Privacy Policy

Last Updated: 01 May 2025


This Privacy Notice explains how we collect, use, and protect your personal information. It works alongside our [Cookie Policy], which details how we use cookies and similar technologies on our website.


If you’re providing personal information on behalf of someone else—such as a fellow traveller, it is your responsibility to inform them of this Privacy Notice and how their data may be used.


We may update this Privacy Notice and our Cookie Policy from time to time. We encourage you to review both regularly to stay informed. Where changes are significant, we will highlight them clearly on our website and may also notify you electronically where appropriate.


By making a booking or submitting your personal information through any of our channels, you agree to the use of your information as described in this notice. This includes sharing it with service providers involved in your booking, such as hotels, airlines, or transfer providers.

If you do not agree with these terms, we will be unable to process your booking or other service requests, and you should not use our websites, products, or services.


Who We Are?


We are Holidays budget, an online travel agency dedicated to helping you plan and book your travel with ease Holidaysbudget.com is a trading name of Sky Travel Ltd.


What Personal Information Do We Collect and What Do We Do with It?

– Making a Booking


When you make a booking with us—either online or by phone through one of our agents—you will be asked to provide certain personal information. This typically includes:


  • Full name
  • Address
  • Email address
  • Phone number
  • Payment details


Even if you do not complete your booking, but begin entering information on our website or through one of our booking channels, the details you provide may still be collected.


In addition, depending on the nature of your booking or the services you request, we may collect other sensitive information such as:

  • Medical details (for example, when special assistance is requested)
  • Dietary requirements
  • Disability-related requests


How We Use This Information:


We use your personal and financial information to:


  • Complete and manage your booking (e.g., flights, hotels, transfers, and extras)
  • Access, modify, or cancel your booking as necessary
  • Notify you of any changes, cancellations, or rescheduling
  • Handle refund requests where applicable
  • Facilitate communication from third parties like airlines or hotels]
  • Process payment transactions on your behalf


Where required, we may need to:


  • Monitor and handle ongoing correspondence related to your booking
  • Set up additional user accounts with certain service providers (such as airlines) to manage your travel arrangements.


Communicating With You About Your Booking


When you contact us whether via live chat, phone, SMS, email, or another method, we may ask you to provide certain details to verify your identity and ensure we are discussing the correct booking. This typically includes your name, address, email address, and phone number.


When we need to get in touch with you, we will use the contact details you provided (email or phone). We may contact you to:


  • Confirm your booking
  • Notify you of any changes or disruptions
  • Send security alerts
  • Provide important updates or reminders about your travel arrangements


User Accounts


When you create an account with us, the information you provide enables access to a range of services beyond booking management. These services include:


  • Managing your bookings
  • Saving personal settings and preferences
  • Storing search history or results
  • Accessing exclusive offers and promotions


Your account also ensures that only you can securely access your personal information and manage your travel details.


Customer Services


When you contact our Customer Services team—whether by phone, live chat, email, social media, or through Manage My Booking—we use your personal information to respond to and resolve any complaints, queries, or requests you make.


We may also follow up after your travel experience, using email, phone, SMS, or social media. This could be to address any unresolved issues, request feedback, or invite you to leave a review.


Our Customer Services team may also reach out proactively, for example, if your booking requires additional assistance or if an issue arises that needs to be addressed.


To help us answer your questions, we use the information you've provided as well as details from any current or previous bookings. When using our chat function, we may ask you to verify your identity to ensure accurate and secure support before connecting you with a customer service representative.


Call Recording


All customer service phone calls are recorded and monitored for the following reasons:


  • Contractual record-keeping – to document what was agreed during the booking
  • Quality assurance – to ensure staff are providing high standards of service
  • Analytics – to better understand call volumes and recurring issues
  • Staff training – to improve team knowledge and support
  • Legal protection – in the event of disputes or complaints involving third-party suppliers
  • Security and fraud prevention – to protect both you and us from misuse of services


Call recordings are stored securely for a limited period and are automatically deleted unless there is a legitimate reason to retain them longer, in compliance with data protection laws.


Improved Service Through Personalisation


We also use your personal information—including past bookings and preferences—to provide you with a more tailored customer service experience. For example, if a selected hotel or flight becomes unavailable, we may use this information to suggest suitable alternatives.


Security


We use your personal data to help keep our websites, systems, and your account secure. This includes detecting and preventing fraud, unauthorized access, or misuse of your account and our services.


Fraud Prevention


To protect our business and customers, we may use your personal information along with publicly available data (including from social media) and information from third parties—to detect, investigate, and prevent suspected fraud or fraudulent claims that could harm our legitimate business interests.


Legal and Regulatory Compliance


We may use your information to:


  • Respond to and manage legal claims or disputes
  • Handle insurance or regulatory matters
  • Cooperate with compliance investigations or criminal inquiries
  • Enforce our legal rights
  • Comply with laws, court orders, government regulations, or lawful requests from public or health authorities


This may involve reviewing publicly available information (e.g., social media) when relevant.


We may also use your data for internal audit purposes and to fulfil obligations under applicable data protection laws, including responding to requests to exercise your rights.


Pandemics or Unexpected Events


In the case of pandemics or other unforeseen events, we may use your personal data to manage your booking and ensure compliance with relevant legal or public health requirements.


Business Transactions


In the event of a business change such as a merger, acquisition, or sale of assets, your information may be used as part of the planning and due diligence process, and transferred as part of the transaction.


Information You Provide About Others


If you provide information on behalf of others (such as fellow travellers), you are responsible for:


  • Informing them that you are sharing their personal details
  • Ensuring they understand and agree to this Privacy Policy
  • Confirming you have their consent—especially if you are providing health or special assistance details


This includes consent for us to share their information with relevant service providers (e.g., hotels, airlines) or health/government bodies if required.


Special Category (Sensitive) Personal Information


With your explicit consent, you or someone on your behalf may provide us with sensitive information, including:


  • Health information (e.g., for special assistance or dietary needs)
  • Sexual orientation (e.g., for couples’ holiday preferences)


By providing this data, you agree that we may use it to deliver the services you’ve requested, which may involve sharing it with airlines, accommodation providers, or public health authorities if necessary.


Where someone else shares this data on your behalf, it is their responsibility to confirm they have your explicit consent to do so.


Information We Collect Automatically


We collect data automatically when you visit our website, including your device’s IP address, browsing activity, and interactions with the site. This helps us improve your experience and optimize marketing. We also track behaviour across different devices. You can manage cookies and preferences through our website or browser settings.


Information We Get from Others


We may receive your personal information from third parties, including service providers, payment processors, credit agencies, and social media platforms. This helps us process bookings and improve services. You should review the privacy settings of third-party platforms to manage how your data is shared.


Children’s Information


Our services are for users over 18 years old. We do not collect information from children under 18 unless we have consent from a parent or guardian.


1. Data Storage and Duration


  • Storage Security: Information is stored on secure servers, and payment transactions are encrypted.
  • Access Restrictions: Only authorized staff can access your information.
  • Data Retention: Personal data is retained only as long as necessary for:
  • Providing the requested services or products.
  • Business records or legal obligations.
  • Other legitimate business purposes.
  • Deletion or Anonymisation: Once there's no business need for the data, it will be deleted or anonymized. If not possible (e.g., stored in backup archives), the data will be securely stored and isolated from further processing until deletion is feasible.


2. Payment Information


  • Card Information: The company doesn't store your full card details, only the last 4 digits.
  • Encrypted Authorisation Tokens: Payments are processed using tokens issued by the payment provider.
  • Refund Obligations: Information is retained to handle potential refunds.


3. Sharing Data with Third Parties


  • Service Providers: Booking data may be shared with external providers (hotels, flights, transfers) to complete your booking. This may also include financial data to secure services on your behalf.
  • Health Data: In certain circumstances and with consent, health information might be shared if it's necessary to fulfil the booking (e.g., special medical requirements).
  • Third-Party Suppliers:
  • Includes service providers for payment processing, customer support, business analytics, legal advisors, marketing, etc.
  • Personal data shared with suppliers is limited to what's necessary for them to perform their function. They are prohibited from using your data for their own marketing.


4. Data Security and Privacy


  • Secure Data Transfer: Reasonable steps are taken to ensure secure data transmission to service providers.
  • Supplier Responsibilities: Once your data is transferred to suppliers, it becomes their responsibility, and they must adhere to data security standards.


Key Takeaway


The company prioritises secure storage and handling of personal data, retains it only as necessary, and takes steps to ensure any third parties it shares data with handle it responsibly and securely.


1. Referring Websites


  • Referral Information Sharing: If you were directed to the company's website from another webpage, some information about you might be shared with that referring website. This allows the referring site to contact you about their products and services.
  • Google Analytics: The sharing process is facilitated through Google Analytics, which helps track the referral traffic.
  • Commission Tracking: For some partners, the company processes information related to the referral click-through to ensure they are compensated correctly based on the referral.


2. Business Affiliates


  • Sharing Data with Affiliates: The company may share your data with business affiliates who offer joint services or promotions, such as advertising networks or other agencies.
  • Purpose: This is done to enhance the services the company provides to you.
  • Consent for Direct Contact: If you’ve given consent, affiliates may contact you directly with offers and products they believe may interest you


Law Enforcement Authorities


  • Legal Obligations: The company may disclose your personal information if required by law.
  • Criminal Investigations: Data may be shared if it’s necessary for the prevention, detection, or prosecution of criminal activities, such as:
  • Fraud
  • Money laundering
  • Drug trafficking
  • Immigration or customs violations
  • Security or anti-terrorism efforts
  • This disclosure would typically occur when there is a legitimate legal or regulatory need for it.


Health and Government Bodies


  • Health-Related Information: If you provide consent (or there is another legal basis), the company may share information about your health or the health of others in your party.
  • Examples of Sharing: This could include situations like national health crises or pandemics (e.g., COVID-19), where the company might share health-related data with relevant health authorities or government agencies.
  • Legal Basis for Disclosure: Sharing of health-related information would be based on your consent or another lawful basis under data protection laws.
  • Health/Government Bodies: Health data may be shared with health authorities or government bodies with your consent, especially in situations related to public health concerns.
  • CAA / Regulatory authority
  • If we become insolvent, we, or any appointed insolvency practitioner, may disclose your personal information to the CAA (or other relevant regulator) so they can assess the status of your booking and advise you on the appropriate course of action under any applicable scheme of financial protection. The CAA’s privacy notice is at: https://www.caa.co.uk/Our-work/About-us/General-privacy-notice/


1. Transfers of Personal Data Outside the UK


  • International Transfers: Due to the nature of the business, personal information may be transferred to countries outside the UK. This could involve other members of the company group or third-party service providers.
  • Data Protection Measures: The company will only transfer personal data outside the UK if they have appropriate safeguards in place to comply with data protection laws. These measures ensure that data is protected even when processed in countries that may not have the same level of data protection laws as the UK.


2. Customer Service Provider Based in Pakistan


  • Data Processing by Third Parties: If the company’s customer service provider in Pakistan needs certain information to help manage, update, or complete your booking, they may access your data.
  • Legitimate Interests: The company justifies this transfer as necessary for its legitimate interest in ensuring bookings are processed efficiently.
  • Special Category Information: If special personal data (e.g., health or disability information) is required, the company will only collect this with your explicit consent.


3. Safeguards for Data Protection


  • Contractual Safeguards: To protect your personal information, the company has implemented appropriate safeguards, such as entering into standard contractual clauses approved by the UK Information Commissioner’s Office (ICO).
  • Data Security: These clauses ensure that the customer service provider is obligated to protect your data in line with applicable data protection laws.


4. Your Data Protection Rights


  • Access: You can request a copy of the personal information the company holds about you by making a Data Subject Access Request (DSAR).
  • Correction: If any information is inaccurate, you can request that it be corrected, with evidence provided to support the correction.
  • Deletion: You can request the deletion of your personal information. However, the company may not be able to delete all of your data if there are legal, regulatory, or legitimate business reasons for retaining it.
  • Objection: You have the right to object to the processing of your personal data. However, this right applies only in certain circumstances, which the company will explain if they are unable to comply with your request.


Key Takeaways:


  • International Data Transfers: Personal data may be transferred outside the UK, but only with appropriate safeguards.
  • Customer Support in Pakistan: If necessary, your data might be accessed by the customer service team based in Pakistan to help complete your booking, with special care taken for sensitive data.
  • Your Rights: You have the right to access, correct, and delete your personal data, or object to its processing under certain conditions.


Privacy Considerations:


  • The company appears committed to safeguarding personal data when it is transferred abroad or shared with third parties, ensuring that any data processing complies with data protection regulations.
  • It’s also important to know your rights under data protection laws, especially when it comes to accessing, correcting, and deleting your information.


Objection to Marketing


  • Opt-Out of Marketing: You can unsubscribe from marketing communications at any time by:
  • Clicking the ‘unsubscribe’ link in marketing emails.
  • Managing your preferences directly on the website.
  • Sending a request to the company’s designated address for opting out.
  • Price Alerts or Deal Alerts: If you've signed up for these services, you can also unsubscribe by adjusting your preferences in the app or browser.
  • Support for Unsubscribing: If you're having trouble unsubscribing, you can reach out to support@holidaysbudget.com for assistance.


2. Restriction of Data Processing


  • Request to Restrict Processing: You have the right to ask the company to restrict how your personal data is processed, but this right only applies in certain circumstances, which will be explained if the company cannot fulfill your request.


3. Data Portability


  • Transfer Data: You can request the transfer of certain personal information to another party. This can also be provided directly to you so that you can transfer it yourself, provided it's technically feasible.


4. Contact Information for Rights Requests


Making a Request or Filing a Complaint: You can make any rights-related requests or file complaints by contacting the company via:

Email: support@holidaysbudget.com

If you're in the UK, you can also contact the Information Commissioner’s Office (ICO), the relevant data protection authority: ICO Contact Us.


5. Legal Bases for Processing Personal Data


The company processes personal data on several lawful bases:


  • Performance of a Contract: Your personal data is processed to fulfil the terms of the contract you’ve made (e.g., booking your holiday).
  • Consent: You can give consent for marketing communications, use of testimonials/photos, and other purposes.
  • Legitimate Interests: Some data processing is for the company’s legitimate interests, such as customer service, business analysis, follow-up communications, and fraud prevention.
  • Compliance with Legal Obligations: The company may collect personal data to meet legal obligations, such as tax laws.
  • Vital Interests: Personal data may be processed in emergency situations where it's necessary to protect someone's health or safety.


6. Special Category Personal Information


If the company processes sensitive data (e.g., health information, criminal records), they rely on specific lawful bases, including:


  • Consent: For health-related data (e.g., special accessibility requests, pandemic-related details).
  • Vital Interests: In emergency situations where consent can't be obtained.
  • Legal Claims: To support the establishment or defence of legal claims (e.g., for insurance or refunds).
  • Preventing Unlawful Acts: To detect or prevent fraud or unlawful acts, potentially involving law enforcement.


7. Contact for Data Protection


  • Legal and Compliance Department: If you have questions or concerns, you can contact:
  • Email: support@holidaysbudget.com
  • Post: Sky Travel Ltd, Legal and Compliance Department


8. EU GDPR Representative


  • If you're an EU resident, you can contact the company’s EU GDPR Representative for privacy-related concerns:
  • MCF Legal Technology Solutions Limited
  • Address: Riverside One, Sir John Rogerson’s Quay, Dublin 2, Ireland
  • Marketing Opt-Out: You can easily unsubscribe from marketing emails or adjust your preferences at any time.
  • Data Rights: You have rights to restrict processing, request data portability, and request deletion of data, subject to certain conditions.
  • Legal Bases for Data Use: The company processes your data for contractual, legal, and legitimate business purposes, as well as for emergency or fraud prevention.
  • EU Residents: EU customers can contact the company’s GDPR representative for any privacy concerns.


Privacy Considerations:

The company appears to be transparent in explaining your rights and the lawful bases for processing your personal data. If you ever feel your rights are being violated, you can always reach out to the company or the relevant data protection authorities for assistance.