Legal
Privacy policy
We're GDPR-aligned and host data in the EU. We collect what's necessary to fulfil bookings and operate the site, and nothing more.
What we collect
Booking data: delegate name, email, country, payment confirmation token. Contact form submissions: name, organization, email, message body. Site analytics: aggregated, never tied to a personal identifier.
Why we collect it
Booking data fulfils the booking and is shared with the partner hotel only for that purpose. Contact form data is sent to our sales team as email and removed from the site after delivery. Analytics inform site improvements.
Where it lives
Booking data is stored on EU servers. Backups are encrypted at rest and stored in the same jurisdiction. We do not transfer personal data outside the EEA without an adequacy decision or appropriate safeguards.
Your rights
Under GDPR, you may request access to, correction of, or deletion of any personal data we hold about you. Email privacy@bookingmaster.travel and we will respond within 30 days.
How long we keep it
Booking records: 7 years (tax retention requirement). Contact form messages: deleted from the site immediately on delivery; retained in the sales team's email for 24 months. Analytics aggregates: 14 months.
Third parties
Stripe (payments), Resend (transactional email), Cloudflare (CDN and Turnstile). Each is contractually bound to GDPR-equivalent processing terms.
Last updated: May 2026. Data controller: BookingMaster.