Privacy Policy
Think Travel. Think TUI. At TUI we create unforgettable moments for customers across the world and make their dreams come true. Looking after the personal data you share with us is an important part of this. We want you to be confident that your data is safe and secure with us, and understand how we use it to offer you a better and more unique and inspiring experience. See the TUI Group website for more information about us.
What this Privacy Policy covers
The data controller is Musement S.p.A., an Italian company with registered address at Milano, via Polesine no. 13, enrolled in the Company Register of Milan under no. MI1995020, Tax Code and VAT no. 07978000961, online travel agency license no. 170695 Regione Lombardia (Musement), (referred to in this Notice as “we” or “us”), part of the TUI Group.
We are committed to doing the right thing when it comes to how we collect, use and protect your personal data. Your privacy matters to us, so please do take the time to read our Privacy Policy which explains:
- What types of personal data we collect and why we collect it.
- When and how we may share personal data within the TUI Group and with other organisations.
- The choices you have, including how to access and update your personal data.
We have tried to keep this Policy as simple as possible, but if you are not familiar with terms such as data controller, special categories of personal data, then read about these and some others in Key Terms below.
Personal data we collect
When you use any of our web forms, you may provide us with:
- Your personal details, including but not limited to your name and email address
When you contact us or we contact you or you take part in surveys or questionnaires about our services, we may collect:
- Personal data you provide when you connect with us, including by email, post and phone or through social media, such as your name, username and contact details
- Details of emails and other digital communications we send to you that you open, including any links in them that you click on
- Your feedback and contributions to customer surveys and questionnaires
Using your personal data
We use your personal data in a variety of ways, as explained below.
To manage and improve our products, services and day-to-day operations
We use personal data to manage and improve our products, websites, mobile apps, customer loyalty or recognition programme(s) and other services.
We monitor how our services are used to help protect your personal data, detect and prevent fraud, other crimes and the misuse of services.
We use personal data to carry out market research and internal research and development, and to develop and improve our product range, services, shops, IT systems, security, know-how and the way we communicate with you.
These processing are necessary for the purposes of the legitimate interests pursued by the Controller, in the first case for the improvement of our products and services and in the second case to guarantee the security of our facilities and premises.
To make contact and interact with you
We want to provide the best possible service, so if you contact us, for example by email, we may use personal data to provide clarification or assistance to you.
If you are a client this processing is necessary for the performance of the contract, if you are not, the Controller has a legitimate interest in answering or providing what you may ask for.
Sharing personal data with regulatory authorities
So that you can travel, it may be mandatory (as required by government authorities at the point(s) of departure and/or destination) to disclose and process your personal data for immigration, border control, security and anti-terrorism purposes, or any other purposes which they determine appropriate.
We may share the minimum personal data necessary with other public authorities if the law says we must, or we are legally allowed to do so.
Sharing personal data within the TUI Group
Our Privacy Policy applies to all of the services offered by the TUI Group but excludes services that have separate privacy notices that do not incorporate this Privacy Policy. We may share the minimum personal data necessary with other companies in the TUI Group, for example, to manage and improve our products, services and day-to-day operations, to make contact and interact with you; and, if allowed and appropriate, for marketing or market research purposes.
Protecting your personal data
We know how important it is to protect and manage your personal data. We take appropriate security measures to help protect your personal data from accidental loss and from unauthorised access, use, alteration and disclosure.
The security of your data also depends on you. For example, where we have given you or where you have chosen a password for access to certain services, you are responsible for keeping this password confidential.
The personal data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). It may also be processed by organisations operating outside the EEA who work for us or for one of our suppliers. We put in place appropriate protections to make sure your personal data remains adequately protected and that it is treated in line with this Policy. These protections include, but are not limited to, appropriate contract clauses, such as standard contract clauses approved by the European Commission, and appropriate security measures.
Data retention
We will retain your personal data for only as long as it is necessary for the uses set out in this Privacy Policy and/or to meet legal and regulatory requirements. After this period, we will securely erase personal data. If data is needed after this period for analytical, historical or other legitimate business purposes, we will take appropriate measures to anonymise this data.
About cookies and similar technologies
Cookies are small data files that allow a website to collect and store a range of data on your desktop computer, laptop or mobile device. Cookies help us to provide important features and functionality on our websites and mobile apps, and we use them to improve your customer experience. Please see our separate Cookie Policy.
Links to other websites
Our websites or mobile apps may contain links to websites operated by other organisations that have their own privacy notices. Please make sure you read the terms and conditions and privacy notice carefully before providing any personal data.
Social media features
This website contains social media features such as LinkedIn that have their own privacy notices.
Please make sure you read their terms and conditions and privacy notice carefully before providing any personal data as we do not accept any responsibility or liability for these features.
Accessing and updating your personal data, including complaints
You have a right to ask for a copy of the personal data we hold about you. You can write to us asking for a copy of other personal data we hold about you.
Please include any details to help us identify and locate your personal data. Where we can provide data access, we will do so free of charge except where further copies are requested in which case we may charge a reasonable fee based on administrative costs.
We want to make sure that the personal data we hold about you is accurate and up to date. If any of the details we hold are incorrect, please let us know. We will update or erase your data, unless we have to keep it for legitimate business or legal purposes.
You can also object to the processing of your personal data when based in the legitimate interest, and revoke the consent previously given.
If you would like to make a request, please write to the following email address: gdprdx@tui.com
You can also contact the Data Protection Officer if you have a complaint about how we collect, store or use your personal data. We aim to resolve complaints but if you are dissatisfied with our response, you may complain to the local data protection authority.
Please note that we may ask you to verify your identity before we can act on your request or complaint.
Changes to our Policy
This Policy replaces all previous versions. We may change the Policy at any time so please check it regularly for any updates. If the changes are significant, we will provide a prominent notice including, if we believe it is appropriate, email notification of Privacy Policy changes.
Last update: October 2023
Key terms
Data controller: The data controller determines the purpose and manner in which personal data is used.
European Economic Area (EEA): EU Member States plus Norway, Iceland and Lichtenstein.
Online advertising: Marketing messages that you may see on the internet.
Special categories of personal data: This are categories of personal data revealing racial or ethnic origin; political opinions; religious or philosophical beliefs; trade union membership; health data; and data concerning a natural person’s sex life or sexual orientation.