collect and use personal data related to bookers to provide our services or to comply with our legal or regulatory obligations (e.g. carrying out an investigation in order to comply with anti-money laundering regulations).

We must identify lawful grounds to use personal data. Our lawful ground for using personal data to provide our services is that using the personal data is necessary for the performance of a contract we have with you, or to take steps at your request before entering a contract with you.

We also rely on other lawful grounds when promoting and developing our services, or when meeting our legal obligations or exercising our legal rights. For example, we'll process your personal data to meet our legal and regulatory obligations as a payment and financial services provider. We'll also use your personal data for the purposes of any legitimate interest we identify and communicate to you in advance or as set out below.

We'll only use your personal data for the purposes of a legitimate interest when there's no unfair impact on you. Finally, we may ask you for your consent in order to process your personal data for a particular purpose. In such a case, you always have the right to withdraw such consent anytime.

Find more information on our lawful grounds for collecting and processing personal data here:

Further information on our lawful grounds for collecting and processing personal data is here:

Purpose/Activity Lawful ground
Assessing applications for our services Taking steps at your request before entering a contract with you
Collecting and showing you information about you, your property and your organisation Our legal obligations and our legitimate interests in facilitating your onboarding journey
Verifying your identity Your explicit consent
Providing our services to you or your organization (including customer support)
  • Performance of our contract with you
  • Our legitimate interest to provide our services to your organization
Processing payments from you Performance of our contract with you
Sending you messages about your use of our services Performance of our contract with you
Compliance with laws and regulations, including anti-money laundering and financial services regulations and guidelines, managing financial crime risks (including monitoring transactions) Our legal obligations and legitimate interests in detecting, preventing, and investigating unlawful or fraudulent acts or dishonesty
Developing and improving our services Our legitimate interest in developing and improving our services
Investigations and claims Our legitimate interest in bringing or defending legal and regulatory claims
Business intelligence, performance metrics, and analytics Our legitimate interest in understanding the performance and use of our services
Developing and enhancing machine-learning models and artificial intelligence tools Our and third parties’ legitimate interests in improving services and enhancing user experience
Sharing personal data with our group companies for operational, compliance, or other business purposes Our or our group companies’ legitimate interests and legal obligations to receive and share personal data
Information security Our legitimate interests and legal obligations to implement measures to protect information, including personal data
Marketing Our legitimate interest in promoting or offering our services. You can object to the processing of your personal data for this purpose anytime
Dealing with legal claims and disputes involving you and your organisation Our legal obligations and legitimate interests to effectively manage our business operations and to establish, exercise and defend our legal claims and rights

How do we share your data with third parties?

We may share your personal data with Booking.com, our other group companies, external service providers, and other third parties to provide our services and operate our business. We have strict contracts in place with them restricting how they can use your personal data.

We may also share your personal data with Booking.com and our other group companies for other purposes, for example, to support them in meeting their legal obligations. Where Booking.com and our other group companies use personal data for their own purposes, their use of personal data is described in their own privacy statements.

In addition, we may share personal data with courts, law enforcement, or other authorities such as financial services regulators or tax authorities to meet our legal or regulatory obligations, or where in our reasonable opinion sharing information is necessary, for example, to protect our rights or interests.

We may also share personal data with potential buyers, our group companies, and/or business partners where necessary for a reorganization, restructuring, merger, sale, or transfer of assets involving BHFS, or our services.

Find more information about what personal data we share with each type of service provider or third party here:

For more information about Booking.com and how they use your personal data, click here if you are a business partner or click here if you are a booker.

Further information about the categories of service providers or third parties we may share your personal data with is included here:

  • Banks and payment processors

  • Identity verification service providers

  • Cloud and other information technology service providers, other vendors and service providers (such as providers of business information)

  • Fraud detection and screening providers

  • Financial services regulators (UK Financial Conduct Authority, Central Bank of Ireland), courts, law enforcement, tax and other official authorities

  • Our group companies

  • Potential investors, purchasers of the company or assets

  • Law firms and professional services firms (e.g. auditors, tax advisers).

International transfer and recipients of personal data

Some of our service providers are based outside the UK and European Economic Area (EEA) in countries that aren't recognized as providing an adequate level of data protection. When we transfer personal data to service providers based in those countries, we put in place appropriate safeguards to protect your personal data, for example, standard data protection clauses, as approved by the European Commission and the UK.

Contact us if you'd like further details about our data transfers or the standard data protection clauses we've put in place.

Automated decision making

Currently, we do not make decisions about you using automated means. If this changes, we will update this privacy statement.

What retention procedures do we have in place?

We retain your personal data while we still require it to provide you or your organization with our services or to keep appropriate records in accordance with applicable laws, regulatory guidance, and industry practices. In practice, this means that we'll retain personal data related to you for as long as you (or your organization) are a customer of BHFS and for a further archive period in accordance with UK, Irish, or other applicable laws.

Find more information about our retention periods here:

We'll only keep personal data for longer than these periods where necessary for our legal obligations or to exercise our legal rights.

What rights do you have?

Depending on where you're located or the BHFS entity processing your personal data, different rights may apply to the processing of personal data as set out in this privacy statement. If you're in or accessing our services from the UK or EEA, you have the right to:

  • Access your personal data to see what information about you we process

  • Object to particular ways we're using your personal data, for example, where the processing of your personal data is based on legitimate interest

  • Erasure of your personal data

  • Portability of your personal data you've provided to us to other organizations

  • Correct and update your personal data if it's inaccurate

  • Restrict the use of your personal data while concerns you raise are resolved

  • Complain to your supervisory authority, see details below

  • Withdraw your consent

  • Withdraw your consent at any time

Be aware that these rights aren't absolute and there are situations where they can't be exercised or aren't relevant.

Further information on these rights, and the circumstances in which they may arise in connection with our processing of your personal data, can be obtained by contacting us using the details in the section “How to contact us” below.

How to contact us

To contact us about your rights or any other data protection issue, please use: