Privacy Policy

1. Who is the controller of your personal data?

When this Privacy Policy mentions “Company”, “we,” “us,” “our” or “Data Controller”, it refers to:

Red Universal de Marketing y Bookings Online, S.A.U., a Spanish company belonging to the lm group, listed in the Madrid business register under no. CIF A-82602871 and with registered office at Paseo de la Florida 2 Oficina exterior 2 - 28008 Madrid, Spain which is responsible for the processing of Users’ and/or Customers’ personal data under this Privacy Policy (hereinafter, referred to as the “Company”, “we”, “us”, “our”, “Data Controller”). 

We, being an entity located in Spain, are subject to Spanish law regarding the protection of personal data. For that reason, we undertake to comply with the obligations imposed by the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the Spanish regulations, including the Organic Law 3/2018, of December 5, on Data Protection and Guarantee of Digital Rights.

4. Who sees, receives and uses your data and where?

4.1. Categories of recipients of your data

We share your personal data, for the purposes described in this Privacy Policy, to the following categories of recipients:

• Our authorised employees and/or collaborators that assist and advise us on administration, products, legal affairs, Customer Care Team, and information systems, as well as those in charge of maintaining our network and hardware/software equipment;

• Airlines, hotels, car hire companies, insurance companies, tour operators as well as those other parties to which it is necessary to disclose your personal data in order to provide you with the requested services that will be operating as autonomous data controllers. Please note that airline companies are required, in accordance with new regulations introduced in the US and other countries, to allow customs and border authorities to have access to flight passenger data. For that reason, in certain situations, we may communicate data collected on passengers included in the reservation to the competent authorities of the countries included in the Customer’s travel itinerary if required by the local law.

• Our third-party service providers (including other entities of the lmastminute.com group), which process your personal data on our behalf and under our instructions for the purposes described hereinabove acting as data processors, such as those providing us with IT and hosting services call centre and customer support, analytics and administration services etc.

• Payment providers and financial institutions (e.g. for chargeback, fraud detection and prevention purposes) acting as autonomous data controllers.

• Our business partners who are social media platforms when it is explicitly requested by you (e.g. when you share information generated from our website onto those platforms), when using social media authentication methods or downloading our App whereby you agree either with our privacy policy or with the platforms that we may share information about your online activity with these partners even when you are not logged in to the social media platform). or when these business partners that provide us with functionality capabilities request information about the specifications of the device that the App has been installed on, which they have obtained the right to do.  The information you share will be governed by the social media's privacy policy. Please check clause 2.3 of this Privacy Policy for more information.

• Competent authorities when we are required to do so by the current law.

• Competent authorities and Law and enforcement third parties when this is necessary so that we can enforce our terms of use and protect and defend our rights or property or the rights or property of any third party.

• Third parties that receive the data (e.g. business consultants, professionals for delivering due diligence services or assess value and capabilities of the business) when it is necessary in connection with any sale of our business or its assets (in which case your details will be disclosed to our advisers and any prospective purchaser’s advisers and will be passed to the new owners. 

The complete list of parties to which your personal data may be disclosed is available at our registered office and may be requested by writing to privacy.en@lastminutegroup.com.

4.2. International transfer of your data

Users’ and/or Customers’ personal data is processed in at the Data Controller’s registered office (see point 1), on the lm group servers, and at the offices of other entities to which data may be provided in order to provide the services requested of the Data Controller.

Given the fact that we are an international travel company, we also transfer your personal data to:

• non-European Economic Area (EEA) countries offering an adequate level of data protection such as Switzerland in accordance with the “Adequacy decisions” of the EU Commission that recognises some countries as providing adequate protection;

• non-European Economic Area countries where data protection laws may be less protective than the legislation in the EEA. This happens when:

• we disclose your data to autonomous data controllers such as airlines, hotels, car hire companies, tour operators etc. that might process your data outside the EEA in order to provide you with the requested services.

• we disclose your data to our service providers who act as data processors on our behalf that might be located in a country outside the EEA, including Morocco, Albania, UK, India and Tunisia. When such a transfer happens, we ensure that it takes place in accordance with this Privacy Policy and is regulated by standard contractual clauses approved by the European Commission as ensuring adequate protection for data subjects. Our providers, acting as data processor, may be engaged in, among other things, the fulfilment of your service request, the processing of your payment details, the provision of advertising and marketing services on our behalf and the provision of support services through electronic communications or call centre.

Should you want to obtain further details about the safeguards put in place, you can contact us by writing to privacy.en@lastminutegroup.com.

6. What are your data protection rights and how can you exercise them?

You can exercise the rights provided by the Regulation EU 2016/679 (Articles 15-22), including 

Name of the right

Right of access

Content

To receive confirmation of the existence of your personal data, access its content and obtain a copy.

Name of the right

Right of rectification

Content

To update, rectify and/or correct your personal data.

Name of the right

Right to erasure/right to be forgotten and right to restriction

Content

To request the erasure of your data or restriction of your data which has been processed in violation of the law, including whose storage is not necessary in relation to the purposes for which the data was collected or otherwise processed; where we have made your personal data public, you have also the right to request the erasure of your personal data and to take reasonable steps, including technical measures, to inform other data controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

Name of the right

Right to data portability

Content

To receive a copy of your personal data you provided to us for a contract or with your consent in a structured, commonly used and machine-readable format (e.g. data relating to your purchases) and to ask us to transfer that personal data to another data controller.

Name of the right

Right to withdraw your consent

Content

Wherever we rely on your consent (see p. 3 - F and J), you will always be able to withdraw that consent, although we may have other legal grounds for processing your data for other purposes.

Name of the right

Right to object, at any time

Content

You have the right to object at any time to the processing of your personal data in some circumstances (in particular, where we don’t have to process the data to meet a contractual or other legal requirement (see p. 3-B, C D, H, I), or where we are using your data for direct marketing (p. 3-E).

Name of the right

Right not to be subject to a decision based solely on automated processing, including profiling

Content

You can always request a manual decision- making process instead, express your opinion or contest decision based solely on automated

processing, including profiling, if such a decision would produce legal effects or otherwise similarly significantly affect you.

You can exercise the above rights at any time by:

• Contacting us via email at privacy.en@lastminutegroup.com.

• As for direct marketing, please note that you can also object at any time by clicking the unsubscribe link which we provide in each communication sent to you

• As for online targeted ads and the withdrawal of your consent please refer to our Cookie section of this Privacy Policy.   

In case you exercise any of the above rights provided by GDPR, please note that we will attend your request considering the personal information held by all the companies within the lm group where BravoNext, S.A. holds, directly or indirectly, 100% of the shares.  

Your rights in relation to your personal data might be limited in some situations. For example, if fulfilling your request would reveal personal data about another person or if we have a legal requirement or a compelling legitimate ground we may continue to process your personal data which you have asked us to delete.

You also may have the right to make a complaint if you feel your personal information has been mishandled. We encourage you to come to us in the first instance but, to the extent that this right applies to you, you are entitled to complain directly to the relevant Data Protection Supervisory Authority.

7. Contact details of the data controller

The contact details of the Data Controller of the data processing described hereinabove are:

Red Universal de Marketing y Bookings Online, S.A.U., a Spanish company belonging to the lm group, listed in the Madrid’s business register under no. CIF A-82602871 and with registered office at Paseo de la Florida 2 Oficina exterior 2 - 28008 Madrid, Spain.

8. Contact details of our data protection officer (DPO)

Our Data Protection Officer (or "DPO") is available at:

dpo.en@lastminutegroup.com

Paseo de la Florida 2 Oficina exterior 2 - 28008 Madrid, Spain

9. Information about Cookies

9.1 What are Cookies and other similar technologies (“Cookies”)?

Cookies are small text files which are stored on your computer, hard drive, smartphone or tablet (hereinafter referred to as, “Device”). These Cookies hold a modest amount of data specific to you and allows a server to deliver a page tailored to you on your Device.

On our Website we can also use other similar technologies referred to as “tags” (such as, “tracking pixels”, or “script”), "HTML5 local storage", “web beacons” or “plugins" as well as “software development kits” (SDKs) and fingerprinting techniques, which are in particular technologies that store or access information on the user’s device in order to identify it so that visits to a website can be analysed.

These similar technologies may also be used together with Cookies to enable information to be stored on, or transmitted to and from, the Device you use to access our Website.

Furthermore, by implementing the Cookies and other similar technologies described above, if you return to our Website, this can read and recognise such technologies, which primarily are used to operate or improve the way our Website works as well as to provide business and marketing information to the Website owner.

9.2 Authorisation for the use of Cookies on our Website or App

In accordance with the notice of Cookie usage appearing on our Website’s homepage (or before starting to use our Apps) and our Cookie Policy you agree that, if you click the button “Accept”  or “Allow” of our Cookie banner, you consent to the use of Cookies described herein, except to the extent that you have set your preferences through the “review settings” area or you have modified your browser settings to disable their use. 

9.3. What categories of your data do we collect and use?

When you visit the Website and use our Comparison Service or when you access our Apps (you as a "User") we collect the following categories of personal data:

Personal data collected automatically from our Website and from third parties

• Information about your visits to and use of the Website, such as information about the Device and browser you are using, your IP address or domain names of the computers connected to the Websites, uniform resource identifiers for requests made, the time of request, the method used to submit the request to the server, the size of the archive obtained as a response, the numerical code indicating the status of the response given by the server (correct, error, etc.) and other parameters relative to the operating system and the computer environment used, the date and time that you visited, the duration of your visit, the referral source and website navigation paths of your visit and your interactions on the Website including the services and offers you are interested in. Please note that we may associate this information with your account.

Please see the following clause of this Policy for further information on the purposes for which we collect and use this information.

9.4. Types of Cookies used on our Website

9.4.1 Types of Cookies according to the managing entity

Depending on what entity manages the website or domain from which the Cookies are set and processed, there exist the following types of Cookies:

• First party Cookies: these are sent to your Device from a website or domain managed by us and from which the service you requested is provided.

• Third party Cookies: these are sent to your Device from a website or domain other than the one being visited by you and that is not managed by us, but by a separate entity that processes data obtained through Cookies.

9.4.2 Types of Cookies according to the length of time you stay connected: 

Depending on the amount of time you remain active on your Device, these are the following types of Cookies:

• Session Cookies: these are designed to receive and store data while you access the Website. These Cookies do not remain stored on your Device when you exit the browser session or the Website.

• Persistent Cookies: these types of Cookies remain stored on your Device and can be accessed and processed after you exit the Website as well as when you navigate on it for a pre-determined period of time. The Cookie remains on the hard drive until it reaches its expiration date. The maximum time we use persistent Cookies on our Website is 1 year. At this point the browser would purge the Cookie from the hard drive.

9.4.3 Types of Cookies and other similar technologies according to their purpose

Cookies and other similar technologies (collectively “Cookies”) can be grouped as follows:

• Technical Cookies: these Cookies are strictly necessary for the operation of our Website or our App and are essential for browsing and allow the use of various features. Without them, you cannot use the search function, compare tool or book other available services on our Website or on our App.

• Personalisation Cookies: these are used to make navigating our Website or our App easier, as well as to remember your selections and offer more personalised services. In some cases, we may allow advertisers or other third parties to place Cookies on our Website or on our App to provide personalised content and services. Please note that if Cookies are blocked, we cannot guarantee the functioning of such services.

• Analytical Cookies for statistical purposes and measuring traffic: these Cookies gather information about your use of our Website or of our App, the pages you visit and any errors that may occur during navigation. We also use these Cookies to recognise the place of origin for visits to our Website or our App. These Cookies do not gather information that may personally identify you. All information is collected in an anonymous manner and is used to improve the functioning of our Website or of our App through statistical information. Therefore, these Cookies do not contain personal data. In some cases, some of these Cookies are managed on our behalf by third parties, but may not be used by them for purposes other than those mentioned above. 

• Advertising and re-marketing Cookies: these Cookies are used to gather information so that ads are more interesting to you, as well as to display other advertising campaigns along with advertisements on the Website or on the App as well as on those of third parties. Most of these Cookies are “third party Cookies” which are not managed by us and, because of the way they work, cannot be accessed by us, nor are we responsible for their management or purpose. Our Privacy Policy contains more information about the way third party Cookies work, their purpose and how they are used. You may find this information in the list of Cookies available in Clause 9.5.
  To that end, we can also use the services of a third party in order to collect data and/or publish ads when you visit our Website or our App. These companies often use anonymous and aggregated information (not including, for example, your name, address, email address or telephone number) regarding visits to this Website or to our App and others in order to publish ads about goods and services of interest to you.

• Advertising or retargeting Cookies shared with third parties: these Cookies, served on our Website through the audience technology platforms indicated in Clause 9.5, collect pseudonymized personal data, means information that cannot by itself be used to directly identify a particular person or entity, and enable other advertisers to show you ads on their websites or on third parties’ websites about goods and services of interest to you. These advertisers operate in the following sectors: tourism, leisure, entertainment, high technology, fashion, decoration, consumer goods, food and beverage, finance, banking, insurance, energy, environment, communication, mass media, real estate, pharmaceuticals, clothing and textiles, education and training, energy, publications and publishing, information and communications technology, retail, sport, telecommunications and general services.

• Social Cookies: these Cookies allow you to share our Website and click “Like” on social networks like Facebook, Twitter and YouTube, etc. They also allow you to interact with each distinct platform’s contents. The way these Cookies are used and the information gathered is governed by the privacy policy of each social platform, which you can find on the list below in Paragraph 9.5.

To see the list of Cookies used on this Website, click here.

The information contained in the above list has been provided by the other companies which generate them. These companies have their own privacy policies in which they set forth both their own declarations as well as applicable disabling systems.

The lastminute.com group is not responsible for the contents and accuracy of third party Cookie policies contained in our Cookie Policy.

With regard to the Advertising or retargeting Cookies indicated in Clause 9.4.3, here you can find the information on how our audience technology platforms process your personal data and their disabling systems:

• Salesforce

• Eyeota

9.6 Why do we collect your data?

Why?

A. To create and maintain the contractual relation established for the provision of the Service requested by you in all its phases and by way of any possible integration and modification.

On which legal basis?

To provide a requested service

Why?

B. To meet the legal, regulatory and compliance requirements and to respond to requests by government or law enforcement authorities conducting an investigation.

On which legal basis?

To comply with the law

Why?

C. To carry out anonymous, aggregative statistical analyses so that we can see how our Website, products and services are being used and how our business is performing.

On which legal basis?

To pursue our legitimate interest (i.e. improving our Website, its features and our products and services)

Why?

D. To tailor and personalise online marketing notifications and advertising for you (i.e. Web Push Notifications) based on the information on your use of our Website, products and services and other sites collected through Cookies.

On which legal basis?

Where you give your consent (i.e. through the Cookie banner or by your browser's settings)

Why?

E. To enable other advertisers to tailor and personalise online marketing notifications and advertising to be shown on their website or on third parties websites, based on the information on your use of our Website that we share with them.

On which legal basis?

Where you give your consent (i.e. through the Cookie banner or by your browser's settings)

9.7 How long do we retain your data?

We retain your personal data for as long as is required to achieve the purposes and fulfil the activities as set out in this Cookies Policy, otherwise communicated to you or for as long as is permitted by applicable law. Further information about the retention period is available here:

Data collected via tag

Technical Cookies

Retention period

Max 3 years

Starting date

From the date of browsing on our websites or App

Data collected via tag

Non-technical Cookies

Retention period

Max 1 year

Starting date

From the date of browsing on our websites or App

9.8 Cookies management

You must keep in mind that if your Device does not have Cookies enabled, your experience on the Website may be limited, thereby impeding the navigation and use of our services.

9.8.1 How do I disable/enable Cookies?

There are a number of ways to manage Cookies. By modifying your browser settings, you can opt to disable Cookies or receive a notification before accepting them. You can also erase all Cookies installed in your browser’s Cookie folder. Keep in mind that each browser has a different procedure for managing and configuring Cookies. Here’s how you manage Cookies in the various major browsers:

• MICROSOFT WINDOWS EXPLORER

• GOOGLE CHROME

• MOZILLA FIREFOX

• APPLE SAFARI

If you use another browser, please read its help menu for more information.

If you would like information about managing Cookies on your tablet or smartphone, please read the related documentation or help archives online.

9.8.2 How are third party Cookies enabled/disabled?

We do not install third party Cookies. They are installed by our partners or other third parties when you visit our Website. Therefore, we suggest that you consult our partners’ Websites for more information on managing any third party Cookies that are installed. However, we invite you to visit the following website http://www.youronlinechoices.com/ where you can find useful information about the use of Cookies as well as the measures you can take to protect your privacy on the internet.

9.8.3 How do I disable Web Push Notifications?

You can disable Web Push Notifications through your browser:

Chrome: https://support.google.com/chrome/answer/3220216?co=GENIE.Platform%3DDesktop&hl

Firefox: https://support.mozilla.org/en-US/kb/push-notifications-firefox

Microsoft Edge:https://support.microsoft.com/en-us/help/10761/windows-10-change-notification-action-settings

Apple Safari: https://support.apple.com/en-gb/guide/safari/sfri40734/mac

10. Privacy notice for Facebook 

11.1. Facebook Custom Audiences - Facebook pixel

We use the remarketing function “Custom Audiences” of Facebook Inc. (1601 Willow Road, Menlo Park, California 94025) or, if you are based in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. This function allows us to show our Users and/or Customers of our website interest-based ads when they visit Facebook (“Facebook ads”), and to analyze such Facebook ads for statistical and market research purposes, which helps us optimize future advertising. This allows us to serve more relevant advertising. 

For this purpose we use the so-called Facebook pixel for our website. 

When a User or a Customer visits our website and takes an action (for example, buying something), the Facebook pixel is triggered and reports this action. This way, we will know when a customer took an action after seeing our Facebook ad. We will also be able to reach this customer again by using a Custom Audience. Therefore, this pixel allows user behavior to be tracked after they have been redirected to our Website by clicking on a Facebook ad. This way, we will know when a customer took an action after seeing our Facebook ad. We will also be able to reach this customer again by using a Custom Audience.

Therefore, this enables us to measure the effectiveness of Facebook ads for statistical and market research purposes. The data collected in this way is anonymous to us, i.e. we do not see the personal data of individual users. However, this data is stored and processed by Facebook, which is why we are informing you, based on our knowledge of the situation. Facebook may link this information to your Facebook account and also use it for its own promotional purposes, in accordance with Facebook’s Data Usage Policy  https://www.facebook.com/about/privacy. Such data may allow Facebook and its partners to show ads on or off Facebook. A Cookie may also be stored on your computer for these purposes.

10.2. Facebook SDK

Within our App, we use the Software Development Kit (SDK) from Facebook. The Facebook SDK is issued and administered by Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA, or, if you are based in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. By means of this integration, we can link various Facebook services with our App (i.e. Facebook Analytics, Facebook Ads, Facebook Login via the SDK, Facebook Account Ki, Facebook Share, Facebook Graph API and Facebook App Events). 

In particular, we have linked the following SDK Facebook services with our App:

Facebook Login: to provide you with the possibility to register or log in with your Facebook account 

Facebook App Events: To understand people's actions in our app and measure the effectiveness of your Mobile App Ads. We use this service  to evaluate the reach of our advertising campaigns and use of Facebook SDK. Facebook merely provides us with an aggregated analysis of user behavior within our app. 

In addition, as our App is linked to SDK Facebook services, we have to follow Facebook policies, which include that we are obliged to share with Facebook, when you download the App, even when you are not logged in to the social media platform, the following data: 

• Anonymous online identifier; 

• Information confirming that you have download our App;

• Type of device you have used to download our App;

• Your device model name;

• Your geographical zone; 

• Your time zone;

• Your connection provider;

• The size and density of your screen device;

• CPU cores of your device;

• The external storage size in GB of your device;

• The free space on external storage in GB of your device;

• Device timezone

By downloading our App you declare that you agree with the communication of the data to Facebook as described above. 

Further information about Facebook SDK within iOS can be found here:https://developers.facebook.com/docs/ios. For Android, please refer to: https://developers.facebook.com/docs/android.

You can check and modify the status of your connection to Facebook and the respective access privileges of our Apps at any time under your Facebook profile settings (https://www.facebook.com/settings?tab=applications). If you want to cancel the connection between Facebook and our App, please log in to Facebook and make the necessary changes in your profile settings.

11. Update and old versions of this privacy policy

We reserve the right to modify this Privacy Policy at any time in accordance with this provision. If we make changes to this Privacy Policy, we will post the revised Privacy Policy on our Website and update the “Last Updated” date at the top of this Privacy Policy.

Old versions of this Privacy Policy are available here.