Updated March 2025
We are Booking.com and this privacy statement is intended for travelers using or considering using our products and services.
Your privacy matters at Booking.com. You place your trust in us by using Booking.com services, and we value that trust. That means we’re committed to protecting and safeguarding your personal data.
This privacy statement describes how we collect and otherwise process your personal data when you, for example, visit our websites, use our mobile apps, or buy a travel-related product or service through us. Among other things, it tells you what rights you have in relation to your personal data and how you can contact us.
Booking.com offers online travel-related services through its own websites and mobile apps as well as via third-party channels such as partners’ websites.
This privacy statement applies to any kind of traveler information Booking.com processes through all of the above services.
This privacy statement for travelers is not the only privacy statement Booking.com maintains to inform you about its processing of personal data. A similar privacy statement is available for Booking.com’s business partners.
Booking.com amends its privacy statements from time to time and recommends that you visit its privacy statement pages occasionally to stay informed. If Booking.com makes updates to a privacy statement that could significantly impact persons, it will take steps to inform these persons about such changes before they go into effect.
Throughout its privacy statements, Booking.com uses particular terms that have a specific meaning in the context of these notices and the services Booking.com offers. These specific terms are described here.
Term | Meaning |
|---|---|
| Booking.com: | When we refer to “we,” “us,” or “our,” we mean Booking.com group entities and other Booking Holdings Inc. companies as described in the Our Company section. |
| Booking Holdings Inc. (BHI) | This is the parent company of Booking.com. It is also the parent company of other BHI brands such as Agoda and Priceline. Visit https://www.bookingholdings.com/ for more information. |
| Platform | Any websites, mobile apps, or other technologies that we provide in order to interact with travelers and other parties for travel-related services. |
| Strategic partner | A company (such as an airline, a bank, another BHI brand, or a phone manufacturer) with whom we contract and collaborate to expand reservation opportunities. Through these partnerships, travelers can conveniently book their trip at various touchpoints beyond our direct channels of Booking.com websites and mobile apps. |
| Traveler | Anyone who uses or is considering using any of our travel products and services, whether for themselves or for others, through our platform. |
| Trip | One or more travel products and services a traveler can select to obtain from one or more trip providers via our platform. |
| Trip provider | The third-party provider of an accommodation (e.g. hotel, motel, apartment, bed & breakfast, etc.), an attraction (e.g. amusement park, museum, sightseeing tour, etc.), transportation (e.g. plane, ground transportation including private cars, public transit, car rental, train, coach tour and related transfers) and any other travel or related product (e.g. insurance) or service as from time to time available on the platform for a trip reservation. |
| Trip service | The online reservation, order, purchase, and payment services as offered, enabled, and supported by Booking.com for trip providers on the platform. |
| Trip reservation | The online reservation, order, purchase, or payment in connection with a trip. |
When you make a trip reservation, you are (at minimum) asked for your name and email address. Depending on the nature of the trip reservation, we may also need to ask for your home address, phone number, payment info, date of birth, current location (in the case of on-demand services), whether you’re traveling for work purposes, the names and dates of birth of the people traveling with you, and any preferences you might have for your trip (e.g. dietary or accessibility requirements). For reservations for flights and certain attractions, we may be required to ask you for additional information including your and your co-travelers’ passport or national ID information. This may also be necessary for online check-in.
When you contact our customer service team, contact your trip provider through our platform or reach out to us in a different way (e.g. through social media), we also collect information from you via these channels including metadata such as for calls, who you are, where you called from, and the date and length of the call.
When you search using our platform for possible trip reservations, you can select to save specific trip items in a list that we’ll store for you. During or after your trip, we may also invite you to submit reviews that can inform others about the experiences you had on your trip. When you submit reviews on the platform, we collect information you’ve included along with your first name or display name and avatar (if you choose one).
If you create a user account on our platform, we also store information you include and manage in that user account. This can include personal settings, credit card information, uploaded photos, and your reviews. You can also choose to add to your user account details from one or more of your identification documents so you don't have to re-enter this information for future trip reservations. The data kept in your user account can help you plan and manage future trip reservations and personalized recommendations.
There are other circumstances where you’ll provide us with personal data. For example, if you’re using our platform from your mobile device, you can decide to allow Booking.com to use your current location or grant us access to some other details. This helps us give you the best possible service and experience by, for example, suggesting the nearest restaurants or attractions to your location or making other recommendations.
It may be that you use our platform to make a trip reservation on behalf of, or that involves, other travelers. In this case, you may be required to provide some details about these persons as part of the trip reservation. If you have a Booking.com for Business account, you can keep an address book there to make it easier to plan and manage business travel arrangements for others.
In some cases, you might use Booking.com to share information with others. This can take the form of sharing a list of saved items for example.
When you use the platform to share information about others, it’s your responsibility to ensure that each person you provide personal data about is aware that you’re doing so and understands how Booking.com uses their personal data (as described in this privacy statement).
Whether or not you make a trip reservation, when you use our websites or mobile apps, we automatically collect certain information. This includes your IP address, the dates and times of using our platform and selected information about your device’s hardware and software (e.g. operating system, internet browser, mobile app version, language settings). When you are redirected by a third-party website or mobile app to a Booking.com website or mobile app, we collect this as well. We also collect information about clicks you make and which pages are shown to you from our platform, for example, via the cookies we drop.
When you use our mobile apps, we collect data that identifies the mobile device as well as data about the operation (including possible crashes) of the app on that device.
We may also receive information about you from other sources. This can include one or more of the following:
Information we receive from these parties may be used together with information you provide us with directly via our platform for the purposes of providing services to you.
We receive personal data about you from these parties in situations such as those listed here:
We can only provide you with certain trip services if we can collect and process some personal data about you. For example, we can only process a trip reservation for you with your name and contact details.
We use your personal data for a number of purposes as outlined here:
First and foremost, we process your personal data to complete and administer your online trip reservation, which is essential to provide this service. This includes sending you communications that relate to your trip reservation, such as confirmations (including, where applicable, providing you with a proof of purchase and/or payment), modifications, and reminders. In some cases, this may also include processing your personal data to enable online check-in with the trip provider or processing personal data in relation to possible damage deposits.
In addition to your contact details (e.g. email address, phone number), in order to provide you with services, we may also need reservation identifiers and dates to determine the duration of the reservation.
We provide our travelers with customer service in more than 40 languages, and we’re here to help 24 hours a day, seven days a week. Sharing reservation information with our global customer service staff is essential to help you when you need us. This includes, for example, helping you to contact the right trip provider and responding to any questions you might have about your trip reservation.
To do this, we use personal data such as your reservation details, including, for example, the price of your reservation as well as how and when you made the reservation.
As a user of our services, you can create an account for your use across our platform. With a user account, you can manage your trip reservations, take advantage of special offers, make future trip reservations more easily, and manage your personal settings.
Managing personal settings gives you the ability to keep and share lists, share photos, easily see trip services you’ve searched for, and check travel-related information you’ve provided. You can also see any reviews you’ve written in connection with your trips.
With your user account, you can also create a public profile under your own first name or with another name you choose. If you log in to the Booking.com platform with your user account and you want to create a Booking.com for Business account, we may use your name and email address to pre-fill the sign-up form.
If you’re a Booking.com for Business user account holder, you can also save contact details under that user account, manage business reservations, and link other account holders to the same Booking.com for Business user account.
To provide user accounts, we use personal data such as login credentials for accessing your user account and information about when the user account has been used in connection with reservations and payments, for example.
We use your information for marketing activities. These activities include:
To do this, we use personal data such as your contact and account information, browsing data, location data, and preferences, as well as searches and reservations you make from different devices.
There may be times when we get in touch with you, including via email, chatbot, mail, phone call, push notification, platform notification, or text message. Which method we choose depends on the contact information you’ve previously shared.
We process personal data in communications you and other parties send to us. There may be a number of reasons for this, including:
To do this, we use personal data such as your first and last name, email address, and reservation details, including reservation IDs and chosen locations.
We sometimes invite our customers to participate in market research. Review the information that accompanies this kind of invitation to understand what personal data will be collected and how it’s used.
We use personal data about travelers using our platform for analytical purposes, including for analyzing how you or travelers like you with similar interests use our platform, measuring our operating performance and improving trip services. We may process your user ID, which is linked to the email address used if you created a user account, for the purpose of measuring the audience visiting our websites. Your personal data may be used by us to develop and enhance our machine learning models and artificial intelligence systems. This is a necessary part of our ongoing commitment to make our services better and enhance our travelers’ experience. For more details, see the How we use artificial intelligence and make automated decisions section.
In addition to the statistics we generate regularly about our business, we use data to test and troubleshoot platform features. The main goal here is to get insights into how our services perform, how they’re used, and ultimately how to optimize and customize our website and mobile apps, making them easier and more meaningful to use. As much as possible, we strive to use anonymized and de-identified personal data for this analytical work.
To achieve this, we may combine personal data we collect from you during different visits to our platform or visits on different devices, even when you aren’t logged in.
To do this, we use personal data such as:
Our recurring work for analytical purposes includes the use of solutions that de-identify personal data or process personal data in encrypted formats.
When you search our websites or mobile apps (e.g. to find an accommodation, a rental car, or flight), the pricing you see may depend on a number of factors, such as whether you’re in the European Economic Area (EEA) or another country.
To display the pricing applicable to you, we use personal data such as your IP address, the type of device you’re using, and which site you came from.
During and after your trip, we might invite you to submit a review. We can also make it possible for the people you’re traveling with or for whom you’ve booked a reservation to do this instead. This invitation asks for information about the trip provider or the destination.
If you have a Booking.com user account, you can choose to display a screen name next to your review, instead of your first name.
By completing a review, you’re agreeing that it can be displayed (as described in detail in our Terms of Service), for example, on:
This helps to inform other travelers about the quality of the trip service you used, the destination you chose, or any other experiences you choose to share without disclosing your identity. Reviews submitted by travelers are subject to automated and other content moderation to verify that reviews conform with our Content standards and guidelines.
When you make calls to our customer service team, we use an automated telephone number detection system to match the number you call from to the reservation you made. This saves time for you and our customer service staff. However, our customer service staff may still ask for further identification to further ensure your reservation details remain confidential.
When you call our customer service team, we may have one or more authorized persons listen to the call or record the call for training and quality control purposes. This quality control includes the usage of the recordings to handle possible complaints, legal claims, and indications of possible fraud attempts.
We don’t record every call made to our customer service team. If a call is recorded, it’s kept for a limited amount of time (30 days by default). We then automatically delete the call recording unless we determine before then that it will be necessary to retain it for fraud investigation or legal purposes.
We continuously analyze and use certain personal data to prevent and detect online fraud attempts and other illegal or unwanted activities. This is necessary to maintain our platform as a trustworthy environment as well as for the safety of all travelers.
We use personal data for safety and security purposes, including when you report a safety concern, when others do so about you, or when we need to identify persons in connection with a user account or reservation. When we do this, we may have to stop or put certain reservations on hold until we’ve finished our assessment. If we have concerns about serious misconduct, we may decide to cancel your upcoming reservations or to decline future reservations via our platform.
In case of safety or security concerns, we may process information from publicly available sources to prevent or detect harm. We cannot prevent that some of that information may contain special categories of personal data.
In order to detect and prevent fraud and limit other abuse of our platform, we may use your personal data and analyze your behavior on our platform to assess the risk of a certain action or transaction you are attempting to make. For example, this may help us determine whether a bot is using our platform rather than a legitimate user, or to determine whether a user is making a fraudulent payment using a stolen credit card.
To achieve this purpose, we use personal data such as your contact information, other identifiers (such as IP addresses), reservation details including canceled reservations, reviews, account information, browsing data, location data, communications data, or other information that you or another person has provided to us.
We use artificial intelligence to review activity on our platform for fraud and to detect any other forms of misconduct as described in the section How we use artificial intelligence and make automated decisions.
In certain cases, we may need to reuse your information to:
For example, we may be required to process your reservation history, the details of one or more of these reservations and associated payment information.
To process your personal data as described above, Booking.com relies on several legal bases provided for in applicable privacy regulations. This is summarized as follows:
Purpose of personal data processing | Legal basis and comments |
|---|---|
| A. Trip reservations B. Customer service | Here Booking.com relies on the legal basis that the processing of personal data is necessary for the performance of a contract involving you, specifically to finalize and administer your trip reservation. If the required personal data isn’t provided, Booking.com can’t finalize the trip reservation with the trip provider, nor can we provide customer service to you about it. |
C. User accounts D. Marketing activities E. Communicating with you F. Market research G. Improving our services H. Showing the pricing applicable to you I. Customer reviews and other destination-related information J. Call monitoring K. Promotion of safe and trustworthy service and prevention of fraud | Unless provided otherwise in this overview, the collecting and processing of your personal data for these purposes is based on the legitimate interests of Booking.com or a third party.
Before we process personal data to serve Booking.com’s or a third-party's legitimate interests, Booking.com balances your rights and interests in the protection of personal data with Booking.com’s rights and interests or those of the third party. The legitimate interests include, for example, avoiding financial harm from online fraud, sharing people’s experiences with prospective travelers, and keeping people informed about offers we think might be of interest. In the unlikely event Booking.com would process special categories of personal data in the context of purpose K, we rely, where applicable, on the fact that processing relates to personal data which are manifestly made public by the individual or other legal bases as may be assessed at the time. |
| L. Legal purposes | Booking.com also relies, where applicable, on compliance with legal obligations (e.g. lawful law enforcement requests). |
| All purpose categories | Finally, where needed under evolving applicable law, Booking.com will obtain your consent prior to processing your personal data, including for direct marketing purposes or where otherwise required by law. |
If you want to object to the processing set out under C to L and no opt-out mechanism is available to you directly (e.g. in your user account settings), contact us as described in the Your rights section.
To support the use of Booking.com services, your details may be shared within Booking.com group entities and the other Booking Holdings Inc. companies described in the section on Our company.
We may receive personal data about you from other companies in the BHI group (e.g. Agoda or OpenTable), or share your personal data with them, for the following purposes:
As applicable and unless indicated otherwise, for purposes A to F we rely on our legitimate interests to share and receive personal data. For purpose G, we rely, where applicable, on compliance with legal obligations (such as lawful law enforcement requests). We also ensure that data flows between companies in the BHI group comply with applicable law. Where needed under applicable law, we will obtain your consent before sharing your personal data with other companies in the BHI group.
In certain circumstances, we’ll share your personal data with third parties. These third parties include:
In order to complete your trip reservation, we need to transfer relevant reservation details to the trip provider you have chosen.
Depending on the trip reservation and the trip provider, the details we share can include your name, contact and payment details, the names of the people accompanying you, and any other relevant information (e.g. check-in/check-out dates), including preferences you specified when you made your trip reservation.
In certain cases, we also provide some summary information about you to the trip provider. This can include:
If you have a query about your trip, we may contact the trip provider to handle your request. Unless payment is made to Booking.com itself during the reservation process, we need to forward your credit card details to the trip provider you chose for payment processing.
To resolve possible trip-related claims or disputes or any other kind of customer service issue, we may provide the trip provider on an as-needed basis with your contact details and other information about the reservation, claim, or dispute. This can include, for example, your email address and a copy of your reservation confirmation to confirm that the trip reservation was made or the reasons for its cancellation.
Trip providers will further process your personal data outside of the control of Booking.com to prepare for arriving and departing guests, for example. Trip providers may also ask for additional personal data, for instance to provide additional services and to comply with local requirements and restrictions. If available, read the privacy statement of the trip provider to understand how they process your personal data.
We work with many strategic partners around the world. These strategic partners distribute and advertise Booking.com’s services, including the services and products of our trip providers. Depending on the strategic partner, you may make your trip reservation through:
For the former, the strategic partners will receive certain personal data related to your specific reservation and your interactions on these websites. This is for their commercial purposes.
For the latter, certain personal data that you give them, such as your name and email address, your address, payment details, and other relevant information, will be forwarded to us to finalize and manage your trip reservation. With these strategic partners, we may act as joint controllers for processing of specific personal data. If you choose to exercise your data subject rights with our strategic partners, we may collaborate to ensure an adequate response to your request.
For fraud detection and prevention purposes, we may also exchange information about our users with strategic partners – but only when strictly necessary.
Many trip providers contract with specific third-party companies (often referred to as “connectivity providers”) to automate the routing of reservation information from Booking.com and other members of the travel industry to them.
Connectivity providers act on behalf of trip providers (rather than Booking.com) and forward reservation information to them so they can manage their reservations in their systems.
We use service providers from outside of the Booking Holdings Inc. company group to support us in providing our trip services. The services these third-party companies provide include:
In some cases (e.g. disputes, legal claims, or as part of auditing activities), we may need to share your personal data with representatives of professional service organizations. These representatives can include legal counsels at law firms as well as auditors. We only share your personal data to the extent that is necessary and in line with contractual and other obligations applicable to them.
We follow specific protocols when law enforcement agencies and other government bodies request us to disclose to them personal data about one or more travelers in connection with a possible criminal matter. We may also disclose personal data to law enforcement agencies in connection with possible cases of fraud.
We follow similar protocols where, for example, EU and local laws additionally require us to share personal data with the competent authority, such as a tax authority. Such disclosures by us may be required to:
We may share personal data in other instances with other business partners. These include:
Booking.com is a business that connects travelers and partners around the world. The data that we collect from you, as described in this privacy statement, could be made accessible from, transferred to, or stored in countries that may not have the same data protection laws as the country in which you initially provided the information. In any case, we apply appropriate safeguards to make sure that cross-border transfers of personal data comply with applicable law and seek to ensure that your data continues to receive a comparable level of protection.
In particular, if you’re in the European Economic Area (EEA) and your personal data is transferred to third-party service providers in countries not considered adequate by the European Commission (EC), we establish and implement appropriate contractual, organizational, and technical measures with these third-party companies. This is done by using Standard Contractual Clauses as approved by the EC, by examining the countries to which the data may be transferred, and by imposing specific technical and organizational measures.
In certain cases, we transfer your data outside the EEA because it’s necessary to conclude or perform the contract we have with you. For example, if you make a trip reservation involving a trip provider or strategic partner operating outside the EEA, it’s likely to require that we transfer data about your specific reservation outside of the EEA.
For transfers of your personal data outside of the United Kingdom (UK), we apply the equivalent mechanisms and appropriate safeguards for the UK.
You can ask us for more information on our implemented safeguards by contacting us as described in the section Your rights.
Depending on the type of product or service that concerns you and other factors such as where you live, we may have additional information to provide you that supplements or even replaces the information elsewhere in this notice. Review the sections below that apply to you in order to get the full picture.
If your use of our services includes ground transportation, the information in this section applies to you. It adds to, or replaces, the information in other parts of this privacy statement.
In addition to what we list in Personal data you give to us, for a car rental reservation we might also ask for your home address, billing address, phone number, date and place of birth, passport and driver’s license info, government-issued ID (where required by law), and the names of any additional drivers. For a private or public transport reservation, we might ask for your pick-up and drop-off address (if you book a ride or airport transfer). We might also ask for your date of birth or age range for some public transportation tickets (e.g. child or senior tickets) and the names of any additional passengers.
In addition to what is described in the Personal data we receive from other sources section, car rental, private, or public transit companies may also share information about you with us. This could happen if you need support with or have questions about a pending reservation, or if disputes or other issues arise about a reservation.
In addition to what is described in Purposes of collecting and processing your personal data, we may use your personal data in relation to customer reviews. During and after your trip, we might invite you to submit a review. This is to inform others about the quality of the ground transportation provider you used and any other experiences you choose to share. This invite asks for information about the provider and your experience. You can choose to display a screen name next to your review, instead of your real name.
In addition to what is described in How we share personal data with third parties, if the car rental company you select on our platform participates in our pre-registration program, the details we share can also include your email address, home address, phone number, date and place of birth, passport, and driver’s license information if you’ve provided this information to us at your sole discretion. Providing further pre-registration information will enhance your pick-up experience, but it’s optional and you’ll still be able to pick up your rental car even if you don’t provide any pre-registration information.
Note that, sometimes, at the direction of the ground transportation provider, we’ll need to share your personal data with parties related to the provider in order to finalize and administer your reservation. These parties might include other entities of the provider’s corporate group or service providers, drivers, or end fleets who are handling the data on the provider’s behalf.
Car rental companies may also ask for additional personal data, for example, to provide additional services or to comply with local restrictions. Be aware that any information you provide directly to the company/companies supplying your car and/or related products will be stored and used in accordance with their own privacy statement(s) and terms and conditions.
If you purchase an insurance product while using our platform, the information in this section applies to you. It adds to, or replaces, the information in other parts of this privacy statement.
The offering of insurance can involve multiple parties, such as intermediaries, underwriters, and other agents. Where Booking.com Distribution B.V. is involved, it will act as the intermediary and authorized agent or appointed representative (depending on the jurisdiction) on behalf of the insurer, by offering insurance products and services to Booking.com customers.
Review the information provided during the reservation process for more information about us and the parties who work together with us to offer you these products and services. The details of the insurer will be visible in the insurance policy and related documentation provided to you.
When offering insurance, we may have to use and share personal data that is relevant to the insurance product. This data relates to you as a potential or actual policyholder, the beneficiaries under a policy, family members, claimants, and other parties involved in a claim:
For more information on the relationship between Booking.com and Booking.com Distribution B.V., and to exercise your rights regarding personal data collected via the Booking.com platform, contact us as described in the Your rights section.
Insurance-related call recordings may be kept for longer than the default 30 days applied to other call recordings in order to comply with specific provisions from insurance-related laws and regulations.
This Privacy Statement explains how Booking.com B.V., its affiliated companies, subsidiaries, and sister companies (“Booking.com”) collect, use, and disclose your personal information with regard to its sale of insurance products in the United States. This includes the categories of personal information we process and the purposes for which we use it. Throughout this Statement, Booking.com may be referred to as “we,” “us,” “our,” or “Booking.com.”
In the U.S.A., we generally collect personal information as part of providing our insurance products. We, alongside our contracted Insurer, act as a “data controller” as we are each individually responsible for determining how your personal information will be handled for our respective business processes. Accordingly, if you disclose personal information to us in connection with the purchase of an insurance product, we encourage you to review both this Privacy Statement and the Insurer’s privacy notice to understand the full scope of how your personal information will be handled.
If you are a resident of the U.S.A. and are making the purchase of any Booking.com service or product, including an insurance product, then this section will apply to you, in addition to the rest of the Booking.com Privacy Statement. Please refer to the latter for any further questions or concerns regarding the handling of your personal data by Booking.com.
This Statement, together with the Booking.com Privacy Statement, applies to any and all personal information you provide to Booking.com and any and all personal information we collect. This includes when you contact us, visit, or use our websites or applications, visit a Booking.com location, attend a Booking.com event or seminar, request a service from us, or use other services that refer to or link to this Statement. The personal information we collect varies depending upon the nature of the services and insurance products you ultimately decide to purchase and how you interact with us. This Statement may be amended, modified, or supplemented by additional privacy statements, terms, or notices relevant to the applicable services and insurance products purchased. We recommend you visit this page occasionally to make sure you know where you stand.
Specifically, this Statement provides information regarding how your personal information is collected and used for the purposes of offering insurance products to you through Booking.com platforms (including Booking.com’s websites or applications as well as personal information that you provide when you contact Booking.com via email, live chat, phone, or mail).
This Statement does not apply to your use of any third-party sites, products, or services linked to or from our platforms.
By purchasing or using the insurance products and services, or by confirming your consent, you agree to this Statement and this site’s Terms of Use, as well as the Booking.com Privacy Statement. If you do not agree to this Statement, or the site’s Terms of Use, please do not use the insurance products and services as offered by Booking.com. The insurance products and services are not for use within any country or jurisdiction or by any persons where such use would constitute a violation of law. If this applies to you, you are not authorized to access or use any of the insurance products and services.
The Booking.com entities responsible for offering insurance product options for your travel plans, and for processing your personal information, are Booking.com B.V. and Booking.com Distribution Insurance Solutions, LLC (“BDIS”).
Booking.com Distribution B.V. (“BDBV”), is the designated company manager of BDIS and is a private limited liability company, incorporated under the laws of the Netherlands with offices at Oosterdokskade 163, 1011 DL, Amsterdam, the Netherlands. The details of the insurer will be visible in the insurance policy and related documentation provided to you when you purchase your insurance.
The insurance products you purchase related to your travel needs are distributed by BDIS. BDIS is a Delaware Limited Liability Company registered to conduct business in all states as well as the District of Columbia; and, is a duly licensed insurance producer in all states and the District of Columbia. BDIS has a resident license in Connecticut, with offices in Connecticut at 800 Connecticut Ave, Norwalk, CT 06854. The BDIS Connecticut Resident Producer License Number is 3002601274.
Where BDIS is the distributor, offering an insurer’s products and services to Booking.com customers who are residents of the U.S, it acts as a data controller for any processing it undertakes outside of Booking.com B.V. systems. Booking.com acts as a data controller for any personal data it collects for insurance purposes. How Booking.com processes that data is set out in this Privacy Statement and the main Booking.com Privacy Statement. If there is any conflict between this section and the rest of the main Booking.com Privacy Notice, then this section takes priority. For further information about the relationship between Booking.com and BDIS, contact us.
The terms “personal information” and “personal data” refer to information that can be used to distinguish or trace your identity, either alone or when combined with other information that is linked or linkable specifically to you.
The personal information we collect varies depending upon the nature of our services and upon the insurance product you decide to purchase based on your needs. Where we collect sensitive personal information (such as a special category or criminal offense data), this information is only collected where strictly relevant to the services we provide and is done in accordance with applicable law.
The personal information we collect about you (or that you might provide) may include the following:
We may share certain elements of your personal data with third parties, which under US state privacy laws may be considered the sale of personal data. This may include information related to inferences and analytics. We may also share your personal data with service providers who assist us with delivering marketing messages or advertisements.
We generally share your personal information with the following categories of recipients where necessary to offer, administer, and manage the insurance products and services provided to you:
As a general overview, refer to the following link to better understand how and why Booking.com collects and uses your personal data and the legal grounds we rely on to do so.
When offering insurance, BDIS may have to use and share personal data that is relevant to underwrite and sell the insurance product. This list of information relates to you as a potential or actual policyholder, and to the beneficiaries under a policy, family members, claimants, and other parties involved in a claim.
In order to transact in insurance, provide offers, arrange insurance coverage, and handle insurance claims (where relevant), your personal information, provided to us during the booking process, is shared with BDIS, potentially other producers retained by Booking, third-party administrators of claims, and the insurer providing the policy. This may include the names, dates of birth, and ages of all insured travelers, as well as contact details (email, mailing address, telephone number), passport information, payment information, and travel details. Additional information may also be requested in order to provide the insurance coverage and services and in order to issue a policy and/or handle an insurance claim, including names of family members, medical information and records, and/or other beneficiaries’ information, as well as other information necessary to conduct or support the investigation of an insurance claim (“Insurance-Specific Data”).
If you make a claim under an insurance policy, this claim may be directly handled by BDIS, by the insurer, or by a third-party administrator. This means that you may be asked to provide personal data in order to submit the claim directly to the claims adjuster. The insurer will inform you accordingly at the point of collection of your information. When your claim is handled by the insurer, BDIS and/or BDBV may receive information about the status of your claim in order to provide you with customer support services.
We use the information we collect about you in connection with the insurance products and services to:
We rely on you to make sure that your personal info is complete, accurate, and current. You should therefore notify us of any changes to your personal information, particularly changes concerning your contact details, bank account details, insurance policy details, or any other information that may affect the proper management and administration of your insurance policy and/or the services provided to you, including potential claims handling and payments.
Let us know about any changes to or inaccuracies in your personal info as soon as possible. See how you can control your personal data in the main Privacy Statement for further details.
So how do we collect this information from you? Check out the following link to find out more about how we collect personal data directly and indirectly, and more about the personal data we collect.
Where you provide personal information to us about other individuals (e.g. information about your spouse, civil partner, child(ren), dependents, or emergency contacts), when appropriate, we recommend you provide these individuals with a copy of this Privacy Statement beforehand to ensure they are made aware of how their information will be used by us. At this point, we have to make it clear that it’s your responsibility to ensure that the person or people you have provided personal data about are aware that you’ve done so, and that they have understood and accepted how Booking.com uses their information (as described in this Privacy Statement).
You are required to provide any personal information we reasonably require (in a form acceptable to us) to meet our obligations in connection with the insurance products and services we provide to you, including any legal and regulatory obligations. Where you fail to provide or delay in providing information, we reasonably require you to fulfill these obligations. If the information provided is either incomplete and/or inaccurate, we may be unable to offer the insurance products and/or services to you and/or we may terminate the services provided with immediate effect. This is because we may be required to do in accordance with the applicable federal and state laws, rules, and regulations of all states.
We use your personal data for the purpose of providing you with an insurance product and handling any complaints or claims relating to such insurance product (if any), which may require us to share your personal data with other third parties. This includes subsidiaries, affiliates, and/or sister companies of the Booking.com corporate family and affiliates of the Booking Holdings Inc. corporate group. Read about how we share your personal data with the Booking Holdings Inc. corporate group. We may also share your personal data with regulators, government agencies, and/or investigative authorities if required by law, or if it is strictly necessary for the prevention, detection, or prosecution of criminal acts. Here you can read more about how data is shared with third parties.
We understand the importance of protecting children’s privacy in this highly interactive world.
Our services aren’t intended for children under 18 years old and we’ll never collect their data unless it’s provided by (and with the consent of) a parent or guardian. The limited circumstances we might need to collect the personal data of children under 18 years old include: as part of a reservation, the purchase of other travel-related services (including insurance), or in other exceptional circumstances (such as features addressed to families). Again, this will only be used and collected as provided by a parent or guardian and with their consent. In the context of insurance, you cannot purchase an insurance product unless you are over 18. We only process information about children with the consent of their parents or legal guardians, and/or when the information is shared with us by the parent(s) or legal guardian(s) themselves. If we become aware that we’ve processed the information of a child under 18 years old without the valid consent of a parent or guardian, we will delete it.
If you are a child under the age of 18, you are not permitted to use our services and should not send any information about yourself to us through our offered insurance products and/or services. You can read more here about how Booking.com treats personal data belonging to children.
If you are a parent or legal guardian and you believe that your child under the age of 18 has provided us with information without your consent, contact us at dataprotectionoffice@booking.com, and we will take reasonable steps to ensure that such information is deleted from our records.
Booking.com is a global business. The data that we collect from you, as described in this Privacy Statement, could be made accessible from, transferred to, or stored in countries which may not have the same data protection laws as the country in which you initially provided the information. In such cases, we will protect your data as described in this Privacy Statement.
There are circumstances in which we will have to transfer your personal information out of the country in which it was collected for the purposes of carrying out the insurance products and services we provide to you. Where the need for such a transfer arises, we will put appropriate safeguards in place to protect your personal information and to make sure that these transfers comply with the relevant applicable privacy laws. In particular, when your data is transferred to third-party service providers, we establish and implement appropriate contractual, organizational, and technical measures with them.
If you have questions regarding the specific mechanism under which your personal information is transferred to another country, if applicable, you may contact us at dataprotectionoffice@booking.com or by contacting our privacy office using the contact details in the Questions or Concerns section below.
If you would like to exercise your rights under the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 ("CCPA"), please visit us at dataprotectionoffice@booking.com with the subject line: “California Resident Privacy Rights – Request.”
Please find Booking.com’s CCPA NOTICE AT COLLECTION below.
This section of our Statement provides additional information for California residents pursuant to the CCPA and applies to "Personal Information" as defined in the CCPA, whether collected online or offline. This section of our Privacy Statement applies to www.booking.com and other websites or mobile applications that link to this Statement, as well as offline activities where California residents are directed to this section of the Statement. It does not apply to any non-Booking.com websites or mobile applications that you may access via the insurance products and services. Those services are governed by the privacy policies that appear on those sites and applications. As used in this California-specific section of our Statement, “Personal Information” means any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California resident or household.
Service Provider
Some Booking.com business units and groups act as service providers under the CCPA. This means that they collect and use Personal Information on behalf of another company (e.g. where BDIS provides insurance products and services to third-party insurers and producers). Where your Personal Information is processed by BDIS or another Booking.com company acting as a service provider, that other company’s privacy policy will explain its privacy practices. Note that in some instances, BDIS and other Booking.com companies or business units may be acting as a service provider for other members of Booking.com, and, in those instances, this section of the Privacy Statement will apply. If you make a request to exercise CCPA rights to Booking.com where it acts as a service provider under the CCPA, we may be required to disclose your request to the relevant company.
Personal Information Not Covered by this California Section of the Privacy Statement
There are a number of exemptions from the application of the CCPA. The following sets out some of the categories of Personal Information that are not subject to the CCPA, and therefore are not covered by this California section of the Statement. Note that other sections of the Statement may still apply in addition to other privacy notices that we may issue addressing our specific relationship with you, including privacy notices that are sent to individuals.
California Statement at Collection
Categories of Personal Information Collected & Disclosed
The following identifies the categories of Personal Information we may collect about you. Note that our collection, use, and disclosure of Personal Information about you will vary depending upon the circumstances and nature of our interactions or relationship with you.
Depending on how you use our insurance products and services, we, the insurer, or the third-party claims administrative company may collect (or you might provide) the following categories of Personal Information:
Sources of Personal Information
We generally collect Personal Information from the following categories of sources:
Purposes for Collecting and Disclosing Personal Information
As described in the section above titled “How is your personal data processed and used for insurance products and services?”, in general, we collect and otherwise process the personal information we collect for the following business or commercial purposes:
For more details, including the recipients of your personal information, you can check out the “What kind of personal data does Booking.com collect?” and “How does Booking.com share your data with third parties” sections of the Booking.com Privacy Statement.
Sensitive Personal Information
Notwithstanding the purposes described above, we do not collect, use, or disclose “sensitive personal information” beyond the purposes authorized by the CCPA.
Accordingly, we only use and disclose sensitive personal information as reasonably necessary and proportionate: (i) to perform our services requested by you; (ii) to help ensure security and integrity, including to prevent, detect, and investigate security incidents; (iii) to detect, prevent and respond to malicious, fraudulent, deceptive, or illegal conduct; (iv) to verify or maintain the quality and safety of our services; (v) for compliance with our legal obligations; (vi) to our service providers who perform services on our behalf; and (vii) for purposes other than inferring characteristics about you.
Retention of Personal Information
We retain the Personal Information we collect only as reasonably necessary for the purposes described in this Statement or otherwise disclosed to you at the time of collection. For example, we will retain certain identifiers for as long as it is necessary to comply with our tax, accounting, and recordkeeping obligations, to administer certain policies and coverage, and for research, development and safety purposes, as well as an additional period of time as necessary to protect, defend, or establish our rights, defend against potential claims, and to comply with our legal obligations. From time to time, we may also de-identify your Personal Information, retain it, and use it for a business purpose in compliance with CCPA.
Disclosure of Personal Information to Third Parties and Other Recipients
The categories of Personal Information we may have disclosed for a business purpose in the preceding twelve (12) months include:
If you would like more information about the categories mentioned above, the specific types of personal information we collect, or the purposes for which we collect them, read the sections of the Booking.com Privacy Statement titled “What kind of personal data does Booking.com collect?” and “Why does Booking.com collect and use your personal data?”.
The categories of third parties and other recipients to whom we may disclose personal information for a business purpose may include:
The CCPA defines “sale” as disclosing or making available personal information to a third party in exchange for monetary or other valuable consideration, and “sharing” includes disclosing or making available personal information to a third party for purposes of cross-contextual behavioral advertising. We may share certain parts of your personal information with third parties, which under California law can be treated as a “sale” of information. This may include information related to Identifiers, Commercial information, Geolocation data, Internet activity, and Inferences, as described above.
We may “share” the following categories of Personal Information: online identifiers, and usage data. We disclose this information to third-party advertising networks, analytics providers, and social networks for purposes of marketing and advertising.
Rights Regarding Your Personal Information
The CCPA provides California residents with specific rights regarding Personal Information. This section describes your rights under the CCPA and explains how to exercise those rights. Subject to certain exceptions, California consumers have the right to make the following requests:
Right to Know. With respect to the Personal Information we have collected about you, you have the right to request from us:
Right to Delete. Subject to certain conditions and exceptions, you have the right to request deletion of your Personal Information that we have collected about you. To exercise your right to request access to or the deletion of your Personal Information under California law, please visit this webform.
Right to Correct. Subject to certain restrictions, you have the right to request that we correct inaccuracies in your Personal Information.
Right to Opt Out. You have the right to opt out of “sales” and “sharing” of your Personal Information, as those terms are defined under the CCPA. You may exercise your right to opt out of “sales” or “sharing” of your Personal Information by clicking on this link and following the instructions. You may also use the Do Not Sell or Share My Personal Information link at the bottom of our Site.
Right to Non-Discrimination. You have a right not to be denied goods or services for exercising any of the rights described in this section.
Exercising Your Rights
If you are a California resident and would like to exercise your CCPA rights, you may do so via any of the methods described below:
Accessing our Data Subject Request for Booking.com Consumers form;Or
Contacting us by sending an email to: dataprotectionoffice@booking.com with the subject line: “California Resident Privacy Rights – Request.”
To exercise your right to request access to or the deletion of your personal information under California law, visit this webform: Data Subject Request for Booking.com customers.
Authorized Agent. You may designate someone as an authorized agent to submit requests and act on your behalf. Authorized agents will be required to provide proof of their authorization in their first communication with us, and we may also require that you directly verify your identity and the authority of your authorized agent.
Businesses operating as an authorized agent on behalf of a California resident must provide both of the following:
(1) Certificate of good standing with its state of organization; and
(2) A written authorization document, signed by the California resident, containing the California resident’s name, address, telephone number, and valid email address, and expressly authorizing the business to act on behalf of the California resident.
Individuals operating as an authorized agent on behalf of a California resident must provide a written authorization document, signed by the California resident, containing the California resident’s name, address, telephone number, and valid email address, and expressly authorizing the individual to act on behalf of the California resident.
We reserve the right to reject (1) authorized agents who have not fulfilled the above requirements, or (2) automated CCPA requests where we have reason to believe the security of the requestor’s personal information may be at risk.
Verification. Before responding to your request, we must first verify your identity using the Personal Information you recently provided to us. The information we need in order to verify your identity differs depending on the request made and our relationship with you and might include (as applicable) your name, the email address you regularly use to interact with us, your phone number, your date of birth, and, if available, your policy number. We will take steps to verify your request by matching the information provided by you with the information we have in our records by, for example, requesting information about your previous reservations with us. In some cases, we may request additional information to verify your identity, or where necessary to process your request. In some cases, we may also carry out checks, including with third-party identity verification services, to verify your identity before taking any action with your Personal Information. If we are unable to verify your identity after a good faith attempt, we may deny the request and, if so, will explain the basis for the denial.
If you are an authorized agent wishing to exercise rights on behalf of a California consumer, please contact us at dataprotectionoffice@booking.com with the subject line: “California Resident Privacy Rights – Request”, attaching a copy of the consumer’s written authorization, designating you as their agent. We may need to verify your identity before completing your rights request.
Contact Us
If you have any questions or comments about this section of the Statement, the ways in which we collect and use your Personal Information, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us at:
By mail: Booking.com, 597 Oosterdokskade 163, 1011 DL, Amsterdam, The Netherlands.
By email: dataprotectionoffice@booking.com.
To otherwise exercise these or any of your other rights under California law, or to contact us with questions and concerns about this Privacy Statement and our practices, you can also contact us at dataprotectionoffice@booking.com with the subject line: “California Resident Privacy Rights – Request.”
For residents outside of California
If you live in the United States outside of California, the information in this section applies to you in addition to other content in this Privacy Statement. This section informs you of certain rights you have which may be different from those described elsewhere in this Privacy Statement.
Your rights under privacy laws include the right of access to your personal data, the right to correct your personal data, the right to request deletion of your personal data, and the right to obtain a copy of your personal data. U.S. state privacy laws provide you with certain additional rights, which include the right to opt out of: the sale of your personal data, targeted advertising, and profiling which may have a legal impact on you.
Please fill out this Data Subject Request for Booking.com Consumers form to exercise your right to request access to, obtain a copy of, and to correct or delete your personal data. To opt out of the sale of your personal data, targeted advertising, or profiling, use the Preferences tab on the same Data Subject Request for Booking.com Consumers.
To contact us with questions and concerns about this Privacy Statement and our practices or to exercise any of your rights, send an email to dataprotectionoffice@booking.com with the subject line: “U.S. Resident Privacy Rights – Request”.
If you are a parent, legal guardian, or the authorized agent of a consumer and you wish to exercise rights on behalf of a consumer, contact us at dataprotectionoffice@booking.com. We may need to verify your identity and authorization before completing the rights request.
When you exercise your rights, we verify your identity based on whether the name and the email address you provide in the request match the data you provided when using our services and other verification details. You may authorize another individual to exercise opt-out rights on your behalf. If we receive such a request, we will send an email to confirm you authorized the requester to act for you.
In accordance with applicable federal and state laws, rules, and regulations, we observe reasonable procedures to prevent unauthorized access to and misuse of personal data. Our business systems and procedures ensure we take all reasonable steps to protect your personal data in accordance with all applicable federal and state laws, rules, and regulations. We also have specific security procedures and technical and physical restrictions on accessing and using personal data on our servers. Only authorized personnel are permitted to access personal data as necessary to perform their duties and responsibilities as an employee of Booking.com.
Our retention periods for personal data are based on business needs and legal requirements. We retain personal data for as long as is necessary to enable you to use our services, to provide our insurance services to you, to comply with applicable laws, to resolve disputes with any parties, and otherwise as necessary to allow us to conduct our business, including to detect and prevent fraud or other illegal activities.
For example, we retain certain transaction details and correspondence until the time limit for claims arising from the transaction has expired, or to comply with regulatory requirements regarding the retention of such data. When personal data is no longer needed, we either de-identify or aggregate (combine) the data (in which case we may further retain and use the de-identified or aggregated information for analytics purposes) or securely destroy the data.
Here you can read more about security and retention procedures.
The security of your personal information is important to us, and we have implemented appropriate security measures to protect the confidentiality, integrity, and availability of the personal information we collect about you and ensure that such information is processed in accordance with all applicable data privacy laws.
Sections on Cookies, Direct marketing, Automated Decisions, and Changes to the Privacy Statement are covered in the main body of the Booking.com Privacy Statement.
For any further questions or concerns, please do not hesitate to contact us:
By mail: Booking.com, 597 Oosterdokskade 163, 1011 DL, Amsterdam, The Netherlands.
By email: dataprotectionoffice@booking.com.
This Statement is not contractual, and Booking.com reserves the right to reasonably amend it from time to time to ensure it continues to accurately reflect the way that we collect and use personal information about you. Any updates or changes to this Statement will be made available to you. You should periodically review this Statement to ensure you understand how we collect and use your personal information.
This Notice was last updated in February 2025.
If you live in the US (other than in California), the information in this section applies to you. It adds to, or replaces, the information in other parts of this privacy statement.
In addition to the categories of personal data we may collect about you listed in Personal data we collect and process, other categories include:
We may share certain elements of your personal data with third parties, which under US state privacy laws may be considered the sale of personal data. This sale of personal data may include information related to inferences.
You can choose how your personal data is used by us as described in the Your rights section. You also have the following additional rights (available in the Preferences tab of the Data Subject Request form):
Right | Description |
|---|---|
| Opt out of the selling of data | You can ask us not to sell your personal data to third parties. |
| Opt out of targeted advertising | You can ask us not to use your personal data for targeted advertising. |
| Opt out of profiling | You can ask us not to use your personal data for profiling, which may have a legal effect or other significant impact on you. |
If you’re a parent, legal guardian, or the authorized agent of a consumer and wish to exercise rights on behalf of a consumer, contact us as described in Your rights. We may need to verify your identity and authorization before completing the request.
When you exercise your rights, we verify your identity based on whether the name and the email address you provide in the request match the data you provided when using our services and other verification details. You may authorize another individual to exercise opt-out rights on your behalf. If we receive such a request, we’ll send an email to confirm you authorized the requester to act for you.
We combine people, processes, and technology to protect your personal data and respect your privacy.
This includes, among other things, that we:
We use retention practices to keep and, where possible under applicable law, dispose of personal data. Generally, we keep your personal data for as long as is necessary to:
While not mandatory for your use of Booking.com’s platform, we recommend that you:
Whenever you use our online services or mobile apps, we may use tracking technologies (which include, and we collectively refer to as, “cookies”). This section of the privacy statement provides information about how we use cookies.
A web browser cookie is a small text file placed by a website in the data that a web browser automatically stores on your computer or mobile device. It enables software to store information about the content you view and interact with, for example, to:
Remember your preferences, settings, and items in your shopping cart
Analyze how you use online services
We also use other types of cookies. For example, our websites, email messages, and mobile apps may contain small transparent image files or lines of code that record how you interact with them.
Cookies we use can be divided into three purpose categories: functional, analytical, and marketing cookies.
| Functional cookies | We use functional cookies to enable our websites and mobile apps to work properly so you can create an account, sign in, and manage bookings. They also remember your selected currency, language, and past searches. These technical cookies must be enabled to use our site and services. |
| Analytical cookies | We and our partners use analytical cookies to gain information on your website and mobile app usage, which is then used to understand how visitors like you use our platform and to improve the performance of our site and services. |
| Marketing cookies | We and our partners use marketing cookies, including social media cookies, to collect information about your browsing behavior that helps us and our partners decide which products to show you on and off our site, to display and send personalized content and advertisements on our platform, other websites, and via push messages and email. The personalized content is based on your browsing and services you have booked. These cookies also allow you to share or like pages on social media. |
We work with selected third-party companies to collect and process data. We may also sometimes share information (e.g. your email address or phone number) with some of these third parties so they can link that information to other data they collect separately (and typically independently of Booking.com) to help us engage with specific audiences or deliver targeted ads.
When required, we offer you the option to decline analytical and marketing cookies. Most browsers will also allow you to choose which cookies to accept and which to reject. See the help function of your browser to learn more. Note that if you choose to block certain functional cookies, you may not be able to use or benefit from some features of our services.
We are always looking for opportunities to innovate and improve the customer experience by using new technologies such as artificial intelligence (AI) systems. We currently use AI for the following purposes:
| Promotion of a safe and trustworthy service and prevention of fraud | Machine learning AI systems monitor our platforms for fraud attempts, complaints, and possible traveler or trip provider misconduct at a much faster rate and with greater accuracy than could be achieved manually. The AI systems scan transactions and content on our platform for risk indicators. Transactions and content that are identified as indicative of higher fraud risk are flagged for human review. |
| Showing you the most relevant content | We use additional AI systems to improve the customer experience and personalization on our platform. This includes the use of AI to predict the optimal/most relevant category of products for you and bring the best options to your attention. This may include sending you details of a trip we think you would be interested in (where you have consented to this communication) and ranking search results to put the best matches at the top of your feed. Our “How we work” page contains more information on our recommendation systems, including on how to manage your personalization preferences. |
| AI Trip Planner and Interactive chats | We may use AI to develop and offer interactive chats and the Booking.com AI Trip Planner, which allow you to ask questions about a trip or service and receive AI-generated relevant responses or itinerary suggestions. The AI Trip Planner will use any personal data you share with it and your search and booking history on our platform to make tailored recommendations to you. We may use the above information to develop, train, and fine-tune our AI systems. |
| Improving our services | We use AI to improve trip services in line with the information included in the Purposes of collecting and processing your personal data section. This includes the identification of trends, monitoring operations of the platform, troubleshooting our websites and apps, as well as achieving performance and cost efficiencies. Personal data may be used to develop and train AI systems like generative AI models, which enable you to use natural language to ask questions about a trip or service and receive relevant AI-generated responses or itinerary suggestions. AI systems will also be utilized to improve the effectiveness of the other purposes set out in this privacy notice. |
We ensure we have a legal basis to use AI systems in accordance with data protection laws. The legal basis of using AI will usually follow the overall purpose of processing set out in the section Purposes of collecting and processing your personal data :
Beyond preventing and detecting fraud attempts, we may have a legitimate interest in developing AI systems to reduce our costs, improve the efficiency and quality of our processing, and provide better products for our customers. We consider whether your rights and freedoms aren’t unduly infringed upon by the processing of your personal data and only proceed where this legitimate interest isn’t overridden by your rights.
In other cases where we may use AI, we’ll seek your consent where this is required.
We assess our AI systems against data protection principles, such as minimization, accuracy, and purpose limitation. We take steps to prevent harm and biases from our use of AI, for example, by:
De-identifying personal data
Developing our own systems to reduce sharing data with third parties
Re-assessing our use of AI systems to ensure risks continue to be adequately mitigated
See the How we protect your personal data section for more information on the safeguards we’ve implemented, which will also apply to personal data we process to train or use AI.
We don’t currently use any solely automated systems, including those using AI, to make a decision about you that would result in a legal or similarly significant effect on you. We’ll inform you if this changes and will ensure that we’ve implemented suitable measures to safeguard your rights and freedoms.
In some cases, we may complete decision-making without human review but only after we’ve assessed that the decision wouldn’t result in a significant effect on you.
In cases that may have a significant effect on an individual (e.g. monitoring for fraud attempts), our systems may inform and contribute to a decision but won’t autonomously make any decision. A member of our team will review a possible issue a system may identify and make an informed decision.
If you’d like to know more about our use of AI systems or would like to object to the use of your personal data in the context of AI, contact us as described in the Your rights section.
Our services are not intended for people under the age of 18. We don’t collect personal data about people below that age (collectively called “minors”) unless that data is provided by (and with the consent of) a parent or guardian. The limited circumstances we might need to collect the personal data of minors from parents or guardians include:
As part of a reservation
The purchase of other travel-related services
In other exceptional circumstances (e.g. features addressed to families).
If we become aware (e.g. via a Customer Service request) that we’ve processed personal data about minors without the valid consent of their parent or guardian, we’ll delete it.
We want you to be in control of how your personal data is used by us. You can do this in the following ways:
Right | Description |
|---|---|
| Access | You can ask us for a copy of the personal data we hold about you. |
| Correction | You can inform us anytime of changes to your personal data and ask us to correct certain personal data we hold about you. You can make some of these changes directly online when you have a user account. We rely on you to make sure that your personal info is complete, accurate, and current. |
| Erasure | You can ask us to erase the personal data we hold about you when, for example, it’s no longer needed or we’ve asked for your consent and you’ve now withdrawn it. |
| Restriction | In certain situations, you can ask us to block or restrict the processing of the personal data we hold about you and object to particular ways we’re using your personal data. |
| Portability | In certain situations, you can also ask to receive specific personal data you’ve given us, for possible transmission to a third party. |
| Withdrawal of consent | Where we’ve collected and processed your personal data on the basis of your consent, you can withdraw that consent anytime subject to applicable law. |
| Objection | Where we process your personal data based on legitimate interest or the public interest, you have the right to object to that use of your personal data anytime, subject to applicable law. |
We offer various ways for you to exercise your rights or raise questions and concerns about your personal data at Booking.com:
| Directly from your account | If you have a user account, you can access a lot of your personal data through our websites or mobile apps. You’ll generally find the option to add, update, or remove information we have about you in your user account settings. |
| Using our Data Subject Request form | If you can’t perform an action through our websites or mobile apps (e.g. because certain personal data we have about you isn’t accessible online), you can easily submit your request to us via this Data Subject Request form. |
| By email | If you can’t perform an action directly from your user account or using our Data Subject Request form (e.g. because a certain option isn’t available), you can exercise the data subject rights mentioned in this notice by contacting our privacy team (which includes our Data Protection Officer) via the email address in the Our company and how we comply with privacy laws section. You can contact us the same way for any other requests or questions about this privacy statement or if you have a complaint or concern about the processing of your personal data. We recommend including your country of residence when contacting us through this channel to help us respond to your request. |
| By mail | If you’d prefer to exercise your data subject rights by mail, address it to our privacy team using the mailing address in Our company and how we comply with privacy laws. By default, we’ll respond to such requests electronically. |
To protect your personal information, we may need to verify your identity before completing your request. We will do this by asking you questions about your previous reservations with us. We’ll respond to your request without undue delay.
If you aren’t satisfied with our response to your request or have other concerns about your personal data, you can also contact your data protection supervisory authority.
For questions about a reservation, contact our Customer Service team through our customer service contact page.
The entities relevant for this notice include:
Entity name | Mailing address | Privacy email contact details | Comments |
|---|---|---|---|
| Booking.com B.V. | Oosterdokskade 163, 1011 DL Amsterdam, The Netherlands. | dataprotectionoffice@booking.com | Operates the platform and is the controller for the processing of personal data as described in this privacy statement except where explicitly stated otherwise. It is the EU representative for Booking.com Transport Ltd. (BTL). |
| Booking.com Distribution B.V. (BDBV) | Oosterdokskade 163, 1011 DL, Amsterdam, The Netherlands. | dataprotectionoffice@booking.com | A sister company of Booking.com B.V. Booking.com B.V. and BDBV work closely together to offer customers different insurance products and services for trip reservations (e.g. room cancellation insurance). When BDBV acts as an intermediary for insurance products and services via Booking.com B.V., the two companies are jointly responsible for the collection of insurance-specific data and its transmission from Booking.com B.V. to BDBV. However, BDBV acts as the sole controller for any processing outside of the Booking.com B.V. systems. |
| Booking.com Transport Ltd. (BTL) | The Goods Yard Building, 6 Goods Yard Street, Manchester, M3 3BG, United Kingdom. | dataprotectionofficer@rentalcars.com | A sister company of Booking.com B.V., BTL trades as Rentalcars.com. It’s the controller for any ground transportation services. |
The contact details listed above are also the means by which to contact the Booking.com Data Protection Officer.
Booking.com is subject to an array of laws and regulations, including about personal data protection and their enforcement through data protection supervisory and other authorities. Among other things, Booking.com is subject to supervision by the Dutch Supervisory Authority (the “Autoriteit Persoonsgegevens” (AP)) based in the Netherlands as well as the Information Commissioner’s Office (ICO) in the United Kingdom.
Booking.com may be contacted by law enforcement agencies seeking to obtain specific personal data, for example, in connection with their criminal investigations or reports they receive about missing persons. Similarly, other agencies and authorities may contact Booking.com with ad hoc or recurring information requests, in connection with short-term rental laws or consumer protection laws for example. Duly authorized representatives from agencies and other authorities must submit such requests only via our Law Enforcement Response processes and using the portal we make available for these purposes.
