Last updated March 2019
We recognise the importance of protecting your privacy and your rights with regards to data protection. The Internet is a very powerful medium when it comes to transmitting personal information; for that reason, we and all other companies belonging to the lastminute.com group undertake the serious task of respecting the current laws regarding the protection of personal data and the security of the same, with the aim of guaranteeing secure, controlled and confidential navigation for its users and customers who visit and/or use the Website and/or use our Comparison Service (you as a "User") or then purchase or register on our services, download our app and/or give us their consent for an specific purpose (you as a "Customer").
This Privacy Policy describes how we collect, use, process, and disclose your personal data in conjunction with your access to and use of our Website and services and, specifically:
1. Who is the controller of your data?
2. What categories of your data do we collect and use?
3. Why and how do we collect your data?
4. Who sees, receives and uses your data and where?
5. How long do we retain your data?
6. What are your data protection rights and how can you exercise them?
7. Contact details of the data controller
8. Contact details of our data protection officer
9. Information about cookies
10. Privacy notice for Facebook
11. Update and old versions of this privacy policy
It also informs you how you can exercise Your Rights (including the right to object to some of the data handling we carry out). More information about your rights and how you can exercise them is set out in the section below.
If you see an undefined term in this Privacy Policy (such as “Service” or “Website”), it has the same definition as in our Company contractual service conditions.
When this Privacy Policy mentions “Company”, “we,” “us,” “our” or “Data Controller”, it refers to:
BravoNext, S.A., a Swiss company belonging to the lm group, listed in the Ticino business register under no. CHE - 115.704.228 and with registered office at Vicolo de’ Calvi 2 - 6830 Chiasso, Switzerland, which is responsible for the processing of Users’ and/or Customers’ personal data under this Privacy Policy (hereinafter, referred to as the “Company”, “we”, “us”, “our”, “Data Controller”). Furthemore, we inform you that, for compliance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) purposes only (Art. 27 GDPR), Bravonext has designated as its EU representative Viaggiare SRL., an Italian company belonging to the lm group, listed in the Italian Chamber of Commerce - Milano under VAT identification no. IT04403760962 and with registered office at Via Melzo 12, 20129 Milan, Italy.
We, being an entity located in Switzerland, are subject to Swiss law regarding the protection of personal data. For that reason, we undertake to comply with the obligations imposed by the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the Swiss Federal Act on Data Protection of 19 June 1992 (FADP). In the same vein, we inform our Users and/or Customers that the Decision of the Commission of 26 July 2000 in accordance with Directive 95/46/CE of the European Parliament and the Council relating to the adequate level of protection for personal data in Switzerland declared that, in Switzerland, the laws guarantee an adequate level of protection in accordance with Directive 95/46/CE.
In accordance with Swiss Federal Act on Data Protection of 19 June 1992 and with Article 45 of the Swiss Federal Act on the Supervision of Insurance Companies of 17 December 2004 (FASIC) we inform our Users and/or Customers that their personal data is processed and kept by the Company in the manner and for the means as follows, in accordance with the LPD and LSA.
When you visit the Website and use our Comparison Service (you as a "User") or then purchase our services (you as a "Customer") we collect the categories of personal data as follows:
2.1. Personal data provided by you
The provision of the above personal data, where requested, is necessary for the adequate performance of the contract between you and us and to allow us to comply with our legal obligations except when we rely on consent as legitimate basis for processing and or our legitimate interest. Without it, we may not be able to provide you with all the requested services.
It is important that all the personal data you give us is correct and accurate. This includes, by way of example only, ensuring that we have your correct contact (including email) details at all times.
2.2. Personal data collected automatically from our Website, on the phone, from communication we send, and/or from third parties
We collect information about your visits to and use of the Website, such as information about the device and browser you are using, your IP address or domain names of the computers connected to the Websites, uniform resource identifiers for requests made, the time of request, the method used to submit the request to the server, the size of the archive obtained as a response, the numerical code indicating the status of the response given by the server (correct, error, etc.) and other parameters relative to the operating system and the computer environment used, the date and time that you visited, the duration of your visit, the referral source and website navigation paths of your visit and your interactions on the Website including the Services and offers you are interested in. Please note that we may associate this information with your account.
See the cookies section of this Privacy Policy (9. Information about cookies) for further information on the purposes for which we collect and use this information. Please note that, your personal information may also be linked to Cookies to i.e. enable the storage of your travel searches on your Personal Account when you are registered to the service and/or collect information on how you use our product and services.
2.3. Other sources of personal data: Facebook log-in and Google sign-in when registering and/or using your account into the Personal Area
You may create and use the Personal Area through our login system or you might choose to link, connect or login to the Personal Area with a third party service (e.g., Facebook, Google), the third party service may send us information such as your registration and profile information (i.e. user name, user ID associated with your social media account, picture, email), and any other information you permit the social network to share with third parties. The data we receive is dependent upon your privacy settings with the social network. You should always review and, if necessary, adjust your privacy settings on third-party websites and services before linking or connecting them to our Website.
In particular:
Facebook log-in
Google log-in
In general terms, we use your personal data to provide you with the services you request, process payment, provide customer services, send you marketing and promotional communications, notify you about important changes to our Website and to deliver our content and ads which we think may be of interest to you. More specifically:
Why?
A. To create and maintain the contractual relation established for the provision of the product and/or service requested by you in all its phases and by way of any possible integration and modification or to take steps at your request in relation to the contract prior to entering into contract (e.g. facilitating your bookings and taking payments; responding to your questions and concerns; administering your account). Information concerning our provision of the Service and/or to provide you with any clarification or assistance may be sent to you via email, phone, SMS, recorded calls or other similar technologies.
Please note that if your call to us is not connected, or if it is disconnected mid-call, you authorise us to use your phone number to call you back, in order to respond to your request.
On which legal basis?
To fulfil a contract, or take steps linked to a contract
(i.e. To provide the products and/or
the services you request and/or
to provide you with any clarification
or assistance to you)
Why?
B. If permitted by the applicable law, to request your participation in our surveys conducted via email phone, SMS, recorded calls or other similar technologies from time to time, so that you can tell us about your experience as a recipient of the Service. We will use your feedback to develop and improve our services. Following our analyses of your feedback, we may consider it necessary to contact you to provide you with a response to your survey submission. You can inform us at anytime if you no longer want to receive our surveys by writing to [email protected] Please note that your participation in the survey is voluntary and there is no consequences should you prefer do not to participate.
On which legal basis?
To pursue our legitimate interest
(i.e. To manage and improve our products,
services and day by day operations)
Why?
C. To meet the legal, regulatory and compliance requirements and to respond to requests by government or law enforcement authorities conducting an investigation.
On which legal basis?
To comply with the law
(i.e. to share personal data with regulatory
authorities)
Why?
D. To carry out aggregative statistical analyses on anonymised groups or to analyse identifiable individuals behaviour so that we can see how our Website, products and services are being used and how our business is performing.
On which legal basis?
To pursue our legitimate interest (i.e. improving our Website, its features and our products and services)
Why?
E. To send you (in cases permitted by law excepting where you did not object) advertising material via email or, where permitted by the law, other equivalent electronic communication regarding products and services similar to those already purchased by you and offered on our Website. On some occasions, we may send you a personalised and tailored version of the aforementioned advertisement materials.
On which legal basis?
Soft Opt-in/To pursue our legitimate interest (i.e. marketing)
Why?
F. To send you personalised and profiled marketing communications
Without prejudice to the provisions of the preceding paragraph E, and only with your previous consent, to share with you via email, phone, mail, SMS, and on our website or third party ones (e.g. using ads) the best deals and offers on products and services we think you might find interesting because they are suited to your interests. The individualised service or the offers can be marketed by us or our partners or business partners operating in the following sectors: tourism, leisure, entertainment, high technology, fashion, decoration, consumer goods, food and beverage, finance, banking, insurance, energy, environment, communication, mass media, real estate, pharmaceuticals, clothing and textiles, education and training, energy, publications and publishing, information and communications technology, retail, sport, telecommunications and general services.
For this purpose we may:
- analyse your personal information to create a profile of your interests and preferences so that we can tailor and target our communications in a way that is timely and relevant to you.
- combine the information you give us via cookies with information related to your purchases and information we receive from third parties that collect your data through various means agreed by you. You can find information about third parties on this link[1]
- analyse information about the way you engage with communication material you receive from us, such as data on when emails have been opened or to determine if you have viewed or interacted with an ad, to record the number of times you have viewed each ad, to prevent a single ad being shown to you too frequently etc.
- temporarily share an encrypted version of your email address, with carefully selected partners who may combine this information with other forms of online identifiers or other personal data in order to present you with our offers cross device or cross channel, for example on social networks (Facebook, Pintrest, Instagram, twitter).
- use automated decision making to segment and target product offers based on your demands and needs. This allows us to be more focused, efficient and cost effective with our resources and also reduces the risk of someone receiving information they may find inappropriate or irrelevant. You can always request a manual decision- making process instead, express your opinion or contest decision based solely on automated processing, including profiling, if such a decision would produce legal effects or otherwise similarly significantly affect you. For further details, you may contact our Data Protection Officers whose details are provided in this privacy policy.
On which legal basis?
Where you give your consent (by ticking the appropriate check box)
Why?
G. Passing your data to BravoNext, S.A. to collect and obtain the information about your bookings from the Data Controller with which you have contracted, in turn authorising this company to share this information to BravoNext, S.A.; this will facilitate the search and location of bookings you have made with any company of lm group on any of the Websites of the lm group through the APP or as a User of the Personal Area.
On which legal basis?
To fulfil a contract, when you register or log into the APP or Personal Area with BravoNext, S.A. via the website or the App
Why?
H. To keep our Website and systems secure and to prevent and detect fraud, security incidents and other crime.
On which legal basis?
To pursue our legitimate interest (i.e. ensuring the security of our Website)
Why?
I. To verify compliance with our terms and conditions and for the establishment, exercise or defence of legal claims.
On which legal basis?
To pursue our legitimate interest (i.e. compliance with our terms and conditions, protection of our rights in the event of any dispute or claim)
Why?
J. To tailor and personalise online marketing notifications and advertising for you based on the information on your use of our Website, products and services and other sites collected through cookies (please see the Cookies section of this Privacy Policy for further information)
On which legal basis?
Where you give your consent (i.e. through the cookie banner or by your browser's settings)
Why?
K. If permitted by the applicable law, to record or monitor calls to and from our Customer Care Team for contractual reasons, quality control purposes, analytics, for staff training and/or to protect us in the event of a legal dispute.
On which legal basis?
To pursue our legitimate interest(i.e. improving our Website, its features and our products and services)
Where we rely on legitimate interest as a basis for processing your personal information, we carry out an assessment to ensure that our interest in the use of your data is legitimate and that your fundamental rights of privacy are not outweighed by our legitimate interests (‘balancing test’). You can find out more information about the balancing test by contacting our Data Protection Officer at to [email protected]
4.1. Categories of recipients of your data
We share your personal data, for the purposes described in this Privacy Policy, to the following categories of recipients:
The complete list of parties to which your personal data may be disclosed is available at our registered office and may be requested by writing to [email protected]
4.2. International transfer of your data
Users’ and/or Customers’ personal data is processed in at the Data Controller’s registered office (see point 1), on the lm group servers, and at the offices of other entities to which data may be provided in order to provide the services requested of the Data Controller.
Given the fact that we are an international travel company, we also transfer your personal data to:
Should you want to obtain further details about the safeguards put in place, you can contact us by writing to [email protected]
We retain your personal data for as long as is required to achieve the purposes and fulfil the activities as set out in this Privacy Policy, otherwise communicated to you or for as long as is permitted by applicable law. Further information about the retention period is available here:
Document
Booking records (name, address, contact information, PNR, ID Booking, birth date, number or identity document, date of issue, date of expiring,
issuer country, typology ) including:
- Product details
- records of customer contacts related to the Agent section (i.e. Notes/Events in the BO),
- purchase data
- Checkout "Special request" section
Retention period
10 years
Starting date
From the date of the purchase
Document
Account information (see My Area):
- User, password
- Social login
- Purchase data
Retention period
10 years
Starting date
From the date of the last interaction
Document
Customer care emails (confirmation, schedule change/cancellation, quotation, penalties quotation, payment reminder, refund choice, voucher/payment, massive communications), including customer requests/claims via email
Retention period
10 years
Starting date
From date on which email is sent
Document
Customer care phone records for contractual reasons
Retention period
3 years
Starting date
From the date of the recording
Document
Recorded calls for quality purposes
Retention period
1 month
Starting date
From the date of the call
Document
Chat (Customer/User)
Retention period
3 years
Starting date
From the date of the request
Document
Reports or claims
Retention period
10 years
Document
Contractual documentation (log of the acceptance)
Retention period
10 years
Starting date
From the date of the purchase
Document
Credit card data
Retention period
Not retained
Document
Finance/transactional information
Retention period
10 years
Starting date
From completion of financial transaction
Document
Transactional fraud check data
Retention period
5 years
Starting date
From rejection of transaction for fraud
Document
Surveys
Retention period
1 month
Starting date
From the date of the survey
Document
Data used for marketing activities to customers/users subject to the consent or under soft-opt in
Retention period
5 years
Starting date
From the consent or the renewal of the consent via interaction with marketing communications
Document
Technical cookies
Retention period
Max 3 years
Starting date
From the date of browsing on our websites
Document
Non-technical Cookies
Retention period
Max 1 year
Starting date
From the date of consent
Name of the right
Right of access
Content
To receive confirmation of the existence of your personal data, access its content and obtain a copy.
Name of the right
Right of rectification
Content
To update, rectify and/or correct your personal data.
Name of the right
Right to erasure/right to be forgotten and right to restriction
Content
To request the erasure of your data or restriction of your data which has been processed in violation of the law, including whose storage is not necessary in relation to the purposes for which the data was collected or otherwise processed; where we have made your personal data public, you have also the right to request the erasure of your personal data and to take reasonable steps, including technical measures, to inform other data controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
Name of the right
Right to data portability
Content
To receive a copy of your personal data you provided to us for a contract or with your consent in a structured, commonly used and machine-readable format (e.g. data relating to your purchases) and to ask us to transfer that personal data to another data controller.
Name of the right
Right to withdraw your consent
Content
Wherever we rely on your consent (see p. 3 - F and J), you will always be able to withdraw that consent, although we may have other legal grounds for processing your data for other purposes.
Name of the right
Right to object, at any time
Content
You have the right to object at any time to the processing of your personal data in some circumstances (in particular, where we don’t have to process the data to meet a contractual or other legal requirement (see p. 3-B, C D, H, I), or where we are using your data for direct marketing (p. 3-E).
Name of the right
Right not to be subject to a decision based solely on automated processing, including profiling
Content
You can always request a manual decision- making process instead, express your opinion or contest decision based solely on automated
processing, including profiling, if such a decision would produce legal effects or otherwise similarly significantly affect you.
You can exercise the above rights at any time by:
In case you exercise any of the above rights provided by GDPR, please note that we will attend your request considering the personal information held by all the companies within the lm group where BravoNext, S.A. holds, directly or indirectly, 100% of the shares.
Your rights in relation to your personal data might be limited in some situations. For example, if fulfilling your request would reveal personal data about another person or if we have a legal requirement or a compelling legitimate ground we may continue to process your personal data which you have asked us to delete.
You also may have the right to make a complaint if you feel your personal information has been mishandled. We encourage you to come to us in the first instance but, to the extent that this right applies to you, you are entitled to complain directly to the relevant Data Protection Supervisory Authority.
The contact details of the Data Controller of the data processing described hereinabove are:
BravoNext, S.A., a Swiss company belonging to the lm group, listed in the Ticino business register under no. CHE - 115.704.228 and with registered office at Vicolo de’ Calvi 2 - 6830 Chiasso, Switzerland.
Our Data Protection Officer (or "DPO") is available at:
Cookies are small files which are stored on your computer, they hold a modest amount of data specific to you and allows a server to deliver a page tailored to you on your computer, hard drive, smartphone or tablet (hereinafter referred to as, “Device”). Later on, if you return to our Website, it can read and recognise the cookies. Primarily, they are used to operate or improve the way our Website works as well as to provide business and marketing information to the website owner.
In accordance with the notice of cookie usage appearing on our Website’s homepage and our Cookie Policy you opt for and consent to the use of non-essential cookies, when you accept the cookie notice on the landing page.
What follows is a description of the type of cookies used in the website:
9.1 Types of cookies according to the managing entity
Depending on what entity manages the computer or domain from which the cookies are sent and processed, there exist the following types of cookies:
9.2. Types of cookies according to the length of time you stay connected
Depending on the amount of time you remain active on your Device, these are the following types of cookies:
9.3. Types of cookies according to their purpose
Cookies can be grouped as follows:
To see the list of cookies used on this Website, click here https://www.lastminute.com/info/list-cookies.html.
The information contained in the above list of cookies has been provided by the other companies which generate them.
These companies have their own privacy policies in which they set forth both their own declarations as well as applicable disabling systems.
The lm group is not responsible for the contents and accuracy of third party cookie policies contained in our Cookie Policy.
You must keep in mind that if your Device does not have cookies enabled, your experience on the Website may be limited, thereby impeding the navigation and use of our services.
There are a number of ways to manage cookies. By modifying your browser settings, you can opt to disable cookies or receive a notification before accepting them. You can also erase all cookies installed in your browser’s cookie folder. Keep in mind that each browser has a different procedure for managing and configuring cookies. Here’s how you manage cookies in the various major browsers:
If you use another browser, please read its help menu for more information.
If you would like information about managing cookies on your tablet or smartphone, please read the related documentation or help archives online.
We do not install third party cookies. They are installed by our partners or other third parties when you visit our Website. Therefore, we suggest that you consult our partners’ Websites for more information on managing any third party cookies that are installed. However, we invite you to visit the following website http://www.youronlinechoices.com/ where you can find useful information about the use of cookies as well as the measures you can take to protect your privacy on the internet.
11.1. Facebook Custom Audiences - Facebook pixel
We use the remarketing function “Custom Audiences” of Facebook Inc. (1601 Willow Road, Menlo Park, California 94025) or, if you are based in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. This function allows us to show our Users and/or Customers of our website interest-based ads when they visit Facebook (“Facebook ads”), and to analyze such Facebook ads for statistical and market research purposes, which helps us optimize future advertising. This allows us to serve more relevant advertising.
For this purpose we use the so-called Facebook pixel for our website.
When a User or a Customer visits our website and takes an action (for example, buying something), the Facebook pixel is triggered and reports this action. This way, we will know when a customer took an action after seeing our Facebook ad. We will also be able to reach this customer again by using a Custom Audience. Therefore, this pixel allows user behavior to be tracked after they have been redirected to our Website by clicking on a Facebook ad. This way, we will know when a customer took an action after seeing our Facebook ad. We will also be able to reach this customer again by using a Custom Audience.
Therefore, this enables us to measure the effectiveness of Facebook ads for statistical and market research purposes. The data collected in this way is anonymous to us, i.e. we do not see the personal data of individual users. However, this data is stored and processed by Facebook, which is why we are informing you, based on our knowledge of the situation. Facebook may link this information to your Facebook account and also use it for its own promotional purposes, in accordance with Facebook’s Data Usage Policy https://www.facebook.com/about/privacy. Such data may allow Facebook and its partners to show ads on or off Facebook. A cookie may also be stored on your computer for these purposes.
11.2. Facebook SDK
Within our App, we use the Software Development Kit (SDK) from Facebook. The Facebook SDK is issued and administered by Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA, or, if you are based in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. By means of this integration, we can link various Facebook services with our App (i.e. Facebook Analytics, Facebook Ads, Facebook Login via the SDK, Facebook Account Ki, Facebook Share, Facebook Graph API and Facebook App Events).
In particular, we have linked the following SDK Facebook services with our App:
Facebook Login: to provide you with the the possibility to register or log in with your Facebook account
Facebook App Events: To understand people's actions in our app and measure the effectiveness of your Mobile App Ads. We use this service to evaluate the reach of our advertising campaigns and use of Facebook SDK. Facebook merely provides us with an aggregated analysis of user behavior within our app.
In addition, as our App is linked to SDK Facebook services, we have to follow Facebook policies, which include that we are obliged to share with Facebook, when you download the App, even when you are not logged in to the social media platform, the following data:
By downloading our App you declare that you agree with the communication of the data to Facebook as described above.
Further information about Facebook SDK within iOS can be found here:https://developers.facebook.com/docs/ios. For Android, please refer to: https://developers.facebook.com/docs/android.
You can check and modify the status of your connection to Facebook and the respective access privileges of our Apps at any time under your Facebook profile settings (https://www.facebook.com/settings?tab=applications). If you want to cancel the connection between Facebook and our App, please log in to Facebook and make the necessary changes in your profile settings.
We reserve the right to modify this Privacy Policy at any time in accordance with this provision. If we make changes to this Privacy Policy, we will post the revised Privacy Policy on our Website and update the “Last Updated” date at the top of this Privacy Policy.
Old versions of this Privacy Policy are available here.