English 
Romanian 
German 
French 
Spanish 
Italian 
This is the standard data protection privacy policy for the VB GROUP
When it comes to your privacy we never compromise. We will always be clear about why we need the details we ask for, and ensure your personal information is kept as secure as possible. How we do this is explained below.
Last updated: May 2024
Introduction
This privacy policy gives you information about how VB TRAVEL collects and processes your personal data. It is important you read this document together with any other privacy or fair processing policies we give you on specific occasions where we collect or process your personal data. This privacy policy supplements other notices and privacy policies and is not intended to override them.
Who are we?
This website is controlled and operated by VB TRAVEL SA (ES), trading as LASTMINUTE TRAVELS, of Avenida de las Petrolíferas, 35008 Las Palmas, Las Palmas, España, NIF A35004811.
VB TRAVEL Group will include any new VB TRAVELentities we launch, focusing on Customer Technology, Financial products, Food & Drink, Gardens, Health, Homes, Learning, Motoring, Travel and Wellbeing.
VB TRAVEL uses a variety of trading names including: LAST MINUTE TRAVELS, LASTMINUTE-TRAVELS.COM, VBTRAVEL.
This privacy policy is issued on behalf of the VB TRAVEL, so when we say “VB TRAVEL”, “we”, “us” or “our” in this privacy policy, we are referring to the relevant company in the VB TRAVEL GROUP responsible for processing your data. When you purchase a product or service with us, we will tell you which VB TRAVEL company is the data controller of your personal data.
VB TRAVEL are committed to protecting your privacy. We comply with the principles of the UK General Data Protection Regulation (GDPR) and associated data protection legislation. We aim to maintain best-practice standards in our processing of personal, sensitive data and/or special category personal data.
The Data we collect about you
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
-
Identity Data includes first name, maiden name, last name, username or similar identifier, title, marital status, next of kin, family members, dependents, co-travellers, date of birth, nationality, gender and proof of your identity.
-
Contact Data includes billing address, delivery address, email address, telephone numbers, emergency contacts.
-
Financial Data includes bank account, payment card details, income, credit rating and payment details.
-
Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us, travel arrangements, quotes, contact history, claims history and communications history.
-
Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
-
Profile Data includes your username and password, account number, unique ID’s, vehicle registration, policy number, quote number, claim number, passport number, visa documents, your interests, preferences, feedback and survey responses.
-
Usage Data includes information about how you use our website.
-
Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences. This may include information we have obtained from credit reference agencies.
-
Image Data includes photographs, CCTV footage, webcam footage.
We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.
With regards to special categories of data (religious beliefs etc…), we may collect health data but only where relevant to the products or services you are purchasing or enquiring about. We may also collect information about criminal convictions and offences. For example, we may require details of motoring convictions to ensure the insurance price we provide is accurate or we may need medical information for travel insurance purposes or if you ask us to book an easy access room due to a disability. We will not collect or use these types of data without your consent, unless the law requires us to do so or where we believe it is in your best interests. If we do, it will only be when it is necessary as determined by the law and the ICO.
If you fail to provide personal data
Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
How is your data collected?
We use different methods to collect data from and about you including through:
-
Direct interactions. You may give us your Identity, Contact, Technical and Profile Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
-
apply for our products or services;
-
create an account on our website;
-
subscribe to our service or publications;
-
request marketing to be sent to you;
-
enter a competition, promotion or survey; or
-
give us feedback or contact us.
-
-
Automated technologies or interactions. As you interact with our website, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies.
-
Third parties or publicly available sources. We will receive personal data about you from various third parties and public sources as set out below:
-
Technical Data from the following parties:
-
analytics providers such as Decibel Insight, Google based outside the UK;
-
advertising networks
-
search information providers
-
-
Contact, Financial and Transaction Data from providers of technical, payment and delivery services such as price comparison websites for insurance products.
-
Identity and Contact Data from data brokers or aggregators for marketing purposes.
-
Databases including, but not limited to, the Motor Insurer’s Bureau (MIB), the Claims Underwriting Exchange (CUE), Motor Insurance Anti-Fraud Theft Register (MIAFTR) and the Insurance Fraud Bureau (IFB) for detection of financial crime and fraud.
-
Government agencies and regulatory bodies including the police and the Driver and Vehicle Licencing Agency (DVLA)
-
How we use your personal data
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
-
Where we need to perform the contract we are about to enter into or have entered into with you.
-
Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
-
Where we need to comply with a legal obligation.
-
Where it is necessary in order to protect your vital interests or those of another individual.
-
Where we identify other products or services that you may find useful, we may contact you where we are permitted to do so
Sharing your information
As previously mentioned, we do not sell, trade or rent your information, and will never disclose information about you (including information obtained from our dealings with you) to third parties, except:
-
Where we have a legal interest in a company;
-
To fulfil your specific orders for a product, service or information if it is delivered by a third party. In these instances, while the information you provide will be disclosed to them, it will only be used for the administration of the product, service or information provided. This could include (but is not limited to), verification of any quote given to you, claims processing, underwriting, pricing purposes as appropriate, testing, and to maintain management information for business analysis. For example, if you go on a holiday with us, the hotel needs to know who you are. If you take out an insurance policy provided by a third party, they will need your details to administer the policy, verify the quote given to you and process any claims. For further details about how your insurer handles your information, please see their Privacy Policy which can be found on their website. See your policy schedule documentation for your insurer contact details;
-
Where third parties administer part or all the product or service. An example of this is where you book a travel product with us under Civil Aviation Authority (CAA) rules we have to place any funds paid to us into a trust administered by PT Trustees limited, details of how they process your information can be found on their website: https://pttrustees.com/privacy-notice;
-
For underwriting, pricing, insurance rating analysis and testing purposes, and to maintain management information for business analysis;
-
For tailoring adverts you see when you are online. These might be on our website, social media sites such as Facebook, search results, or other sites that sell advertising space;
-
For marketing purposes, where we have a legal basis for doing so;
-
Where we have engaged a third party to carry out market research on our behalf and who may contact you for the purpose of obtaining feedback about the products and services that we offer;
-
Where we have your consent to do so.
Where you have a travel booking, in the event of our insolvency we, or any appointed insolvency practitioner, may disclose your personal information to the CAA, and/or ABTA so that they can assess the status of your booking and advise you on the appropriate course of action under any scheme of financial protection.
The CAA’s General Privacy Notice is at
-
https://www.caa.co.uk/Our-work/About-us/General-privacy-notice/
-
ABTA’s Privacy Notice is at https://www.abta.com/privacy-notice.
Other companies within our group of companies for the purposes mentioned in Section “Purposes for which we will use your personal data” above. A list of our Group companies can be found in the Introduction to this privacy policy.
We must have your consent to discuss your account with a third party, for example a family member. You may give this consent either orally or in writing and you may give it at any time by contacting us.
We may be obliged by law to pass on your information to the police or any other statutory or regulatory authority. In some cases, exemptions may apply under relevant data protection legislation, whereby we can legitimately release personal data e.g. to prevent or detect crime or in connection with legal proceedings. After you purchase a product or service from us, we may enter into an arrangement for that service to be provided by a new third party. If this happens, the terms and conditions of your contract with us will provide that you consent to the transfer and processing of personal and/or special category personal data to the new provider, subject to the requirements of the GDPR and associated legislation. If we provide information to a third party (either a provider of a product or service, or an external data processing agency such as a mailing house) or a company in which VB TRAVEL has a legal interest, we will exercise the strictest contractual controls, requiring them and any of their agents and/or suppliers to:
-
Maintain the security and confidentiality of the information and restrict access to those of its own employees
-
Use the data for the agreed purpose only and prevent it being used for any other purpose by any other party
-
Refrain from communicating with you other than concerning the product in question
-
Return the data to us at the conclusion of any contract term and destroy or delete any copies made of all or any part of the information unless copies are needed to be kept to comply with regulations.
We will restrict the information disclosed to the absolute minimum necessary.
Traveling with us
When you are travelling with us please be aware that there may be VB TRAVEL photographers and/or videographers on board or as part of our escorted tours taking photos and videos of guests and crew to produce photographs, images and media that may be included in Marketing Brochures, on our Social Media platforms and Cruise Videos. They are happy to take reasonable steps to avoid filming or photographing you where you indicate this is your preference, but you may be included unless you tell us otherwise and we are unable to guarantee that you will not be included on an incidental basis. We care about your privacy so if you do not wish for your photograph to be taken at any time, or to be included in any video, please let a member of staff or the photographer know. Whilst we take every precaution to protect your privacy, we are not responsible for passengers who may take your photograph or video you without our knowledge. We ensure that all our customers are notified prior to traveling on our trips if a professional photographer or camera crew is being engaged and you have the right to say no or opt-out of being included in any photos being taken for these purposes, including any subsequent content or images used.
If you have any queries about the use of images after your trip, please write to the Data Protection Officer at VB TRAVEL Group by email at [email protected]
Data security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Your Rights
Under certain circumstances, you have rights under data protection laws in relation to your personal data.
Access to your information: You have a statutory right of access to personal data that we hold about you. In order to exercise this right, we ask that you apply in writing, either via letter or email. Please refer to the information you wish to see giving dates where possible. Please note that we may ask for further information from you including proof of identity.
We will not administer Subject Access requests made by a third party (such as a relative or friend) unless accompanied by written authority of the individual who is the subject of the request, proof of power of attorney or other legal certification.
You will not have to pay a fee to access your personal information (or to exercise any other rights). However, in exceptional circumstances, we may charge a reasonable fee or refuse to comply with your request.
Request the correction or rectification of the personal data that we hold about you: this enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Rights related to automated decision-making including profiling: We use the information we know about you to make decisions which inform our pricing, fraud prevention and the products and services we can offer. Automated decision making enables us to make efficient and fair decisions, providing a better service for our customers. Whilst you have the right to object to us using your information in this way, this could have an impact on the products or services we may be able to offer you. We use automated decision making in the following areas:
-
Pricing – we use the information we know and collect about you to inform decisions around product and service charges. For example, if you apply for insurance, we will compare what you tell us with other records to determine how likely you are to make a claim. This will help us decide whether to offer you the product and what price to charge you.
-
Tailoring our marketing communications – as mentioned previously, we use your personal information to make decisions about what products, services and offers we think you may be interested in. This ensures the communications you receive from us are tailored and relevant to your interests. You can opt out of this at any time by contacting the Data Protection Officer.
The right to erasure: this enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
The right to object to processing: of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms..
Right to restrict the processing of your personal data: this enables you to ask us to suspend the processing of your personal data in the following scenarios:
-
If you want us to establish the data’s accuracy.
-
Where our use of the data is unlawful but you do not want us to erase it.
-
Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.
-
You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
The right to data portability: you have the right to obtain and reuse the personal data that you have provided to us for your own purposes which includes transferring it to other service providers. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
The right to withdraw consent at any time: where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
What we may need from you: we may need to request specific information from you to help us confirm your identity. This is a security measure to ensure that personal data is not disclosed to any person who does not have the right to receive it. Sometimes, we may need to contact you or ask you for further information.
We will try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made several requests. In this case we will notify you and keep you updated.
Limits to your rights: some of your rights in relation to your personal data are not absolute, for example your right to erasure. Where this is the case, we will inform you of the extent we can comply with your requests and detail our reasons why. More information can be found by visiting the ICO’s website https://ico.org.uk/.
For further information regarding your rights, or to make a request; please write to the Data Protection Officer at VB TRAVEL Group by email at [email protected]
Updates to our Privacy Policy
We keep our privacy policy under regular review, and we publish the date this privacy policy was last updated. If we decide to change our privacy policy, we will update all relevant documentation and post any changes on our websites so that you are always aware of what information we collect, how we use it, and under what circumstances we disclose it. We may also notify you by email sent to the email address specified on your account.
We welcome your questions and comments about privacy. Please write to the Data Protection Officer at VB TRAVEL Group by email at [email protected]
You have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you feel your personal information has not been handled correctly. You can do this via ico.org.uk/concerns.
