Last updated May 2020

We recognise the importance of protecting your privacy and your rights with regards to data protection. The Internet is a very powerful medium when it comes to transmitting personal information; for that reason, we and all other companies belonging to the lastminute.com group (“lm group”) undertake the serious task of respecting the current laws regarding the protection of personal data and the security of the same, with the aim of guaranteeing secure, controlled and confidential navigation for its users and clients who visit and/or use the Website (you as a “User”) or then request or register on our services and/or give us their consent for a specific purpose (you as a “Client”).

This Privacy Policy describes how we collect, use, process, and disclose your personal data in conjunction with your access to and use of our Website and services and, specifically:

  1. Who is the controller of your data?
  2. What categories of your data do we collect and use?
  3. Why and how do we collect your data?
  4. Who sees, receives and uses your data and where?
  5. How long do we retain your data?
  6. What are your data protection rights and how can you exercise them?
  7. Contact details of the data controller
  8. Contact details of our data protection officer
  9. Information about cookies
  10. Privacy notice for Facebook
  11. Update and old versions of this privacy policy

It also informs you of how you can exercise Your Rights (including the right to object to some of the data handling we carry out). More information about your rights and how you can exercise them is set out in the section below.

If you see an undefined term in this Privacy Policy (such as “Service” or “Website”), it has the same definition as in the Terms and Conditions of use of the Website.

 

  1. Who is the controller of your personal data?

When this Privacy Policy mentions “Company”, “we,” “us,” “our” or “Data Controller”, it refers to:

Madfish S.r.L., an Italian company belonging to the lm group, with registered office at Via Vigevano, 35 – 20144 Milano (Italy), Company Number/VAT Number: 08621450967, Register Number MI-2037697, which is responsible for the processing of Users’ and/or Clients’ personal data under this Privacy Policy (hereinafter, referred to as the “Company”, “we”, “us”, “our”, “Data Controller”).

 

  1. What categories of your data do we collect and use?

When you visit the Website (you as a “User”) or then request or register to our services (you as a “Client”) we collect the categories of personal data as follows:

2.1. Personal data provided by you

  • The personal data that you share with us including when you register to our services, subscribe to marketing communications and which you provide to us when using our services.
  • More specifically: 
    • When you register or request our services, you may provide us with information such as: 
      • contact details (i.e. name, surname, company name, email and phone number); 
      • information about the services you purchased, including what you requested, when and where you requested it and how you paid for it.
    • When you contact us or we contact you via email and/or phone or through social media we may collect: personal data you provide when you connect with us, including your name, username, company name, phone number, email.
    • When you take part in surveys or questionnaires about our services you may provide us with your contact details, your feedback and contributions to client surveys and questionnaires.
    • When you consent to take part in promotions, competitions, contests you may provide us with: your personal details, including your address, email or phone number or eventually any other data that may be necessary to take part in the specific case. We will inform you about the privacy policy of the specific promotions, competitions or contests as soon as the promotions start.

 

  • Personal data you provide about other individuals or companies: if you plan to submit someone else’s personal data to us, for instance when requesting a service on their behalf, you should only provide us with that third party’s details with their consent and after they have been given access to this Privacy Policy. When submitting data about other individuals you declare you have their consent

 

The provision of the above personal data, where requested, is necessary for the adequate performance of the requested service and/or of the contract between you and us and to allow us to comply with our legal obligations except when we rely on consent as legitimate basis for processing and or our legitimate interest. Without it, we may not be able to provide you with all the requested services.

It is important that all the personal data you give us is correct and accurate. This includes, by way of example only, ensuring that we have your correct contact (including email) details at all times.

 

2.2. Personal data collected automatically from our Website, on the phone, from communication we send, and/or from third parties

  • We collect information about your visits to and use of the Website, such as information about the device and browser you are using, your IP address or domain names of the computers connected to the Websites, uniform resource identifiers for requests made, the time of request, the method used to submit the request to the server, the size of the archive obtained as a response, the numerical code indicating the status of the response given by the server (correct, error, etc.) and other parameters relative to the operating system and the computer environment used, the date and time that you visited, the duration of your visit, the referral source and website navigation paths of your visit and your interactions on the Website including the Services and offers you are interested in.

See the cookies section of this Privacy Policy (9. Information about cookies) for further information on the purposes for which we collect and use this information. Please note that, your personal information may also be linked to cookies to i.e. collect information on how you use our services.

  • We may use this style to also understand how you engage with communication material that we send to you, such as emails, including the action you take such as any links in them that you click on, your duration and frequency of your engagement with the email. 
  • To the extent permitted by the applicable law wherein we receive additional information about you, such as fraud detection information and warnings from third party service providers and/or partners for our fraud prevention activities.

  

  1. Why do we collect your data?

In general terms, we use your personal data to provide you with the services you request, provide assistance, send you marketing and promotional communications, notify you about important changes to our Website and to deliver our content and ads which we think may be of interest to you. More specifically:

Why?

A. To create and maintain the contractual relation established for the provision of service requested by you in all its phases and by way of any possible integration and modification or to take steps at your request in relation to the contract prior to entering into contract (e.g. providing consultancy services and the related assistance by responding to your questions and concerns). Information concerning our provision of the Service and/or to provide you with any clarification or assistance may be sent to you via email, phone, SMS or other similar technologies.

On which legal basis?

To fulfil a contract, or take steps linked to a contract

(i.e. To provide the services you request and/or to provide you with any clarification or assistance to you)


Why?

B. If permitted by the applicable law, to request your participation in our surveys conducted via email phone, SMS or other similar technologies from time to time, so that you can tell us about your experience as a recipient of the Service. We will use your feedback to develop and improve our services. Following our analyses of your feedback, we may consider it necessary to contact you to provide you with a response to your survey submission. You can inform us at anytime if you no longer want to receive our surveys by writing to privacy.fwd@lastminutegroup.com. Please note that your participation in the survey is voluntary and there are no consequences should you prefer not to participate.

On which legal basis?

To pursue our legitimate interest (i.e. To manage and improve our services and day by day operations)


Why?

C. To meet the legal, regulatory and compliance requirements and to respond to requests by government or law enforcement authorities conducting an investigation.

On which legal basis?

To comply with the law (i.e. to share personal data with regulatory authorities)


Why?

D. To carry out aggregative statistical analyses on anonymised groups or to analyse identifiable individuals behaviour so that we can see how our Website, services are being used and how our business is performing.

On which legal basis?

To pursue our legitimate interest (i.e. improving our Website, its features and our services)


Why?

E. To send you (in cases permitted by law excepting where you did not object) advertising material via email or, where permitted by the law, other equivalent electronic communication regarding services similar to those already purchased by you and offered and/or requested on our Website. On some occasions, we may send you a personalised and tailored version of the aforementioned advertisement materials.

On which legal basis?

Soft Opt-in/To pursue our legitimate interest (i.e. marketing)


Why?

F. n.a.


Why?

G. n.a.


Why?

H. n.a.


Why?

I. To verify compliance with our terms and conditions and for the establishment, exercise or defence of legal claims.

On which legal basis?

To pursue our legitimate interest (i.e. compliance with our terms and conditions, protection of our rights in the event of any dispute or claim)


Why?

J. n.a.


Why?

K. n.a.


 

Where we rely on legitimate interest as a basis for processing your personal information, we carry out an assessment to ensure that our interest in the use of your data is legitimate and that your fundamental rights of privacy are not outweighed by our legitimate interests (‘balancing test’). You can find out more information about the balancing test by contacting our Data Protection Officer at dpo.fwd@lastminutegroup.com

 

  1. Who sees, receives and uses your data and where?

4.1. Categories of recipients of your data

We share your personal data, for the purposes described in this Privacy Policy, to the following categories of recipients:

  • Our authorised employees and/or collaborators that assist and advise us on administration, products, legal affairs and information systems, as well as those in charge of maintaining our network and hardware/software equipment;
  • our commercial partners as well as those other parties to which it is necessary to disclose your personal data in order to provide you with the requested services that will be operating as autonomous data controllers;
  • our third-party service providers (including other entities of the lastminute.com group), which process your personal data on our behalf and under our instructions for the purposes described hereinabove acting as data processors, such as those providing us with IT and hosting services, analytics and administration services etc.;
  • financial institutions (e.g. banks) acting as autonomous data controllers;
  • competent authorities when we are required to do so by the current law;
  • competent authorities and Law and enforcement third parties when this is necessary so that we can enforce our terms of use and protect and defend our rights or property or the rights or property of any third party;
  • third parties that receive the data (e.g. business consultants, professionals for delivering due diligence services or assess value and capabilities of the business) when it is necessary in connection with any sale of our business or its assets (in which case your details will be disclosed to our advisers and any prospective purchaser’s advisers and will be passed to the new owners).

The complete list of parties to which your personal data may be disclosed is available at our registered office and may be requested by writing to privacy.fwd@lastminutegroup.com.

4.2. International transfer of your data

Users’ and/or Clients’ personal data is processed at the Data Controller’s registered office (see point 1), on the lm group servers, and at the offices of other entities to which data may be provided in order to provide the services requested of the Data Controller.

Given the fact that we are an international travel company, we also transfer your personal data to:

  • non-European Economic Area (EEA) countries offering an adequate level of data protection such as Switzerland in accordance with the “Adequacy decisions” of the EU Commission that recognises some countries as providing adequate protection;
  • non-European Economic Area countries where data protection laws may be less protective than the legislation in the EEA. This happens when:
    • we disclose your data to autonomous data controllers such as our commercial partners etc. that might process your data outside the EEA in order to provide you with the requested services.

 

Should you want to obtain further details about the safeguards put in place, you can contact us by writing to privacy.fwd@lastminutegroup.com.

 

  1. How long do we retain your data?

We retain your personal data for as long as is required to achieve the purposes and fulfil the activities as set out in this Privacy Policy, otherwise communicated to you or for as long as is permitted by applicable law. Further information about the retention period is available here:

CLIENT RECORDS

Document

Service request records (name, surname, address, contact information, company name, email address, phone number) including:

– service details

– service request data

Retention period

10 years

Starting date

From the date of the service request


Document

Reports or claims

Retention period

10 years


Document

Contractual documentation

Retention period

10 years

Starting date

From the date of the conclusion of the contract


Document

Financial/transactional information

Retention period

10 years

Starting date

From completion of the financial transaction


Document

Surveys

Retention period

1 month

Starting date

From the date of the survey


DATA USED FOR MARKETING PURPOSES (CRM)

Document

Data used for marketing activities to clients/users subject to the consent or under soft-opt in

Retention period

5 years

Starting date

From the consent or the renewal of the consent via interaction with marketing communications


DATA COLLECTED VIA TAG

Document

Technical cookies

Retention period

Max 3 years

Starting date

From the date of browsing on our Website


 

  1. What are your data protection rights and how can you exercise them?

You can exercise the rights provided by the Regulation EU 2016/679 (Articles 15-22), including 

Name of the right

Right of access

Content

To receive confirmation of the existence of your personal data, access its content and obtain a copy.


Name of the right

Right of rectification

Content

To update, rectify and/or correct your personal data.


Name of the right

Right to erasure/right to be forgotten and right to restriction

Content

To request the erasure of your data or restriction of your data which has been processed in violation of the law, including whose storage is not necessary in relation to the purposes for which the data was collected or otherwise processed; where we have made your personal data public, you have also the right to request the erasure of your personal data and to take reasonable steps, including technical measures, to inform other data controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.


Name of the right

Right to data portability

Content

To receive a copy of your personal data you provided to us for a contract or with your consent in a structured, commonly used and machine-readable format (e.g. data relating to your purchases) and to ask us to transfer that personal data to another data controller.


Name of the right

Right to withdraw your consent

Content

Wherever we rely on your consent (see p. 3-F and J), you will always be able to withdraw that consent, although we may have other legal grounds for processing your data for other purposes.


Name of the right

Right to object, at any time

Content

You have the right to object at any time to the processing of your personal data in some circumstances, in particular where we don’t have to process the data to meet a contractual or other legal requirement (see p. 3-B, C, D, H, I), or where we are using your data for direct marketing (p. 3-E).


Name of the right

Right not to be subject to a decision based solely on automated processing, including profiling

Content

You can always request a manual decision- making process instead, express your opinion or contest decision based solely on automated processing, including profiling, if such a decision would produce legal effects or otherwise similarly significantly affect you.

 

You can exercise the above rights at any time by:

  • Contacting us via email at privacy.fwd@lastminutegroup.com.
  • As for direct marketing, please note that you can also object at any time by clicking the unsubscribe link which we provide in each communication sent to you. 

 

Your rights in relation to your personal data might be limited in some situations. For example, if fulfilling your request would reveal personal data about another person or if we have a legal requirement or a compelling legitimate ground we may continue to process your personal data which you have asked us to delete.

You also may have the right to make a complaint if you feel your personal information has been mishandled. We encourage you to come to us in the first instance but, to the extent that this right applies to you, you are entitled to complain directly to the relevant Data Protection Supervisory Authority.

 

  1. Contact details of the data controller

The contact details of the Data Controller of the data processing described hereinabove are:

Madfish S.r.L., an Italian company belonging to the lm group, with registered office at Via Vigevano, 35 – 20144 Milano (Italy), Company Number/VAT Number: 08621450967, Register Number MI-2037697.

 

  1. Contact details of our data protection officer (DPO)

Our Data Protection Officer (or “DPO”) is available at:

dpo.fwd@lastminutegroup.com

Via Vigevano, 35 – 20144 Milano (Italy)

 

9. Information about Cookies

For any information about Cookies please visit the following webpage.

 

  1. Update and old versions of this privacy policy

We reserve the right to modify this Privacy Policy at any time in accordance with this provision. If we make changes to this Privacy Policy, we will post the revised Privacy Policy on our Website and update the “Last Updated” date at the top of this Privacy Policy.

Questo sito utilizza i cookie per assicurarti la migliore esperienza di navigazione possibile. Per dare il tuo consenso al loro utilizzo, clicca l'apposito bottone. Se vuoi approfondire, puoi visitare la pagina dedicata per capirne di più. Voglio approfondire

Questo sito utilizza i cookie per fornire la migliore esperienza di navigazione possibile. Continuando a utilizzare questo sito senza modificare le impostazioni dei cookie o cliccando su "Accetta" permetti il loro utilizzo.

Chiudi