This privacy statement applies to the personal data of researchers that request access to data for the purposes of conducting research that contributes to the detection, identification and understanding of systemic risks in the European Union under the DSA (the “Researchers”).
This privacy statement applies to any Booking.com group company responsible for the processing of the personal data within the scope of this privacy statement (hereafter referred to, as applicable, as “Booking.com” or “we” or “our”).
Booking.com B.V., located in Amsterdam, the Netherlands, is responsible for the processing of Researchers data.
This statement describes how Booking.com processes personal data collected about Researchers submitting an access request under the DSA and using the Booking.com DSA Researchers Data Request Portal.
For information about the use of cookies at Booking.com, see the separate Privacy and Cookie Statement.
Data collection
The personal data Booking.com collects in regards to Researchers are the personal data collected as part of the registration process on the Booking.com DSA Researchers Data Request Portal in the context of a request (“Researchers Access Request”) and the interaction and communication with Booking.com. The personal data Booking.com collects about Researchers can include the following - depending on the specific situation, not all of the following data items may be considered personal data because they may relate to a business instead of an individual:
- Personal data you give to us
- General information and Contact details
We collect general information and contact data of Researchers, such as first name/last name, (business) email address and the name of the research institution they are affiliated with (if applicable).
Communication
When communicating with Booking.com, Booking.com collects and processes such communications including contact information.
Information we collect automatically
When using the Booking.com DSA Researchers Data Request Portal, such as the online registration form or your online user account, Booking.com also collects information automatically, some of which may be personal data. This includes data such as language settings, IP address, location, device OS, log information, time of usage, URL requested, status report, user agent (information about the browser version) and operating system.
Personal data you give to us about others
By sharing other individuals’ personal data in relation to your Researches Access Request (for instance, if an individual is subject to or mentioned in your Researches Access Request), you confirm that this is done in compliance with applicable (privacy) laws and you are authorized to do so.
Processing purposes
Booking.com uses the previously described information provided by the Researchers, some of which may be personal data, as relevant, for the following purposes:
A. Registration, administration and verification
Booking.com uses name and contact details to manage the Researchers Access Request, including first name/last name, (business) email address and the name of the research institution they are affiliated with (if applicable) for registration, administration and verification purposes.
B. Communication
Booking.com uses your personal data in order to communicate with you, as may be required, in relation to your Researchers Access Request and to ensure proper resolution.
C. Analytics and improvement:
Booking.com uses the information provided, which may include personal data, for analytical purposes. This is part of our drive to improve the Researchers Access Request portal and enhance user experience, for testing purposes, troubleshooting and to improve the functionality and quality of the Researchers Access Request portal, and can also be used for analysing the incoming requests.
{start_bold}Legal Bases:{end_bold} As applicable for purposes A to C, your personal data is necessary for Booking.com’s legitimate interests, as described under each processing purpose. When using personal data to serve Booking.com’s or a third party's legitimate interest, Booking.com will always balance your rights and interests in the protection of your information against Booking.com’s rights and interests or those of the third party.
If you wish to object to the processing set out under A to C and no opt-out mechanism is available to you directly to the extent applicable, please contact dataprotectionoffice@booking.com.
Data sharing
Sharing with third parties. We share information regarding Researchers Access Request, which may include personal data, with third parties as permitted by law and as described below.
Service providers (incl. suppliers and trusted advisors). We share personal data with third party service providers to enable our business processes such as registration, administration, verification and the communication in view of Researchers Access Request .
Authorities. We might share personal data with authorities when required under applicable law or regulations.
International data transfers
The transmission of personal data as described in this Privacy Statement may include overseas transfers of personal data to countries whose data protection laws are not as comprehensive as those of the countries within the European Union. Where required by European law, we shall only transfer personal data to recipients offering an adequate level of data protection. In these situations, as may be required, we make contractual arrangements to ensure that your personal data is still protected in line with European standards. You can ask us to see a copy of implemented safeguards (where possible) by contacting us at dataprotectionoffice@booking.com.
Security
In accordance with European data protection laws, Booking.com observes reasonable procedures to prevent unauthorized access to, and the misuse of, information including personal data.
We use appropriate business systems and procedures to protect and safeguard information including personal data. We also use security procedures and technical and physical restrictions for accessing and using the personal data on our servers. Only authorized personnel are permitted to access personal data in the course of their work.
Data retention
We will retain personal data for as long as we deem it necessary to manage the relationship with the Researchers, to handle Researches Access Request of a researcher, to comply with applicable laws (including those regarding document retention), resolve disputes with any parties and otherwise as necessary to allow Booking.com to conduct its business. All personal data we retain will be subject to this Privacy Statement and our internal retention guidelines. If you have a question about a specific retention period for certain types of personal data we process about you, please contact us via the contact details included below.
Your choices and rights
Depending on where you are located or the Booking.com entity processing your personal data, different rights may apply to the processing of personal data as set out in this privacy statement. As applicable:
you can ask us for a copy of the personal data we hold about you;
you can inform us of any changes to your personal data, or you can ask us to correct any of the personal data we hold about you;
in certain situations, you can ask us to erase, block or restrict the personal data we hold about you, or object to particular ways in which we are using your personal data; and
in certain situations, you can also ask us to send the personal data you have given us to a third party.
Where we process your personal data based on legitimate interest or the public interest, you have the right to object at any time to that use of your personal data subject to applicable law.
We rely on you to ensure that any personal data we hold about you is complete, accurate and current. Please always inform us promptly of any changes to or inaccuracies of your personal data.
Questions or complaints
If you have questions or concerns about our processing of your personal data or you want to exercise any of your rights you have under this Privacy Statement, please contact our data protection officer via dataprotectionoffice@booking.com. All privacy related questions and complaints reported to Booking.com will be investigated. Booking.com will attempt to resolve complaints and questions in line with internal policies. You may also contact your local data protection authority with questions and complaints.
Changes to the Privacy Statement
This Privacy Statement may change. If we make material changes or changes that will have an impact on you (e.g., when we start processing your personal data for other purposes than set out above), we will contact you prior to commencing that processing.
Version/Date: February 2024
Comments
0 comments
Please sign in to leave a comment.