Who are we?
Hello! We are Liligo Metasearch Technologies S.A.S., known by you as Liligo.
Here's a summary of how we protect your data and respect your privacy.
Our privacy promises
Why do we use your data (purposes)?
We don't make Automated Decisions.
What types of data do we process?
You give us: email - Communications data, if any
We collect: cookie - Browsing & Travel search data
Who will be the recipients of your data?
Know your rights
Information on Cookies
For more information related to privacy and security of your data, see the details below.
Thank you for using our Platforms. Your trust is our most important value, that is why in this Privacy Notice we are going to show you our responsibilities regarding the privacy and the security of your data. The only thing you have to do is read it, and if you have any questions related to it, you can tell us about it here.
After that, you’re all set to find your next adventure with us!
Whenever this Privacy Notice mentions “we”, “us”, or “our”, it refers to Liligo Metasearch Technologies S.A.S. acting as Data Controller.
Liligo Metasearch Technologies is a French-based company, with tax ID number FR91483314134.
Definitions for a better understanding of this Privacy Notice
Note: As you will find explained below, we don’t make Automated Decisions.
Note: We as a Data Controller use many third-party services to which we outsource some parts of our activities that we don’t do ourselves for various reasons such as cost-efficiency. A Data Processor is only allowed to process your data according to our documented instructions, and in compliance with the applicable law, so we are still in charge of your data, and they will not be able to process your data for any incompatible purpose.
Note: For the six lawful bases covered in the law, we will essentially rely on Consent, Contract, Legal Obligation or Legitimate Interest. However, exceptionally, we might rely on Vital Interest or Public Task.
Note: As you will find explained below, we shall not process Sensitive Personal Data.
Who is the Data Protection Officer?
We have a common Data Protection Officer who watches over all processing carried out with respect for your privacy and the applicable regulations at all times.
You can contact the Data Protection Officer’s team here.
Third Countries: countries in which the GDPR regime is not applicable. Currently, by Third Countries, we mean all countries that lie outside of the European Economic Area (i.e. outside the European Union, Iceland, Liechtenstein and Norway).
We need to process your data in order to provide you with our travel search and comparison services, described in Section 2 of the Terms and Conditions, that can be summarised as a search and comparison services of travel products or services available on the travel market and proposed by third companies on the basis of the search criterions informed by you (or just simply mentioned as “our Services”).
We endeavour to show to you the most relevant travel data in a personalized manner, so that when you visit our Platforms you do not miss the offers and information relevant to you.
Please, bear in mind that the identification data we use is going to be your cookie ID.
Lawful bases: #Contract
We can get in touch with you by the different means provided by you, and for the following purposes:
Lawful bases: #Contract #Your Consent #Legitimate Interest
We also use data for analytical purposes. This is part of our drive to enhance the user experience, but can also be used for testing purposes, troubleshooting and improving the functionality and quality of our Services. The main goal here is to optimize our Platforms to your needs, making them easier and more enjoyable to use. We strive to use pseudonymized or anonymized data for these analytical purposes.
Lawful basis: #Legitimate Interest
In order to create a trustworthy environment for you, your fellow travelers, our business partners and our travel providers, we may use data for the detection and prevention of illegal or unwanted activities, as well as for security purposes in our Platforms.
One example of this is ***
Lawful bases: #Legal Obligation #Legitimate Interest
We redirect any claim directly to the Service providers.
Exceptionally, we may need to use your data for regulatory investigations and compliance, to enforce our General terms and conditions or to comply with lawful requests from law enforcement or other legal obligations.
Lawful bases: #Legal Obligation #Legitimate Interest
Main lawful bases commonly used:
#Your Consent: you gave consent for a specific use of your data. We will always obtain your consent to collect and process your data unless another Lawful Basis applies. We will provide you with transparent information at the time that consent is obtained. This information will be provided in an accessible form, written in clear language. If the data is not obtained directly from you, then this information will be provided to you within a reasonable period after the data has been obtained.
#Contract: you have a contract or pre-contract with us. As an example, when booking an airline or hotel with us, we need relevant data to process your reservation.
#Legal Obligation: we have a legal obligation. Normally, accounting and tax regulations request to store necessary data for compliance purposes.
#Legitimate Interest: It’s in our legitimate interest, and it is judged not to affect your rights and freedoms in a significant way.
Other lawful bases, only exceptionally used:
We don't make Automated Decisions based on profiles, beyond the legitimate interest of fraud prevention and the customization of your user experience, marketing and advertising. In any case, such an Automated Decision will not produce legal effects or similarly significantly affect you.
In case we shall make any Automated Decision we will apply all appropriate measures and inform you.
There are different origins where the data mainly can come from: #Data you give to us & #Data we collect from you. The following are categories of data that can be related to you (categories are not exclusive, data may transcend multiple categories):
Data from all of the communications exchanged between you and us in connection to your requests. We use your email address as your identity data; your data will be linked based on your email. For example, customer support cases, metadata and notes generated by our systems and agents, if any.
Data that you provide to us during the searching process. This data may automatically collect from your device when you visit our Platforms. For example, IP address, browser type, origin, destination, dates, and other travel characteristics, internet service providers, geographic location, technical data about the device, pages accessed and links clicked, the time and duration of request and visit, the method used to submit the request to the server.
As most of this data may be collected by using different types of Cookies or similar technologies, check our Cookies Notice.
Why don’t we process Sensitive Personal Data?
We don’t process Sensitive Personal Data because we don’t need it to provide you with our Services and we are committed to apply the principle of data minimisation. We don’t ask you for this data in our Platforms. Please, avoid providing us with Sensitive Personal Data in any open communication with us, if any.
What happens with the data belonging to children?
Our Services aren’t intended for minors, as mentioned in our General terms and conditions.
If we become aware that we have processed the data of a child without the valid consent of a parent or guardian, we will delete it.
Data we collect from third parties
We lawfully obtain data about you from business partners and other independent third-party sources (e.g. browsing or device data, contact data such as email, purchase or demographic data).
We might have to share your data with third parties which might normally act as #Data Controller or #Data Processor depending on their circumstances (i.e. on their purposes and type of data they process, their relationship with them, you and us, their responsibilities under the law, etc.). We are selecting hereinbelow their main categories.
In order to provide you with our services, we need to share your data with third parties. We will define and regulate the data transfer or processing contractually when required by law with the appropriate security measures.
We might share your data within our group companies who will be obliged to use your data solely for the purpose for which they were collected, and comply with other provisions of the applicable law.
We might disclose your data to law enforcement insofar as it is required by law or is strictly necessary for the prevention, detection or prosecution of criminal acts and fraud or if we are otherwise legally obliged to do so, which will act as #Data Controllers. We may need to further disclose your data to competent authorities to protect and defend our rights or properties, or the rights and properties of third parties.
(transparently informed to you and with your consent to the disclosure, where applicable)
These recipients might be outside the European Economic Area (EEA), implying international data transfers. For more information on this, please check the next section.
While no online service can guarantee absolute security, we design our systems and devices with security and privacy in mind. We work to implement appropriate technical and organisational measures to ensure an appropriate level of security to the risk, including for example the following ones. See below.
We will keep your data for as long as we deem it necessary to enable you to use our Services, to provide our Services to you, to comply with the applicable laws, resolve disputes with any parties and otherwise as necessary to allow us to conduct our business (including, to detect and prevent any illegal activities). All your data we retain will be subject to this Privacy Notice. If you have any questions about a specific retention period for certain types of your data we process about you, see below.
Usually, we process your data for a maximum period of five years, since your last trip or any further action related to it ended or since you performed your last action while logged in with your account for the purposes described above.
Other specific terms might apply, such as a maximum term of three years for accountability purposes regarding data protection related interactions, or a maximum term of ten years for tax and accounting purposes.
If you provide us with your contact email address, but then you are unable to finish your booking, we will keep your email address only temporarily and, in any case, for a maximum period of seven days to help you with the booking if you are still interested.
For the purpose of customized offers, you will periodically get email offers from us, and in every email, there will be a clear and easy way to unsubscribe and therefore object to this type of processing. We will keep and use your data for this purpose until you unsubscribe.
Regarding Cookie duration please check our Cookie Notice.
Our servers are located within the European Union. However, to facilitate our global operations (i.e. by means of service providers) the transmission of your data to the recipients described above may include transfers of your data to third countries whose data protection laws might not be as comprehensive as those of the countries within the European Union.
For transfers to recipients in such countries, we rely on the decision of the adequate level of protection, on appropriate safeguards, or on the exception of (pre)contract necessity or any other which might apply from time to time.
Any service provider (such as an online travel agency or an airline) acting as Data Controller will process your data in accordance with its own Privacy Notice and will be fully responsible for processing your data.
The disclosure of your data will be done, when applicable, in accordance with the applicable laws and that appropriate safeguards (in particular, the standard contractual clauses issued by the European Commission) are in place to ensure an adequate level of protection of the privacy and fundamental rights of individuals.
We want you to be in control of how your data is used by us.
Taking into account that we process very limited personal data, we make it very easy for you to exercise your rights:
Unless you have sent us exceptionally and voluntarily more of your data through other means, we don’t have any other data from you. If so, and you want to exercise your data protection rights (right to access, rectification, erasure, object or limit, or withdraw your consent), you can do it here.
You can also contact the French Data Protection Authority or any other applicable supervisory authority.
Depending on your local applicable regulations applying, we are providing additional information. Please, review if applicable.
Our UK Representative is Opodo Limited with tax ID number 766445988.
Contact us here, to exercise a specific right or for other data protection comments or suggestions.
Depending on which state you reside in, different laws might apply (such as California or Virginia).
Contact us here to exercise a specific right or for other data protection comments or suggestions.
We allow third parties to collect your data through our Platforms and share it with third parties for the business purposes described in this Privacy Notice (including without limitation advertising and marketing on our Platforms and elsewhere based on users’ online activities over time and across our Platforms, Services, and devices). Remember that you can block Cookies for these purposes, through the Consent Management Platform (CMP) as described in our Cookies Notice.
We might amend this Privacy Notice from time to time to make sure it’s up-to-date. Do not hesitate to visit this page regularly and you will know exactly where you stand. We will note the date that revisions were last made to this Privacy Notice at the bottom of this page, and any revisions will take effect upon posting.
Last Updated: October 11th 2021