Privacy and Cookie Statement

Privacy and Cookie Statement

This Privacy and Cookie Statement (“Statement”) applies to Booking.com Transport Limited, 100 New Bridge Street, London, EC4V 6JA (“Booking.com Transport Limited” or “we”). It describes how we collect and process personal data about (potential, existing or former) strategic partners, supply partners and other business partners ("Business Partners" or "you"), and therefore applies to personal data of owners, employees, representatives or other individuals acting on behalf of Business Partners.

Please see our separate Privacy Notice and Cookie Statement which describes (i) how we process personal data collected when using and making a booking on our platforms, and (ii) how we use cookies on customer facing platforms.

What kinds of information do we collect about you?

The information we collect about our Business Partners depends on the context of the business relationship and interaction with us, the choices made by a Business Partner and the products, services and features used. The information we collect about a Business Partner can include the following, and depending on the specific situation, not all of the following data items may be considered personal data because it may relate to a business instead of an individual.

Information that you give us

When you register as a Business Partner, we will need you to provide us with the following information: name, date of birth (as required), your contact details, telephone and fax number, company registration documents and the necessary details to be able to pay you (including your bank details: bank account number, VAT number, credit slips). We may also ask (representatives of) Business Partners to provide a copy of their ID card or passport, a photo, video or other relevant information to verify the authenticity of the Business Partner.

We also collect and process communications. During calls with our customer service team, live listening may be done and calls may be recorded for quality control and training purposes, which includes the usage of the recordings for the handling of claims and fraud detection purposes. Recordings are kept for a period of 12 months and automatically deleted, unless we have a legitimate interest to keep such recordings for a longer period, including for fraud investigation and legal purposes.

Providing your personal data to us is voluntary. However, you may only be able to register as a Business Partner if certain personal data is collected. For instance, we cannot set up your account if we do not collect your name, contact details and company registration documents.

If we use automated means to process personal data which produces legal effects or significantly affects you, we will implement suitable measures to safeguard your rights and freedoms, including the right to obtain human intervention.

Information we collect automatically

When using our online services, such as the online registration form, an online user account (e.g. our extranet or partner centre) or make use of our app (e.g. Pulse app), we also collect information automatically, some of which may be personal data. This includes data such as language settings, IP address, location, device settings, device OS, log information, time of usage, URL requested, status report, user agent (information about the browser type), operating system, browsing history, user ID, and type of data viewed.

Information you give us about others

By sharing other individual’s personal data in relation to your business (for example of your employees), you confirm that these individuals have been informed about the use of their personal data by us in accordance with this Privacy Statement and provided any necessary consents.

Information we receive from other sources

  • Information on insolvencies

    In insolvency matters, we may receive information from insolvency administrators, courts or other public authorities relating to a Business Partner.

  • Data related to law enforcement and tax authority requests

    Law enforcement or tax authorities can contact us with additional information about Business Partners if they are affected by an investigation.

  • Fraud detection

    In certain instances, and as permitted by applicable law, we may need to collect data through third party sources for fraud detection and prevention purposes.

How and why do we collect, use and share personal data?

  1. Registration and account administration

    To register your services (including verification purposes) and to allow you and us to manage and administer your account.

  2. Relationship management and customer service

    To provide support services (e.g. respond to Business Partners’ requests, questions and concerns) engage with you about our ongoing relationship, including contractual and performance obligations, and any future initiatives by either party that may affect you and/or us.

  3. Bookings

    To send the necessary communications about bookings, including confirmations, cancellations, customer service issues and information about new features and services.

  4. Other activities, including marketing

    If you are making use of an online registration facility and you have not finalised your online registration, we may email you a reminder to do so. We see this as a useful additional service for our potential Business Partners because it allows you to carry on with the registration process without having to start again from scratch. If you don’t want any more reminders, just click the ‘unsubscribe’ link in the email reminder.

    We may invite Business Partners to attend and host events we believe may be of relevance to a Business Partner or use personal data to offer and host online forums to enable Business Partners to find answers to commonly asked questions on the usage of our services and the offering of their products and services.

    We also use personal data, such as contact details, to inform Business Partners about system/product updates, or for other marketing communications. When we use personal data for direct marketing messages in electronic form, we will include a link to unsubscribe.

  5. Analytics, improvements and research

    To send you surveys, including market research surveys and to help us improve the user experience, functionality and overall quality of our Dashboard and other services. Please consult the information provided when invited to participate in survey, market research or join the online platform to understand how personal data may be treated differently from this Privacy Statement.

  6. Security, fraud detection and prevention

    To investigate, prevent and detect fraud and other illegal activities. We may use personal data a Business Partner has provided to us, for example for verification purposes as part of the registration process, personal data collected automatically, or personal data obtained from third party sources (including from customers).

    We reserve the right to disclose your personal data to law enforcement authorities, investigative organisations and external advisors to facilitate prosecution where necessary and other entities within the Booking Holdings Inc group. We may also use personal data for risk assessment and security purposes, including the authentication of users.

  7. Legal and compliance purposes

    To handle and resolve legal disputes, for regulatory investigations and compliance purposes, or to enforce the agreement(s) with Business Partners or the terms of use of our online booking service or solve a complaint with a customer as reasonably expected. By sharing other people’s personal data in relation to your business, you are confirming that they have agreed to have their personal data shared with and used by us in accordance with this Statement. If we use automated means to process personal data which produces legal effects or significantly affects you, we will implement suitable measures to safeguard your rights and freedoms, including the right to obtain human intervention.

Legal Bases for Processing

In view of purposes A to C, we rely on the legal basis that the processing of the personal data is necessary for the performance of the agreement between us and the Business Partner. If the required information is not provided, we cannot register a Business Partner or otherwise work with a Business Partner, nor can we provide customer service. In view of purposes D to G, we rely on our legitimate commercial business interest to provide our services or obtain services from Business Partners, to prevent fraud and to improve our services. When using personal data to serve our or a third party's legitimate interest, we will always balance the Business Partners’ rights and interests in the protection of their information against our rights and interests or those of the third party.

For purposes F and G, we rely also where applicable on compliance with legal obligations (such as lawful law enforcement requests).

If you wish to object to the processing set out under D to E and no opt-out mechanism is available to you directly (for example, in your account settings or via our Data Subject Rights Portal), please contact dataprotectionofficer@rentalcars.com

Data sharing

  • Sharing with affiliates

    In order to support the use of our services, your information, which may include personal data, may be shared with subsidiaries of the Booking.com Transport Limited corporate family which act as service providers for Booking.com Transport Limited, including in relation to customer support services. Please read here how we may share your personal data with the Booking Holdings Inc. corporate family, and to find out everything you need to know about the Booking.com Transport Limited corporate family, visit About Us.

  • Booking Holdings Inc

    Booking.com Transport Limited is a member of the Booking Holdings Inc. group, and may need to share Business Partners’ information, which may include personal data, with other members of the Booking Holdings Inc. group for compliance or fraud detection and prevention purposes as permitted by applicable law and as strictly necessary to protect the Booking Holdings Inc. group, including Booking.com Transport Limited, its customers and business partners from fraudulent activities and investigating and handling data security breaches.

  • Sharing with third parties

    There are a number of different business partners integrated in the services we provide, and in certain situations we may share your personal data with them. We share Business Partners’ information, which may include personal data, with third parties as permitted by law and as described below. In most cases, we’re simply passing on your booking details to the business partners that are helping us deliver the service you’re requesting. We will also share your data with other third parties, which may include payment service providers, advertising partners, subsidiaries of the Rentalcars.com corporate family and affiliates of the Booking Holdings Inc corporate group, and – in some cases – the authorities. These are the main reasons we would share your personal data:

    • Service providers (including suppliers)

      We share personal data with third party service providers to provide our products and services, store data or conduct business on our behalf. These service providers shall process personal data only as instructed by and to provide the service to Booking.com Transport Limited. We may also use third-party service providers for market research and fraud detection and prevention services, including anti-fraud screening services.

    • Payment Providers and other financial institutions

      We share personal data with payment providers and other financial institutions to process payments between a Business Partner and Booking.com Transport Limited.

    • Competent authorities

      When legally required, or strictly necessary for the performance of our services, or in legal proceedings, or to protect our rights or the rights of other members of the Booking Holdings Inc. group or users, we will disclose personal data to law enforcement authorities, government or investigative organisations, or other group companies.

  • Sharing and disclosure of aggregated data

    We may share information in aggregate form and/or in a form which does not enable the recipient of such information to identify you, with third parties, for example for industry analysis and demographic profiling.

Booking Holdings Inc.

We are part of the Booking Holdings Inc. corporate group.

See https://www.bookingholdings.com for more information.

We may receive personal data about you from other companies of the Booking.com Holdings Inc. corporate group or share your personal data with them for the following purposes:

  1. To provide Business Partner services;
  2. To provide customer support services;
  3. To detect, prevent and investigate fraud, other illegal activities and data breaches;
  4. For analytical and product improvement purposes;
  5. To provide personalised offers or send you marketing with your consent, or as otherwise permitted by applicable law;
  6. For hosting, storing, technical support, overall maintenance and maintaining security of such shared data;
  7. To ensure compliance with applicable laws.

Unless indicated otherwise, for purposes A to F, we rely on our legitimate interest to share and receive personal data. For example, we work closely with Booking.com to offer accommodation and attractions services to our customers, and all companies within the Booking Holdings Inc. group of companies may need to exchange customer personal data to ensure it protects all users from fraudulent activities on its platforms.

For purpose G, we rely where applicable on compliance with legal obligations (such as lawful law enforcement requests).

International data transfers

The transfer of personal data as described in this Statement may include overseas transfers of personal data to countries whose data protection laws are not as comprehensive as those of the United Kingdom and the countries within the European Union. Where required by applicable law, we shall only transfer personal data to recipients offering an adequate level of data protection. In these situations, as may be required, we make contractual arrangements to ensure that your personal data is still protected in line with UK and European standards. You can ask us to see a copy of these contractual agreements using the contact details below.

Security

What security procedures do we have in place to safeguard your personal data?

In accordance with UK and European data protection laws, we observe reasonable procedures to prevent unauthorised access to and misuse of personal data. Our business systems and procedures ensure we take all reasonable steps to protect your personal data and safeguard it against any misuse or unauthorised access, in accordance with UK and European data protection laws. We also have specific security procedures and restrictions (both technical and physical) that limit access to, and use of, any personal data that we hold. Only authorised personnel can access personal data – and they’re only allowed to do it for specific, authorised reasons.

Data retention

We will retain your personal data for as long as we deem it necessary to manage the business relationship with a Business Partner, to provide our services to a Business Partner, to comply with applicable laws (including those regarding document retention), resolve disputes with any parties and otherwise as necessary to allow us to conduct our business, including to detect and prevent fraud or other illegal activities. All personal data we retain will be subject to this statement and our internal retention guidelines. If you have a question about a specific retention period for certain types of personal data we process about you, please contact us via the contact details included below.

Cookies

What is a cookie?

A cookie is a small text file that is placed in your device’s browser. It lets a platform (such as a website or mobile app) recognise your device so it can provide a better, smoother experience. Most platforms use cookies to store useful bits of information for lots of different purposes. This information can include your sign-in name and your preferences (for example, your preferred language and currency). Cookies are not spyware or adware, and can’t deliver viruses or run programs on your device.

To find out more about cookies, please visit www.youronlinechoices.eu.

Why do we use cookies?

We use a variety of cookies to do different things:

  • Technical cookies

    To give you user-friendly platforms that function correctly and that adapt automatically to you, to create your user account, to sign you in and to manage bookings made with you. Technical cookies are vital, as they make our platforms work properly for you.

  • Functional cookies

    To remember any preferences you set when you visit our platforms, such as your preferred language. They can also remember your sign-in credentials so you don’t have to re-enter them every time. Our platforms would still work without functional cookies, but they wouldn’t work as quickly or provide such a smooth experience.

  • Analytics cookies

    To help us improve and optimise our platforms. We (or our third-party service providers) may use them to gather aggregated or segmented information about visitors, so we can see how effective and relevant our adverts are. That information can include which web pages and adverts you viewed that led you to our platforms, what referring/exit pages you entered and left from, which of our platforms you used, and how you interacted with those platforms. We do not use this information to personally identify you.

    We also use Google Analytics and Hotjar to analyse trends, identify preferences, diagnose technical problems and provide a better overall experience.

It’s your choice: Opting in and opting out cookies

If you choose not to opt in, this may affect our platforms’ functionality: you’ll still be able to use our platforms, but they won’t work as quickly or deliver such a smooth experience. And you can opt out of Google Analytics and Hotjar at any time by visiting tools.google.com/dlpage/gaoptout (for Google Analytics) and www.hotjar.com/opt-out (for Hotjar).

You can also use your browser to control how cookies are used on your device. Check your browser’s Help menu to find out how. However: Any changes you make will only affect the way that particular browser handles cookies on that device. Blocking cookies (and/or opting out of online behavioural advertising) won’t stop some of the monitoring methods described in this Statement.

Visit www.allaboutcookies.org to learn more about cookies and find out how to manage or delete them.

Contact

How can you control the personal data you have given us?

You have the right, subject to some legal exceptions, to access, correct or delete any personal data we keep about you, and to object to your personal data being processed. We rely on you to ensure that your personal data is complete, accurate and current. Please do inform us promptly of any changes to or inaccuracies of your personal data. You can use our Data Subject Access Portal to enforce any of these rights. If you do, we will ask for further information to confirm your identity, to keep your information safe and we will handle your request in accordance with applicable UK data protection law. You can update or delete your user account at any time by signing in on our site.

Who is responsible for the processing of your personal data?

Booking.com Transport Limited controls the processing of your personal data. If you have any questions, concerns or comments about this Statement, or our processing of your personal data, please email we’re always happy to talk. You may also contact your local data protection authority. When it comes to privacy, we’re always happy to talk. If you want to exercise any of your data subject rights, please visit our Data Subject Request Portal.

Changes to the Privacy Statement

Just as our business changes constantly, this Privacy and Cookie Statement may also change. If we make material changes or changes that will have an impact on you (e.g. if we start processing your personal data for other purposes than set out above), we will contact you prior to commencing that processing.