Privacy Policy

Last updated: January 10, 2024

FinalPrice Travel Ltd (“FinalPrice,” “we,” "our", or “us”) knows that you care how information about you is used and shared. FinalPrice Travel Ltd, a United Kingdom company, registered under no.13362268 with a registered address at Westwood House Annie Med Lane, South Cave, Brough, England, HU15 2HG, United Kingdom, is the operator of the FinalPrice websites and the FinalPrice mobile applications (hereafter collectively referred to as the "Platform"), is the data ‘controller,’ as defined by the General Data Protection Regulation (“GDPR”). You can contact us at info@finalprice.com and our Data Protection Officer at privacy@finalprice.com.

This Privacy Policy explains what information of yours will be collected by FinalPrice when you use the Platform, how the information will be used, and how you can control the collection, correction and/or deletion of information. This Privacy Policy does not apply to information we collect by other means (including offline) or from other sources. Capitalized terms that are not defined in this Privacy Policy have the meaning given them in our Terms of Use.


Information We Collect

Automatically Generated Visitor Information: We collect information and data that is automatically transmitted or generated by your browser and/or your mobile device each time you use our Platform. Such information includes the IP address, referring / exit pages and URLs, the browser used, the browser language, the operating system and user interface, the access device used, date and time of your access, number of clicks, domain names, landing pages, pages viewed, and other such information. Such data is stored for a period of two years and deleted automatically thereafter. We may use this information to investigate errors, to improve the stability and functionality of the Platform, and to assist you in completing any interrupted bookings.

User-Provided Information: You provide us information about yourself, such as your name, email address, mobile phone number, if you register for a Member account with the Platform. When you book a travel product through our Platform, we ask you to provide personal data, e.g. your name, your email address, phone number, government-issued identification numbers, emergency contact information, billing address, payment data, information about your loyalty, bonus or discount cards (e.g. mileage or frequent-flyer programs, railway customer cards). We will ask you for the data that the respective transportation provider requires to complete the booking process. Our forms show what kind of data is required for each respective booking. We cannot process your booking without the provision of the required data. Payment data will be immediately passed on to the respective payment provider. We only store truncated/hashed payment data for reporting purposes and fraud analysis.

When you make a booking for someone else (e.g. your travel companion, business travel) through the Platform, we will request personal information about such companion or such business. You should obtain the consent of all such individuals before providing their information to us as those individuals may not be able to independently view their information themselves if it is provided to us under your account. If you use the Platform, you may provide us your geolocation information.

If you correspond with us by email/chat channels, we may retain the content of your messages, your email address, and our responses. We may also retain any messages you send through the Platform.

We store booking-related data for a period of 5 years and thereafter keep the information required by trade and tax law for the statutory retention periods (usually five years after the conclusion of the contract/booking). We keep your account data as long as you keep up your user account with us. If you decide to delete your account, we delete the associated data. However, potential booking data and related basic data (e.g. your name and address) will be kept as described above.

Cookies Information: When you visit the Platform, we may send one or more cookies – a small text file containing a string of alphanumeric characters – to your computer that uniquely identifies your browser and lets FinalPrice help you log in faster and enhance your navigation through the site. A cookie may also convey anonymous information about how you browse the Platform to us. A cookie does not collect personal information about you. A persistent cookie remains on your hard drive after you close your browser. Persistent cookies may be used by your browser on subsequent visits to the site. Persistent cookies can be removed by following your web browser’s directions. A session cookie is temporary and disappears after you close your browser. You can reset your web browser to refuse all cookies or to indicate when a cookie is being sent. However, some features of the Platform may not function properly if the ability to accept cookies is disabled.


How We Share Your Information

Personally Identifiable Information: FinalPrice will not rent or sell your personally identifiable information to others. FinalPrice may share your personal information with third parties, as well as with your financial institutions that support your access to the Platform, in order to improve the quality of service provided by the Platform and your financial institution to you. If we do this, such third-parties use of your information will be bound by this Privacy Policy. We may store personal information in locations outside the direct control of FinalPrice (for instance, on servers or databases co-located with hosting providers)

Non-Personally Identifiable Information: We may share non-personally identifiable information (such as anonymous usage data, referring/exit pages and URLs, platform types, number of clicks, etc.) with interested third parties to help them understand the usage patterns for certain FinalPrice services.

Transportation and accommodation providers: When you make a booking by using the Platform, we will transmit your personal data required to execute such booking to the respective provider (e.g. hotel, airline, rental car company, railway or coach operator, etc) so that the provider can process your booking and produce any personalized tickets/records that may be required. Such a third-party will then process your personal data under its own responsibility and in accordance with its own privacy policies. We therefore strongly recommend that you carefully review the privacy policy for each such service provider prior to making your booking. This data transfer requires that your explicit consent is given for each booking process, pursuant to Art. 6(1)(a) GDPR.

Payment providers: The payment details for bookings made directly with our Platform are processed by a trusted internet payment processor, who will transmit your data directly to the relevant credit card company. In order to ensure that the credit/debit card is being used by its legitimate owner, and to prevent cases of online fraud, encrypted payment details information is transferred to an external payment security service for auditing purposes. This transfer may also include additional personal data. Your payment data is processed by trusted and reliable internet payment processors and data is encrypted (usually using the SSL protocol) before transmission to the payment processor.

Other third-party service providers: We may use third-party service providers, in particular for technical and business services, tax advisors, and legal counsel. This may include hosting providers, including a content delivery network to cache and provide content, statistics and analytics, providers to handle help desk and support data, provision of CRM systems, sending of newsletters/mailings, spam and fraud prevention, IT service and development providers. These service providers receive personal data solely for the performance of their services for us on our behalf. They are contractually obliged not to use personal data for other purposes.

Recipients outside of the EU: The data processing mentioned under Sec. I2a, I6-9, II2,3, III2,3 may result in data transmission to recipients outside of the EU. The data transmission is then based on the EC model contracts https://ec.europa.eu/info/law/law-topic/data-protection_en. Personal information may be transferred to third-parties, such as transportation providers, located in non-EU countries, in which the travel is scheduled to take place. FinalPrice cannot provide any further information on the level of data protection offered in non-EU countries. Neither an adequacy decision in accordance with Art. 45 para. 3 GDPR or appropriate safeguards in accordance with Art 46 GDPR are required for such data transfer as it is necessary: for the performance of a contract between you and FinalPrice or the implementation of pre-contractual measures taken at your request (Art. 49(1)(b) GDPR); or for the conclusion or performance of a contract concluded in your interest between FinalPrice and another natural or legal person (Art. 49(1)(c) GDPR).

Except as otherwise described in this Privacy Policy, FinalPrice will not disclose personal information to any third party unless required to do so by law or subpoena or if we believe that such action is necessary to (a) conform to the law, comply with legal process served on us or our affiliates, or investigate, prevent, or take action regarding suspected or actual illegal activities; (b) to enforce our Terms of Use, take precautions against liability, to investigate and defend ourselves against any third-party claims or allegations, to assist government enforcement agencies, or to protect the security or integrity of our site; and (c) to exercise or protect the rights, property, or personal safety of FinalPrice, our Users or others.


Purposes and Legal Basis of Data Processing

We will only process personal information in ways that are compatible with the purposes outlined in this privacy policy (or those you later authorize). We process your personal data for the following purposes and on the following legal basis:

a) Pursuant to Art. 6(1)(b) GDPR to enter into, perform, modify or terminate a contractual relationship with you, in particular:
- to enable your access and use our Platform;
- to facilitate your search queries and bookings;
- to perform our contractual obligations;
- to personalize your ticket or booking and to contact you with regards to the booking process or your user account;
- to facilitate your account login on the Platform, to recognize you as a user and spare you from re-entering your data upon your revisits to the Platform.

b) Pursuant to Art. 6(1)(f) GDPR based on our legitimate interests:
- to improve our Platform and to adapt it to the needs of our users;
- to perform internal quality checks;
- to prevent, detect, process and investigate malfunctions, incidents, fraudulent or other illegal activities, or mitigate the risk of occurrence of the aforementioned events;
- to ensure network and information security;
- to create statistics on access channels, the use of the Platform and the frequency of transition to our partner’s websites and services;
- for internal accounting and invoicing purposes with the respective transportation providers, accommodation and other partners and service providers;
- to personalize the Platform and our offers;
- to display special offers that may match your interests (or reduce your exposure to advertising and special offers which you may find uninteresting);
- for the purpose of business process outsourcing to affiliated companies;
- enforcing obligations owed to us, and contractual terms and conditions;
- accounting, risk management and record keeping.

When using personal data to serve the above-mentioned legitimate interests, we will always balance your rights and interests in protecting your personal data against the rights and interests of our company, our affiliates, and trusted third-parties.

c) Pursuant to Art. 6(1)(a) GDPR based on your consent:
- to send you newsletter emails or trip updates;
- to transfer data for certain bookings to our Platform partners.

d) Pursuant to Art. 6(1)(c) GDPR to comply with legal obligations, e.g. to observe retention periods required by trade or tax law or to comply with obligations to disclose data based on a legally binding court decision or official order.


How We Protect Your Information

While no online service can guarantee absolute security, we implement reasonable procedures to protect your personal data’s confidentiality, integrity and availability (e.g. preventing unauthorized access or misuse of your data, employing technical and physical restrictions for accessing and using personal data, using firewalls, etc.). FinalPrice is not responsible for the functionality or security measures of any third party. To protect your privacy and security, we take reasonable steps to verify your identity before granting you access to your account. You are responsible for maintaining the secrecy of your unique password and account information, and for controlling access to your email communications from FinalPrice, at all times.

Our hosting is located within the European Union. However, to facilitate our global operations (i.e. by means of third party service providers) the transmission of personal data to the recipients described above may include overseas transfers of personal data to countries whose data protection laws are not as comprehensive as those of the countries within the European Union. In these situations, as may be required, we make contractual arrangements to ensure that your personal data is still protected in line with European standards.


Links to Other Web Sites

We are not responsible for the practices employed by websites linked to or from the Platform, nor the information or content contained therein. Such sites may include third parties that process your credit card information to help you book travel plans. Please remember that when you use a link to go from the Platform to another website, our Privacy Policy is no longer in effect. Your browsing and interaction on any other website, including those that have a link on our website, is subject to that website’s own rules and policies. Please read over those rules and policies before proceeding.


Children’s Privacy

Protecting the privacy of young children is especially important. For that reason, FinalPrice does not knowingly collect or solicit personal information from anyone under the age of 13. If you are under 13, please do not send any information about yourself to us, including your name, address, telephone number, or email address. No one under age 13 is allowed to provide any personal information to or on FinalPrice. In the event that we learn that we have collected personal information from a child under age 13 without verification of parental consent, we will delete that information as quickly as possible. If you believe that we might have any information from or about a child under 13, please contact us at legal@finalprice.com.


Miscellaneous

In addition to the right to revoke your consent given to us, where applicable, you have the right to request access to (Art. 15 GDPR) and rectification (Art. 16 GDPR) or erasure (Art. 17 GDPR) of personal data or restriction of processing (Art. 18 GDPR), the right to object (Art. 21 GDPR) and the right to data portability (Art. 20 GDPR). You have the right to object to all types of processing described in this Privacy Policy for information that are based on Art. 6(1)(f) GDPR, based on grounds relating to your particular situation (Art. 21(1) GDPR). To the extent, we process your personal data pursuant to Art. 6(1)(f) GDPR for direct marketing purposes, you can object to such processing at any time without giving a reason.

Any inquiries, complaints or questions regarding this policy or your personal ‎information should be addressed to our Data Protection Officer at the following email address: privacy@finalprice.com.

The original English version of this Privacy Policy may have been translated into other languages. The translated version is a courtesy and office translation only and you cannot derive any rights from the translated version. In the event of a dispute about the contents or interpretation of this Privacy Policy or inconsistency or discrepancy between the English version and any other language version of this Privacy Policy, the English language version to the extent permitted by law shall apply, prevail and be conclusive. The English version is available on our Platform (by selecting the English language) or shall be sent to you upon your written request.

We may make changes or updates to this Privacy Policy from time to time or as required in response to changing legal, technical or business developments. When we update our Privacy Policy, we will take appropriate measures to inform you, consistent with the significance of the changes we make, and in accordance with applicable law. You can see when this Privacy Policy was last updated by viewing the “last updated" date displayed at the top of this Privacy Policy.