TUIfly Vermarktungs GmbH Privacy Notice
At TUI we create unforgettable moments for our customers across the world and make their dreams come true. Looking after the personal data you share with us is an important part of this. We want you to be confident that your data is safe and secure with us, and to understand how we use your data to offer you a better, more unique and inspiring leisure experience.
Please also see our separate Cookie Notice which explains how we use cookies and similar technologies on our Websites.
What this Privacy Notice covers
This Privacy Notice ("Notice") is issued to you by TUIfly Vermarktungs GmbH (referred to in this Notice as “we” or “us”). As part of the TUI Group, we are committed to doing the right thing when it comes to how we collect, use and protect your personal data. Your privacy matters to us, so please take the time to read this Notice.
We have aimed to keep this Notice as simple and easy to understand as possible. Please refer to the "Key Terms" section for explanations of any technical terms we use in this Notice, such as "Account", "Controller", "Loyalty Program", "Services" or "special categories of data".
This Notice applies to the processing of your personal data by us in connection with your Travel Experience you book with us, any Services we provide to you and any other interaction you may have with us. We also encourage you to refer to our relevant Terms and Conditions for any Services we provide to you which explain in detail how we deliver each Service to you.
We work together with other TUI Group Companies, in particular TUI Platform Services Unipessoal Lda, which operates Loyalty Programs within the TUI Group, and provides other services. We may also work with Travel Partners who are not part of the TUI Group. Where these other TUI Group Companies and Travel Partners are responsible for your data, they will issue a separate privacy notice to you, and we recommend that you also refer to such notices. We will explain in more detail in this Notice how we work together with other TUI Group Companies and Travel Partners and how we may share your data with them.
The Controller of your personal data is TUIfly Vermarktungs GmbH. As Controller, we are responsible for the processing of your personal data as described in this Notice. TUIfly Vermarktungs GmbH is a private limited liability company which is part of the TUI Group, incorporated under the laws of Germany and has its offices at Karl-Wiechert-Allee 23, 30625 Hannover, Germany.
The types of your personal data we collect and process will depend on the nature of our business relationship with you and how you interact with us:
When you register for any of our online Services, you may provide us with:
Your personal details, including your name, date of birth, gender, address, email address, phone number or other contact information.
Your registration and login details, such as your service number, date and time of your registration, username and the password (stored encrypted only) you chose.
Your personal settings, including your user settings and photo, avatar or another user symbol.
Information required to make a Booking.
Travel information of other people who may travel with you or for whom you may make travel arrangements.
If you sign up for a Loyalty Program, information required to deliver benefits or otherwise in this context, such as your contact details, membership number, registration date and time, participation status (e.g. active or inactive), loyalty tier or level, transaction history, details of rewards earned, and information on loyalty points collected and redeemed.
When you browse our Websites, use our mobile apps or otherwise use our online Services, we may also collect:
Information about your communication and travel preferences.
Information about your browsing behaviour on our Websites, including which pages or resources you visit or click on and what content you are interested in.
Information about Travel Experiences and other products you have searched for on our Websites or you have shortlisted or otherwise secured or tagged, including your booking history, your preferred Booking channel, frequency of Bookings and your average and total spend.
Information about the redemption of any vouchers you may get from us.
Information about when you click on one of our adverts, including those shown on other organisations’ websites.
Information about the way and frequency of your access our digital Services, including date and time of your access, operating system, IP address, online identifiers, language settings, and browser details.
Images, data, information and other content you upload to our Websites or other systems.
Your approximate location information based on your IP address.
GPS location data from your mobile device, if you allow us to see that.
Your social preferences, interests and activities.
When you make a Booking, we may also collect:
Information about your Travel Experience and your Booking, such as time and date of your Booking, all relevant information describing your Travel Experience, length of your stay or Booking, arrival and departure dates, rates and prices, any special preferences and requirements you may have, your itinerary and any other related information.
Information required to deliver your Travel Experience, such as passenger information, address, passport details, other ID document details, insurance details.
Payment information, including what you bought, when and where you bought it, with which TUI Group Company or Travel Partner you booked, how you paid for it, and other payment related information.
Relevant medical data and any special, dietary, religious or accessibility requests.
Your mobile telephone number for the SMS Assistant for flight time changes.
Your mobile telephone number for the SMS Assistant only for notification by the TUI Crisis Management Team in the event of a crisis, emergency or other event.
Your mobile telephone number for the SMS Assistant (or a telephone number provided in your customer master data) to get in touch with you (SMS/telephone) in case of urgent enquiries in relation to outstanding payments to secure your booked holidays or service.
When we contact you to inform you about our Services or when you take part in promotions, competitions, surveys or questionnaires, we may also collect:
Information about your use of emails and other digital communication we send to you, including which content you read, and which links you click.
Your feedback and contributions to customer surveys and questionnaires.
Information about your participation in any of our events, e.g. a special promotion or a loyalty event, such as the type, date and time of the event and relevant information related to your participation.
When you communicate or interact with us, we may also collect:
Personal data you provide when you connect with us, including by email, post and phone or through social media, such as your name, username and contact details.
Your communication with our customer service team or other communication with us in relation to your Travel Experience or any of our Services, enquiries, suggestions, complaints, disputes or other dealings with us, including via social media or chatbot.
Sentiment and feedback data, including customer satisfaction information, any reviews or ratings you may make.
Special categories of data
In certain circumstances, we may collect special categories of data about you e.g., if you request wheelchair assistance or if you provide us with information from which such data may be derived e.g., dietary requirements which may reveal health data. We will collect and process such data only with your explicit consent or where another legal basis applies.
Personal data you provide to us about other individuals
If you make a Booking with other people in your party or if you make a Booking for other people, we will use the personal data about these other individuals which you provide to us. You may also decide to keep relevant information about others in your Account for ease of future Bookings.
When providing other people’s personal data, you must always make sure that they have agreed to this, and that you are allowed to provide it. You should also ensure that, where appropriate, they understand how their personal data may be used by us.
Personal data we receive from other parties
We usually collect your personal data from you, but we may also receive your personal data from other sources, such as:
Our TUI Group Companies and Travel Partners (see Section 5 below).
Companies that supply information, distributors, agents, retail partners and public registers.
Your insurance company, their agents and medical staff may exchange relevant personal data and special categories of data with us in circumstances where we/they need to act on your behalf or in the interest of other customers or in an emergency.
If you log-in using your social network credentials to connect to our platforms and online services e.g. Facebook, Google+, Instagram, Pinterest, X and YouTube, you may agree to share your user details with us. For example, your name, email address, date of birth, location and any other information you choose to share with us.
We may process your personal data in a variety of ways and for various purposes, always only if and where we can rely on a valid legal basis, as follows:
Purpose | Legal Basis |
To deliver your Travel Experience and other Services. We will process your personal data to deliver our Services to you, including to: • deliver the Travel Experiences and other Services you have booked with us; • complete and administer your Bookings; • maintain your information which is required to make a Booking, so you don't have to enter this information again for each new Booking you make; • notifying you of the opportunity to sign up to an Account and migrate your data from any existing customer account to the updated Account; • provide customer service to you, i.e. to help you with any Bookings, process payments and refunds or deliver any other assistance you may ask for. | To perform our contract with you. To pursue our legitimate interest in delivering our Travel Experiences and Services. |
To manage and improve our Travel Experiences and Services. We will use personal data to monitor, manage and improve the quality of our Travel Experiences and Service delivery, including by: • monitoring the quality and stability of our Service delivery and our systems; • testing and troubleshooting, generating statistics and analysing relevant information about system performance and usage; Where feasible, we will use anonymised or pseudonymised data for such analytical purposes, e.g. by way of aggregation or other means of de-identification. | To pursue our legitimate interest in monitoring and improving our Travel Experiences, Services and day-to-day operations. |
To personalise your experience. We will use your personal data to better understand your interests so that we can try to predict what other Travel Experiences, Services, and information you might be most interested in. This will enable us to deliver more personalised content on our Website and mobile apps which is relevant for you, including promotions, search assistance, special discounts or rewards for Travel Experiences of our TUI Group Companies and Travel Partners which we believe you may find interesting. To do this, we may: • use information from your Account on Travel Experiences and Services you have booked, shortlisted or otherwise tagged on our Websites, such as booking data, ancillary purchases, use of in-hotel-activities & booked services; • analyse your use of and your interaction with our Websites and other Services, your browsing behaviour and your interests in our marketing communication (which may be collected via cookies and similar tracking technologies); • measure your responses to marketing communication from us; • use information from any Loyalty Program you may join, such as your participation status (e.g. active or inactive), loyalty tier or level, details of rewards earned, and information on loyalty points collected and redeemed and further similar information, where that is required by us to deliver benefits or otherwise in this context; and • use your personal data to gain customer insights, targeting marketing communication or other content. In doing so, any of the above data may be shared with other TUI Group Companies on an aggregated or anonymous basis where feasible and appropriate. We may work with selected advertising, measurement and technology partners to create, activate, and measure customer audience segments, including for the purpose of delivering more relevant advertising and experiences. This may include providing partners with access to aggregated insights or privacy-safe audience signals or enabling the activation of audience segments across third-party platforms. We do not share raw personal data. Where we collaborate with partners, we use privacy-preserving technologies (such as data clean rooms or privacy-safe identity solutions) and other technical and organisational measures to ensure data is pseudonymised, anonymised, or otherwise aggregated, and used only for agreed purposes. We apply strict contractual and technical controls. For the above purposes, we may also combine information from various sources, such as our Websites, your Account, any Loyalty Programs you may join or other Services offered by us or other TUI Group Companies. If you do not want to receive personalised content, you can let us know at any time, online via your Account or by contacting us at the details set out below. You may still receive marketing communication from us, but they will not be personalised. | To pursue our legitimate interest in offering you more relevant Travel Experiences and Services. |
For marketing communication. We may use your personal data to send you personalised marketing communication, such as relevant offers and news about the Travel Experiences promoted via our Websites and our other Services in a number of ways, including by email, SMS, WhatsApp, post, phone, chatbot or via social media. We may use the same information we use to personalise your experience on our Websites (see above) to personalise our marketing communication with you. We may also invite you to participate in promotional activities such as sweepstakes, competitions, or referral program. If you chose to participate, we will process your personal data to administer the promotional activity, including communicating with you and delivering any prize. We may ask you for your permission to send you marketing communication. In particular, we may ask you for your permission to send you information about Travel Experiences of our TUI Group Companies and Travel Partners that we believe may be of interest to you. You can opt in to App Push and Web push notifications in your device. Where permitted under applicable law, we may send you product recommendations by e-mail, SMS, WhatsApp, MMS or similar electronic communication services. You can also unsubscribe at any time by changing your marketing preferences in your Account, using the ‘unsubscribe’ link in our marketing emails, replying STOP to the short code in our marketing text messages, by phone, or by writing to us at the contact details set out below. Further, you can opt out of App Push and Web push notifications in your device at any time. Important: If you unsubscribe from TUI Group marketing emails and you are a member of a Loyalty Program, your membership and benefits may end. If applicable, we will confirm this with you at the time you choose to unsubscribe. If you want to leave a Loyalty Program and continue to receive marketing communications from TUI Platform Services Unipessoal Lda, please use the “Leave Loyalty” button or, if it is not available for any reason, contact us by phone, or by writing to us at the contact details set out below. For further details on your right to object, please refer to "Your rights in relation to your personal data" below. Even after you have unsubscribed, you may still receive Service-related communication from us. For example, we will confirm Bookings you make with us and provide you with important service information about the Travel Experiences you booked or any of our Services you use. Please note that unsubscribing from marketing communication from us will not affect your relationship with any TUI Group Companies with whom you have booked a Travel Experience before. Please refer to the Privacy Notice of the respective TUI Group Company for further information on how they process your personal data. | To pursue our legitimate interest to send personalised marketing communication to our customers. Your consent. |
To contact and interact with you. We want to serve you better as a customer, so there will be various situations in which we may contact you, for example by email, SMS, WhatsApp, post, phone, chatbot or via social media. Where possible, we will only contact you via the communication channels you have shared with us. This may include: • responding to any enquiries or requests you have made; • sending you service communication, such as confirming Bookings, sending you useful information for planning your trip or sending you security alerts or other administrative messages; • alerting you of upcoming Bookings and providing you with important information about your upcoming Travel Experience; • reminding you of any unfinished Bookings in order to save you the effort to complete a new Booking. | Your consent To perform our contract with you where communication is required. To pursue our legitimate interest in communicating with you to improve your customer experience and to provide you with personal service in connection with your Account or other Services. |
Market research. We like to hear your views to help us to improve our Travel Experiences and Services, so we may contact you to invite you to participate in customer surveys, feedback questionnaires or other market research activities. Your participation is always optional. You can tell us to stop contacting you for market research purposes at any time. | To pursue our legitimate interest in conducting market research to help us to improve our Travel Experiences and Services. Your consent. |
Call monitoring and chat function. To save time and resources, we may use a call monitoring system which automatically detects your number and matches it to your Booking. We may still ask for authentication to keep your data confidential. We may also use chat function to exchange information when you contact us. Calls and chats may be recorded for quality and training purposes as well as to handle legal claims, fraud detection and complaints. | Your consent. |
To ensure safety and security. To ensure the security of our premises and facilities, IT systems, databases, Websites or other digital infrastructure, including authentication of users and Bookings, preventing and detecting security incidents, improving data security and protecting against malicious, deceptive, fraudulent or illegal activity, and prosecuting those responsible for that activity, service, testing and maintenance of our systems. We may have to cancel or freeze Bookings or other Services if and as long as required to conduct investigations and risk and security assessments. We use CCTV and similar technologies to help maintain the safety of anyone working in or visiting our shops[PK1] , premises, and other facilities or buildings, and for the prevention, detection and prosecution of criminal offences. We may also rely on the images to establish, exercise or defend our legal rights. | For compliance with a legal obligation to which we are subject. To pursue our legitimate interest in maintaining the security, safety and integrity of our IT systems, networks and other digital infrastructure, and employees and visitors. |
Crisis and emergency management. We may process your personal data to respond to and manage crises, emergency situations, and similar incidents globally. For example, your insurance company, their agents and medical staff may exchange relevant personal data and special categories of data with us in circumstances where we/they need to act on your behalf or in the interest of other customers or in such an emergency. With your permission, we may also use information from your mobile device on your current location to check if you may be impacted by a crisis or emergency situation, to contact you and to provide you with any relevant information. | To perform our contract with you. For compliance with a legal obligation. To protect the vital interests of you or of someone else. For the performance of a task carried out in the public interest. To pursue our legitimate interest in responding to and managing such incidents. Your consent. |
For legal and compliance purposes. We may need to process your personal data to establish, exercise or defend our legal claims and rights, including appropriate dispute or dispute resolution procedures, for regulatory and official investigations and compliance, for internal investigations, to enforce our customer terms and conditions, or to comply with lawful requests from law enforcement and other authorities. | For compliance with a legal obligation to which we are subject. To pursue our legitimate interest to protect and enforce our legal rights and claims. |
In order to fulfil your rights as a data subject. If you assert your rights as a data subject, for example by requesting access to your personal data, we will process the necessary data to fulfil your request. | To fulfil a legal obligation to which we are subject. |
We will not process your personal data for any other purposes than those set out above, unless we inform you about a change in purpose.
Generally, you are not obliged to provide your personal data to us for the above purposes, unless we specifically inform you that you are required by law to provide certain information. However, if you do not provide us with the information we request from you, we may not be able to provide you with our Services or products.
We will generally not share your personal data with third parties unless that is required to deliver your Travel Experience or for any other purpose set out above. In particular, we may share your personal data with the following third parties:
TUI Group Companies or Travel Partners
In order to provide the Travel Experiences or Services requested by you we may share personal data with other TUI Group Companies and Travel Partners we engage to deliver your Travel Experience, including airlines, ground handlers, accommodation providers, destination management companies, and tour providers. If you have a query or dispute about a product or service provided by a Travel Partner, we may contact them to handle your request and share with them minimum information.
If you register for an Account , we may check and confirm if you have opened any prior customer accounts with us. If so, we will notify you and explain that these old accounts will be deactivated and your data from these accounts will be transferred to your new Account. This is required to protect the integrity and consistency of your customer record and your personal data, reduce redundant data and, most importantly, to help avoid unwanted loss of your personal data. Your Account will enable you to access your Booking history and other relevant personal data across all TUI Group Companies.
Further, if you have registered for a Loyalty Program, we may share your personal data with other TUI Group Companies as required to operate the Program and to provide you with relevant rewards. Please refer to the Terms and Conditions of the Loyalty Program, which explain how it works.
Our TUI Group Company or the Travel Partner which delivers your Travel Experience may collect and process further data about you. Please refer to the privacy notice of the relevant TUI Group Company or Travel Partner for information about how they process your personal data in connection with your Booking and your related rights.
Generally, we may share your personal data with other TUI Group Companies where that is required for the purposes set out above (please refer to "Why and on which legal basis we process your personal data") and always provided this is required or permitted under applicable law.
Suppliers
We work with carefully selected suppliers that carry out certain functions on our behalf. For example, companies that help us with IT services, storing and combining data, marketing, advertising campaigns, market research, processing payments or handling chargebacks and otherwise delivering our Services. This may also include our suppliers who deliver loyalty benefits to you if you participate in a Loyalty Program. Our suppliers will also include TUI Group Companies, such as TUI Travel Group Solutions Limited, TUI InfoTec GmbH or TUI Technology NV.
Where our suppliers process personal data on our behalf, and in accordance with our instructions (so called data processors), we retain control over your personal data and will remain fully responsible for it. When engaging such data processors, we will apply appropriate safeguards as required by applicable law to ensure the integrity and security of your personal data.
When we share personal data with other organisations, we require them to keep it safe, and they must not use your personal data for their own marketing purposes.
We will only share the minimum amount of personal data that is required to enable our suppliers to provide their products and services to us.
Professional advisors and other professional third parties
We may share your personal data with our professional advisors, such as law firms, tax advisors, auditors or insurance companies where that is required in connection with insurance claims, disputes or other legal claims or in connection with an audit or investigation we undergo. Any such third parties will be under a strict confidentiality obligation and will handle your personal data in line with their professional obligations.
Public, regulatory and government authorities, and similar bodies
We may share your personal data with relevant public authorities and similar bodies. These include regulatory or enforcement authorities, lawyers or courts. We will only do so if required by applicable law or regulation or if legally permitted and necessary to comply with a legal obligation or for the establishment, exercise or defence of legal claims.
So that you can travel, it may be mandatory (as required by government authorities at the point(s) of departure and/or destination) to disclose and process your personal data for immigration, border control, security and anti-terrorism purposes, or any other purposes which they determine appropriate.
Some countries will only permit travel if you provide your advance passenger data. These requirements may differ depending on your destination and you are advised to check. Even if not mandatory, we may assist where appropriate.
We may share the minimum personal data necessary with other authorities and bodies if the law says we must, or we are legally allowed to do so.
Credit reference and fraud prevention agencies
When you book Travel Experiences via our Websites or use other Services from us, we may share your personal data with credit reference and fraud prevention agencies. That means looking into any records we hold about you and your records with credit reference agencies (CRAs) or fraud prevention agencies (FPAs). When they get a search from us, a 'footprint' goes on your file which other organisations might see.
We may also do checks to confirm your identity. That is to help protect you from identity theft and other types of fraud, and to prevent and detect crime or money laundering. We may run more checks with CRAs and FPAs to keep your information and your account up to date. If false or inaccurate information is provided and identified as fraud, the details will be passed to FPAs. This information may also be shared with law enforcement agencies.
If you tell us you have a spouse or financial associate, we may link your records together – so you must make sure you have their agreement to disclose information about them. CRAs may also link your records together and these links will stay on your and their files – unless you or your partner successfully files for a disassociation with the CRAs to break that link.
We may send these agencies details such as your name, address, accounts and bills, including how you manage them. That includes telling them about your account balances, what you pay us and when you miss a payment. If you don't pay your bills on time CRAs will record that. Agencies may tell others doing similar checks, including organisations trying to trace you or recover money you owe them.
For Germany, each credit reference and fraud prevention agency has its own criteria for calculating a credit score. For more information about credit reference and fraud prevention agencies, e.g. Creditrefrom, Avarto Infoscore and Bürgel, as well as the European Anti-Fraud Office (OLAF), and how they may use your personal data, please refer to the respective privacy notices of credit reference agencies and OLAF. In principle, data processing is carried out on the basis of the special interest of the credit agencies.
For the UK, each credit reference and fraud prevention agency has its own criteria for calculating a credit score. For more information on credit reference and fraud prevention agencies e.g. Callcredit, Equifax and Experian, and how they may use your personal data, please refer to the Credit Reference Agency Information Notice (CRAIN). The CRAIN describes how the main credit reference agencies use and share personal data they receive about you and/or your business that is part of or derived from or used in credit activity.
Corporate transactions
We may also share personal data with an organisation to which we sell or transfer (or enter into negotiations to sell or transfer) any of our businesses or any of our rights or obligations under any agreement we may have with you. If the transfer or sale goes ahead, the organisation receiving your personal data can use your data in the same way as us.
We know how important it is to protect and manage your personal data. We take appropriate security measures to help protect your personal data from accidental loss and from unauthorised access, use, alteration and disclosure.
The security of your data also depends on you. For example, where we have given you or where you have chosen a password for access to certain Services, you are responsible for keeping this password confidential.
TUI Group is a global enterprise. As such, we may need to share your personal data with recipients in other countries in the course of our business activities. Such countries may not have the same level of data protection as the country in which your personal data was initially collected. In such cases we will process your personal data in accordance with this Notice and applicable law.
If we process your personal data under the EU General Data Protection Regulation or if so required under the data protection laws of the country of your residence, we will put in place appropriate safeguards to make sure your personal data remains adequately protected and that it is treated in line with this Notice and applicable law. These safeguards include, for example, appropriate contract clauses, such as standard contract clauses approved by the European Commission and the UK International Data Transfer Addendum, and appropriate security measures. You can contact us anytime at the contact details below if you would like further information on such safeguards.
We will retain your personal data for only as long as it is necessary to provide our Services to you or for the other purposes set out in this Notice and to meet legal and regulatory record retention requirements. After this period, we will securely erase your personal data. If data is needed after this period for analytical, historical or other legitimate business purposes, we will take appropriate measures to anonymise this data.
Cookies are small data files that allow a website to collect and store a range of data on your desktop computer, laptop or mobile device. Cookies help us to provide important features and functionality on our Websites and mobile apps, and we use them to improve your customer experience. Please see our separate Cookie Notice.
Our Websites or mobile apps may contain links to websites operated by our TUI Group Companies, Travel Partners or other organisations that have their own privacy notices. Please read the terms and conditions and privacy notice carefully before providing any personal data on another organisation’s website, as we do not accept any responsibility or liability for websites of other organisations.
Our Websites or mobile apps may contain social media features such as Facebook, Google (including Maps), Instagram, Pinterest, X, and YouTube that have their own privacy notices. Please read their terms and conditions and privacy notice carefully before providing any personal data as we do not accept any responsibility or liability for these features. For example, if you click on any social media plugins integrated on our Websites and apps (such as Facebook’s ‘Like’ button), certain information will be shared with these social media providers. Your social media provider may relate this information to your social media account and may display these actions also on your social media profile (depending on your settings).
We may also maintain social media accounts ourselves. Whenever you connect with us through such social media, your social media service provider may share information with us.
We may use automated systems, including AI, to enhance our Services and keep them secure. Examples include ranking search results, providing personalised recommendations, operating chatbots, monitoring and troubleshooting our systems, preventing fraud or breaches of our customer terms, and supporting real‑time assistance during travel. We may also store and analyse chat histories to resume conversations and improve service quality, and—where you instruct us—perform automated travel bookings via digital interfaces (e.g., websites, APIs). Where you interact with AI, we will make this clear.
Governance & risk management
AI applications are selected, assessed, and monitored under TUI Group and local policies and applicable law. We conduct appropriate due diligence and risk assessments (including for data accuracy, hallucinations, bias and other potential harms) and maintain human oversight. We apply auditing and access controls to ensure traceability and security and implement safeguards for international data transfers when using external AI service providers.
No solely automated decisions with legal or similar effects
Our use of AI or other systems does not result in decisions about you that are based solely on automated processing and that produce legal or similarly significant effects on you. For example, when we recommend or rank Travel Experiences, you remain free to accept or ignore our suggestions. Where required by law, or it is appropriate, we ensure a human-in-the-loop.
Use of your personal data in AI systems
We may use your personal data to develop and enhance our machine-learning models and AI tools, in line with applicable data protection laws. Processing purposes may evolve as technology develops; we will communicate material changes transparently in this Notice.
Your choices & rights
Where AI or other automated systems are used, we will implement suitable measures to safeguard your rights and freedoms, which may include the right to obtain human review of a decision, express your point of view, and contest the outcome, where applicable under law.
Unless indicated otherwise, you are not allowed to use our Services if you are a child (as defined by local laws). We only process information about minors with the consent of their parents or legal guardians, or when the information is shared with us by a person authorised by the parents or legal guardians themselves. If you are a child, please make sure that you obtain your parent's or guardian’s permission prior to providing us with any of your personal data. Should we become aware that we have processed any personal data of a child without the valid consent of a parent or guardian, we may delete such information.
Subject to applicable conditions and limitations, you have certain rights in relation to your personal data. For any requests, please contact us at the details set out in the next section. If you contact us to assert your rights, we will only process data that is necessary to respond to your request.
Please include details to help us identify and locate your personal data. Where we can provide data access, we will do so free of charge except where further copies are requested, in which case we may charge a reasonable fee based on administrative costs.
Please note that we may ask you to verify your identity before we can act on your request or complaint. We may also ask you for more information to help ensure that you are authorised to make such a request or complaint when you contact us on behalf of someone else.
We will respond to a request without undue delay and, in any event, within one month of its receipt (or within a shorter period if required by applicable law). This period may be extended by two months, where necessary, taking into account the complexity and number of requests. In the event an extension is required, we will inform you within one month and provide reasons for the delay.
Right of access to your personal data
You have a right to ask for a copy of the personal data we hold about you, although you should be able to access online the personal data associated with your Account or Booking. You can write to us asking for a copy of other personal data we hold about you. We want to make sure that the personal data we hold about you is accurate and up to date. If any information we hold about you is incorrect, please let us know.
Rectification of data
You can ask us to correct incorrect or incomplete personal data about you.
Right to Erasure
You can request the deletion of your personal data. For example, if data is no longer necessary for the purposes for which it was collected. You can also request deletion if we process your data on the basis of your consent and you withdraw this consent.
Right to restrict processing
You can request the restriction of the processing of your personal data. For example, if you dispute the accuracy of your data. You can then request the restriction of processing for how long it takes to verify the accuracy of the data.
Right to data portability
If data processing is based on consent or the performance of a contract and processing is carried out by automated means, you can ask to receive your data in a structured, common, and machine-readable format and to transmit it to another Controller.
Right to object to processing based on legitimate interests or the public interest
You can object at any time on grounds relating to your particular situation to any processing of your personal data which is based on legitimate interests or the public interest. Where personal data is processed for personalised marketing purposes, including profiling to the extent that it relates to such marketing, you can object at any time without providing reasons.
Right to object to automated individual decision-making, including profiling
You can object to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. However, this right to object does not apply if the decision is necessary for entering into, or performance of a contract with you, or it is authorised by applicable law, or is based on your explicit consent.
Right to withdraw your consent
If you have given us your consent for the processing of your personal data, you may withdraw your consent at any time with effect for the future. The withdrawal of your consent does not affect the lawfulness of processing based on the consent before its withdrawal. If you withdraw your consent, we will promptly delete the relevant data unless there is another legal ground permitting or requiring us to retain and continue processing such data.
Complaints about how your personal data is handled
You can also contact us if you have a complaint about how we collect, store, or use your personal data. We aim to resolve complaints but if you are dissatisfied with our response, you may complain to your local data protection authority:
Landesbeauftragte für Datenschutz und Informationsfreiheit Niedersachsen
Prinzenstraße 5, 30159 Hannover
Telefon: +49 0511 120-4500
E-Mail: poststelle@lfd.niedersachsen.de
If you have any questions about this Privacy Notice, or you want to exercise your rights over your personal data or complain about how we collect, store or use your personal data, please contact our Data Protection Officer.
By email: datenschutz@tui.de
Account | A customer account for all your Bookings with participating TUI Group Companies and which will contain relevant information on any Booking with us and any of the TUI Group Companies. |
Booking | Any booking, reservation or purchase of a Travel Experience with any of our TUI Group Companies or Travel Partners which you make, for example, via our Websites, retail shops, mobile apps, or contact centres. |
Controller | The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purpose and means of the processing of personal data. |
European Economic Area (EEA) | EU Member States plus Norway, Iceland and Lichtenstein. |
Loyalty Programs | Any program which rewards customers with any form of benefit in return for making purchases. A customer needs to actively sign up to the Loyalty Program(s) to take advantage of the benefits available. For example, the TUI Smiles Rewards Club. |
Special categories of data | Personal data revealing racial or ethnic origin; political opinions; religious or philosophical beliefs; trade union membership; genetic data, biometric data for the purpose of uniquely identifying a natural person; health data; and data concerning a natural person’s sex life or sexual orientation. |
Services | Any service, resource or tool provided by us to you from time to time as set out in our customer terms and conditions. |
Travel Experience | A travel-related product or service of one of the TUI Group Companies or Travel Partners, which is marketed on, for example, our Websites, retail shops, or mobile apps. |
Travel Partner | Any of our partners outside of the TUI Group who offer Travel Experiences, which are marketed on, for example, our Websites, either directly or indirectly through a TUI Group Company. |
TUI Group | TUI AG and its affiliates. More information about the TUI Group can be found here. |
TUI Group Company | Any of our affiliated companies within TUI Group. |
Websites | Means any website, mobile app or other electronic platform operated by us to promote Travel Experiences and to deliver the Services. |
This Notice replaces all previous versions. We may change this Notice at any time so please check it regularly on our Websites for any updates. If the changes are significant, we will provide a prominent notice on our Websites including, if we believe it is appropriate, electronic notification of Privacy Notice changes.
Last update: May 2026