RECRUITMENT PRIVACY STATEMENT

Updated on 05 29, 2025

Welcome to Trip.com’s Recruitment Privacy Statement.

WHEN THIS PRIVACY STATEMENT APPLIES

Trip.com is committed to protecting personal data. This privacy statement will inform you as to how we look after the personal data we process as part of our recruitment process, including the personal data we collect via our recruitment website and received from third-party recruitment/investigation organisations; it supplements other notices and privacy statements and is not intended to override them.

WHO WE ARE

Trip.com Group is made up of different legal entities. Our parent entity is Trip.com Group Limited, a NASDAQ listed company. This website is operated by Trip.com Travel Singapore Pte. Ltd., with its principal place of business at 30 Raffles Place, #29-01, BNI Tower, Singapore, 048622.

This privacy statement is issued on behalf of the Trip.com Group. When we mention Trip.com, “we”, “us” or “our” in this privacy statement, we are referring to the relevant companies in the Trip.com Group responsible for processing your personal data.

If you have questions about this privacy statement or wish to contact us for any reason in relation to our personal data processing, please contact us at careers@trip.com.

TYPES OF PERSONAL DATA WE MAY COLLECT AND PURPOSES OF PROCESSING

In connection with your application to work with us, we will collect, store, and process the personal data you provide to us directly (e.g., the information you provide in your curriculum vitae and covering letter, on our application form and during the interview), to assess your match with the job you apply for and for the purposes listed in the table below.

Sometimes we receive information about you from third parties based on your consent to such third parties. For example, to find potential candidates, we will approach recruitment agencies and headhunting firms for suitable candidates and such partners will provide us with the relevant personal data as authorised by the candidates (e.g., your identification data, contact details, background data, etc.). If we engage third-party service providers to conduct part of your interview or assessment, we will receive the report and score of such interview or assessment from the service providers. If we decide to offer you the role, we may then take up references and carry out criminal (where appropriate) and background checks before confirming your appointment, and thus we may obtain your personal data from background check providers, your named referees, and other necessary third parties. If we engage third-party vendors to provide you with medical check required for the job, we may receive the check results from such vendors. Also, we allow you to log into this website with your account of LinkedIn and Indeed, and with your consent granted to such partners, your personal data (e.g., your curriculum vitae) will be shared with us through their platforms.

We may also automatically collect data related to you during your use of this website, which may include log information via cookies, web beacons, or other channels, device information or software information, information on the web pages visited, keywords searched, pages accessed, as well as preference information such as language and region (collectively “Automatically Collected Data”).

Details of data collection:

Data categories

Purposes of processing

Legal basis

Identification data: Name; gender identity and pronouns; date of birth; ID type, number, date of issue and expiration date; photograph; nationality and country of citizenship; visa details (where applicable); preferred working location; right to work information and documentation (where applicable).

Contact information: Phone number; email address; Instant Messenger, relevant website (optional); address, home base (optional); emergency contact and relationship.

Employment history: Company name, location, job title, start and end dates of your current and previous employment; your responsibility and achievements; salary structure (optional).

Academic and professional qualifications: Schools; degrees; majors; GPA; exam scores; skills; start and end dates; certification; language proficiency.

Communication data: Your correspondence and interactions with us (e.g., email correspondence and interaction during the job interview).

Assessment data: the result, score and report of your SHL-SVAR (English Test) and/or SHL-Verify (Cognitive Assessment), if applicable.

Survey data: We may collect information related to you in the candidate experience surveys, background and reference checks, where applicable.

Account registration information and settings: email address, password, job alerts you create, records of applications.

Automatically Collected Data

To assess your skills, qualifications, and suitability for the job you apply for.
To communicate with you about the recruitment process.
For the management of enrolment and to keep records related to our hiring processes.
To verify your information and carry out reference checks and/or conducting pre-employment screening (where applicable).
For analytical purposes, including conducting opinion surveys to make improvements to our application and recruitment process.
For security purposes such as fraud detection and prevention, and related investigations.
For law enforcement purposes, audits, internal investigations, and compliance with applicable legal and other requirements.

It is necessary for us to process your personal data to process job applications submitted by, or on your behalf, and to decide whether to enter into a contract with you.
It is necessary for us to comply with any legal or regulatory obligations.
We have legitimate interests to decide whether to appoint you to the role since it would be beneficial to our business.

Sensitive personal data:

Information about your race or ethnicity, religious beliefs, sexual orientation, political opinions, self-identification, marriage status, caring responsibilities, military or veteran status.
Information about criminal convictions and offences.
Information about your health, including any medical condition, health and sickness records.
Video images (e.g., where premises have CCTV systems in common areas, or for video interviews), and audio information (e.g., for phone/video interviews).

We only collect, store and process the following categories of sensitive personal data to the extent necessary, based on the specific job you applied for and the country/region where the job is located. We do NOT make hiring decisions based on such data. Specifically:

To ensure our recruitment practices are inclusive, to carry out diversity and inclusion metrics, and to ensure meaningful equal opportunity monitoring and reporting (for example, we have Equal Opportunities Monitoring Form for roles in the UK and the US subject to EEO laws).
Where a role requires a high degree of trust and integrity, we may collect information about your criminal convictions history if we would like to offer you the role (conditional on checks and any other conditions, such as references, being satisfactory). We are entitled to carry out a criminal record check in order to satisfy ourselves that there is nothing in your criminal convictions history which makes you unsuitable for the role.
We may use information about your disability status to consider whether we need to provide appropriate adjustments during the recruitment process, for example whether adjustments need to be made during a test or interview.
To insure fairness, transparency, and equity in our recruitment decisions by recording the interview for certain jobs.
To ensure the safety and security of our employees, visitors, and assets by CCTV in common areas.
To carry out our obligations under employment laws or other applicable laws.

Your consent.

As permitted by the applicable laws, we have legitimate interests to decide whether to appoint you to the role since it would be beneficial to our business.

If you fail to provide necessary personal data when requested, which is necessary for us to consider your application (such as evidence of qualifications or work history), we will not be able to process your application successfully. For example, if we require a credit check or references for this role and you fail to provide us with relevant details, we will not be able to take your application further.

TALENT COMMUNITY

Where we have your consent, we will enter you into our Talent Community, where we will keep you up to date on our company highlights, relevant job vacancies and invite you to our recruitment events. If you want to unsubscribe or remove your profile from the Talent Community after registration, please contact us via email at any time.

AUTOMATED DECISION-MAKING

You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making.

DATA SHARING AND CROSS-BORDER DATA TRANSFER

We will only share your personal data with the following third parties to the extent necessary for the purposes described above:

Service providers: We share your personal data with third party service providers and suppliers (including the recruitment agencies) to provide our recruitment services. Specifically, if we engage any third-party service providers to conduct part of your interview or assessment, we will provide some of your personal data to such service providers in advance so that you can log in to the systems and attend the interview or assessment. We may take up references and carry out criminal (where appropriate) and background checks before confirming your appointment, during which we share your personal data with such third parties to conduct pre-employment screening as permitted by applicable laws. We may also provide your data to vendors for medical check scheduling, including your name, contact information, gender, job title, etc., as required by medical check items and local vendors. The providers are not managed by Trip.com, and the personal data disclosed to them is subject to their privacy policies and security regulations. Therefore, we recommend that you carefully review the privacy policies of the providers.
Third-party vendors: We collaborate with third-party vendors who provide services or functions on our behalf, such as message delivery, business analysis, surveys, fraud prevention, technical support, etc. Third-party vendors can only access and collect information necessary for these functions and cannot share or use it for other purposes.
Government authorities, law enforcement, and regulators: When legally required, strictly necessary for the performance of the recruitment services, to protect or defend our rights or property, or to prevent, investigate and/or report fraud, misrepresentation, security incidents or crime, we may share your personal data to competent authorities to assist in investigation, legal process or litigation, for regulatory and investigative purposes as necessary.
Entities within Trip.com Group: We may share your personal data with our affiliates to the extent necessary for recruitment services and internal human resource management. All business divisions of our group offer similar protection measures for personal data, strictly adhering to the same standards as this privacy statement. Where permitted by law, your data may also be shared for analytical purposes.

All the third parties above are required to take appropriate security measures to protect your personal data in line with our policies and in accordance with our instructions. We do not allow our third parties to use your personal data for their own purposes.

Due to the global nature of our business, your personal data may be transferred to and stored at a destination outside your country, to the extent necessary for the purposes described above. Where these locations do not provide an adequate level of data protection, we ensure appropriate safeguards are in place to protect your personal data in these countries.

For example, if you reside in the UK or the EEA countries, the measures we have in place include the following:

Adequacy decisions of the European Commission and adequacy regulations of ICO confirming an adequate level of data protection of whitelisted countries. You can find out more at https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en for the EEA and at https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/international-transfers/international-transfers-a-guide/#Q1 for the UK;
Standard contractual clauses as approved by the European Commission Implementing Decision (EU) 2021/914 of 4 June 2021 (available at https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32021D0914 ), or the standard data protection clauses approved by ICO (available at https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/international-transfers/international-data-transfer-agreement-and-guidance/ );
Where a transfer is necessary for the conclusion or performance of a contract between a data subject and a controller; and
Other appropriate mechanisms and technical measures to ensure data security and compliance.

DATA SECURITY

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need-to-know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

DATA RETENTION

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. Specifically, if you are an unsuccessful applicant located in the UK or the EEA countries, we will retain your personal data for 6 months following the outcome of your application, unless you join our Talent Community or we have obtained separate consent from you.

In some circumstances we may anonymise your personal data so that it can no longer be associated with you, in which case we may use such information without further notice to you.

If you join our Talent Community, we will retain your personal data for 2 years unless you decide to leave the Talent Community during this period in which case we will delete it earlier.

Our retention practices may be reviewed and updated from time to time in accordance with the latest legal requirements and best practice.

YOUR RIGHTS IN CONNECTION WITH PERSONAL DATA

Depending on your location, you have certain data protection rights in accordance with applicable data laws, which may include but not limited to the right to access, verify, correct or request deletion of your personal data, object to the processing of your personal data, or request that we transfer a copy of your personal data to another party. For data-related requests, please contact us via email.

For example, if you are based in the UK or the EEA countries, you have the right to:

Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal data for direct marketing purposes.
Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
Request the transfer of your personal data to another party.

You have the right to make a complaint at any time to your local supervisory authority for data protection issues; however, we would appreciate the chance to deal with your concerns, so please contact us in the first instance.

Updates to this privacy notice

We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal data.

COOKIE STATEMENT

What is a cookie?

Our platform uses cookies that are essential for our operation.

A cookie is a small text file that we store on your device when you use our platform. To learn more about cookies, please go to www.aboutcookies.org.

We may also use similar technologies such as Software Development Kits (SDKs). In this statement we refer to all technologies as “cookies”.

What type of cookies does Trip.com use?

We use essential cookies. These are cookies that our platform cannot operate without. They include, for example, cookies that enable you to log into our platforms. You can switch these cookies off in your browser settings, however you may then not be able to use our platform.

You can find more information about the individual cookies we use and the purposes for which we use them in the table below.

We use session and persistent cookies. Session cookies are deleted when you close your browser or our app. Persistent cookies remain on your device and are activated the next time you visit our platforms. Cookies may be placed by us, or one of our trusted third-party partners.

Table of cookies

Cookie Name	Provider	Purpose
uid	Trip.com	User identifier.
language	Trip.com	Record the user's language preference.
_bfa	Trip.com	UBT Meta information.
_RGUID	Trip.com	Identify the user.
_RDG	Trip.com	Verify whether the user identifier has been tampered with.
_RSG	Trip.com	Used as a risk control equipment indicator to prevent change of the equipment fingerprints.
_RF1	Trip.com	Collect the user’s IP address for real-time risk assessment.
UBT_VID	Trip.com	Device ID.
ScustomPortal-4	Avature	Keep the session in between page loads.
portalLanguage-4	Avature	Store the current language selected by the user in the portal.
userCookieConsent-4	Avature	Store the cookie types allowed/declined by the users in portals with the cookie management feature enabled, so they don't have to renew their consent on every page view/visit.
tokenField	Avature	For CSRF protection (only for logged users).