Privacy Policy of Kiwi.com
We at Kiwi.com take your privacy very seriously. Currently, we comply with the Regulation No. 2016/679, the General Data Protection Regulation, also known as GDPR, which sets the highest privacy and data protection standard in the world. In this Privacy Policy we explain what data we collect from you, why we collect it, how we use it and with whom we might share it. It also explains what rights you as a data subject have and how you can fulfill them.
This Privacy Policy applies to any data processing done by us in connection to the use of our services, both through our website kiwi.com and through our mobile applications for iOS and Android.
- Who are we?
- Some terms that we use in this Privacy Policy
- What Personal Data do we collect?
- For what purposes do we use your Personal Data?
- Who do we share your Personal Data with and why?
- How long do we store your Personal Data?
- How to access and control your Personal Data?
- Cookies & Similar technology
- Transferring your data outside of the European Economic Area
- Complaint with the supervisory authority
- Contacting us and exercising your rights
- Specifics for residents of selected countries
- Data Protection Officer
- Changes to this Privacy Policy
Who are we?
We, as the Data Controller, are the company Kiwi.com s.r.o., ID No. 29352886, with a registered office at Lazaretní 925/9, Zábrdovice, Post Code 615 00 Brno, registered in the Companies Register administered by the Regional Court of Brno, file no. C 74565, Tax ID No. CZ29352886.
Some terms that we use in this Privacy Policy
Personal Data: any information relating to a directly or indirectly identified or identifiable natural person. That means that if we possess means to identify either you or even the device you're using, any information that we can connect to you will be treated as Personal Data.
Data Controller: someone that determines the purposes and means of processing Personal Data. For example, we are a Data Controller when we process your Personal Data for the purposes stated in this Privacy Policy.If you choose to book a ticket through our website or app, we will be sending your Personal Data to another Data Controller – the carrier or the provider of other services – who will again use your Personal Data for its own purposes. Each Data Controller should have a Privacy Policy such as this one where you can learn about how your Personal Data is processed. You can see the overview of Data Controllers with whom we might share the data below.
Data Processor: a third party that only helps to achieve the purposes determined by the Data Controller. For example, we as a Data Controller use many third-party services to which we outsource some parts of our activities that we don’t do ourselves for various reasons such as cost-efficiency. A Data Processor is only allowed to process your Personal Data according to our documented instructions.
Third Countries: countries in which the GDPR regime is not applicable. Currently, by Third Countries, we mean all countries that lie outside of the European Economic Area.
What Personal Data do we collect?
We collect your Personal Data directly from you, either when you provide us your Personal Data or gather them by ourselves when you use our services or you are in touch with us. Depending on the processing purpose, we may process the following categories of Personal Data:
| CATEGORY OF PERSONAL DATA | DESCRIPTION |
| Identification information | Information used to identify you as a natural person, such as your name, surname, gender, nationality, billing address, and date of birth, and artificial online identifier created by us, such as Kiwi.com ID. |
| Contact information | Information used to contact you, such as your email address and telephone number. |
| Your online behavior while interacting with us | Your behavior on our website and in our app, i.e. what you visited, how long you stayed, what you clicked on, etc. We also track your interactions with the emails and notifications that we send you, such as if you open the email or if you click on any of the links that it contains. |
| Device and network metadata | Information about the device that you used to access our website or the device on which our app is installed, your network connection metadata, and also information derived from these data. This information includes, for example, your operating system, web browser, screen resolution, IP address, etc. |
| Precise location | The precise location of your device based on the data provided by the geolocation technology of your device. We will only process this Personal Data if you give us your specific consent and it is necessary to provide you with some feature of our website or app which requires access to the precise location of your device, e.g., sending you relevant information about your trip based on your current location. It also might be necessary to access the information about your precise location in the background, i.e., even if you don’t have the app open. You will always be informed about this when giving your consent. |
| Account information | The settings and other data which you generate while using the Kiwi.com Account, such as the price alerts, search history, specific settings, profile picture, the login details which you use to log into the Kiwi.com Account, i.e. the email and password (we never store the passwords in a non-encrypted form), preferred choices and other details saved in Kiwi.com Account. |
| Information about your order(s) | Details of your order, i.e., all that you choose in the order form and what you later change or purchase as an addition to the original order. If you order a special assistance service or if you submit a cancellation request out of medical reasons, we will process your health data as necessary for the provision of these services. |
| Travel document information | Number and expiration date of the ID or Passport (depending on which one you give us). |
| Payment information | Information which you give us to execute the payment. Usually, this means the payment card details. We never store the payment card details in a non-encrypted form. If you choose to store your payment card details in your Kiwi.com Account or within the app, we will keep this Personal Data for your future purchases. |
| Documents necessary to be provided with the brokered service | Documents that we get from the provider of the service which we broker for you, such as the boarding passes or the e-tickets. |
| Information about your requests and your communication with us | All of the text and voice communications exchanged between you and Kiwi.com in connection to your requests (e.g., customer support cases), metadata, and notes generated by our systems and agents. |
| Your settings | Some settings of the website or in the app which you have made, such as the language, preferred choices like currency, destination and others, or cookie settings. |
| Reviews & feedback | Rating of your experience with Kiwi.com product or services, incl. answers to specific questions on this topic and general feedback or content of a review. |
| Kiwi.com Credit | Whenever you are awarded Kiwi.com Credit according to our Terms and Conditions, we’ll store the information about the amount, currency, and expiration of your Kiwi.com Credit in your account. |
For what purposes do we use your Personal Data?
Users
Whenever you access our website or app, we process your Personal Data for the purposes defined below:
| NAME | DESCRIPTION | CATEGORIES OF PERSONAL DATA | LEGAL GROUND |
| Delivering the functionalities of the website | We will process your Personal Data so that we're able to deliver you the functionalities of our website. | Your online behavior while interacting with us Device and network metadata Your settings |
Art. 6.1(f) - necessity for the purposes of legitimate interest of Kiwi.com (Delivery of product features). |
| Delivering the functionalities of the app | For some features of our app, we need to process your Personal Data on our side. Sometimes, we also need to access some specific data about your device (such as the precise location). We will always ask you whether you agree to share any such data with us when it first becomes relevant (e.g., you open the feature which requires access to additional data). | Contact details Your settings Precise location Other data requested by the app Payment data |
Art. 6.1(f) - necessity for the purposes of legitimate interest of Kiwi.com (Delivery of product features). Art. 6.1(a) - consent |
| Product development, service improvement, and business development | We constantly strive to improve our product and services. To be able to do that, we need precise data about your interactions with us. Therefore, we collect data about your device and your network identifiers along with your behavior on our website and in the app and your general use of our services. We analyze all this data and use it to create or modify our features and processes. We use data also to grow our business. Whenever we need to reach a business decision, we look at data that is generated by our most important variable — our customers. | Your online behavior while interacting with us Device and network metadata Information about your order(s) Information about your requests and your communication with us |
Art. 6.1(f) - necessity for the purposes of legitimate interest of Kiwi.com (Improvement of our product and services, Business development). |
| Kiwi.com Account | If you create the Kiwi.com Account, we will process your Personal Data as necessary to deliver you all the features it includes, in accordance with the Terms of Use. The scope of the processed Personal Data will change depending on what details you decide to save. If you use third party SSO accounts (e.g., Facebook, Google) for signing into Kiwi.com Account, the account providers are informed about it and we obtain your Personal Data from them. Likewise, if you create your account through a website of some of our partners, we will receive the Personal Data from this partner. We will use the data from your past order(s) to offer you to prefill some of the information for your future order(s). |
Contact information Account information Identification information Payment information Information about your order(s) Kiwi.com Credit |
Art. 6.1(b) - necessity for the conclusion and performance of a contract (Terms of Use). | Direct marketing | To provide you with the best offers and to maximize our marketing efficiency, we process your Personal Data for the purposes of direct marketing (email offers and related processing activities). We do so if you subscribed to our offers (on the basis of your consent) or if you used our services and have not rejected (opt-out) our offers. Besides your contact details, we also keep data like your transaction and travel history, travel preferences, and other data about your interaction with us that help us with customer segmentation and personalization of these offers. For example, we might tailor a special offer just for you based on your previous orders. Additionally, when you provide your information during the booking process or while ordering another service, we may send you an email to remind you of any unfinished orders that are still incomplete. We will only keep your Personal Data collected in this way for 30 days. We will never share your contact details with other Data Controllers without your knowledge, and we will only contact you with offers that are linked to our main business. Besides direct messages to make sure that you don't miss our offers, we send out website and app push notifications (with your consent). |
Your online behavior while interacting with us Account information Device and network metadata Identification information (if entered into the fields) Contact details (if entered into the fields) Your settings |
Art. 6.1(f) - necessity for the purposes of legitimate interest of Kiwi.com (Direct marketing). Art 6.1(a) - consent. You can always unsubscribe (exercise your right to object to direct marketing or withdraw your consent) and check your subscription status through the links below every email newsletter that you get from us. |
| Online advertisement | To provide you with the best offers and to maximize our marketing efficiency, we also display ads on Kiwi.com and third-party websites that are tailored for you based on your Personal Data. It might, therefore, happen that you will see advertisements that offer booking of transportation via Kiwi.com elsewhere on the internet.
Advertisement networks. Besides our internal marketing database, we also use various third-party advertisement networks, such as Google Ads. These networks allow us to show you relevant ads on different places around the internet. This is done by assigning you an encrypted identifier and storing it in a cookie on your device. When you go to a website that is served ads via one of the companies working with our partner ad network, they will recognize this identifier and show you offers according to our specifications. Targeting on Facebook. To reach our users with our offers, we also use Meta (Facebook) for Business. When you visit our website, we share an encrypted identifier with Facebook which allows them to match your Facebook profile with the visit. Subsequently, using the Facebook advertisement services, we are able to show you tailored offers on Facebook. So, for example, if you search for a flight on Kiwi.com, don’t buy it and the price goes down, we might show you an offer for this specific flight. Lookalike features. Some of the advertisement services which we use, namely Meta for Business and Google Ads, also provide the so-called “lookalike audiences” features. These features allow us to find users who might be interested in our services based on similarities to our existing users. We are then again able to target those users with our offers. This means that if you give us your consent, these services will analyze your profiles and find us other profiles based on common attributes. When using these features, we never gain direct access to any personal data or the profiles - this is all done by the service providers in the background and we only get the option to target our ads to a wider audience. |
Your online behavior while interacting with us Account information Device and network metadata Your settings |
Art. 6.1(f) - necessity for the purposes of legitimate interest of Kiwi.com (Direct marketing). |
| Marketing analytics | To improve our marketing campaigns in general, we perform analyses to help us see which campaigns work and how they contribute to our conversion rates. Additionally, we analyze your interactions with Kiwi.com to send you offers that will be relevant for you. | Your online behavior while interacting with us Device and network metadata |
Art. 6.1(f) - necessity for the purposes of legitimate interest of Kiwi.com (Direct marketing). |
| Establishment and exercise of legal claims and defense against them | To be able to exercise our legal claims arising out of your use of our website/app in breach of our Terms of Use or use in breach of some statutory obligation and to be able to defend ourselves against legal claims raised by you, we will store your Personal Data for at least 4 years from the point of your use of the website / app. | Identification information Your online behavior while interacting with us Device and network metadata Account information Contact details (if entered into the fields) Your settings |
Art. 6.1(f) - necessity for the purposes of legitimate interest of Kiwi.com (Protection of our legal rights). |
| Information security | We need to protect ourselves against various security threats that try to exploit vulnerabilities in our security and hurt our business. To do that, sometimes we need to process Personal Data of our users. To this end, we collect and process Personal Data of our users and, in some cases, also share it with the providers of our third-party information security solutions, such as CloudFlare. | Your online behavior while interacting with us Device and network metadata |
Art. 6.1(f) - necessity for the purposes of legitimate interest of Kiwi.com (Security). |
| Collection and assessment of feedback | Sometimes we ask you to rate your experience with Kiwi.com, provide us with your feedback, or leave a review on a third-party customer review website. We will store and evaluate all this data in order to improve our product and services. | Identification information Contact details Reviews & feedback |
Art. 6.1(f) - necessity for the purposes of legitimate interest of Kiwi.com (Improvement of product and services). |
Customers
When you order any of our services, we will continue to process your Personal Data for the purposes explained above. The scope of the processed Personal Data for these purposes will newly also include the Information about your order(s) and Information about your requests and your communication with us. Besides this, we will process your Personal Data for the following purposes:
| NAME | DESCRIPTION | CATEGORIES OF PERSONAL DATA | LEGAL GROUND |
| Ordering & Provision of services | The main reason we collect and use your Personal Data is to conclude an agreement with you and to provide you the services you have ordered. Depending on the extent to which you use our services, we will process your Personal Data in a way that is necessary to enter into and fulfill our Service Agreement as described in our Terms & Conditions. The services that we provide include, primarily, the brokering of a contract of carriage and related services between you and the selected carrier. We may also process your Personal Data for this purpose when providing you with the service of enforcement of your claims against carriers. To achieve this purpose, we need to share your Personal Data with the carriers with whom you will enter into a contract of carriage and, in some cases, also with operators of ticket marketplaces, such as the Global Distribution Systems. Additionally, to pay for the tickets, we will use your name and surname to generate a single-use virtual payment card, which we use for the financial settlement with the transport provider. If you order additional service Special assistance or when you ask us for a refund due to health issues, we will process your Personal Data concerning health. In the case of the Special assistance service, we will share it with the carrier of your choice. During the ordering process, you will be asked to give your explicit consent with the processing of this Personal Data. You can always withdraw your consent through this form: kiwi.com/privacy/rights. However, please note that if you withdraw the consent with the processing of your Personal Data for the purpose of the Special Assistance additional service, we won't be able to provide you with any subsequent support related to this service. It may also happen that you choose to order another service that we or our partners offer on our website or in our app, such as insurance or accommodation. We will process your Personal Data as required to enter into a contract with you and to provide you with the ordered service or (if the service is provided by our partner) to enable you to enter into the contract with the service provider and to do our part in the contractual relationship between you and the third-party service provider. You can find the complete list of third-party Data Controllers that we might share your data with below. |
Identification information Contact information Information about your order(s) Travel document information Payment information Documents necessary to be provided with the brokered service |
Art. 6.1(b) - necessity for the conclusion and performance of a contract (Terms and Conditions). |
| Fraud prevention | When you book a ticket or order any other service through our website or app, during the payment transaction, we use a third-party service that helps us prevent fraudulent behavior. This is a very common process that happens nearly every time you order something online. For this to be possible, we will transfer your Personal Data momentarily to a third-party provider of fraud-checking service. However, this is not something to worry about, the whole transaction is completely secure, and we use one of the best and most common fraud-prevention tools. These third-party service providers (currently we use products from the companies Forter, Inc. and Riskified Ltd.) use the Personal Data, which they collect to build a database of online fraudulent behavior. They then compare this database with the behavior of the end-users of their clients, and whenever they detect similar behavioral signs, they can tell the clients to reject payments done by fraudsters. Furthermore, to prevent attempts for fraudulent chargebacks, if you report fraudulent purchase through your bank, we might check your social media to see, whether you have some sort of connection to the person who ordered the ticket to make sure that it is not an attempt to get the money for the ticket back by fraud. We will only process limited information about your connection to the person, who ordered the ticket, and whether you, by any chance, have not published some information connected to the journey (e.g., photos from the airport taking a flight). |
Identification information Contact information Information about your order(s) Travel document information Payment information Your online behavior while interacting with us Device and network information Publicly available information related to your order |
Art. 6.1(f) - necessity for the purposes of legitimate interest of Kiwi.com and the e-commerce industry in general (Fraud prevention). |
| Customer support | Customer support is a big part of our services. We will record all of our communication through all channels, such as email, chat, and phone calls, in order to provide you with the service that you require. Part of our customer support is also helping our customers with potential legal issues with the carriers (in case of missed flights and similar situations). For this, we have partnered with a third-party service provider. When you have a legal problem, we will send this provider your email address, and you will be contacted with an offer to help you exercise your claims. You can learn more about the sharing of your Personal Data with third-party data controllers here. | Identification information Contact information Information about your order(s) Travel document information Information about your requests and your communication with us |
Art. 6.1(b) - necessity for the conclusion and performance of a contract (Terms and Conditions). |
| Sharing information with metasearch engines | If you get to our booking page through a third-party search engine (so-called metasearch), we will let the operator of this metasearch know that you have successfully finished the booking, which you have found on their site. | Contact details Information about your order(s) |
Art. 6.1(f) - necessity for the purposes of legitimate interest of the metasearch (Business operations). |
| Establishment and exercise of legal claims and defence against them | We store and process your Personal Data to establish and exercise legal claims, or defend against them. Whenever you book a ticket or order any other service, we will keep all relevant data for potential future legal claims that you or we could have, especially in judicial and other proceedings and when recovering or selling claims you assigned to us, for at least 4 years from the point of the creation of the corresponding order. Similarly, if you send us a data protection request, we will also store all the data you give us and the data about our handling of the request for this purpose. | Identification information Contact information Information about your order(s) Travel document information Payment information Your online behavior while interacting with us Device and network information Publicly available information related to your order Information about your requests and your communication with us |
Art. 6.1(f) - necessity for the purposes of legitimate interest of Kiwi.com (Protection of our legal rights). |
| Compliance with legal obligations | We need to process some of your Personal Data to fulfill certain legal obligations that are applicable to us. Because this is a legal necessity, we do not need to obtain your consent for it. For this purpose, we will process your identification and contact information and information about your bookings. The main legal obligations we need to do this for arise from Act No. 89/2012 Coll, the Civil Code, Act No. 634/1992 Coll, on the protection of consumers, Act No. 235/2004 Coll, on Value Added Tax and Act. 563/1991 Coll, on Accounting. If you send us a data protection request to fulfill one of your rights, we will ask you for some personal data which we will then process to achieve compliance with the applicable law. | Information about your order(s) Information about your requests and your communication with us |
Art. 6.1(c) - necessity for compliance with legal obligations to which Kiwi.com is subject. |
Co-travelers
If someone orders a service from Kiwi.com for you (for example, books a flight ticket with your name), we will process your Personal Data, even if you're not a direct customer. Your Personal Data will be processed for the following purposes:
| NAME | DESCRIPTION | CATEGORIES OF PERSONAL DATA | LEGAL GROUND |
| Ordering & Provision of services | If someone orders our services for you, we will process your Personal Data as necessary for the provision of this service. | Identification information Contact information Information about your order(s) Travel document information |
Art. 6.1(f) - necessity for the purposes of legitimate interest of Kiwi.com (Provision of services). |
| User account — saved traveler | When someone orders service for you and has a Kiwi.com Account, we will offer them to store your Personal Data for the easier ordering of other services for you in the future. If we are provided with your email, we will send you information about this and in case you disagree, you may choose to delete your data. | Identification information Contact information Travel document information |
Art. 6.1(f) - necessity for the purposes of your legitimate interest (Simplification of future bookings). |
| Establishment and exercise of legal claims and defence against them | To be able to defend ourselves against legal claims raised by you in connection with our provision of the services, we will store your Personal Data for at least 4 years from the point of the creation of the corresponding order. | Identification information Contact information Information about your order(s) Travel document information |
Art. 6.1(f) - necessity for the purposes of legitimate interest of Kiwi.com (Protection of our legal rights). |
How long do we store your Personal Data?
In general, we will process your Personal Data until we don’t need it for any of the purposes defined in this Privacy Policy. Usually, we process your Personal Data for the duration of statutory limitation period, which is generally 3 years, plus an additional 1 year because of the time reserve necessary for delayed deliveries of notices and our additional actions.
For the purpose of legal obligations fulfillment, we process your Personal Data for the duration required by the applicable law, e.g. 10 years for archiving of invoices.
For the purpose of your Kiwi.com user account, we will store your Personal Data for 5 years after the last action you performed by you while logged in.
For the purpose of personalized offers, you will periodically get email offers from us, and in every email, there will be a clear and easy way to unsubscribe and therefore object to this type of processing. We will keep and use your Personal Data for this purpose until you unsubscribe.
How to access and control your Personal Data?
We want you to always be in control of your Personal Data. To this end, you have certain rights that allow for it. Under certain conditions, you may:
- gain access to all your data that we use or processing, and even get a copy of all of it,
- ask us to delete your data,
- correct the data that we are processing if you think that there are mistakes,
- restrict the data processing,
- object to processing,
- receive your Personal Data in a commonly used and machine-readable format or to transmit this data to a different provider.
You can exercise your rights by sending us an email with your request through this form: kiwi.com/privacy/rights.
Please note, that in order to ensure the safety of your Personal Data, we will only comply with the requests that are sent from the email address used during the booking or ordering of a service. If someone else did the booking for you, we will request that you provide additional information to us (Booking ID, etc) to ensure that you are really the owner of the Personal Data in concern.
Learn more
Access your Personal Data
At any time, you have the right to ask us whether we process your Personal Data and to get the following information:
- Purposes for which we process your Personal Data,
- Categories of your Personal Data we're processing,
- List of third-parties with whom we share your Personal Data, in particular when these third-parties are based in Third Countries
- Duration that we plan to process your Personal Data, or at least how we determine the retention period
- Your rights as a data subject according to the GDPR
- Your right to lodge a complaint with a supervisory authority
- Where we received your data in cases where we didn't get the data straight from you,
- If applicable, any information about automated decision making that you may be subject to
- When the data was transferred to a Third Country and what safeguards apply according to the GDPR
Also, on your request, we will provide you with a full copy of all the Personal Data about you that we're processing. The first copy is for free. However, for any further copies we may charge you a fee to cover our administrative costs.
You can also request your data in a commonly used format for the sake of data portability.
Delete your Personal Data
You have also the right to have your data completely deleted (or more precisely, irreversibly anonymised) if one of the following situations applies to you:
- we no longer need your Personal Data for any of the purposes defined in this Privacy Policy
- you've successfully objected to the processing according to the Art. 21 of the GDPR and we have no other purpose for which we need your Personal Data,
- we've processed your Personal Data unlawfully, or
- there is a legal obligation that obliges us to delete your Personal Data.
However, you don't have the right to request the deletion of your Personal data, if the processing is necessary for:
- exercising the right of freedom of expression and information,
- compliance with a legal obligation that obliges us to keep the Personal Data, or
- we need the Personal Data for the establishment, exercise or defence of legal claims
Correct your Personal Data
If you feel that any Personal Data that we're processing about you is not accurate, you can let us know and we will do our best to correct it.
Please note that we cannot correct the data in our databases that are connected to your ticket. If we would do that, it wouldn't change it on the part of the carriers or providers of other services and we couldn't pair it together. If you want to change the details on your ticket, you can always do it in the Manage My Booking section on Kiwi.com.
Restrict processing of your Personal Data
Under certain conditions, we will restrict the processing of your Personal Data. This means that we will make sure that they are not being processed for any other purpose than to archive it or to move it to a secure archive. You have the right to request this restriction if:
- you challenged the accuracy of your Personal Data (we will continue processing it once this is resolved),
- we've processed your Personal Data unlawfully but instead of deletion, you only request restriction,
- the only remaining purpose for processing your Personal Data is the establishment, exercise or defence of legal claims, or
- you've objected to data processing according to the Art. 21 Para 1 of the GDPR and we're assessing whether your request is justified
Object to processing of your Personal Data
You can object against any purpose for which we're processing your Personal Data based on the legal ground of legitimate interest. When you object against processing for any marketing purposes, we will stop using your Personal Data for this purpose immediately.
If you protest against any other purpose based on a legitimate interest, we will stop processing your Personal Data for this purpose, unless we can prove that our legitimate grounds for processing it override your individual interests, rights and freedoms.
Get your Personal Data portable
Lastly, you have the right to obtain your Personal Data processed (based on either consent or necessity for a conclusion or performance of a contract) in a commonly used and machine-readable format and have the right to transmit that data to another controller of your choice.
Cookies & Similar technology
Cookies are small text files placed on your device that allow us to remember certain information about you for multiple purposes, such as delivering the functionalities of the website and app, Product development, service improvement, and business development, Kiwi.com Account, Online advertisement, Marketing analytics, Information Security, Fraud prevention and Sharing information with metasearch engines.
Basically, on our site, you will encounter three types of cookies:
- Cookies that are strictly necessary for the operation of our website and provision of our services (these cannot be turned off),
- So-called “performance cookies”, i.e. cookies that we use for statistics in order to improve our services,
- Cookies that we use for marketing purposes.
You can turn off the cookies that are used for statistics and marketing purposes by setting your cookie preferences here.
You may always check and modify your preferences when it comes to digital advertising on the web pages of the Digital Advertising Alliance (DAA), at http://optout.aboutads.info/, or on the web pages of the European Interactive Digital Advertising Alliance (EDAA), at http://www.youronlinechoices.com/.
DO-NOT-TRACK: Currently, we don’t respond to the DNT setting in your browser.Learn more
Necessary
| Cookie | Type | Expiration | Description |
| SKYPICKER_AFFILIATE | Cookie | 30 days | Affiliate ID used by Kiwi.com. |
| SKYPICKER_AFFILIATE_UID | Cookie | 30 days | Affiliate ID parameter used by Kiwi.com. |
| SKYPICKER_VISITOR_UNIQID | Cookie | 1460 days | Unique user ID used by Kiwi.com to identify the users. |
| __cfduid | Cookie | 30 days | The _cfduid cookie helps Cloudflare detect malicious visitors to our websites and minimizes blocking legitimate users. It may be placed on the devices of our customers' End Users to identify individual clients behind a shared IP address and apply security settings on a per-client basis. |
| __cfruid | Cookie | Session | This cookie is a part of the services provided by Cloudflare - Including load-balancing, deliverance of website content and serving DNS connection for website operators. |
| __kw_darwin_saved_groups | Cookie | 1460 days | This cookie ensures user interface consistency across webpage visits. |
| __kw_darwin_saved_tests | Cookie | 1460 days | This cookie ensures user interface consistency across webpage visits. |
| __kwc_agreed | Cookie | 1460 days | This cookie is set to true when a user makes a choice in the privacy settings. |
| __kwc_settings | Cookie | 1460 days | This cookie contains the specific privacy settings. |
| bookingSessionId | Cookie | Session | Unique identifier used by used by Riskified to prevent payment fraud. |
| cf_use_ob | Cookie | 1 days | This cookie allows the website to present the visitor with a notice that the website is under maintenance or inaccessible. |
| dealsSubscriptionFormSeen | Cookie | 1460 days | Used to check if the user has seen the subscription popup. |
| deeplinkId | Cookie | Session | This cookie is used to store necessary information related to the fact that you came to our website via a link on a website of one of our affiliate partners. |
| fchkoutoolsDID | Cookie | Persistent | Used by used by Forter to prevent payment fraud. |
| fchkoutoolsSID | Cookie | Session | Used by used by Forter to prevent payment fraud. |
| forced_brand | Cookie | 1460 days | Forced brand set by the URL parameter or debug modal. |
| forterToken | Cookie | 1460 days | This cookie is neccessary for the usage of a fraud prevention tool which is used for all payments on our website. |
| forterTokenCopy | Cookie | 1460 days | This cookie is neccessary for the usage of a fraud prevention tool which is used for all payments on our website. |
| frame_ancestor_url | Cookie | 1460 days | Used by Clicktripz which is an advertisement network which allows us to show you advertisement across different sites around the internet. |
| ftr_ncd | Cookie | 1460 days | This cookie is a necessary part of a fraud prevention tool used for all payments on our website. |
| ignore_mobile_ad | Cookie | 1460 days | This cookie is used to track the choice to close an advertisement on our website. |
| lastDealsDataStorage | Cookie | 1460 days | Used to store information to enable various functionalities of the “Deals” section of our website. |
| lastDealsResults | Cookie | 1460 days | Used to store the list of the recent searches performed by our users. |
| lastRskxRun | Cookie | 730 days | Used by Riskified to gather information which is used to identify and prevent payment fraud. |
| ppwp_wp_session | Cookie | 1 days | This cookie preserves user information across different pages that the user accesses. |
| preferred_currency | Cookie | 1460 days | This cookie allows us to remember your currency preference. |
| preferred_language | Cookie | 1460 days | This cookie allows us to remember your language preference. |
| rCookie | Cookie | 730 days | This cookie registers statistical data on users' behaviour on the website. |
| recentRedirect | Cookie | Session | This cookie retains information from the last visited page. |
| recentSearch | Cookie | 30 days | This cookie retains information from the last search form. |
| recentSearchList | Cookie | Session | This cookie stores the list of the flights you recently searched for. |
| rskxRunCookie | Cookie | 4315 days | This cookie is used to gather information which is used to identify and prevent payment fraud. |
| search.form.recent_search | Cookie | 1460 days | This cookie contains the latest filters your specified in the search form. |
| simpleToken | Cookie | 150 seconds | Cookie used to store authentification data. |
| sub1Param | Cookie | 30 days | Cookie used for storing an affiliate partner identificator. |
| subscriptionFormSeen | Cookie | 1460 days | Used to check if the user has seen the subscription popup. |
| testEnvironment | Cookie | 1460 days | Internal cookie used by our developers to track various information related to the testing of our website. |
| test_cookie | Cookie | 1 days | This cookie is used to check if the user's browser supports cookies. |
| ua_session_token | Cookie | 30 days | This cookie is used to facilitate log-in process. |
| ui | Cookie | Session | We use this cookie to distinguish users who use a normal browser from those who display our website in the mobile webview. |
| viewedOuibounceModal | Cookie | Session | This cookie is used to retain information about whether a pop-up was already shown to the user. |
| affilParams | Local storage | Persistent | This cookie is used to store necessary information related to the fact that you came to our website via a link on a website of one of our affiliate partners. |
| initial_load | Local storage | Persistent | Internal cookie used by our developers to track various information related to the loading of our website. |
| PPaffilidPromoCode | Session storage | Session | This cookie is used to store necessary information related to the fact that you came to our website via a link on a website of one of our affiliate partners. |
| PPtransportTypeOR | Session storage | Session | This cookie is used to store necessary information related to the fact that you came to our website via a link on a website of one of our affiliate partners. |
| PPtripType | Session storage | Session | This cookie is used to store necessary information related to the fact that you came to our website via a link on a website of one of our affiliate partners. |
| gtm_line_car-af | Session storage | Session | This cookie is used to store necessary information related to the fact that you came to our website via a link on a website of one of our affiliate partners. |
| gtm_line_car-cid | Session storage | Session | This cookie is used to store necessary information related to the fact that you came to our website via a link on a website of one of our affiliate partners. |
| sessionId | Session storage | Session | Preserves the visitor's session state across page requests. |
| utilsPageCount | Session storage | Session | Used to store technical information necessary to trigger various advertising campaigns on our website. |
| utilsUtm_source | Session storage | Session | Used to store information necessary to trigger various scripts across our website. |
| voucherID | Session storage | Session | This cookie is used to store necessary information related to the fact that you came to our website via a link on a website of one of our affiliate partners and the fact that you used a voucher while paying for your trip. |
Analytics
| Cookie | Type | Expiration | Description |
| FPAU | Cookie | 90 days | This cookie assigns a specific identificator to the user, which counts the number of subsequent visits for the purpose of analytics. |
| FPID | Cookie | 730 days | This cookie registers statistical data on user's behaviour for the purpose of analytics. |
| FPLC | Cookie | 1 days | This cookie assigns a specific identificator to the user, which enables us to observe behavior for the purpose of analytics. |
| IDE | Cookie | 365 days | Used by Google Marketing Platform to measure the efficacy of an ad by registering and reporting user's actions. |
| SL_C_#_DOMAIN | Cookie | Session | Collects data on the user’s navigation and behavior on the website which is used for analytics. |
| SL_C_#_KEY | Cookie | 390 days | These cookies allow us to see the exact path that our users take while browsing through our website. |
| SL_C_#_SID | Cookie | 390 days | These cookies allow us to see the exact path that our users take while browsing through our website. |
| SL_C_#_VID | Cookie | 390 days | These cookies allow us to see the exact path that our users take while browsing through our website. |
| _clck | Cookie | 365 days | Microsoft Clarity collects data on the user’s navigation and behavior on the website. We use this cookie to compile statistical reports and heatmaps. This specific cookie is used to store a unique user ID. |
| _clsk | Cookie | 1 days | Set by Microsoft Clarity. This cookie is used to store and combine pageviews by a user into a single session record. |
| _cltk | Cookie | Session | Set by Microsoft Clarity. Registers statistical data on users' behaviour on the website. Used for internal analytics. |
| _dc_gtm_UA-# | Cookie | 1 days | Used by Google Tag Manager to control the loading of a Google Analytics script tag. |
| _ga | Cookie | 730 days | Used by Google Analyrtics to distinguish unique users by assigning a randomly generated number as a client identifier. It is included in each page request in a site and used to calculate visitor, session and campaign data for the sites analytics reports. |
| _ga_# | Cookie | 730 days | Used by Google Analytics to collect data on the number of times a user has visited the website as well as dates for the first and most recent visit. |
| _gac_UA-# | Cookie | 90 days | Used for click tracking when using auto-tagging in Goggle Ads. |
| _gat | Cookie | 1 days | This cookie is used to throttle the number of requests that the website allows, and filters them to ensure the stability and operability of the website. |
| _gat_gtag_UA_# | Cookie | Session | Used by Google Analytics to collect statistical data on the website visits. |
| _gcl_au | Cookie | 90 days | Used by Google AdSense for experimenting with advertisement efficiency across websites using their services. |
| _gcl_aw | Cookie | 90 days | Used by the conversion linker for click information. Conversion linker tags are used to help tags measure click data so that conversions are measured effectively. |
| _gid | Cookie | 1 days | This cookie is used by Google Universal Analytics, and it stores and updates a unique value for each page visited. |
| _parsely_visitor | Cookie | 30 days | Used by Parse.ly to assign an anonymous user identifier which is used to track new vs. returning visitors. |
| collect | Cookie | Session | Used to send data to Google Analytics about the visitor's device and behavior. Tracks the visitor across devices and marketing channels. |
| fs_uid | Cookie | 365 days | This cookie contains an ID string on the current session. This cookie contains non-personal information on what subpages the visitor enters – this information is used to optimize the visitor's experience. |
| google_click_id | Cookie | 180 days | This cookie is a collects data about user interaction with an advertisement. |
| gtmSplitVar | Cookie | 1460 days | Used by Google Analytics to gather data about user's interactions with the website which is then used for the purpose of analytics. |
| logglytrackingsession | Cookie | Session | This cookie is used to track errors during users's session and report them. |
| pagead/1p-user-list/# | Cookie | Session | This cookie tracks user's interest in products or events across multiple websites for the purpose of analytics. |
| smartlook_ban_expire | Cookie | Persistent | It collects information on user preferences and/or interaction with web-campaign content for analytical purposes. |
| smartlook_ban_reason | Cookie | Persistent | This cookie is used to detect errors and send error information to support staff, which use this information for the purpose of improving stability of the website. |
| utag_main | Cookie | 365 days | This cookie helps us track the usage of our websites and improve the accuracy of analytical data. |
| utm_medium | Cookie | 1460 days | Detects the form of the medium by which the user has accessed the website for analytics purposes, e.g. whether it was by clicking on a banner, email link, etc. |
| utm_source | Cookie | 1460 days | This cookie determines the origin from which the user has accessed the website and is used to evaluate the success of marketing campaigns. |
| SL_L_#_KEY | Local storage | Persistent | This cookie gathers statistical data about how visitors use the website, such as the number of visits and the average time spent on the website. |
| SL_L_#_RECORDINGS_BEACON_DATA | Local storage | Persistent | These cookies gather statistical data about how visitors use the website, such as the number of visits and the average time spent on the website. |
| SL_L_#_SID | Local storage | Persistent | These cookies gather statistical data about how visitors use the website, such as the number of visits and the average time spent on the website. |
| SL_L_#_VID | Local storage | Persistent | These cookies gather statistical data about how visitors use the website, such as the number of visits and the average time spent on the website. |
| TDeeclocID | Local storage | Persistent | Used by Google Analytics to enable the enhanced ecommerce tracking feature. |
| _fs_uid | Local storage | Persistent | This cookie contains an ID string on the current session. This cookie contains non-personal information on what subpages the visitor enters – this information is used to optimize the visitor's experience. |
Marketing
| Cookie | Type | Expiration | Description |
| ANONCHK | Cookie | 1 days | Used by Microsoft Clarity to register data on visitors from multiple visits and on multiple websites. This information is used to measure the efficiency of advertisement on websites. |
| CLID | Cookie | 365 days | Used by Microsoft Clarity to collect data on the user’s navigation and behavior on the website. This is used to compile statistical reports and heatmaps. |
| MUID | Cookie | 365 days | This cookie enables user tracking by synchronising the assigned ID across different Microsoft domains. |
| PHPSESSID | Cookie | Session | Preserves user session state across page requests. |
| SM | Cookie | Session | This cookie resgisters a unique ID which tracks return visits to our website, as well as visits to different websites which use the same ad network, resulting in targeted advertisements. |
| SRM_B | Cookie | 365 days | Tracks the user’s interaction with the website’s search-bar-function for marketing purposes. |
| __inf_etc__ | Cookie | 1460 days | This cookie is generated by our marketing CRM tool, Exponea, which helps us collect information about our users for marketing purposes. |
| __inf_last_session_ping_timestamp__ | Cookie | Persistent | This cookie is generated by our marketing CRM tool, Exponea, which helps us collect information about our users for marketing purposes. |
| __inf_last_session_start_timestamp__ | Cookie | Persistent | This cookie is generated by our marketing CRM tool, Exponea, which helps us collect information about our users for marketing purposes. |
| __inf_time2__ | Cookie | 1 days | This cookie is generated by our marketing CRM tool, Exponea, which helps us collect information about our users for marketing purposes. Manages timestamp offset between browser and server time. |
| __inf_tracking_definition__ | Cookie | Session | This cookie is generated by our marketing CRM tool, Exponea, which helps us collect information about our users for marketing purposes. |
| _ctuid | Cookie | 90 days | Used by Clicktripz which is an advertisement network which allows us to show you advertisement across different sites around the internet. |
| _fbc | Cookie | 730 days | Used by Facebook to store information about the visitor who land on our page via an ad displayed on Facebook. |
| _fbp | Cookie | 90 days | Used by Facebook to deliver a series of advertisement products such as real time bidding from third party advertisers. |
| _uetsid | Cookie | 1 days | Used by Bing Adds to collect data on visitor behaviour from multiple websites, in order to present more relevant advertisement. |
| _uetsid_exp | Cookie | Persistent | Used by Bing Adds to collect data on visitor behaviour from multiple websites, in order to present more relevant advertisement. |
| _uetvid | Cookie | 365 days | Used by Bing Adds to collect data on visitor behaviour from multiple websites, in order to present more relevant advertisement. |
| ads/ga-audiences | Cookie | Session | Used by Google AdWords to re-engage visitors that are likely to convert to customers based on the visitor's online behaviour across websites. |
| api/advertisers/v1/prof | Cookie | Session | Used by Clicktripz which is an advertisement network which allows us to show you advertisement across different sites around the internet. |
| c.gif | Cookie | Session | Used by Microsoft Clarity to collect data on the user’s navigation and behavior on the website. This is used to compile statistical reports and heatmaps. |
| cdo/cdxs/r20.gif | Cookie | Session | Used by the social networking service, LinkedIn, for tracking the use of embedded services. |
| criteo_write_test | Cookie | 1 days | Criteo is an advertisement network that helps us display ads on third-party websites that you visit. |
| cto_idcpy | Cookie | 180 days | This cookie sets a unique identifier for the user, which allows third parties to provide the user with relevant and targeted advertisements. |
| cto_lwid | Cookie | 180 days | This cookie provides user information which is used to display advertisements on third-party websites that the user visits. |
| cto_sid | Cookie | Session | This cookie provides user information which is used to display advertisements on third-party websites that the user visits. |
| fr | Cookie | 90 days | This cookie is used to deliver advertisement products. |
| im_puid | Cookie | 390 days | Used by Intent Media to facilitate showing third party display advertisements. |
| im_snid | Cookie | Session | Used by Intent Media to facilitate showing third party display advertisements. |
| intent_media_prefs | Cookie | 7300 days | Used by Intent Media to facilitate showing third party display advertisements. |
| pagead/landing | Cookie | Session | This cookie tracks user's behavior from multiple websites in order to present more relevant advertisements. |
| tr | Cookie | Session | This cookie is used to deliver a series of advertisement products such as real time bidding from third party advertisers. |
| xnpe_# | Cookie | 1095 days | This cookie collects data from the user, to optimize advertisement relevance. |
| TD_bookingID | Session storage | Session | This cookie stores the identification number of your booking for analytical and marketing purposes. |
| TD_priceInEuro | Session storage | Session | This cookie stores information about the preferred currency for analytical and marketing purposes. |
| eecDepartureAirport | Session storage | Session | Used by Google Analytics to enable the enhanced ecommerce tracking feature. |
| eecDepartureDate | Session storage | Session | Used by Google Analytics to enable the enhanced ecommerce tracking feature. |
| eecDestinationAirport | Session storage | Session | Used by Google Analytics to enable the enhanced ecommerce tracking feature. |
| eecReturnDate | Session storage | Session | Used by Google Analytics to enable the enhanced ecommerce tracking feature. |
| trackingData | Session storage | Session | Used to store various information necessary for out internal analytical and marketing purposes. |
Transferring your data outside of the European Economic Area
If we need to, we may transfer your Personal Data outside of the EEA. This will happen when you want to book a ticket with a carrier from a Third Country or when you order a service from a provider based in a Third Country. Naturally, we need to transfer your data to these third parties because without it, the provision of ordered services would not be possible. We may also transfer your Personal Data outside of the EEA to Data Processors located in Third Countries.
For transfers to recipients in countries where we cannot rely on the decision of the adequate level of protection according to Art. 45 of the GDPR or appropriate safeguards according to the Art. 46 of the GDPR, we will transfer your Personal Data based on the exception in the Art. 49 Para. 1 Lett. b) of the GDPR. Each selected carrier or service provider will treat Your Personal Data in accordance with its own Privacy Policy (which is published on every carrier's website). Disclosure of Personal Data to other service providers will be done in accordance with the applicable Personal Data laws and regulations.
Complaint with the supervisory authority
Data Protection is a serious matter and the rules are quite difficult to implement correctly. No one is perfect, and it may happen that we make a mistake. If you feel that we mishandled your Personal Data, please turn to us first and we promise that we will try our best to resolve the situation. You can always approach us with any privacy or data protection related issue through this form: kiwi.com/privacy/questions.
Nevertheless, at any time, you have the right to lodge a complaint with a supervisory authority. If you are from the EU, you can complain at the authority in the member state of your residence, in the member state where you work or in the member state of the alleged infringement.
Generally, the complaints will be handled by the Czech Office for Personal Data Protection. You can learn more on http://www.uoou.cz.
Contacting us and exercising your rights
For all matters concerning privacy and data protection, you can always contact us through this form: kiwi.com/privacy/questions. To exercise your rights related to your Personal Data, you can use this form: kiwi.com/privacy/rights.
Specifics for residents of selected countries
No matter where you live, we assure your privacy is protected. For selected countries and states, there are some differences and supplements to this Privacy Policy, which might be applicable to you under conditions specified here.
For customers of Kiwi.com, Inc.
In some cases specified in our Terms and Conditions (i.e. you are US Consumer under the criteria specified in our Terms and Conditions), our services are provided to you through our US company. If that is your case the following specific provisions are applicable to the processing of your Personal Data.
Your Personal Data is processed by company Kiwi.com, Inc., with a registered office at 1221 Brickell Avenue, Suite 1115, Miami, Florida, 33131, United States, as a Data Controller. Company Kiwi.com s.r.o. operates as a Data Processor and all other Data Processors specified in this Privacy Policy operate as Data Sub-Processors.
These specific provisions do not apply to the processing of Personal Data for all the purposes related to Users and for the purpose of “User account — saved traveler” where the Personal Data are processed by Kiwi.com s.r.o.
For residents of California
These specific provisions are applicable to you if you are a resident of California.
We comply with the California Consumer Privacy Act (the “CCPA”) which sets the highest privacy and data protection standards in the United States. For information about our processing of your Personal Data, you can always check out this Privacy Policy.
You have a right to request information on how we process your Personal Data and be provided with their copy. We will provide you with the first two copies in a 12-month period for free. You also have a right to request the deletion of your Personal Data. You can find more information about your rights and how to exercise them in this Privacy Policy (sections ‘How to access and control your Personal Data?’ and ‘Contacting us and exercising your rights’).
If you decide to exercise any of your rights, we will require you to verify your identity, e.g., by proving your ownership of your email address. If your rights are requested by an authorized agent, we will require your written authorization and the verification of your and the agent’s identity. We will never discriminate against you or treat you unfavorably because you exercised any of your rights.
We may offer you a financial incentive in the form of a coupon, credits, or any other form of discount in exchange for your subscription to marketing messages. The specifics of the particular incentive shall be displayed to you as a part of the offer to subscribe. We deem the value of your subscription to be equal to the value of incentive provided to you based on our assumption of additional spending. If you decide to accept our offer, you may always cancel it without any limitations of your rights. You can find more information in this Privacy Policy (section ‘For what purposes do we use your Personal Data?’).
We do not sell your Personal Information within the meaning of CCPA.
Data Protection Officer
With regard to all issues related to processing of your Personal Data and to the exercise of your rights related to your Personal Data, you may also contact our Data Protection Officer.
View contact details.
Oliver Švolík
Data Protection Officer of Kiwi.com
[email protected]
Changes to this Privacy Policy
As our business evolves, the way we process Personal Data might change as well. In case of such changes, we will also update this Privacy Policy to comply with the principles of transparency. If future changes affect you, we will notify you via email.
This Privacy Policy is effective from February 1st, 2023.