Wizz Tours Ltd. (hereinafter referred to as "Wizz Tours" or “we” or “us”), a limited liability company with company registration number 01-09-205337, having its registered address at 1103 Budapest, Kőér utca 2/A. Building B. 4th floor, Hungary, VAT number 25194841-2-42, e-mail: email@example.com, telephone: 0911 752 0752 (United Kingdom), +44 333 155 4997 (from other countries), website: www.wizztours.com - acting as the controller of your personal data - pays special attention to data protection. Data processing by Wizz Tours complies with the relevant EU and Hungarian data protection laws and is carried out in accordance with this Notice.
2. The information we ask for and use of your data
2.1. Personal data
This Notice applies to all personal data you provide us or we collect and process in association with your relationship with Wizz Tours. For the purposes of this Notice “personal data” means any information relating to you from which you are or can be identified, directly or indirectly (in particular your name, address, phone number, e-mail address, credit or bank card number, information on special care) and any reference drawn from such information pertaining to you.
2.2. Collection of your personal data
Whenever you use our services or services offered by third parties on our website (e.g. you proceed with a booking for a flight or air transport service or any related activities) we collect personal data about you either provided by you to us (or our agent) directly or collected by us when you used our services or booked third parties’ services on our website. However, Wizz Tours is not responsible for third parties’ use of your data, where such use is permitted, for their own purposes. In such cases please consult their privacy policies for further information. You can find more information about the data transfers to third parties in section 3 below.
2.3. Information we collect and process
We collect and process the following personal data about you:
(a) information about you (for example, information you give us may include your name, address, e-mail address and phone number, financial and credit card information, personal description and photograph, dietary or special assistance requirements);
(b) information about the services you purchased (whether directly provided by us or by our agent);
(c) the details of your travel arrangements (for instance the details of your booking and the additional services we provided);
(d) details of your use of our website, call centers or mobile applications (For example, you may give us information about you by filling in forms on our website, by searching for travel services, placing an order on our website. We automatically collect information about your use of our website. This includes technical information including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, and information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number); and
(e) information about communication you have with us and our staff.
We may receive information about you if you use any of the other websites we operate or the other services we provide. We are also working closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies) and may receive information about you from them. See Sec. 3 below for more details.
In certain cases we also need to process your sensitive personal data when you request special assistance from us (such as the provision of oxygen), or when you provide us with information about your fitness to fly (for instance if you are pregnant) in order to ensure that we can satisfy your request for special assistance or for safety reasons.
2.4. Use of your personal data
2.4.1. The purposes for which we use your personal data are:
(a) to deliver the services you have purchased from us or to facilitate the purchase of third parties’ services or products on our website, via our application or through our call center (data used for this purpose includes all of the data collected during the booking process: such as passenger name, nationality, gender, phone number, e-mail address, credit or bank card details, information on special care, flight details, confirmation number, date of birth, place of birth, details of travel documents, and Wizz Account number);
(b) for direct marketing purposes to provide services and offers tailored to your requirements (see Sec. 2.4.2. below);
(c) to improve our services (see Sec. 2.4.2. below);
(d) to communicate with you (for instance to send you reminder emails, or notifications about any change) (we use for this purpose personal data such as name and contact details);
(e) to support other administrative purposes (including but not limited to accounting and billing, auditing, credit or other payment card verification, anti-fraud screening) (including the use of credit reference agency searches and payment card validation checks), immigration and customs control, safety, security, health, administrative and legal purposes and systems testing, maintenance and development) (we may use any of the data that we collected from you, as appropriate);
(f) to carry out our obligations arising from any contracts entered into between you and us.
2.4.2. Cookies and direct marketing.
During the use of our website cookies are stored by your browser on your device. Read more about the cookies used by Wizz Tours by clicking here. Our aim is to ensure that our website offers visitors what they are looking for and provides them with the most relevant marketing communication. In order to achieve this goal, we may use your data for analytics purposes, for quality improvements, for service developments, to improve the performance of the website, to measure the success of our advertising campaigns or to tailor services to your needs. For these purposes we may transfer your non-personally identifiable data such as, but not limited to, anonymous demographic information and online behaviour to our contracted partners (e.g. third party service providers listed in Sec. 3.). We store data sent by your browser and device to our website during the reservation process. No such data will be disclosed to third parties except in aggregate, non-personally identifiable forms.
You may receive special offers from us if you have requested such communication by subscribing to our newsletter, or if you provided us with your details when you entered a competition or registered for a promotion. By subscribing to newsletters, or providing your details as listed above, you will be receiving direct marketing communications from us including direct marketing or special offers of Wizz Tours or of our contracted partners. For the purposes of sending you such direct marketing communications/special offers, we will process your following personal data: name and e-mail address and/or phone number.
In addition, subject to your consent, we may process your data related to the purchases you have made and to your use of our website and services for profiling purposes in order to identify the services, offers and/or promotions that may be of interest to you, and to send you personalized communications. For this purpose, we may process your data listed in Sec. 2.3. b)-d) as well as your name, e-mail address or phone number.
2.5 Legal basis of data processing
The processing of your personal data is based on the following legal basis:
- the processing of your personal data for the purposes listed in Sec. 2.4.1. (a), (d)-(f) is necessary for the performance of the contract between us, or to perform the pre-contractual steps request by you (under Art. 6 para 1 b) of the GDPR);
- the processing of your personal data for the purposes listed in Sec. 2.4.1. (e) may be necessary to perform our legal obligations (under Art. 6 para 1 c) of the GDPR), or for our legitimate interest (under Art. 6 para 1 f) of the GDPR), which include: the protection of our or third parties' rights and property, including our IT system; detecting, preventing and investigating fraud or other criminal offences; establishing, exercising or defending legal claims;
- the processing of your personal data for the purposes listed in Sec. 2.4.1. (b)-(c) is based on your consent (under Art. 6 para 1 a) of the GDPR).
In addition to the above, the legal basis of the processing of your sensitive data is your explicit consent (under Art. 9 para 1 a) of the GDPR).
The provision of your data is voluntary. However, if you do not provide your personal data, it may mean that we will not be able to provide all or parts of the services you have requested. Please note that in these circumstances you will not be able to cancel or obtain a refund of any fees you have paid.
In case of the processing of your data based on your consent for direct marketing purposes (including profiling), you are entitled to freely withdraw your consent anytime. Please note that the withdrawal of your consent does not affect the lawfulness of the processing carried out before such withdrawal. You can unsubscribe at any time without giving any reason, free of charge via the following link, or the link provided in each newsletter, or by sending a letter to 1103 Budapest, Kőér utca 2/A, Building B, 4th floor; Hungary.
In case of the processing of your sensitive data based on your consent, you are entitled to freely withdraw your consent anytime. However, please note that if you withdraw your consent to the processing of your sensitive data, we may not be able to provide you with the special assistance required by you. Please also note that the withdrawal of your consent does not affect the lawfulness of the processing carried out before such withdrawal.
3. Disclosure of your personal data to third parties
Your personal data may be shared within the Wizz Air Group, when it is necessary for accounting, financial and organizational purposes and/or in order to execute the contract between you and us. For more information about Wizz Air Group, please click here. In addition disclosure of your data to other parties may be necessary to ensure the smooth provision of the products, services and information you request.
We may also disclose your personal data to the below categories of third parties for the purpose described in this Notice:
- third party service providers whose services you purchased (such as insurance, transfer services) on our website, in our application or via our call center;
- air carrier, hotel provider whose services included in the package you purchased;
- credit card companies, payment service providers to process the payments you initiated on our website, in our application or via our call center;
- third parties running customer surveys on our behalf;
- other third party service providers involved by us for – inter alia - data processing;
- third parties, such as law firms and law courts, in order to enforce or apply any contract with you;
- government authorities or enforcement bodies such as the police and regulatory authorities, upon their request and only as required by the applicable law or to protect our rights or the safety of our customers, staff and assets.
Third party service providers. When you purchase the service of a third party service provider on our website, in our application or via our call center we transfer your personal data to facilitate the purchase.
The data processing of such third parties may also be governed by their own privacy policies. Please review the privacy policies on the website of such third parties directly for more information about their data processing practices. Please note that we reject all responsibility or liability for these policies. In certain cases, both our and such third party’s terms and conditions and privacy policies shall be accepted to obtain the relevant service.
Furthermore, we also receive information about you from third parties, for instance when you participate in a loyalty program.
When you make a booking via this web site, your data will be passed to the air carrier and may also need to be passed to other companies of Wizz Air Group (including our subsidiaries, our ultimate holding company and its subsidiaries) or third party suppliers (such as the hotel provider), so as to enable those companies to provide you with the flight seats and any other products or services you have purchased. We may also disclose your data to (i) all relevant third parties who will supply the travel arrangements or other services contracted for, (ii) Government bodies and other authorities to whom we are legally obliged to pass your data (e.g. border agencies of countries you intend to visit) and (iii) relevant third parties for the purpose of fraud protection and credit risk reduction. We may also receive data from the said third parties.
For more information about the data transfer to/from third parties, please click here.
Call center. We engage third party suppliers for the provision of call center services for us. The call center is processing your personal data in accordance with this Notice. The call is being recorded and may be connected with other reservation data to ensure quality and for possible future complaints handling. Complaints submitted electronically, via post or via email are also archived, and may be connected with other reservation data for possible future complaints handling.
Border police and immigration authorities. In certain countries, the air carrier is required by law to give border control agencies access to booking and travel information. Therefore, any information we hold about you and your travel arrangements may be disclosed to the customs and immigration authorities of your place of departure or your destination.
In addition, laws in several countries require the air carrier to collect passport and associated information for all passengers prior to travel to or from those countries. When required, Wizz Tours will provide this information to the air carrier which forwards it to the relevant customs and immigration authorities.
4. International transfer of personal data
We may need to be required to transfer your personal data to recipients that are located outside the European Economic Area ("EEA"). These recipients may be located in countries in relation to which the European Commission has not issued a decision stating that such country provides adequate level of data protection. In relation to data transfers to recipients located in such countries, we have implemented appropriate data transfer agreements with the recipients incorporating the EU Model Clauses adopted by the European Commission in order to safeguard the personal data transferred (under Art. 46 para 2 c) of the GDPR). You may request more information on, or copies of, such transfer agreements by contacting us via the contact information indicated in the present Notice.
We take appropriate technical and organizational measures to ensure the protection of your personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing. We pay special attention to the safe transmission of the personal and financial data. This data is transmitted from your computer to the booking server of Wizz Tours through encrypted channels with the support of the state-of-the-art Secure Socket Layer (SSL) technology.
6. Data retention
We process your personal data as long as it is necessary to achieve the purpose for which it was collected. In general, the following retention periods would apply:
(a) except for the data contained in documents necessary for accounting purposes, the data collected for the purposes listed in Sec. 2.4.1. (a), (d)-(f) will be retained for 5 years following the performance of the contract between us (i.e. deletion of your WizzTours Account);
(b) documents necessary for accounting purposes (and the data contained therein) will be stored for 8 years from the closing of the relevant financial year; and
(c) the data collected for the purposes listed in Sec. 2.4.1. (b)-(c) will be retained until you have withdrawn your consent to the processing.
In relation to point (c) above, please note that after the withdrawal of your consent, we will retain the following data for a period of 5 years in order to enable WizzTours to demonstrate its compliance with applicable data protection laws: date of provision of consent, date of withdrawal of consent, e-mail address and/or telephone number covered by the consent.
7. Your rights
As regards any data processing falling under the scope of the GDPR, you are entitled to the following rights and remedies:(i) right to request access to your personal data; (ii) right to request rectification of your personal data; (iii) right to request erasure of your personal data; (iv) right to request restriction of processing of your personal data; (v) right to data portability; and (vi) right to object to the processing of your personal data.
(i) Right of access: You have the right to obtain confirmation as to whether or not your personal data is being processed by us, and, where that is the case, to request access to the personal data.
The right of access applies to – inter alia – the following information: purposes of the processing, the categories of personal data processed, and the recipients or categories of recipient to whom the personal data have been or will be disclosed. Furthermore, you have the right to obtain a copy of your personal data processed by us.
(ii) Right to rectification: In certain cases, you have the right to request the rectification of inaccurate personal data, or the completion of incomplete personal data.
(iii) Right to erasure (right to be forgotten): In certain cases, you have the right to request the erasure of your personal data, and we may be obliged to erase such personal data.
(iv) Right to restriction of processing: In certain cases, you have the right to request the restriction of the processing of your personal data. In this case, the respective personal data may be processed only for certain purposes.
(v) Right to data portability: In certain cases, you have the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without any hindrance from us.
(vi) Right to object: In certain cases, you have the right to object to the processing of your personal data, and we may be required to cease the processing of such data.
In case of the processing of your personal data for direct marketing purposes, including profiling, you have the right to object at any time to processing of your personal data. In such case, we would cease to process your personal data for such purposes.
Please note that the above rights are not absolute, and the exercise of the above rights may be subject to conditions pursuant to applicable data protection laws.
If you feel that your personal data rights have been breached, you can also contact and lodge a complaint with the local data protection authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement. You can also contact the Hungarian Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság, H-1125, Hungary, Budapest, Szilágyi Erzsébet fasor 22/C.; telephone: +36-1 391-1400; telefax: +36-1 391-1410; e-mail: firstname.lastname@example.org).
In addition to the above, you may initiate court proceedings before the court having competence over our place of business or your habitual residence.
If you register on our website, we assume that you are happy for us to process your data given to us during the registration process and you will not have to provide your data again when making further bookings.
Your personal data and the contracts concluded by and between you and Wizz Tours are kept in our reservation system. If you would like to get information about your passenger registration record or any data stored by Wizz Tours, about the data processing and data processing entities (if any), or would like exercise your above rights, please contact us via the following link.
8. Data protection officer
The WizzAir Group has elected a group level data protection officer ("DPO"), who oversees the data processing activities of Wizz Tours as well. If you have any questions or concerns, you may contact our DPO via the following contact information:
Address: attn.: DPO; Wizz Tours Ltd., Laurus Offices, Kőér street 2/A, Building B, H-1103 Budapest
When you make a booking you will be given a confirmation code. This appears in the confirmation email you receive after the booking. We advise that your confirmation code should be kept confidential at all times. Disclosure of your confirmation code to others may allow them to access your booking details and itinerary through our system.
If we change this Privacy Notice, we will publish the updated version of it on our website, wizztours.com.
The wizztours.com website provides links to other websites for your convenience and information. Please be aware that these sites may be owned and run by other companies and organizations and have different security and privacy policies. Wizz Tours has no control over and takes no responsibility for any information, material, products or services contained on or accessible through those websites.
This Privacy Notice is effective from 25 May 2018.