A: Identity of the company
C: Legal framework
D: Personal data security
Lulivelua Travels collects your personal data only for explicit and legitimate purposes, for example when you book a travel with us or when you use our services. We keep certain personal data, in particular the information with which we can identify you.
We commit ourselves to take all reasonable measures to safely collect, process, store and share your data. We also ensure that the companies we work with will handle your personal data with the same carefulness as we do. Lulivelua Travels always communicates how your personal data will be used.
E: Overview of the stored data
Lulivelua Travels commits itself to request only the personal data that are necessary to achieve its purpose.
As a result, we may collect and process the following information about you:
name, first name, email, telephone, address;
nationality, date of birth, place of birth, gender, the type of your travel document (e.g. passport or ID), eID number, the issue date and the expiry date, the country of issue of your travel document;
information about other passengers in your booking such as first name, name, nationality and age;
information about your transaction, including your payment card details;
information regarding your flight(s) and information about our services in relation to your flight(s) (for example declaration of lost baggage);
your communication with us (for example your emails, letters, calls or your messages on our online chat service);
your preferred departure locations;
if you need special help or if you have specific dietary requirements;
information about your health, if you have a medical condition that may affect your travel;
sensitive personal information: during the provision of services to the customer we may need information regarding your race or ethnic origin, physical or mental health and your religious beliefs. Such information is considered as sensitive personal data under data protection laws. We will collect this kind of information if you have explicitly given your permission, when this information is necessary for reasons of general interest or if you have knowingly disclosed this information.
Sensitive personal data can be collected in the following circumstances:
if you have a specific medical condition, you must inform us about it and, if necessary, provide a medical certificate for your own safety
if you notify us of specific dietary requirements, this may refer to specific religious beliefs
when you provide us your travel document, your racial or ethnic origin can be deduced on the basis of your nationality
If you do not allow us to process sensitive personal data, this can have as a consequence that we cannot provide the services you have requested or that we can only partially provide the services. Please note that in such circumstances you are not entitled to reclaim any payment.
F: Processing purposes
Lulivelua Travels uses your personal data for the following purposes:
to manage your travel bookings and to deliver our services to you;
to communicate with you;
to conduct your reservations (e.g. hotels, restaurants, transport). We also use your personal information to change your bookings when you request for such changes;
to let you know if there are any changes to your travel plans, such as road works at an airport you use;
to contact you by email and/or SMS for administrative or operational reasons, for example to send you a confirmation of your bookings and payments, to inform you about your travel schedule or to advise you about possible delays and changes. Note that the purpose of this communication is not marketing and therefore you will continue to receive this information, even if you opt-out of receiving marketing communication;
to request for your feedback by email and/or SMS, since your opinion is of great importance to us;
to adapt our services to your needs and preferences and to offer you a personalised customer experience;
the business purposes for which we will use your information include accounting, invoicing and audit, credit card or other payment card verification, fraud screening, security, legal purposes, statistical and marketing analysis, system testing, maintenance and development.
G: Secure processing
We commit ourselves to take appropriate technical and organisational measures to protect your personal data against unauthorised or unlawful processing and against unintentional loss, destruction or damage. When you provide your personal information per mail, this information will be transmitted securely over the internet by the use of high-quality encryption.
For the processing of information of the travelers and the customers, Lulivelua Travels uses software which is PCI DSS compliant. This means that we meet the high security standards to protect your payment data when you provide us with this information.
However, sometimes we will have the obligation to share your personal data with third parties, for example with border control and airport security. This is to keep you and your fellow travelers safe. In these exceptional cases, we have limited control over how the personal data are protected by that third party.
If your personal data are transferred outside the EEA (the European Economic Area includes the European Union, Iceland, Liechtenstein and Norway, also known as the “EEA”), we require that appropriate precautionary measures have been taken.
H: Right to object to processing
Lulivelua Travels always provides you in a clear and understandable way the methods in which your data are processed.
You have the right to object to the processing of your personal data due to your specific situation, at any time. Lulivelua Travels ceases to process the personal data unless we point out overriding legitimate reasons for the processing that outweigh your interests, rights and freedoms.
I: Obligation to report in case of data leaks
In case of a data breach where there is a risk for the violation of the rights and freedoms of the individuals, Lulivelua Travels promises to report as soon as possible to the supervisory authority and this no later than 72 hours after the first discovery of the data leak.
If the data breach is likely to pose a high risk to your rights and freedoms, Lulivelua Travels will immediately report the data breach to the customer whose personal data is leaked.
J: Right to request access to your own personal data, right of rectification and the right to be forgotten
You have the right to request access to your own personal data. You also have the right to consult the booking information regarding the travels you have taken with us.
At the request of the customer, personal data can be rectified. If the information we have about you is not correct, please have it amended as soon as possible. This can be done by email to firstname.lastname@example.org. Lulivelua Travels will update the data as soon as possible.
At the request of the customer, certain data can be deleted, but always taking into account the storage period and the necessity of the data for the execution of the contract. As a result, the personal data will be deleted as soon as possible on condition that there are no justified reasons to keep them up-to-date.
The starting point is that only data provided by the customer or data provided in his order can be corrected or deleted.
If you have questions concerning your personal data, please contact email@example.com.
K: Retention period of personal data
Lulivelua Travels stores your personal data for a period of seven years from the invoice date.
At the end of the retention period or on a valid request of the data subject, the personal data will be deleted, unless there are reasons of public interest to keep the personal data for a longer period.
L: Marketing communication
You can choose whether or not you want to receive marketing communication. We will only send marketing communication to the customers who have given a voluntary and explicit permission to receive our newsletters. The newsletters contain information about special offers and new routes. Such offers may contain information about travels and other associated travel products. Please note that we do not share your contact information and personal information with other companies for marketing purposes, unless we have obtained explicitly your consent to do so.
You can ask at any time to end marketing communication by sending an email to firstname.lastname@example.org with the title ‘GDPR: end marketing communication’.
You can also contact your email@example.com to express your preference not to receive marketing communication.
M: Right to data portability
You have the right to request for your personal data with the aim to switch to another service provider. Lulivelua Travels promises to provide the personal data in a structured and readable form.
When the client exercises the right of data portability, he has the right to ask that the personal data, if technically possible, are directly transported from Lulivelua Travels to the other service provider.
N: Cookies or other tracking technologies
In order to improve our services, to offer you relevant information and to analyse how you use our website, we can use technologies such as tracking software, pixels and cookies. Keep in mind that in most cases we cannot identify you on the basis of the information we collect through these technologies.
We use software to monitor how the website is used in order to improve the experience of the customer. This software does not allow us to collect personal data.
In order to understand how our customers deal with the emails we send them, we use pixels, so that we can see whether the emails we send are opened or not.
You can delete cookies if you wish. While certain cookies are required for viewing and navigating on our website, most functions are still accessible without cookies.