🔒 Privacy Policy

1. Who We Are & Our Role

JETMEAWAY LTD (Company No: 17140522, ICO Reg: ZC125217), registered at 66 Paul Street, London, United Kingdom (“Jetmeaway”, “we”, “us”) is the data controller for personal data processed through jetmeaway.co.uk and the JetMeAway mobile application (together, the “Platform”). You can contact us at contact@jetmeaway.co.uk or 0800 652 6699. For data-protection enquiries specifically, please write “Data Protection” in the subject line.

For bookings you complete on a third-party site after clicking through from the Platform (“Referral Bookings”), that third party is the controller of the data you give them. For bookings you complete inside our checkout (“Direct Bookings”), we share the data needed to fulfil the booking with the Travel Provider or Wholesaler, and each of them is an independent controller of the data they receive.

2. What Personal Data We Collect

a. Browsing & enquiries (everyone who visits)

• Usage data — pages visited, searches run, links clicked, referral source.
• Device & technical data — IP address, browser type, operating system, device type, screen resolution, language, approximate location derived from IP.
• Cookies & similar technologies — see section 10.

b. Account & enquiries

• Email address, name, phone — if you sign up for price alerts, the newsletter, or contact us.
• Communication content — messages you send us by email, contact form, SMS or on social media.

c. Direct Bookings (flights & hotels booked through our checkout)

• Passenger & lead-guest details — title, full name, date of birth, gender where required, nationality, passport or travel-document number and expiry, frequent-flyer number, contact email and phone. Where a Travel Provider requires additional information (e.g. redress number, known-traveller number, meal preference) we collect that too.
• Payment data — your card details are entered directly into a secure payment field hosted by Stripe Payments Europe, Ltd., our PCI-DSS Level 1 certified payment processor. Jetmeaway never sees, stores or transmits your full card number or CVC. We retain only the Stripe PaymentIntent reference, billing name, billing email, the last four digits and brand of the card, and the amount and currency charged. This is the minimum we need to identify the transaction, process refunds, and respond to chargebacks.
• Booking record — booking reference, itinerary, dates, room type / fare class, price paid, supplier confirmation code, booking status.
• Special requirements — if you tell us about a dietary need, mobility requirement or medical condition relevant to your travel, this constitutes special-category data under UK GDPR and we will process it only with your explicit consent for the purpose of arranging the booking.

d. User-generated content

• Any reviews, photos, ratings or comments you voluntarily submit to the Platform.

3. How We Use Your Personal Data (Purposes)

• To operate, maintain and improve the Platform and the comparison service.
• To take and fulfil bookings — including passing your details to the Travel Provider, Wholesaler and payment processor needed to issue and honour the booking.
• To process payments, issue refunds, and manage chargebacks and fraud prevention.
• To send transactional messages (booking confirmations, itinerary changes, cancellation and refund notifications, check-in reminders).
• To send marketing and price-alert messages where you have opted in, and to personalise content based on your previous searches. You can opt out at any time.
• To respond to enquiries, complaints and customer-service requests.
• To meet our legal and regulatory obligations (accounting, tax, anti-money-laundering, sanctions screening, law-enforcement requests).
• To detect, investigate and prevent fraudulent or unlawful activity and to secure our systems.
• To analyse usage of the Platform (aggregated and anonymised where possible) so we can improve it.
• To manage business reorganisations, mergers, acquisitions and similar corporate events.

4. Lawful Bases for Processing

• Performance of a contract — to take and fulfil your booking, take payment, and issue refunds.
• Legitimate interests — to operate and improve the Platform, prevent fraud, secure our systems, and analyse usage. We have assessed that these interests are not overridden by your rights.
• Legal obligation — to meet accounting, tax, regulatory and law-enforcement requirements.
• Consent — for marketing communications, non-essential cookies, and the processing of special-category data (e.g. a disclosed medical condition). You may withdraw consent at any time without affecting processing that has already taken place.

5. Who We Share Your Data With

We share personal data only with the categories of recipient listed below, and only to the extent needed.

• Travel Providers — airlines, hotels, car-hire companies, tour operators, activity operators, insurers, eSIM providers. They receive the traveller information needed to deliver the booked service and become independent controllers of that data.
• Wholesalers & aggregators — including LiteAPI/Nuitee, DOTW (Webbeds FZ-LLC), Duffel, Travelpayouts, RateHawk, Hotellook, and similar partners whose APIs source or fulfil the inventory.
• Payment processor — Stripe Payments Europe, Ltd. for card processing, refunds and chargebacks.
• Hosting & infrastructure — Vercel Inc. (hosting and edge compute) and Vercel KV / Upstash Redis (short-term booking state, subscriber lists). Google Cloud / Anthropic where AI-assistant features are used.
• Email, SMS & voice providers — including Twilio for SMS and voice, and our transactional-email provider for booking notifications and alerts.
• Analytics & performance — privacy-respecting analytics and error-reporting tools used to understand and improve the Platform.
• Professional advisers — accountants, auditors, lawyers and insurers where reasonably necessary.
• Law enforcement and regulators — where we are required by law or a valid legal request.
• Successors in interest — in the event of a merger, acquisition, restructuring or sale of part of our business, personal data may be transferred to the buyer.

We do not sell your personal data. We do not sell, rent or trade your search history, booking intent or contact details to hotels, advertising networks or data brokers.

6. International Transfers

Some of our Travel Providers, Wholesalers and service providers are based outside the United Kingdom and the European Economic Area (for example DOTW/Webbeds is based in the UAE, and US-based hotels and aggregators operate from the United States). When we transfer personal data outside the UK we rely on one of the following safeguards:

• An “adequacy decision” issued by the UK government or the European Commission.
• The UK International Data Transfer Agreement (IDTA) or the EU Standard Contractual Clauses with the UK addendum.
• Where the transfer is necessary to perform the contract with you (for example transferring your passport details to the airline so you can fly), the specific derogation under UK GDPR Article 49(1)(b).

You can request a copy of the safeguards we rely on by contacting us at contact@jetmeaway.co.uk.

7. How Long We Keep Your Data (Retention)

• Booking and payment records — up to seven years after the booking date, to meet HMRC, tax, accounting and anti-fraud record-keeping obligations.
• Account data — for as long as your account is active, plus up to two years after deletion for dispute-resolution and audit purposes.
• Marketing-subscriber data — until you unsubscribe, plus a short suppression record so we can honour your opt-out.
• Support correspondence — up to three years from the last contact.
• Analytics and browsing data — typically up to 26 months in identifiable form, after which it is aggregated or deleted.
• Cookies — see section 10.

8. Data Security

We use appropriate technical and organisational measures to protect your data, including TLS encryption in transit, encryption at rest for booking records, strict role-based access controls, secrets management, regular patching, and PCI-DSS Level 1 certified payment processing via Stripe. We review our security posture regularly. No online service is completely secure; please use a strong, unique password and tell us immediately if you suspect unauthorised access.

9. Your Rights Under UK GDPR and the Data Protection Act 2018

You have the right to:

• Access the personal data we hold about you.
• Rectification — ask us to correct inaccurate or incomplete data.
• Erasure — ask us to delete your data where one of the grounds in Article 17 applies. Note that we may be legally required to retain booking and payment records for up to seven years.
• Restriction of processing in certain circumstances.
• Data portability — receive your data in a structured, machine-readable format and transfer it to another controller.
• Object to processing based on legitimate interests or for direct marketing.
• Withdraw consent at any time where processing is based on consent.
• Not be subject to fully automated decisions that produce legal or similarly significant effects on you (we do not currently make any such decisions).

To exercise any of these rights, email contact@jetmeaway.co.uk. We will respond within one calendar month and may ask you to verify your identity. There is normally no charge.

If you believe we have not complied with your rights, you may complain to the UK Information Commissioner's Office at ico.org.uk or 0303 123 1113. Our ICO registration reference is ZC125217. We would prefer the chance to resolve your concern first.

10. Cookies & Similar Technologies

We use cookies and similar technologies to make the Platform work, to remember your search preferences, to measure performance, and for affiliate tracking when you click through to a partner. Essential cookies do not require consent. Non-essential analytics, personalisation and affiliate-tracking cookies are placed only with your consent, which you give or withdraw through the cookie banner.

Affiliate cookies are set by partners including Expedia (Partnerize), Travelpayouts, Trip.com and others when you click a partner link. They allow us to be credited for the referral; they do not increase the price you pay.

Ryanair flight-confirmation iframe. When you book a Ryanair (FR) flight through the Platform, Ryanair require us to embed their flight-confirmation page as an iframe before payment. The iframe sets the following strictly-necessary cookies in your browser, controlled by Ryanair:

• STORAGE_PREFERENCES (session) — stores your cookie-category preferences for the Ryanair iframe.
• mkt (365 days) — remembers your Ryanair market (e.g. gb/en).
• fr-correlation-id (session) — tracks an anonymous session between internal Ryanair services for support.
• rid (365 days) — identifies your device for enhanced security on Ryanair's side.
• rid-sig (365 days) — companion signature to rid, for the same security purpose.

These cookies are mandatory for the iframe to function. They are not used by JetMeAway for marketing. Ryanair's own Cookie Policy governs their use.

11. Marketing Communications

We only send marketing emails, SMS or push notifications where you have opted in, or where you have previously booked a similar service and have not opted out (“soft opt-in” under PECR). Every marketing message includes a one-click unsubscribe link, and you can opt out at any time by emailing contact@jetmeaway.co.uk.

12. Automated Decision-Making & Profiling

We use automated systems for price-alert matching, fraud scoring, and to rank search results. None of these produce legal or similarly significant effects on you within the meaning of Article 22 UK GDPR. You can ask for a human to review any automated decision that affects you materially by contacting us.

13. Children

The Platform is not directed at children. We do not knowingly collect personal data from anyone under 16 as the primary user. Adults making bookings that include child travellers may provide the child's name and date of birth; this is processed under the lawful basis of contract performance to ticket the child.

14. Third-Party Sites

The Platform links to Travel Providers and affiliate partners. Those sites have their own privacy policies, and we are not responsible for how they handle data you give them. Please review their policy before you transact with them.

15. Changes to This Policy

We may update this policy from time to time. The “Last updated” date at the top shows when it was last changed. Material changes will be highlighted on the Platform or by email if we have your address and consent.

16. Contact

For any privacy question or to exercise any right under this policy, email contact@jetmeaway.co.uk, call 0800 652 6699, or write to: JETMEAWAY LTD, 66 Paul Street, London, United Kingdom.