Privacy Policy

Roomtrust Systems Ltd (“RoomTrust”, “We”, “Our”), will treat all Personal Information you communicate to us with the greatest care and confidentiality. RoomTrust is committed to the confidence you have vested in our company by visiting this website.

As of 25 May 2018, our Privacy Policy is fully compliant with the EU General Data Protection Regulation (“GDPR”). The following Privacy Policy discloses what information we gather, how we use it, and how to correct or change it.

How does GDPR apply to you?

Every EU citizen automatically benefits from the new regulation. We will, as far as we can, extend this standard to all users, regardless of location. The GDPR provides increased transparency into the nature, purpose, and use of individuals’ personal data. This means that organizations must obtain a data subject’s consent for certain activities, such as the processing of sensitive data.

For this reason, we ask RoomTrust users to agree the new Privacy Policy, which meets the high standard for data privacy introduced by the GDPR.

RoomTrust Booking System, Suppliers and Subscribers

RoomTrust currently provides its Group Accommodation management system, managing block bookings. We refer to this system as a “Booking System”. RoomTrust is the Controller of the information stored and processed in the Booking System.

This Privacy Policy describes how we collect, use, store and process Personal Information. It does not cover how the hotels we work with, “Hotel suppliers”, handle Personal Information. Neither does it cover the Personal Information handling of an event management company, travel agency, corporation or other company that subscribes to and uses our Booking System (a “Subscriber”). Nor does it include Personal Information about users obtained through our public websites (except where a hotel booking is made via our website, in which case this policy shall apply). We recommend that users should carefully review the Privacy Policies of their Hotel Suppliers and Subscribers.

Our Booking System is a technology portal used for the distribution of hotel inventory. Users may use event websites, engage traditional or online travel agencies or their own internal corporate travel departments, known in our industry as Subscribers, for assistance in managing their hotel accommodation. Subscribers use our Booking System to identify hotel options and to book their selection. We then advise the relevant Hotel Suppliers about the booking of their services.

In some instances, we also enable connection to an individual hotel booking system of a third-party company, where we facilitate access only. For this system we do not control the data and users may have to agree a separate (but equally compliant) Privacy Policy for access with the third-party company.

Transfer of Personal Information to non-EU hotels

Your Personal Information may be sent to Hotel Suppliers that you select in order to perform or conclude contractual-related measures with outside of the EU. These Hotel Suppliers may not offer the same level of statutory protection for your Personal Information as those covered by the EU GDPR.

Collection and use of Personal Information

RoomTrust obtains Personal Information when an individual user, Subscriber or Hotel Supplier submits such data to the Booking System. We also receive Personal Information when an individual user submits data to us directly when a booking is made by the individual user directly via our website or a Subscriber website directly to the Booking System. The Personal Information we obtain is the typical of that provided when making a hotel booking.

This information may include (but may not be limited to)

  • name
  • gender (as reasonably assumed by use of title e.g. Mr, Mrs; Ms)
  • your company or organisation’s name
  • postal address
  • e-mail address
  • telephone number(s)
  • credit card and payment information
  • loyalty card information
  • billing information
  • travel and accommodation details
  • special travel requests, such as a request for a disabled room

Where sensitive personal data (e.g. health or religious data) is shared and processed, the explicit consent or its equivalent will be assumed to be obtained from the traveller. Such consent can be withdrawn by the traveller at any time, without affecting the lawfulness of processing based on such consent before its withdrawal.

For Hotel Supplier and Subscriber users we only store the information you provide to us in your user profile. Personal Information submitted by a Subscriber on behalf of a client user would be subject to this Privacy Policy.

We also process Personal Information for our legitimate business interests.

More specifically, we use Personal Information to

  • process hotel bookings
  • provide Subscribers and Hotel Suppliers with access to booking information
  • make and change hotel reservations
  • perform billing and accounting functions related to booked hotel accommodation
  • perform technical operations related to the delivery of RoomTrust services
  • perform internal business processes (such as testing and quality assurance and product development and enhancement)
  • conduct scientific, statistical, and research activities regarding travel trends (by non-automated means)
  • issue booking confirmations and other travel related information on behalf of users
  • inform you about RoomTrust news, new Booking Systems features and other products and/or services available from RoomTrust and our group companies (but only where you have consented to receive such emails from us)

If you access the Booking System directly through a website or application, then device type, connectivity and configuration data may also be collected, including device hardware specifications, data regarding the operating system and other device software, IP address, location information, and regional and language settings.

The Booking System utilizes Google Analytics and the Google Maps API. In using Google Maps API you are agreeing to the Google Maps/Google Earth Additional Terms of Service which can be found at Details regarding how Google collects and processes data can be found in the Google Privacy Policy which can be found at (or any other URL Google may provide from time to time).

Disclosure of Personal Information

We disclose Personal Information to Hotel Suppliers and Subscribers, as well as to the processors that act on their behalf, to carry out these activities and to help perform the underlying contracts with users. All information is either accessed directly by contracted Hotel Suppliers or is passed to them in an encrypted form. Subscribers have direct access to the Personal Information of their client users in the Booking System with the exception of credit card information.

RoomTrust will not sell nor transfer your Personal Information to third parties. Nor will RoomTrust use your Personal Information for purposes of direct marketing, or to send news and information about its products or services without your prior consent. If consent is given you can rescind it at any time either via your system profile or by sending an email to

We will process and disclose Personal Information as required by law, subpoena, or regulation; when requested by government or law enforcement authorities; for credit card processing, authentication, and fraud prevention; or as otherwise required by law.

Data security and integrity

No system of technology is completely safe, "tamper-proof" or "hacker-proof" with regard to the provision of personal data (whether in person, by phone or over the internet).

RoomTrust has, however, endeavoured to take appropriate measures to prevent and minimise risks of unauthorized access to, improper use, disclosure and inaccuracy of your personal information. For example, RoomTrust uses encryption technology when collecting or transferring sensitive data such as credit card information.

RoomTrust uses cookies. Cookies are small parts of information placed on the hard drive of your computer by the browser. By showing how and when our visitors have used this website, this information can help RoomTrust to continue to improve our website. The cookies contain limited Personal Information but in an encrypted format. Most browsers automatically accept cookies. Some Internet browsers have features that allow a user to control the collection of personal information that occurs through that browser. Specifically, you may have the ability to control the use of cookies and to transmit “do not track” (“DNT”) signals to websites you visit. With regard to DNT functionality, RoomTrust services generally do not respond to DNT signals because there is not yet a common understanding as to how to interpret and treat these signals.

Data retention

RoomTrust retains Personal Information no longer than is necessary to comply with legal obligations and to fulfil legitimate business and compliance purposes. It is RoomTrust’s policy to keep Personal Information for a period of no more than 3 years following the end of the year in which the booked travel was completed.

Credit card information collected to guarantee or pay hotel bookings is deleted no more than 2 weeks after booking’s departure date from the hotel, whether or not the guest stayed. Thereafter, only the card type and the last 4 digits of the card number are retained for reference purposes.

De-personalized data

RoomTrust analyses, uses, discloses, and processes statistical and other data in de-personalized (anonymized) form that RoomTrust obtains or generates in connection with its business. This data is used to identify trends and other activities in the travel industry.

Information from minors

RoomTrust’s Booking System services are not intended for use by minors. We do not knowingly collect Personal Information from any minor.

Data access and correction requests and other questions

You have a right of access regarding the information that concerns you. If this information is inaccurate, incomplete or not (no longer) relevant, you can ask for the rectification or erasure thereof.

As a practical matter, individual users may first wish to contact their Hotel Supplier or Subscriber as the most efficient means of addressing any issues in these areas. Users may direct any other requests, questions or complaints relating to their own Personal Information to RoomTrust at or to the address specified below.

RoomTrust retains the right to use reasonable measures to authenticate the identity of any user who makes a request in respect of their Personal Information or otherwise raises any questions.

Privacy-related communications may be directed to

RoomTrust Systems Ltd
39, The Metro Centre, Tolpits Lane
Watford WD18 9SB, UK
T: +44 (0)20 3875 6180

Once we receive your inquiry we will investigate the matter and respond to you promptly. We will endeavour to do this within 30 days. If this is not possible, we will endeavour to contact you and let you know about a revised timeframe.

Data Privacy dispute resolution

If any EU country-based user experiences an issue regarding Personal Information that cannot be resolved directly with RoomTrust, the said user has a right to lodge a complaint with their local Data Protection Authority.

Privacy Policy publication and effective date

Effective Date: This policy was last updated on 25th of May 2018.

We may update this policy from time to time and will post a prominent notice to inform users about significant changes.

As the privacy legislation regularly evolves, the privacy part of this website may be adjusted. Each adaptation will be available for consultation.