GDPR compliance

The new GDPR regulations are a new set of privacy rules from the European Union designed to give European Citizens more control over how their personal details are used by businesses.

Please contact our helpdesk in order to speak to our designated Data Protection Officer (DPO) responsible for data security and GDPR compliance within our organisation.

We store personal information of customers making bookings on behalf of accommodation suppliers using our services. This includes customers name, address, telephone, email and IP Address. This information is required to identify customers to accommodation suppliers and provide sufficient contact details. In addition Immigration (Hotel Records) Order 1972 requires certain personal details to be collected. freeonlinebooking also requires personal information for the purposes of fraud detection and prevention. Cookies are used across all of services solely to improve the customer's experience using our services. Personal information is not stored in cookies.

Customers wishing to update/correct personal information must do this via the accommodation supplier directly. does not use customer's personal information for any other purpose other than to pass onto accommodation suppliers using our services. Personal information is not shared with any other third party.

All personal information is secured according to best practice and can only be accessed by the approriate accommodation supplier. staff are also able to access personal data when required to by accommodation suppliers in supporting our services or for system maintenance purposes. All access is audited.

Personal information is required by UK law to be held for a minimum of 12 months (Immigration (Hotel Records) Order 1972). Personal information older than 12 months is automatically deleted from the system.

The website does not store, transmit or process credit card details.
Customers using our services may opt to use a number of third party payment gateway services or they may opt to temporarily store credit card details via our segregated PCI-DSS compliant secure vault system.
Card data is automatically deleted from our vault system 7 days after the guest has checked-out, whenever payment using the card data is made or upon demand by the accommodation supplier. is fully compliant with v3.2 of the PCI DSS standards and undertakes regular testing of it's systems and processes to ensure ongoing compliance.

Personal data is stored on servers in the UK, New Zealand and Australia. All countries where data is stored/processed are designated as having 'adequate' privacy and data protection laws by the EU.

All questions/enquiries about security, GDPR or PCI-DSS compliance should be made via

Free online booking