Hello! We are Liligo Metasearch Technologies S.A.S., known by you as this Platform’s branding name. When this Privacy Notice mentions “we”, “us”, or “our”, it refers to Liligo Metasearch Technologies S.A.S. acting as Data Controller.
Our privacy promises
Thank you for using our Platforms. Your trust is our most important value, that is why in this Privacy Notice we are going to show you our responsibilities regarding the privacy and the security of your data. The only thing you have to do is read it, and if you have any questions related to it, you can tell us about it here.
After that, you’re all set to find your next adventure with us!
Whenever this Privacy Notice mentions “we”, “us”, or “our”, it refers to Liligo Metasearch Technologies S.A.S. acting as Data Controller.
Liligo Metasearch Technologies is a French-based company, with tax ID number FR91483314134.
We commit to processing your data in accordance with the applicable data protection laws, including the observation of the data processing principles (such as lawfulness, fairness and transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity and confidentiality, and accountability), and to only processing your data for the purposes explained to you in this Privacy Notice or as informed in the corresponding data collection process, in line with the lawful bases as explained below.
Who is the Data Protection Officer?
We have a Data Protection Officer who watches over all processing carried out with respect for your privacy and the applicable regulations at all times.
You can contact the Data Protection Officer’s team here: [email protected].
Definitions for a better understanding of this Privacy Notice
For a better understanding of this Privacy Notice we have prepared a definitions section that includes the following concepts: Automated Decisions, Data Controller, Data Processor, Data Rights, Lawful Bases, Personal Data, Platforms, Sensitive Personal Data and Third Countries.
Detailed information:
Note: As you will find explained below, we don’t make Automated Decisions.
Note: We are the Data Controllers of your data in the terms described in this Privacy Notice. If you choose to book a trip through our Platforms, we will be sending your data to other Data Controllers – the carrier or the provider of other services (e.g. airlines, hotels, etc.), who will again use your data for their own purposes and based on their own means, as described in their own Privacy Notices (which is published on their websites). You can see below the overview of Data Controllers categories with whom we might share the data. In any case, the disclosure of your data to any service provider will be done in accordance with the applicable laws. Each Data Controller is responsible for your data and, in case of an incident within its scope, must handle it and respond appropriately, as per the applicable law.
Note: We as a Data Controller use many third-party services to which we outsource some parts of our activities that we don’t do ourselves for various reasons such as cost-efficiency. A Data Processor is only allowed to process your data according to our documented instructions, and in compliance with the applicable law, so we are still in charge of your data, and they will not be able to process your data for any incompatible purpose.
Note: Data protection regulations allow you to exercise your rights to be informed, access, rectification, erasure, restrict processing, object, to withdraw your consent, data portability and rights related to automated decision making and profiling, when applicable.
Note: For the six lawful bases covered in the law, we will essentially rely on Consent, Contract, Legal Obligation or Legitimate Interest. However, exceptionally, we might rely on Vital Interests or Public Tasks. You can find more information below.
Note: As you will find explained below, we don’t need to process Sensitive Personal Data.
The main purpose is to offer you travel-search and comparison services in accordance with our General Terms and Conditions. This includes the specific purposes covered in this section.
Also, in this section, we inform you of the legal basis on which we process data for individual purposes. Depending on the legal basis for our processing of your data, you may have particular data rights alongside the rest of the data rights. For example, in individual cases, you have the right to object to the processing of your data.
Detailed information:
Lawful bases: #Contract
We need to process your data in order to provide you with our travel search and comparison services, described in the General Terms and Conditions, that can be summarised as a search and comparison services of travel products or services available on the travel market and proposed by third companies on the basis of the search criterions informed by you (or just simply mentioned as “our Services”).
We endeavour to show to you the most relevant travel data in a personalised manner, so that when you visit our Platforms you do not miss the offers and information relevant to you.
These processing activities are necessary for the performance of a contract to which you are a party, or in order to take steps at your request prior to entering into a contract.
Please, bear in mind that the identification data we use is going to be your cookie ID.
Lawful bases: #Contract #Your Consent #Legitimate Interest
We can get in touch with you by the different means provided by you, for the following purposes:
Lawful basis: #Legitimate Interest
We use data for analytical purposes. The main goal here is to optimise our online Platforms to your needs, making our site easier and more enjoyable to use. We strive to use pseudonymised or anonymised data for these analytical purposes.
This is part of our drive to enhance the user experience. By user experience, we concretely mean:
The processing of your personal data will be necessary for legitimate interest purposes, since, we have an interest in improving the network and information security, and since we have an interest in improving the quality of our services, respectively.
Finally, we will also elaborate anonymised statistics regarding the overall conversion rate of the website. This processing is necessary for legitimate interests purposes, since we have a commercial interest to assess the percentage of users that have become customers.
Lawful bases: #Legal Obligation #Legitimate Interest
In order to create a trustworthy environment for you, your fellow travellers, our business partners, and our travel providers, we may use data for the detection and prevention of fraud and other illegal or unwanted activities, as well as for security purposes (e.g. authentication of users and bookings).
One example of this is our preventive stolen-credential control on the internet (if we might have any hint that your credentials could have been compromised, we may also block your account and ask you to reactivate it with a new password).
With this purpose, we protect your data and reduce fraud risk. As some of these security measures are compulsory by law and international standards, the corresponding personal data processing is necessary for compliance with a legal obligation to which we are subject. In other cases, we have deployed security measures that require the processing of personal data for legitimate interest purposes, since we have an interest in preventing fraud.
Lawful bases: #Legal Obligation #Legitimate Interest
We redirect any claim directly to the Service providers.
In certain cases, we may need to use your data to handle and resolve legal disputes, for regulatory investigations and compliance, to enforce our General Terms and Conditions or to comply with lawful requests from law enforcement. This processing is necessary for legitimate interest purposes, since we have an interest in preventing fraud and defending our rights and interests.
The main Lawful Bases commonly used are #Your Consent, #Contract, #Legal Obligation, #Legitimate Interest
Detailed information:
Other lawful bases, only exceptionally used:
We don't make any decisions based solely on automated processing, beyond the legitimate interest of fraud prevention and the customisation of your user experience, marketing and advertising, which will not produce legal effects or similarly significantly affect you.
Detailed information:
As mentioned before, such an Automated Decision will not produce legal effects or similarly significantly affect you. In case we shall make any Automated Decision we will apply all appropriate measures and inform you.
There are different sources where the data mainly can come from: much of the data we process is provided by you when you use our services or contact us, for example when you register and provide your name or email address or address (#Data you give to us). We also receive the technical device and access data which is automatically collected when you interact with our services. This may be, for example, information on which device you are using (#Data we collect from you). The following are categories of data that can be related to you (categories are not exclusive, data may transcend multiple categories).
Detailed information:
Data from all of the communications exchanged between you and us in connection to your requests. We use your email address as your identity data; your data will be linked based on your Cookie ID. For example, customer support cases, metadata and notes generated by our systems and agents, if any.
Data that you provide to us during the searching process. This data may automatically collect from your device when you visit our Platforms. For example, IP address, browser type, origin, destination, dates, and other travel characteristics, internet service providers, geographic location, technical data about the device, pages accessed and links clicked, the time and duration of request and visit, the method used to submit the request to the server.
As most of this data may be collected by using different types of Cookies or similar technologies, check our Cookies Notice.
Why don’t we process Sensitive Personal Data?
We don’t process Sensitive Personal Data because we don’t need it to provide you with our Services and we are committed to apply the principle of data minimisation. We don’t ask you for this data in our Platforms. Please, avoid providing us with Sensitive Personal Data in any open communication with us, if any.
What happens with the data belonging to children?
Our Services aren’t intended for minors, as mentioned in our General terms and conditions.
If we become aware that we have processed the data of a child without the valid consent of a parent or guardian, we will delete it.
Data we collect from third parties
We lawfully obtain data about you from business partners and other independent third-party sources (e.g. browsing or device data, contact data such as email, purchase or demographic data).
We might have to share your data with third parties which might normally act as #Data Controller or #Data Processor depending on their circumstances (i.e. on their purposes and type of data they process, their relationship with them, you and us, their responsibilities under the law, etc.). We are selecting hereinbelow their main categories.
Detailed information:
In order to provide you with our services, we need to share your data with third parties. We will define and regulate the data transfer or processing contractually when required by law with the appropriate security measures.
We share your data within our group companies for internal purposes relating to management centralisation, and to comply with other provisions of the applicable law.
Our group of undertakings has a common Privacy Policy applying to all of them to ensure that any data processing carried out within our group, is made under the same level of security requirements and will be processed exclusively for the same purposes for which the data had been collected, according to the applicable laws.
We might disclose your data to law enforcement insofar as it is required by law or is strictly necessary for the prevention, detection or prosecution of criminal acts and fraud or if we are otherwise legally obliged to do so, which will act as #Data Controllers. We may need to further disclose your data to competent authorities to protect and defend our rights or properties, or the rights and properties of third parties.
These recipients might be outside the European Economic Area (EEA), implying international data transfers. For more information on this, please check the next section.
While no online service can guarantee absolute security, we design our systems and devices with your security and privacy in mind. We work to implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including for example the following ones.
Some examples of security measures we implement are as follows:
We will keep your data for as long as we deem it necessary to enable you to use our Services, to provide our Services to you, to comply with the applicable laws, resolve disputes with any parties and otherwise as necessary to allow us to conduct our business (including, to detect and prevent any illegal activities). All your data we retain will be subject to this Privacy Notice.
Detailed information:
Usually, we process your data for a maximum period of five years, since your last trip or any further action related to it ended or since you performed your last action while logged in with your account for the purposes described above.
Other specific terms might apply, such as a maximum term of three years for accountability purposes regarding data protection related interactions, or a maximum term of ten years for tax and accounting purposes.
If you provide us with your contact email address, but then you are unable to finish your booking, we will keep your email address only temporarily and, in any case, for a maximum period of seven days to help you with the booking if you are still interested.
For the purpose of customized offers, you will periodically get email offers from us, and in every email, there will be a clear and easy way to unsubscribe and therefore object to this type of processing. We will keep and use your data for this purpose until you unsubscribe.
For those processing activities based on your consent, we will store your personal data for as long as such processing activities are necessary for the purpose for which they were collected, unless you withdraw your consent or request their deletion prior to that date and there is no legal or judicial mandate to keep the personal data.
Regarding Cookie duration please check our Cookie Notice.
Our servers are located within the European Union. However, to facilitate our global operations (e.g. by means of service providers) the transmission of your data to the recipients described above may include transfers of your data to third countries whose data protection laws might not be as comprehensive as those of the countries within the European Union.
For transfers to recipients in third countries, we rely on the decision of the adequate level of protection, on appropriate safeguards, or on the exception of (pre)contract necessity or any other which might apply from time to time.
Any service provider acting as Data Controller will process your data in accordance with its own Privacy Notice and will be fully responsible for processing your data.
The disclosure of your data will be done, when applicable, in accordance with the applicable laws and appropriate safeguards (in particular, the standard contractual clauses issued by the European Commission) are in place to ensure an adequate level of protection of the privacy and fundamental rights of individuals.
The international transfer of data onto the international airlines, hotels, train companies, or car rentals, for the purpose of providing the appropriate service provided by us, is a transfer necessary for the performance of the contract between you and us in accordance with the corresponding derogation of the applicable data protection regulations.
We want you to be in control of how your data is used by us.
We are committed to ensuring fair and transparent processing. That is why it is important to us that persons concerned can exercise the following rights where the respective legal requirements are satisfied:
Exceptionally, this right is not susceptible to be satisfied for the purpose of promotion of a safe and trustworthy service, since we rely on a compelling legitimate interest of protecting from any potential fraud or attack against the provision of our services.
When you use our Platforms we collect and process cookies. The ones that are not strictly necessary for the performance of our services require your consent, and those cookies can be easily rejected as explained in our Cookies Notice.
If you want to exercise any of your data protection rights described above, you can do it here: [email protected].
You can also contact the French Data Protection Authority or any other applicable supervisory authority.
Depending on your local applicable regulations applying, we are providing additional information. Please, review if applicable.
Our UK Representative is Opodo Limited with tax ID number 766445988.
Contact us here, to exercise a specific right or for other data protection comments or suggestions.
Depending on which state you reside in, different laws might apply (such as California, Colorado, Connecticut, Virginia, and Utah). More specifically, if you are from California, the California Consumer Privacy Act (“CCPA“) would be applicable, and you would have the following rights in relation to the personal data that we hold about you: right to know (i.e. to request information about how we process your data), right to request deletion of certain personal data that we process about you, and the right to opt-out of sale of your personal data to third parties. Contact us through [email protected], to exercise a specific right or for other data protection comments or suggestions.
We allow third parties to collect your data through our Platforms, and share it for the purposes described in this Privacy Notice (including without limitation for customised advertising and marketing on our Platforms and elsewhere based on users’ online activities over time and across our Platforms, services, and devices). Remember that you can block non-strictly necessary Cookies (including ads and analytics cookies), as described in our Cookies Notice.
We might amend this Privacy Notice from time to time to make sure it’s up-to-date. Do not hesitate to visit this page regularly and you will know exactly where you stand. We will note the date that revisions were last made to this Privacy Notice at the bottom of this page, and any revisions will take effect upon posting.
Last Updated: July 2023