UAB “Travel Union” Privacy Policy

UAB Travel Union - September 2020

LAST REVISED ON 01/06/2021

Download as a PDF here

This privacy policy is made available to you by UAB „Travel Union“, address: Saulėtekio alėja 17, Vilnius, Lithuania or alternatively in our website https://travelunion.eu/legal-documents.html#privacy-policy, hereinafter referred to as “TU”, “we” or “us”. We comply with data protection legislation such as the EU General Data Protection Regulation and local data protection and privacy regulations, which regulates the processing of personal data relating to you and grants you various rights in respect of your personal data. In addition, we consistently follow best industry practice in the field of data protection/privacy and competent authorities guidelines. The aim of this Privacy Policy is to inform you about how we will use your personal data you provide to us through our Mobile Application (MyTU App), in connection with TU financial services offered, as well as personal data provided and/or collected by us through other channels, use and transfer of personal data to third parties. We also inform you about your rights under applicable data protection law with respect to the handling of your Personal Data by us. Before providing us with Personal Data we recommend that you read this Privacy Policy which also forms part of our Terms and Conditions that govern our services.
If you have any questions regarding the Privacy Policy of TU or if you wish to obtain additional information on how to exercise the rights specified herein, you can contact TU Data Protection Officer by writing an email to dpo@travelunion.eu. Additional contact information is available in the TU WEB Platform and Mobile App.

I. What is Personal Data? Keeping your data safe
We are committed to keeping your personal data safe and secure and handling it in accordance with our legal obligations. TU strives to ensure appropriate technical and organizational measures to protect the User’s data and to provide transparent data protection rules. This Privacy Policy sets out in detail the purposes for which we process your personal data, who we share it with, what rights you have in relation to that data and everything else we think it’s important for you to know.

For the purposes of this Privacy Policy, “Personal Data” means any information provided by you when interacting with us, for example through TU mobile application, Website, website platform (for legal entities) or when calling us or contacting via other client support channels, or data is collected about you through your use of our mobile application, Website and allowing you to be identified personally, either directly (e.g. your name) or indirectly, because the data references an identifier such as your name, an identification number, location data, an online identifier (e.g. telephone number) as an individual person. We may also collect personal data about you in other instances which relate to your account at TU.

For the purposes of the Data Protection Act of Lithuania, TU is a data controller of Your personal data collected for or used in connection with the administration of TU services and products, and TU is a data controller of Your personal data. A data controller is the person who determines the purposes for which, and the manner in which, any personal data is processed. Data controllers have a responsibility to establish practices and policies in line with the Act.

The personal data processing activities carried out by TU can be described not only in this Privacy Policy but also in the Platform General Terms and Conditions, Privacy Statements in the Mobile App, Internal data processing rules and the Cookies section of the Privacy Policy.

II. When, what kind of data stored and processed, for what reason?
TU processes several categories of client’s personal data, including, client’s identification data, data obtained in the process of onboarding, due diligence, cooperation and contact information, client’s transaction data within the TU platform, communication data, cookie data and other information provided by the client or obtained from Third Persons during the due diligence process.

When you (for users who are natural persons) register for and TU account/TU Card, we collect the following information:

• Personal data You provide on applications or other forms or upload to Your personal account, such as full name, address (including city and country), email address, gender, telephone number, date of birth.
• Information related to the browser or device you use to access our mobile app, website
• IP address/location
• Your correspondence with Us; Your language preference for email communication
• Your email marketing preferences
• Country you are browsing from
• Age
• Marital status, and
• Other demographics and statistical information
• Any add-on packages selected
• Participation loyalty program information organized by TU
• KYC data

To comply with our regulatory obligations, we need to verify your identity. To do this, we will ask you to provide one or more of the following (KYC and AML related data):

• name, surname, gender, facial image (photo), address;
• identification number, date of birth, unique sequence of symbols, type (name) of identity document: passport or identity card, identity document number, date of issue of identity document, date of validity of the identity document, name and place of the issuing body of the identity document, country of origin/place of birth, nationality, EU/EEA country residence authorisation number, date of issue of EU/EEA residence permit, date of validity of the EU/EEA residence permit, name and place of issue of the institution which issued the EU/EEA country;
• country of residence for tax purposes, tax identification number - TIN (if the country of residence is not Lithuania);
• telephone, e-mail address, occupation - working activities, description of professional activities, information on the main sources of income (origin of funds), information on the objectives of opening the account, information on the customer’s intentions regarding TU financial services, the services to be used and their parameters (circulation of funds, countries of incoming, outgoing payments, etc.),
• information on the financial situation (number of dependent family members, income stability information, etc.), account number, data on monetary transactions, arrears, answers to questions regarding the client’s KYC procedure and endorsements, signature, information on suspicious transactions, in some cases information on (non)criminal records, information on sanctions applied, grounds for which the business relationship has not been initiated or terminated in circumstances related to breaches of the anti-money laundering and/or terrorist financing regime, grounds for which the business relationship has not been initiated or terminated in matters relating to payment fraud or otherwise, copy of the identity document, copy of residence permit in EU/EEA country, signature, information on important public positions in progress/held, participation in politics and information on contacts with politically exposed or important public responsibilities (including, description of relevant responsibilities), (name of a close family member, close facilitator, representative, ultima beneficiary, as well as: surname, personal code/date of birth/unique sequence of characters, address, telephone, e-mail address, position (description thereof) and relation to the person involved in the policy/important public office; information on links with legal entities (including, investor).

When you (for users who are legal persons) register for and TU account, we collect the following information:

• Company name, Company code, Registration date, Company registration country, Street & City & Post code, Company register, Phone No., E-mail;
• Company representative data (Full name, File of ID card or passport, Personal code, Birth date, Citizenship, Street & City & Post code, Tax country, Taxpayer Identification Number, File of ID card or passport, Company owned, Percentages owned (%);
• Ultimate Beneficial Owner (UBO);
• Registry extract from past three months;
• Power of Attorney;
• Incorporation details, registered address, operating address;
• Director & Ownership structure;
• Executive data (Management board member / Supervisory board member / Director): Full name, Birth date, Citizenship, Street & City & Post code;
• Main business partners (customers, clients, suppliers, etc.);
• Bank accounts;
• Deposit source;

Sometimes we need to ask you for information to verify the source of your funds or to conduct enhanced due diligence in accordance with our legal requirements (DD Information). This will depend on the situation and we will make it clear to you at the time what information we require from you. Examples include a copy of a shareholder’s agreement, copies of bank statements, etc.

We will collect any other personal data that you voluntarily provide to us if you communicate with us, for example by corresponding with us (by phone, email, post or social media) or by taking part in competitions, promotions or surveys (Voluntary Information).

We collect technical information, such as your IP address, browser type and version, browser activity, time zone setting and location, operating system and platform and other technology on the devices you use to access and use TU (Technical Information). This is done by using cookies. Please see our Cookies Policy for more information about how we use cookies.

III. What we use of your persona data for?
Please be informed that if the client fails to provide the personal data when processing of such data is necessary to enter into and fulfil the agreement or required by statute, TU cannot provide the Services.

We will use Your personal data in order to process Your application for TU membership or a TU Mobile Application or TU Web platform (legal entities), to forward to third party suppliers of pre-paid cards, to comply with laws and regulations or good practice with regard to anti money laundering and similar, and to provide You with Our services, including:

• Analysing Your account registration application; to set up and administer your account, allow you to log into your account and make sure that you can use TU services and all its features
• Carrying out Our obligations arising from any contracts entered into between You and Us and to provide you with the information, products and services that you request from Us;
• Communicating with You, Contacting you with transactional and service messages (including by push notifications), for example to provide you with password reminders or to let you know if TU is experiencing technical issues.
• Using your date of birth to verify your age and identifying whether special data protection regime applies for children.
• Carrying out your instructions to add and/or save a card or bank account to your account, upload funds to (or withdraw funds from) your account and allow you to make and receive payments through TU.
• Identity verification and due diligence. We use your Account Information, KYC Information and DD Information to comply with our legal and regulatory obligations. This includes verifying your identity; conducting anti-money laundering checks; transaction monitoring; sanctions and politically exposed persons screening; fraud prevention, detection and reporting; and cooperating with regulatory investigations where required. If you fail one of our identity verification or screening checks as set out above, we may not be able to open an account for you or continue providing services to you.
• To verify your identity, we use facial recognition technology to match your photo with the photo on your ID card. If there is no match, we will carry out a manual review to confirm your identity. If we provide the option to verify your identity by scanning your passport, and you choose to verify your identity this way, we will also use the information contained to verify your identity. This type of information is biometric information, which is considered to be “special category personal data” and is subject to higher levels of protection within TU organ.
• Analysing and improving TU services. We use your Account Information, Voluntary Information and Technical Information to help us to monitor trends so that we can analyse and improve services. This helps us to make sure that we are providing you with the best possible service.
• Marketing. Where you have consented to us doing so, we will use your email address, telephone number and/or postal address (depending on the method(s) of marketing you choose) to send you direct marketing communications about our products and services and those of our group companies. We will obtain your consent in a way that is compliant with data protection laws, either by asking you for your express consent, or by obtaining an implied consent where you are an existing customer and we are marketing our own, similar products and services to you
• Other. Taking steps aimed at fraud or other illegal activities detection and prevention; Personalising aspects of Our overall services for You; Operating Our Mobil App or Web platform (see our Cookies Policy); Resolving disputes with You; Administering Our Mobile App or Web platform and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes; Improving Our Web platform or Mobile App to ensure that content is presented in the most effective manner for You and for Your computer; In Our efforts to keep Our Mobile App or Web platform safe and secure; Allowing You to participate in interactive features of Our services, when You choose to do so; Collecting feedback

Please note, If you choose to use your device’s biometrical recognition (i.e. fingerprint, face recognition and etc.) to log into your account instead of, or as well as, a password, we will receive confirmation from your device provider of whether your biometrical information is a match or not, but we will never be able to view or hold a copy of your biometrical information. We will use this confirmation to log you into your account if there is a match.

We may also use Your personal data to send You information about Our products and services, or the products or services of third parties, where you have consented to this. You may opt out of this and if You do not wish to receive this information, please update Your preferences via the Services or contact Us by one of the methods referred to on the TU App or Website platform.

IV. What is your legal basis for using my personal data?
Data protection law says that we have to tell you the “legal basis” that we rely on to process your personal data for the purposes that we have notified to you. The table below tells you what that legal basis is in relation to each of the purposes set out above.

Providing TU to you and allowing you to use TU

• Personal data used: Account Information, Payment Information and confirmation of biometrical information match.
• Legal basis: We process this personal data for this purpose on the basis that this information is necessary in order to perform our contract with you to provide TU and to allow you to use TU and/or to run and manage your user account.

Identity Verification and Due Diligence

• Personal data used: Account Information, KYC Information and DD Information, Payment Information.
• Legal basis: We process this personal data for this purposes on the basis that this information is necessary to enable us to comply with legal obligations, including compliance with anti-money laundering legislation and obligations to prevent and detect fraud. If we do not have a legal obligation to process personal data for any of these purposes, we process the data on the basis that it is necessary to do so in our legitimate interests. We have an interest in complying with regulatory guidelines and investigations and ensuring that we protect our business against risks of criminal activity. You may have a right to object to your personal data being used in these ways, but please note that this right will not apply in a number of circumstances, including where the processing is necessary to prevent or detect crime.

Corresponding with you

• Personal data used: Account Information and Voluntary Information.
• Legal basis: We process this personal data for this purpose on the basis that it is necessary to do so for our legitimate interests. We have an interest in making sure that comments and queries are handled appropriately so that they can be resolved for our users. We also have an interest in running and allowing participation in competitions, promotions and surveys in order to promote and improve our business. You may have a right to object to your personal data being used for these purposes, but please note that we may not be able to handle your correspondence appropriately if you exercise this right.

Monitoring trends, analysing and improving TU services

• Personal data used: Account Information, Voluntary Information and Technical Information, Payment Information.
• Legal basis: We process this personal data for this purpose on the basis that this information is necessary for our legitimate interests. We have an interest in ensuring that we continue to improve TU and provide our users with the best and most effective service possible. You may have a right to object to your personal data being used for these purposes.

Marketing

• Personal data used: Your email address, telephone number and/or postal address. Payment Information.
• Legal basis: We process this personal data for this purpose on the basis that it is necessary in our legitimate interests to do so. We have an interest in promoting and marketing our business so that our business continues to grow. You always have a right to opt out of receiving direct marketing communications. If you wish to do so, please follow the instructions in each marketing communication to unsubscribe.

V. Interacting with us and What happens if I don’t provide you with my data?
Every time you interact with us (e.g. registering in Mobile Application, by phone, support chat in the App or through a third party provider, posting a comment on our blog on social media, signing up for our newsletter) we may collect and process the Personal Data you provide to us.
We need the majority of the information we collect from you to perform our contract with you and/or to comply with legal obligations. This means that if you refuse to provide us with any of the information that we ask for, it is likely that we will be unable to provide TU services to you.

VI. What if you want to get Newsletter and special offers?
If you provide your contact information and a special consent to us (e.g. when entering a service with us or when signing up for our newsletter via our Website Platform or Mobile App), we may use this Personal Data to send you our newsletters and details of other special offers which may be of interest to you, based on previous interactions with us.

If you sign up for our newsletter via our Website, you are required to provide your email address only. When you sign up for the newsletter via our website, you will receive an email to reconfirm your interest in staying in touch (double opt-in). Any additional information is voluntary and will be used solely for a personalisation of the newsletter.

By providing your email address and subsequent confirmation via the double opt-in, you consent to receive our newsletter. You can revoke your consent and opt out of receiving the newsletter at any time by clicking on the unsubscribe link included in every newsletter. Moreover, you also have the possibility of unsubscribing in your personal profile under “data protection”. For any further objections, kindly address the contact stated at the end of this policy.

We also include web beacons in HTML-formatted e-mail newsletters in order to count how many newsletters (or particular articles, links, etc.) are being accessed, and on TU website platform to count users who have visited these pages.

We use your Personal Data to send you newsletters and special offers.

For the user account, you can deactivate your account at any time by contacting support@travelunion.eu. You can deactivate your account via the TU App.

If you deactivate your account, your account will be set to inactive.

VII. What you need to know about “Contact Us” functionality?
You can get in contact with us via our Website platform or Mobile App by using the “Contact Us” functionality, or by using TU Customer support service. To contact us you are required to provide the following information:

• Full name;
• Your telephone number and your e-mail address;
• Your enquiry;

Any additional information is provided voluntarily.

We use your information to reply to your enquiry.

Please note TU encourage contacting is done through Mobile App chat or Website chat and dedicated email support@travelunion.eu.

VIII. TU Blog
In our TU Blog (including social media and website), we may publish articles on banking, fintech and travelling. The blog will allow you to post public comments. Once the functionalities available, if you submit a comment, it will be published with the corresponding blog post and your username. Posting comments on our blog is entirely voluntary.

When you comment on a blog post, we collect and store the following Personal Data:

• Name
• Website URL

We use this Personal Data to post the comment on the blog page.

IX. When your data may be shared with third parties?
The TU services including also a third-party providers.

Your Personal Data may be shared:

• with providers within our payment network to enable you to upload funds, make and receive transactions and withdraw funds; these providers include banks, acquirers, alternative payment providers, our card issuer, our card processor and our card manufacturer;
• with third party service providers who provide a range of services to us to enable us to run our business; this includes our IT and hosting providers, cloud storage providers, email platforms, card tokenisation providers (who host your credit/debit card information), our contact relationship management system, suppliers who provide screening and transaction monitoring services, credit reference agencies (to carry out credit checks), URL monitoring providers, our facial recognition technology provider and notification/communication providers;
• regulators and fraud prevention agencies where we are required to share personal data under legal or regulatory obligations;
• other third parties, such as the police or other competent authorities, in response to ad hoc data sharing requests. In these circumstances we will only share personal data if we are satisfied that we are legally allowed to do so and the sharing of data is justified;
• Within the TU group and to establish and fulfil our contract with you or to the extent you consented to such sharing of data, for example. This includes verifying your identity, taking payments getting in contact and communicating with you.

We will not transfer your personal data to third-party recipients unless you consent to such transfer of data or such transfer is permitted under applicable law.

X. Where is Your data kept?
Our cloud storage provider hosts personal data within the EU and the EEA, so your information is generally stored within this area. We don’t transfer data to third countries. Where information is transferred outside the EU/European Economic Area, we will ensure that appropriate safeguards are implemented. If your Personal Data is transferred to a country that is not subject to an adequacy decision by the EU Commission, data is adequately protected by EU Commission approved standard contractual clauses, an appropriate Privacy Shield certification or a third party’s Binding Corporate Rules.

XI. When you data processed via social media
On our Website we use the following social media plug-ins: Facebook, Twitter, LinkedIn, Instagram. The plug-ins can be identified by the social media buttons marked with the logo of the provider of the respective social media networks.

We have implemented these plug-ins using the so-called 2-click solution. This means that when you navigate on our Website, Personal Data will initially not be collected by the providers of these social media plug-ins. Only if you click on one of the plug-ins will your Personal Data be transmitted: By activating the plug-in, data is automatically transmitted to the respective plug-in provider and stored by them (in the case of US providers your Personal Data will be stored in the USA).

We neither have influence on the collected data and data processing operations conducted by the providers, nor are we aware of the full extent of data collection, the purposes or the retention periods.

Information on the purpose and scope of data collection and its processing by the plug-in provider can be found in the respective data protection policies of these providers, where you will also find further information on your rights and options for privacy protection.

Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA: https://www.facebook.com/privacy/explanation

Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy.

Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA: https://help.instagram.com/155833707900388

LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA: http://www.linkedin.com/legal/privacy-policy.

XII. Integration of YouTube videos
We have included a link to our YouTube channel on our Website. The videos are stored on http://www.YouTube.com, operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. Your Personal Data will not be transferred to YouTube unless you play the videos. We have no influence on this data transfer. You will find further information with regard to the processing of personal data under YouTube’s privacy policy available at https://www.google.com/intl/en/policies/privacy/

XIII. What You need to know about cookies?
TU uses cookies to maintain and improve the operation of the TU Mobile APP and WEB Platform. Information on the use of cookies is available at Cookie Privacy Policy.

Cookies are small text files sent by a web server to your web browser and saved locally on your computer. The cookie allows the server to uniquely identify the browser on each page. Cookies do not cause any harm to your computer and do not contain viruses. We use the following categories of cookies on our Website:

Category 1: Strictly Necessary Cookies
These cookies are essential in order to enable you to move around the Website and use its features. Without these cookies, services you have asked for such as remembering your login details or data provided for a booking cannot be provided.

Category 2: Performance Cookies
These cookies collect information on how people use our website. For example, we use Google Analytics cookies to help us understand how users arrive at TU web platform, browse or use TU web platform and highlight areas where we can improve areas such as navigation, booking experience and marketing campaigns. The data stored by these cookies never shows personal details from which your individual identity can be established.

Category 3: Functionality Cookies
These cookies remember choices you make such as the country you visit our Website from, language and search parameters such as number of guests, time of stay etc. These can then be used to provide you with an experience more appropriate to your selections and to make the visits more tailored and pleasant.
You can enable or disable cookies by modifying the settings in your browser/mobile app. You can also find out how to do this and find more information on cookies at www.allaboutcookies.org. However, if you choose to disable cookies in your browser, you may be unable to complete certain activities on our websites or to correctly access certain parts of it.

XIV. We use Google Analytics
Our Website uses Google Analytics, which is a web analytics service provided by the third party provider Google, Inc. (“Google”). Google Analytics is used for the purpose of evaluating your use of our Website, compiling reports on Website activity and other services relating to Website activity and internet usage. The information generated by the cookie about your use of the Website is usually transmitted to and stored by Google on servers in the United States. This transfer is covered by Google’s Privacy Shield certification and a separate data processing agreement that we have concluded with Google : https://support.google.com/analytics/answer/6004245?hl=de&ref_topic=2919631 (information on Google Analytics and data privacy).

XV. What kind of security measures for the compliance with data protection?
We strive to maintain the appropriate standards of security and we have put in place robust technical and organisational measures for the protection of your Personal Data in accordance with the current state of the art technologies, especially to protect the data against loss, falsification or access by unauthorised third persons. For the transfer of particularly sensible Personal Data via the internet, we exclusively use encrypted transmission routes and we comply with the Payment Card Industry Data Security Standards (PCI DSS) which is a set of policies and procedures intended to optimise the security Once we have received your personal data we will use strict procedures and security features to prevent unauthorised access. As far as third parties (i.e. external companies) are rendering data processing services for us, we have committed them to the compliance with our data privacy regulations. The external service providers are supervised by Data Protection Officer in terms of compliance with these regulations.

XVI. How long do you keep my personal data for?
We will keep all your personal data for as long as your account remains open and for eight years thereafter. Occasionally we may need to keep your personal data for longer than this, for example to deal with any ongoing claims, complaints or issues.

XVI. What rights do You have?
You have a number of rights under data protection law. These rights and how you can exercise them are set out in this section. We may need to ask you for proof of your identity before we can respond to a request to exercise any of the rights in this section and we may need to ask you for more information, for example to help us to locate the personal data that your request relates to.

TU respects the client’s rights to access, manage and control the personal data that TU processes. Once TU receives a client’s request to exercise any of the rights listed below, TU will review the client’s request and provide a response without undue delay and in any event within one month of receipt of the request. This time period may be extended if the client’s request is complex or if due to the amount of received requests TU cannot prepare a reply within the previously set time limit. In this case TU informs the client about the extension of the time limit for preparing a reply to the client’s request and indicates the specific term for preparing a reply.

In respect of the collection and use of your personal data, you may:

• A right to access your information. You have a right to ask us to send you a copy of all the personal data that we hold about you (subject to some exceptions).
• A right to an electronic copy of your information. You can also ask us to send you the mandatory Account Information that we hold about you in a common electronic format, or to ask us to transfer that data to a third party if you want us to and if it is technically feasible for us to do so.
• A right to object to us processing your information. You have a right to object to us processing any personal data that we process where we are relying on legitimate interests as the legal basis of our processing (as set out in section 5 above). Your objection must be based on grounds that relate to your particular situation.

If you make a request to exercise your right to object, if we have compelling legitimate grounds to carry on processing your personal data, we will be able to continue to do so. Otherwise, we will cease processing your personal data.

• A right to ask us not to market to you. You can ask us not to send you direct marketing. You can do this by following the “unsubscribe” instructions in any marketing emails.
• A right to have inaccurate data corrected. You have a right to ask us to correct inaccurate data that we hold about you. If we are satisfied that the new data you have provided is accurate, we will correct your personal data as soon as possible.
• A right to have your data erased. You have a right to ask us to delete your personal data in certain circumstances, for example if we have processed your data unlawfully or if we no longer need the data for the purposes set out in this Privacy Policy.
• A right to have processing of your data restricted. You can ask us to restrict processing of your personal data in some circumstances, for example if you think the personal data is inaccurate and we need to verify its accuracy, or if we no longer need the data but you require us to keep it so that you can exercise your own legal rights.

Restricting your personal data means that we only store your personal data and don’t carry out any further processing on it unless you consent or we need to process the data to exercise a legal claim or to protect a third party or the public.

XVII. How can I contact you?
If you have any further questions on your personal data which has been stored with us or would like to exercise your rights please refer to our Data Protection Officer via the contact details stated below:

• dpo@travelunion.eu; tel. + 37060351528;
• by sending a signed request to Sauletekio aleja 17, Vilnius, Lithuania.

Please note each Data Subject has the right to lodge a complaint with a supervisory authority of the alleged infringement if the Data Subject considers that the Processing of Personal Data relating to him or her infringes the GDPR.

An authorized person can submit a request on behalf of the client, provided that a valid power of attorney is enclosed with the request.

XVIII. What if I have a complaint?
We work hard to ensure that we protect our customers’ personal data in accordance with our legal obligations. If you are unhappy with how you think we have processed your personal data, please contact us using the details above and we will do our best to resolve your complaint.

If you do not think we have been able to resolve your complaint, you can complain to the supervisory authority responsible for such complaint according to Article 77 GDPR in Lithuania is: State Data Protection Inspectorate, A. Juozapaviciaus str. 6, 09310 Vilnius, Lithuania, ada@ada.lt

More information and details about the procedure of data subject request, can be found in Data Subject Requests Procedure and Details on Data Subject Rights Policy.

XIX. Updates and what if the policy is changed?
This Privacy Policy may be updated periodically. Any changes we make will be posted on TU webpage page. We also notify you by email if significant changes are made. We encourage you to check for changes that we have made, which will be available at https://travelunion.eu/legal-documents.html#privacy-policy.

Last updated 01.06.2021

Original version: 06.09.2020