1. Home
  2. Data protection

Privacy notice

Trusted. Unique. Inspiring. At TUI we create unforgettable moments for our customers worldwide and make your dreams come true. The responsible use of the personal information you share with us is an important part of what we do. We want you to rest assured that your data are safe in our hands and that you know how we use the data to deliver you a better, unique and inspiring experience. You can find more information about us on the TUI Group website.

Scope of this privacy notice

TUI Deutschland GmbH, Karl-Wiechert-Alle 23, 30625 Hanover, collects and processes your data as the responsible party . The responsible party for this content is TUI Deutschland GmbH (referred to in this data privacy notice as “we” or “us”), a member of the TUI Group.

We are committed to doing the right thing when it comes to how we collect, use and protect your personal information. We inform you below about how your personal data are processed in the context of our offers. Your privacy is important to us, so please take the time to read our privacy notice. This explains:

  • What kinds of personal data we collect and why we collect them
  • When and how we may share personal information within the TUI Group and with other organisations
  • Your options for, inter alia, viewing and updating your personal information

We have made every effort to make this notice as easy to understand as possible. If you are not familiar with terms such as “Data Controller” or “Specific categories of personal information,” you can read more in the Key terms section.

When you browse our websites or use our mobile apps, we may collect:

The personal data we collect

We process personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR) and the German Data Protection Act (BDSG). Also, we process personal data to fulfil our contractual obligations in line with Article 6(1)(b) GDPR. In addition, we process your data to protect our legitimate interests in line with to Article 6(1)(f) GDPR.

When you sign up for our services, you may be sending us:

  • Your personal details, such as your address, email address, telephone number and date of birth
  • Your account login information, such as your username and the password you decide on

When you book travel or other products from our range of offerings, we collect data for fulfilling the contract you have made with us:

  • Your personal details, such as your address, email address, telephone number and date of birth
  • The personal details of your fellow travellers
  • Payment details (e.g. credit card details, account information, billing address)
  • Your booked products or services
  • Your mobile phone number for the SMS Assistant for flight time changes and transfer pick-up in the holiday area
  • Your mobile phone number for the SMS Assistant only for notification by TUI Crisis Management in the event of a possible crisis or incident

When you browse our websites or use our mobile apps, we may collect:

  • Your travel preferences,
  • Information about your browsing activity on our websites and mobile apps
  • Information about when you click on any of our advertisements, including those shown on websites of other organisations
  • Information about the way you access our digital services, including operating system, IP address, online identification and browser details
  • Your social preferences, interests and activities

When you buy our products in our stores or online, we may collect:

  • Information about the traveller, passport details, other identification information
  • Insurance data,
  • Relevant medical data as well as any special dietary requirements or other requirements for religious reasons or reasons of physical impairment
  • Information about your purchases, e.g. what you bought, when and where you bought it, how you paid, and credit or other payment information
  • Information about your browsing activity on our websites and mobile apps
  • Information about when you click on any of our advertisements, including those shown on websites of other organisations
  • Information about the way you access our digital services, including operating system, IP address, online identification and browser details
  • Your social preferences, interests and activities

When you contact us or we contact you or if you participate in advertising campaigns, promotions, competitions, surveys about our services, we may collect:

  • Personal information you provide when you contact us, including by email, post and telephone or through social media, such as your name, username, and your contact information
  • Details about emails and other digital communications that we send to you and that you open, including any links contained therein that you click
  • Your responses and contributions to customer surveys

Other sources of personal information

  • We may use personal information from other sources, such as, from companies providing information and data, trading partners and public registers.
  • Your insurance company and its agents as well as medical employees may exchange relevant personal information and special categories of personal information with us in circumstances where we must act on your behalf or in the interests of other customers or in an emergency.
  • When you log in with your social networking credentials to interact with our platforms and online services, such as using your Facebook, Google+ or Twitter accounts, you are consenting to share your user information with us, for example, your name, your email address, your date of birth, your location and other information.
  • We may use surveillance camera recordings and records of IP address and browser data collected in or near our shops, business premises, other buildings and cruise ships.

Personal information about other persons you submit to us

  • We use personally identifiable information you provide about others, such as additional information on your booking.
  • When submitting personal information on other people you must be sure that they agree and that you may submit their data. If necessary, you should also ensure that these people know how we could use their personal information.

The use of your personal details

We use your personal information in a variety of ways, as explained below.

To deliver the products and services you request

WWe need to process your personal information so that we can manage your account or booking, provide you with the products and services you need, and assist you with orders and any refunds you may require.

To manage and improve our products, services and day-to-day operations

We use personal information to manage and improve our products, websites, mobile apps, loyalty and customer management programmes as well as other services.

To protect your personal information and to detect and prevent fraud, other crimes and the misuse of services we monitor how our services are used. This helps us ensure that you can safely use our services.

We may use personal information to respond to and manage security incidents, disruptions or other similar occurrences. These may, inter alia, be medical or insurance-related in nature.

We may use personal information to conduct market research and internal development, as well as develop and improve our product range, services, shops and IT systems, security, know-how and methods of communication with you.

We use surveillance camera records to maintain the safety of anyone working or visiting our stores, business premises, and other buildings, as well as to detect, prevent, and prosecute offences. We may also rely on the images to exercise and defend our legal rights.

To contact and interact with you

We want to better serve you as a customer. So if you contact us, for example, by email, mail, telephone or social media, we may use personal information on you to understand and address your concerns as quickly as possible.

We have to process your personal information in order to manage advertising campaigns, promotions and competitions you choose to participate in. These include those that we organise together with our suppliers and trading partners, for example, if you win a prize.

Sometimes we may wish to invite you to participate in customer surveys and other market research activities performed by the TUI Group and other organisations for your benefit.

To help us better understand you as a customer and provide you with services and marketing communications (including online advertising tailored to your interests), we may collect the personal information we obtain when you make purchases in a store and combine them with personal information collected through our web pages, mobile apps, and other sources.

We do not sell your personal data to third parties.

Marketing measures with your consent

From time to time we may wish to send you offers and news about our products and services in various ways, such as by email, by Messenger or by phone. Also, we may wish to send you information about products and services of other companies that we believe could be of interest to you. We will only do so if you have previously agreed to receive such marketing communications.

When you book or sign up with us, we ask you if and through which channel you would like to receive marketing communications.
We also ask you if you would like to receive marketing communications from other companies in the TUI Group and if we may pass the data on to the companies in the TUI Group.
We re-verify your contact information provided to us online. To do so we ask you, for example when registering for email marketing, to confirm the information using the double opt-in procedure. This means that we will not send you email marketing communications until you activate the link sent. A similar procedure is used for advertising via SMS or Messenger.

You may revoke your consent to receiving marketing communications at any time by clicking on the unsubscribe link, for example, found in newsletters in our marketing emails, by using the online form at https://www.tui.com/service-kontakt/anliegen-zu-ihren-kundendaten/werbeerlaubnis-entziehen/ or by sending the text message STOP to the speed dial number in our marketing text message. You may withdraw your consent in whole or in part. If you no longer wish to receive advertisements for a specific channel (e.g. telephone), you can inform us accordingly. Likewise, you can revoke all consents granted for marketing purposes. You can also separately revoke each consent to receiving marketing communications from companies in the TUI Group. Of course, the choice is entirely up to you. If you tell us that you do not want to receive marketing information, you will be missing out on great deals.

However, you might still receive service-related communications from us. For example, confirmation of bookings you make with us and important information about the use of our products and services.

Product recommendations by email

As a customer of TUI Deutschland GmbH you will receive regular product recommendations from us by email. You will receive these product recommendations regardless of whether you have subscribed to a newsletter or consented to email marketing communications or not. In this way we want, on the basis of your recent purchases from us, to provide you with information about products from our offering that you may be interested in. We comply strictly with all legal requirements. Product recommendations by email are sent on the legal basis of Article 6(1)(f) GDPR and may also be sent to our customers by email within the scope of Section 7 (3) of the German Law Against Unfair Competition (UWG). Whenever your contact data is used for advertising purposes, we expressly draw your attention to your right to object, which you can exercise at any time simply and unbureaucratically. If you no longer wish to receive product recommendations by email from us, you can cancel this at any time. Of course, you will find a unsubscribe link in every email. It is also possible to send a message via the online form at https://www.tui.com/service-kontakt/anliegen-zu-ihren-kundendaten/werbeerlaubnis-entziehen/ (German website). .

To personalise your experience

We want to ensure that marketing communications (including online advertising) related to our products and services as well as those of our suppliers, trading partners and the TUI Group are tailored to your interests.

We use the personally identifiable information you provide to better understand your interests so that we can try to predict which other products, services and information you might be most interested in. This allows us to tailor our communications to make them more relevant to you. We use existing information such as email receipt and read confirmation, computer and Internet connection information, operating system and platform, your order history, your service history, the date and time you visited the homepage, products that you viewed. We use this information exclusively in a pseudonymised form. This analysis and evaluation of the data help us to better understand you as a customer and allows us to offer you personalised offers and services. Our goal is to make our advertising more useful and interesting for you, in other words, offer you products and services that best meet your needs as a customer.

If you do not wish to receive a personalised service, for example, if you do not wish to receive a personalised newsletter from us, you can cancel personalised advertising any time you wish, e.g. over the phone, in writing or by email (e.g. to Datenschutz@tui.de). In this case, you will continue to receive non-personalised standard advertising. You can of course also cancel/revoke your consent to our marketing communications as a whole at any time. We will update your information as soon as possible.

Market research

We highly value your opinion. To improve our products and services we may contact you for market research purposes. You always have the choice as to whether to participate in our market research or not.

Detailed information on the data collected in the questionnaire, in particular on anonymous evaluation, is given in detail in the accompanying information. The legal basis here is Article 6(1)(f) GDPR, as we have a vital interest in these evaluations and the improvements to our services based on them. If customer satisfaction surveys are sent to you by email, we either have your explicit advertising consent in accordance with Article 6(1)(a) GDPR or we may also email you as our customer within the scope of Section 7(3) UWG. If you do not wish to receive the questionnaire, simply let us know by sending an email to Datenschutz@tui.de

Sharing personal information with suppliers and trading partners

To provide you with the products and services you require we have to share personal information about your booked travel services with providers, including airlines, hotels and transport companies.

We also work with carefully selected providers who perform specific functions for you. For example, with companies that help us with IT services, data storage and linking, marketing, market research, payment processing and the provision of products and services.

We may need to share personal information to safeguard or defend our legal rights; this includes the transfer of personal data to third parties in order, e.g. to prevent fraud and reduce the risk of default.

When we share personal information with other organisations we require them to keep the information secure. They may not use your personal information for their own marketing purposes.

We only share the minimum amount of personal information necessary that enables our suppliers and trading partners to provide their services to you and us.

If it is necessary for the implementation of your travel request, the transfer of data to such third countries is also lawful in accordance with Article 49(1)(b) GDPR.

Sharing personal information with government agencies

To be able to travel it is sometimes mandatory (required by law in the country of departure and/or in the destination country) to disclose and process your personal information for immigration, border control, security and counter-terrorism purposes, or any other purpose we deem reasonable.

Some countries only issue travel authorisation if you provide enhanced passenger information (for example, Caricom APIS data and US Secure Flight Data). These requirements may vary depending on your destination and we recommend that you check this on a case-by-case basis. Even if it is not mandatory, we are happy to assist you.

We may share the necessary minimum amount of personal information with other authorities if the law requires us to do so or if we are legally permitted to do so.

Sharing personal data within the TUI Group

With the exception of services with their own privacy notices that do not refer to this privacy notice our privacy notice applies to all services offered by the TUI Group.TUI Deutschland GmbH is a wholly-owned subsidiary of the TUI Group, which has its registered office in Hanover. Further information on the Group companies can be found at: https://www.tuigroup.com/. We may share the necessary minimum amount of personally identifiable information with other TUI Group companies, for example, to provide the products and services you request, manage and improve our products, services and day-to-day operations; if necessary, personalise your travel experience, contact you and interact with you and, if permitted and appropriate, for marketing or market research purposes.

We may also share personal information with other companies if there are contractual agreements with them. In such cases we dispose of or transfer our services or our rights and obligations we may have with you under a contractual agreement. If such transfer or disposal occurs, the company receiving your personal information may use your information in accordance with this privacy notice.

We may receive personal data from you from other companies in the TUI Group or share it with them for the following purposes: • To provide services (including making and managing bookings or processing payments) • To provide customer service • To detect, prevent and investigate fraudulent and other illegal activities and data breaches • For analysis and product improvement purposes • For individual offers, for sending advertising with your consent or otherwise if permitted by applicable law These purposes relate to our legitimate interest in receiving and disclosing your personal information. To ensure compliance with applicable laws TUI Deutschland GmbH refers, where applicable, to compliance with legal obligations (such as lawful inquiries from law enforcement authorities). In addition, all companies within the TUI Group may have to exchange personal customer data in order to ensure that all users on their online platforms are protected against fraudulent activities.

Protecting your personal data

We know how important it is to protect and manage your personal information. We take appropriate security measures to help protect your personal information from accidental loss and unauthorised access, use, alteration and disclosure.

However, the security of your data also depends on you. For example, if we have given you a password to access certain services or you have chosen one, you are responsible for keeping this password secret.

The personal data we collect from you may possibly be transferred to and stored in a country outside the European Economic Area (EEA). Your personal data may also be processed by companies operating outside the EEA that work for us or one of our suppliers. We take appropriate precautions to ensure that your personal information is adequately protected and that it is treated in accordance with this privacy notice. As a rule these protections include corresponding contractual clauses, e.g. standard contractual clauses approved by the European Commission, as well as appropriate security measures.

Data storage

Your personal data will be deleted as soon as they are no longer required for the purposes mentioned. If necessary, however, we may be obligated to continue to store your data until the end of the statutory storage periods, as a rule 6 to 10 years, enacted by the legislative or supervisory authorities in line with the German Commercial Code, the German Tax Code and the German Money Laundering Act. In addition, we may retain your data until expiry of the statutory limitation periods (i.e. 3 years as a rule, but in individual cases also up to 30 years) to the extent necessary for the assertion, exercise or defence of legal claims. Thereafter, the corresponding data will be routinely deleted. If data are needed after this period for analytical, historical or other legitimate business purposes, we will take appropriate measures to anonymise that data.

About cookies and similar technologies

Cookies are small data files that allow a website to collect and store a range of data on your desktop, laptop or mobile device. Cookies help us provide important features and functionality on our websites and mobile apps, and we use them to improve your customer experience. Please also note our separate Cookie Notice.

Links to other websites

Our websites or mobile apps may contain links to websites of other organisations that have their own privacy notices. Please be sure to carefully read the terms of service and privacy notice before posting personal information to any other organisation's website, as we assume no responsibility or liability for the websites of other organisations.

Social media features

Our websites or mobile apps may feature social media such as Facebook, Twitter, Google+ or Pinterest, which have their own privacy notices and policies.

On our websites we use the following plugins: Facebook, Twitter and GooglePlus. If you do not want social networks to collect data about you through active plugins, you can choose to block third-party cookies in your browser settings. Then the browser does not send cookies to the server for embedded content from other providers. With this setting, however, in addition to the plugins other cross-page features may not work. If these plugins are activated, your browser establishes a direct connection with the servers of the respective social network as soon as you access a website that is part of our internet presence. The content of the plugin is transmitted by the social network directly to your browser and incorporated by the browser into the webpage. The embedded plugins allow the social networks to receive the information that you have accessed the corresponding page of our website. If you are logged in to the social network, this can assign the visit to your account. If you interact with the plugin, for example, press the Facebook “Like” button or leave a comment, the corresponding information is transmitted directly from your browser to the social network and stored there. To find out more about the purpose and scope of the data collection and the further processing and use of the data by social networks as well as your related rights and settings options for the protection of your privacy, please refer to the privacy policies and notices of the respective networks or websites. The links can be found below.

Even if you are not logged in to the social networks, websites with active social plugins can send data to the networks. An active plugin creates a cookie with an identifier each time the web page is called up. Since your browser sends this cookie without being asked every time you connect to a network server, the network could in principle create a profile about the websites the user identified by the identifier has visited. It would be possible to associate this identifier with a person, for example, when later logging in to the social network.

Integration of Facebook social plugins

Our website uses social plugins (“plugins”) from the social network facebook.com, operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). To find out more about the purpose and scope of the data collection and the further processing and use of the data by Facebook as well as your related rights and settings options to protect your privacy, please refer to Facebook’s privacy policy: http://www.facebook.com/policy.php. Incidentally, you can block Facebook social plugins with add-ons for your browser, such as the Facebook Blocker.

Integration of Google Plus plugins

Our website uses social plugins (“plugins”) from the social network Google Plus, operated by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, United States (“Google”). To find out more about the purpose and scope of the data collection and the further processing and use of the data by Google as well as your related rights and settings options to protect your privacy, please refer to Google’s privacy policies: http://www.google.com/intl/de/policies/privacy/.

Our website includes Google products DS360 Paid Search/SEA, CM Campaign Manager and DV360 Display & Videos. The purpose and scope of the data collection and the further processing and use of the data by Google as well as your rights in this respect and settings options to protect your privacy can be found in Google Privacy Policy & Terms of Use: https://policies.google.com/privacy?hl=en

Integration of Twitter plugins

Our website uses social plugins (“plugins”) from the social network Twitter, operated by Twitter Inc., located at 795 Folsom St., Suite 600, San Francisco, CA 94107, USA (“Twitter”). To find out more about the purpose and scope of the data collection and the further processing and use of the data by Twitter as well as your related rights and settings options to protect your privacy, please refer to Twitter’s privacy policy: https://twitter.com/privacy.

Integration of Pinterest plugins

Our website also uses plugins from Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA (“Pinterest”). The Pinterest Plugin can be recognised by the “Pin it Button” on our page. If you click on the Pinterest “Pin it button” while logged in to your Pinterest account, you can link the contents of our pages to your Pinterest profile. This allows Pinterest to associate your visit to our pages with your user account. We wish to point out that we are not aware of the content of the transmitted data and their use by Pinterest. For more information, see Pinterest’s privacy policy: https://policy.pinterest.com/en-gb/privacy-policy

Integration of Instagram plugins

Our website also uses plugins from the social network Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA (“Instagram”). You can identify the Instagram plugin by the Instagram Button on our page. If you click on the Instagram Button while logged in to your Instagram account, you can link the contents of our pages to your Instagram profile. This allows Instagram to associate your visit to our pages with your user account. We wish to point out that we are not aware of the content of the transmitted data and their use by Pinterest. For more information, see Instagram’s privacy policy: http://instagram.com/about/legal/privacy/

Use of WhatsApp News

To subscribe to the WhatsApp newsletter you must save the TUI Deutschland GmbH telephone number given on the registration page in your contacts and start a chat conversation. In accordance with WhatsApp's requirements/terms of use, this provides us with your telephone number and profile picture. We only use your telephone number and only to send you the desired WhatsApp news for a specific purpose. The legal basis here is Article 6 (1)(a) GDPR.

To guarantee data security WhatsApp uses end-to-end encryption. To ensure that this encryption is secure we recommend that you always use the latest version of WhatsApp on your mobile phone.

You can stop receiving the WhatsApp newsletter at any time with the message “stop”. To delete your data according to Article 17 GDPR please send a message with “delete all data”.

Further information about the WhatsApp service from TUI Deutschland GmbH can be found in the privacy policy of our cooperation partner MessengerPeople:

MessengerPeople GmbH Herzog-Heinrich-Str. 9 80336 München +49 89 416173-192 info@MessengerPeople.com https://www.messengerpeople.com/ (Link to the privacy policy of MessengerPeople: https://www.messengerpeople.com/privacy/)

The responsible provider of the messenger services is: • WhatsApp Inc., 1601 Willow Road, Menlo Park, California 94025, USA; the privacy statement is available at https://www.whatsapp.com/legal/#privacy-policy

Retrieving and updating your personal information; complaints

You have the right to request a copy of the personal information we hold about you, although you may also be able to view and update the information associated with your customer account and your booking online. You can of course still write to us and ask for a copy of other personal information stored about you.

Please include details that help us to identify and locate your personal information. If we can provide data access, we will do so for free, unless further copies are requested. In this case, we may charge a reasonable fee based on administrative costs.

We want to make sure that the personal information we store about you is accurate and up-to-date. If any information we hold about you is incorrect, please let us know.

You may also have your personal information corrected or deleted, object to the processing of your personal information and, as far as technically feasible, request that personally identifiable information that you submit to us be shared with another organisation.

We will update or delete your information unless we have to keep it for legitimate business or legal purposes.

You can also contact us if you would like to complain about how we collect, store and use your personal information. It is our goal to provide the best possible solution to your complaints. In line with Article 77 GDPR in conjunction with Section 19 BDSG you now have the right to lodge a complaint with a supervisory authority. The supervisory authority responsible for TUI Deutschland GmbH is:

State Commissioner for Data Protection and Freedom of Information Lower Saxony Prinzenstrasse 5, 30159 Hanover, Germany Phone: +49 0511 120-4500 Email: poststelle@lfd.niedersachsen.de

However, if you are not satisfied with our answer, you can also contact your local data protection office or commissioner. The example given here is of the data protection commissioner for the state of Lower Saxony in Germany: https://www.lfd.niedersachsen.de/startseite/.

Please note that we may ask you to confirm your identity before we process your request or complaint. We may also ask you for more information to help us ensure that you have the right to make this request or complaint to us when you contact us on behalf of someone else.

For questions, requests or comments on data protection, please contact the Data Protection Officer at TUI Deutschland GmbH by email: Datenschutz@tui.de.

Legal basis for processing personal data

We collect and use your personal information only if at least one of the following conditions is met:

  • We have your consent
    Example: customer account
    You give us permission to process your personal information when you sign up for a customer account.
  • It is necessary to take certain actions to contact you or, at your request, before entering into a contract
    Example: providing the products and services you want
    We have to process your personal information to be able to manage your customer account or booking, offer you the products and services you wish to purchase, and assist you with orders or refunds.
  • It is necessary to comply with a legal obligation
    Example: sharing personal data with authorities
    In order for you to travel it may be compulsory (required by law in the country of departure and/or in the destination country) to disclose and process your personal information for immigration, border control, security, counter-terrorism or other purposes deemed reasonable by the authorities.
  • It is necessary to protect your vital interests or those of another person
    Example: in an emergency
    Your insurance company, its agents and medical personnel may exchange relevant personal information and special types of personal information with us. This is the case if we or those kinds of person mentioned above act on your behalf, in the interests of other customers or in an emergency.
  • Processing is in the public interest or exercised on behalf of an authorised public office
    Example: security measures
    We may use personal information to implement security measures or respond to disruptions or other similar occurrences, including those of a medical and insurance nature.
  • It is in our or a third party's legitimate interests unless your own interests or rights outweigh
    Example: personalise your travel experience
    We may use your personal information to better understand your interests so that we can try to predict what other products, services and information you might be most interested in. This allows us to tailor our communications to make them more relevant to you.

If we need to process special categories of personal information, such as medical records for medical reasons, this will only happen if one or more additional requirements are met, i.e. we have your explicit consent; it is necessary to protect your vital interests or those of another person and you are physically or legally unable to give consent; it is necessary to substantiate, assert or defend legal claims; it is necessary for reasons of considerable public interest.

As the data subject you have the following rights vis-à-vis TUI Deutschland

TUI Deutschland GmbH attaches great importance to ensuring that our data processing processes are fair and transparent. It is therefore important to us that, in addition to the right of objection, data subjects can exercise the following rights if the respective legal requirements are met:

  • Right of access by a data subject, Article 15 GDPR
  • Right to rectification, Article 16 GDPR
  • Right to erasure ("right to be forgotten"), Article 17 GDPR
  • Right to restriction of processing, Article 18 GDPR
  • Right to data portability, Article 20 GDPR
  • Right of object, Article 21 GDPR

What rights do I have as a user and customer? (Information, deletion, revocation)

  • As the data subject of data processing you have various rights under Article 15 et seq. GDPR.
  • You can request information at any time as to which personal data of yours is stored.
  • You can request correction or deletion, provided this is legally permissible and possible within the framework of an existing contractual relationship.
  • If you have set up a customer account, e.g. with the TUI portal "My TUI", you can delete it yourself or have it deleted.
  • You can demand a restriction of the processing or object to the processing of your data in principle. If processing is based on your consent, you can also revoke this consent at any time without affecting the legality of the processing carried out until the revocation.
  • You have the right to data portability.

In order to exercise your right you can contact Datenschutz@tui.de by e-mail. For identification we ask you for the following data:

  • Your name
  • Your postal address
  • Your email address and optionally: your customer number or booking code
  • To process your request and for identification purposes we would like to point out that we will process your personal data in accordance with Article 6(1)(c) GDPR.

You will receive a reply to your request regarding your rights after the legal deadline of 4 weeks at the latest. Before we process your personal data for any other purpose, we will inform you in advance.

Changes to our privacy notice

This Privacy Notice supersedes all previous versions. We may change the notice at any time, so please check regularly on our website(s) for any updates. If the changes are substantial, we will provide clearly identifiable notification on our website(s). In addition, if we deem it appropriate, we will send you an electronic notification of changes to our Privacy Notice.

Last update: May 2019

Key terms

Data controller: The data controller determines the purpose and the way personal data are used.

European Economic Area (EEA): EU member states plus Norway, Iceland and Liechtenstein.

Online advertising: Marketing messages that you can see on the internet.

Specific categories of personal data: Specific categories of personal data: These are categories of personal data that indicate ethnic origin, political opinions, religious or philosophical beliefs or trade union affiliation; genetic data, biometric data for the purpose of unambiguous identification of a natural person; medical data as well as data on the sexual life or sexual orientation of a natural person.

Caricom APIS data: Some or all of the Caricom states have entered into an agreement with the United States to allow extended passenger data required by and provided by Caricom States for border security purposes to be transferred to and processed by the US Department of Homeland Security on behalf of these Caricom States. For more information please visit the Caricom-Webseite.

US Secure Flight Data: The Transportation Security Authority (TSA) requires you to provide your full name, date of birth, and gender for the purpose of processing passenger lists. You can also specify your redress number, if any. If this information is not provided, you may be denied carriage or authorisation to enter the boarding area. The TSA may share the information you provide with law enforcement or intelligence agencies or with others in accordance with its published notification system. Visit the TSA website for more information.

Here you can download the text above as a PDF file.