Privacy Policy

1. Introduction

BookingWhizz Ltd ("BookingWhizz," "we," "our," or "us") is a hospitality technology company providing a suite of guest lifecycle revenue solutions — including booking engines, channel management, CRM, loyalty programmes, reputation management, upselling, and revenue intelligence tools — to hotels and accommodation providers worldwide.

This Privacy Policy explains how we collect, use, store, share, and protect personal data when you:

• Visit our website at bookingwhizz.com and related sub-domains
• Use any BookingWhizz product or service (collectively, the "Services")
• Interact with us via email, phone, live chat, or social media
• Make a booking through a hotel website powered by BookingWhizz

We are committed to protecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR), and all other applicable data protection laws in the jurisdictions in which we operate.

2. Data Controller

The data controller responsible for your personal data is:

Where a hotel client ("Hotel Partner") uses BookingWhizz to process guest bookings, the Hotel Partner is the data controller for guest personal data, and BookingWhizz acts as a data processor on their behalf under a Data Processing Agreement (DPA).

3. Information We Collect

3.1 Information You Provide Directly

• Account & contact information: name, email address, phone number, job title, company name
• Hotel property details: property name, address, star rating, room inventory, rate plans
• Payment information: billing details processed through PCI-DSS compliant payment processors (we do not store full card numbers)
• Communications: messages, support tickets, and feedback you send to us
• Event & demo requests: details you provide when booking a demo, attending a webinar, or downloading resources

3.2 Information Collected Automatically

• Device information: browser type, operating system, screen resolution, device identifiers
• Network information: IP address, approximate geographic location
• Usage data: pages visited, time spent, click paths, feature usage within our platform
• Cookies and similar technologies: see Section 10 (Cookies) below

3.3 Guest Data (Processed on Behalf of Hotel Partners)

When guests make bookings through hotel websites powered by BookingWhizz, we process the following on behalf of the Hotel Partner:

• Guest name, email, phone number, and address
• Booking dates, room preferences, and special requests
• Payment transaction references (not full card details)
• Stay history, loyalty programme participation, and feedback/reviews

For this guest data, the Hotel Partner is the data controller. Guests should refer to the relevant hotel's privacy policy for details on how their data is handled.

4. Legal Basis for Processing

Under Article 6 of the UK/EU GDPR, we process personal data on one or more of the following legal bases:

• Contract performance (Art. 6(1)(b)): to provide and deliver our Services, process payments, and manage your account
• Legitimate interests (Art. 6(1)(f)): to improve our Services, prevent fraud, ensure platform security, and conduct business analytics — where these interests are not overridden by your rights
• Consent (Art. 6(1)(a)): for marketing communications, non-essential cookies, and optional data processing — which you can withdraw at any time
• Legal obligation (Art. 6(1)(c)): to comply with tax, accounting, and regulatory requirements

5. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain our hospitality platform and Services
• Process bookings, transactions, and related notifications
• Create and manage your BookingWhizz account
• Provide customer support, technical assistance, and onboarding
• Send service-related communications (system alerts, updates, security notices)
• Send marketing communications about our products, features, and industry insights (with your consent)
• Analyse platform usage to improve performance, user experience, and product development
• Generate aggregated, anonymised analytics and benchmarking reports for the hospitality industry
• Detect, investigate, and prevent fraudulent activity and security threats
• Comply with applicable laws and regulatory requirements

6. Sharing Your Information

We do not sell your personal data. We may share your information with:

• Service providers: hosting providers, email delivery services, analytics tools, and payment processors who assist in delivering our Services, each bound by contractual data protection obligations
• Integration partners: channel managers, OTAs, PMS providers, and other third-party platforms that you choose to connect through our Services
• Hotel Partners: where you are a guest, your booking data is shared with the relevant hotel as the data controller
• Professional advisors: lawyers, auditors, and accountants where necessary for business operations
• Legal authorities: where required by law, regulation, legal process, or enforceable governmental request
• Business transfers: in connection with a merger, acquisition, reorganisation, or sale of assets — with continued protection of your data

7. International Data Transfers

BookingWhizz operates globally with offices and infrastructure across multiple countries. Your personal data may be transferred to and processed in countries outside the UK or the European Economic Area (EEA), including but not limited to India, Jordan, Sri Lanka, and the United Arab Emirates.

Where we transfer data internationally, we ensure appropriate safeguards are in place, including:

• UK International Data Transfer Agreements (IDTAs) or EU Standard Contractual Clauses (SCCs)
• Adequacy decisions by the UK Secretary of State or European Commission, where applicable
• Binding corporate rules or other approved transfer mechanisms

You may request a copy of the relevant safeguards by contacting us at info@bookingwhizz.com.

8. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected. Our retention periods are:

• Active accounts: for the duration of your contract or account, plus 12 months after closure for support and dispute resolution
• Guest booking data: as directed by the Hotel Partner (data controller), typically aligned with the hotel's own retention policy
• Marketing contacts: until you withdraw consent or unsubscribe, after which we suppress your details to prevent re-contact
• Financial records: 7 years to comply with UK tax and accounting regulations
• Server logs & analytics: up to 24 months, then aggregated or anonymised
• Support tickets: 3 years from resolution

At the end of the retention period, data is securely deleted or irreversibly anonymised.

9. Data Security

We implement robust technical and organisational measures to protect your personal data, including:

• Encryption in transit (TLS 1.2+) and at rest (AES-256)
• Role-based access controls with principle of least privilege
• Regular penetration testing and vulnerability assessments
• Security incident response and breach notification procedures
• Employee security awareness training
• Multi-factor authentication for internal systems

While we strive to protect your data, no method of electronic transmission or storage is 100% secure. If you become aware of any security issue, please contact us immediately at info@bookingwhizz.com.

10. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to enhance your experience. These include:

• Essential cookies: required for the website to function (e.g., session management, security tokens). These do not require consent.
• Analytics cookies: help us understand how visitors interact with our website (e.g., Google Analytics). Set only with your consent.
• Marketing cookies: used to deliver relevant advertisements and measure campaign effectiveness. Set only with your consent.
• Preference cookies: remember your language, region, and display settings.

You can manage your cookie preferences through your browser settings or our cookie consent banner. Disabling certain cookies may affect website functionality.

11. Your Rights

Under the UK GDPR and EU GDPR, you have the following rights regarding your personal data:

• Right of access (Art. 15): request a copy of the personal data we hold about you
• Right to rectification (Art. 16): request correction of inaccurate or incomplete data
• Right to erasure (Art. 17): request deletion of your data ("right to be forgotten"), subject to legal retention requirements
• Right to restrict processing (Art. 18): request limitation of how we process your data
• Right to data portability (Art. 20): receive your data in a structured, machine-readable format
• Right to object (Art. 21): object to processing based on legitimate interests or direct marketing
• Right to withdraw consent (Art. 7(3)): withdraw previously given consent at any time, without affecting the lawfulness of prior processing
• Right not to be subject to automated decision-making (Art. 22): not be subject to decisions based solely on automated processing that produce legal or significant effects

To exercise any of these rights, contact us at info@bookingwhizz.com. We will respond within 30 days. If your request is complex, we may extend this by a further 60 days with notice.

For hotel guests: if you made a booking through a BookingWhizz-powered hotel website, please direct your data rights request to the hotel directly, as they are the data controller for your booking information.

12. Children's Privacy

Our Services are designed for business use by hospitality professionals. We do not knowingly collect personal data from children under 16 years of age. If we become aware that we have collected data from a child under 16, we will take steps to delete it promptly. If you believe a child has provided us with personal data, please contact us at info@bookingwhizz.com.

13. Third-Party Links

Our website and Services may contain links to third-party websites, integrations, or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal data.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the "Last updated" date at the top of this page
• Notify active account holders via email for significant changes
• Where required by law, seek your renewed consent

We encourage you to review this page periodically.

15. Supervisory Authority

If you are not satisfied with our response to a privacy concern, you have the right to lodge a complaint with your local data protection authority. Our lead supervisory authority is:

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: