Updated September 2025

We are Booking.com and this privacy statement is intended for travelers using or considering using our products and services.

You place your trust in us by using Booking.com services, and we value that trust.

This privacy statement describes how we collect and otherwise process your personal data when you visit our websites, use our mobile apps, or buy a travel-related product or service through us. Among other things, it tells you what rights you have in relation to your personal data and how you can contact us.

Booking.com offers online travel-related services through its own websites and mobile apps as well as through third-party channels, for example, partners’ websites.

This privacy statement applies to any kind of traveler information Booking.com processes through all of our services. It is not the only privacy statement Booking.com maintains to inform you about our processing of personal data. A similar privacy statement is available for Booking.com’s business partners.

Booking.com amends its privacy statements from time to time and recommends that you visit this notice occasionally to stay informed. If Booking.com makes updates to a privacy statement that could significantly impact persons, it will take steps to inform these persons about such changes before they go into effect.

Back to top

Throughout our privacy statements, Booking.com uses particular terms that have a specific meaning in the context of these notices and the services Booking.com offers. These specific terms are described here.

Back to top

When you make a trip reservation, you are asked for your name and email address. Depending on the nature of the trip reservation, we may also need to ask for your home address, phone number, payment info, date of birth, current location (in the case of on-demand services), whether you’re traveling for work purposes, the names and dates of birth of the people traveling with you, and any preferences you might have for your trip (e.g. dietary or accessibility requirements). For reservations for flights and certain attractions, we may be required to collect additional information from you including your and your co-travelers’ passport or national ID information. This may also be necessary for online check-in.

When you contact our customer service team, contact your trip provider through our platform, or reach out to us by telephone or through social media, we also collect information from you through these channels including your name, metadata such as, for calls, where you called from, and the date and length of the call.

When you search using our platform for possible trip reservations, you can select to save specific trip items in a list that we’ll store for you. During or after your trip, we may also invite you to submit reviews that can inform others about the experiences you had on your trip. When you submit reviews on the platform, we collect information you’ve included along with your first name or display name and avatar (if you choose one).

If you create an account on our platform, we also store information you include and manage in your account. This can include personal settings, credit card information, uploaded photos, and your reviews. You can also choose to add details from one or more of your identification documents to your account so that you don’t have to re-enter this information for future trip reservations.

If you want a verified account badge in those jurisdictions where it is available, we may ask for a copy of your identification (a passport or ID card) and a “selfie” to help us confirm it is you.

There are other circumstances where you may provide us with personal data. For example, if you’re using our platform from your mobile device, you can decide to allow Booking.com to use your current location or grant us access to other details. This helps us give you the best possible service and experience by, for example, suggesting the nearest restaurants or attractions to your location or making other recommendations.

It may be that you use our platform to make a trip reservation on behalf of, or that involves, other travelers. In this case, you may be required to provide some details about these persons as part of the trip reservation. If you have a Booking.com for Business account, you can keep an address book there to make it easier to plan and manage business travel arrangements for others.

When you use the platform to give us information about others, it’s your responsibility to ensure that each person whose personal data you provide is aware that you’re doing so and can understand how Booking.com uses their personal data (as described in this privacy statement).

Whether or not you make a trip reservation, when you use our platform, we automatically collect certain information. This includes your IP address, the dates and times you use our platform, and some information about your device’s hardware and software (such as the type of operating system, internet browser and mobile app version you use, your chosen language settings). When you use our mobile apps, we collect data identifying the mobile device and operation of our app on the device (including possible crashes). When you are redirected to the Booking.com platform by a third-party website or mobile app, we collect this information as well. We also collect information about clicks you make and which pages are shown to you from our platform.

We may also receive information about you from other sources. This can include one or more of the following:

• Other BHI companies
• Trip providers
• Strategic partners
• Other third-party companies such as marketing partners

Information we receive from these parties may be used together with information you provide us with directly via our platform for the purposes of providing services to you.

We receive personal data about you from these parties in situations such as these:

• Our trip reservation services are available beyond our platform. They are also integrated into the services of strategic partners. When you make a reservation using a service for which the strategic partner relies on Booking.com, we receive the reservation details from the strategic partner so that your reservation can be processed and supported.
• Trip providers may share other information about you with Booking.com. This could happen if you have support questions about a pending trip reservation, or if there is a dispute, major complaint, including about you, or other issue about a trip reservation.
• We integrate with third-party payment service providers such as Adyen and Stripe to facilitate electronic payments between you, Booking.com, and trip providers. These service providers share payment information so we can administer and handle your trip reservation.
• In some cases, we link to other business partners who provide trip reservations that may not be available on our platform. If you select these, you are redirected to other business partners’ websites where you can make a reservation. These partners may share certain personal data related to your specific reservation and your interactions on their websites or mobile apps with us in accordance with their privacy policies.
• Our platform includes communication services such as email and chat messages. These communication services offer you a convenient way to contact the trip provider you’ve booked with to discuss specifics of your reservation such as available parking at an accommodation. The data we collect and process includes these communications. We may block the delivery of communications that we, at our sole discretion, believe might contain malicious content or spam, or pose a risk to you, trip providers, Booking.com, or others.
• We may also receive information on an aggregated basis from our social media and marketing partners. This helps us measure the effectiveness of advertising and marketing campaigns.
• When you link your Booking.com account to a social media account you control, you might trigger exchanges of data between Booking.com and that social media provider. You can always unlink them by updating your Booking.com account settings.
• We may receive confirming or verifying information about you from third parties. For example, in order to provide you with a verification badge, we may use a third party to cross-check the information you give us to confirm that it is accurate and belongs to you.

Back to top

We use your personal data for a number of purposes as outlined here:

1. Trip reservations
   
   

   First and foremost, we process your personal data to complete and administer your trip reservation, which is essential to provide this service. This includes sending you communications that relate to your trip reservation, such as confirmations (including, where applicable, providing you with a proof of purchase and/or payment), modifications, and reminders. In some cases, this may also include processing your personal data to enable online check-in with the trip provider or processing personal data in relation to possible damage deposits.

   ---

   In addition to your contact details (e.g. email address, phone number), in order to provide you with services, we may also need reservation identifiers and dates to determine the duration of the reservation.

2. Customer service
   
   

   We provide our travelers with customer service in more than 40 languages, and we’re here to help 24 hours a day, seven days a week. Sharing reservation information with our global customer service staff is essential to help you when you need us. This includes, for example, helping you to contact the right trip provider and responding to any questions you might have about your trip reservation.

   ---

   To do this, we use personal data such as your reservation details, including, for example, the price of your reservation as well as how and when you made the reservation.

3. User accounts
   
   

   As a user of our services, you can create an account for your use across our platform. With an account, you can manage your trip reservations, take advantage of special offers, make future trip reservations more easily, and manage your personal settings.

   Managing personal settings gives you the ability to keep and share lists, share photos, easily see trip services you’ve searched for, and check travel-related information you’ve provided. You can also see any reviews you’ve written in connection with your trips.

   With your account, you can also create a public profile under your own first name or with another name you choose. In some jurisdictions, we offer an account/guest verification program. It helps to create trust and assurance between partners and guests. In order to receive a verification badge on your account, we cross-check the data you give us with any historical data we may have about you as well as other publicly available data. If you log in to your Booking.com account and you want to create a Booking.com for Business account, we may use your name and email address to pre-fill the sign-up form.

   If you’re a Booking.com for Business account holder, you can also save contact details in that account, manage business reservations, and link other account holders to the same Booking.com for Business account.

   ---

   To provide accounts, we use personal data such as login credentials for accessing your account and information about when the account is used; for example in connection with reservations and payments.

4. Marketing activities
   
   

   We use your information for marketing activities, including:

   ---

   • To send you personalized marketing messages including promotions, Genius and other rewards, travel experiences, surveys, and other updates about Booking.com’s products and services. These can be via push notifications, SMS and other messaging applications, notifications in the app, or emails. You always have the option to unsubscribe from marketing messages. For example, you can unsubscribe from receiving email marketing communications at any time by selecting the “Unsubscribe” link included in each communication, or you can manage your preferences via your account settings.
     
     

     For personalized marketing messages, we may also use your interactions with our platform, such as previous reservations and behavioral data, including data collected via cookies and similar tracking technologies.

   • To show you personalized marketing including promotions, Genius and other rewards, travel experiences, surveys, and other updates about Booking.com’s products and services on the Booking.com website, mobile apps, or on third-party websites and apps. For more information on personalized marketing, see the section How we use artificial intelligence and make automated decisions. These may be offers and recommendations we think you may find interesting that you can book directly on our platform, on sites operated with a strategic partner, or on other third-party sites.
     
     

     For personalized marketing displays, we may also use your interaction with our platform, such as previous reservations and behavioral data, including data collected via cookies and similar tracking technologies.

   • To contact you with information about insurance products that you didn’t include in your reservation.
   • To organize other promotional activities and, based on information already collected, we may invite you and other travelers to participate in such activities.

   ---

   To do this, we use personal data such as your contact and account information, browsing data, location data and preferences, searches, and reservations you make from different devices.

5. Communicating with you
   
   

   There may be times when we get in touch with you, including via email, chatbot, mail, phone call, push notification, platform notification, or text message. Which method we choose depends on the contact information you’ve previously shared.

   We process personal data in communications you and other parties send to us. There may be a number of reasons for this, including:

   ---

   • Responding to and handling any support requests made by you or the trip provider you booked with. We offer travelers and trip providers various ways to exchange information via our platform, such as requests and comments about trip reservations made via Booking.com.
   • If you have started but not finished a trip reservation, we might contact you to invite you to continue with your reservation. This convenience allows you to pick up the process where you left off without having to search for a trip provider or fill out your reservation details again.
   • When you use our trip services, we might send you a survey or otherwise invite you to provide a review about your experience with us or the trip provider.
   • We send you other material related to your trip reservations, such as how to contact us if you need assistance while you’re away and information that we feel might be useful to you to prepare for your trip and get the best experience.
   • Even if you don’t have an upcoming trip, we may still need to send you other administrative messages, which could include security alerts.
   • We may send you a warning or other notice if a trip provider reports misconduct by you.

   ---

   To do this, we use personal data such as your first and last name, email address, and reservation details, including reservation IDs and chosen locations.

6. Market research
   
   

   We sometimes invite our customers to participate in market research. Review the information that accompanies this kind of invitation to understand what personal data will be collected and how it’s used.

7. Improving our services
   
   

   We use personal data about travelers using our platform for analytical purposes, including for analyzing how you or travelers like you with similar interests use our platform, measuring our operating performance and improving trip services. We may process your user ID for the purpose of measuring the audience visiting our websites. We may use your personal data to develop and enhance our machine learning models and artificial intelligence systems. This is a necessary part of our ongoing commitment to make our services better and enhance our travelers’ experience. For more details, see the <0>How we use artificial intelligence and make automated decisions<0> section.

   In addition to the statistics we generate regularly about our business, we use data to test and troubleshoot platform features. The main goal here is to get insights into how our services perform, how they are used, and ultimately how to optimize and customize our website and mobile apps, in an effort to make them easier and more meaningful to use. As much as possible, we strive to use anonymized and de-identified personal data for this analytical work.

   In order to achieve this purpose, we may combine personal data we collect from you during different visits to our platform or visits on different devices or different websites of ours, even when you are not logged in.

   ---

   To do this, we use personal data such as:

   • Reservations made by travelers over specific periods of time or for specific products
   • The searches travelers made on our websites and apps
   • The reviews travelers shared with us about their trip experience

   Our recurring work for analytical purposes includes the use of solutions that pseudonymize personal data or process personal data in encrypted formats.

8. Showing the pricing applicable to you
   
   

   When you search our websites or mobile apps, for example to find an accommodation, a rental car, or a flight, the pricing you see may depend on a number of factors, such as whether you are in the European Economic Area (EEA) or in another region or country outside of the EEA.

   To display the pricing applicable to you, we use personal data such as your IP address, the type of device you’re using, and which site you came from.

9. Customer reviews and other destination-related information
   
   

   During and after your trip, we might invite you or our traveling companion to submit a review. This invitation asks for information about the trip provider, including the ground transportation provider, or the destination.

   The reviews help to inform other travelers about the quality of the trip service you used, the destination you chose, the ground transportation, or any other experiences you choose to share without disclosing your identity. Reviews submitted by travelers are subject to our Terms of Service and to automated and other content moderation to verify that reviews conform with our Content standards and guidelines.

   If you have a Booking.com account, you can choose to display a screen name next to your review, instead of your first name.

10. Call monitoring
    
    

    When you make calls to our customer service team, we use an automated telephone number detection system to match the number you call from to the reservation you made. This saves time for you and our customer service staff. However, our customer service staff may still ask for identification to further ensure it is you calling about the reservation.

    When you call our customer service team, we may have one or more authorized persons listen to the call or record the call for training and quality control purposes. This quality control includes the usage of the recordings to handle possible complaints, legal claims, and indications of possible fraud attempts.

    We do not record every call made to our customer service team. If a call is recorded, it is kept for a limited amount of time (30 days by default). We then automatically delete the call recording unless we determine before then that it will be necessary to retain it for fraud investigation or legal purposes.

11. Promotion of a safe and trustworthy service and the prevention of fraud
    
    

    We continuously analyze and use certain personal data to prevent and detect online fraud attempts and other illegal or unwanted activities. This is necessary to maintain our platform as a trustworthy environment as well as for the safety of all travelers.

    We use personal data for safety and security purposes, including when you report a safety concern, when others do so about you, or when we need to identify persons in connection with a user account or reservation. When we do this, we may have to stop or put certain reservations on hold until we finish our assessment. If we have concerns about serious misconduct, we may cancel your upcoming reservations or decline your future reservations via our platform.

    In case of safety or security concerns, we may process information from publicly available sources to prevent or detect harm. We cannot prevent that some of that information may contain special categories of personal data.

    In order to detect and prevent fraud and limit other abuse of our platform, we may use your personal data and analyze your behavior on our platform to assess the risk of a certain action or transaction you are attempting to make. For example, this may help us determine whether a bot is using our platform rather than a legitimate user, or to determine whether a user is making a fraudulent payment using a stolen credit card.

    ---

    For these purposes, we use your contact information, other identifiers (such as IP addresses), reservation details including canceled reservations, reviews, account information, browsing data, location data, communications data, or other information that you or another person has provided to us, including images, video, or other media submitted on our platform.

    We use artificial intelligence to review activity on our platform for fraud and to detect any other forms of misconduct as described in the section How we use artificial intelligence and make automated decisions.

12. Legal purposes
    
    

    In certain cases, we may need to reuse your information to:

    • Handle and resolve legal claims and disputes
    • Address possible regulatory investigations
    • Enforce our reservation Terms of Service
    • Comply with lawful requests from law enforcement
    • Comply with laws and regulations that apply to Booking.com

    For example, we may be required to process your reservation history, the details of one or more of these reservations and associated payment information.

To process your personal data as previously described, Booking.com relies on several legal bases in applicable privacy regulations. This is summarized as follows:

If you wish to object to the processing set out under C to L and no opt-out mechanism is available to you directly (for example, in your account settings), contact us as described in the section Your rights.

Back to top

To support the use of Booking.com services, your details may be shared within Booking.com group entities and the other Booking Holdings Inc. companies described in the section Our company and how we further comply with privacy laws.

We may receive personal data about you from other companies in the BHI group (e.g. Agoda or OpenTable), or share your personal data with them, for the following purposes:

1. To provide services (including making, administering, and managing reservations or handling payments)
2. To provide customer service
3. To detect, prevent, and investigate fraudulent or other illegal activities and data breaches, companies within BHI may need to exchange personal data about certain persons to ensure all platforms’ users are protected, for example, from online fraud attempts
4. For analytical and product improvement purposes where permitted by applicable law
5. To provide personalized offers or send you marketing communications where permitted
6. For hosting, technical support, overall maintenance, and maintaining security of such shared data
7. To ensure compliance with applicable laws

As applicable and unless indicated otherwise, for purposes A to F, we rely on our legitimate interests to share and receive personal data. For purpose G, we rely, where applicable, on compliance with legal obligations (e.g. lawful law enforcement requests). We also ensure that data flows between companies in the BHI group comply with applicable law, including obtaining your consent where needed prior to sharing your personal data with other BHI group companies.

In certain circumstances, we’ll share your personal data with third parties. These third parties include:

In order to complete your trip reservation, we need to transfer relevant reservation details to the trip provider you have chosen.

Depending on the trip reservation and the trip provider, the details we share can include your name, contact and payment details, the names of the people accompanying you, and any other relevant information (e.g. check-in/check-out dates), including preferences you specified when you made your trip reservation.

In certain cases, we also provide some summary information about you to the trip provider. This can include:

• Whether your account is verified
• Whether you’ve booked with the trip provider in the past
• The number of completed reservations you’ve made with us
• The absence of reports to Booking.com regarding misconduct involving you
• The percentage of reservations you may have canceled in the past on our platform
• Whether you’ve given reviews about past reservations

If you have a query about your trip, we may contact the trip provider to handle your request. Unless payment is made to Booking.com itself during the reservation process, we need to forward your credit card details to the trip provider you chose for payment processing.

To resolve possible trip-related claims or disputes or any other kind of customer service issue, we may provide the trip provider on an as-needed basis with your contact details and other information about the reservation, claim, or dispute. This can include, for example, your email address and a copy of your reservation confirmation to confirm that the trip reservation was made or the reasons for its cancellation.

Trip providers will further process your personal data outside of the control of Booking.com to prepare for arriving and departing guests, for example. Trip providers may also ask for additional personal data, for instance to provide additional services and to comply with local requirements and restrictions. If available, read the privacy statement of the trip provider to understand how they process your personal data.

We work with many strategic partners around the world. These strategic partners distribute and advertise Booking.com’s services, including the services and products of our trip providers. Depending on the strategic partner, you may make your trip reservation through:

• our website that’s operated in partnership with a strategic partner; or
• strategic partners’ websites or mobile apps.

For the former, the strategic partners will receive certain personal data related to your specific reservation and your interactions on these websites. This is for the legitimate interest of Booking.com or our strategic partners.

For the latter, certain personal data that you give them, such as your name and email address, your address, payment details, and other relevant information, will be forwarded to us to finalize and manage your trip reservation. With these strategic partners, we may act as joint controllers for processing of specific personal data. When we do act as joint controllers, you will be informed, including to which joint controller to address your specific request to exercise rights. We may collaborate with our joint controllers to ensure an adequate response to your request.

For fraud detection and prevention purposes, we may also exchange information about our users with strategic partners – but only when strictly necessary.

Many trip providers contract with specific third-party companies (often referred to as “connectivity providers”) to automate the routing of reservation information from Booking.com and other members of the travel industry to them.

Connectivity providers act on behalf of trip providers (rather than Booking.com) and forward reservation information to them so they can manage their reservations in their systems.

We use service providers to support us in providing our trip services. The services these third-party companies provide include:

• Customer support
• Industry/market research
• Fraud detection and prevention (including anti-fraud screening)
• Insurance coverage claims handling
• Payment processing
• We use third parties to electronically process payments, handle chargebacks, or provide billing collection services. The payment service providers may, in some cases, use your personal data for their own purposes, such as to detect and prevent fraud attempts and to comply with legal obligations applicable to them.
• When a chargeback is requested for your trip reservation, either by you or by the holder of the credit card used to make your reservation, we need to share certain reservation details with the payment service provider and the relevant financial service organization so they can handle the chargeback. This may also include a copy of your reservation confirmation or the IP address used to make your reservation.
• We may also share information with relevant financial institutions, if we consider it strictly necessary for fraud prevention purposes, for example, to prevent the fraudulent use of a stolen credit card.
• Marketing services
• We may share some of your personal data (such as identifiers) with advertising partners, as part of the marketing of our trip services via third parties (to ensure that relevant advertisements are shown to the right audience).
• We use techniques such as hashing specific personal data (e.g. email address, telephone number) to enable matching with data in one or more of their databases. Such techniques limit what the receiving third-party company can do with the personal data we selectively share with them.
• When sharing audience insights with advertising partners and other third parties, we ensure that your personal data is aggregated and pseudonymized, so the advertising partners and other parties cannot directly identify you (e.g. through the use of vetted data clean rooms). These pseudonymized insights are used to develop tailored media proposals and pitches for our partners.
• As part of the account verification process, we may share some of your account data (such as your name, email address, phone number, passport number, physical address), linked social media account, passport, or other identification document(s) with a third party. A third party may use a detection system to verify that you are a real person and not a bot. This process is automated, and the data is not retained beyond what is necessary for verification.

In some cases (e.g. disputes, legal claims, or as part of auditing activities), we may need to share your personal data with representatives of professional service organizations. These representatives can include legal counsels at law firms as well as auditors. We only share your personal data to the extent that is necessary and in line with contractual and other obligations applicable to them.

We follow specific protocols when law enforcement agencies and other government bodies request that we disclose personal data about one or more travelers in connection with a possible criminal matter. We may also disclose personal data to law enforcement agencies in connection with possible cases of fraud.

We follow similar protocols where, for example, EU and local laws additionally require us to share personal data with a competent authority, such as a tax authority. We may be required to disclose personal data to:

• Comply with a legal obligation, for instance, under applicable short-term rental laws
• Protect and defend our rights or the rights and interests of our business partners.

We may share personal data in other instances with other business partners. These include:

• Insurance companies: If an insurance claim is made, concerning you and a trip provider, we may provide the necessary data (including personal data) to the insurance company and their appointed representatives for further processing.
• Other trip providers; we may present you with a “Partner offer.” When you book an accommodation marked “Partner offer,” your reservation will be facilitated by a trip provider who is separate from the accommodation you’re booking. As part of the reservation process, we’ll need to share some relevant personal data with this trip provider. If you book a “Partner offer,” review the information provided in the reservation process or check your reservation confirmation for more information about the trip provider and how your personal data will be further processed by them.

Booking.com is a business that connects travelers and partners around the world. The data that we collect from you, as described in this privacy statement, could be accessible from, transferred to, or stored in countries that may not have the same data protection laws as those of the country in which you initially provided the information. In any case, we apply appropriate safeguards to make sure that cross-border transfers of personal data comply with applicable law and seek to ensure that your data continues to receive a comparable level of protection.

In particular, if you’re in the European Economic Area (EEA) and your personal data is transferred to third-party service providers in countries not considered adequate by the European Commission (EC), we establish and implement appropriate contractual, organizational, and technical measures with these third-party companies. This is done by using Standard Contractual Clauses as approved by the EC, by examining the countries to which the data may be transferred, and by imposing specific technical and organizational measures.

In certain cases, we transfer your data outside the EEA because it’s necessary to conclude or perform the contract we have with you. For example, if you make a trip reservation involving a trip provider or strategic partner operating outside the EEA, it’s likely to require that we transfer data about your specific reservation outside the EEA.

For transfers of your personal data outside of the United Kingdom (UK), we apply the equivalent mechanisms and appropriate safeguards for the UK.

For transfers within Booking.com group entities, we have implemented Binding Corporate Rules (BCRs) as a further safeguard to help ensure your data remains appropriately protected when transferred outside of the EEA. You can find information about our BCRs here.

You can ask us for more information on our implemented safeguards by contacting us as described in the section Your rights.

Back to top

Depending on the type of product or service you use and other factors, such as where you live, we may have additional information to provide you with that supplements or even replaces the information elsewhere in this notice. Review the following sections, which apply to you, in order to have the full picture.

If you use our ground transportation services, the information in this section applies to you. It adds to, or replaces, the information in other parts of this privacy statement.

In addition to what we list in Personal data you give to us, for a car rental reservation we might also ask for your home address, billing address, phone number, date and place of birth, passport and driver’s license info, government-issued ID (where required by law), and the names of any additional drivers. For a private or public transportation reservation, we might ask for your pick-up and drop-off address (if you book a journey such as a car or an airport transfer). We might also ask for your date of birth or age range for some public transportation tickets (e.g. child or senior tickets) and the names of any additional passengers.

In addition to what is described in the section Personal data we receive from other sources, car rental or private/public transportation companies also may share information about you with us. This could happen if you need support with or have questions about a pending reservation, or if disputes or other issues arise about a reservation.

In addition to what is described in the section How we share personal data with third parties, if the car rental company you select on our platform participates in our pre-registration scheme, the details we share can also include your email address, home address, phone number, date and place of birth, passport, and driver’s license information if you have provided this information to us. Providing further pre-registration information will enhance your pick-up experience, but it’s optional and you’ll still be able to pick up your rental car even if you don’t provide any pre-registration information.

Note that, sometimes, at the direction of the ground transportation provider, we’ll need to share your personal data with parties related to the provider in order to finalize and administer your reservation. These parties might include other entities of the provider’s corporate group or service providers, drivers, or end fleets who are handling the data on the provider’s behalf.

Car rental companies may also ask for additional personal data, for example, to provide additional services or to comply with local restrictions. Be aware that any information you provide directly to the company/companies supplying your car and/or related products will be stored and used in accordance with their own privacy statement(s) and terms and conditions.

Car rental companies may also ask for additional personal data, for example, to provide additional services or to comply with local restrictions. Be aware that any information you provide directly to the company/companies supplying your car and/or related products will be stored and used in accordance with their own privacy statement(s) and terms and conditions.

Back to top

If you purchase an insurance product while using our platform, the information in this section applies to you. It adds to, or replaces, the information in other parts of this privacy statement. If you live in the US and purchase an insurance product, then our section on US insurance applies to you instead.

The offering of insurance can involve multiple parties, such as intermediaries, underwriters, and other agents. Where Booking.com Distribution B.V. is involved, it will act as the intermediary and authorized agent or appointed representative (depending on the jurisdiction) on behalf of the insurer, by offering insurance products and services to Booking.com customers.

Review the information provided during the reservation process for more information about us and the parties who work together with us to offer you these products and services. The details of the insurer will be visible in the insurance policy and related documentation provided to you.

When offering insurance, we may have to use and share personal data that is relevant to the insurance product. This data relates to you as a potential or actual policyholder, the beneficiaries under a policy, family members, claimants, and other parties involved in a claim:

• To provide offers, arrange insurance cover and handle insurance claims, some personal data, provided to us during the reservation process (“General Order Data”), may have to be shared within other Booking.com entities. You may also be asked to provide additional information, such as names of family members or other beneficiaries or details about a claim (“Insurance-Specific Data”).
• If you make a claim under an insurance policy, this claim may be directly handled by the insurer. This means that you may be asked to provide personal data in order to submit the claim directly to them. The insurer will inform you accordingly at the point of collection of your information. When your claim is handled by the insurer, we may receive information about the status of your claim in order to provide you with customer support services.

For further information about the relationship between Booking.com and Booking.com Distribution B.V., and to exercise your rights regarding personal data that is collected via the Booking.com platform, contact us as described in the section “Your rights.”

Insurance-related call recordings may be kept for up to 12 months to comply with specific provisions from insurance-related laws and regulations. If you purchase an insurance product over the phone, we can verify and confirm your insurance purchase in the event of disputes.

Back to top

If you purchase an insurance product while using our platform and live in the US, the information in this section applies to you. It adds to, or replaces, the relevant information in other parts of this privacy statement. If you do not live in the US and purchase an insurance product, then this section on insurance applies to you instead.

Where we refer to personal data in this section of the privacy statement, it means the same as personal information under California law and non-public personal information under, for example, the Gramm-Leach-Bliley Act.

We generally collect personal data as part of providing insurance products. We, alongside our contracted insurer, are each individually responsible for determining how your personal data will be handled for our respective business processes. Accordingly, if you disclose personal data to us in connection with the purchase of an insurance product, we encourage you to also review the insurer’s privacy statement to understand how your personal data will be handled by them.

1. Responsible parties

   The Booking.com entities responsible for offering insurance product options on our platform, and the associated processing of your personal data, are Booking.com B.V. and Booking.com Distribution Insurance Solutions, LLC (“BDIS”).

   Booking.com Distribution B.V. (“BDBV”) is the designated company manager of BDIS. The details of the insurer will be visible in the insurance policy and related documentation provided to you when you purchase insurance on our platform.

   The insurance products you purchase are distributed by BDIS. BDIS is a Delaware Limited Liability Company registered to conduct business in all states, as well as the District of Columbia, and is a duly licensed insurance producer in all states and the District of Columbia. BDIS has a resident license in Connecticut, with offices in Connecticut at 800 Connecticut Ave, Norwalk, CT 06854. The BDIS Connecticut Resident Producer License Number is 3002601274.

   Where BDIS is the distributor, offering an insurer’s insurance products and services to Booking.com customers that live in the US, it acts as a controller for any processing of personal data it undertakes outside of Booking.com B.V. systems. Booking.com B.V. acts as a controller for any personal data it collects on our platform for insurance purposes.

2. Personal data we collect

   In addition to what we list in the section Personal data you give to us, to offer you insurance we might also collect:

   • Individual details: name, address (and proof of address), other contact details, gender, marital status, family details, date and place of birth, professional or employment-related information (e.g. employer and business travel details, job title and employment history), relationship to the policyholder, insured, beneficiary or claimant, images, visual information (e.g. any photos you upload on your account);
   • Unique Identification details: identification numbers issued by government bodies or agencies (e.g. social security or national insurance number, passport number, ID number, tax identification number, driver’s license number);
   • Financial information: payment card number and information, bank account numbers and account details, income, and other financial information;
   • Insured risk: information about the insured risk, which contains personal data and may include, only to the extent relevant to the risk being insured:
     • Health data: current or former physical or mental medical conditions, health status, injury or disability information, medical procedures performed, relevant personal habits (e.g. smoking or consumption of alcohol), prescription information, medical history;
     • Criminal records data: criminal convictions, including driving offenses; and
     • Other special categories of personal data: racial or ethnic origin, biometric data (for example from a passport or identity document that is used to identify the passport or document holder);
   • Policy information: information about the quotes you receive and the policies you obtain;
   • Credit and anti-fraud data: credit history and credit score, information about fraud convictions, allegations of crimes, and sanctions details received from various anti-fraud and sanctions databases, regulators, or law enforcement agencies;
   • Previous claims: information about previous claims, which may include health data, criminal records data, and other special categories of personal data (as described in the Insured risk definition);
   • Current claims: information about current claims, which may include health data, criminal records data, and other special categories of personal data (as described in the Insured risk definition);
   • Marketing data: whether or not the individual has consented to receive marketing from us and/or from third parties and/or their marketing preferences; and
   • Website and communication usage: such as internet and other electronic network activity information, computer, device, and connection information (e.g. IP address, browser type, domain name, operating system, unique device identifier), details of your visits to our websites or apps, and information collected through cookies and other tracking technologies, including traffic data, location data, web logs, and other communication data, and the resources that you access.
   • Background checking information: such as inclusion on a sanctions list or a public list of disqualified directors, the existence of previous or alleged criminal offenses, or confirmation of clean criminal records, and information in relation to politically exposed persons (“PEPs”).
   • Inferences (e.g. analytics and preferences)
   • Comments, feedback, or other information provided to us: such as social media interactions with our social media presence, comments provided on feedback forms or surveys, and questions or information sent to our support services.
3. Recipients of your personal data

   We may share certain elements of your personal data with third parties, which under US state privacy laws may be considered the sale of personal data. This may include information related to inferences and analytics. We may also share your personal data with service providers who assist us with delivering marketing messages or advertisements.

   In addition to the information provided in the sections on “How we share personal data…”, we may share your personal data with the following categories of recipients where necessary to offer, administer, and manage the insurance products and services provided to you:

   • Insurance market participants: Where necessary to offer, administer, and manage the insurance products and services provided to you, such as insurers and insurance underwriters, reinsurers, agents, brokers, producers, and claims adjusters. The insurance underwriter is the insurer that is underwriting your insurance statement and is named in your policy documentation.
   • Vetting and risk management agencies: Such as credit reference, criminal record, fraud prevention, data validation, and other professional advisory agencies, where necessary to prevent and detect fraud in the insurance industry and take steps to assess the risk in relation to prospective or existing insurance policies and services;
   • Legal advisers, claims adjusters, and claims investigators: Where necessary to investigate, adjudicate, or defend legal claims, insurance claims, or other claims of similar nature;
   • Medical professionals: e.g. Where you provide health information in connection with a claim against your insurance policy;
   • Law enforcement bodies: Where necessary to facilitate the prevention or detection of crime or the apprehension or prosecution of offenders;
   • Public authorities, regulators, and government bodies: Where necessary for us to comply with our legal and regulatory obligations;
   • Third-party suppliers: where we outsource our processing operations to suppliers that process personal data on our behalf. These processing operations shall remain under our control and will be carried out in accordance with our security standards and strict instructions;
   • Successors of the business: where Booking.com or the insurance products and services are sold to, acquired by, or merged with another organization, in whole or in part. Where personal data is shared in these circumstances, it will continue to be used in accordance with this privacy statement;
4. How your personal data is processed and used for insurance products and services

   When offering insurance, BDIS may have to use and share personal data that is relevant to underwrite and sell the insurance product. This list of information relates to you as a potential or actual policyholder, and to the beneficiaries under a policy, family members, claimants, and other parties involved in a claim.

   In order to transact in insurance, provide offers, arrange insurance coverage, and handle insurance claims (where relevant), the personal data you provide to us during the booking process is shared with BDIS, potentially other parties retained by Booking.com, third-party administrators of claims, and the insurer providing the policy. This may include any of the details in section 2 and travel details. Additional information may also be requested in order to provide the insurance coverage and services and in order to issue a policy and/or handle an insurance claim, including names of family members, medical information and records, and/or other beneficiaries’ information, as well as other information necessary to conduct or support the investigation of an insurance claim (“Insurance-Specific Data”).

   If you make a claim under an insurance policy, this claim may be directly handled by BDIS, by the insurer, or by a third-party administrator. This means that you may be asked to provide personal data in order to submit the claim directly to the claims adjuster. The insurer will inform you accordingly at the point of collection of your information. When your claim is handled by the insurer, BDIS and/or BDBV may receive information about the status of your claim in order to provide you with customer support services.

   In addition to the purposes described in Purposes of collecting and processing your personal data, we use the information we collect about you in connection with the insurance products and services to:

   • Offer, administer, and manage the insurance products and services provided to you, including providing initial and renewal quotations and client care information;
   • Carry out due diligence, identity, credit reference, bankruptcy, sanctions, data validation, anti-money laundering, “Know Your Customer,” and other business acceptance, vetting, and risk management agency checks;
   • Apply the insurer’s product-specific eligibility rules to allow them to evaluate risks relating to your prospective or existing insurance policy;
   • Process payments, including your payments for the insurance premium and any adjustments;
   • Support or assist the insurer to administer, investigate, and settle claims or complaints in relation to insurance policies and/or the services provided;
   • Facilitate the prevention, detection, and investigation of crime and the apprehension or prosecution of offenders;
   • Enforce our agreements, trace debtors, and recover any outstanding debt in connection with the insurance products and services provided;
   • Fulfill legal and regulatory obligations, resolve disputes, and monitor compliance with same;
   • Support and/or assist insurers in performing analytics for risk modeling purposes and trends;
   • Conduct market research and canvas your views about the insurance products and services to develop and improve our products and services generally;
   • Research, audit, report, and for other business operations purposes, including determining the effectiveness of our promotional campaigns and evaluating business performance; and
   • Perform benchmarking, modeling, market research, and data analyses associated with the development of new and existing processes, products, and services.
5. Impact of failing to provide information

   You are required to provide any personal data we reasonably require (in a form acceptable to us) to meet our obligations in connection with the insurance products and services we provide to you, including any legal and regulatory obligations. If the information provided is either incomplete and/or inaccurate, we may be unable to offer the insurance products and/or services to you and/or we may terminate the services provided with immediate effect. This is because we may be required to do so in accordance with the applicable federal and state laws, rules, and regulations of all states.

6. For California Residents – California Law

   Service Provider

   We may act as service providers under the California Consumer Protection Act (CCPA). This means that we may collect and use Personal Information on behalf of another company (for example, where BDIS provides insurance products and services to third-party insurers and producers). Where your Personal Information is processed by us acting as a service provider, that other company’s privacy statement will explain its privacy practices. Note that in some instances, BDIS and other Booking.com companies or business units may be acting as a service provider for other members of Booking.com, and, in those instances, this section of the privacy statement will apply. If you make a request to us to exercise your rights where we act as a service provider under the CCPA, we may be required to disclose your request to the relevant company.

   Personal Information Not Covered by this California Section of the Privacy Statement

   The following sets out some of the categories of Personal Information that are not subject to the CCPA, and therefore are not covered by this section of the Notice. Note that other sections of the Statement may still apply in addition to other privacy statements that we may issue addressing our specific relationship with you, including privacy statements that are sent to individuals.

   • Health or medical information that we collect and that is subject to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), the California Confidentiality of Medical Information Act, or the Health Information Technology for Economic and Clinical Health Act. For this type of data, a separate HIPAA privacy statement is provided to certain individual consumers as required under applicable laws, rules, and regulations.
   • Information we collect in connection with the issuance of financial products or services to you that are to be used primarily for your personal, family, or household purposes and that is subject to the Gramm-Leach-Bliley Act (“GLBA”) or the California Financial Information Privacy Act. For example, where we handle a claim for you as an individual. Note that this exclusion may not apply to all of your Personal Information, including to personal information collected before you become a customer.
   • Information we collect and provide for use that is subject to the Fair Credit Reporting Act.
   • Information we collect as a motor vehicle record and that is subject to the Driver's Privacy Protection Act of 1994.
   • Publicly available information from government records and information we have a reasonable basis to believe is lawfully made available to the general public by you or by widely distributed media, or by a person to whom you have disclosed the information and not restricted it to a specific audience.
   • De-identified or aggregated information.

   Categories of Personal Information Collected & Disclosed

   The following identifies the categories of Personal Information we may collect about you. Note that our collection, use, and disclosure of Personal Information about you will vary depending upon the circumstances and nature of our interactions or relationship with you.

   Depending on how you use our insurance products and services, we, the insurer, or the third-party claims administrative company may collect (or you might provide) the following categories of Personal Information:

   • Identifiers, such as real name, alias, job title, address, email address, date of birth, policy number, salary information, social security number, driver’s license number, other government identifiers, credit card number, and tax ID.
   • Online Identifiers, such as unique personal identifiers, device IDs, ad IDs, IP addresses, and cookie data.
   • Customer or Claimant Records, such as paper or electronic customer or claimant records containing Personal Information, as well as information provided by an insurance broker/agent or reinsurer for underwriting purposes and information included in a list of claims, such as name, signature, physical characteristics or description, address, telephone number, education, current employment, employment history, social security number, passport number, driver’s license or state identification card number, insurance policy number, bank account number, payment card number, gender, height, weight, medical information (including reports and medical bills), health insurance information, details about home address, security and travel plan arrangements, records of personal property, products or services purchased or obtained.
   • Financial Information, such as your bank account or credit card number and other payment details.
   • Characteristics of Protected Classifications under California Law, such as age (40 years or older), race, national ancestry, national origin, citizenship, religion or creed, marital status, pregnancy, medical condition, physical or mental disability, sex, sexual orientation, and veteran or military status.
   • Usage Data, such as Internet or other electronic network activity information regarding a California resident's interaction with portals, Internet websites, applications, or advertisements, including, but not limited to, browsing history, clickstream data, search history, and content of public posts.
   • Biometric Information, such as individual biological or behavioral characteristics including measurements of physical characteristics such as height, weight and blood pressure, sleep, health, or exercise data that contain identifying information.
   • Education Information, such as education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, and student disciplinary records.
   • Geolocation Data, such as physical location or movements.
   • Audio, Video, and Other Electronic Data, such as audio information including call recordings, video and photographs, recorded meetings and webinars, and CCTV footage to secure our offices and premises.
   • Professional or Employment-Related Information, such as employment history, qualifications, licensing, and disciplinary record.
   • Inferences and Preferences, such as inferences drawn from any of the information described in this section about a consumer including inferences reflecting the consumer’s preferences, characteristics, behavior, and abilities.
   • Sensitive Personal Information, such as social security number, driver’s license number, racial or ethnic origin, religious or philosophical beliefs, medical condition, and physical or mental disability.

   Sources of Personal Information

   We generally collect Personal Information from the following categories of sources:

   • Directly from you and automatically;
   • Our affiliates, sister companies, and subsidiaries;
   • Corporate policyholders; and
   • Our vendors and service providers (e.g. third-party administrators).

   Purposes for Collecting and Disclosing Personal Information

   In addition to the purposes described in <0>Purposes of collecting and processing your personal data<0>, we collect and otherwise process the personal information we collect for the following business or commercial purposes:

   • Inferences;
   • Find locations on request;

   If you would like more information about the recipients of your personal information, see also the sections on “How we share personal data.”

   Sensitive Personal Information

   We use and disclose sensitive personal information permitted by law and as reasonably necessary and proportionate: (i) to perform our services requested by you; (ii) to help ensure security and integrity, including to prevent, detect, and investigate security incidents; (iii) to detect, prevent, and respond to malicious, fraudulent, deceptive, or illegal conduct; (iv) to verify or maintain the quality and safety of our services; (v) for compliance with our legal obligations; (vi) to our service providers who perform services on our behalf; and (vii) for purposes other than inferring characteristics about you.

   Retention of Personal Information

   We retain the Personal Information we collect only as reasonably necessary for the purposes described in this notice or otherwise disclosed to you at the time of collection. For example, we will retain certain identifiers for as long as it is necessary to comply with our tax, accounting, and recordkeeping obligations, to administer certain policies and coverage, and for research, development, and safety purposes, as well as an additional period of time as necessary to protect, defend, or establish our rights, defend against potential claims, and to comply with our legal obligations. From time to time, we may also de-identify your Personal Information, retain it, and use it for a business purpose in compliance with CCPA.

   Disclosure of Personal Information to Third Parties and Other Recipients

   The categories of Personal Information we may have disclosed for a business purpose in the preceding twelve (12) months include:

   • Identifiers (e.g. your name, account number, email address, IP address, government-issued identification number)
   • Financial, medical, or health insurance information (e.g., your bank account number, payment card number, or medical information—if provided by you or on your behalf)
   • Characteristics of protected classifications under California or federal law (e.g., your gender, religion, or sexual orientation)
   • Commercial information (e.g., your purchase information or buying history)
   • Internet or other electronic network activity information (e.g., information about your website or app usage)
   • Geolocation data (e.g. your physical location)
   • Visual information (e.g. any photographs you upload on your account)
   • Inferences (e.g. analytics and preferences)
   • Professional or employment-related information (e.g., employer and business travel details)
   • Sensitive information (e.g. driver’s license, state identification or passport number, account sign-in details, communications between you and a Trip Provider via Booking.com)

   If you would like more information about the categories previously mentioned, the specific types of personal information we collect, or the purposes for which we collect them, see also the sections on Personal data we collect and process and Purposes of collecting and processing your personal data.

   The categories of third parties and other recipients to whom we may disclose personal information for a business purpose may include:

   • Agents and brokers;
   • Insurers;
   • Reinsurers;

   We may “share” the following categories of Personal Information: online identifiers and usage data. We disclose this information to third-party advertising networks, analytics providers, and social networks for purposes of marketing and advertising.

7. Your rights

   If you live in the US (other than in California), and would like to understand and exercise your rights, see our section on US (other than California).

   To understand and exercise your rights under California law, see our section on California.

   Back to top

If you live in the US (other than in California), the information in this section applies to you. It adds to, or replaces, the information in other parts of this privacy statement.

In addition to the categories of personal data we may collect about you listed in Personal data we collect and process, other categories include:

• Geolocation data (e.g. your physical location)
• Inferences (e.g. analytics and preferences)
• Sensitive data (citizenship or immigration status, data revealing your racial or ethnic origin, religious beliefs, mental or physical health diagnosis, or sexual orientation) you provide

We may share certain elements of your personal data with third parties, which under US state privacy laws may be considered the sale of personal data. This sale of personal data may include information related to inferences.

Genius Reward Visa Signature® Credit Card

If you apply for a Genius Reward Visa Signature® Credit Card (“card”), we shall share certain personal data with Imprint Payments, Inc. for the purpose of providing you with travel credits as defined in the terms and conditions that you receive when you apply for the card (“card terms”). Imprint Payments, Inc, as recipient of your personal data, manages our co-branded credit card program and acts as an independent controller.

For the purpose of awarding you rewards under this program, we shall share with Imprint Payments, Inc.:

• Information related to all trip reservations made using your card or associated additional cards on Booking.com;
• Information related to all trip reservations made by you while logged in to your Booking.com account, regardless of the form of payment used.

The application for this card is voluntary and is subject to approval in accordance with the card terms. If you exercise your right of erasure of your Booking.com account, your cardholder rights will not be affected. However, you will not be able to receive rewards under this program. You can withdraw from the program, as outlined in the card terms.

You can choose how your personal data is used by us, as described in the section Your rights, and other rights as follows:

If you’re a parent, legal guardian, or the authorized agent of a consumer and wish to exercise rights on behalf of a consumer, contact us as described in Your rights. We may need to verify your identity and authorization before completing the request.

When you exercise your rights, we verify your identity based on whether the name and the email address you provide in the request match the data you provided when using our services and other verification details. You may authorize another individual to exercise opt-out rights on your behalf. If we receive such a request, we’ll send an email to confirm you authorized the requester to act for you.

Back to top

We combine people, processes, and technology to protect your personal data and respect your privacy.

This includes, among other things, that we:

• Maintain a comprehensive framework of security policies, procedures, and protocols
• Employ personnel dedicated to cybersecurity and data protection
• Keep staff alert to security risks through continual security training and awareness activities
• Use up-to-date security technologies such as encryption and data leakage prevention to help guard against unauthorized data disclosure or destruction
• Maintain inventories to provide oversight over processes, systems, and data assets
• Use multiple systems for fraud prevention/detection and continuous system monitoring, including for security purposes
• Use identity and access management and other logical and physical access restrictions to control that only authorized personnel can access personal data
• Maintain and test protocols to respond to reports about possible incidents and data breaches
• Verify and enhance our security systems, procedures, and protocols on a recurring basis
• Impose equivalent measures on third parties we appoint

We use retention practices to keep and, where possible under applicable law, dispose of personal data. Generally, we keep your personal data for as long as is necessary to:

• Enable you to use our services or to provide our services to you
• Prevent and detect online fraud attempts and/or other illegal activities
• Comply with legal obligations such as those from accounting and tax laws
• Resolve any disputes and legal claims

While not mandatory for your use of Booking.com’s platform, we recommend that you:

1. Create an account where available on our platform. By using an account, you can protect access to your data, such as your reservation history and your Wallet, for example, with a strong password as well as two-factor authentication.
2. Use unique passwords for every online service, including your Booking.com account. If you reuse username and password combinations across multiple services available, and one of these services suffers a data leak, malicious actors typically try using the same combinations to gain access to your user accounts at other online services. Where we detect such malicious attacks impacting travelers, we quickly take countermeasures such as blocking accounts at risk and alerting account holders.
3. Read (and follow the guidance from) articles we may make available to you about online fraud prevention and data protection. Online fraud attempts typically involve social engineering and “phishing” schemes. For example, fraudsters pretend to be a specific accommodation and ask a traveler for payment where this is not necessary. You should contact Customer Service if you suspect there is a possible fraud attempt in connection with your reservation.

Back to top

Whenever you use our services, including our mobile apps, we may use cookies and other tracking technologies, which we collectively refer to as “cookies.” This section provides information about how we use cookies.

A web browser cookie is a small text file placed by a website in the data that a web browser automatically stores on your computer or mobile device. It enables software to store information about the content you view and interact with, for example, to:

• Remember your preferences, settings, and reservations you may not have completed

• Analyze how you use our services

We also use other types of cookies. For example, our websites, email messages, and mobile apps may contain small transparent image files or lines of code that record how you interact with them.

Cookies we use can be divided into three purpose categories: functional, analytical, and marketing cookies.

We work with selected third-party companies to collect and process data. We may sometimes share information (such as your email address or phone number) with some of these third parties so that they can link that information to other data they collect separately (and typically independently from Booking.com). This helps us to engage with specific audiences or deliver targeted ads.

Where required, we offer you the option to decline analytical and marketing cookies. Most browsers will also allow you to choose which cookies to accept and which to reject. See the help function of your browser to learn more. Note that if you choose to block certain functional cookies, you may not be able to use or benefit from some features of our services.

Back to top

We are always looking for opportunities to innovate and improve the customer experience by using new technologies such as artificial intelligence (AI) systems. We currently use AI for the following purposes:

We have a legal basis to use AI systems in accordance with data protection laws. The legal basis of using AI will usually follow the overall purpose of processing set out in the section Purposes of collecting and processing your personal data:

• Beyond preventing and detecting fraud attempts, we may have a legitimate interest in developing AI systems to reduce our costs, improve the efficiency and quality of our processing, improve our privacy-enhancing technologies, and provide better products to our customers. We consider whether your rights and freedoms aren’t unduly infringed upon by the processing of your personal data and only proceed where this legitimate interest isn’t overridden by your rights.

• In other cases where we may use AI, we’ll seek your consent where this is required.

We assess our AI systems against data protection principles, such as minimization, accuracy, and purpose limitation. We take steps to prevent harm and biases from our use of AI, for example by:

• Pseudonymizing personal data

• Developing our own systems to reduce sharing data with third parties

• Reassessing our use of AI systems to ensure risks continue to be adequately mitigated

See the How we protect your personal data section for more information regarding the safeguards we have implemented, which will also apply to personal data we process to train or use AI.

We don’t currently use any solely automated systems, including those using AI, to make a decision about you that would result in a legal or similarly significant effect on you. We’ll inform you if this changes and will ensure that we’ve implemented suitable measures to safeguard your rights and freedoms.

In some cases, we may complete decision-making without human review but only after we’ve assessed that the decision wouldn’t result in a significant effect on you.

In the cases which may have a significant effect on an individual, for example monitoring for fraud attempts, our systems may inform and contribute to a decision, but any such decisions will have human input. A member of our team will review a possible issue that a system may identify and make an informed decision.

If you’d like to know more about our use of AI systems or would like to object to the use of your personal data in the context of AI, contact us as described in the Your rights section.

Back to top

Our services are not intended for people under the age of 18. We don’t intentionally collect personal data about persons below that age (collectively called “minors”) unless that data is provided by (and with the consent of) a parent or guardian. The limited circumstances where we might need to collect from parents or guardians the personal data of minors include:

1. As part of a reservation

2. The purchase of other travel-related services

3. In other exceptional circumstances (e.g. features addressed to families).

If we become aware (e.g. via a Customer Service request) that we’ve processed personal data about minors without the valid consent of their parent or guardian, we’ll delete it.

Back to top

We want you to be in control of how we use your personal data. You can do this in the following ways:

We offer various ways for you to exercise your rights or raise questions and concerns about your personal data at Booking.com:

To protect your personal information, we may need to verify your identity before completing your request. We will do this by asking you questions about your previous reservations with us. We’ll respond to your request without undue delay.

If you aren’t satisfied with our response to your request or have other concerns about your personal data, you can also contact your data protection supervisory authority.

For questions about a reservation, contact our Customer Service team through our customer service contact page.

Back to top

The entities relevant for this notice include:

The contact details listed are also the means to contact the Booking.com Data Protection Officer.

Booking.com is subject to an array of laws and regulations, including those related to personal data protection, and their enforcement through data protection supervisory and other authorities. Among others, Booking.com is subject to supervision by the Dutch Supervisory Authority (the “Autoriteit Persoonsgegevens” (AP)) based in the Netherlands, as well as the Information Commissioner’s Office (ICO) in the United Kingdom.

Booking.com may be contacted by law enforcement agencies seeking to obtain specific personal data, for example, in connection with their criminal investigations or reports they receive about missing persons. Similarly, other agencies and authorities may contact Booking.com with ad hoc or recurring information requests, in connection with short-term rental laws or consumer protection laws for example. Duly authorized representatives from agencies and other authorities must submit such requests only via our Law Enforcement Response processes and using the portal we make available for these purposes.

Back to top