Privacy Policy
THG Travel Limited Last updated: April 2026
What This Privacy Policy Covers
The data controller is THG Travel Limited (referred to in this policy as "we", "us" or "our").
We are committed to doing the right thing when it comes to how we collect, use and protect your personal data. That is why we have developed this Privacy Policy, which sets out:
What types of personal data we collect and why we collect it
When and how we may share personal data with other organisations
The choices you have, and how to update your personal data
This policy applies to all services offered through our website at www.thgholidays.co.uk and is in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Personal Data We Collect
When you register for or browse our services, we may collect:
Travel preferences
Information about your browsing behaviour on our website
Information about when you click on one of our adverts, including those shown on other organisations' websites
Information about the way you access our website, including operating system, IP address, online identifiers and browser details
When you make an enquiry, we may collect:
Your name and contact details including email address, phone number and address
Details of your travel enquiry
When you make a booking through our website, we may collect:
Your personal details including name, address, email address, phone number and date of birth
Passenger information including passport details and other identification document details
Relevant medical data and any special dietary, religious or disability requests
Information about your booking including what you purchased, when you purchased it, how you paid and payment information processed securely via our payment provider
Insurance details
When you contact us, we may collect:
Personal data you provide when you connect with us including by email, telephone or through social media, such as your name and contact details
Details of emails and other digital communications we send to you that you open, including any links you click on
Your feedback and contributions to customer surveys and questionnaires
Personal data from other sources:
We may use personal data from other sources, such as specialist companies that supply information and public registers
Your insurance company, their agents and medical staff may exchange relevant personal data and special categories of personal data with us in circumstances where we or they need to act on your behalf, in the interest of other customers, or in an emergency
If you connect to our website using social media credentials such as Facebook, you agree to share your user details with us, for example your name, email address and any other information you choose to share
Personal data you provide about other individuals:
We use personal data about other individuals provided by you, such as those travelling on your booking. By providing other people's personal data, you confirm that they have agreed to this and that you are permitted to provide it. You should also ensure that, where appropriate, they understand how their personal data may be used by us.
How We Use Your Personal Data
To provide the products and services you request
We need to process your personal data so that we can manage your booking, provide you with the products and services you wish to purchase, and assist you with any queries, changes or refunds.
To manage and improve our products and services
We use personal data to manage and improve our website, services and day-to-day operations. We monitor how our services are used to help protect your personal data and to detect and prevent fraud, other crimes and the misuse of services.
We may use personal data to respond to and manage security incidents, accidents or other similar events, including for medical and insurance purposes.
We use personal data to carry out market research and internal development, and to improve our product range, services, IT systems and the way we communicate with you.
To personalise your experience
We may use your personal data to better understand your interests so that we can provide you with relevant offers and communications. Looking at your browsing behaviour and enquiries helps us to understand you as a customer and to provide a more relevant service.
If you do not want to receive personalised communications from us, you can change your preference by contacting us at any time, or by unsubscribing from any marketing emails we send you.
To communicate with you
If you contact us by email, telephone or through social media, we may use your personal data to respond to your query or provide assistance.
We may invite you to take part in customer surveys and questionnaires to help us improve our products and services.
We do not sell your personal data to third parties.
Marketing Communications
From time to time we may send you relevant offers and news about our products and services, including by email. We will only do this if you have previously agreed to receive marketing communications from us.
When you make an enquiry or booking with us, we will ask whether you would like to receive marketing communications. You can change your preferences at any time by contacting us, using the unsubscribe link in our marketing emails, or replying STOP to any marketing text messages.
You may still receive service-related communications from us, for example booking confirmations and important information about your travel arrangements.
Sharing Personal Data
With travel suppliers and partners
To provide your travel arrangements, we may share personal data with suppliers including airlines, hotels, transfer companies and tour operators. We work with carefully selected partners who carry out certain functions on our behalf, including IT services, payment processing, email delivery and market research.
We use eMerchantPay to process payments securely on our behalf. Payment data is handled in accordance with their privacy policy and PCI DSS standards. We do not store full payment card details on our systems.
We use third-party services to send transactional and marketing emails. These providers process your email address and name on our behalf and are contractually required to keep your data secure.
When we share personal data with other organisations, we require them to keep it safe and they must not use your personal data for their own marketing purposes. We only share the minimum personal data necessary to enable our suppliers and partners to provide their services.
With regulatory authorities
So that you can travel, it may be mandatory as required by government authorities at your point of departure or destination to disclose and process your personal data for immigration, border control, security and anti-terrorism purposes. Some countries will only permit travel if you provide advance passenger data. These requirements vary by destination.
We may share the minimum personal data necessary with public authorities where the law requires or permits us to do so.
With fraud prevention agencies
When you make a booking with us, we may share your personal data with fraud prevention agencies to detect and prevent fraud and other financial crime. If false or inaccurate information is identified as fraudulent, details may be passed to fraud prevention agencies and law enforcement.
Protecting Your Personal Data
We take appropriate technical and organisational measures to protect your personal data from accidental loss and from unauthorised access, use, alteration or disclosure.
Personal data collected through our website may be transferred to and stored by trusted service providers operating outside the United Kingdom. Where this occurs, we ensure that appropriate safeguards are in place in accordance with UK GDPR, including contractual protections to ensure your personal data remains adequately protected.
The security of your account also depends on you. Where you have chosen a password to access any of our services, you are responsible for keeping that password confidential.
Data Retention
We will retain your personal data for as long as is necessary for the purposes set out in this policy and to meet our legal and regulatory obligations. After this period, we will securely delete your personal data. Where data is needed for analytical or other legitimate business purposes after this period, we will take appropriate steps to anonymise it.
Cookies
We use cookies and similar technologies on our website to provide important features and functionality and to improve your experience. Please see our separate Cookie Policy for full details.
Links to Other Websites
Our website may contain links to websites operated by other organisations that have their own privacy policies. We do not accept any responsibility or liability for those websites and encourage you to read their privacy policies before providing any personal data.
Your Rights
Under UK GDPR you have the following rights in relation to your personal data:
Right of access — you can request a copy of the personal data we hold about you
Right to rectification — you can ask us to correct inaccurate or incomplete data
Right to erasure — you can ask us to delete your personal data in certain circumstances
Right to restrict processing — you can ask us to limit how we use your data
Right to data portability — where technically feasible, you can ask us to transfer your data to another organisation
Right to object — you can object to certain types of processing, including direct marketing
We will respond to all requests as soon as possible and within one month. We may ask you to verify your identity before acting on your request. We may also ask for further information where you are making a request on behalf of someone else.
To exercise any of these rights, please contact our Data Protection Officer:
By post: THG Travel Ltd Suite 3, RVB House New Mill Court Llansamlet Swansea SA7 9FG
By email: [email protected]
If you are unhappy with how we have handled your personal data, you have the right to complain to the Information Commissioner's Office (ICO):
Website: www.ico.org.uk
Telephone: 0303 123 1113
Legal Basis for Processing
We will only collect and use your personal data where at least one of the following conditions applies:
Consent — you have given us permission to process your personal data, for example when registering on our website or opting in to marketing
Contract — processing is necessary to perform a contract with you, for example to manage your booking and provide your travel arrangements
Legal obligation — processing is necessary for us to comply with a legal obligation, for example sharing passenger data with border control authorities
Vital interests — processing is necessary to protect your vital interests or those of another person, for example in a medical emergency
Legitimate interests — processing is necessary for our legitimate interests or those of a third party, provided those interests are not overridden by your rights, for example to personalise your experience or prevent fraud
Where we process special categories of personal data such as health data, we will only do so where an additional condition applies, for example where we have your explicit consent or where it is necessary to establish, exercise or defend legal claims.
Changes to This Policy
This policy replaces all previous versions. We may update it from time to time to reflect changes in the law or the way we operate. If we make significant changes, we will provide a prominent notice on our website. We encourage you to check this page periodically for any updates.