Traveloka Privacy Notice

Effective as of: January 2025

Table of Content

You should be able to make informed decisions about your personal data.  This Privacy Notice explains how Traveloka Services Pte. Ltd., its affiliates and other Traveloka group companies ("Traveloka", "us", "we", or "our") may collect, use, share and otherwise process personal data that belongs to individuals ("you") via our websites, mobile applications, communications channels or other online and offline means. 


Traveloka facilitates you to order, acquire, purchase, buy, pay, rent, provide, reserve, combine or consummate various travel products and services offered by us or third parties (collectively our "Products and Services"). These third parties include the provider of accommodation (e.g. hotel, motel, apartment, bed & breakfast, landlord), attractions (e.g. theme parks, museums, sightseeing tours), transportation suppliers (e.g. car rentals, cruises, buses, trains, airport transfers), tour operators, travel insurances and any other travel or related products or services as from time to time available for booking on our platform (collectively our "Travel Suppliers"). Please note that your use of Products and Services is additionally subject to Traveloka Terms and Conditions.

 

This Privacy Notice will regularly be reviewed and when necessary, updated to reflect any changes in the way we manage your personal data or due to changes in applicable laws. We expect you to familiarize yourself with how we process your personal data.

1. Purpose and Scope of this Privacy Notice

This Privacy Notice applies to all users of Traveloka who are individuals including anyone who makes booking with us without login, visit our websites and/or mobile apps, (legal) representatives or contact person acting on behalf of our users or corporate customers and anyone involved in other transactions with us such as individuals of our vendors, suppliers, and/or business partners.

We may obtain your personal data in the following ways:

  • Directly from you when you register for and/or use our platform, apply for specific Products and Services, complete a form, sign a contract with us, contact us through one of our communication channels or interact with us on social media.
  • Indirectly, from your representative(s) when they make a payment for our Products or Services on your behalf, or your employer when you may act as a contact person when your employer becomes our, or our existing, corporate customer or prospective vendor or business partner.
  • From other sources such as online or traditional media, cookies and comparable technologies via our websites and mobile apps, publicly available sources or other third parties such as payment or transaction processors, other financial institutions, commercial companies or public authorities.

2. Personal Data We Process

Personal data refers to any information, data or opinion about you or from which you are reasonably identifiable, whether true (or not) or recorded in material form (or not). This includes a piece of information or in combination with other information that directly or indirectly tells something about you. We process personal data to fulfil our contractual obligations with you in delivering our Products and Services, in particular:

Personal data you give to us.

Category of personal data
Types of personal data captured
Identification data
At a minimum, you are asked for your name and email address or phone number for the account creation. However, depending on the Products and Services, we may also ask for your date and place of birth, nationality or the names of the people travelling with you. In some cases, we will request you to provide us with a government-issued document(s) such as national identity card, passport number or driving license to facilitate a booking process with our Travel Supplier, process your refund or insurance claims and booking cancellations. Such data may also be requested as part of our know-your-customer process if required under applicable laws or Our Terms & Conditions to prevent fraudulent conduct or behavior that contravenes international sanctions and to comply with regulations against money laundering, terrorism financing and tax fraud.
Transaction data
Your booking ID and details of your bookings (such as hotel name, hotel location, and length of stay, activity packages) including the booking records and insurance made.
Financial data
Including bank account number and/or electronic payment instrument data such as card number, expiry date or card verification code (CVV/CVC).
Other information
When you fill in a form, add information to your profile including profile picture, respond to surveys, participate in promotions, correspondence between you and us when it is sent to a dedicated mailbox or via other communication channels or social media, and your feedback or review about your experiences. This saved data can be used to help you plan and manage future travel or activity bookings.

When you share personal data about others e.g. people who are travelling with you, you are responsible to ensure that such person or people is made aware of and has given his/her consent for sharing the data with Traveloka, and that they can understand how Traveloka uses their personal data as described in this Privacy Notice.


Moreover, if you are applying for a job with us or are a Traveloka existing employee, we process the following:

Additional personal details, contact details and identifiers/demographics
In addition to the personal details listed above, Traveloka may collect additional personal details for recruitment/employment purposes, such as national identification number, social security number, insurance data, marital status, domestic partners, dependents, emergency contact data.
Education data and professional or employment-related data
We may collect data about your education and professional or employment-related data such as your employment history.
Sensitive data for recruitment purposes
We may collect certain types of sensitive data when permitted by law or with your consent, such as health/medical data (including disability status), trade union membership, religion, race or ethnicity and data on criminal convictions and offences. We collect this data for specific purposes such as health/medical data in order to provide benefits; background checks and diversity-related personal data (such as race and ethnicity) in order to comply with legal obligations and internal code of conduct on anti-discrimination.
Talent management data
Data necessary to complete a background check, details on performance decisions and outcomes, performance feedback and warnings, e-learning or training programs and data used to populate biographies.

Sensitive Personal Data. Some of the personal data identified above, such as your government issued-ID card, financial data and health data may be categorized as sensitive or special category of data under certain applicable laws and regulations. Please be aware that this personal data may be required for certain bookings or to proceed with your job applications, and we may not be able to complete such bookings and recruitment process without this information.


Children’s Data. Our Products and Services are not directed or intended for use by a child who does not have a legal capacity to consent or does not have the maturity to understand what is being proposed by our Products and Services and of this Privacy Notice. We only collect personal data about children if you provide us with information about your own children or any child under your care. If you become aware that your child or any child under your care has provided us with information/personal data without your consent, please contact us using the Contact Details section below.

Personal data we collect from your devices.

Whenever you visit our websites or mobile apps, we collect certain data to provide you with a better experience of using our platform or to maintain security measures. Such data may include:

  • Geographic location: to provide you with the best offers and experience by, for example, showing you our city guides, suggesting the nearest travel activities or attractions to your location.
  • Log Data: such as IP address, browser type, operating system, country, pages visited, the date and time you accessed our services as well as other Internet usage-related data.
  • Cookies and similar technologies: to help us track your internet usage, to make our websites and mobile apps work properly and safely for you, to improve our websites and mobile apps services and to provide personalized messages, advertisements or banners. You can manage your cookies in the settings for your browser such as Internet Explorer, Safari, Firebox or Chrome by choosing which cookies to accept and which to reject. If you choose to block certain functional cookies, please kindly note that you may not be able to use some features of our services.
  • Device and Installed Application Data: the data from your phone and/or from the installed Traveloka apps on your device may be collected to identify the device including your device-specific settings and characteristics, app crashes and other system activity

Personal data we receive from third parties or other sources.

We generally collect personal data on a voluntary basis directly from you, except for certain data that we collect from third parties, such as:

  • Our Travel Suppliers, business partners and affiliates, business processors and/or other parties whom we collaborate with under any contractual or other commitments for our Products and Services. 
  • Third party services such as Google and Facebook when you choose to login or connect to our platform via their services.
  • Referral or co-travelers when you are invited or receive an email from us as a co-traveler on a booking from the person who submits your personal data to us.
  • Your advisers (including but not limited to accountants, auditors, lawyers, financial advisers, or other professional advisers) that were authorized by you;
  • Any person notified by you as your authorized representative or who makes a payment on your behalf for our Products and Services; or
  • Any personal data obtained from your employer, as part of your registration or booking process on our corporate travel services. 
  • Personal data is collected from third-party service providers regarding certain financial information when you register, access, add, and/or link (as relevant) for a payment card, loan product, insurance, or other financial services product or account with us.

3. Why Do We Process Your Personal Data

Processing means every activity that can be carried out in connection with personal data, such as collecting, recording, storing, adjusting, organizing, using, disclosing, transferring or deleting it in accordance with applicable laws and regulations. Generally, we only use your personal data based on your request as per our platform Terms and Conditions that you have accepted and agreed to be bound for, including but not limited to, the purposes as outlined below.


You may choose not to provide some of the personal data as described in Section 2 above. However, many of our Products and Services require some personal data to operate, including sensitive personal data, to perform our legal obligations and/or contractual obligations with you. Otherwise you may not be able to use such Products and Services.

Performing our contract obligations with you

  • Travel bookings: we use your personal data to facilitate your online bookings with us. This includes verifying your account or registration process and/or sending you confirmation emails as well as proof of bookings or payment. We may also process your personal data to enable online check-in with our Travel Supplier or to administer your refund claims.
  • Account management: when you create an account with us, to facilitate you in managing your personal settings including to create a profile and customizing your experience when using our platform, publishing your reviews about our services as well as the listed products on our platform. Even when you are not logged-in, we use your information to identify you as a user and to manage your reward points.
  • Customer support: we use your personal data to allow us to respond to your queries or requests about your bookings via email, push notification, chatbot or phone including to share such information with the Travel Supplier or to attend to any errors or problems you may face when using our services and in measuring and improving your experience and satisfaction.

Compliance with our legal obligations

We use your personal data to comply with a range of legal obligations and regulatory requirements that oblige us to perform or provide:

  • Identity verification: we have a legal obligation to confirm your identity for identification and verification purposes. On certain Products and Services, we may also rely on checks performed by other third parties (such as financial institutions) to verify your identity.
  • Fraud prevention and anti-money laundering and terrorism financing checks: we have a legal obligation to detect and prevent money laundering, terrorism financing, fraud, abusive behavior, and harmful or illegal activity and protecting our rights. As a result, we may conduct monitoring of unusual transactions by our users.
  • Fulfilment of requests from authorities and legal disputes: we have a legal obligation to respond to legal requests submitted by any government authorities or to resolve a dispute, conducting litigation and complaint management.

Our legitimate interest

We process your personal data for a range of purposes that are in our interests as described below. When relying on legitimate interest, we ensure that processing remains proportionate and that your interests and fundamental rights are respected.

  • To develop and improve our Products and Services: we may use your personal data when analyzing your visit to our websites or mobile applications with the aim of improving these by using cookies and/or comparable technologies. We will also ask your feedback or review about your experiences in our Products and Services or our Travel Suppliers and use your data for testing and troubleshooting purposes as well as to generate statistics about our business for growth, functions and to get insight into how our services perform. We strive to use anonymized personal data for this analytical work. To achieve this purpose, we may combine personal data we collect from you during different visits to our platform or visits on different devices even when you are not logged in.
  • To promote and offer you the best-suited offers provided by us or our Travel Suppliers: we will process your personal data when informing or advising you about similar inventories of our hotels, flights and other transportation and travel activities or best price applicable to you, offering you with travel and lifestyle packages, as well as financial services and payment options suitable for your preferences. We strive to understand you better and meet your changing needs by offering you Products and Services that will suit your specific situation. To achieve such personalization, we may:
    • Consider your sociodemographic situation;
    • Analyze your behaviors, search queries and preferences in our various communication channels, visits to our websites and mobile applications;
    • Analyze the Products and Services that you have already booked or purchased from us.
  • To enforce our platform Terms and Conditions, Community Guidelines, or other product-specific policies such as accommodation or flight refund procedures or other terms of use.
  • To collect any outstanding payments from you.

To respect your choice if we request your consent

Consistent with the above purposes and as permitted by applicable laws, we may communicate with you via electronic messages including email, text message or mobile push notification to:

  • Send you information relating to our Products and Services. This may include booking confirmations and updates, receipts, technical notices, updates, security alerts, and support and administrative messages. Please note that when the communications are related to your bookings, the communications are necessary to fulfil our contract obligations to you.
  • Send you marketing communications. In other situations, subject to your consent and applicable law, we may communicate with you about our offers, promotions, rewards, upcoming campaigns or events, market research or surveys and other news about Products and Services offered by us, our group companies, our Travel Suppliers and other business partners.

You may opt out of receiving marketing materials by following the unsubscribe link or instructions set out in our marketing materials or manage your preferences through your account settings on our websites or mobile applications. However, please note that if you withdraw your consent, the opt-out may take effect up to seven (7) calendar days after your request.

4. Sharing of Your Personal Data

There are situations in which we need to provide your personal data to other parties involved in the provision of our services. This could include data transfers within Traveloka group and to third parties.

Within Traveloka group

We are committed to your privacy, and we have adopted data protection and privacy principles through our Internal Data Privacy Policy and are binding on all Traveloka entities throughout the jurisdictions where we operate. We may share your personal data within our group to ensure that we are able to comply with our legal obligations such as:

  • For hosting, technical and customer support, analytical or product improvement purposes and overall maintenance of our platform.
  • We may use centralized storage systems to process data at a central point within Traveloka group. These centralized storage systems are operated by Traveloka or third parties and might be located outside your local jurisdiction. In any case, we will ensure that adequate measures are in place to safeguard your personal data.
  • We may use centralized storage systems to process data at a central point within Traveloka group. These centralized storage systems are operated by Traveloka or third parties and might be located outside your local jurisdiction. In any case, we will ensure that adequate measures are in place to safeguard your personal data.

With third parties

We may also share your Personal Data with the following third parties:

  • Government and supervisory authorities to comply with any regulatory reporting obligations and data requests as required by any (local) regulatory authorities including tax and judicial/investigative authorities such as the police, public prosecutors, courts and arbitration/mediation bodies. Unless data on an individual level is specifically requested by a regulator, we will make sure that personal data is aggregated, meaning that only information about groups of customers (or employees, as applicable) will be shared with the authorities to ensure that it can no longer be linked back to you.
  • The Travel Supplier you have booked such as hotels, airlines and other transport services and attractions or activities providers to facilitate your bookings. We encourage you to read their own privacy notices to understand how they process your personal data.
  • Business partners, channel managers, intermediaries or other connectivity providers that distribute our services, including to connect and administer your booking with the Travel Supplier. 
  • Service providers and other third parties that support us in carrying out certain activities in the ordinary course of business such as cloud infrastructure, customer support and communications, fraud detection and prevention, insurance claims, and financial institutions who assist you in certain payment processes or who provide us with financial services.
  • Other professional third parties such as law firms or auditors. Your personal data is shared to the extent necessary, and these third parties will process your data in line with their own professional obligations.
  • Marketing and advertising partners to ensure that relevant advertisements are shown to the right audience.

5. Cross Border Data Transfer

In principle, your personal data is processed by our local entity. However, as an organization with a presence in multiple jurisdictions, the personal data we collect may be transferred or be accessible across jurisdictions where we operate, because it is in your interest or is necessary to conclude or perform the contract we have with you, including between our group entities and third parties as specified in Section 4 (Sharing of Your Personal Data). We will take appropriate contractual, organizational and technical (such as encryption) measures to ensure that your personal data remains sufficiently protected.

6. Your Rights and How We Respect Them

Based on the provisions of relevant laws and regulations, your personal data rights may vary per jurisdiction. If you have questions about which rights apply to you, please get in touch with us using the email address mentioned in Section 10. In general, you may have the following rights:

  • You may request for an overview of your personal data that we process.
  • You may request the correction of your personal data. 
  • In certain situations, you can ask us to erase the personal data we hold about you.
  • You may object to us using your personal data if you have a justifiable reason. We will consider your objection and whether the processing of your personal data has any undue impact on you that would require us to stop processing your personal data. However, your objection is not applicable if we are legally required to do so or if it is necessary to fulfil a contract with you.
  • You may ask us to restrict the use of your personal data if you believe your personal data is inaccurate or if we are processing the personal data unlawfully.
  • You may withdraw your consent to the processing of your personal data, provided that our processing relies on your consent.

You have the obligation to ensure that your personal data is complete, accurate and current. You are required to inform us for any changes to, or inaccuracies in, your personal data as soon as possible.


Please note that all requests will undergo prior screening and verification. To confirm your identity and authority to make a request, we may ask you to provide supporting data or documentation. Once verified, we will assess your request and decide whether it is justified. In any case, we will process your request within the timeframes prescribed by relevant laws.


For any requests relating to this Privacy Notice, to exercise any of your rights or have a complaint, please contact us using the Contact Details specified in Section 10 below.


If you are not satisfied with our response to your complaint, you can also contact your local data protection authority.

7. Retention of Your Personal Data

We will retain your personal data, including Sensitive Personal Data, for as long as necessary to provide and deliver our products and services, and to exercise our legal rights, protect our or other’s interests, and to comply with our legal or regulatory obligations. We decide how long we need information on a case-by-case basis. When we no longer need to use your information, we will – unless we need to keep your information to comply with applicable legal or regulatory obligations or the information is required to carry out corporate tasks and conduct our business – remove it from our systems and records where feasible, and/or deactivate it or take other reasonable steps to properly anonymize it so that you can no longer be identified from it.

8. Protection of Your Personal Data

We protect your personal data by maintaining reasonable security arrangements, including physical, technical, and organizational measures to ensure the availability, confidentiality and integrity of your personal data. Our internal framework is periodically reviewed to keep up to date with regulations and market developments. In addition, our employees are subject to confidentiality obligations and may not disclose your personal data unlawfully. To help us continue to protect your personal data, you should always contact us if you suspect that your personal data may have been compromised.

9. Links to Other Websites

Our websites or mobile apps may contain links to other websites owned by third parties. Please note that we do not have any control over such other websites and we are not responsible for the privacy notices or practices of such other websites and advise you to read the privacy notice of each website you visit that collects any of your personal data.


Please also review Traveloka Terms and Conditions for more details on using our platform. This Privacy Notice forms an integral part of our Terms and Conditions.

10. Contact Details

If you have any questions or complaints regarding this Privacy Notice or if you would like to exercise your rights, please send an email to our Data Protection Officer (DPO) team at privacy@traveloka.com with attention to Traveloka Group Data Protection Office.


You may also contact the relevant Data Protection Officer (DPO) for your country:

11. Language & Interpretation

This Privacy Notice is subject to translation into multiple languages. In case of any discrepancies between the English version of this Privacy Notice and its translations in other languages, the English version will take precedence.

12. Country Specific Requirements

Singapore

Registration Identity Card ("NRIC") or other national identification numbers for Site or Apps related purposes, to the extent permissible by law. However, please note that we may collect, use, and disclose your NRIC number or Foreign Identification Number (FIN) in accordance with applicable law to fulfill our obligations and to prevent, detect, and investigate fraudulent activity within our platform.

Korea

To enhance the efficiency and speed of our services to local residents, we have entered into personal information processing agreements with our outsourced processors. Accordingly, during the provision of services, these outsourced processors may have access to your personal information.


With your personal information safety prioritization, we have established outsourcing agreements with our processors that cover the following obligations: (a) compliance with applicable personal information protection laws and regulations; (b) prohibition on the use of personal information for purposes other than those for which it was provided; and (c) prompt destruction of personal information upon completion of processing, along with other compliance obligations.

13. Privacy Notices in Other Countries

Please check this Privacy Notice tailored or translated to your country/language:

Singapore
Thailand
Vietnam
Malaysia
Indonesia
Philippines
Australia
Japan
Korea

If there is any inconsistency between the English version of this Privacy Notice and other language versions, the English version shall prevail.