Subscribe for free to get the latest travel updates.
Click on Allow when prompted about Notifications.
Update your browser to view this website correctly.
Update my browser nowLast updated April 2022
We recognise the importance of protecting your privacy and User rights in terms of data protection. The Internet is an extremely effective means of transmitting personal information, and the lastminute.com group ("lm group") and all the companies in it are seriously committed to complying with the applicable legislation governing the protection and security of personal data, in order to ensure safe, controlled and confidential browsing for users who visit and/or use our website and/or use our comparison service (hereafter "Users").
This privacy policy describes how we collect, use, process and communicate your personal data when you access our website and use the website and our services, specifically:
1. Who is the data controller?
2. What categories of data do we collect and use?
3. Why and how do we collect data?
4. Who sees, receives and uses the data and where does this take place?
5. For how long do we store your data?
6. What are your data protection rights and how can you exercise them?
7. Contact details for the data controller
8. Contact details for our data protection officer
9. Information about Cookies
10. Privacy notice for Facebook
11. Update and previous versions of this privacy policy
This document also provides Users with information on how to exercise their rights (including the right to object to some of the data management we carry out). More information about your rights and how you can exercise them is set out in the sections below.
Where any term used in this privacy policy is not specifically defined (such as "Service" or "Website"), the definition is understood as being the same as that used in the Company's Terms and Conditions of service.
As indicated in the General Terms and Conditions relating to use of the website, the services offered via the website are provided by Blue SAS, which owns the website. Therefore, where the terms "Company", "we", "our" and "data controller" appear in this privacy policy, they refer in particular to:
Blue SAS, a company incorporated under French law with registration number 490 641 354 and registered office at 75, boulevard Haussmann - 75008 Paris, France, the data controller for processing the personal data of Users in accordance with this privacy policy (hereafter "Company", "we", "our", "data controller").
When you visit the website and use the comparison service (as a "User"), we collect the following categories of personal data:
Personal data that you share with us, including information contained in comments, telephone messages to our Support Service (where available) or via social media channels.
More specifically:
When contact is made between us and the User via the Support Service (where available) or email, we may collect: personal data provided by the User when he/she connects with us, including name and username, telephone number and email address.
When you download and use the app: we do not collect personal data from you directly. Note, however, that some information will be shared via Facebook (section 11.2 of this privacy policy). By installing the app you declare that you have read and accepted the privacy policy and the terms and conditions for the app.
The above personal data, where requested, is required for the proper execution of the contract between us and the User and to enable us to fulfil our legal obligations, except where we require the consent of the data subject as the lawful basis for processing and for our legitimate interest. Without it, we may not be able to provide all the services you request.
It is important that all the personal data you provide is correct and accurate. This includes, for example, ensuring that the contact details we hold (including email address) are correct at all times.
We collect information about your visits to the website and your use of the website, such as the device and browser you are using, the IP address or domain names of any computers connected to the website, the uniform resource identifier of any request made, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the computer environment used, the date and time of the visit, the duration of the visit, the referral site and the navigation path to the website leading to the visit and interactions on the website itself, including the services and offers you are interested in. Note that we may link this information to your User account.
For more information on the purposes for which we collect and use this information, see the section on Cookies in this privacy policy (9. Information about Cookies). Note that your personal details may also be linked to Cookies, e.g. to enable the storage of travel searches made on your personal account when you are logged onto the service and/or to collect information on how you use our products and services.
We may monitor calls to our Support Service (where available), for the purposes of quality control, analysis, staff training and/or to protect ourselves in the event of a legal dispute. Any personal data obtained from the User during the call will be processed in accordance with this privacy policy.
We may receive additional information about Users, such as information on fraud detection and warnings from third-party service providers and/or partners, to the extent permitted by applicable law, in relation to our fraud prevention activities.
Generally, we use your personal data to provide the services you request, provide customer service, notify you about important changes to our website and suggest content and advertising that we think may be of interest to you. More specifically:
Why?
A. To create and maintain the contractual relationship established for provision of the requested service in all its phases and via any possible integration and modification, and to take action with regard to pre-contractual issues at the request of the User (e.g. to respond to User enquiries and concerns). Information relating to service provision and/or to providing Users with clarification or assistance may be sent by email, telephone or similar technologies.
On what lawful basis?
To fulfil a contract or implement measures related to a contract (i.e. to provide services requested and/or provide Users with clarification or assistance)
Why?
B. N/A
Why?
C. To comply with legal, regulatory and compliance requirements and to respond to requests from government authorities and law enforcement agencies conducting investigations.
On what lawful basis?
To comply with the law (i.e. to share personal data with regulatory authorities)
Why?
D. To carry out aggregate statistical analyses on anonymous groups to see how our website and services are used and to check on the performance of our business.
On what lawful basis?
To pursue our legitimate interests (i.e. to improve our website and its functionality and our services)
Why?
E. N/A
Why?
F. N/A
Why?
G. N/A
Why?
H. To keep our website and our systems secure and to prevent and detect security incidents and other offences.
On what lawful basis?
To pursue our legitimate interest (i.e. to ensure the security of our website)
Why?
I. To check compliance with our terms and conditions and to ascertain, exercise or defend a legal right.
On what lawful basis?
To pursue our legitimate interest (i.e. to protect our rights in the event of a dispute or claim, in accordance with our terms and conditions.
Why?
J. To tailor and personalise advertising and online marketing communications based on information collected through Cookies and related to how Users make use of the website, of the services and of other websites (for more information see the section on Cookies in this privacy policy).
On what lawful basis?
Where a User gives his/her consent (i.e. through the Cookie banner or browser settings)
Why?
K. Where permitted by applicable law, we may monitor calls to and from our Support Services for the purposes of quality control, analysis and staff training.
On what lawful basis?
To pursue our legitimate interest (i.e. to improve our Support Service)
Where personal data processing is based on legitimate interest, we carry out an assessment to ensure that our interest in the use of the data is legitimate and that the User's fundamental right to privacy is not compromised by our legitimate interest ("comparative assessment"). For more information on comparative assessment please email our data protection officer at [email protected].
Categories of data recipients
We share your personal data, for the purposes set out in this privacy policy, with the following categories of recipient:
our authorised employees and/or associates who provide assistance and consultancy services in the areas of administration, products, legal advice, the Support Service (where available) and IT systems, and those responsible for maintaining our network and hardware and software equipment; airlines, hotels, car hire companies, insurance companies, tour operators and any other party to whom personal data must be communicated in order to provide a service requested by the User and/or Customer, and who thereby operate as independent data controllers. Note that in accordance with new regulations introduced in the United States and other countries, airlines are required to allow customs and border authorities access to flight passenger data. For this reason, in some situations we may communicate information that we have collected on the passengers included in a reservation to the competent authorities in the countries on the Customer's travel itinerary, if required by local law;
our third-party service providers (including other lastminute.com group entities) who process your personal data on our behalf and under our instructions for the above purposes and thereby acting as data controllers, for example those who provide us with IT and hosting services, call centres and assistance, analytical and administration services, etc.;
social media platforms with which we have a commercial agreement, if expressly requested by the User (e.g. when sharing information generated by our site on such platforms), when downloading our app and consenting, via our privacy policy or via the social media platform, to our sharing information about your online activity with such partners, even when you have not accessed the social media platform, or when such commercial partners, who provide us with functional capabilities, request details about the device on which the app is installed, which they are entitled to do. The information shared will be governed by the privacy policy of the social media platform. The competent authorities, if required by the applicable legislation;
the competent authorities and third-party law enforcement agencies, where it is necessary to enforce our terms and conditions of use and protect and defend our rights or our property or the rights and property of third parties;
third parties who receive the data (e.g. business consultants, tax professionals who provide "due diligence" services or who assess the value and capabilities of the business), where necessary, in connection with the sale of our business or its assets (in which case the data will be communicated to our consultants and the consultants of any potential buyer and transferred to the new owners).
A complete list of subjects to whom personal data may be communicated is available from our registered office and can be requested by email to [email protected].
The processing of Users' personal data will take place at the data controller's registered office (see section 1), on the lastminute.com group servers and at the offices of any other subjects to whom the data may be transmitted for the purpose of providing the requested services to the data controller.
Since we are an international travel company, we also transfer your personal data to:
Countries outside the European Economic Area (EEA) which provide an adequate level of data protection, such as Switzerland, in accordance with the European Commission's "adequacy decisions" which recognise the protection offered by some countries as adequate;
Countries outside the European Economic Area (EEA) where data protection laws may provide less protection than EEA legislation. This happens when:
we communicate data to independent data controllers who may process data outside the EEA to provide a service requested by the User;
we communicate the data to our service providers who act as data controllers on our behalf and who may be in countries outside the EEA. When such transfers take place, we ensure that they are done in accordance with this privacy policy and that this is governed by the standard contractual clauses approved by the European Commission to ensure adequate protection for data subjects. Our suppliers who act as data controllers may be involved in activities such as responding to requests, providing advertising and marketing services on our behalf and providing assistance services via electronic communications or call centres.
Any Users requiring further details regarding the safeguards put in place should email us at [email protected]
We store your personal data for as long as it is required to achieve the purposes and to carry out the activities described in this privacy policy, or as otherwise communicated to Users, or for as long as we are permitted by the applicable legislation. More information on the retention period is available here:
Document
Email from the Support Service, including User requests and complaints
Retention period
10 years
Start date
The date the email was sent
Document
Reports and complaints
Retention period
10 years
DATA COLLECTED VIA TAGS
Document
Technical cookies
Retention period
Max. 3 years
Start date
The date our website was accessed
Document
Non-technical cookies
Retention period
Max. 1 year
Start date
Date the data subject's consent is received
You can exercise your rights guaranteed under EU Regulation 2016/679 (articles 15-22), including rights to:
Name of right
Right of access
Content
To receive confirmation of the existence of personal data, access the content of the data and obtain a copy.
Name of right
Right to rectification
Content
To update, rectify and/or correct personal data.
Name of right
Right to erasure/right to have data forgotten and right to restrict
Content
To request the erasure of data or the limitation of data that has been processed in violation of the law, including data that does not require to be stored for the purposes for which the data was collected or processed; where we have made personal data public, the User also has the right to request the erasure of the personal data and for reasonable measures to be taken, including technical measures, to inform other data controllers who are processing the personal data of the request to delete any link, copy or reproduction of such personal data.
Name of right
Right to data portability
Content
To receive in a structured, commonly used and machine-readable format a copy of the personal data provided to the Company for the purposes of a contract or with the consent of the User, and to request such personal data to be transferred to another data controller.
Name of right
Right to withdraw consent
Content
In the event that we require the consent of the User, the latter will always have the ability to revoke this consent, although we may have other lawful bases for processing the aforementioned data for other purposes.
Name of right
Right to object at any time
Content
The right to object at any time to the processing of personal data in certain circumstances (in particular in cases where it is not necessary to process the data to meet contractual or legal requirements or where the Company uses such data for direct marketing activities).
Name of right
Right not to be subject to a decision based solely on automated processing, including profiling
Content
You can request a manual decision-making process, express your opinion or contest a decision based solely on automated processing, including profiling, at any time, if such a decision would have legal repercussions or similar effects.
You can exercise these rights at any time in the following ways:
By emailing us at [email protected].
In respect of online advertisements and withdrawal of consent, please see the section on Cookies in this privacy policy.
Where the above rights are exercised under the GDPR, we will comply with User requests involving the personal data held by all companies in the lastminute.com group.
Rights relating to personal data can be limited in some situations. For example, if complying with your request would reveal personal data relating to another subject, or if there are binding legal requirements or compelling legitimate grounds, we may continue to process the personal data you have asked us to delete.
You also have the right to complain if you think your personal information has been mismanaged. Users are requested to contact us in the first instance, but it is your right, if this right applies in your case, to lodge a complaint directly with the supervisory authority responsible for data protection.
The contact details of the data controller referred to above are:
Blue SAS, a company incorporated under French law with registered office at 75, boulevard Haussmann - 75008 Paris, France (Commercial Registration no. 490 641 354)
Our data protection officer can be contacted at the following addresses:
75, boulevard Haussmann - 75008 Paris, France
For more information, see our Cookie Policy..
We use the "Custom Audiences" remarketing function of Facebook Inc. (1601 Willow Road, Menlo Park, California 94025 or, for users residing in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). This function allows us to show interest-based advertisements ("Facebook Ads") to Users who visit our website when they are on Facebook, and to analyse these Facebook ads for statistical and market-research purposes, which helps us optimise future advertising. This allows us to offer more relevant advertisements.
For this purpose, we use the "Facebook pixel" on our website.
When a User visits our website and carries out an action, the Facebook pixel is activated and reports the action. We then know when a User has taken action after seeing our Facebook Ad. We can also reach the same User again using the custom audience. The pixel then allows us to track the behaviour of Users when they are redirected to our Website by clicking on a Facebook ad. We then know when a User has taken action after seeing our Facebook Ad. We can also reach the same User again using the custom audience.
This enables us to measure the effectiveness of Facebook Ads for statistical and market-research purposes. The data we collect in this way is anonymous, i.e. we do not see the personal of individual Users. However, the data is stored and processed by Facebook and this is why we inform our Users, based on our understanding of the situation. Facebook may link the data to the User's Facebook account and use it for its own promotional purposes, in accordance with Facebook's Data Usage Policy https://it-it.facebook.com/policy.php. Such data may allow Facebook and its partners to show ads on or off Facebook. A Cookie may also be stored on the User's computer for these purposes.
We use the Facebook Software Development Kit (SDK) in our app. The Facebook SDK is distributed and managed by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA or, for Users residing in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. This integration allows us to link various Facebook services to our app (i.e. Facebook Analytics, Facebook Ads, Login with Facebook via the SDK, Facebook Account Kit, sharing on Facebook, Facebook Graph APIs and Facebook App Events).
Specifically, we have linked the following Facebook SDK services to our app:
Login with Facebook: allows Users to register with Facebook or log in through their own Facebook account.
Facebook App Events: to understand the actions of people when they are using our app and gauge the effectiveness of app advertisements on a User's mobile device. We use this service to evaluate the reach of our publicity campaigns and use of the Facebook SDK. Facebook supplies us with only an aggregate analysis of the behaviour of our app users.
In addition, since our app is linked to the Facebook SDK services, we must follow Facebook's policies, which require us to share the following User data with Facebook when downloading the app, even when Users have not logged on to the social media platform:
anonymous online identifiers;
information confirming that the app has actually been downloaded;
type of device used to download the app;
name of the device model;
geographic area;
time zone;
internet service provider;
size and definition of the device's screen;
the device's CPU core;
external storage of the device in Gb
free space in the device's external storage in Gb
time zone of the device
By downloading our application, Users give their consent to the communication of data to Facebook in the above manner.
Further information about Facebook SDK for iOS is available at:https://developers.facebook.com/docs/ios For Android, go to: https://developers.facebook.com/docs/android.
You can check and change the status of your Facebook link and the related access privileges of our apps at any time in your Facebook profile settings (https://www.facebook.com/settings?tab=applications). If you wish to delete the link between Facebook and our app, you must log in to Facebook and make the appropriate changes in your profile settings.
We reserve the right to change this privacy policy at any time in accordance with this section. If we make changes to this privacy policy, we will post the revised privacy policy on our website and update the "last updated" date at the top of this privacy policy.
Previous versions of this privacy policy are available here.