Skip to main content
Print/Save

Privacy & Cookie Statement

Privacy Statement

Sep 5, 2024

First things first – your privacy is important to us. That might be the kind of thing all these notices say, but we mean it. You place your trust in us by using Booking.com services, and we value that trust. That means we’re committed to protecting and safeguarding your personal data. We act in our customers’ best interests and are transparent about the processing of your personal data.

This document (“this Privacy Statement” or “our Privacy Statement”) describes how we use and process your personal data, provided in a readable and transparent manner. It also tells you what rights you can exercise in relation to your personal data and how you can contact us. Please also read our Cookie Statement, which tells you how Booking.com uses cookies and other similar tracking technologies.

If you’ve used us before, you know that Booking.com offers online travel-related services through our own websites and mobile apps, as well as other online platforms such as partners’ websites and social media. We’d like to point out that all the information you're about to read generally applies to all of these platforms.

In fact, this single privacy statement applies to any kind of customer information we collect through all of the above platforms or by any other means connected to these platforms.

If you are one of our business partners, make sure to also check out our Privacy Statement for Business Partners to understand how personal data is further processed as part of the business relationship.

We might amend this Privacy Statement from time to time, so we recommend visiting this page occasionally to make sure you know where you stand. If we make any updates to this Privacy Statement that will impact you significantly, we’ll inform you about the changes before any new activities begin.

Terms we use in this Privacy Statement

“Trip” refers to the various different travel products and services that can be ordered, acquired, purchased, bought, paid, rented, provided, reserved, combined, or consummated by you from the Trip Provider.

“Trip Provide” refers to the provider of accommodation (e.g. hotel, motel, apartment, bed & breakfast, landlord), attractions (e.g. (theme) parks, museums, sightseeing tours), transportation provider (e.g. car rentals, cruises, trains, flights, bus tours, transfers), tour operators, travel insurances, and any other travel or related product or service as from time to time available for Trip Reservation on the platform.

“Trip Service” refers to the online purchase, order, (facilitated) payment, or reservation service as offered or enabled by Booking.com in regards to various products and services as from time to time made available by Trip Providers on the platform.

“Trip Reservation” refers to the order, purchase, payment, booking, or reservation of a Trip.


What kind of personal data does Booking.com collect?

We can’t help you book the perfect Trip without information, so when you use our services there are certain things we ask for. This is typically routine info – your name, preferred contact details, the names of the people traveling with you, and your payment info. You might also decide to submit additional info related to your upcoming Trip (e.g. your anticipated arrival time).

In addition to this, we also collect info from the computer, phone, tablet, or other device you use to access our services. This includes the IP address, the browser used, and your language settings. There are also situations when we receive info about you from others or automatically collect other info.

This is the general overview but if you’d like to know more about the information we collect, we go into more detail below.

Read more about the personal data we collect

Why does Booking.com collect and use your personal data?

The main reason we ask for personal details is to help you organize your online Trip Reservations and ensure you get the best possible service.

We also use your personal data to contact you about the latest deals, special offers, and other products or services we think you might be interested in. There are other uses, too. If you’d like to find out what they are, read on for a more detailed explanation.

Read more about why Booking.com collects your data

How does Booking.com share your data with third parties?

There are different parties integrated into Booking.com’s services, in various ways and for various reasons. The primary reason we share your data is to provide the Trip Provider with the relevant info to complete your Trip Reservation.

We also involve other parties to provide you with the Booking.com services. This includes, for example, financial institutions, advertisers, subsidiaries of the Booking.com corporate group, and the other companies that form the Booking Holdings Inc. corporate group. Or, in some cases, if we’re required to by law, we might share your data with governmental or other authorities

Below, we go into more detail about how the information you share with us is used and exchanged with these parties.

Read more about how data is shared with third parties

How is your personal data shared within the Booking Holdings Inc. corporate group?

Booking.com is part of the Booking Holdings Inc. corporate group. Read on to find out more about how your data may be shared within the Booking Holdings Inc. corporate group.

Read more about data within Booking Holdings Inc.

How is your personal data shared and further processed for ground transport services?

Booking.com and Rentalcars.com—also part of the Booking Holdings Inc. group of companies—jointly use your data to offer you ground transport services via the Booking.com websites and apps (such as cars.booking.com or taxi.booking.com). Read more to understand the scope and limited nature of our joint responsibility.

Read more about data and our ground transport services

How is your personal data shared and further processed for insurance services?

We work with different parties when offering insurance services. Follow the link below to understand how your data is used and shared for insurance purposes and learn about the responsibilities of the parties involved.

Read more about data and insurance products and services

How does Booking.com process communications that you and your Trip Provider may send via Booking.com?

Booking.com can help you and Trip Providers exchange info or requests about services and existing Trip Reservations through the Booking.com platform. If you want to find out more about how Booking.com receives and handles these communications, read on here.

Read more about how these communications are processed

How does Booking.com make use of mobile devices?

We offer free apps that we also collect and process personal data through. This works in much the same way as our website, but they also allow you to benefit from the location services available on your mobile device(s).

Read more about how we use data from mobile devices

How does Booking.com make use of social media?

The use of social media may be integrated into Booking.com services in various ways. These will involve us collecting some of your personal data or the social media provider receiving some of your information. We don’t use WhatsApp or similar third-party services to request booking or payment confirmations.

Read more about how we use social media data

How does Booking.com use artificial intelligence and make automated decisions?

Booking.com is always looking for opportunities to innovate and improve the services offered to you. In some cases, we may use new technologies like artificial intelligence (AI) and decision automation systems.

Read more about how we use AI and make automated decisions

What security and retention procedures does Booking.com put in place to safeguard your personal data?

We’ve implemented a range of procedures to prevent unauthorized access to and the misuse of personal data that we process.

Read more about security and retention procedures

How does Booking.com treat personal data belonging to children?

Unless indicated otherwise, Booking.com is a service you're only allowed to use if you're over 18 years of age. We only process information about children with the consent of their parents or legal guardians, or when the information is shared with us by the parents or legal guardians themselves.

Read more about the personal data of under 18s

How can you control the personal data you’ve given to Booking.com?

Among others, you have the right to review the personal data we keep about anytime and request access to or deletion of your personal data by submitting this form. To find out more about your rights to control your personal data, read on.

Read more about how you can control your personal data

Who is responsible for the processing of personal data on the Booking.com website and apps?

Booking.com B.V., located in Amsterdam, The Netherlands, controls the processing of personal data for the provision of its services. That includes its websites and mobile apps, except for some exceptions that are clarified in this privacy statement.

Read more about Booking.com B.V.'s responsibility for personal data

Country-specific provisions

Depending on the law that applies to you, we may be required to provide some additional info. If applicable, you’ll find additional info for your country or region below.

Read more about country-specific provisions


What kind of personal data does Booking.com collect?

Okay, so you’re looking for some more in-depth info. Here’s a closer look at what we collect.

Personal data you give to us.

Booking.com collects and uses the info you provide us. When you make a Trip Reservation, you are (at a minimum) asked for your name and email address.

Depending on the Trip Reservation, we may also ask for your home address, telephone number, payment information, date of birth, current location (in the case of on-demand services), the names of the people traveling with you, and any preferences you might have for your Trip (such as dietary or accessibility requirements). In some cases, you may also be able to check-in online with the Trip Provider, for which we will ask you to share passport information or a driver’s license and signatures.

If you need to get in touch with our customer service team, contact your Trip Provider through us, or reach out to us in a different way (such as social media or via a chatbot); we’ll collect information from you there, too. This applies whether you are contacting us with feedback or asking for help using our services.

You might also be invited to write reviews to help inform others about the experiences you had on your Trip. When you write a review on the Booking.com platform, we’ll collect any information you’ve included, along with your first name and avatar (if you choose one).

There are other instances where you’ll provide us with information as well. For example, if you’re browsing with your mobile device, you can decide to allow Booking.com to see your current location or grant us access to some contact details. This helps us to give you the best possible service and experience by, for example, showing you our city guides, suggesting the nearest restaurants or attractions to your location, or making other recommendations.

If you create a user account, we’ll also store your personal settings, uploaded photos, and reviews of previous bookings there. This saved data can be used to help you plan and manage future Trip Reservations or personalized recommendations or benefit from other features only available to account holders (such as incentives or other benefits).

You can also choose to add details from your identification documents to your user accounts, so you don’t have to submit this info for each individual Trip Reservation.

We may offer you referral programs or sweepstakes, and participating in these will mean providing us with relevant personal data.

Personal data you give us about others.

If you have a Booking.com for Business account, you can keep an address book there to make it easier to plan and manage business travel arrangements for others.

If you make a Trip Reservation for another person, other people, or together with others, you may share personal data about others in relation to the Trip Reservation.

In some cases, you might use Booking.com to share information with others. This can take the form of sharing a wishlist or participating in a referral program, as described when you use the relevant feature.

At this point, we have to make it clear that it’s your responsibility to ensure that the person or people you have provided personal data about are aware you’ve done so, and that they can understand how Booking.com uses their information (as described in this Privacy Statement).

Personal data we collect automatically.

Whether or not you end up making a Trip Reservation, when you visit our websites or apps we automatically collect certain information. This includes your IP address, the date and time you accessed our services, and information about your computer’s hardware and software (such as the operating system, the internet browser used, software/application version data, and your language settings). We also collect information about clicks and which pages have been shown to you, for instance, via the cookies that we drop.

If you’re using a mobile device, we collect data that identifies the device, as well as data about your device-specific settings and characteristics, app crashes, and other system activity. When you make a Trip Reservation using this kind of device, our system registers how you made your reservation (on which website), and/or which site you came from when you entered the Booking.com website or app.

Personal data we receive from other sources.

It’s not just the things you tell us, though – we may also receive information about you from other sources. These can include business partners, such as affiliate partners, subsidiaries of the Booking.com corporate group, other companies in the Booking Holdings Inc. corporate group, and other independent third parties.

Information we receive from these partners may be used together with other information provided by you. For example, Booking.com Trip Reservation services are not only made available via Booking.com and the Booking.com apps, but are also integrated into services of affiliate partners you can find online. When you use any of these services, we may receive data about your Trip Reservation from our affiliate partners.

We also integrate with third-party service providers to facilitate payments between you and Trip Providers. These service providers share payment information so we can administer and handle your Trip Reservation.

Additionally, we collect information in the regrettable case that we receive a complaint about you from a Trip Provider, for example, in the case of misconduct. In case of concerns about integrity and/or safety incidents against our guests, our partners, or Booking.com, Booking.com collects information from publicly available sources to prevent or detect harm. We can't prevent that some of that information may contain special categories of personal data.

Another way we might receive data about you is through the communication services integrated into our platforms. These communication services offer you a way to contact the Trip Provider you’ve booked with to discuss your stay. In some cases, we receive metadata about these communication activities (such as who you are, where you called from, and the date and length of the call).

We may also receive information about you in order to show you more relevant ads, such as the additional cookie data Booking.com social media partners make available to us. Please read the section Why does Booking.com collect and use your personal data? for more information.

When you link your Booking.com user account to your social media account, you might trigger exchanges of data between Booking.com and that social media provider. You can always choose not to share that data.

Trip Providers may share info about you with Booking.com, too. This could happen if you have support questions about a pending Trip Reservation, or if disputes or other issues arise about a Trip Reservation.


Why does Booking.com collect and use your personal data?

We use the info collected about you for various purposes. Your personal data may be used in the following ways:

  1. Trip Reservations: First and foremost, we use your personal data to complete and administer your online Trip Reservation – which is essential for us to provide this service for you. This includes sending you communications that relate to your Trip Reservation, such as confirmations (including, where applicable, providing you with a proof of purchase and/or payment), modifications, and reminders. In some cases, this may also include processing your personal data to enable online check-in with the Trip Provider or processing personal data in relation to possible damage deposits.

  2. Customer service: We provide international customer service from our local offices in more than 20 languages and are here to help 24/7. Sharing relevant details such as reservation info or info about your user account with our global customer service staff allows us to respond when you need us. This includes helping you to contact the right Trip Provider and responding to any questions you might have about your Trip Reservation (or any other questions, for that matter).

  3. Account facilities: Booking.com users can create an account on our website or apps. We use the info you give us to administer this account, enabling you to do a number of useful things. You can manage your Trip Reservations, take advantage of special offers, make future Trip Reservations easily, and manage your personal settings.

    Managing personal settings lets you keep and share lists, share photos, view previously searched Trip Services, and check other travel-related info you've provided. You can also see any reviews you’ve written.

    If you want, you can share certain information as part of your user account by creating a public profile under your own first name or a screen name you choose. If you're logged in to your account and you want to create a Business account, we may use your name and email address to pre-fill the sign up form.

    If you’re a Booking.com for Business account holder, you can also save contact details under that account, manage business reservations, and link other account holders to the same Booking.com for Business account.

  4. Online groups: We may give account holders the chance to connect and interact with each other through online groups or forums.

  5. Marketing activities: We use your contact information, reservation details, account information, browsing data, location data, and preferences for marketing activities. These activities include:

    1. Using your contact information and (collected via cookies and similar tracking technologies) your interaction with the Booking.com platform to send you personalized marketing messages (e.g. via push notifications or email) from Booking.com, including promotions, search assistant messages, Genius and other rewards, travel experiences, surveys, and updates about Booking.com’s products and services. You can unsubscribe from receiving email marketing communications quickly and easily at any time. Just click the "Unsubscribe" link included in each newsletter or other communication, or manage your preferences via your account settings.

    2. Based on your interaction on the Booking.com platform (collected via cookies and similar tracking technologies), personalized marketing from Booking.com including promotions, search assistant messages, Genius and other rewards, travel experiences, surveys, and updates about Booking.com’s products and services might be shown to you on or about the Booking.com website, on mobile apps, or on third-party websites/apps (including social media sites), and the content of the site displayed to you might be personalized. These could be offers and recommendations we think you might find interesting that you can book directly on the Booking.com platform, on co-branded sites, or on other third-party sites. Some of these recommendations may be produced on the basis of personal data we collected from you during different visits to our platform and/or on different devices, even when you are not logged in. Our How we work page contains more information on our Ranking and Recommender systems, including how you can manage your personalization preferences.

    3. When you participate in other promotional activities (such as sweepstakes, referral programs, or competitions), only relevant information will be used to administer these promotions.

  6. Communicating with you: There might be times when we get in touch, including by email, by push notification, by chatbot, by mail, by phone, or by text, and/or process communications you send us.

    There could be a number of reasons for this, including:

    1. Responding to and handling any requests you or your booked Trip Provider have made. Booking.com also offers customers and Trip Providers various ways to exchange information, requests, and comments about Trip Providers and existing Trip Reservations via Booking.com. For more information, read the section titled “How does Booking.com process communications that you and your Trip Provider send through Booking.com?.”

    2. If you have started but not finished a Trip search or Reservation online, we might contact you to invite you to continue with your search or reservation. We believe this additional service benefits you as it allows you to pick up the process where you left off without having to search for a Trip Provider or fill in your reservation details again.

    3. When you use our products and services, we might send you a questionnaire or invite you to provide a review about your experience with Booking.com or the Trip Provider.

    4. We also send you other material related to your Trip Reservations, such as how to contact Booking.com if you need assistance while you’re away, and information that we feel might be useful to you in planning or making the most of your Trip. We might also send you material related to upcoming Trip Reservations or a summary of previous Trip Reservations you made through Booking.com.

    5. Even if you don’t have an upcoming Trip Reservation, we may still need to send you administrative messages, which could include security alerts.

    6. In the case of misconduct, we may send you a notice and/or warning.

  7. Market research: We sometimes invite our customers to take part in market research. Review the info that accompanies this kind of invitation to understand what personal data will be collected and how it’s used.

  8. Improving our services: We use personal data for analytical purposes and product improvement, such as offering a more personalized experience based on how you or customers like you with similar interests use our platform for booking your chosen accommodation with us. Further, we may process your user ID, which is linked to the email address used to create your account, for the purpose of measuring the audience visiting our websites. Your personal data may also be used for the development and enhancement of our machine-learning models and artificial intelligence tools. This is part of our commitment to making our services better and enhancing the user experience.

    In this case, we use data for testing and troubleshooting purposes, as well as generating statistics about our business. The main goal here is to get insights into how our services perform, how they are used, and ultimately to optimize and customize our website and apps, making them easier and more meaningful to use. As much as possible, we strive to use anonymized and de-identified personal data for this analytical work.

    In order to achieve this purpose, we may combine personal data we collect from you during different visits to our platform or visits on different devices, even when you are not logged in.

  9. Providing the best price applicable to you, depending on where you are based: When you search our apps or website (e.g. to find an accommodation, rental car, or flight), we process your IP address to confirm whether you’re in the European Economic Area (EEA) or another country. We do this to offer you the best price for the region (EEA) or country (non-EEA) where you’re based.

  10. Customer reviews and other destination-related info: During and after your Trip, we might invite you to submit a review. We can also make it possible for the people you’re traveling with or whom you booked a reservation for to do this instead. This invite asks for information about the Trip Provider or the destination.

    If you have a Booking.com account, you can choose to display a screen name next to your review, instead of your real name. If you’d like to set a screen name, you can do that in your account settings. Adding an avatar is also possible.

    By completing a review, you’re agreeing that it can be displayed (as described in detail in our Terms and Conditions) on, for example, the relevant Trip Provider information page on our websites, on our mobile apps, on our social media accounts and social media apps, or on the online platform of the relevant Trip Provider or business partner’s website. This is to inform other travelers about the quality of the Trip Service you used, the destination you have chosen or any other experiences you choose to share.

  11. Call monitoring: When you make calls to our customer service team, Booking.com uses an automated telephone number detection system to match your telephone number to your existing reservations. This helps save time for both you and our customer service staff. However, our customer service staff may still ask for authentication, which helps to keep your reservation details confidential.

    During calls with our customer service team, live listening might be carried out or calls might be recorded for quality control and training purposes. This includes the usage of the recordings for the handling of complaints, legal claims, and for fraud detection.

    We do not record all calls. In the case that a call is recorded, each recording is kept for a limited amount of time before being automatically deleted. This is unless we have determined that it’s necessary to keep the recording for fraud investigation or legal purposes. You can read more about this below.

  12. Promotion of a safe and trustworthy service: To create a trustworthy environment for you, the people you bring with you on your Trip, Booking.com’s business partners, our Trip Providers, and Booking.com, we continuously analyze and use certain personal data to detect and prevent fraud and other illegal or unwanted activities. In the unlikely event of concerns about integrity and/or safety incidents, we consult publicly available information. During this, we can't prevent that some of that information may include special categories of personal data.

    Similarly, we use personal data for risk assessment and security purposes, including when you report a safety concern, for the authentication of users and reservations, or when others report a fraud or safety incident about you. When we do this, we may have to stop or put certain Trip Reservations on hold until we’ve finished our assessment. For the purposes of detecting and preventing fraud and harm, and protecting our guests, business partners, Trip Providers, and Booking.com, we may use your contact information, reservation details, reviews, account information, browsing data, location data, communications data, or other information that you or another person has provided to Booking.com. If we have concerns about serious misconduct, we may decide to cancel your upcoming reservations or to decline future reservations via our platform.

  13. Legal purposes: In certain cases, we may need to use your information to handle and resolve legal claims and disputes, for regulatory investigations and compliance, to enforce the Booking.com online reservation service terms of use, or to comply with lawful requests from law enforcement.

    Providing your personal data to Booking.com is voluntary. However, we may only be able to provide you with certain services if we can only collect some personal data. For instance, we can’t process your Trip Reservation if we don’t collect your name and contact details.

To process your personal data as described above, we rely on the following legal bases:

As applicable, for purpose A and B, Booking.com relies on the legal basis that the processing of personal data is necessary for the performance of a contract, specifically to finalize and administer your Trip Reservation.

If the required personal data is not provided, Booking.com cannot finalize the Trip Reservation, nor can we provide customer service. In view of purposes C to L, Booking.com relies on its (or third parties’) legitimate interest, to provide and improve services and to prevent fraud and other illegal acts (as set out more specifically under C to L). Moreover, in the unlikely event Booking.com would process special categories of personal data in the context of purpose L, Booking.com relies, where applicable, on the fact that processing relates to personal data which are manifestly made public by the data subject.

When using personal data to serve Booking.com’s or a third party's legitimate interest, Booking.com will always balance your rights and interests in the protection of your personal data against Booking.com’s rights and interests or those of the third party. For purpose M, Booking.com also relies, where applicable, on compliance with legal obligations (such as legal law enforcement requests).

Where needed under applicable law, Booking.com will obtain your consent (or as otherwise required by law) prior to processing your personal data, including for cookies and similar tracking technologies and marketing messaging purposes.

We may use your personal data to develop and train artificial intelligence models and/or systems (AI) where the purpose of collecting your data is to provide or improve our services to you. The legal bases for using AI which we rely on are:

  • Beyond preventing and detecting fraud attempts, we may have a legitimate interest in developing AI to improve the efficiency and quality of our products and services. We always consider whether your rights and freedoms are infringed and will only proceed where this legitimate interest is not overridden by your rights.

  • In other cases where we may use AI, we will seek your consent where this is required.

If you wish to object to the processing set out under C to L or, where applicable, to the use of your personal data in the context of AI and no opt-out mechanism is available to you directly (for example, in marketing emails or your account settings), please contact us at dataprotectionoffice@booking.com or go to the form.


How does Booking.com share your data with third parties?

In certain circumstances, we’ll share your personal data with third parties. These third parties include:

  1. The Trip Provider You Booked: In order to complete your Trip Reservation, we transfer relevant reservation details to the Trip Provider you've booked. This is one of the most essential things we do for you.

    Depending on the Trip Reservation and Trip Provider, the details we share can include your name, contact and payment details, the names of the people accompanying you, and any other info or preferences you specified when you made your Trip Reservation.

    In certain cases, we also provide some additional historical info about you to the Trip Provider. This includes whether you’ve already booked with them in the past, the number of completed bookings you’ve made with Booking.com, a confirmation that no misconduct has been reported about you, the percentage of bookings you’ve canceled in the past, or whether you’ve given reviews about past bookings.

    If you have a question about your Trip, we may contact the Trip Provider to handle your request. Unless payment is made during the booking process, via the Booking.com website, we will forward your credit card details to the booked Trip Provider for further handling (assuming you’ve provided us with those details).

    In cases of Trip Reservation-related claims or disputes, we may provide the Trip Provider with your contact details and other information about the booking process, as needed to resolve the situation. This can include, but might not be limited to, your email address and a copy of your reservation confirmation as proof that a Trip Reservation was made or to confirm reasons for cancellation.

    For completeness, Trip Providers will further process your personal data outside of the control of Booking.com. Trip Providers may also ask for additional personal data, for instance to provide additional services, or to comply with local restrictions. If available, please read the Privacy Statement of the Trip Provider to understand how they process your personal data.

  2. Connectivity Providers: Note: Certain Trip Providers may need us to share your personal data with a contracted Connectivity Provider in order to be able to finalize and administer your reservation. Connectivity providers act on behalf of Trip Providers and help them to manage their reservations.

  3. Your local Booking.com office: To support the use of Booking.com services, your details may be shared with subsidiaries of the Booking.com corporate group, including for customer service. To find out more about the Booking.com corporate group, visit About Booking.com.

  4. Third-party service providers: We use service providers outside of the Booking.com corporate group to support us in providing our services. These include:

    • Customer support

    • Market research

    • Fraud detection and prevention (including anti-fraud screening)

    • Insurance claims

    • Payment

      We use third parties to process payments, handle chargebacks, or provide billing collection services. When a chargeback is requested for your Trip Reservation, either by you or by the holder of the credit card used to make your reservation, we need to share certain reservation details with the payment service provider and the relevant financial institution so they can handle the chargeback. This may also include a copy of your reservation confirmation or the IP address used to make your reservation. We may share information with relevant financial institutions, if we consider it strictly necessary for fraud detection and prevention purposes.

      When a chargeback is requested for your Trip Reservation, either by you or by the holder of the credit card used to make your reservation, we need to share certain reservation details with the payment service provider and the relevant financial institution so they can handle the chargeback. This may also include a copy of your reservation confirmation or the IP address used to make your reservation.

      We may also share information with relevant financial institutions, if we consider it strictly necessary for fraud detection and prevention purposes.

    • Marketing services

      We share personal data with advertising partners, including your email address, IP address, and telephone number, as part of marketing Booking.com services via third parties (to ensure that relevant advertisements are shown to the right audience). We use techniques such as hashing to enable the matching of your email address, IP address, and/or telephone number with an existing customer database, to prevent this data from being used for other purposes. For info on other personalized advertisements and your choices, read our Cookie Statement.

    • Advertising partners

      We use advertising partners, such as metasearch providers, to allow you to compare our offers with offers from other Online Travel Agencies (OTAs). When you make a reservation on Booking.com after using an advertising partner, we will send the details of the reservation that you made on Booking.com to that partner.

  5. Other professional third parties: In certain cases (such as disputes or legal claims or as part of auditing activities), we may need to share your personal data with professional advisors. These advisors include parties such as law firms or auditors. We only share your personal data to the extent that is necessary and such third parties process this data in line with their own professional obligations.

  6. Competent authorities: We disclose personal data to law enforcement to the extent that it is required by law or is strictly necessary for the prevention, detection, or prosecution of criminal acts and fraud. We may need to further disclose relevant personal data to competent authorities (including tax authorities and municipalities) to comply with a legal obligation (for example, under short-term rental laws), to protect and defend our rights, or the rights and properties of our business partners.

  7. Business partners: We work with many business partners around the world. These business partners distribute and advertise Booking.com services, including the services and products of our Trip Providers.

    When you make a reservation on one of our business partners’ websites or apps, certain personal data that you give them, such as your name and email address, your address, payment details, and other relevant information, may be forwarded to us to finalize and manage your Trip Reservation.

    If customer service is provided by the business partner, Booking.com will share relevant reservation details with them (as and when needed) in order to provide you with appropriate and efficient support.

    When you make a reservation through one of our business partners’ websites, the business partners can receive certain parts of your personal data related to the specific reservation and your interactions on these partner websites. This is for their commercial purposes.

    When you make a reservation on a business partner’s website, take the time to read their privacy notice if you’d like to understand how they process your personal data. With these business partners, we may act as joint controllers. If you choose to exercise your data subject rights with our business partners, we may collaborate to ensure an adequate response to your request.

    For fraud detection and prevention purposes, we may also exchange information about our users with business partners – but only when strictly necessary.

    If an insurance claim is made concerning you and a Trip Provider, we may provide the necessary data (including personal data) to the insurance company for further processing.

    • Partner Offer: We may present you with a “Partner Offer.” When you book a stay marked “Partner Offer,” your reservation will be facilitated by a Trip Provider who is separate from the accommodation you’re booking. As part of the reservation process, we’ll need to share some relevant personal data with this business partner.

      If you book a Partner Offer, review the information provided in the booking process or check your reservation confirmation for more information about the Trip Provider and how they will further process your personal data.

  8. The Booking Holdings Inc. corporate group: Read about how we share your personal data with the Booking Holdings Inc. corporate group.

Booking.com is a global business. The data that we collect from you, as described in this Privacy Statement, could be made accessible from, transferred to or stored in countries which may not have the same data protection laws as the country in which you initially provided the information. In such cases, we will protect your data as described in this Privacy Statement.

This may also be applicable if you are in the European Economic Area (EEA). Countries your data may be transferred to may not have laws that provide the same level of protection for your personal data as laws within the EEA. Where this is the case, we will put appropriate safeguards in place to make sure that these transfers comply with relevant European regulations.

In particular, when your data is transferred to third-party service providers, we establish and implement appropriate contractual, organizational, and technical measures with them. This is done by putting in place Standard Contractual Clauses as approved by the European Commission, by examining the countries to which the data may be transferred, and by imposing specific technical and organizational security measures.

In certain specific cases, we transfer your data outside the EEA because it is in your interest or is necessary to conclude or perform the contract we have with you. For example, when you make a reservation on Booking.com or through a business partner, we might need to transfer your data to a Trip Provider or business partner who is located outside the EEA.

You can ask us to see a copy of our implemented safeguards (where possible) by contacting us at dataprotectionoffice@booking.com.


How is your personal data shared within the Booking Holdings Inc. corporate group?

Booking.com is part of the Booking Holdings Inc. corporate group. More information is available at Bookingholdings.com.

We may receive personal data about you from other companies in the Booking Holdings Inc. corporate group, or share your personal data with them, for the following purposes:

  1. To provide services (including to make, administer, and manage reservations or handle payments)

  2. To provide customer service

  3. To detect, prevent, and investigate fraudulence or other illegal activities and data breaches

  4. For analytical and product improvement purposes where permitted by applicable law;

  5. To send you personalized offers or marketing with your consent, or as otherwise permitted by applicable law

  6. For hosting, technical support, overall maintenance, and maintaining security of such shared data

  7. To ensure compliance with applicable laws

As applicable and unless indicated otherwise, for purposes A to F, Booking.com relies on its legitimate interests to share and receive personal data. For purpose G, Booking.com relies, where applicable, on compliance with legal obligations (such as lawful law enforcement requests). In the EEA, Booking also ensures that data flows between companies in the Booking Holdings Inc. corporate group comply with relevant European regulations such as the Digital Markets Act.

For example, Booking.com works closely with Rentalcars.com to offer ground transportation services to customers. For more info, read How is your personal data shared and further processed for ground transport services?

All companies within the Booking Holdings Inc. group of companies may need to exchange personal customer data to ensure all users are protected from fraudulent activities on its online platforms.


How is your personal data shared and further processed for ground transport services?

Booking.com Transport Limited, trading as Rentalcars.com, is a private limited liability company, incorporated under the laws of the United Kingdom with offices at 6 Goods Yard Street, Manchester, M3 3BG, United Kingdom.

Booking.com and Rentalcars.com (both part of the Booking Holdings Inc. group of companies) work together closely to offer you ground transport services via Booking.com websites and apps, such as cars.booking.com or taxi.booking.com.

The ground transportation services offered by Booking.com websites and apps are operated by Rentalcars.com, under the Booking.com brand. This means that when you're booking or browsing for ground transport services via the app or website, Booking.com and Rentalcars.com are collectively responsible for the collection and use of your personal data.

In addition to the data we process to allow you to search for ground transport services and make your booking, Booking.com and Rentalcars.com can also use your personal data independently. This is in line with the purposes set out in this Privacy Statement and the Rentalcars.com Privacy Notice.

For further information about the relationship between Booking.com and Rentalcars.com, and to exercise your rights regarding your personal data that is collected via the Booking.com websites and apps, please feel free to contact Booking.com at any time. You can do this via the email address under “Who is responsible for the processing of personal data via Booking.com and how to contact us?”.


How is your personal data shared and further processed for insurance services?

Booking.com Distribution B.V. is a sister company of Booking.com with registered offices at Oosterdokskade 163, 1011 DL, Amsterdam, The Netherlands. Booking.com and Booking.com Distribution B.V. work closely together to offer customers different insurance products and services for Trip Reservations – for example, room cancellation insurance.

The offering of insurance can involve multiple parties, such as intermediaries, underwriters, and other agents. Where Booking.com Distribution B.V. is involved, it will act as the intermediary and authorized agent or appointed representative (depending on the jurisdiction) on behalf of the insurer, by offering insurance products and services to Booking.com customers.

Please review the information provided during the booking process for more information about Booking.com Distribution B.V and the parties who work together with Booking.com to offer you these products and services. The details of the insurer will be visible in the insurance policy and related documentation provided to you.

When offering insurance, Booking.com and Booking.com Distribution B.V. may have to use and share personal data that is relevant to the insurance product. This data relates to you as a potential or actual policyholder, the beneficiaries under a policy, family members, claimants, and other parties involved in a claim:

  • To provide offers, arrange insurance cover and handle insurance claims, some personal data, provided to us during the booking process, (“General Order Data”) may have to be shared with Booking.com Distribution B.V.. You may also be asked to provide additional information, such as names of family members or other beneficiaries or details about a claim (“Insurance-Specific Data”).

  • If you make a claim under an insurance policy, this claim may be directly handled by the insurer. This means that you may be asked to provide personal data in order to submit the claim directly to them. The insurer will inform you accordingly at the point of collection of your information. When your claim is handled by the insurer, Booking.com may receive information about the status of your claim in order to provide you with customer support services.

When Booking.com Distribution B.V. acts as an intermediary for insurance products and services via Booking.com, the two companies are jointly responsible for the collection of Insurance-Specific Data and its transmission from Booking.com to Booking.com Distribution B.V. However, Booking.com Distribution B.V. acts as the sole controller for any processing outside of the Booking.com B.V. systems. Any personal data collected by Booking.com for insurance purposes will be processed as set out in this Privacy Statement.

For further information about the relationship between Booking.com and Booking.com Distribution B.V., and to exercise your rights regarding personal data that is collected via the Booking.com website and apps, please contact us.

How does Booking.com process communications that you and your booked Trip Provider may send via Booking.com?

Booking.com can offer you and Trip Providers various ways to communicate about the Trip Services and existing Trip Reservations, directing the communications via Booking.com. This also allows you and your Trip Provider to contact Booking.com with questions about your Trip Reservation through the website, our apps, and the other channels that we provide.

Booking.com accesses communications and may use automated systems to review, scan, and analyze communications for the following reasons:

  • Security purposes

  • Fraud prevention

  • Compliance with legal and regulatory requirements

  • Investigations of potential misconduct

  • Product development and improvement

  • Research

  • Customer engagement (including to provide you info and offers that we believe might interest you)

  • Customer or technical support

We reserve the right to review or block the delivery of communications that we, at our sole discretion, believe might contain malicious content or spam, or pose a risk to you, Trip Providers, Booking.com, or others.

All communications sent or received using Booking.com communication tools will be received and stored by Booking.com. Trip Providers and Business partners you’ve booked a Trip Reservation through might also choose to communicate with you directly by email or through other channels that Booking.com does not control.


How does Booking.com make use of mobile devices?

We offer free apps for a range of different mobile devices, as well as versions of our regular website that are optimized for browsing on a phone and tablet.

These apps and mobile websites process the personal details you give us in a similar way that our website does. They also allow you to use location services to find Trip Services nearby, if you want.

With your consent, we may send you push notifications with information about your Trip Reservation. You can also grant us access to your location data or contact details in order to provide services you request. If you upload pictures to our platform, these pictures may include location information (known as metadata) as well. Please read your mobile device’s instructions to understand how to change your settings and control the sharing of this category of data.

When you choose to use our “Voice Assistant” to search our services or manage your bookings, your speech will be anonymously translated into text by a third-party service provider. You will need to give us access to your device's microphone to use this feature.

In order to optimize our services and marketing activities, and to make sure we give you a consistent user experience, we use something known as “cross-device tracking.” This can be done with or without the use of cookies. For more general information about cookies and other similar technologies, please see our Cookie statement.

With cross-device tracking, Booking.com is able to track user activity across multiple devices. As part of cross-device tracking, we may combine data collected from a particular browser or mobile device with data from another computer or device used by the same customer.

In order to optimize the content of the Booking.com newsletter, we combine searches and reservations made from different computers and devices. You can unsubscribe from the Booking.com newsletter at any time.

Personalized ads shown to you on other websites or in apps can be offered based on your activities on linked computers and devices. By changing the cookie settings on your device (see our Cookie statement under “What are your choices?”), you can change your cross-device tracking settings for advertisement purposes. You should know that logging out of your Booking.com account doesn’t mean that you will no longer receive personalized ads.


How does Booking.com make use of social media?

At Booking.com, we use social media in different ways. We use it to facilitate the use of online reservation services, to promote our Trip Providers’ travel-related products and services, and to advertise, improve, and facilitate our own services.

The use of social media features can result in the exchange of personal data between Booking.com and the social media service provider, as described below. You’re free to not use any of the social media features available to you.

  1. Sign in with your social media account. We offer you the opportunity to sign in to a Booking.com user account with one of your social media accounts. We do this to reduce the need for you to remember different usernames and passwords for different online services.

    After you’ve signed in once, you’ll be able to use your social media account to sign into your Booking.com account. You can decouple your Booking.com user account from your chosen social media account any time you want to.

  2. Integration of social media plugins: We have also integrated social media plugins into the Booking.com website and apps. This means that when you click or tap on one of the buttons (such as Facebook’s “Like” button), certain information is shared with these social media providers.

    If you’re logged into your social media account when you click or tap one of these buttons, your social media provider may relate this information to your social media account. Depending on your settings, they might also display these actions on your social media profile, to be seen by others in your network.

  3. Other social media services and features. We may integrate other social media services (e.g. social media messaging) for you to interact with Booking.com or your contacts about our services.

    We may maintain social media accounts and offer apps on several social media sites. Whenever you connect with Booking.com through social media, your social media service provider may allow you to share information with us.

    If you choose to share, your social media provider will generally inform you about which information will be shared. For example, when you sign into a Booking.com user account using your social media account, certain information from that account may be shared with Booking.com. This includes your email address, your age, and the profile pictures you’ve saved—depending on what you authorize in your social media account.

When you register with a Booking.com social media app or connect to a social media messaging service without a Booking.com user account, the information you choose to share with us may include the basic information available in your social media profile (including your email address, status updates and a list of your contacts).

We’ll use this information to help provide you with the service you requested – for example, to forward a message you want to send to your contacts or to create a personalized user experience in the app or on our websites. It means that if you want us to, we can tailor our services to suit your needs, connecting you and your friends with the best travel destinations and analyzing and improving our travel-related services. Note that we don’t use WhatsApp or similar third-party services to request booking or payment confirmations. If you receive, for example, a WhatsApp message asking you to follow a link to guarantee your booking or complete a related payment, do not reply to the message or follow that link. Instead, report the message to our Customer Service team.

Your social media provider will be able to tell you more about how they use and process your data when you connect to Booking.com through them. This can include combining the personal data they collect when you use Booking.com through them with info they collect when you use other online platforms also linked to your social media account.

If you decide to connect using your Facebook or Google account, review the following links for info about how these parties use data they receive: Facebook and Google.


How we use artificial intelligence and make automated decisions

We are always looking for opportunities to innovate and improve the customer experience by using new technologies such as AI. We currently use AI for the following purposes:

  1. Promotion of a safe and trustworthy service and prevention of fraud.

  2. Showing you the most relevant content. We use AI to improve the customer experience and personalization on our platforms (such as providing you with summarized reviews). This may include sending you details of a trip we think you would be interested in (where you have consented to this communication) and ranking search results to put the best matches at the top of your feed.

    Our How we work page contains more information on our recommendation systems, including on how you can manage your personalization preferences.

  3. Improving our services. We use AI to improve trip services in accordance with the details set out in the section Why does Booking.com collect and use your personal data? This includes the identification of trends, monitoring platform operations, troubleshooting our websites and apps, and improving the services we offer you.

  4. Developing AI interactive chats to allow you to ask questions about a trip or service and receive AI-generated relevant responses or itinerary suggestions.

  5. Improving the effectiveness of the other purposes set out in this privacy statement.

We assess our AI against data protection principles, such as minimization, accuracy, and purpose limitation. We take steps to prevent data inaccuracies, harm, and biases from our use of AI.

See the section titled What security and retention procedures does Booking.com put in place to safeguard your personal data? for more information regarding the safeguards we have implemented which will also apply to personal data we process to train or use AI.

In most cases, the use of AI will not result in an automated decision being made about you. When we provide you with a trip recommendation using AI, this is only a suggestion, and you have control over how this is used.

We do not currently use any solely automated systems to make a decision about you which would result in a legal or similarly significant effect on you. We will inform you if this changes and will ensure that we have implemented suitable measures to safeguard your rights and freedoms. Sometimes, AI will contribute to a decision we make. AI that is used to inform or monitor the platform, for example, for fraud attempts, will not autonomously make any decision that will have a significant impact on you. Where AI identifies a possible issue, a member of our team will complete the review and make an informed decision. In limited cases, we may complete decision-making without human review after we have assessed that the decision would not result in a significant effect on you.

If you would like to know more about our use of AI, contact us as described in the section How can you control the personal data you’ve given to Booking.com?


What security and retention procedures does Booking.com put in place to safeguard your personal data?

We observe reasonable procedures to prevent unauthorized access to and the misuse of personal data.

We use appropriate business systems and procedures to protect and safeguard your personal data. We also use security procedures and technical and physical restrictions for accessing and using the personal data on our servers. Only authorized personnel are permitted to access personal data in the course of their work.

We’ll keep your personal data for as long as is necessary to enable you to use our services or to provide our services to you (including maintaining any Booking.com user accounts you may have), to comply with applicable laws, resolve any disputes and otherwise to allow us to conduct our business, including to detect and prevent fraud and/or other illegal activities. All personal data we keep about you as a Booking.com customer is covered by this Privacy Statement.

For added protection, we strongly recommend that you set up two-factor authentication for your Booking.com user account. This adds an extra authentication step, to make sure that anyone who gets hold of your username and password (e.g., through phishing or social engineering) won’t be able to get into your account. You can set this up in the Security section of your account settings.


How does Booking.com treat personal data belonging to children?

Our services aren’t intended for children under 18 years old, and we’ll never collect their data unless it’s provided by (and with the consent of) a parent or guardian. The limited circumstances we might need to collect the personal data of children under 18 years old include part of a reservation, the purchase of other travel-related services, or other exceptional circumstances (such as features addressed to families). Again, this will only be used and collected as provided by a parent or guardian and with their consent.

If we become aware that we’ve processed the information of a child under 18 years old without the valid consent of a parent or guardian, we will delete it.


How can you control the personal data you’ve given to Booking.com?

We want you to be in control of how your personal data is used by us. You can do this in the following ways:

  1. We want you to be in control of how your personal data is used by us. You can do this in the following ways:

  2. You can ask us for a copy of the personal data we hold about you.

  3. You can inform us of any changes to your personal data, or you can ask us to correct any of the personal data we hold about you. As explained below, you can make some of these changes yourself, online, when you have a user account,

  4. In certain situations, you can ask us to erase, block or restrict the processing of the personal data we hold about you, or object to particular ways in which we are using your personal data,

  5. In certain situations, you can also ask us to send the personal data you've given us to a third party.

  6. Where we use your personal data on the basis of your consent, you’re entitled to withdraw that consent at any time, subject to applicable law.

  7. Where we process your personal data based on legitimate interest or the public interest, you have the right to object to that use of your personal data at any time, subject to applicable law.

We rely on you to make sure that your personal info is complete, accurate, and current. Let us know about any changes to or inaccuracies in your personal info as soon as possible.

If you have a Booking.com user account, you can access a lot of your personal data through our website or apps. You’ll generally find the option to add, update, or remove information we have about you in your account settings.

Users with a Booking.com account can also request that we delete your account through the Booking.com app. Note that app features can vary between operating systems and their third-party software providers.

If any of the personal data we have about you isn’t accessible through our website or apps, you can send us a request.

If you want to exercise your right of access or erasure, all you need to do is complete and submit the Data Subject Request for Booking.com Customers form. For any requests about this Privacy Statement, to exercise any of your other rights, or if you have a complaint, contact our Data Protection Officer at dataprotectionoffice@booking.com. You can also contact your local data protection authority.

If you’d like to object to your personal data being processed on the basis of legitimate interest and there’s no way to opt out directly, please contact us at dataprotectionoffice@booking.com.

If you’d like to contact us by mail, address it to the Data Protection Officer and use the following address: Oosterdokskade 163, 1011 DL, Amsterdam, Netherlands.


Who is responsible for the processing of personal data via Booking.com and how to contact us?

Booking.com B.V. controls the processing of personal data, as described in this Privacy Statement, except where explicitly stated otherwise. Booking.com B.V. is a private limited liability company incorporated under the laws of the Netherlands, and has its offices at Oosterdokskade 163, 1011 DL Amsterdam, Netherlands.

If you have any questions about this Privacy Statement or our processing of your personal data, contact our Data Protection Officer at dataprotectionoffice@booking.com and we’ll get back to you as soon as possible. If you have any questions related to your reservation or you need customer service support, follow this link.

For questions about a reservation, please contact our customer service team through the customer service contact page.

Requests from law enforcement should be submitted using the Law Enforcement process.

Country-specific provisions

Depending on the law that applies to you, we may be required to provide some additional information. If applicable, you will find additional information for your country or region below.

For US residents

If you live in the United States, the information in this section applies to you in addition to other content in this Privacy Statement. This section informs you of certain rights you have in the US, which may be different from those described elsewhere in this Privacy Statement.

In addition to those listed earlier in this Privacy Statement, the categories of personal data we may collect about you include:

  1. Geolocation data (e.g. your physical location)

  2. Sensitive Data (citizen or immigration status, data revealing your race, ethnic origin, religious beliefs, mental or physical health diagnosis, or sexual orientation – if provided by you)

  3. Inferences (e.g. analytics and preferences)

If you would like more information about these categories, the specific types of personal data we collect, or the purposes for which we collect them, read the sections of this Privacy Statement titled "What kind of personal data does Booking.com collect?" and "Why does Booking.com collect and use your personal data?"

To learn more about the receipt of personal data from, and the sharing of personal data with, business partners, read the sections "What kind of personal data does Booking.com collect?" and "How does Booking.com share your data with third parties?"

We may share certain elements of your personal data with third parties, which under US state privacy laws may be considered the sale of personal data. This may include information related to inferences and analytics. We may also share your personal data with service providers who assist us with delivering marketing messages or advertisements.

Find more information about this in the "How does Booking.com share your data with third parties?" sections of our Privacy Statement.

Your rights under privacy laws include the right of access to your personal data, the right to correct your personal data, the right to request deletion of your personal data, and the right to obtain a copy of your personal data. US state privacy laws provide you with certain additional rights, which include the right to opt out of: the sale of your personal data, targeted advertising, and profiling which may have a legal impact on you.

Fill out this DSR form to exercise your right to request access to, obtain a copy of, and to correct or delete your personal data. To opt out of the sale of your personal data, targeted advertising, or profiling, use the Preferences tab on the same DSR form.

Contact us with questions and concerns about this Privacy Statement and our practices or to exercise any of your rights by sending an email to dataprotectionoffice@booking.com with the subject line: "US Resident Privacy Rights – Request".

If you are a parent, legal guardian, or the authorized agent of a consumer and you wish to exercise rights on behalf of a consumer, contact us at dataprotectionoffice@booking.com. We may need to verify your identity and authorization before completing the rights request.

When you exercise your rights, we verify your identity based on whether the name and the email address you provide in the request match the data you provided when using our services and other verification details. You may authorize another individual to exercise opt-out rights on your behalf. If we receive such a request, we will send an email to confirm you authorized the requester to act for you.

Booking.com’s services are not directed at children under the age of 18. Therefore, Booking.com does not intentionally collect the personal data of minors and we do not knowingly sell their personal data without appropriate consent.

U.S. Insurance Privacy Statement

1. Introduction

This Privacy Statement explains how Booking.com B.V., its affiliated companies, subsidiaries, and sister companies (“Booking.com”) collect, use, and disclose your personal information with regard to its sale of insurance products in the United States. This includes the categories of personal information we process and the purposes for which we use it. Throughout this Statement, Booking.com may be referred to as “we,” “us,” “our,” or “Booking.com.”

In the U.S.A., we generally collect personal information as part of providing our insurance products. We, alongside our contracted Insurer, act as a “data controller” as we are each individually responsible for determining how your personal information will be handled for our respective business processes. Accordingly, if you disclose personal information to us in connection with the purchase of an insurance product, we encourage you to review both this Privacy Statement and the Insurer’s privacy notice to understand the full scope of how your personal information will be handled.

2. Does this section apply to you?

If you are a resident of the U.S.A. and are making the purchase of any Booking.com service or product, including an insurance product, then this section will apply to you, in addition to the rest of the Booking.com Privacy Statement. Please refer to the latter for any further questions or concerns regarding the handling of your personal data by Booking.com.

This Statement, together with the Booking.com Privacy Statement, applies to any and all personal information you provide to Booking.com and any and all personal information we collect. This includes when you contact us, visit, or use our websites or applications, visit a Booking.com location, attend a Booking.com event or seminar, request a service from us, or use other services that refer to or link to this Statement. The personal information we collect varies depending upon the nature of the services and insurance products you ultimately decide to purchase and how you interact with us. This Statement may be amended, modified, or supplemented by additional privacy statements, terms, or notices relevant to the applicable services and insurance products purchased. We recommend you visit this page occasionally to make sure you know where you stand.

Specifically, this Statement provides information regarding how your personal information is collected and used for the purposes of offering insurance products to you through Booking.com platforms (including Booking.com’s websites or applications as well as personal information that you provide when you contact Booking.com via email, live chat, phone, or mail).

This Statement does not apply to your use of any third-party sites, products, or services linked to or from our platforms.

3. Consent

By purchasing or using the insurance products and services, or by confirming your consent, you agree to this Statement and this site’s Terms of Use, as well as the Booking.com Privacy Statement. If you do not agree to this Statement, or the site’s Terms of Use, please do not use the insurance products and services as offered by Booking.com. The insurance products and services are not for use within any country or jurisdiction or by any persons where such use would constitute a violation of law. If this applies to you, you are not authorized to access or use any of the insurance products and services.

4. Responsible parties

The Booking.com entities responsible for offering insurance product options for your travel plans, and for processing your personal information, are Booking.com B.V. and Booking.com Distribution Insurance Solutions, LLC (“BDIS”).

Booking.com Distribution B.V. (“BDBV”), is the designated company manager of BDIS and is a private limited liability company, incorporated under the laws of the Netherlands with offices at Oosterdokskade 163, 1011 DL, Amsterdam, the Netherlands. The details of the insurer will be visible in the insurance policy and related documentation provided to you when you purchase your insurance.

The insurance products you purchase related to your travel needs are distributed by BDIS. BDIS is a Delaware Limited Liability Company registered to conduct business in all states as well as the District of Columbia; and, is a duly licensed insurance producer in all states and the District of Columbia. BDIS has a resident license in Connecticut, with offices in Connecticut at 800 Connecticut Ave, Norwalk, CT 06854. The BDIS Connecticut Resident Producer License Number is 3002601274.

Where BDIS is the distributor, offering an insurer’s products and services to Booking.com customers who are residents of the U.S, it acts as a data controller for any processing it undertakes outside of Booking.com B.V. systems. Booking.com acts as a data controller for any personal data it collects for insurance purposes. How Booking.com processes that data is set out in this Privacy Statement and the main Booking.com Privacy Statement. If there is any conflict between this section and the rest of the main Booking.com Privacy Notice, then this section takes priority. For further information about the relationship between Booking.com and BDIS, contact us.

5. More about what personal information we need from you

The terms “personal information” and “personal data” refer to information that can be used to distinguish or trace your identity, either alone or when combined with other information that is linked or linkable specifically to you.

The personal information we collect varies depending upon the nature of our services and upon the insurance product you decide to purchase based on your needs. Where we collect sensitive personal information (such as a special category or criminal offense data), this information is only collected where strictly relevant to the services we provide and is done in accordance with applicable law.

The personal information we collect about you (or that you might provide) may include the following:

  • Individual details: name, address (and proof of address), other contact details (e.g. email and telephone details), gender, marital status, family details, date and place of birth, professional or employment-related information (e.g. employer and business travel details, job title, and employment history), relationship to the policyholder, insured, beneficiary, or claimant, images, visual information (e.g. any photos you upload on your account);

  • Unique Identification details: identification numbers issued by government bodies or agencies (e.g. social security or national insurance number, passport number, ID number, tax identification number, driver’s license number);

  • Financial information: payment card number and information, bank account numbers and account details, income, and other financial information;

  • Insured risk: information about the insured risk, which contains personal data and may include, only to the extent relevant to the risk being insured:

    • Health data: current or former physical or mental medical conditions, health status, injury, or disability information, medical procedures performed, relevant personal habits (e.g. smoking, alcohol consumption), prescription information, medical history;

    • Criminal records data: criminal convictions, including driving offenses; and

    • Other special categories of personal data: racial or ethnic origin, biometric data (e.g. from a passport or identity document used to identify the passport or document holder);

  • Policy information: information about the quotes you receive and the policies you obtain;

  • Credit and anti-fraud data: credit history and credit score, information about fraud convictions, allegations of crimes, and sanctions details received from various anti-fraud and sanctions databases, regulators, or law enforcement agencies;

  • Previous claims: information about previous claims, which may include health data, criminal records data, and other special categories of personal data (as described in the Insured risk definition above);

  • Current claims: information about current claims, which may include health data, criminal records data, and other special categories of personal data (as described in the Insured risk definition above);

  • Marketing data: whether or not the individual has consented to receive marketing from us and/or from third parties and/or their marketing preferences; and

  • Website and communication usage: such as internet and other electronic network activity information, computer, device, and connection information (e.g. IP address, browser type, domain name, operating system, unique device identifier), details of your visits to our websites or apps and information collected through cookies and other tracking technologies, including traffic data, location data, web logs, and other communication data, and the resources that you access.

  • Background checking information: such as inclusion on a sanctions list or a public list of disqualified directors, the existence of previous or alleged criminal offenses, or confirmation of clean criminal records, and information in relation to politically exposed persons (“PEPs”).

  • Inferences (e.g. analytics and preferences)

  • Comments, feedback, or other information provided to us: such as social media interactions with our social media presence, comments provided on feedback forms or surveys, and questions or information sent to our support services.

6. Recipients of your information

We may share certain elements of your personal data with third parties, which under US state privacy laws may be considered the sale of personal data. This may include information related to inferences and analytics. We may also share your personal data with service providers who assist us with delivering marketing messages or advertisements.

We generally share your personal information with the following categories of recipients where necessary to offer, administer, and manage the insurance products and services provided to you:

  • Within Booking.com: We may share your personal information with other Booking.com entities, brands, divisions, sister companies, and subsidiaries for the processing purposes outlined in this Statement;

  • Insurance market participants: Where necessary to offer, administer, and manage the insurance products and services provided to you, such as insurers and insurance underwriters, reinsurers, agents, brokers, producers, and claims adjusters. The insurance underwriter is the insurer that is underwriting your insurance statement and is named in your policy documentation. You should refer to the insurer’s privacy notice on their website for further information about their privacy practices;

  • Vetting and risk management agencies: Such as credit reference, criminal record, fraud prevention, data validation, and other professional advisory agencies, where necessary to prevent and detect fraud in the insurance industry and take steps to assess the risk in relation to prospective or existing insurance policies and services;

  • Legal advisers, claims adjusters, and claims investigators: Where necessary to investigate, adjudicate, or defend legal claims, insurance claims, or other claims of similar nature;

  • Medical professionals: e.g. Where you provide health information in connection with a claim against your insurance policy;

  • Law enforcement bodies: Where necessary to facilitate the prevention or detection of crime or the apprehension or prosecution of offenders;

  • Public authorities, regulators, and government bodies: Where necessary for us to comply with our legal and regulatory obligations;

  • Third-party suppliers: Where we outsource our processing operations to suppliers that process personal information on our behalf. These processing operations shall remain under our control and will be carried out in accordance with our security standards and strict instructions;

  • Successors of the business: Where Booking.com or the insurance products and services are sold to, acquired by, or merged with another organization, in whole or in part. Where personal information is shared in these circumstances it will continue to be used in accordance with this Statement;

  • Business partners: Such as joint venture entities, sponsors, and/or other third-party business partners who collaborate or co-operate with Booking.com on projects, events, insurance products, or services. You should refer to their privacy notices for more information about their privacy practices; and

  • Internal and external auditors: Where necessary for the conduct of company audits or to investigate a complaint or security threat.

7. How is your personal data processed and used for insurance products and services?

As a general overview, refer to the following link to better understand how and why Booking.com collects and uses your personal data and the legal grounds we rely on to do so.

When offering insurance, BDIS may have to use and share personal data that is relevant to underwrite and sell the insurance product. This list of information relates to you as a potential or actual policyholder, and to the beneficiaries under a policy, family members, claimants, and other parties involved in a claim.

In order to transact in insurance, provide offers, arrange insurance coverage, and handle insurance claims (where relevant), your personal information, provided to us during the booking process, is shared with BDIS, potentially other producers retained by Booking, third-party administrators of claims, and the insurer providing the policy. This may include the names, dates of birth, and ages of all insured travelers, as well as contact details (email, mailing address, telephone number), passport information, payment information, and travel details. Additional information may also be requested in order to provide the insurance coverage and services and in order to issue a policy and/or handle an insurance claim, including names of family members, medical information and records, and/or other beneficiaries’ information, as well as other information necessary to conduct or support the investigation of an insurance claim (“Insurance-Specific Data”).

If you make a claim under an insurance policy, this claim may be directly handled by BDIS, by the insurer, or by a third-party administrator. This means that you may be asked to provide personal data in order to submit the claim directly to the claims adjuster. The insurer will inform you accordingly at the point of collection of your information. When your claim is handled by the insurer, BDIS and/or BDBV may receive information about the status of your claim in order to provide you with customer support services.

We use the information we collect about you in connection with the insurance products and services to:

  • Offer, administer, and manage the insurance products and services provided to you, including providing initial and renewal quotations and client care information;

  • Carry out due diligence, identity, credit reference, bankruptcy, sanctions, data validation, anti-money laundering, “Know Your Customer,” and other business acceptance, vetting, and risk management agency checks;

  • Apply the insurer’s product-specific eligibility rules to allow them to evaluate risks relating to your prospective or existing insurance policy;

  • Process payments, including your payments for the insurance premium and any adjustments;

  • Support or assist the insurer to administer, investigate, and settle claims or complaints in relation to insurance policies and/or the services provided;

  • Facilitate the prevention, detection, and investigation of crime and the apprehension or prosecution of offenders;

  • Enforce our agreements, trace debtors, and recover any outstanding debt in connection with the insurance products and services provided;

  • Fulfill legal and regulatory obligations, resolve disputes, and monitor compliance with same;

  • Communicate with you and respond to your requests, inquiries, comments, and concerns;

  • Support and/or assist insurers in performing analytics for risk modeling purposes and trends;

  • Conduct market research and canvas your views about the insurance products and services to develop and improve our products and services generally;

  • Research, audit, report, and for other business operations purposes, including determining the effectiveness of our promotional campaigns and evaluating business performance; and

  • Perform benchmarking, modeling, market research, and data analyses associated with the development of new and existing processes, products, and services.

  • Accuracy, transparency, and your rights

8. Accuracy, transparency, and your rights

We rely on you to make sure that your personal info is complete, accurate, and current. You should therefore notify us of any changes to your personal information, particularly changes concerning your contact details, bank account details, insurance policy details, or any other information that may affect the proper management and administration of your insurance policy and/or the services provided to you, including potential claims handling and payments.

Let us know about any changes to or inaccuracies in your personal info as soon as possible. See how you can control your personal data in the main Privacy Statement for further details.

9. Information you give us about other people

So how do we collect this information from you? Check out the following link to find out more about how we collect personal data directly and indirectly, and more about the personal data we collect.

Where you provide personal information to us about other individuals (e.g. information about your spouse, civil partner, child(ren), dependents, or emergency contacts), when appropriate, we recommend you provide these individuals with a copy of this Privacy Statement beforehand to ensure they are made aware of how their information will be used by us. At this point, we have to make it clear that it’s your responsibility to ensure that the person or people you have provided personal data about are aware that you’ve done so, and that they have understood and accepted how Booking.com uses their information (as described in this Privacy Statement).

10. Impact of failing to provide information

You are required to provide any personal information we reasonably require (in a form acceptable to us) to meet our obligations in connection with the insurance products and services we provide to you, including any legal and regulatory obligations. Where you fail to provide or delay in providing information, we reasonably require you to fulfill these obligations. If the information provided is either incomplete and/or inaccurate, we may be unable to offer the insurance products and/or services to you and/or we may terminate the services provided with immediate effect. This is because we may be required to do in accordance with the applicable federal and state laws, rules, and regulations of all states.

We use your personal data for the purpose of providing you with an insurance product and handling any complaints or claims relating to such insurance product (if any), which may require us to share your personal data with other third parties. This includes subsidiaries, affiliates, and/or sister companies of the Booking.com corporate family and affiliates of the Booking Holdings Inc. corporate group. Read about how we share your personal data with the Booking Holdings Inc. corporate group. We may also share your personal data with regulators, government agencies, and/or investigative authorities if required by law, or if it is strictly necessary for the prevention, detection, or prosecution of criminal acts. Here you can read more about how data is shared with third parties.

We understand the importance of protecting children’s privacy in this highly interactive world.

Our services aren’t intended for children under 18 years old and we’ll never collect their data unless it’s provided by (and with the consent of) a parent or guardian. The limited circumstances we might need to collect the personal data of children under 18 years old include: as part of a reservation, the purchase of other travel-related services (including insurance), or in other exceptional circumstances (such as features addressed to families). Again, this will only be used and collected as provided by a parent or guardian and with their consent. In the context of insurance, you cannot purchase an insurance product unless you are over 18. We only process information about children with the consent of their parents or legal guardians, and/or when the information is shared with us by the parent(s) or legal guardian(s) themselves. If we become aware that we’ve processed the information of a child under 18 years old without the valid consent of a parent or guardian, we will delete it.

If you are a child under the age of 18, you are not permitted to use our services and should not send any information about yourself to us through our offered insurance products and/or services. You can read more here about how Booking.com treats personal data belonging to children.

If you are a parent or legal guardian and you believe that your child under the age of 18 has provided us with information without your consent, contact us at dataprotectionoffice@booking.com, and we will take reasonable steps to ensure that such information is deleted from our records.

11. Cross-Border Transfer of Data

Booking.com is a global business. The data that we collect from you, as described in this Privacy Statement, could be made accessible from, transferred to, or stored in countries which may not have the same data protection laws as the country in which you initially provided the information. In such cases, we will protect your data as described in this Privacy Statement.

There are circumstances in which we will have to transfer your personal information out of the country in which it was collected for the purposes of carrying out the insurance products and services we provide to you. Where the need for such a transfer arises, we will put appropriate safeguards in place to protect your personal information and to make sure that these transfers comply with the relevant applicable privacy laws. In particular, when your data is transferred to third-party service providers, we establish and implement appropriate contractual, organizational, and technical measures with them.

If you have questions regarding the specific mechanism under which your personal information is transferred to another country, if applicable, you may contact us at dataprotectionoffice@booking.com or by contacting our privacy office using the contact details in the Questions or Concerns section below.

12. For California Residents – California Law

If you would like to exercise your rights under the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 ("CCPA"), please visit us at dataprotectionoffice@booking.com with the subject line: “California Resident Privacy Rights – Request.”

Please find Booking.com’s CCPA NOTICE AT COLLECTION below.

This section of our Statement provides additional information for California residents pursuant to the CCPA and applies to "Personal Information" as defined in the CCPA, whether collected online or offline. This section of our Privacy Statement applies to www.booking.com and other websites or mobile applications that link to this Statement, as well as offline activities where California residents are directed to this section of the Statement. It does not apply to any non-Booking.com websites or mobile applications that you may access via the insurance products and services. Those services are governed by the privacy policies that appear on those sites and applications. As used in this California-specific section of our Statement, “Personal Information” means any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California resident or household.

Service Provider

Some Booking.com business units and groups act as service providers under the CCPA. This means that they collect and use Personal Information on behalf of another company (e.g. where BDIS provides insurance products and services to third-party insurers and producers). Where your Personal Information is processed by BDIS or another Booking.com company acting as a service provider, that other company’s privacy policy will explain its privacy practices. Note that in some instances, BDIS and other Booking.com companies or business units may be acting as a service provider for other members of Booking.com, and, in those instances, this section of the Privacy Statement will apply. If you make a request to exercise CCPA rights to Booking.com where it acts as a service provider under the CCPA, we may be required to disclose your request to the relevant company.

Personal Information Not Covered by this California Section of the Privacy Statement

There are a number of exemptions from the application of the CCPA. The following sets out some of the categories of Personal Information that are not subject to the CCPA, and therefore are not covered by this California section of the Statement. Note that other sections of the Statement may still apply in addition to other privacy notices that we may issue addressing our specific relationship with you, including privacy notices that are sent to individuals.

  • Health or medical information that we collect and that is subject to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), the California Confidentiality of Medical Information Act, or the Health Information Technology for Economic and Clinical Health Act. For this type of data, a separate HIPAA privacy notice is provided to certain individual consumers as required under applicable laws, rules, and regulations.

  • Information we collect in connection with the issuance of financial products or services to you that are to be used primarily for your personal, family, or household purposes and that is subject to the Gramm-Leach-Bliley Act (“GLBA”) or the California Financial Information Privacy Act. For example, where we handle a claim for you as an individual. Note that this exclusion may not apply to all of your Personal Information, including to personal information collected before you become a customer. Booking.com provides a separate GLBA privacy notice to certain individual consumers as required under applicable laws, rules, and regulations.

  • Information we collect and provide for use that is subject to the Fair Credit Reporting Act.

  • Information we collect as a motor vehicle record and that is subject to the Driver's Privacy Protection Act of 1994.

  • Publicly available information from government records and information we have a reasonable basis to believe is lawfully made available to the general public by you or by widely distributed media, or by a person to whom you have disclosed the information and not restricted it to a specific audience.

  • Deidentified or aggregated information.

California Statement at Collection

Categories of Personal Information Collected & Disclosed

The following identifies the categories of Personal Information we may collect about you. Note that our collection, use, and disclosure of Personal Information about you will vary depending upon the circumstances and nature of our interactions or relationship with you.

Depending on how you use our insurance products and services, we, the insurer, or the third-party claims administrative company may collect (or you might provide) the following categories of Personal Information:

  • Identifiers, such as real name, alias, job title, address, email address, date of birth, policy number, salary information, social security number, driver’s license number, other government identifiers, credit card number, and tax ID.

  • Online Identifiers, such as unique personal identifiers, device IDs, ad IDs, IP addresses, and cookie data.

  • Customer or Claimant Records, such as paper or electronic customer or claimant records containing Personal Information, as well as information provided by an insurance broker/agent or reinsurer for underwriting purposes and information included in a list of claims, such as name, signature, physical characteristics or description, address, telephone number, education, current employment, employment history, social security number, passport number, driver’s license or state identification card number, insurance policy number, bank account number, payment card number, gender, height, weight, medical information (including reports and medical bills), health insurance information, details about home address, security and travel plan arrangements, records of personal property, products or services purchased or obtained.

  • Financial Information, such as your bank account or credit card number and other payment details.

  • Characteristics of Protected Classifications under California Law, such as age (40 years or older), race, national ancestry, national origin, citizenship, religion or creed, marital status, pregnancy, medical condition, physical or mental disability, sex, sexual orientation, and veteran or military status.

  • Usage Data, such as Internet or other electronic network activity information regarding a California resident's interaction with portals, Internet websites, applications, or advertisements, including, but not limited to, browsing history, clickstream data, search history, and content of public posts.

  • Biometric Information, such as individual biological or behavioral characteristics including measurements of physical characteristics such as height, weight and blood pressure, sleep, health, or exercise data that contain identifying information.

  • Education Information, such as education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, and student disciplinary records.

  • Geolocation Data, such as physical location or movements.

  • Audio, Video, and Other Electronic Data, such as audio information including call recordings, video and photographs, recorded meetings and webinars, and CCTV footage to secure our offices and premises.

  • Professional or Employment-Related Information, such as employment history, qualifications, licensing, and disciplinary record.

  • Inferences and Preferences, such as inferences drawn from any of the information described in this section about a consumer including inferences reflecting the consumer’s preferences, characteristics, behavior, and abilities.

  • Sensitive Personal Information, such as social security number, driver’s license number, racial or ethnic origin, religious or philosophical beliefs, medical condition, and physical or mental disability.

Sources of Personal Information

We generally collect Personal Information from the following categories of sources:

  • Directly from you and automatically;

  • Our affiliates, sister companies, and subsidiaries;

  • Brokers and agents;

  • Corporate policyholders; and

  • Our vendors and service providers (e.g., third-party administrators).

Purposes for Collecting and Disclosing Personal Information

As described in the section above titled “How is your personal data processed and used for insurance products and services?”, in general, we collect and otherwise process the personal information we collect for the following business or commercial purposes:

  • Operate our business;

  • Provide you products and services;

  • Communicate with you;

  • Evaluate and improve our products and services;

  • Analytics models to support our business;

  • Marketing and advertising;

  • Inferences;

  • Find locations on request;

  • Fraud and security purposes;

  • Legal requirements;

  • Business transfers; and

  • Other operational and business purposes.

For more details, including the recipients of your personal information, you can check out the “What kind of personal data does Booking.com collect?” and “How does Booking.com share your data with third parties” sections of the Booking.com Privacy Statement.

Sensitive Personal Information

Notwithstanding the purposes described above, we do not collect, use, or disclose “sensitive personal information” beyond the purposes authorized by the CCPA.

Accordingly, we only use and disclose sensitive personal information as reasonably necessary and proportionate: (i) to perform our services requested by you; (ii) to help ensure security and integrity, including to prevent, detect, and investigate security incidents; (iii) to detect, prevent and respond to malicious, fraudulent, deceptive, or illegal conduct; (iv) to verify or maintain the quality and safety of our services; (v) for compliance with our legal obligations; (vi) to our service providers who perform services on our behalf; and (vii) for purposes other than inferring characteristics about you.

Retention of Personal Information

We retain the Personal Information we collect only as reasonably necessary for the purposes described in this Statement or otherwise disclosed to you at the time of collection. For example, we will retain certain identifiers for as long as it is necessary to comply with our tax, accounting, and recordkeeping obligations, to administer certain policies and coverage, and for research, development and safety purposes, as well as an additional period of time as necessary to protect, defend, or establish our rights, defend against potential claims, and to comply with our legal obligations. From time to time, we may also de-identify your Personal Information, retain it, and use it for a business purpose in compliance with CCPA.

Disclosure of Personal Information to Third Parties and Other Recipients

The categories of Personal Information we may have disclosed for a business purpose in the preceding twelve (12) months include:

  • Identifiers (e.g. your name, account number, email address, IP address, government-issued identification number)

  • Financial, medical, or health insurance information (e.g., your bank account number, payment card number, or medical information—if provided by you or on your behalf)

  • Characteristics of protected classifications under California or federal law (e.g., your gender, religion, or sexual orientation)

  • Commercial information (e.g., your purchase information or buying history)

  • Internet or other electronic network activity information (e.g., information about your website or app usage)

  • Geolocation data (e.g. your physical location)

  • Visual information (e.g. any photographs you upload on your account)

  • Inferences (e.g. analytics and preferences)

  • Professional or employment-related information (e.g., employer and business travel details)

  • Sensitive information (e.g. driver’s license, state identification or passport number, account sign-in details, communications between you and a Trip Provider via Booking.com)

If you would like more information about the categories mentioned above, the specific types of personal information we collect, or the purposes for which we collect them, read the sections of the Booking.com Privacy Statement titled “What kind of personal data does Booking.com collect?” and “Why does Booking.com collect and use your personal data?”.

The categories of third parties and other recipients to whom we may disclose personal information for a business purpose may include:

  • Affiliates, sister companies, subsidiaries, and business partners;

  • Vendors and service providers;

  • Acquirers of business assets;

  • Advisors, auditors, consultants, and representatives;

  • Agents and brokers;

  • Insurers;

  • Reinsurers;

  • Regulators, government entities, and law enforcement;

  • Operating systems and platforms; and

  • Others as required by law.

The CCPA defines “sale” as disclosing or making available personal information to a third party in exchange for monetary or other valuable consideration, and “sharing” includes disclosing or making available personal information to a third party for purposes of cross-contextual behavioral advertising. We may share certain parts of your personal information with third parties, which under California law can be treated as a “sale” of information. This may include information related to Identifiers, Commercial information, Geolocation data, Internet activity, and Inferences, as described above.

We may “share” the following categories of Personal Information: online identifiers, and usage data. We disclose this information to third-party advertising networks, analytics providers, and social networks for purposes of marketing and advertising.

Rights Regarding Your Personal Information

The CCPA provides California residents with specific rights regarding Personal Information. This section describes your rights under the CCPA and explains how to exercise those rights. Subject to certain exceptions, California consumers have the right to make the following requests:

Right to Know. With respect to the Personal Information we have collected about you, you have the right to request from us:

  • The categories of Personal Information we collected about you;

  • The sources from which we have collected that Personal Information;

  • Our business or commercial purpose for collecting, selling, or sharing that

  • Personal Information;

  • The categories of third parties to whom we have disclosed that Personal Information; and

  • A copy of the specific pieces of your Personal Information we have collected.

Right to Delete. Subject to certain conditions and exceptions, you have the right to request deletion of your Personal Information that we have collected about you. To exercise your right to request access to or the deletion of your Personal Information under California law, please visit this webform.

Right to Correct. Subject to certain restrictions, you have the right to request that we correct inaccuracies in your Personal Information.

Right to Opt Out. You have the right to opt out of “sales” and “sharing” of your Personal Information, as those terms are defined under the CCPA. You may exercise your right to opt out of “sales” or “sharing” of your Personal Information by clicking on this link and following the instructions. You may also use the Do Not Sell or Share My Personal Information link at the bottom of our Site.

Right to Non-Discrimination. You have a right not to be denied goods or services for exercising any of the rights described in this section.

Exercising Your Rights

If you are a California resident and would like to exercise your CCPA rights, you may do so via any of the methods described below:

Accessing our Data Subject Request for Booking.com Consumers form;Or

Contacting us by sending an email to: dataprotectionoffice@booking.com with the subject line: “California Resident Privacy Rights – Request.”

To exercise your right to request access to or the deletion of your personal information under California law, visit this webform: Data Subject Request for Booking.com customers.

Authorized Agent. You may designate someone as an authorized agent to submit requests and act on your behalf. Authorized agents will be required to provide proof of their authorization in their first communication with us, and we may also require that you directly verify your identity and the authority of your authorized agent.

Businesses operating as an authorized agent on behalf of a California resident must provide both of the following:

(1) Certificate of good standing with its state of organization; and

(2) A written authorization document, signed by the California resident, containing the California resident’s name, address, telephone number, and valid email address, and expressly authorizing the business to act on behalf of the California resident.

Individuals operating as an authorized agent on behalf of a California resident must provide a written authorization document, signed by the California resident, containing the California resident’s name, address, telephone number, and valid email address, and expressly authorizing the individual to act on behalf of the California resident.

We reserve the right to reject (1) authorized agents who have not fulfilled the above requirements, or (2) automated CCPA requests where we have reason to believe the security of the requestor’s personal information may be at risk.

Verification. Before responding to your request, we must first verify your identity using the Personal Information you recently provided to us. The information we need in order to verify your identity differs depending on the request made and our relationship with you and might include (as applicable) your name, the email address you regularly use to interact with us, your phone number, your date of birth, and, if available, your policy number. We will take steps to verify your request by matching the information provided by you with the information we have in our records by, for example, requesting information about your previous reservations with us. In some cases, we may request additional information to verify your identity, or where necessary to process your request. In some cases, we may also carry out checks, including with third-party identity verification services, to verify your identity before taking any action with your Personal Information. If we are unable to verify your identity after a good faith attempt, we may deny the request and, if so, will explain the basis for the denial.

If you are an authorized agent wishing to exercise rights on behalf of a California consumer, please contact us at dataprotectionoffice@booking.com with the subject line: “California Resident Privacy Rights – Request”, attaching a copy of the consumer’s written authorization, designating you as their agent. We may need to verify your identity before completing your rights request.

Contact Us

If you have any questions or comments about this section of the Statement, the ways in which we collect and use your Personal Information, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us at:

By mail: Booking.com, 597 Oosterdokskade 163, 1011 DL, Amsterdam, The Netherlands.

By email: dataprotectionoffice@booking.com.

To otherwise exercise these or any of your other rights under California law, or to contact us with questions and concerns about this Privacy Statement and our practices, you can also contact us at dataprotectionoffice@booking.com with the subject line: “California Resident Privacy Rights – Request.”

For residents outside of California

If you live in the United States outside of California, the information in this section applies to you in addition to other content in this Privacy Statement. This section informs you of certain rights you have which may be different from those described elsewhere in this Privacy Statement.

Your rights under privacy laws include the right of access to your personal data, the right to correct your personal data, the right to request deletion of your personal data, and the right to obtain a copy of your personal data. U.S. state privacy laws provide you with certain additional rights, which include the right to opt out of: the sale of your personal data, targeted advertising, and profiling which may have a legal impact on you.

Please fill out this Data Subject Request for Booking.com Consumers form to exercise your right to request access to, obtain a copy of, and to correct or delete your personal data. To opt out of the sale of your personal data, targeted advertising, or profiling, use the Preferences tab on the same Data Subject Request for Booking.com Consumers.

To contact us with questions and concerns about this Privacy Statement and our practices or to exercise any of your rights, send an email to dataprotectionoffice@booking.com with the subject line: “U.S. Resident Privacy Rights – Request”.

If you are a parent, legal guardian, or the authorized agent of a consumer and you wish to exercise rights on behalf of a consumer, contact us at dataprotectionoffice@booking.com. We may need to verify your identity and authorization before completing the rights request.

When you exercise your rights, we verify your identity based on whether the name and the email address you provide in the request match the data you provided when using our services and other verification details. You may authorize another individual to exercise opt-out rights on your behalf. If we receive such a request, we will send an email to confirm you authorized the requester to act for you.

13. Retention

In accordance with applicable federal and state laws, rules, and regulations, we observe reasonable procedures to prevent unauthorized access to and misuse of personal data. Our business systems and procedures ensure we take all reasonable steps to protect your personal data in accordance with all applicable federal and state laws, rules, and regulations. We also have specific security procedures and technical and physical restrictions on accessing and using personal data on our servers. Only authorized personnel are permitted to access personal data as necessary to perform their duties and responsibilities as an employee of Booking.com.

Our retention periods for personal data are based on business needs and legal requirements. We retain personal data for as long as is necessary to enable you to use our services, to provide our insurance services to you, to comply with applicable laws, to resolve disputes with any parties, and otherwise as necessary to allow us to conduct our business, including to detect and prevent fraud or other illegal activities.

For example, we retain certain transaction details and correspondence until the time limit for claims arising from the transaction has expired, or to comply with regulatory requirements regarding the retention of such data. When personal data is no longer needed, we either de-identify or aggregate (combine) the data (in which case we may further retain and use the de-identified or aggregated information for analytics purposes) or securely destroy the data.

Here you can read more about security and retention procedures.

14. Information security

The security of your personal information is important to us, and we have implemented appropriate security measures to protect the confidentiality, integrity, and availability of the personal information we collect about you and ensure that such information is processed in accordance with all applicable data privacy laws.

Sections on Cookies, Direct marketing, Automated Decisions, and Changes to the Privacy Statement are covered in the main body of the Booking.com Privacy Statement.

15. Contact us

For any further questions or concerns, please do not hesitate to contact us:

By mail: Booking.com, 597 Oosterdokskade 163, 1011 DL, Amsterdam, The Netherlands.

By email: dataprotectionoffice@booking.com.

16. Changes to this Statement

This Statement is not contractual, and Booking.com reserves the right to reasonably amend it from time to time to ensure it continues to accurately reflect the way that we collect and use personal information about you. Any updates or changes to this Statement will be made available to you. You should periodically review this Statement to ensure you understand how we collect and use your personal information.

This Statement was last updated on January 11, 2024.

 

Whenever you use our online services or apps, we use cookies and other online tracking technologies (which we’ll also refer to as “cookies” for the purpose of this Cookie Statement).

Cookies can be used in various ways, including to make the Booking.com website work, analyze traffic, or for advertising purposes.

Read below to learn more about what a “cookie” is, how they’re used, and what your choices are.

What are cookies and other online tracking technologies?

How are cookies used?

What are your choices?


What are cookies and online tracking technologies?

A web browser cookie is a small text file that websites place on your computer’s or mobile device’s web browser.

These cookies store info about the content you view and interact with to remember your preferences and settings or analyze how you use online services.

Cookies are divided into “first party” and “third party”:

  • First party cookies are the cookies served by the owner of the domain. In our case, that’s Booking.com. Any cookie we place ourselves is a “first-party cookie.”

  • Third-party cookies are cookies placed on our domains by trusted partners that we’ve allowed to do so. These can be social media partners, advertising partners, security providers, and more.

And they can be either “session cookies” or “permanent cookies”:

  • Session cookies only exist until you close your browser, ending what’s called your “session.” Then they’re deleted.

  • Permanent cookies have a range of lifespans and stay on your device after the browser is closed. On the Booking.com platform, we try to only serve permanent cookies (or allow permanent cookies to be served by third parties) that have a limited lifespan. However, for security reasons or in other exceptional circumstances, sometimes we may need to give a cookie a longer lifespan.

Web browser cookies may store info such as your IP address or other identifiers, your browser type, and info about the content you view and interact with on digital services. By storing this info, web browser cookies can remember your preferences and settings for online services and analyze how you use them.

Along with cookies, we also use tracking technologies that are very similar. Our website, emails, and mobile apps may contain small transparent image files or lines of code that record how you interact with them. These include “web beacons,” “scripts,” “tracking URLs,” or “software development kits” (known as SDKs):

  • Web beacons have a lot of different names. They might also be known as web bugs, tracking bugs, tags, web tags, page tags, tracking pixels, pixel tags, 1x1 GIFs, or clear GIFs.

    In short, these beacons are a tiny graphic image of just one pixel that can be delivered to your device as part of a web page request, in an app, an advertisement, or an HTML email message.

    They can be used to retrieve info from your device, such as your device type, operating system, IP address, and the time of your visit. They are also used to serve and read cookies in your browser or to trigger the placement of a cookie.

  • Scripts are small computer programs embedded within our web pages that give those pages a wide variety of extra functionality. Scripts make it possible for the website to function properly. For example, scripts power certain security features and enable basic interactive features on our website.

    Scripts can also be used for analytical or advertising purposes. For example, a script can collect info about how you use our website, such as which pages you visit or what you search for.

  • Tracking URLs are links with a unique identifier in them. These are used to track which website brought you to the Booking.com website or app you’re using. An example would be if you clicked from a social media page, search engine, or one of our affiliate partners’ websites.

  • Software Development Kits (SDKs) are part of our apps’ source code. Unlike browser cookies, SDK data is stored in the app storage.

    They’re used to analyze how the apps are being used or to send personalized push notifications. To do this, they record unique identifiers associated with your device, like your device ID, IP address, in-app activity, and network location.

All these tracking technologies are referred to as “cookies” here in this Cookie Statement.


How are cookies used?

Cookies are used to collect info, including:

  • IP address

  • Device ID

  • Viewed pages

  • Browser type

  • Browsing info

  • Operating system

  • Internet service provider

  • Timestamp

  • Whether you have responded to an advertisement

  • A referral URL

  • Features used or activities engaged in on the website/apps

They allow you to be recognized as the same user across the pages of a website, devices, between websites, or when you use our apps. When it comes to purpose, they’re divided into three categories: Functional cookies, analytical cookies, and marketing cookies.

Functional cookies

These are cookies required for our websites and apps to function and must be enabled for you to use our services.

Functional cookies are used to create technologically advanced, user-friendly websites and apps that adapt automatically to your needs and preferences, so you can browse and book easily. This also includes enabling essential security and accessibility features.

More specifically, these cookies:

  • Enable our website and apps to work properly, so you can create an account, sign in, and manage your bookings.

  • Remember your selected currency and language settings, past searches, and other preferences to help you use our website and apps efficiently and effectively.

  • Remember your registration info so you don’t have to retype your log-in credentials each time you visit our website or app. (Don’t worry, passwords are always encrypted.)

Analytical cookies

These cookies measure and track how our website and apps are used. We use this info to improve our website, apps, and services.

More specifically, these cookies:

  • Help us understand how visitors and customers like you use Booking.com and our apps.

  • Help improve our website, apps, and communications to make sure we're interesting and relevant.

  • Allow us to find out what does and doesn't work on our website and apps.

  • Help us understand the effectiveness of advertisements and communications.

  • Teach us how users interact with our website or apps after they’re shown an online ad, including ads on third-party websites.

  • Enable our business partners to learn whether or not their customers make use of any accommodation offers integrated into their websites.

The data we gather through these cookies can include which web pages you’ve viewed, which referral/exit pages you’ve entered and left from, which platform type you’ve used, which emails you’ve opened and acted upon, and date and timestamp info. It also means we can use details about how you’ve interacted with the site or app, such as the number of clicks you make on a given screen, your mouse and scrolling activity, the search words you use, and the text you enter into various fields.

Marketing cookies

These cookies are used by Booking.com and our trusted partners to gather info about you over time, across multiple websites, applications, or other platforms.

Marketing cookies help us to decide which products, services, and interest-based ads to show you, both on and off our website and apps.

More specifically, these cookies:

  • Categorize you into a certain interest profile, for example, based on the websites you visit and your click behavior. We use these profiles to display personalized content (e.g. travel ideas or specific accommodations) on Booking.com and other websites.

  • Display personalized and interest-based ads both on the Booking.com website, our apps, and other websites. This is called “retargeting” and is based on your browsing activities, such as the destinations you’ve searched for, the accommodations you’ve viewed, and the prices you’ve been shown. It can also be based on your shopping habits or other online activities. Booking.com mainly uses services from Criteo B.V., Herengracht 124, 1015 BT Amsterdam, the Netherlands, for individual retargeting ads based on some information collected via our website. Using its algorithms, Criteo analyzes surfing behavior and can then display targeted product recommendations as personalized ad banners on other websites. Criteo's pixel technologies also allow us to evaluate our ad campaigns. Find more info on Criteo’s technology in Criteo’s Privacy Policy.

    Retargeting ads can be shown to you both before and after you leave Booking.com since their aim is to encourage you to browse or return to our website. You might see these ads on websites, apps, or in emails.

  • Integrate social media into our website and apps. This allows you to like or share content or products on social media such as Facebook, Instagram, YouTube, Twitter, Pinterest, Snapchat, and LinkedIn.

    These “like” and “share” buttons work using pieces of code from the individual social media providers, allowing third-party cookies to be placed on your device.

    These cookies can be purely functional, but can also be used to keep track of which websites you visit from their network, to build a profile of your online browsing behavior, and to show you personalized ads. This profile will be partly built using comparable info the providers receive from your visits to other websites in their network.

    To read more about what social media providers do with your personal data, take a look at their cookie and/or privacy statements: Facebook (includes Instagram, Messenger, and Audience Network), Snapchat, Pinterest, and Twitter. Be aware that these statements may be updated from time to time.

We work with trusted third parties to collect data. We may occasionally share info with these third parties, such as your email address or phone number. These third parties might link your data to other info they collect to create custom audiences or deliver targeted ads. For info about how these third parties process your data, take a look at the following links: How Google uses information, Facebook's data policy.

We may also use techniques like pixels, which we don’t mark as cookies because they don’t store any info on your device.

We sometimes place pixels in emails like newsletters. A “pixel” is an electronic file the size of a single pixel that’s placed in the email and loaded when you open it. By using email pixels, we can see if the message was delivered, if and when you read it, and what you click.

We also receive this info about the push notifications we send you. These statistics provide us with feedback about your reading behavior, which we use to optimize our messages, and make our communications more relevant to you.


What are your choices?

To learn more about cookies and how to manage or delete them, visit allaboutcookies.org or the help section of your browser.

Under the settings for browsers like Internet Explorer, Safari, Firefox, or Chrome, you can choose which cookies to accept and reject. Where you find these settings depends on the browser you use:

If you choose to block certain functional cookies, you may not be able to use some features of our services.

In addition to specific settings that we may offer on the Booking.com and apps, you can also opt out of certain cookies:

  • Analytics

    To prevent Google Analytics from collecting analytical data on certain browser types visit the following link: Google Analytics Opt-out Browser Add-on (only available on desktop).

  • Advertising

    We always aim to work with advertising and marketing companies that are members of the Network Advertising Initiative (NAI) and/or the Interactive Advertising Bureau (IAB).

    Members of the NAI and IAB adhere to industry standards and codes of conduct, and allow you to opt out of behavioral advertising.

    Visit www.networkadvertising.org to identify NAI members that may have placed advertising cookies on your computer. To opt out of any NAI member's behavioral advertising program, just check the box that corresponds to that company.

    You may also want to visit www.youronlinechoices.com or www.youradchoices.com to learn how to opt out of customized ads.

    Your mobile device may allow you to limit the sharing of info for retargeting purposes through its settings. If you choose to do so, remember that opting out of an online advertising network doesn't mean you’ll no longer see or be subject to online advertising or marketing analysis. It just means the network you opted out of won't deliver ads customized to your web preferences and browsing patterns anymore.

Some websites have “Do Not Track” features that allow you to tell a website not to track you. We’re currently unable to support “Do Not Track” browser settings.

How to contact us

If you have any questions about this cookie statement, write us at dataprotectionoffice@booking.com.

Our cookie statement may also be updated from time to time. If these updates are substantial, particularly relevant to you, or impact your data protection rights, we’ll get in touch with you about them. However, we recommend visiting this page regularly to stay up to date with any other (less substantial or relevant) updates.

gogless