Privacy Statement for Business Partners
This privacy statement applies to all iroom.ai business partners, including accommodation partners, other trip providers, vendors as well as the employees, contractors or representatives of these parties.
This Privacy Statement explains how the iroom.ai group of companies processes personal data concerning individuals, employees, owners, or representatives acting on behalf of our (existing, former, or potential) Business Partners.
In this document, iroom.ai group companies may be referred to as ‘we’, ‘us’, ‘our’, or ‘iroom.ai’. Individuals, employees, owners or representatives acting on behalf of our Business Partners may be referred to together or separately as ‘you’, ‘your’ or ‘Business Partners’.
Within the context of this Privacy Statement, the term ‘Business Partners’ may refer to:
Trip Providers,
Travel agencies,
Third party vendors,
Ground transportation companies,
Payment service providers,
Other business partners enabling Trip reservations through their websites and/or apps (or other means),
And natural or legal persons maintaining a business relationship with an iroom.ai group company.
Please note that companies using our ‘iroom.ai for Business’ services to facilitate Trip reservations for their staff are instead subject to our Privacy and Cookie Statement for customers.
This Privacy Statement applies to any iroom.ai group company responsible for the processing of personal data concerning a Business Partner. Depending on the nature of the business relationship, different iroom.ai group companies may be responsible for the processing of that personal data.
For example, iroom.ai B.V., located in Amsterdam, the Netherlands, is responsible for the processing of Trip Provider data. This Privacy Statement also applies to iroom.ai Brasil Serviços de Reserva de Hotéis Ltda, located in São Paulo, Brazil, when processing the personal data of accommodation partners in Brazil.
To find out if and to what extent other iroom.ai group companies are responsible for the processing of your personal data, please review the information provided below. Information is also provided in your agreement with iroom.ai and made available on our online platforms (such as sign up pages or procurement management platforms). Alternatively, you can contact us at [email protected].
For more information about how iroom.ai uses cookies on dedicated Business Partner websites and apps, please refer to our Cookie Statement.
Terms we use in this Privacy Statement
‘Trip' refers to the various travel products and services that can be ordered, acquired, purchased, bought, paid for, rented, provided to, reserved by, combined by, or consumed by end users, from the Trip Provider.
‘Trip Provider' means the provider of accommodation (e.g. hotel, motel, apartment, bed & breakfast, landlord and generically referred to as ‘accommodation partner’), attractions (e.g. (theme) parks, museums, sightseeing tours), transportation provider (e.g. car rentals, cruises, rail, taxi, airport rides, coach tours, transfers), tour operators, travel insurances and any other travel or related product or service as from time to time available for Trip Reservation on our platforms.
‘Trip Service' means the online purchase, order, (facilitated) payment or reservation service as offered or enabled by iroom.ai in respect of various products and services as from time to time made available by Trip Providers on the platform.
‘Trip Reservation' means the order, purchase, payment, booking or reservation of a Trip.
Data collection
The personal data iroom.ai collects in regards to Business Partners depends on the context of the business relationship and their interaction with iroom.ai, the choices made by the Business Partner and the products, services and features they use.
Please note that the data items in the sections below are only considered ‘personal data’ when concerning a natural person (meaning, an individual human being). These data items are not considered ‘personal data’ when concerning a legal person or entity.
If you are a Business Partner in the state of California, USA, in addition to the information here, you have certain additional rights outlined in the section of our privacy statement applicable to California.
The personal data iroom.ai collects about our Business Partners can include the following:
Personal data you give to us
Contact details: We collect contact data from our Business Partners, such as first and last name, date of birth (as required), addresses, business email addresses, telephone and fax numbers.
Financial data: We collect data necessary for payment and invoicing purposes (including your bank details, bank account number and VAT number) and data otherwise necessary for the processing of credit slips.
Verification details: iroom.ai can ask (representatives of) Business Partners to provide a copy of company registration documents, their ID card or passport, a photo, video or other relevant information to verify the authenticity of the Business Partner. This may also include proof-of-licenses or tax information.
Other data: When a Business Partner communicates with iroom.ai, we collect and process information about these communications. During calls with our support centre, live listening may be conducted and calls may be recorded for quality control and training purposes. These recordings may also be used for the handling of claims and fraud detection purposes. Recordings are kept for a limited amount of time before being automatically deleted, unless iroom.ai has a legitimate interest to keep the recording for longer. This only happens in exceptional cases, such as for fraud investigation, compliance and legal purposes.
Information we collect automatically
Depending on the business relationship, iroom.ai may also collect information automatically – some of which may be personal data. This data is collected when a Business Partner uses online services such as a registration form, a user account (e.g. for the extranet or partner centre), a vendor management platform, or an iroom.ai app, like Pulse.
The data collected may include:
Language settings,
IP address,
Location,
Device settings,
Device operating system,
Log information,
Time of usage,
URL requested,
Status report,
User agent (information about the browser version),
Result (viewer or booker),
Browsing history,
User Booking ID,
Device identifiers such as Android ID, MAC Address, IMEI,
And the type of data viewed.
Personal data you give to us about others
By sharing other individuals’ personal data for business purposes – such as data belonging to your staff members – you confirm that these individuals have been informed about the use of their personal data by iroom.ai in accordance with this privacy statement. You also confirm that you have obtained all necessary consent, as required by the laws and regulations applicable to you.
Other information we receive from other sources
Information on insolvencies: In insolvency matters, iroom.ai can receive information relating to Business Partners from insolvency administrators, courts or other public authorities.
Data related to law enforcement and tax authority requests: Law enforcement or tax authorities can contact iroom.ai with additional information about Business Partners in the event that they are affected by an investigation.
Fraud detection and prevention, risk management and compliance: In certain instances, and as permitted by applicable law, iroom.ai may need to collect data through third party sources for fraud detection and prevention, risk management and compliance purposes.
Processing purposes
iroom.ai uses the previously described Business Partner information, some of which may be personal data, as relevant, for the following purposes:
A. Registration and administration
iroom.ai uses account details, contact details and financial data to manage the business relationship with the Business Partner. This includes for registration and verification purposes.
Certain information, including a Business Partner’s name and address, can be used for other purposes in accordance with the agreement entered into between the Business Partner and iroom.ai. An example of this would be using an accommodation partner’s contact details to enable Trip Reservations at their property through a third party website.
B. Customer service
iroom.ai uses the information provided by Business Partners (which may include personal data) to provide support services – for example, to respond to requests, questions or concerns from Business Partners or customers.
C. Other activities, including marketing
If a potential Business Partner has not finalised online registration, iroom.ai may send a reminder to complete the registration process. We believe that this additional service is useful to our (future) Business Partners because it allows them to complete the registration without having to fill out all registration details again.
iroom.ai may invite Business Partners to attend and host events that we think might be relevant or of interest to them. We may also use personal data to offer and host online forums that enable Business Partners to find answers to frequently asked questions about the offering and usage of iroom.ai products and services.
As relevant to the business relationship, iroom.ai uses personal data for communications, including providing information about system or product updates, sending the iroom.ai newsletter, inviting Business Partners to participate in referral programs or competitions (such as Booking Hero) or for other marketing communications. When we use personal data to send direct marketing messages electronically, we will offer appropriate opt-out options.
D. Messaging tools
iroom.ai may offer Business Partners different means to communicate with (prospective or existing) guests before or after a reservation.
Business Partners can also contact iroom.ai to forward reservation information or questions to guests, or communicate with guests using alias emails, which always include iroom.ai as a recipient.
iroom.ai may access communications between Business Partners and guests. We also use uses automated systems to review, scan, and analyse communications for the following purposes:
Security,
Fraud prevention,
Compliance with legal and regulatory requirements,
Investigations of potential misconduct,
Product development and improvement,
Research,
Customer engagement (including to provide guests with information or offers we believe may be of interest to them),
And customer- or technical support.
Communications sent or received using iroom.ai communication tools will be received and stored by iroom.ai.
E. Analytics, performance improvement, and research
iroom.ai uses the information provided, which may include personal data, to conduct research and analytics. This is done to improve our services and the user experience, but can also be used for testing purposes, troubleshooting and to improve the functionality and quality of our online services.
Business Partner information may be used for analytical purposes as part of our drive to improve the Trip Services. In this context, we may also invite Business Partners to participate in surveys, such as market research, and to analyse how to improve the experience of our users and Business Partners.
Please consult the information provided below for more information on how to control your data.
Legal basis
Given our global presence, and as required by applicable law, we apply all necessary safeguards to ensure an adequate level of data protection for the processing of personal data. This includes the use of appropriate contractual safeguards (which you can request a copy of via [email protected]) and implementing technical and organisational measures to protect the data.
For the purposes A and B, iroom.ai relies on the legal basis that the processing of the personal data is necessary for the performance of a contract – specifically, to finalise and manage the registration of and the business relationship with the Business Partner.
For purposes C – E, iroom.ai relies on legitimate commercial business interests to provide its services or to enable its Business Partners to provide their services in compliance with applicable laws (such as allowing Business Partners to communicate with guests using the alias emails, and for fraud detection and prevention purposes).
When using personal data to serve iroom.ai’s or a Business Partner’s legitimate interest, iroom.ai will always balance the Business Partner’s rights and interests in the protection of their information against iroom.ai’s rights and interests.
For purpose C, iroom.ai will also rely, where applicable, on compliance with legal obligations (such as lawful law enforcement requests). Finally, where needed under applicable law, iroom.ai will obtain your consent prior to processing your personal data for direct marketing purposes.
If you wish to object to the processing set out under C – E and no opt-out mechanism is available to you directly (for example, in your account settings), to the extent applicable, please contact [email protected].
Data sharing
Sharing with Affiliates: In order to support the use of Business Partner information as described in this privacy statement, iroom.ai may share Business Partner information with subsidiaries of the iroom.ai corporate family. To the extent that iroom.ai processes personal data within the corporate family, these entities are bound by internal rules and guidelines to ensure an adequate level of data protection. They will only receive data from iroom.ai to the extent necessary for them to perform their work, and they will be bound by contractual obligations to keep the data confidential.
Sharing with third parties: We share Business Partner information, which may include personal data, with third parties as permitted by applicable law and as described below. We do not sell or rent your personal data.
Service providers (including suppliers): We share personal data with third party service providers to provide our products and services, store data and/or maintain the iroom.ai platforms or conduct business on our behalf. These service providers shall process personal data only as instructed by and to provide the services to iroom.ai.
Payment providers and (other) financial institutions: To process payments between a Business Partner and iroom.ai or a guest, personal data, as relevant, is shared with payment providers and other financial institutions.
Compulsory disclosure: When required by law, or to the extent strictly necessary for the performance of a service, iroom.ai will share personal data with governmental authorities including tax authorities, law enforcement and other authorities in accordance with a legal obligation.
Business partners: To support the Trip Reservation process, we share personal data with business partners, including third parties to enable Trip Reservation through their websites and/or apps (or other means). These business partners will share the personal data only for lawful purposes and in compliance with applicable law. For example, this may include an insurance company providing insurance cover or a ground transportation provider providing transport services to guests.
Professional advisors and other authorized third parties: We share personal data with professional advisors such as lawyers, insurers and auditors to manage risks and to comply with legal obligations, including our agreement with Business Partners, where relevant. Business Partners can also ask iroom.ai to share their personal data with third parties, and iroom.ai will do so as required under applicable law.
Sharing and disclosure of aggregated data: We share information with third parties in aggregated and/or anonymised form. For example, we may share aggregated and/or anonymised information with business partners, such as travel content providers, third parties, partners or publicly for analytical or benchmarking purposes.
Data retention
iroom.ai will keep personal data only for as long as is necessary for the purposes set out above, in accordance with applicable law. To the extent permitted by applicable law, iroom.ai will retain personal data for as long as the Business Partner has an active business relationship with us.
When the business relationship between a Business Partner and iroom.ai has ended, we may retain information for an additional period required by applicable law. When personal data is no longer needed for the purposes set out in this Privacy Statement, we will securely delete or anonymise the data.
Choices and rights
We want you to have control over how your personal data is used by us. This can be done in the following ways:
You can ask us for a copy of the personal data we hold about you,
You can inform us of any changes to your personal data, or you can ask us to correct any of the personal data we hold about you,
In certain situations, you can ask us to erase, block or restrict the processing of the personal data we hold about you, or object to particular ways in which we are using your personal data,
In certain situations, you can also ask us to send the personal data you have given us to a third party.
Where we are using your personal data on the basis of your consent, you are entitled to withdraw that consent at any time subject to applicable law. Moreover, where we process your personal data based on legitimate interest or the public interest, you have the right to object at any time to that use of your personal data, subject to applicable law.
We rely on you to ensure that your personal data is complete, accurate and current. Please inform us promptly of any changes to or inaccuracies of your personal data by contacting [email protected]. We will handle your request in accordance with applicable law.
Questions or complaints
If you have questions or concerns about our processing of your personal data or wish to exercise any of your rights under this Privacy Statement, you are welcome to contact us at [email protected]. You may also contact your local data protection authority with questions or complaints.
Changes to the Privacy Statement
Just as our business changes constantly, this Privacy Statement may also change from time to time. If you would like to see changes made to this Privacy Statement, please let us know by contacting [email protected]. We will notify you of any significant changes to this Privacy Statement. This can be done via email or by posting a prominent notice on our website.