Updated March 2025

We are Booking.com and this privacy notice is intended for travellers using or considering using our products and services.

Your privacy matters at Booking.com. You place your trust in us by using Booking.com services and we value that trust. That means we’re committed to protecting and safeguarding your personal data.

This privacy notice describes how we collect and otherwise process your personal data when you, for example, visit our websites, use our mobile apps or buy a travel-related product or service through us. Amongst other things, it tells you what rights you have in relation to your personal data and how you can contact us.

Booking.com offers online travel-related services through its own websites and mobile apps as well as via third-party channels such as partners’ websites.

This privacy notice applies to any kind of traveller information Booking.com processes through all of the above services.

This privacy notice for travellers is not the only privacy notice Booking.com maintains to inform you about its processing of personal data. A similar privacy notice is available for Booking.com’s business partners.

Booking.com amends its privacy notices from time to time and recommends that you visit its privacy notice pages occasionally to stay informed. If Booking.com makes updates to a privacy notice that could impact persons significantly, it will take steps to inform these persons about such changes before they take effect.

Throughout its privacy notices, Booking.com uses particular terms that have a specific meaning in the context of these notices and the services Booking.com offers. These specific terms are described here.

When you make a trip reservation, you are (at a minimum) asked for your name and email address. Depending on the nature of the trip reservation, we may also need to ask you for your home address, telephone number, payment information, date of birth, current location (in the case of on-demand services), whether you’re travelling for work purposes or not, the names and dates of birth of the people travelling with you and any preferences you might have for your trip (such as dietary or accessibility requirements). For reservations for flights and certain attractions, we may be required to ask you for additional information including your and your co-travellers’ passport or national ID information. This may also be necessary for online check-in.

When you contact our customer service team, contact your trip provider through our platform or reach out to us in a different way (such as through social media, for example) we also collect information from you via these channels including metadata such as, for calls, who you are, where you called from and the date and length of the call.

When you search using our platform for possible trip reservations, you can select to save specific trip items in a list which we store for you. During or after your trip, we may also invite you to submit reviews that can inform others about the experiences you had on your trip. When you submit reviews on the platform, we collect information you’ve included along with your first name or display name and avatar (if you choose one).

If you create a user account on our platform, we also store information you include and manage in that user account. This can include personal settings, credit card information, uploaded photos and your reviews. You can also choose to add to your user account details from one or more of your identification documents so that you don't have to re-enter this information for future trip reservations. The data kept in your user account can help you plan and manage future trip reservations and personalised recommendations.

There are other circumstances where you’ll provide us with personal data. For example, if you’re using our platform from your mobile device, you can decide to allow Booking.com to use your current location or grant us access to some other details. This helps us to give you the best possible service and experience by, for example, suggesting the nearest restaurants or attractions to your location or making other recommendations.

It may be that you use our platform to make a trip reservation on behalf of, or that involves, other travellers. In this case, you may be required to provide some details about these persons as part of the trip reservation. If you have a Booking.com for Business account, you can keep an address book there to make it easier to plan and manage business travel arrangements for others.

In some cases, you might use Booking.com to share information with others. This can take the form of sharing a list of saved items for example.

When you use the platform to share information about others, it’s your responsibility to ensure that each person you provide personal data about is aware that you’re doing so and can understand how Booking.com uses their personal data (as described in this privacy notice).

Whether or not you make a trip reservation, when you use our websites or mobile apps we automatically collect certain information. This includes your IP address, the dates and times of using our platform and selected information about your device’s hardware and software (such as the type of operating system, internet browser and mobile app version you use as well as your chosen language settings). When you are redirected by a third-party website or mobile app to a Booking.com website or mobile app, we collect this as well. We also collect information about clicks you make and which pages are shown to you from our platform, for instance via the cookies that we drop.

When you use our mobile apps, we collect data that identifies that mobile device as well as data about the operation (including possible crashes) of the app on that device.

We may also receive information about you from other sources. This can include one or more of the following:

• Other BHI companies
• Trip providers, for example as part of their interactions with our customer services
• Strategic partners we contract with
• Other third-party companies such as marketing partners

Information we receive from these parties may be used together with information you provide us directly via our platform for the purposes of providing services to you.

We receive personal data about you from these parties in situations such as those listed here:

• Our trip reservation services are not only made available directly on our websites and mobile apps. They are also integrated into the services of strategic partners you can find online. When you make a reservation online using a service for which the strategic partner relies on Booking.com, we receive the reservation details via the strategic partner so that your reservation can be processed and supported.
• Trip providers may share information about you with Booking.com too. This could happen if you have support questions about a pending trip reservation, or if disputes or other issues arise about a trip reservation.
• We integrate with third-party payment service providers such as Adyen and Stripe, for example, to facilitate electronic payments between you, Booking.com and trip providers. These service providers share payment information so we can administer and handle your trip reservation.
• In some cases, we link to other business partners providing trip reservations that may not be available on our website or mobile apps. When you click on these, you are redirected to other business partner’s websites where you can make a reservation. These partners may share certain personal data related to your specific reservation and your interactions on these websites or mobile apps with us in accordance with their privacy policies.
• Our platform includes communication services such as email and chat messages. These communication services offer you a convenient way to contact the trip provider you’ve booked with to discuss specifics of your reservation such as available parking at an accommodation. The data we collect and process includes these communications. We may block the delivery of communications that we, at our sole discretion, believe might contain malicious content or spam, or pose a risk to you, trip providers, Booking.com, or others.
• We may also receive information (such as the additional cookie data our social media and marketing partners may make available to us on an aggregated basis)in order for us to measure the effectiveness of advertising and marketing campaigns.
• When you link your Booking.com user account to a social media account you control, you might trigger exchanges of data between Booking.com and that social media provider. You can always choose to unlink your Booking.com user account by updating your Booking.com user account settings and preferences.
• We collect information in the regrettable case that we receive a complaint about you from a trip provider, for example in the case of possible misconduct.

We can only provide you with certain trip services if we can collect and process some personal data about you. For example, we can only process a trip reservation for you with your name and contact details.

We use your personal data for a number of purposes as outlined here:

First and foremost, we process your personal data to complete and administer your online trip reservation – which is essential to provide this service. This includes sending you communications that relate to your trip reservation, such as confirmations (including, where applicable, providing you with a proof of purchase and/or payment), modifications and reminders. In some cases, this may also include processing your personal data to enable online check-in with the trip provider or processing personal data in relation to possible damage deposits.

In addition to your contact details (your email address and telephone number, for example), in order to provide you services, we may also need reservation identifiers and dates to determine the duration of the reservation.

We provide our travellers with customer service in more than 40 languages, and we’re here to help 24 hours a day, 7 days a week. Sharing reservation information with our global customer service staff is essential to help you when you need us. This includes for example helping you to contact the right trip provider and responding to any questions you might have about your trip reservation.

To do this, we use personal data such as your reservation details including, for example, the price of your reservation as well as how and when you made the reservation.

As a user of our services, you can create an account for your use across our platform. With a user account, you can manage your trip reservations, take advantage of special offers, make future trip reservations more easily and manage your personal settings.

Managing personal settings gives you the ability to keep and share lists, share photos, easily see trip services you’ve searched for and check travel-related information you’ve provided. You can also see any reviews you’ve written in connection with your trips.

With your user account, you can also create a public profile under your own first name or with another name you choose. If you log in to the Booking.com platform with your user account and you want to create a Booking.com for Business account, we may use your name and email address to pre-fill the sign up form.

If you’re a Booking.com for Business user account holder, you can also save contact details under that user account, manage business reservations and link other account holders to the same Booking.com for Business user account.

To provide user accounts, we use personal data such as login credentials for accessing your user account and information about when the user account has been used in connection with reservations and payments, for example.

We use your information for marketing activities. These activities include:

• Using your contact information and your interaction with our platform (such as previous reservations and behavioural data, including data collected via cookies and similar tracking technologies) to send you personalised marketing messages (e.g. via push notifications, emails or platform notifications) from Booking.com, including promotions, Genius and other rewards, travel experiences, surveys, and updates about Booking.com’s products and services. You can unsubscribe from receiving email marketing communications quickly and easily at any time. Just click the "Unsubscribe" link included in each communication, or manage your preferences via your account settings.
• Based on your interaction with our platform (such as previous reservations and behavioural data, including data collected via cookies and similar tracking technologies), personalised marketing from Booking.com including promotions, Genius and other rewards, travel experiences, surveys, and updates about Booking.com’s products and services might be shown to you on the Booking.com website, on our mobile apps, or on third-party websites/apps. These may be offers and recommendations we think you may find interesting that you can book directly on our platform, on sites operated in partnership with a strategic partner, or on other third-party sites. Some of these recommendations may be produced on the basis of personal data we collected from you during different visits to our platform or on different devices, even when you are not logged in. Our page on “How we work” contains more information on our recommendation systems, including how you can manage your personalisation preferences.
• We may contact you with information about insurance products that you didn’t include in your reservation.
• We may organise other promotional activities and, based on information already collected, we may invite you and other travellers to participate in such activities.

To do this, we use personal data such as your contact and account information, browsing data, location data and preferences as well as searches and reservations you make from different devices.

There may be times when we get in touch with you including via email, chatbot, post, phone call, push notification, platform notification or text message. Which method we choose depends on the contact information you’ve previously shared.

We process personal data in communications you and other parties send to us. There may be a number of reasons for this, including:

• Responding to and handling any support requests made by you or the trip provider you booked with. We offer travellers and trip providers various ways to exchange information via our platform, such as regarding requests and comments about trip providers and trip reservations made via Booking.com.
• If you have started but not finished a trip reservation online, we might contact you to invite you to continue with your reservation. We believe that this convenience benefits you as it allows you to pick up the process where you left off without having to search for a trip provider or fill in your reservation details again.
• When you use our trip services, we might send you a questionnaire or otherwise invite you to provide a review about your experience with us or the trip provider.
• We also send you other material related to your trip reservations, such as how to contact us if you need assistance while you’re away and information that we feel might be useful to you to prepare for your trip and get the best experience.
• Even if you don’t have an upcoming trip, we may still need to send you other administrative messages, which could include security alerts.
• In case misconduct is reported to us by a trip provider for example, we may send you a warning or other notice.

To do this, we use personal data such as your first and last name, email address and reservation details including reservation IDs and chosen locations.

We sometimes invite our customers to participate in market research. Please see the information that accompanies this kind of invitation to understand what personal data will be collected and how that data is used.

We use personal data about travellers using our platform for analytical purposes including for analysing how you or travellers like you with similar interests use our platform, measuring our operating performance and improving trip services. We may process your user ID, which is linked to the email address used if you created a user account, for the purpose of measuring the audience visiting our websites. Your personal data may be used by us to develop and enhance our machine learning models and artificial intelligence systems. This is a necessary part of our ongoing commitment to make our services better and enhance our travellers’ experience. For further details, please see the section How we use artificial intelligence and make automated decisions.

In addition to the statistics we generate regularly about our business, we use data to test and troubleshoot platform features. The main goal here is to get insights into how our services perform, how they are used, and ultimately how to optimise and customise our website and mobile apps, making them easier and more meaningful to use. As much as possible, we strive to use anonymised and de-identified personal data for this analytical work.

In order to achieve this purpose, we may combine personal data we collect from you during different visits to our platform or visits on different devices, even when you are not logged in.

To do this, we use personal data such as:

• Reservations made by travellers over specific periods of time or for specific products
• The searches travellers made on our websites and apps
• The reviews travellers shared via us about their trip experience

Our recurring work for analytical purposes includes the use of solutions that de-identify personal data or process personal data in encrypted formats.

When you search our websites or mobile apps, for example to find an accommodation, a rental car or a flight, the pricing you see may depend on a number of factors, such as whether you are in the European Economic Area (EEA) or in another country.

In order to display the pricing applicable to you, we use personal data such as your IP address, the type of device you are using and which site you came from.

During and after your trip, we might invite you to submit a review. We can also make it possible for the people you’re travelling with or for whom you’ve booked a reservation to do this instead. This invitation asks for information about the trip provider or the destination.

If you have a Booking.com user account, you can choose to display a screen name next to your review, instead of your first name.

By completing a review, you’re agreeing that it can be displayed (as described in detail in our Terms of Service), for example, on:

• The relevant trip provider information page on our websites
• Our mobile apps
• Our social media accounts
• Websites operated by third-party companies such as trip providers.

This helps to inform other travellers about the quality of the trip service you used, the destination you chose or any other experiences you choose to share without disclosing your identity. Reviews submitted by travellers are subject to automated and other content moderation to verify that reviews conform with our Content standards and guidelines.

When you make calls to our customer service team, we use an automated telephone number detection system to match the number you call from to the reservation you made. This saves time for you and our customer service staff. However, our customer service staff may still ask for further identification, to further ensure your reservation details remain confidential.

When you call our customer service team, we may have one or more authorised persons listen to the call or record the call for training and quality control purposes. This quality control includes the usage of the recordings to handle possible complaints, legal claims and indications of possible fraud attempts.

We do not record every call made to our customer service team and, if a call is recorded, it is kept for a limited amount of time (30 days by default). We then automatically delete the call recording unless we determine before then that it will be necessary to retain it for fraud investigation or legal purposes.

We continuously analyse and use certain personal data to prevent and detect online fraud attempts and other illegal or unwanted activities. This is necessary to maintain our platform as a trustworthy environment as well as for the safety of all travellers.

We use personal data for safety and security purposes, including when you report a safety concern, when others do so about you or when we need to identify persons in connection with a user account or reservation. When we do this, we may have to stop or put certain reservations on hold until we’ve finished our assessment. If we have concerns about serious misconduct, we may decide to cancel your upcoming reservations or to decline future reservations via our platform.

In case of safety or security concerns, we may process information from publicly available sources to prevent or detect harm. We cannot prevent that some of that information may contain special categories of personal data.

In order to detect and prevent fraud and limit other abuse of our platform, we may use your personal data and analyse your behaviour on our platform to assess the risk of a certain action or transaction you are attempting to make. For example, this may help us determine whether a bot is using our platform, rather than a legitimate user or to determine whether a user is making a fraudulent payment using a stolen credit card.

To achieve this purpose, we use personal data such as your contact information, other identifiers (such as IP addresses), reservation details including cancelled reservations, reviews, account information, browsing data, location data, communications data, or other information that you or another person has provided to us.

We use artificial intelligence to review activity on our platform for fraud and to detect any other forms of misconduct as described in the section How we use artificial intelligence and make automated decisions.

In certain cases, we may need to reuse your information to:

• Handle and resolve legal claims and disputes
• Address possible regulatory investigations
• Enforce our online reservation Terms of Service
• Comply with lawful requests from law enforcement
• Comply with laws and regulations that apply to Booking.com

For example, we may be required to process your reservation history, the details of one or more of these reservations and associated payment information.

To process your personal data as described above, Booking.com relies on several legal bases provided for in applicable privacy regulations. This is summarised as follows:

If you wish to object to the processing set out under C to L and no opt-out mechanism is available to you directly (for example, in your user account settings), please contact us as described in the section Your rights.

To support the use of Booking.com services, your details may be shared within Booking.com group entities and the other Booking Holdings Inc. companies described in the section on Our company.

We may receive personal data about you from other companies in the BHI group (such as Agoda or OpenTable), or share your personal data with them, for the following purposes:

1. To provide services (including making, administering and managing reservations or handling payments)
2. To provide customer service
3. To detect, prevent and investigate fraudulent or other illegal activities and data breaches - companies within BHI may need to exchange personal data about certain persons to ensure all platform users are protected for example from online fraud attempts
4. For analytical and product improvement purposes where permitted by applicable law
5. To provide personalised offers or send you marketing communications with your consent or as otherwise permitted by applicable law
6. For hosting, technical support, overall maintenance and maintaining security of such shared data
7. To ensure compliance with applicable laws

As applicable and unless indicated otherwise, for purposes A to F, we rely on our legitimate interests to share and receive personal data. For purpose G, we rely, where applicable, on compliance with legal obligations (such as lawful law enforcement requests). We also ensure that data flows between companies in the BHI group comply with applicable law. Where needed under applicable law, we will obtain your consent prior to sharing your personal data with other companies in the BHI group.

In certain circumstances, we’ll share your personal data with third parties. These third parties include:

In order to complete your trip reservation, we need to transfer relevant reservation details to the trip provider you have chosen.

Depending on the trip reservation and the trip provider, the details we share can include your name, contact and payment details, the names of the people accompanying you and any other relevant information (such as check-in/check-out dates) including preferences you specified when you made your trip reservation.

In certain cases, we also provide some summary information about you to the trip provider. This can include:

• Whether you’ve already booked with the trip provider in the past
• The number of completed reservations you’ve made with us
• The absence of reports to Booking.com regarding misconduct involving you
• The percentage of reservations you may have cancelled in the past on our platform
• Whether you’ve given reviews about past reservations

If you have a query about your trip, we may contact the trip provider to handle your request. Unless payment is made to Booking.com itself during the reservation process, we need to forward your credit card details to the trip provider you chose for payment processing.

To resolve possible trip related claims or disputes or any other kind of customer service issue, we may provide the trip provider on an as-needed basis with your contact details and other information about the reservation, claim or dispute. This can include, for example, your email address and a copy of your reservation confirmation to confirm the trip reservation was made or to confirm the reasons for its cancellation.

Trip providers will further process your personal data outside of the control of Booking.com, to prepare for arriving and departing guests for example. Trip providers may also ask for additional personal data, for instance to provide additional services and to comply with local requirements and restrictions. If available, please read the privacy notice of the trip provider to understand how they process your personal data.

We work with many strategic partners around the world. These strategic partners distribute and advertise Booking.com’s services, including the services and products of our trip providers. Depending on the strategic partner, you may make your trip reservation through:

• our website that is operated in partnership with a strategic partner; or
• strategic partners’ websites or mobile apps.

For the former, the strategic partners will receive certain personal data related to your specific reservation and your interactions on these websites. This is for their commercial purposes.

For the latter, certain personal data that you give them, such as your name and email address, your address, payment details and other relevant information, will be forwarded to us to finalise and manage your trip reservation. With these strategic partners, we may act as joint controllers for processing of specific personal data. If you choose to exercise your data subject rights with our strategic partners, we may collaborate to ensure an adequate response to your request.

For fraud detection and prevention purposes, we may also exchange information about our users with strategic partners – but only when strictly necessary.

Many trip providers contract with specific third-party companies (often referred to as “connectivity providers”) to automate the routing of reservation information from Booking.com and other members of the travel industry to them.

Connectivity providers act on behalf of trip providers (rather than Booking.com) and forward reservation information to them so that they can manage their reservations in their systems.

We use service providers from outside of the Booking Holdings Inc. company group to support us in providing our trip services. The services these third-party companies provide include:

• Customer support
• Industry/market research
• Fraud detection and prevention (including anti-fraud screening)
• Insurance coverage claims handling
• Payment processing
• We use third parties to electronically process payments, handle chargebacks or provide billing collection services. The payment service providers may, in some cases, use your personal data for their own purposes, such as to detect and prevent fraud attempts and to comply with legal requirements applicable to them.
• When a chargeback is requested for your trip reservation, either by you or by the holder of the credit card used to make your reservation, we need to share certain reservation details with the payment service provider and the relevant financial service organisation so they can handle the chargeback. This may also include a copy of your reservation confirmation or the IP address used to make your reservation.
• We may also share information with relevant financial institutions, if we consider it strictly necessary for fraud prevention purposes, for example, to prevent the fraudulent use of a stolen credit card.
• Marketing services
• We may share some of your personal data (such as identifiers) with advertising partners, as part of the marketing of our trip services via third parties (to ensure that relevant advertisements are shown to the right audience).
• We use techniques such as hashing specific personal data (for example your email address or telephone number) to enable matching with data in one or more of their databases. Such techniques limit what the receiving third-party company can do with the personal data we selectively share with them.

In some cases (such as disputes or legal claims or as part of auditing activities), we may need to share your personal data with representatives of professional service organisations. These representatives can include legal counsels at law firms as well as auditors. We only share your personal data to the extent that is necessary and in line with contractual and other obligations applicable to them.

We follow specific protocols when law enforcement agencies and other government bodies request us to disclose to them personal data about one or more travellers in connection with a possible criminal matter. We may also disclose personal data to law enforcement agencies in connection with possible cases of fraud.

We follow similar protocols where for example EU and local laws additionally require us to share personal data with the competent authority such as a tax authority. Such disclosures by us may be required to:

• Comply with a legal obligation, for instance, under applicable short-term rental laws
• Protect and defend our rights or the rights and interests of our business partners.

We may share personal data in other instances with other business partners. These include:

• Insurance companies - If an insurance claim is made, concerning you and a trip provider, we may provide the necessary data (including personal data) to the insurance company and their appointed representatives for further processing.
• Other trip providers - We may present you with a ‘Partner offer’. When you book a stay marked ‘Partner offer’, your reservation will be facilitated by a trip provider who is separate from the accommodation you’re booking. As part of the reservation process, we’ll need to share some relevant personal data with this trip provider. If you book a ‘Partner offer’, please review the information provided in the reservation process or check your reservation confirmation for more information about the trip provider and how your personal data will be further processed by them.

Booking.com is a business connecting travellers and partners around the world. The data that we collect from you, as described in this privacy notice, could be made accessible from, transferred to or stored in countries which may not have the same data protection laws as the country in which you initially provided the information. In any case, we apply appropriate safeguards to make sure that cross-border transfers of personal data comply with applicable law and seek to ensure that your data continues to receive a comparable level of protection.

In particular, if you are in the European Economic Area (EEA) and your personal data is transferred to third-party service providers in countries not considered adequate by the European Commission (EC), we establish and implement appropriate contractual, organisational and technical measures with these third-party companies. This is done by using Standard Contractual Clauses as approved by the EC, by examining the countries to which the data may be transferred, and by imposing specific technical and organisational measures.

In certain cases, we transfer your data outside the EEA because it is necessary to conclude or perform the contract we have with you. For instance, if you make a trip reservation involving a trip provider or strategic partner operating outside of the EEA, it is likely to require that we transfer data about your specific reservation outside of the EEA.

For transfers of your personal data outside of theUnited Kingdom (UK), we apply the equivalent mechanisms and appropriate safeguards for the UK.

You can ask us for more information on our implemented safeguards by contacting us as described in the section Your rights.

Depending on the type of product or service that concerns you and other factors such as where you live, we may have additional information to provide you which supplements or even replaces the information elsewhere in this notice. Please review the sections below which apply to you in order to have the full picture.

If your use of our services includes ground transportation, the information in this section applies to you. It adds to, or replaces, the information in other parts of this privacy notice.

In addition to what we list in the section Personal data you give to us, for a car rental reservation we might also ask for your home address, billing address, phone number, date and place of birth, passport and driving licence information, government-issued identification (where required by law) and the names of any additional drivers. For a private or public transport reservation, we might ask for your pick up and drop off address (if you book a journey such as a car or an airport transfer). We might also ask for your date of birth (or age range for some public transport tickets eg: child or senior tickets) and the names of any additional passengers.

In addition to what is described in the section Personal data we receive from other sources, car rental, private or public transport companies also may share information about you with us. This could happen if you need support with or have questions about a pending reservation, or if disputes or other issues arise about a reservation.

In addition to what is described in the section Purposes of collecting and processing your personal data, we may use your personal data in relation to customer reviews. During and after your trip, we might invite you to submit a review. This is to inform others about the quality of the ground transportation provider you used and any other experiences you choose to share. This invite asks for information about the provider and your experience. You can choose to display a screen name next to your review, instead of your real name.

In addition to what is described in the section How we share personal data with third parties, if the car rental company you select on our platform participates in our pre-registration scheme, the details we share can also include your email address, home address, phone number, date and place of birth, passport and driving licence information if you have provided this information to us at your sole discretion. Providing further pre-registration information will enhance your pick-up experience, but it is optional and you will still be able to pick up your rental car even if you do not provide any pre-registration information.

Please note that, sometimes, at the direction of the ground transportation provider, we will need to share your personal data with parties related to the provider in order to finalise and administer your reservation. These parties might include other entities of the provider’s corporate group or service providers, drivers or end fleets who are handling the data on the provider’s behalf.

Car rental companies may also ask for additional personal data, for instance, to provide additional services or to comply with local restrictions. Please be aware that any information you provide directly to the company/companies supplying your car and/or related products will be stored and used in accordance with their own privacy statement(s) and terms and conditions.

Return to main notice

If you purchase an insurance product whilst using our platform, the information in this section applies to you. It adds to, or replaces, the information in other parts of this privacy notice.

The offering of insurance can involve multiple parties, such as intermediaries, underwriters, and other agents. Where Booking.com Distribution B.V. is involved, it will act as the intermediary and authorised agent or appointed representative (depending on the jurisdiction) on behalf of the insurer, by offering insurance products and services to Booking.com customers.

Please review the information provided during the reservation process for more information about us and the parties who work together with us to offer you these products and services. The details of the insurer will be visible in the insurance policy and related documentation provided to you.

When offering insurance, we may have to use and share personal data that is relevant to the insurance product. This data relates to you as a potential or actual policyholder, the beneficiaries under a policy, family members, claimants, and other parties involved in a claim:

• To provide offers, arrange insurance cover and handle insurance claims, some personal data, provided to us during the reservation process, (“General Order Data”) may have to be shared within other Booking.com entities. You may also be asked to provide additional information, such as names of family members or other beneficiaries or details about a claim (“Insurance-Specific Data”).
• If you make a claim under an insurance policy, this claim may be directly handled by the insurer. This means that you may be asked to provide personal data in order to submit the claim directly to them. The insurer will inform you accordingly at the point of collection of your information. When your claim is handled by the insurer, we may receive information about the status of your claim in order to provide you with customer support services.

For further information about the relationship between Booking.com and Booking.com Distribution B.V., and to exercise your rights regarding personal data that is collected via the Booking.com platform, please contact us as described in the section Your rights.

Insurance related call recordings may be kept for longer than the default 30 days applied to other call recordings in order to comply with specific provisions from insurance related laws and regulations.

We combine people, processes and technology to protect your personal data and respect your privacy.

This includes, amongst other things, that we:

• Maintain a comprehensive framework of security policies, procedures and protocols
• Employ personnel dedicated to cybersecurity and data protection
• Keep staff alert to security risks through continual security training and awareness activities
• Use up-to-date security technologies such as encryption and data leakage prevention to help guard against unauthorised data disclosure or destruction
• Maintain inventories to provide oversight over processes, systems and data assets
• Use multiple systems for fraud prevention/detection and continuous system monitoring including for security purposes
• Use identity and access management and other logical and physical access restrictions to control that only authorised personnel can access personal data
• Maintain and test protocols to respond to reports about possible incidents and data breaches
• Verify and enhance our security systems, procedures and protocols on a recurring basis
• Impose equivalent measures on third parties we appoint

We use retention practices to keep and, where possible under applicable law, dispose of personal data. Generally, we keep your personal data for as long as is necessary to:

• Enable you to use our services or to provide our services to you
• Prevent and detect online fraud attempts and/or other illegal activities
• Comply with legal obligations such as those from accounting and tax laws
• Resolve any disputes and legal claims

Although not mandatory for your use of Booking.com’s platform, we recommend that you:

1. Use a user account where available on our platform. By using a user account, you can protect access to your data, such as your reservation history and for your Wallet for example, with a strong password as well as two-factor authentication.
2. Use unique passwords for every online service including for your access to Booking.com. If you reuse user account and password combinations across multiple services available via the internet and one of these services suffers a data leak, malicious actors typically try using the same combinations to gain access to your user accounts at other online services such as Booking.com. Where we detect such malicious attacks to the detriment of travellers, we take countermeasures rapidly such as blocking user accounts at risk and alerting user account holders.
3. Read (and follow the guidance from) articles we may make available to travellers and partners about online fraud prevention and data protection. Online fraud attempts typically involve social engineering and “phishing” schemes whereby fraudsters may pretend to be for example a specific accommodation and ask for payment where this is not necessary. You should contact Customer Service if you suspect there is a possible fraud attempt in connection with your reservation.

Whenever you use our online services or mobile apps, we may use tracking technologies (which include, and we collectively refer to as, “cookies”). This section of the privacy notice provides information about how we use cookies.

A web browser cookie is a small text file placed by a website in the data that a web browser automatically stores on your computer or mobile device. It enables software to store information about the content you view and interact with, for example, to:

• Remember your preferences, settings and items in your shopping cart

• Analyse how you use online services

We also use other types of cookies. For example, our websites, email messages and mobile apps may contain small transparent image files or lines of code that record how you interact with them.

Cookies we use can be divided into three purpose categories: functional cookies, analytical cookies and marketing cookies.

We work with selected third-party companies to collect and process data. We may also sometimes share information (such as your email address or phone number) with some of these third parties so that they can link that information to other data they collect separately (and typically independently from Booking.com) to help us engage with specific audiences or deliver targeted ads.

When required, we offer you the option to decline analytical and marketing cookies. Most browsers will also allow you to choose which cookies to accept and which to reject. See the help function of your browser to learn more. Note that if you choose to block certain functional cookies, you may not be able to use or benefit from some features of our services.

We are always looking for opportunities to innovate and improve the customer experience by using new technologies such as artificial intelligence (AI) systems. We currently use AI for the following purposes:

We ensure we have a legal basis to use AI systems in accordance with data protection laws. The legal basis of using AI will usually follow the overall purpose of processing set out in the section Purposes of collecting and processing your personal data :

• Beyond preventing and detecting fraud attempts, we may have a legitimate interest in developing AI systems to reduce our costs, improve the efficiency and quality of our processing and provide better products for our customers. We consider whether your rights and freedoms are not unduly infringed upon by the processing of your personal data and only proceed where this legitimate interest is not overridden by your rights.

• In other cases where we may use AI, we will seek your consent where this is required.

We assess our AI systems against data protection principles, such as minimisation, accuracy, and purpose limitation. We take steps to prevent harm and biases from our use of AI, for example by:

• De-identifying personal data

• Developing our own systems to reduce sharing data with third parties

• Re-assessing our use of AI systems to ensure risks continue to be adequately mitigated

See the How we protect your personal data section for more information regarding the safeguards we have implemented which will also apply to personal data we process to train or use AI.

We do not currently use any solely automated systems, including those using AI, to make a decision about you which would result in a legal or similarly significant effect on you. We will inform you if this changes and will ensure that we have implemented suitable measures to safeguard your rights and freedoms.

In some cases, we may complete decision-making without human review but only after we have assessed that the decision would not result in a significant effect on you.

In the cases which may have a significant effect on an individual, for example monitoring for fraud attempts, our systems may inform and contribute to a decision but will not autonomously make any decision. A member of our team will review a possible issue a system may identify and make an informed decision.

If you would like to know more about our use of AI systems or would like to object to the use of your personal data in the context of AI, contact us as described in the section Your rights.

Our services are not intended for persons under the age of 18 years old. We don’t collect personal data about persons below that age (collectively called “minors”) unless that data is provided by (and with the consent of) a parent or guardian. The limited circumstances we might need to collect from parents or guardians the personal data of minors include:

1. As part of a reservation

2. The purchase of other travel-related services

3. In other exceptional circumstances (such as features addressed to families).

If we become aware (for example, via a Customer Support request) that we’ve processed personal data about minors without the valid consent of their parent or guardian, we will delete it.

We want you to be in control of how your personal data is used by us. You can do this in the following ways:

We offer various ways for you to exercise your rights or raise questions and concerns regarding your personal data at Booking.com:

To protect your personal information, we may need to verify your identity before completing your request. We will do this by asking you questions about your previous reservations with us. We will respond to your request without undue delay.

If you are not satisfied with our response to your request or have other concerns about your personal data, you can also contact your data protection supervisory authority.

For questions about a reservation, please contact our Customer Service team through our customer service contact page.

The entities relevant for this notice include:

The contact details listed above are also the means to contact the Booking.com Data Protection Officer.

Booking.com is subject to an array of laws and regulations, including regarding personal data protection, and their enforcement through data protection supervisory and other authorities. Amongst other things, Booking.com is subject to supervision by the Dutch Supervisory Authority (the “Autoriteit Persoonsgegevens” (AP)) based in the Netherlands as well as the Information Commissioner’s Office (ICO) in the United Kingdom.

Booking.com may be contacted by law enforcement agencies seeking to obtain specific personal data, for example, in connection with their criminal investigations or reports they receive about missing persons. Similarly, other agencies and authorities may contact Booking.com with ad hoc or recurring information requests, in connection with short-term rental laws or consumer protection laws for example. Duly authorised representatives from agencies and other authorities must submit such requests only via our Law Enforcement Response processes and using the portal we make available for these purposes.