Processing Request...

Data Protection Policy


Travel Unravel respects your privacy and is committed to protecting your personal information. Under this Privacy Policy, we check and safeguard your personal data when you visit our website or contact us through a telephone, and about enlists the details regarding your privacy rights and how the UK law protects you under GDPR policy.

This policy is in a layered format and you can re-route to the specific areas set out below with just a click. Please check the Glossary at the end which will give you a better understanding of the meaning of some of the terms mentioned under this policy.

  • Important information about who we are
  • The ways with which we collect your data
  • How is your personal data collected?
  • How we use your personal data
  • Disclosures of your personal data
  • International transfers
  • Data security
  • Data retention
  • Your legal rights
  • Glossary



This privacy policy gives you information about our process of collecting and using your personal data through our website, including the data provided through to sign up for our newsletter or making a booking. It covers the data collected when you contact us by telephone as well. We offer our services and this website to the customers who are over 16 years only. We knowingly do not collect data relating to children, except necessary information for the purposes of completing a booking made by an adult. You must read this privacy notice together with other fair processing notice on specific occasions when collecting personal data about you. This way we make sure that you are aware of how we use the data that we collect. This privacy notice completes the other notices and is not intended to revoke them.


Travel Unravel Holidays Private Ltd is the controller of all the personal data that you input on our website and the words “we”, “us” and “our” refer to our company. This company is registered in England and Wales under number 07445398. The company mentioned herein the UK is the data controller and is responsible for this website. In case you have any questions about this privacy policy, including any requests to exercise your legal rights, please contact us on the details mentioned below:


Full name of legal entity: Travel Unravel Holidays Private Ltd

Email address:

Postal address: Rear Ground Floor Hygeia Building, 66-68 College Road, Harrow, Middlesex, United Kingdom, HA1 1BE.

Telephone number: 0203 588 8444

If there is any concern regarding our use of your personal data, you may send a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority responsible to manage and protect the data and address issues related to it ( We, however, would like to address a chance to deal with your concerns and address them before you approach the ICO. So in case of any concerns please contact us first.


lease check this policy from time to time, this way you make sure that you are aware of the current version of this privacy policy. It is crucial that the personal data we hold about you is accurate and current in order for us to complete your bookings and our service. Please inform us if your personal data changes prior to booking completion.


This website includes third-party website links, some plug-ins, and applications. Clicking on any of these links or enabling the connected websites allows third party websites to collect or share the data about you. Travel Unravel has no control of these third-party websites and we cannot be held responsible for their privacy statements. Once you leave our website, we advise you to go through the privacy notice again on your next visit.


Personal information is defined as any information about an individual with which we as a service provider can identify a person. This does not include the identity in case it has been removed. This is known as anonymous data. We collect, use, store and transfer personal data about you which we have grouped together follows:

  • Identity Data has details including first name, last name, a username along with the passport number, marital status, title, date of birth and gender. To get all this information, we may require a copy of your passport.
  • Contact Data has details that include your billing address, delivery address, email address and telephone number.
  • Financial Data has details including bank account and payment card details. Payments are made through WorldPay and we do not receive your financial details.
  • All the Transaction Data includes details about payments and other details of the services purchased from us.
  • Technical Data includes IP address, login data and the type of browser with the version, time zone setting and location, operating system and other technologies on the device used by you to access this website.
  • Profile Data includes username and password, your interests, preferences, feedback and survey responses.
  • Usage Data has information regarding your website use and services.
  • Marketing and Communications Data has details about your preferences in receiving marketing and your communication preferences.

We collect, use and share Aggregated Data such as statistical or demographic data for marketing and other purposes. Aggregated Data is usually derived out from personal data but is not considered personal data. This is because under the law this data does not reveal your identity. For example, we may know the details regarding your Usage Data and from that, we can calculate the percentage of users accessing a specific website feature. But in case we combine Aggregated Data and personal data and identify you then it is treated as the combined data as personal data which will be used in this privacy notice.

Under Special Categories of Personal Data, we collect the necessary details to serve you with the services that you buy with us. These services include the details about your health, dietary requirements or any need for special medical support (e.g. oxygen or wheelchairs). Along with that, we may also require a clearance from your doctor to travel with a medical condition including pregnancy for more than 28 weeks. Apart from that, we do not collect any information about your race or ethnicity, religious, sexual life or orientation, political opinions etc.


In case we are required to collect your personal data by law or to fulfil your booking request and you fail to provide it, then we may not be held responsible for our inability to fulfil our services or to provide you with your requested bookings. But we will notify you if this is the case and we are cancelling your request at the time.


different methods are used to collect data from you. This includes:

  • Direct interactions: You provide us with your Name, Contact and Financial Data while you fill in forms with us by post, phone, email or otherwise including:
  • Services booked through us;
  • Account creation on the website;
  • Sign up or subscribe with us;
  • Request marketing emailers to be sent; or
  • Give us some feedback

We share your information about the travel arrangements and requirements from third-party suppliers. This is required to co-ordinate with flights booked directly with the airline.

  • When you interact with our website, we automatically collect Technical Data about your browsing device, actions on the site and patterns. We collect this data via cookies and similar technologies about which you can read in our Cookies Policy. We get the Data if you visit other websites employing our cookies.
  • Third-party or publicly available sources. Travel Unravel may get your personal data from third parties, as set out below:
  • Technical Data:

    (a) analytics [such as Google];

    (b) advertising networks; and

    (c) search information providers

  • Contact, Financial and Transaction Data from payment and delivery services such as WorldPay

When you reserve on someone else's behalf through us, we ask for personal information and other travel preferences. You should seek their consent before and only after that provide us with their information and preferences. If they want to amend or delete their information they can contact us directly otherwise their information will be accessible through your account only.


It is required by the law that we have a lawful basis in case we want to process your personal data. We use your personal data only if the law allows us to do so. We use your personal data in the following cases:

Legitimate Interest

Our interest in conducting business and managing our business to enable us to give you the best service and secure experience is known as a legitimate interest. We balance any potential impact on you and your rights before processing your personal data. We make sure that we do not use your personal data for our interests that are overridden by the impact on you (unless we have your consent). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by Contacting us.


This means in order to process your data to perform and deliver your service to which you are a party or to take steps to fulfil your request before entering into such a contract. Comply with a legal or regulatory obligation intends at processing your personal data where necessary that we are subject to.

We do not rely on consent only as a legal basis to process your personal data other than sending you third-party direct marketing communications via emails. In case you do not want to receive that, you must withdraw the consent to market at any time by contacting us on the given details.


The below-listed are the ways we plan to use your personal data. Under the same, we have listed our legitimate interests for your information. We process your personal data for more than lawful grounds depending on the purpose of data use.

Purpose/Activity Type of data Lawful basis for data processing including legitimate interest
New customer registration (a) Identity
(b) Contact
Complete the requested services with you

complete your travel booking including:

Managing payments, fees and charges

Providing you with information such as status updates about the service you have booked through us

Sharing booking information with suppliers so that they can fulfil your booking

Collecting any payments that you owe us

(a) Identity
(b) Contact
(c) Financial
(d) Transaction
(e) Marketing and Communications
(a) Complete the requested services
(b) Necessary for legitimate interests or to recover due payments
Customer relationship management including:
(a) Notify regarding any changes in terms or privacy policy
(b) Asking you to write a service review
(a) Identity
(b) Contact
(c) Profile
(d) Marketing and Communications
(a) Complete the requested services
(b) Necessary to comply with but under a legal obligation
(c) Necessary under legitimate interests to keep our data updated and insights on how customers use our services.
To protect our business or the website (which includes troubleshooting, data analysis, testing, system maintenance, support, data hosting) (a) Identity
(b) Contact
(c) Technical
(a) Necessary for our legitimate interests to run our business, network security, fraud prevention
(b) Necessary to comply with under a legal obligation
Deliver website content and advertisements to customers and to measure or understand the effectiveness of the served advertisement (a) Identity
(b) Contact
(c) Profile
(d) Usage
(e) Marketing and Communications
(f) Technical
Necessary for legitimate interests to know how the customers use our services, to grow the business and to enhance our marketing strategy
Use data analytics to improve our website, services, marketing, customer relationships (a) Technical
(b) Usage
Necessary for legitimate interests to define types of customers, to keep the website updated and relevant, business development
Suggestions and recommendations about services of your interest (a) Identity
(b) Contact
(c) Technical
(d) Usage
(e) Profile
Necessary for our legitimate interests to develop our services and business growth

We give you the choice regarding personal data uses, particularly for marketing and advertising. We let you decide what marketing material you wish to receive from us or if you want to opt-out of receiving it.


We use your Name, Contact, Usage and Profile Data. This is used to form a view and decide what you may want or need or your interest. With this information, we decide the services and offers that we may be relevant for you. We send marketing communications you have requested information from us or details about the booked travel services on the details you shared with us. In such a case, you have not opted out of receiving our marketing emails.


We will get opt-in consent and only after receiving it we share your personal data with any company outside the Travel Unravel group for any purpose.


At any point in time, you can ask us or the third-party to stop sending you emails by logging into the website and adjusting your marketing preferences. You can also do this by Contacting Us on the provided details.

When you opt-out of receiving marketing messages, the same will not apply to personal data that we receive for making a booking or any other transactions.


We use your personal data for the purposes for which we collected it unless we reasonably consider that we need to use it for another reason which is compatible with the original purpose. If you want an explanation about the process for the new purpose, please contact us.

In case we use your personal data for an unrelated purpose, we will notify you.


We may share your data with the parties for the purposes set out above.

  • Internal Third Parties: Companies in the Travel Unravel Group acting as joint controllers and to provide IT and system administration services or undertake leadership reporting.
  • External Third Parties:
  • Travel service supplier companies including airlines, hotel operators and similar businesses to complete your booking request.
  • Service providers or data processors which are based out in the UK, European Economic Area (EEA),
  • Specific third parties that are listed in the table in [paragraph 4]
  • Third parties to whom we sell, transfer, or merge our business or our assets. We may acquire other businesses or merge with them and share your data with their employees.

All the third parties associated with us respect the security of your personal data and to treat it by the law or as mentioned under this Policy. We do not allow third-party to use your personal data for any other purpose except the one specified under our instructions.


We share your personal data within the Travel Unravel Group. This includes transferring your data outside the EEA.

We make sure that your personal data is protected by all our group companies and they follow the same rules while processing your personal data. They are known as “binding corporate rules”. For more information, see European Commission: Binding corporate rules.

Our external third parties like the airlines and hotels are based outside the EEA. They may process your personal data and transfer it outside the EEA. If we transfer your personal data out of the EEA, we make sure that a similar degree of protection is offered and ensures following safeguards are implemented:

  • Personal data transfer to countries deemed to provide an adequate level of protection for personal data by the European Commission.
  • If we use service providers, we may use approved use of data by the European Commission. Under this, you will get the same protection as it exists in Europe. For any further information, see European Commission: Model contracts for the transfer of personal data to third countries.
  • If we use providers of the US, we transfer data to them if they are part of the Privacy Shield. Under this they provide similar protection to personal data shared between the Europe and the US. For any further information, see European Commission: EU-US Privacy Shield.

In certain circumstances we believe that the transfer is necessary for our contract with you. For example, if we have made a booking for you with a supplier outside the EEA or with your consent, which we seek and inform you about the situation. Contact us if you want any further information on the specific mechanism that we use when we transfer your personal data out of the EEA.


We have adequate security measures that help in preventing your personal data from being accidentally used or accessed in an unauthorised way. With that, we limit the access to your personal data to the employees and third parties associated with us who have a business need to know it. They use your personal data on our instructions and are subject to a duty of confidentiality under this Policy. We have put procedures to deal with suspected data breach and will notify you when we suspect any such activity.


We retain your data for as long as necessary. This is done to fulfil the services you requested for including any legal, accounting, or reporting requirements. To determine the exact retention period for personal data, the potential risk of harm from unauthorised use is considered as the determining factor for disclosure of your personal data. We use the data collected in during our previous transactions so that we can provide you with the best service when you book with us again. We are obligated under law to keep basic information about you for six years. Post that, you cease being customers and this is done solely for tax purposes. If you do not book with us again for more than six years we will delete your data.

In certain circumstances you are allowed to ask us to delete your data. Sometimes we may anonymise your personal data and use it for research or statistical purposes. In such a case, we use this information without any further notice to you.


Under some circumstances, you have the right under data protection laws regarding your personal data. With this, you may:

Ask to access your personal data (commonly known as 'data subject access request'. Under this, you can receive a copy of the personal data we hold about you and check if we are processing it lawfully.

You can ask us to correct the personal data about you. Under this, you have the right to get any incomplete or inaccurate data corrected. We will verify the accuracy of the new data and then do the required process.

Request deleting your personal data. You can do this under no good reason and ask us to stop processing it.

Note, however we may not be able to comply with your request of deleting for any legal reasons and we will inform you if applicable, at the time of request.

Intending to process your personal data we rely on a legitimate interest and your particular situation under which you want to object the processing. This must have the ground that you feel it might impact on your fundamental right or freedom. Your right to object can also arise is you have issues against direct marketing purposes. In cases like this, we may demonstrate that we have legitimate grounds to process your information.

You may request restriction of data processing. You may ask us to suspend the processing of your personal data: (a) to establish the data’s accuracy; (b) use of the data is unlawful; (c) to hold the data even if we no longer require it, exercise or defend legal claims; or (d) you have an objection to the use of your data but we are required to verify a legitimate grounds to use it.

You may withdraw the consent at any time to process your personal data. However, this will not affect the lawfulness of any processing carried out before your withdrawal. However, your withdrawal may lead to our inability to provide you with certain services to you. We will inform you about this at the time you withdraw your consent. If you still want to go ahead and practice any of the rights mentioned above, please Contact us.


We request you and ask you for specific information to confirm your identity and ensure that you have the right to access your personal data (or any of your rights). For us, this is a security measure to ensure that personal data is not disclosed to any other person who has no rights on it. We will contact you to ask you for further information about your request inorder to speed up the response and process.


We respond to all the legitimate requests within one month of the time from where the request has been initiated. However, it may take longer than a month if your request is complex or you have made multiple requests. In such a case, we will keep you updated.