Privacy Policy
Last updated: 01-01-2026
This Privacy Policy explains how ForLoyalty ("we", "our", or "us"), a hotel room booking marketplace operated from The Netherlands, collects, uses, shares, and protects personal data in accordance with the EU General Data Protection Regulation (GDPR) and other applicable data protection laws.
We act as a data controller for the operation of this website and as an intermediary marketplace connecting customers with independent hotel and accommodation providers ("Hotels"). Customers may be located anywhere in the world.
By using our website and services (the "Services"), you acknowledge and agree to the practices described in this Privacy Policy.
1. Who We Are (Data Controller)
ForLoyalty is established in The Netherlands.
- Legal entity: ForLoyalty BV
- Registered address: Hamburgerstraat 21, 3512 NP Utrecht
- Email: info@forloyalty.com
For the purposes of the GDPR, we are the data controller for personal data processed through the marketplace, except where Hotels independently determine how your data is processed.
2. Scope of This Policy
This Privacy Policy applies to:
- Visitors to our website
- Customers booking accommodations through our platform
- Communications with customer support
It does not apply to the data practices of Hotels after your data has been shared with them. Hotels act as independent data controllers for guest data they receive.
3. Personal Data We Collect
3.1 Data You Provide Directly
We may collect the following categories of personal data:
- Full name
- Email address
- Telephone number
- Booking and travel details
3.2 Payment Data
Payment information is processed securely by third-party payment service providers. We do not store full credit card details.
3.3 Automatically Collected Data
When you access the website, we automatically collect:
- IP address
- Device and browser information
- Operating system
- Pages viewed and interactions
- Date, time, and referring URLs
3.4 Cookies and Similar Technologies
We use cookies and similar technologies for:
- Essential website functionality
- Analytics and performance measurement
- Fraud prevention
- Marketing (where consent is given)
You can manage cookie preferences via our cookie banner or browser settings.
4. Purposes and Legal Bases for Processing (GDPR Article 6)
We process personal data only where permitted under GDPR, including:
Purpose | Legal Basis |
|---|---|
Processing bookings | Performance of a contract |
Customer support | Performance of a contract / Legitimate interests |
Fraud prevention | Legitimate interests |
Legal compliance | Legal obligation |
Marketing communications | Consent |
Website analytics | Consent or legitimate interests (where permitted) |
5. Sharing of Personal Data
We may share your personal data with:
5.1 Hotels and Accommodation Providers
To complete your booking, we share necessary personal data with the selected Hotel. Hotels are responsible for their own data processing and privacy compliance.
5.2 Service Providers (Processors)
We engage trusted third-party processors, including:
- Payment processors
- Hosting and cloud service providers
- Email and customer support platforms
- Analytics providers
All processors act under data processing agreements as required by GDPR Article 28.
5.3 Legal and Regulatory Authorities
Where required by law or to protect our legal rights.
We do not sell personal data.
6. International Data Transfers
Because customers and service providers may be located outside the European Economic Area (EEA), personal data may be transferred internationally.
Where data is transferred outside the EEA, we rely on:
- European Commission adequacy decisions, or
- Standard Contractual Clauses (SCCs), and
- Additional safeguards where required
7. Data Retention
We retain personal data only for as long as necessary for:
- Booking administration
- Legal, tax, and accounting obligations
- Dispute resolution
Retention periods are reviewed periodically.
8. Data Security
We implement appropriate technical and organisational measures to protect personal data, including encryption, access controls, and secure infrastructure. Despite these measures, no system is completely secure.
9. Your Rights Under GDPR
If you are located in the EU/EEA, you have the right to:
- Access your personal data
- Rectify inaccurate data
- Request erasure ("right to be forgotten")
- Restrict processing
- Object to processing
- Data portability
- Withdraw consent at any time
Requests can be submitted via the contact details below. We may need to verify your identity before responding.
10. Marketing Communications
You will receive marketing communications only where permitted by law. You can unsubscribe at any time using the link in our emails or by contacting us.
11. Children’s Data
Our Services are not intended for individuals under the age of 18. We do not knowingly collect personal data from children.
12. Complaints and Supervisory Authority
If you believe your data protection rights have been violated, you have the right to lodge a complaint with your local supervisory authority.
For users in The Netherlands, this is:
- Autoriteit Persoonsgegevens
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with a revised "Last Updated" date.
14. Contact Us
For privacy-related questions or to exercise your rights:
- Email: info@forloyalty.com
- Registered address: Hamburgerstraat 21, 3512 NP Utrecht
Pay safely and easily with:
