BAILII is celebrating 24 years of free online access to the law! Would you consider making a contribution?
No donation is too small. If every visitor before 31 December gives just £1, it will have a significant impact on BAILII's ability to continue providing free access to the law.
Thank you very much for your support!
 |
[Home] [Databases] [World Law] [Multidatabase Search] [Help] [Feedback] | |
Irish Data Protection Commission Case Studies |
||
|
You are here: BAILII >> Databases >> Irish Data Protection Commission Case Studies >> Alleged disclosure of credit card details by a booking agent [2009] IEDPC 4 (2009) URL: http://www.bailii.org/ie/cases/IEDPC/2009/[2009]_IEDPC_4.html Cite as: [2009] IEDPC 4 |
||
[New search] [Printable RTF version] [Help]
Alleged disclosure of credit card details by a booking agent [08/04/2010]
In January 2009 I received a complaint regarding the alleged disclosure of personal information by an internet booking agent. The complainant informed my Office that, when booking a hotel with the booking agent, he provided his credit card details to pay a deposit. However, after his subsequent stay at the hotel and having paid the bill, he received a phone call from the hotel to inform him that the bill had been undercharged by €200 in error. The complainant alleged that the hotel then contacted the booking agent who in turn provided the hotel with his credit card details and that these details were used by the hotel to debit €200 from his credit card account.
My Office contacted the booking agent in question and asked where on its terms and conditions did it state that an individual's credit card details would be shared with the hotel booked by the customer.
The booking agent, as part of its response, provided my Office with a copy of the full terms and conditions associated with the use of its website. The terms and conditions clearly state that no reservation contract exists between the customer and the booking agent and that the contract is between the customer and the hotel. The booking agent acts as a facilitator for the hotel and all rooms, availability, pricing and descriptions on hotel websites and all websites using the booking agent's technology are under the control of the hotel.
In this case, the complainant, when using the booking agent to book the hotel, was actually booking directly with the hotel and not with the agent. Therefore, when he provided the credit card details on-line to pay the deposit for the hotel, the details were provided directly to the hotel and not to the booking agent as he had previously thought. Therefore, no actual disclosure to a third party took place.
Since my Office raised this issue with the booking agent, it has expanded its terms and conditions to ensure that individuals using the booking agent's website to book hotels fully understand that the credit card details provided by them are provided to the hotel.
This case clearly demonstrates how important it is for individuals to be fully aware of the terms and conditions associated with any contract they enter into. In most cases, the terms and conditions also outline how the information provided by an individual will be used. In this case, had the complainant read the terms and conditions in full, he would have been aware that the contract existed between himself and the hotel and therefore, in entering his credit card details on-line, he was supplying them to the hotel. I can fully accept, however, that terms and conditions are not always either immediately available or accessible in terms of language to a person seeking to make a booking over the internet.
