lastminute.comlastminute.comPowered by
Kiwi.com

Privacy Policy of Kiwi.com

We at Kiwi.com take your privacy very seriously. Currently, we comply with the Regulation No. 2016/679, the General Data Protection Regulation, also known as GDPR, which sets the highest privacy and data protection standard in the world. In this Privacy Policy we explain what data we collect from you, why we collect it, how we use it and with whom we might share it. It also explains what rights you as a data subject have and how you can fulfill them.

This Privacy Policy applies to any data processing done by us in connection to the use of our services, both through our website lastminute.kiwi.com (the “Website”) and through our mobile applications for iOS and Android (the "App").

Who are we?

We, as the Data Controller, are the company Kiwi.com s.r.o., ID No. 29352886, with a registered office at Palachovo náměstí 797/4, Starý Lískovec, Post Code 625 00 Brno, registered in the Companies Register administered by the Regional Court of Brno, file no. C 74565, Tax ID No. CZ29352886.

Some terms that we use in this Privacy Policy

Personal Data: any information relating to a directly or indirectly identified or identifiable natural person. That means that if we possess means to identify either you or even the device you're using, any information that we can connect to you will be treated as Personal Data.

Data Controller: someone that determines the purposes and means of processing Personal Data. For example, we are a Data Controller when we process your Personal Data for the purposes stated in this Privacy Policy. If you choose to book a ticket through our website or app, we will be sending your Personal Data to another Data Controller – the carrier or the provider of other services – who will again use your Personal Data for its own purposes. Each Data Controller should have a Privacy Policy such as this one where you can learn about how your Personal Data is processed. You can see the full list of Data Controllers we might share the data with below.

Data Processor: a third party that only helps to achieve the purposes determined by the Data Controller. For example, we as a Data Controller use many third-party services to which we outsource some parts of our activities that we don’t do ourselves for various reasons such as cost efficiency. A Data Processor is only allowed to process your Personal Data according to our documented instructions.

Third Countries: countries in which the GDPR regime is not applicable. Currently, by Third Countries we mean all countries that lie outside of the European Economic Area.

What Personal Data do we collect?

Depending on the processing purpose, we may process the following categories of Personal Data:

CATEGORY OF PERSONAL DATA DESCRIPTION
Identification information Information used to identify you as a natural person, such as your name, surname, gender, nationality, and date of birth, and artificial online identifier created by us, such as Kiwi.com ID.
Contact information Information used to contact you, such as your email address and telephone number.
Your online behavior while interacting with us Your behavior on our Website and in our App, i.e. what you visited, how long you stayed, what you clicked on, etc. We also track your interactions with the emails and notifications that we send you, such as if you open the email or if you click on any of the links that it contains.
Device and network metadata Information about the device that you used to access our Website or the device on which our App is installed and your network connection metadata. This information includes, for example, your operating system, web browser, screen resolution, IP address, etc.
Account information The settings and other data which you generate while using the Kiwi.com Account, such as the Price Alerts, search history or specific settings, profile picture, the login details which you use to log into the Kiwi.com Account, i.e. the email and password (we never store the passwords in a non-encrypted form), and the data related to the Kiwi.com Compass, if you have this functionality activated.
Information about your order(s) Details of your order, i.e., all that you choose in the order form and what you later change or purchase as an addition to the original order. If you order a special assistance service or if you submit a cancellation request out of medical reasons, we will process your health data as necessary for the provision of these services.
Travel document information Number and expiration date of the ID or Passport (depending on which one you give us).
Payment information Information which you give us to execute the payment. Usually, this means the payment card details. We never store the payment card details in a non-encrypted form.
Documents necessary to be provided with the brokered service Documents that we get from the provider of the service which we broker for you, such as the boarding passes or the e-tickets.
Information about your requests and your communication with us All of the text and voice communications exchanged between you and Kiwi.com in connection to your requests (e.g., customer support cases), metadata, and notes generated by our systems and agents.
Your settings Some settings of the Website or in the App which you have made, such as the language, currency or cookie settings.

For what purposes do we use your Personal Data?

Users

Whenever you access our Website or App, we process your Personal Data for the purposes defined below:

NAME DESCRIPTION CATEGORIES OF PERSONAL DATA LEGAL GROUND
Delivering the functionalities of the Website and App We will process your Personal Data so that we're able to deliver you the functionalities of our Website and App. Your online behavior while interacting with us
Device and network metadata
Your settings
Art. 6.1(f) - necessity for the purposes of legitimate interest of Kiwi.com (Delivery of product features).
Product development, service improvement, and business development We constantly strive to improve our product and services. To be able to do that, we need precise data about your interactions with us. Therefore, we collect data about your device and your network identifiers along with your behavior on our Website and in the App. We analyze all this data and use it to create or modify our features and processes. We use data also to grow our business. Whenever we need to reach a business decision, we look at data that is generated by our most important variable — our customers. Your online behavior while interacting with us
Device and network metadata
Art. 6.1(f) - necessity for the purposes of legitimate interest of Kiwi.com (Product, service, and business development).
Kiwi.com Account If you create the Kiwi.com Account, we will process your Personal Data as necessary to deliver you all the features it includes, in accordance with the Terms of Use. The scope of the processed Personal Data will change depending on whether you save your details. Contact information
Account information
Identification information
Art. 6.1(b) - necessity for the conclusion and performance of a contract (Terms of Use).
Kiwi.com Compass In order to provide you with additional advantages offered by our loyalty program "Kiwi.com Compass", we need to process your Personal Data. The main reasons to process the Personal Data are to keep records of your membership and usage of your Compass points, to store your payment card details, and to provide you with all the other features included in this program. Identification information
Contact information
Payment information
Art. 6.1(f) - necessity for the purposes of legitimate interest of Kiwi.com (Provision of benefits to our customers).
Direct marketing & Online advertising To provide you with the best offers and to maximize our marketing efficiency, we process your Personal Data for the purposes of direct marketing (email offers and related processing activities). Besides your contact details, we also keep data like your transaction and travel history, travel preferences, and other data about your interaction with us that help us with customer segmentation and personalization of these offers. For example, we might tailor a special offer just for you based on your previous orders.
Additionally, when you provide your information during the booking process or while ordering another service, we may send you an email to remind you of any unfinished orders that are still incomplete. We will only keep your Personal Data collected in this way for 30 days.
We will never share your contact details with other Data Controllers without your knowledge, and we will only contact you with offers that are linked to our main business. You can always unsubscribe and check your subscription status through the links below every newsletter that you get from us.
Besides direct messages to make sure that you don't miss our offers, we send out website and app push notifications (with your consent), and we also display ads on Kiwi.com and third-party websites that are tailored for you according to your past orders. It might, therefore, happen that you will see advertisements that offer booking of transportation via Kiwi.com elsewhere on the internet.
If you don’t check the box on the booking page that you do not wish to be contacted via telephone in connection to an unfinished order, if for some reason you don’t finish it, we may contact you to offer our help with it.
Your online behavior while interacting with us
Account information
Device and network metadata
Contact details (if entered into the fields)
Art. 6.1(f) - necessity for the purposes of legitimate interest of Kiwi.com (Direct marketing).
Marketing analytics To improve our marketing campaigns in general, we perform analyses to help us see which campaigns work and how they contribute to our conversion rates. Additionally, we analyze your interactions with Kiwi.com to send you offers that will be relevant for you. Your online behavior while interacting with us
Device and network metadata
Art. 6.1(f) - necessity for the purposes of legitimate interest of Kiwi.com (Direct marketing).
Establishment, exercise, or defence of legal claims To be able to exercise our legal claims arising out of your use of our Website / App in breach of our Terms of Use or use in breach of some statutory obligation and to be able to defend ourselves against legal claims raised by you, we will store your Personal Data for at least 4 years from the point of your use of the Website / App. Identification information
Your online behavior while interacting with us
Device and network metadata
Account information
Contact details (if entered into the fields)
Your settings
Art. 6.1(f) - necessity for the purposes of legitimate interest of Kiwi.com (Protection of our legal rights).
Information Security We need to protect ourselves against various security threats, who try to exploit vulnerabilities in our security and hurt our business. To do that, sometimes we need to process the Personal Data of our users. Your online behavior while interacting with us
Device and network metadata
Art. 6.1(f) - necessity for the purposes of legitimate interest of Kiwi.com (Security).

Customers

When you order any of our services, we will continue to process your Personal Data for the purposes explained above. The scope of the processed Personal Data for these purposes will newly also include the Information about your order(s) and Information about your requests and your communication with us. Besides this, we will process your Personal Data for the following purposes:

NAME DESCRIPTION CATEGORIES OF PERSONAL DATA LEGAL GROUND
Ordering & Provision of services The main reason we collect and use your Personal Data is to conclude an agreement with you and to provide you the services you have ordered. Depending on the extent to which you use our services, we will process your Personal Data in a way that is necessary to enter into and fulfill our Service Agreement as described in our Terms & Conditions. The services that we provide include, primarily, the brokering of a contract of carriage and related services between you and the selected carrier. We may also process your Personal Data for this purpose when providing you with the service of enforcement of your claims against carriers.
To achieve this purpose, we need to share your Personal Data with the carriers with whom you will enter into a contract of carriage and, in some cases, also with operators of ticket marketplaces, such as the Global Distribution Networks. Additionally, to pay for the tickets, we will use your name and surname to generate a single-use virtual payment card, which we use for the financial settlement with the transport provider.
If you order additional service Special assistance or when you ask us for a refund due to health issues, we will process your Personal Data concerning health. In the case of the Special assistance service, we will share it with the carrier of your choice. During the ordering process, you will be asked to give your explicit consent with the processing of this Personal Data. You can always withdraw your consent through this form: lastminute.kiwi.com/privacy/rights. However, please note that if you withdraw the consent with the processing of your Personal Data for the purpose of the Special Assistance additional service, we won't be able to provide you with any subsequent support related to this service.
It may also happen that you choose to order another service that we or our partners offer on our website or in our app, such as insurance or accommodation. We will process your Personal Data as required to enter into a contract with you and to provide you with the ordered service or (if the service is provided by our partner) to enable you to enter into the contract with the service provider and to do our part in the contractual relationship between you and the third-party service provider. You can find the complete list of third-party Data Controllers that we might share your data with below.
Identification information
Contact information
Information about your order(s)
Travel document information
Payment information
Documents necessary to be provided with the brokered service
Art. 6.1(b) - necessity for the conclusion and performance of a contract (Terms and Conditions).
Fraud prevention When you book a ticket or order any other service through our website or app, during the payment transaction, we use a third-party service that helps us prevent fraudulent behavior. This is a very common process that happens nearly every time you order something online. For this to be possible, we will transfer your Personal Data momentarily to a third-party provider of fraud-checking service. However, this is not something to worry about, the whole transaction is completely secure, and we use one of the best and most common fraud-prevention tools. These third-party service providers (currently we use products from the companies Forter, Inc. and Riskified Ltd.) use the Personal Data, which they collect to build a database of online fraudulent behavior. They then compare this database with the behavior of the end-users of their clients, and whenever they detect similar behavioral signs, they can tell the clients to reject payments done by fraudsters.
Furthermore, to prevent attempts for fraudulent chargebacks, if you report fraudulent purchase through your bank, we might check your social media to see, whether you have some sort of connection to the person who ordered the ticket to make sure that it is not an attempt to get the money for the ticket back by fraud. We will only process limited information about your connection to the person, who ordered the ticket, and whether you, by any chance, have not published some information connected to the journey (e.g., photos from the airport taking a flight).
Identification information
Contact information
Information about your order(s)
Travel document information
Payment information
Your online behavior while interacting with us
Device and network information
Publicly available information related to your order
Art. 6.1(f) - necessity for the purposes of legitimate interest of Kiwi.com and the e-commerce industry in general (Fraud prevention).
Customer support Customer support is a big part of our services. We will record all of our communication through all channels, such as email, chat, and phone calls, in order to provide you with the service that you require. Part of our customer support is also helping our customers with potential legal issues with the carriers (in case of missed flights and similar situations). For this, we have partnered with a third-party service provider. When you have a legal problem, we will send this provider your email address, and you will be contacted with an offer to help you exercise your claims. You can learn more about the sharing of your Personal Data with third-party data controllers here. Identification information
Contact information
Information about your order(s)
Travel document information
Information about your requests and your communication with us
Art. 6.1(b) - necessity for the conclusion and performance of a contract (Terms and Conditions).
Sharing information with metasearch engines If you get to our booking page through a third-party search engine (so-called metasearch), we will let the operator of this metasearch know that you have successfully finished the booking, which you have found on their site. Information about your order(s) Art. 6.1(f) - necessity for the purposes of legitimate interest of the metasearch (Business operations).
Establishment, exercise or defence of legal claims We store and process your Personal Data to establish, exercise, or defend legal claims. Whenever you book a ticket or order any other service, we will keep all relevant data for potential future legal claims that you or we could have, especially in judicial and other proceedings and when recovering or selling claims you assigned to us, for at least 4 years from the point of the creation of the corresponding order. Similarly, if you send us a data protection request, we will also store all the data you give us and the data about our handling of the request for this purpose. Identification information
Contact information
Information about your order(s)
Travel document information
Payment information
Your online behavior while interacting with us
Device and network information
Publicly available information related to your order
Information about your requests and your communication with us
Art. 6.1(f) - necessity for the purposes of legitimate interest of Kiwi.com (Protection of our legal rights).
Compliance with legal obligations We need to process some of your Personal Data to fulfill certain legal obligations that are applicable to us. Because this is a legal necessity, we do not need to obtain your consent for it. For this purpose, we will process your identification and contact information and information about your bookings. The main legal obligations we need to do this for arise from Act No. 89/2012 Coll, the Civil Code, Act No. 634/1992 Coll, on the protection of consumers, Act No. 235/2004 Coll, on Value Added Tax and Act. 563/1991 Coll, on Accounting. If you send us a data protection request to fulfill one of your rights, we will ask you for some personal data which we will then process to achieve compliance with the applicable law. Information about your order(s)
Information about your requests and your communication with us
Art. 6.1(c) - necessity for compliance with legal obligations to which Kiwi.com is subject.

Co-travelers

If someone orders a service from Kiwi.com for you (for example, books a flight ticket with your name), we will process your Personal Data, even if you're not a direct customer. Your Personal Data will be processed for the following purposes:

NAME DESCRIPTION CATEGORIES OF PERSONAL DATA LEGAL GROUND
Ordering & Provision of services If someone orders our services for you, we will process your Personal Data as necessary for the provision of this service. Identification information
Contact information
Information about your order(s)
Travel document information
Art. 6.1(f) - necessity for the purposes of legitimate interest of Kiwi.com (Provision of services).
User account — saved traveler When someone orders service for you and has a Kiwi.com Account, we will offer them to store your Personal Data for the easier ordering of other services for you in the future. If we are provided with your email, we will send you information about this. If your travel document information is saved as well, we make them accessible to our user only if you grant us your consent. The consent may always be withdrawn. Identification information
Contact information
Travel document information
Art. 6.1(f) - necessity for the purposes of your legitimate interest (Simplification of future bookings).
Art. 6.1(a) - consent (with saving travel document information).
Establishment, exercise or defence of legal claims To be able to defend ourselves against legal claims raised by you in connection with our provision of the services, we will store your Personal Data for at least 4 years from the point of the creation of the corresponding order. Identification information
Contact information
Information about your order(s)
Travel document information
Art. 6.1(f) - necessity for the purposes of legitimate interest of Kiwi.com (Protection of our legal rights).

Who do we share your Personal Data with and why?

Sharing data with other Data Controllers

In some cases, we will share your Personal Data with third parties for their purposes. For example, we send your data to the carriers with which you, through our brokerage services, enter into a contract of carriage and whose identity will be made known to you before you enter into the agreement with us or with a provider of other services under the same conditions. In some cases, we also share your Personal Data with the operators ticket marketplaces, such as the Global Distribution Services.

This means that your Personal Data may be disclosed to selected carriers or other service providers in Third Countries. You can learn more about transferring your data to Third Countries here.

Each selected carrier will treat your Personal Data in accordance with their own Privacy Policy (which is published on every carrier's website). Disclosure of Personal Data to other service providers will be done in accordance with the applicable Personal Data laws and regulations.

If you give us your consent through our cookie settings, we will share some of your data with our partners for marketing purposes.

Learn more

CATEGORY OF RECIPIENTS RECIPIENTS
Carriers
To be able to book tickets that you choose, we need to send your Personal Data to the selected carriers.
The carrier, whose ticket you choose to buy. When booking a ticket, it will be always visible, who is the carrier that you will travel with.
Global Distribution Systems
Sometimes, when we search for the flights, we use the Global Distribution System (GDS). GDS providers are always Data Controllers. The data protection duties by GDS providers are specifically addressed in the EU Regulation No. 80/2009 on Code of Conduct for computerised reservation systems.
Amadeus
Galileo (operated by Travelport)
Sabre
Other service providers
When you order another service, we will send your Personal Data to the third party that provides the service that you've ordered.
The provider of service that you order. When ordering the service, it will be always clearly visible, who is its provider.
Fraud prevention tools
These third-party service providers use Personal Data, which they collect to build a database of online fraudulent behavior. They then compare this database with the behavior of the end-users of their clients. Whenever they detect similar behavioral signs, they can tell the clients to reject payments done by fraudsters.
Riskified Ltd.
Payment acquirers and processors
Execution of a payment order on a merchant’s website is only a first step in a long chain of technical operations that need to happen before the payment reaches your (bank) account and is confirmed back to the merchant. The information needs to pass through various payment processors and acquiring banks. All these subjects act as data controllers because they have complete control over the data.
PayU S.A.
ZOOZ Ltd.
Wirecard - Wirecard Bank AG
Worldpay (UK) Limited
Be2Bill - DALENYS PAYMENTS SAS
Credorax Ltd
Braintree (PayPal (Europe) S.à r.l. et Cie, S.C.A.)
Legal support providers
We may use the services of other subjects when protecting our legal rights and claims.
Attorneys-at-law, collection agencies.

Sharing Data with Data Processors

There are many activities that we need completed but can't do by ourselves. Therefore, we use third-party partners to help us. In many such situations, the partners logically couldn't manage without your Personal Data. Because of this, we share it with them. However, in all cases like this, we remain controllers of your Personal Data and they act as processors.

That means that even though they are in possession of your data, they can only process it for our purposes and we are always in charge of it. They cannot under any circumstances use the data for their own purposes or to use the data in a way that would go against our agreement.

Furthermore, we only use partners that have given us sufficient guarantees that they comply with the legal requirements and that your data will be always kept safe.

Learn more

\
CATEGORY OF RECIPIENTS RECIPIENTS
Basic infrastructure providers
As for nearly any other internet company, the best way to operate our business is to outsource the basic infrastructure (servers) to the biggest, best and most secure providers in the world.
Amazon Web Services Inc.
OVH.CZ s.r.o.
Hetzner Online GmbH.
DigitalOcean, LLC.
Akamai Technologies, Inc.
Google Inc.
Booking management and customer support tools
We need to keep all the data related to your booking and customer support in one place. Therefore, we use software from third-party providers that allow us to quickly access your data in order to maximize your customer experience.
Citrix Systems, Inc.
Genesys Telecommunications Laboratories, Inc.
Customer support vendors
We outsource some of our customer support assignments to third-party agencies with customer support sites where their employees work as our customer support agents.
Convergys International Europe B.V.
WNS Global Services UK Limited
Teleperformance Limited
KCU LLC (Teleperformance Ukraine)
IGT Technologies Inc.
Payment solution
To accept, encrypt and safely process your payment information, we use third-party payment gate which offer the highest standard of security in the industry (PCI DSS).
ZOOZ Ltd.
Email and SMS communication tools
For the provision of our services, we need to send email and SMS messages to our customers. To do this automatically and smoothly, we need to use the services of external technology providers.
Twilio Inc.
Nexmo Inc.
Customer and Message Systems, Inc. (Sparkpost)
The Rocket Science Group LLC (Mandrill, MailChimp)
Mailgun Technologies, Inc.
SendGrid, Inc.
Fraud prevention tools
To avoid fraudulent transactions, we check all payments with a "fraud preventor" i.e. third-party technology provider, which detects fraudulent payment attempts.
Forter, Inc.
Jumio Corp.
Booking and ticketing partners
Sometimes, we need help with the purchase of the tickets. In most cases, we use the services of various third-party distribution networks. Sometimes we also employ the services of third-party mediators who help us buy tickets from these distribution networks indirectly. All this is done to find the best possible prices available.
Various online travel agencies, with which we have concluded an agreement on provision of booking and/or ticketing services.
Providers of enforcement services
When representing you against carriers for protection of your rights and claims, we may use the services of third parties.
Attorneys-at-law, collection agencies.
Services for personalized offers and marketing analytics
Sometimes, we want to send you marketing materials or use your Personal Data for market segmentation to find out which marketing strategy to use based on shared characteristics with our customers. To automate this, we outsource these services from third parties.
Exponea s.r.o.
Facebook Inc.
CityAds Media, LLC.
Marin Software Ltd.
Analytical tools
We use analytic and logging software tools from third-party providers which allow us to have bigger insights about our customer base and make our services as convenient to our customers as possible.
Exponea s.r.o.
Facebook Inc.
Google LLC.
Keboola s.r.o.
GoodData Corporation.
Datadog Inc.
Logmole
Loggly, Inc. (SolarWinds Worldwide, LLC)
Functional Software, Inc. dba Sentry
Smartsupp.com, s.r.o.
Mapbox, Inc.
Criteo SA
FullStory, Inc.
Software engineers
Sometimes, we may share Personal Data with our external software engineers who help us with our technology.
Currently, we cooperate with many software engineers. To respect their right to privacy, we’re not sharing their Personal Data.
Accounting tool
We are obligated to issue proper invoices and keep accounting documents (e.g. invoices) in the state which is required by Czech law, therefore, we are using accounting systems which are provided by a third party.
Fakturoid s. r. o.

How long do we store your Personal Data?

In general, we will process your Personal Data until we don’t need it for any of the purposes defined in this Privacy Policy. Usually, we process your Personal Data for the duration of statutory limitation period, which is generally 3 years, plus an additional 1 year because of the time reserve necessary for delayed deliveries of notices and our additional actions.

For the purpose of legal obligations fulfillment, we process your Personal Data for the duration required by the applicable law, e.g. 10 years for archiving of invoices.

For the purpose of your Kiwi.com user account, we will store your Personal Data for 5 years after the last action you performed by you while logged in. If you are a member of our loyalty program, we will process your Personal Data for the existence of your loyalty account.

For the purpose of personalized offers, you will periodically get email offers from us, and in every email, there will be a clear and easy way to unsubscribe and therefore object to this type of processing. We will keep and use your Personal Data for this purpose until you unsubscribe.

How to access and control your Personal Data?

We want you to always be in control of your Personal Data. To this end, you have certain rights that allow for it. Under certain conditions, you may:

  1. gain access to all your data that we use or processing, and even get a copy of all of it,
  2. ask us to delete your data,
  3. correct the data that we are processing if you think that there are mistakes,
  4. restrict the data processing,
  5. object to processing,
  6. receive your Personal Data in a commonly used and machine-readable format or to transmit this data to a different provider.

You can exercise your rights by sending us an email with your request through this form: lastminute.kiwi.com/privacy/rights.

Please note, that in order to ensure the safety of your Personal Data, we will only comply with the requests that are sent from the email address used during the booking or ordering of a service. If someone else did the booking for you, we will request that you provide additional information to us (Booking ID, etc) to ensure that you are really the owner of the Personal Data in concern.

Learn more

Access your Personal Data

At any time, you have the right to ask us whether we process your Personal Data and to get the following information:

  1. Purposes for which we process your Personal Data,
  2. Categories of your Personal Data we're processing,
  3. List of third-parties with whom we share your Personal Data, in particular when these third-parties are based in Third Countries
  4. Duration that we plan to process your Personal Data, or at least how we determine the retention period
  5. Your rights as a data subject according to the GDPR
  6. Your right to lodge a complaint with a supervisory authority
  7. Where we received your data in cases where we didn't get the data straight from you,
  8. If applicable, any information about automated decision making that you may be subject to
  9. When the data was transferred to a Third Country and what safeguards apply according to the GDPR

Also, on your request, we will provide you with a full copy of all the Personal Data about you that we're processing. The first copy is for free. However, for any further copies we may charge you a fee to cover our administrative costs.

You can also request your data in a commonly used format for the sake of data portability.

Delete your Personal data

You have also the right to have your data completely deleted (or more precisely, irreversibly anonymised) if one of the following situations applies to you:

  1. we no longer need your Personal Data for any of the purposes defined in this Privacy Policy
  2. you've successfully objected to the processing according to the Art. 21 of the GDPR and we have no other purpose for which we need your Personal Data,
  3. we've processed your Personal Data unlawfully, or
  4. there is a legal obligation that obliges us to delete your Personal Data.

However, you don't have the right to request the deletion of your Personal data, if the processing is necessary for:

  1. exercising the right of freedom of expression and information,
  2. compliance with a legal obligation that obliges us to keep the Personal Data, or
  3. we need the Personal Data for the establishment, exercise or defence of legal claims

Correct your Personal Data

If you feel that any Personal Data that we're processing about you is not accurate, you can let us know and we will do our best to correct it.

Please note, that we cannot correct the data in our databases that are connected to your ticket. If we would do that, it wouldn't change it on the part of the carriers or providers of other services and we couldn't pair it together. If you want to change the details on your ticket, you can always do it in the Manage My Booking section on Kiwi.com.

Restrict processing of your Personal Data

Under certain conditions, we will restrict the processing of your Personal Data. This means that we will make sure that they are not being processed for any other purpose than to archive it or to move it to a secure archive. You have the right to request this restriction if:

  1. you challenged the accuracy of your Personal Data (we will continue processing it once this is resolved),
  2. we've processed your Personal Data unlawfully but instead of deletion, you only request restriction,
  3. the only remaining purpose for processing your Personal Data is the establishment, exercise or defence of legal claims, or
  4. you've objected to data processing according to the Art. 21 Para 1 of the GDPR and we're assessing whether your request is justified

Object to processing of your Personal Data

You can object against any purpose for which we're processing your Personal Data based on the legal ground of legitimate interest. When you object against processing for any Marketing purposes, we will stop using your Personal Data for this purpose immediately.

If you protest against any other purpose based on a legitimate interest, we will stop processing your Personal Data for this purpose, unless we can prove that our legitimate grounds for processing it override your individual interests, rights and freedoms.

Get your Personal Data portable

Lastly, you have the right to obtain your Personal Data processed for the purposes of Provision of our services (or any other purposes where we process your Personal Data based on either consent or necessity for a conclusion or performance of a contract) in a commonly used and machine-readable format and have the right to transmit that data to another controller of your choice.

Cookies & Similar technology

Cookies are small text files placed on your device that allow us to remember certain information about you for multiple purposes, such as the operation of multiple basic functionalities of our website, storing your setting and preferences on our website, managing your account, preventing fraud, improving performance while browsing our website, marketing purposes or analysing your use of our website for the purposes of improving our website and our services.

Basically, on our site, you will encounter four types of cookies:

  1. Cookies that are strictly necessary for the operation of our website and provision of our services (these cannot be turned off),
  2. So-called “performance cookies”, i.e. cookies that we use for statistics in order to improve our services,
  3. Cookies that we use for marketing purposes, and
  4. Cookies that we use to share your Personal Data with our partners.

You can turn off the cookies that use for statistics and marketing purposes by setting your cookie preferences here.

You may always check and modify your preferences when it comes to digital advertising on the web pages of the Digital Advertising Alliance (DAA), at http://optout.aboutads.info/, or on the web pages of the European Interactive Digital Advertising Alliance (EDAA), at http://www.youronlinechoices.com/.

Learn more

I. NECESSARY COOKIES

COOKIES PURPOSE
__cfduid
__cfruid
CloudFlare Security Features
Cookies necessary for the purpose of technical security of the core functions of our website.
forterToken
forterTokenCopy
ftr_ncd
Forter
A fraud prevention tool used for all payments on our website. This cookie is necessary to complete the transaction.
lastRskxRun
rskxRunCookie
Riskified
Another fraud prevention tool.
gwmSourcePage
SKYPICKER_AFFILIATE
SKYPICKER_AFFILIATE_UID
SKYPICKER_AFFILIATE_SUB
sub1Param
We use these cookies to track from which affiliate website you came (if any) and other information needed to realise the three-point relationship with the affiliate website, such as an indication of a successful booking. This cookie is an absolute necessity for the functionality of this operation model.
cookie_consent
cookie_settings
This cookie allows us to remember your cookie preferences.
preferred_currency This cookie allows us to remember your currency preference.
preferred_language This cookie allows us to remember your language preference.
raf_creditBalance If you Refer a Friend from your account, we need to use this cookie to track your credit balance.
SKYPICKER_VISITOR_UNIQID We need this cookie to track users who are not logged in. Without it, multiple basic functionalities of this website would not work.
ua_session_token Without this cookie, logging into a Kiwi.com account would not be possible.
track_* We need this cookie to know if a user completed the ordering process.
ignore_mobile_ad This cookie is used to track whether the user has already closed the advert for our mobile application during their visit to our website. Without this cookie, we wouldn’t remember if the advert was already closed and it would pop up on every page.
ui We use this cookie to distinguish users who use a standard browser from those who display our website in the mobile web view.
recentSearch In this cookie, we store information about your last searches so that we can show it to you.
viewedOuibounceModal Ouibance library
Used by ouibounce library to check if an exit popup was already shown to you.

II. PERFORMANCE COOKIES

COOKIES PURPOSE
_parsely_visitor This cookie is used to determine if the visitor has previously visited the website, or if it is a new visitor.
_ga
_gac_*
_gat_gtag_*
_gid
google_click_id
gtmSplitVar
Google Analytics
We use Google Analytics tools to measure the traffic on our website to see our visitors' interactions with our website and other useful information that our visitors generate while browsing through our website.
_gcl_au
_gcl_aw
Google AdSense
These cookies allow us to use the Google Ads Conversion tracking service. They are also used by Google AdSense to track their advertisement efficiency across websites using their services.
__inf_* Exponea Infinario
As with the Google Analytics, this cookie helps us measure traffic on our website. We use this tool specifically to track how many visitors book tickets or other services. We also collect data for testing new features on the website.
_fbc
_fbp
Facebook
These cookies allow us to use Facebook advertising products. Mainly, they help us keep track of the users who came from an advertisement displayed by Facebook and to distinguish our unique users using Facebook services.
splitster_* We use this cookie for A/B testing when we implement a new functionality or do any sort of modification on our website that we want to test how the users react to it. With this cookie, we can split our visitors into halves and show them two different versions of the website.
logglytrackingsession Loggly
We use this cookie to collect information about the overall functionality of our website along with all the activity on the page, so that our developers are able to debug issues on our website. Without this, we are limited in addressing certain production issues.
SL_C_*_KEY
SL_C_*_SID
SL_C_*_VID
Smartlook
These cookies allow us to see the exact path that our users take while browsing through our website.
fs_uid Fullstory
This cookie serves the application called Fullstory, which does the same thing as Smartlook, i.e., monitors the browsing of our users.
utag_main Tealium
This cookie allows us to use the Tealium tag manager solution — it helps us track the usage of our website and make our analytics more accurate.

III. MARKETING COOKIES

COOKIES PURPOSE
cto_lwid
cto_sid
criteo_write_test
cto_idcpy
Criteo
Criteo is an advertisement network that helps us display ads on third-party websites that you visit.
__inf_* Exponea Infinario
This cookie is necessary for marketing analytics and marketing automation. It allows us to segment our customers and to subsequently send them custom-made emails, pop-ups and push notifications and to display ads on Kiwi.com and third-party websites.
Im_puid
Im_snid
intent_media_prefs
Intent Media
Intent Media is an advertising network that helps us display ads on third-party websites that you visit.

IV. THIRD-PARTY MARKETING COOKIES

COOKIES PURPOSE
Travel Audience Travel Audience
Collecting data about search intent, popular routes & dates in order to serve relevant offers. These offers are target-audience specific, dynamic and scalable, and are displayed to users of the Travel Audience publisher network.
Sojern Sojern
Collecting data about search intent, popular routes & dates in order to serve relevant offers. These offers are target-audience specific, dynamic and scalable, and are displayed to users of the Sojern publisher network.

Transferring your data outside of the European Economic Area

If we need to, we may transfer your Personal Data outside of the EEA. This will happen when you want to book a ticket with a carrier from a Third Country or when you order a service from a provider based in a Third Country. Naturally, we need to transfer your data to these third parties because without it, the provision of ordered services would not be possible. We may also transfer your Personal Data outside of the EEA to Data Processors located in Third Countries.

For transfers to recipients in countries where we cannot rely on the decision of the adequate level of protection according to Art. 45 of the GDPR or appropriate safeguards according to the Art. 46 of the GDPR, we will transfer your Personal Data based on the exception in the Art. 49 Para. 1 Lett. b) of the GDPR. Each selected carrier or service provider will treat Your Personal Data in accordance with its own Privacy Policy (which is published on every carrier's website). Disclosure of Personal Data to other service providers will be done in accordance with the applicable Personal Data laws and regulations.

Complaint with the supervisory authority

Data Protection is a serious matter and the rules are quite difficult to implement correctly. No one is perfect, and it may happen that we make a mistake. If you feel that we mishandled your Personal Data, please turn to us first and we promise that we will try our best to resolve the situation. You can always approach us with any privacy or data protection related issue through this form: lastminute.kiwi.com/privacy/questions.

Nevertheless, at any time, you have the right to lodge a complaint with a supervisory authority. If you are from the EU, you can complain at the authority in the member state of your residence, in the member state where you work or in the member state of the alleged infringement.

Generally, the complaints will be handled by the Czech Office for Personal Data Protection. You can learn more on http://www.uoou.cz.

Contacting us and exercising your rights

For all matters concerning privacy and data protection, you can always contact us through this form: kiwi.com/privacy/questions. To exercise your rights related to your Personal Data, you can use this form: kiwi.com/privacy/rights.

Data Protection Officer

With regard to all issues related to processing of your Personal Data and to the exercise of your rights related to your Personal Data, you may also contact our Data Protection Officer.

View contact details.

Oliver Švolík
Data Protection Officer of Kiwi.com
[email protected]

Changes to this Privacy Policy

As our business evolves, the way we process Personal Data might change as well. In case of such changes, we will also update this Privacy Policy to comply with the principles of transparency. If future changes affect you, we will notify you via email.

This Privacy Policy is effective from 1.2.2020.