Get hands-on at Payments Leaders’ Summit EU in Amsterdam on September 15, 2025

Read More

GDPR

The General Data Protection Regulation (GDPR) governs how organizations process personal data of EU citizens. These regulations apply to any organization that controls or processes data on behalf of individuals.

GDPR protects personal data that can identify a living person (name, email, bank details, phone number), sensitive personal data (ethnic origin, political beliefs, sexual orientation), and web information (IP addresses, cookies).

PCI Booking Ltd operates the Orchestra Solutions service and brand. PCI Booking is GDPR compliant as an EU-based organization and to support customers who handle information on individuals from around the world.

As an organization based on securing private information, PCI Booking has long had a privacy-conscious culture. GDPR reaffirms this position and PCI Booking has taken steps to comply fully with GDPR, including reviewing all information stored and the processes behind this.

Data Processing

Orchestra acts as data processor for clients who are the data controllers. We store only information required for Orchestra’s functionality, primarily credit card information securely stored on behalf of clients.

Personal information required for product functionality is stored on EU-located cloud storage which is both PCI DSS and GDPR compliant.

Technical Measures

  • Information stored and processed securely
  • EU-located cloud storage
  • PCI DSS compliant storage systems
  • API available to search, retrieve and delete card data, fully removing deleted card data from our system

Data Subject Rights

We have signed a standard GDPR annex with all customers in our customer service agreement.

We offer an API designed to search, retrieve and delete card data which fully removes the deleted card data from our system.

Privacy Policy and Website

We have updated our privacy policy to ensure customers and partners know exactly how we handle data.

Cookie consent process updated on our public website with all forms now requiring opt-in.

Contact

For additional questions on data privacy and GDPR: support@pcibooking.net

View ISO 27001 certificate