Legal

Privacy Policy

Your data is yours. This policy explains exactly what we collect when you use our services, why we need it, and what you can do about it.

Last updated: June 2026UK GDPR compliantICO registered

LUXEONAIR LTD is committed to protecting your personal data. This Privacy Policy explains how we collect, use, share and safeguard information about you when you use our website or book travel with us, in full compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Who We Are

The data controller responsible for your personal data is:

LUXEONAIR LTD

11 Charlotte Avenue, Bicester, OX27 8AS

Email: [email protected]

Phone: +44 7448 009739

Company No. 17264512, registered in England & Wales

If you have any questions about this policy or want to exercise your rights, please use the contact details above.

Data We Collect

We collect personal data in the following ways:

Identity & contact data

Full name and date of birth
Email address and telephone number
Postal address

Travel data

Passport number and nationality
Travel preferences, seat preferences and dietary requirements
Booking history and trip details

Payment data

Payment card details and billing address (processed securely; we do not store full card numbers)
Bank transfer details where relevant

Special category data

Health or medical conditions and disabilities
Dietary requirements related to religion or belief
Only collected where you volunteer it and it is necessary to arrange your travel

Technical & usage data

IP address, browser type and version
Pages visited, links clicked and session duration
Cookie data (see Clause 9)

How We Use Your Data

We use your personal data only for the following clearly defined purposes:

Making & managing your booking

Processing your travel arrangements, sending booking confirmations, issuing tickets and providing pre-departure information.

Customer support

Responding to your enquiries, handling complaints and supporting you during your trip or on your return.

Processing payments

Collecting deposits and balances, processing refunds and detecting fraudulent transactions.

Legal & regulatory compliance

Providing information to border control, customs, immigration authorities and other bodies as required by law, including ATOL obligations.

Travel inspiration & offers

Sending you curated travel ideas and member-only deals only where you have given consent or where we have a legitimate interest you have not opted out of.

Improving our services

Analysing how our website is used, running customer satisfaction surveys and improving the overall experience.

Legal Basis for Processing

Under UK GDPR, we must have a lawful reason for processing your personal data. We rely on the following:

Core processing

Performance of a contract

Most of our processing is necessary to perform the contract we have with you, including making your booking, issuing tickets and delivering your travel services.

Required by law

Legal obligation

Some processing is required to meet legal and regulatory obligations, including ATOL requirements, HMRC reporting and disclosure to border control authorities.

Balanced interests

Legitimate interests

Fraud prevention, improving our services and direct marketing to existing customers, where these interests are not overridden by your rights and freedoms.

Opt-in only

Consent

Where we process special category data (health, disability or dietary information) or send marketing to new contacts, we rely on your explicit consent. You can withdraw this at any time.

International Transfers

Your personal data may be transferred to and processed in countries outside the UK and the European Economic Area (EEA), particularly where your travel destination requires it. For example, we are required to disclose certain booking data to US Customs and Border Protection for US-bound travel.

Where we transfer your data internationally, we ensure it is protected by at least one of the following:

The recipient country has been deemed to provide adequate data protection by the UK Government.
We have put in place UK-approved Standard Contractual Clauses with the recipient.
The transfer is necessary to perform your travel contract (e.g. sharing booking data with a hotel in your destination country).

Retention Periods

We only keep your personal data for as long as we genuinely need it, taking into account legal, accounting and regulatory requirements.

Data type	Kept for
Booking and travel records	7 years from travel date
Payment and financial records	7 years (HMRC requirement)
ATOL certificates and records	5 years after ATOL expiry
Customer communications	3 years from last contact
Marketing preferences	Until you unsubscribe or withdraw consent
Website usage data	26 months

Your Rights

Under UK GDPR, you have the following rights over your personal data. You can exercise any of these by contacting us at [email protected]. We will respond within one month and may need to verify your identity first.

Right to access

Request a copy of the personal data we hold about you (Subject Access Request).

Right to rectification

Ask us to correct any inaccurate or incomplete information we hold.

Right to erasure

Ask us to delete your data where we no longer have a lawful reason to hold it.

Right to restriction

Ask us to limit how we process your data in certain circumstances.

Right to portability

Receive your data in a structured format and transfer it to another organisation.

Right to object

Object to processing based on legitimate interests, or to direct marketing at any time.

Right to withdraw consent

Withdraw consent at any time where we rely on it as our legal basis, without affecting prior processing.

Right to complain

Lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

To complain to the ICO: ico.org.uk/make-a-complaint or call 0303 123 1113.

Cookies

Our website uses cookies, small text files stored on your device, to make the site work correctly, understand how it is used, and improve your experience.

Strictly necessary

Always on

Examples: Session management, security tokens

Essential for the site to function. Cannot be disabled.

Performance & analytics

Consent required

Examples: Page load times, popular pages, error tracking

Help us understand how visitors use the site. Enabled with your consent.

Functional

Consent required

Examples: Language settings, remembered preferences

Improve your experience by remembering choices you make.

Marketing

Opt-in only

Examples: Advertising networks, retargeting

Only placed with your explicit consent via our cookie banner.

You can manage or withdraw your cookie preferences at any time via your browser settings or our cookie preference centre. Disabling strictly necessary cookies may affect how the site works.

Children's Privacy

Our services are not directed at children under 18. We do not knowingly collect personal data from anyone under 18 without the consent of a parent or guardian. Where minors are included in a booking, their data is provided and consented to by the adult lead passenger. If you believe we have inadvertently collected data about a child without proper consent, please contact us immediately so we can address it.

Changes to This Policy

We may update this Privacy Policy from time to time as our services evolve or legal requirements change. The “Last updated” date at the top of this page will always reflect the most recent version. Where changes are material, we will let you know by email or by a prominent notice on our website. We encourage you to review this page periodically.

Contact Us

Questions, concerns or requests about your data are always welcome. Please reach out to us directly:

LUXEONAIR LTD, Data Privacy