This Privacy and Cookie Statement (“Statement”) applies to TravelJigsaw Limited (trading as Rentalcars.com and Rideways), 100 New Bridge Street, London, EC4V 6JA (“TravelJigsaw” or “we”). It describes how we collect and process personal data about (potential, existing or former) strategic partners, supply partners and other business partners ("Business Partners" or "you"), and therefore applies to personal data of owners, employees, representatives or other individuals acting on behalf of Business Partners.

Please see our separate Privacy Notice and Cookie Statement which describes (i) how we process personal data collected when using and making a booking on our platforms, and (ii) how we use cookies on customer facing platforms.


What kinds of information do we collect about you?

The information we collect about our Business Partners depends on the context of the business relationship and interaction with us, the choices made by a Business Partner and the products, services and features used. The information we collect about a Business Partner can include the following, and depending on the specific situation, not all of the following data items may be considered personal data because it may relate to a business instead of an individual.


Information that you give us

When you register as a Business Partner, we will need you to provide us with the following information: name, date of birth (as required), your contact details, telephone and fax number, company registration documents and the necessary details to be able to pay you (including your bank details: bank account number, VAT number, credit slips). We may also ask (representatives of) Business Partners to provide a copy of their ID card or passport, a photo, video or other relevant information to verify the authenticity of the Business Partner.

We also collect and process communications. During calls with our customer service team, live listening may be done and calls may be recorded for quality control and training purposes, which includes the usage of the recordings for the handling of claims and fraud detection purposes. Recordings are kept for a period of12 months and automatically deleted, unless we have a legitimate interest to keep such recordings for a longer period, including for fraud investigation and legal purposes.

Information we collect automatically

When using our online services, such as the online registration form, an online user account (e.g. our extranet or partner centre) or make use of our app (e.g. Pulse app), we also collect information automatically, some of which may be personal data. This includes data such as language settings, IP address, location, device settings, device OS, log information, time of usage, URL requested, status report, user agent (information about the browser type), operating system, browsing history, user ID, and type of data viewed.

Information you give us about others

By sharing other individual’s personal data in relation to your business (for example of your employees), you confirm that these individuals have been informed about the use of their personal data by us in accordance with this Privacy Statement and provided any necessary consents.

Information we receive from other sources

  • Information on insolvencies

    In insolvency matters, we may receive information from insolvency administrators, courts or other public authorities relating to a Business Partner.

  • Data related to law enforcement and tax authority requests

    Law enforcement or tax authorities can contact us with additional information about Business Partners if they are affected by an investigation.

  • Fraud detection

    In certain instances, and as permitted by applicable law, we may need to collect data through third party sources for fraud detection and prevention purposes.

How and why do we collect, use and share personal data?

  1. Registration and account administration

    To register your services (including verification purposes) and to allow you and us to manage and administer your account.

  2. Relationship management and customer service

    To provide support services (e.g. respond to Business Partners’ requests, questions and concerns) engage with you about our ongoing relationship, including contractual and performance obligations, and any future initiatives by either party that may affect you and/or us.

  3. Bookings

    To send the necessary communications about bookings, including confirmations, cancellations, customer service issues and information about new features and services.

  4. Other activities, including marketing

    If you are making use of an online registration facility and you have not finalised your online registration, we may email you a reminder to do so. We see this as a useful additional service for our potential Business Partners because it allows you to carry on with the registration process without having to start again from scratch. If you don’t want any more reminders, just click the ‘unsubscribe’ link in the email reminder.

    We may invite Business Partners to attend and host events we believe may be of relevance to a Business Partner or use personal data to offer and host online forums to enable Business Partners to find answers to commonly asked questions on the usage of our services and the offering of their products and services.

    We also use personal data, such as contact details, to inform Business Partners about system/product updates, or for other marketing communications. When we use personal data for direct marketing messages in electronic form, we will include a link to unsubscribe.

  5. Analytics, improvements and research

    To send you surveys, including market research surveys and to help us improve the user experience, functionality and overall quality of our Dashboard and other services. Please consult the information provided when invited to participate in survey, market research or join the online platform to understand how personal data may be treated differently from this Privacy Statement.

  6. Security, fraud detection and prevention

    To investigate, prevent and detect fraud and other illegal activities. We may use personal data a Business Partner has provided to us, for example for verification purposes as part of the registration process, personal data collected automatically, or personal data obtained from third party sources (including from customers).

    We reserve the right to disclose your personal data to law enforcement authorities, investigative organisations and external advisors to facilitate prosecution where necessary and other entities within the Booking Holdings Inc group. We may also use personal data for risk assessment and security purposes, including the authentication of users.

  7. Legal and compliance purposes

    To handle and resolve legal disputes, for regulatory investigations and compliance purposes, or to enforce the agreement(s) with Business Partners or the terms of use of our online booking service or solve a complaint with a customer as reasonably expected. By sharing other people’s personal data in relation to your business, you are confirming that they have agreed to have their personal data shared with and used by us in accordance with this Statement. If we use automated means to process personal data which produces legal effects or significantly affects you, we will implement suitable measures to safeguard you rights and freedoms, including the right to obtain human intervention.

Legal Bases for Processing

In view of purposes A to C, we rely on the legal basis that the processing of the personal data is necessary for the performance of the agreement between us and the Business Partner. If the required information is not provided, we cannot register a Business Partner or otherwise work with a Business Partner, nor can we provide customer service. In view of purposes D to G, we rely on our legitimate commercial business interest to provide our services or obtain services from Business Partners, to prevent fraud and to improve our services. When using personal data to serve our or a third party's legitimate interest, we will always balance the Business Partners’ rights and interests in the protection of their information against our rights and interests or those of the third party.

For purposes F and G, we rely also where applicable on compliance with legal obligations (such as lawful law enforcement requests).

If you wish to object to the processing set out under D to E and no opt-out mechanism is available to you directly (for example, in your account settings or via our Data Subject Rights Portal), please contact dataprotectionofficer@rentalcars.com

Data sharing

  • Sharing with affiliates

    In order to support the use of our services, your information, which may include personal data, may be shared with subsidiaries of the TravelJigsaw corporate family which act as service providers for TravelJigsaw, including in relation to customer support services. To find out everything you need to know about the TravelJigsaw corporate family, visit About Us.

  • Booking Holdings Inc

    TravelJigsaw is a member of the Booking Holdings Inc. group, and may need to share Business Partners’ information, which may include personal data, with other members of the Booking Holdings Inc. group for compliance or fraud detection and prevention purposes as permitted by applicable law and as strictly necessary to protect the Booking Holdings Inc. group, including TravelJigsaw, its customers and business partners from fraudulent activities and investigating and handling data security breaches.

  • Sharing with third parties

    We share Business Partners’ information, which may include personal data, with third parties as permitted by law and as described below. We do not sell personal data to third parties.

    • Service providers (including suppliers)

      We share personal data with third party service providers to provide our products and services, store data or conduct business on our behalf. These service providers shall process personal data only as instructed by and to provide the service to TravelJigsaw.

    • Payment Providers and other financial institutions

      We share personal data with payment providers and other financial institutions to process payments between a Business Partner and TravelJigsaw.

    • Competent authorities

      When legally required, or strictly necessary for the performance of our services, or in legal proceedings, or to protect our rights or the rights of other members of the Booking Holdings Inc. group or users, we will disclose personal data to law enforcement authorities, government or investigative organisations, or other group companies.

  • Sharing and disclosure of aggregated data

    We may share information in aggregate form and/or in a form which does not enable the recipient of such information to identify you, with third parties, for example for industry analysis and demographic profiling.

International data transfers

The transfer of personal data as described in this Statement may include overseas transfers to countries whose data protection laws are not as comprehensive as those of the countries within the European Union. In these situations, as may be required, we make contractual arrangements to ensure that your personal data is still protected in line with European standards.


Security

What security procedures do we have in place to safeguard your personal data?

In accordance with UK and European data protection laws, we observe reasonable procedures to prevent unauthorised access to and misuse of personal data. We use appropriate business systems and procedures to protect and safeguard any personal information given to us. We also use security procedures and technical and physical restrictions on accessing and using the personal data on our servers. Only authorised personnel are permitted to access personal data in the course of their work.

Data retention

We will retain personal data for as long as we deem it necessary to manage the business relationship with a Business Partner, to provide our services to a Business Partner, to comply with applicable laws (including those regarding document retention), resolve disputes with any parties and otherwise as necessary to allow us to conduct our business. All personal data we retain will be subject to this Statement and our internal retention guidelines. If you have a question about a specific retention period for certain types of personal data we process about you, please contact us via the contact details included below.

Cookies

What is a cookie?

A cookie is a small text file that is placed in your device’s browser. It lets a platform (such as a website or mobile app) recognise your device so it can provide a better, smoother experience. Most platforms use cookies to store useful bits of information for lots of different purposes. This information can include your sign-in name and your preferences (for example, your preferred language and currency). Cookies are not spyware or adware, and can’t deliver viruses or run programs on your device. To find out more about cookies, please visit www.youronlinechoices.eu.

Why do we use cookies?

We use a variety of cookies to do different things:

  • Technical cookies

    To give you user-friendly platforms that function correctly and that adapt automatically to you, to create your user account, to sign you in and to manage bookings made with you. Technical cookies are vital, as they make our platforms work properly for you.

  • Functional cookies

    To remember any preferences you set when you visit our platforms, such as your preferred language. They can also remember your sign-in credentials so you don’t have to re-enter them every time. Our platforms would still work without functional cookies, but they wouldn’t work as quickly or provide such a smooth experience.

  • Analytics cookies

    To help us improve and optimise our platforms. We (or our third-party service providers) may use them to gather aggregated or segmented information about visitors, so we can see how effective and relevant our adverts are. That information can include which web pages and adverts you viewed that led you to our platforms, what referring/exit pages you entered and left from, which of our platforms you used, and how you interacted with those platforms. We do not use this information to personally identify you.

    We also use Google Analytics and Hotjar to analyse trends, identify preferences, diagnose technical problems and provide a better overall experience.

It’s your choice: Opting in and opting out

The first time you visit one of our platforms, we will ask you to “opt in” (i.e. consent) to our use of cookies. If you choose not to opt in, this may affect our platforms’ functionality: you’ll still be able to use our platforms, but they won’t work as quickly or deliver such a smooth experience.

And you can opt out of Google Analytics and Hotjar at any time by visiting tools.google.com/dlpage/gaoptout (for Google Analytics) and www.hotjar .com/opt-out (for Hotjar).

You can also use your browser to control how cookies are used on your device. Check your browser’s Help menu to find out how. However:

  • Any changes you make will only affect the way that particular browser handles cookies on that device.

  • Blocking cookies (and/or opting out of online behavioural advertising) won’t stop some of the monitoring methods described in this Statement.

Visit www.allaboutcookies.org to learn more about cookies and find out how to manage or delete them.

Contact

How can you control the personal data you have given us?

You have the right, subject to some legal exceptions, to access, correct or delete any personal data we keep about you, and to object to your personal data being processed. We rely on you to ensure that your personal data is complete, accurate and current. Please do inform us promptly of any changes to or inaccuracies of your personal data. You can use our Data Subject Access Portal to enforce any of these rights. If you do, we will ask for further information to confirm your identity, to keep your information safe and we will handle your request in accordance with applicable UK data protection law. You can update or delete your user account at any time by signing in on our site.

Who is responsible for the processing of your personal data?

TravelJigsaw Limited controls the processing of your personal data. If you have any questions, concerns or comments about this Statement, or our processing of your personal data, please email dataprotectionofficer@rentalcars.com, stating “Privacy” in the subject line, and we’ll get right back to you. When it comes to privacy, we’re always happy to talk. If you want to exercise any of your data subject rights, please visit our Data Subject Request Portal.

Changes to the Privacy Statement

Just as our business changes constantly, this Privacy and Cookie Statement may also change. If we make material changes or changes that will have an impact on you (e.g. if we start processing your personal data for other purposes than set out above), we will contact you prior to commencing that processing.