Privacy Policy (GDPR)Last updated: 11 September 2025
1. Who we are (Data Controller)1st Choice (“we”, “us”, “our”) is the controller of your personal data when you use our services or visit our websites.
Contact: [email protected]
Address: [Company address]
Phone: +359 884 488 039
When services are provided under a contract with your employer or another organisation, that organisation may also act as a separate controller for certain data. In those cases, please also refer to their privacy notices.
2. ScopeThis Policy applies to our travel services (corporate and leisure), event and group travel, advisory services, and our websites/apps (collectively, the “Services”).
3. Personal data we collectWe collect and process personal data necessary to deliver the Services, including:
4. Why we use your data (purposes & legal bases)We process your data for:
5. Who we share data withWe share data only as necessary to provide and operate the Services:
6. International transfersWhere data is transferred outside the EEA/UK/Switzerland, we use approved safeguards, such as EU Standard Contractual Clauses (SCCs) and, where applicable, participation in the EU–US Data Privacy Framework (for certified recipients), or other legally recognised mechanisms. Copies of relevant safeguards can be requested via [email protected].
7. RetentionWe retain personal data only as long as needed for the purposes above, including:
8. SecurityWe use appropriate technical and organisational measures to protect your data against unauthorised access, alteration, disclosure, or loss. While no system is 100% secure, we continually improve our controls and vendor oversight.
9. Your rightsSubject to legal limits, you have the right to:
You also have the right to lodge a complaint with your local data protection authority (for example, in the EEA, the UK Information Commissioner’s Office for UK residents).
10. Cookies & similar technologiesWe use cookies and similar tools to operate our sites, remember preferences, and analyse usage. You can manage cookies through your browser settings and, where available, our cookie banner. Some features may not function without certain cookies. For details, see our Cookie Notice.
11. ChildrenOur Services are not directed to children under 16. We do not knowingly collect data directly from children without appropriate parental/guardian consent for family bookings. If you believe a child has provided data to us without consent, contact [email protected].
12. Automated decision-makingWe do not use automated decision-making that produces legal or similarly significant effects about you without human involvement.
13. Changes to this PolicyWe may update this Policy from time to time. Material changes will be communicated on our websites/apps or by email where appropriate. Please review periodically.
14. How to contact usQuestions about this Policy or our data practices:
Email: [email protected]
Phone: +359 884 488 039
1. Who we are (Data Controller)1st Choice (“we”, “us”, “our”) is the controller of your personal data when you use our services or visit our websites.
Contact: [email protected]
Address: [Company address]
Phone: +359 884 488 039
When services are provided under a contract with your employer or another organisation, that organisation may also act as a separate controller for certain data. In those cases, please also refer to their privacy notices.
2. ScopeThis Policy applies to our travel services (corporate and leisure), event and group travel, advisory services, and our websites/apps (collectively, the “Services”).
3. Personal data we collectWe collect and process personal data necessary to deliver the Services, including:
- Identity & contact: name, title, date of birth, email, phone, address, company details.
- Travel & ID: passport details, visa data, frequent-flyer numbers, known traveler IDs, meal/seat preferences.
- Booking & payment: itineraries, tickets, invoices, payment method (processed via secure payment providers).
- Usage & technical: IP address, device/browser info, log data, and cookie identifiers (see Cookies below).
- Communications: messages, support requests, feedback.
- Preferences: marketing and communication choices.
4. Why we use your data (purposes & legal bases)We process your data for:
- Providing the Services (bookings, itinerary management, support, event/trip administration).
Legal bases: Contract (Art. 6(1)(b)); Legitimate interests (efficient delivery); Legal obligation where applicable. - Customer support & account management (service notices, changes, disruptions).
Legal bases: Contract; Legitimate interests. - Personalisation & improvements (e.g., suggested options, service quality, security, analytics with de-identification where possible).
Legal bases: Legitimate interests. - Marketing communications (news, offers, events) where permitted.
Legal bases: Consent (opt-in) or Legitimate interests where allowed; you can opt out anytime. - Compliance & legal (tax/audit, fraud prevention, regulatory requests).
Legal bases: Legal obligation; Legitimate interests; Establishment/defence of legal claims. - With your consent for any additional purposes made clear at the point of collection. You can withdraw consent at any time.
5. Who we share data withWe share data only as necessary to provide and operate the Services:
- Travel providers & intermediaries (airlines, hotels, rail, car rental, tour/event operators, GDS/aggregators). Many of these parties act as independent controllers for their own obligations (e.g., issuing tickets, complying with aviation/security law).
- Service processors (hosting, IT, support, analytics, payment processing) under contracts that include GDPR-compliant data protection terms.
- Your organisation (for corporate travel management, reporting, and policy compliance).
- Authorities/regulators where required by law or to protect rights, safety, and security.
- Corporate transactions (merger, acquisition, reorganisation) subject to appropriate safeguards.
6. International transfersWhere data is transferred outside the EEA/UK/Switzerland, we use approved safeguards, such as EU Standard Contractual Clauses (SCCs) and, where applicable, participation in the EU–US Data Privacy Framework (for certified recipients), or other legally recognised mechanisms. Copies of relevant safeguards can be requested via [email protected].
7. RetentionWe retain personal data only as long as needed for the purposes above, including:
- Bookings & invoices: kept for the period required by accounting/tax laws.
- Account & support records: for the duration of our relationship and a reasonable period thereafter.
- Marketing data: until you withdraw consent or object, or after a reasonable inactivity period.
8. SecurityWe use appropriate technical and organisational measures to protect your data against unauthorised access, alteration, disclosure, or loss. While no system is 100% secure, we continually improve our controls and vendor oversight.
9. Your rightsSubject to legal limits, you have the right to:
- Access your data and obtain a copy
- Rectify inaccurate or incomplete data
- Erase data (“right to be forgotten”)
- Restrict processing
- Object to processing (including direct marketing)
- Portability of data you provided to us
- Withdraw consent at any time (where processing is based on consent)
You also have the right to lodge a complaint with your local data protection authority (for example, in the EEA, the UK Information Commissioner’s Office for UK residents).
10. Cookies & similar technologiesWe use cookies and similar tools to operate our sites, remember preferences, and analyse usage. You can manage cookies through your browser settings and, where available, our cookie banner. Some features may not function without certain cookies. For details, see our Cookie Notice.
11. ChildrenOur Services are not directed to children under 16. We do not knowingly collect data directly from children without appropriate parental/guardian consent for family bookings. If you believe a child has provided data to us without consent, contact [email protected].
12. Automated decision-makingWe do not use automated decision-making that produces legal or similarly significant effects about you without human involvement.
13. Changes to this PolicyWe may update this Policy from time to time. Material changes will be communicated on our websites/apps or by email where appropriate. Please review periodically.
14. How to contact usQuestions about this Policy or our data practices:
Email: [email protected]
Phone: +359 884 488 039
