Last updated May 2018
1. Who is the controller of your data?
2. What categories of your data do we collect and use?
3. Why and how do we collect your data?
4. Who sees, receives and uses your data and where?
5. How long do we retain your data?
6. What are your data protection rights and how can you exercise them?
7. Contact details of the data controller
8. Contact details of our data protection officer
9. Information about cookies
It also informs you how you can exercise Your Rights (including the right to object to some of the data handling we carry out). More information about your rights and how you can exercise them is set out in the section below.
When this policy mentions “Company” “we”, “us”, “our” or “Data Controller”, it refers to:
We, being an entity located in Switzerland, are subject to Swiss law regarding the protection of personal data. For that reason, we undertake to comply with the obligations imposed by the Swiss Federal Act on Data Protection of 19 June 1992 (FADP). In the same vein, we inform our Users and/or Customers that the Decision of the Commission of 26 July 2000 in accordance with Directive 95/46/CE of the European Parliament and the Council relating to the adequate level of protection for personal data in Switzerland declared that, in Switzerland, the laws guarantee an adequate level of protection in accordance with Directive 95/46/CE.
In accordance with Swiss Federal Act on Data Protection of 19 June 1992 and with Article 45 of the Swiss Federal Act on the Supervision of Insurance Companies of 17 December 2004 (FASIC) we inform our Users and/or Customers that their personal data is processed and kept by the Company in the manner and for the means as follows, in accordance with the LPD and LSA.
When you register to the Service, we collect the categories of personal data as follows:
2.1. Personal data provided by you
The personal data that you share with us when you register to the Service to receive our special offers, promotions and other marketing material (i.e. your email address).
The provision of the above personal data, where requested, is necessary for the adequate performance of the contract between you and us and to allow us to comply with our legal obligations. Without it, we may not be able to provide you with all the requested services.
It is important that all the personal data you give us when you register to the Service to receive our special offers, promotions and other marketing material is correct and accurate. This includes ensuring that we have your correct email address at all times.
Please note that we may collect and use information of children only as provided by their parent or guardian or with their consent. If we become aware that we have processed information of a child without the valid consent of a parent or guardian, we reserve the right to delete it.
2.2. Personal data collected automatically from our Website and from third parties
Information about your visits to and use of the Website, such as information about the device and browser you are using, your IP address or domain names of the computers connected to the Websites, uniform resource identifiers for requests made, the time of request, the method used to submit the request to the server, the size of the archive obtained as a response, the numerical code indicating the status of the response given by the server (correct, error, etc.) and other parameters relative to the operating system and the computer environment used, the date and time that you visited, the duration of your visit, the referral source and website navigation paths of your visit and your interactions on the Website including the Services and offers you are interested in. Please note that we may associate this information with your account.
If you link, connect, or login to your account with a third party service (e.g., Facebook, Google), the third party service may send us information such as your registration and profile information (i.e. user name, user ID associated with your social media account, picture, email), and any other information you permit the social network to share with third parties. The data we receive is dependent upon your privacy settings with the social network. You should always review, and if necessary, adjust your privacy settings on third-party websites and services before linking or connecting them to our Website.
|Why?||On which legal basis?|
|A. To meet the legal, regulatory and compliance requirements and to respond to requests by government or law enforcement authorities conducting an investigation.||To comply with the law|
|B. To carry out anonymous, aggregative statistical analyses so that we can see how our Website, products and services are being used and how our business is performing.||To pursue our legitimate interest (i.e. improving our Website, its features and our products and services)|
|C. To keep our Website and systems secure and to prevent and detect fraud, security incidents and other crime.||To pursue our legitimate interest (i.e. ensuring the security of our Website)|
|D. To verify compliance with our terms and conditions and for the establishment, exercise or defence of legal claims.|
To pursue our legitimate interest (i.e. compliance with
our terms and conditions, protection of our rights in the event of any
dispute or claim)
|F. Tosend you via email, phone, mail, SMS or MMS the best deals and offers onproducts and services we think you might find interesting which are marketed by us or our partners orbusiness partners operating in the following sectors:tourism, leisure,entertainment, high technology, fashion, decoration, consumer goods, food andbeverage, finance, banking, insurance, energy, environment, communication, massmedia, real estate, pharmaceuticals, clothing and textiles, education andtraining, energy, publications and publishing, information and communicationstechnology, retail, sport, telecommunications and general services.For further information about how we decide that our offers and dealsmight be of interest to you please read here https://www.lastminute.com/en/info/profiling-info.html .|
Where you give your consent/To fulfil a contract,
or take steps linked to a contract
4.1. Categories of recipients of your data
● Our authorised employees and/or collaborators that assist and advise us on administration, products, legal affairs, Customer Care Team, and information systems, as well as those in charge of maintaining our network and hardware/software equipment;
● Our third-party service providers (including other entities of the lastminute.com group), which process your personal data on our behalf and under our instructions for the purposes described hereinabove acting as data processors, such as those providing us with IT and hosting services call centre and customer support, analytics and administration services etc.
● Our business partners who are social media platforms when it is explicitly requested by you (e.g. when using social media authentication methods).
● Competent authorities when we are required to do so by the current law.
● Third parties that receive the data (e.g. business consultants, professionals for delivering due diligence services or assess value and capabilities of the business) when it is necessary in connection with any sale of our business or its assets (in which case your details will be disclosed to our advisers and any prospective purchaser’s advisers and will be passed to the new owners.
The complete list of parties to which your personal data may be disclosed is available at our registered office and may be requested by writing to: email@example.com
4.2. International transfer of your data
Users’ and/or Customers’ personal data is processed in at the Data Controller’s registered office (see point 1) , on lastminute.com group servers, and at the offices of other entities to which data may be provided in order to provide the services requested of the Data Controller.
Given the fact that we are an international travel company, we also transfer your personal data to:
● non-European Economic Area (EEA) countries offering an adequate level of data protection such as Switzerland in accordance with the “Adequacy decisions” of theEU Commission that recognises some countries as providing adequate protection;
● non-European Economic Area countries where data data protection laws may be less protective than the legislation in the EEA. This happens when:
Should you want to obtain further details about the safeguards put in place, you can contact us by writing to firstname.lastname@example.org.
|Document||Retention period||Starting date|
Booking records (name, address, contact information, PNR, ID Booking, birth date, number or identity document, date of issue, date of expiring,
|10 years||From the date of the purchase|
Account information (see My Area):
|10 years||From the date of the last interaction|
|Customer care emails (confirmation, schedule change/cancellation, quotation, penalties quotation, payment reminder, refund choice, voucher/payment, massive communications), including customer requests/claims via email||10 years||From date on which email is sent|
|Customer care phone records||3 years||From date recording|
|Chat (Customer/User)||3 years||From the date or the request|
|Reports or claims||10 years|
|Contractual documentation (log of the acceptance)||10 years||From the date of the purchase|
|Credit card data||Not retained|
|Finance/transactional information||10 years||From completion of financial transaction|
|Transactional fraud check data||5 years||From rejection of transaction for fraud|
|DATA USED FOR MARKETING PURPOSES (CRM)|
|Data used for marketing activities to customers/users subject to the consent||5 years||From the consent or the renewal of the consent via interaction with marketing communications|
|DATA COLLECTED VIA TAG|
|Technical cookies||Max 3 years||From the date of browsing on our websites|
|Non-technical Cookies||Max 1 year||From the date of browsing on our websites|
|Name of the right||Content|
|Right of content|| To receive confirmation of the existence of your personal data, access its|
content and obtain a copy.
|Right of rectification||To update, rectify and/or correct your personal data.|
erasure/right to be forgotten and right to restriction
|To request the erasure of your data or restriction of your data which has been processed in violation of the law, including whose storage is not necessary in relation to the purposes for which the data was collected or otherwise processed; where we have made your personal data public, you have also the right to request the erasure of your personal data and to take reasonable steps, including technical measures, to inform other data controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.|
Right to data
To receive a copy of your personal data you provided
to us for a contract or with your consent in a structured, commonly used and
machine-readable format (e.g. data relating to your purchases) and to ask us to transfer that personal data to another data controller.
withdraw your consent
| Wherever we rely on your consent (see p. 3 - F and E), you will always be able to withdraw that consent, although we may have other legal grounds for|
processing your data for other purposes.
Right to object,
at any time:
You have the right to object at any time to the processing of your personal data in some circumstances (in particular, where we don’t have to process the
data to meet a contractual or other legal requirement (see p. 3-B, C, D)
You can exercise the above rights at any time by:
· Contacting us via email at email@example.com
· As for direct marketing please note that you can also object at any time by clicking on the unsubscribe link which we provide in each communication sent to you
Your rights in relation to your personal data might be limited in some situations. For example, if fulfilling your request would reveal personal data about another person or if we have a legal requirement or a compelling legitimate ground we may continue to process your personal data which you have asked us to delete.
You also may have the right to make a complaint if you feel your personal information has been mishandled. We encourage you to come to us in the first instance but, to the extent that this right applies to you, you are entitled to complain directly to the relevant Data Protection Supervisory Authority.
The contact details of the Data Controller of the data processing described hereinabove are:
BravoNext, S.A., a Swiss company belonging to the lastminute.com group, listed in the Ticino business register under no. CHE - 115.704.228 and with registered office at Vicolo de’ Calvi 2 - 6830 Chiasso, Switzerland.
Cookies are small files which are stored on your computer, they hold a modest amount of data specific to you and allows a server to deliver a page tailored to you on your computer, hard drive, smartphone or tablet (hereinafter referred to as, “Device”). Later on, if you return to our Website, it can read and recognise the cookies. Primarily, they are used to operate or improve the way our Website works as well as to provide business and marketing information to the Website owner.
What follows is a description of the type of cookies used in the website:
9.1. Types of cookies according to the managing entity
Depending on what entity manages the computer or domain from which the cookies are sent and processed, there exist the following types of cookies:
● First party cookies: these are sent to your Device from a computer or domain managed by us and from which the service you requested is provided.
● Third party cookies: these are sent to your Device from a computer or domain that is not managed by us, but by a separate entity that processes data obtained through cookies.
9.2. Types of cookies according to the length of time you stay connected:
Depending on the amount of time you remain active on your Device, these are the following types of cookies:
● Session cookies: these are designed to receive and store data while you access the Website. These cookies do not remain stored on your Device when you exit the session or browser.
● Persistent cookies: these types of cookies remain stored on your Device and can be accessed and processed after you exit the Website as well as when you navigate on it for a pre-determined period of time. The cookie remains on the hard drive until it reaches its expiration date. The maximum time we use persistent cookies on our Website is 2 years. At this point the browser would purge the cookie from the hard drive.
9.3. Types of cookies according to their purpose
Cookies can be grouped as follows:
a. Technical cookies: these cookies are strictly necessary for the operation of our Website and are essential for browsing and allow the use of various features. Without them, you cannot use the search function, compare tool or book other available services on our Website.
b. Personalisation cookies: these are used to make navigating our Website easier, as well as to remember your selections and offer more personalised services. In some cases, we may allow advertisers or other third parties to place cookies on our Website to provide personalised content and services. In any case, your use of our Website serves as your acceptance of the use of this type of cookie. If cookies are blocked, we cannot guarantee the functioning of such services.
c. Analytical cookies for statistical purposes and measuring traffic: these cookies gather information about your use of our Website, the pages you visit and any errors that may occur during navigation. We also use these cookies to recognise the place of origin for visits to our Website. These cookies do not gather information that may personally identify you. All information is collected in an anonymous manner and is used to improve the functioning of our Website through statistical information. Therefore, these cookies do not contain personal data. In some cases, some of these cookies are managed on our behalf by third parties, but may not be used by them for purposes other than those mentioned above.
To that end, we can also use the services of a third party in order to collect data and/or publish ads when you visit our Website. These companies often use anonymous and aggregated information (not including, for example, your name, address, email address or telephone number) regarding visits to this Website and others in order to publish ads about goods and services of interest to you.
To see the list of cookies used on this Website, click here http://www.lastminute.com/info/list-cookies.html.
The information contained in the above list of cookies has been provided by the other companies which generate them. These companies have their own privacy policies in which they set forth both their own declarations as well as applicable disabling systems.
You must keep in mind that if your Device does not have cookies enabled, your experience on the Website may be limited, thereby impeding the navigation and use of our services.
There are a number of ways to manage cookies. By modifying your browser settings, you can opt to disable cookies or receive a notification before accepting them. You can also erase all cookies installed in your browser’s cookie folder. Keep in mind that each browser has a different procedure for managing and configuring cookies. Here’s how you manage cookies in the various major browsers:
If you use another browser, please read its help menu for more information.
If you would like information about managing cookies on your tablet or smartphone, please read the related documentation or help archives online.
Users’ and Customers’ personal information is processed electronically and/or manually, guaranteeing security and confidentiality of the same, and avoiding any type of unauthorized access. The Data Controller guarantees that the data will be processed in accordance with established uses and strictly within the time frame necessary to comply with the uses for which it is collected.