Privacy Policy


Loyaltybuild Limited (“Loyaltybuild”, “We”, “us”, “our”) respects your privacy and is committed to protecting your personal data. This privacy statement will inform you as to how we look after your personal data when you visit our website (regardless of where you visit it from) and tell you about your privacy rights and how the law protects you.


  1. Who We Are and About this Privacy Statement
  2. How We Collect and Use Your Information

2.1 General

2.2 Information Sharing, Marketing and Disclosure

  1. Cookies Policy
  2. Security
  3. Business Transfers
  4. Transfers Overseas
  5. Other Sites
  6. Unsubscribing/Amending Your Information
  7. The Right to Complain
  8. Contact
  9. Your Acceptance of this Privacy Statement


  1. Who We Are and About this Privacy Statement

This document sets out the privacy statement of Loyaltybuild Limited (of which, an Irish limited company with company number 411428 (“we”, “us”, “our” or “Loyaltybuild”) in relation to the website, and the provision of all our consumer services through the website or otherwise. We are an affiliated company of Affinion International Limited, and “affiliates” means Affinion International Limited and all its group companies including Loyaltybuild.

This statement covers the provision of all our consumer services, our websites and our interactions with you. These include any services that you enrol in or otherwise subscribe to:

  • Online through the website
  • Via the telephone when you call our customer service teams
  • When you subscribe or communicate with us in writing by email or post

This document explains how we use and process your personal data (meaning any information about you which is personally identifiable or can be related back to you like your name, credit or debit card numbers, address, telephone number, email address, preferences, service selections and queries and is generally referred to throughout this Statement as “your information”).

Loyaltybuild are the data controller for the personal data we collect directly from you.

  1. How We Collect and Use Your Information

2.1 General

When you subscribe to any of our services and/or communicate with us about these, you may be asked to provide your information in order to:

  • Authenticate your identity – the specific legal ground we are processing your personal data on is under performance of a contract with you;
  • Register you to receive the relevant services including co-ordinating with other partners in order to do so and to provide such services – the specific legal ground we are processing your personal data on is under performance of a contract with you;
  • Allow us to improve our services to you or to develop new services;
  • Process any query or complaint – the specific legal ground we are processing your personal data on is under performance of a contract with you;
  • Respond to a survey – the specific legal ground we are processing our personal data on is consent and we will ask you for your express opt-in consent; or
  • Update your information – the specific legal ground we are processing your personal data on is under performance of a contract with you.

By providing your information, you are deemed to fully understand and consent to the collection and processing of such information.

Financial information (such as a credit card number) is collected by our payments partner (currently Realex) directly on its secure site for the purpose of billing you for services purchased, however this information is not collected or stored by or shared with Loyaltybuild.

We will record or monitor calls made by you to our customer service desks. We will process your data for legitimate business purposes namely quality assurance and training purposes. However, we will always inform you if such recording or monitoring is taking place.

Anonymisation is the process of converting personal data to anonymised data so that it does not identify you or any individual and will not allow you or any individual to be identified through its combination with other data. We collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data may be derived from your personal data but it is not considered personal data in law as this data does not directly or indirectly reveal your identity. In addition to the way we process your data explained above, we will use anonymised data and aggregated data to improve the quality of our existing products/services, develop new features, products/services and for overall research purposes. An example would be where we aggregate your data on how often you use the product/service to calculate the percentage of users accessing a specific website feature. As this data is anonymised and does not identify you, we may share this data with Loyaltybuild controlled affiliates, subsidiaries and our parent company as well as third parties and partners.  However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.

We will also use your data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you. You will receive marketing communications from us about similar products and services if you have requested information from us or purchased goods or services from us or if you provided us with your details when you entered a competition or registered for a promotion and, in each case, you have not opted out of receiving that marketing by clicking the unsubscribe link in the email or SMS.

2.2 Information Sharing, Marketing and Disclosure

We will disclose your information to third parties for the purposes of providing you with selected services that you have requested from us (for example accommodation providers, travel partners, customer service providers and insurance companies) which is necessary for the performance of your contract.


In addition, and with your consent we may use your information for certain marketing activities. It is up to you to decide whether we may use your information in this way.

Our consent notices provided to you when you book your travel break and you confirm your email address ask for your permission (“opt-in”) to send you communications which will help us improve our services. Such opt-in consents requested by us relate to:

  • Use of your information to conduct market research, for example to ask you to participate in a survey about topical issues, conducted by us or trusted partners or third parties. We will always tell you before you participate in the survey how any information you provide in the survey will be used, and participation in surveys is optional.

We will enable third parties acting on our behalf to analyse your information, in a non-personal identifying form, (generally in the form of statistics), so that we can identify trends about usage of our website(s) or services and improve them.

We may also request optional information from you, such as annual income, buying preferences, or your age, also known as demographic and profile data, and you do not need to provide this information to avail of our services.

We may use this data to improve and enhance your experience on the website. We may also share this information with others, such as advertisers interested in advertising on our website, or our affiliates websites, in aggregate, anonymous form, which means that the shared information will not contain nor be linked to any personally identifiable information about you or any other person.

Additionally we reserve the right to access and disclose your information in order to comply with applicable laws, to comply with lawful requests from governments, law enforcement agencies or parties whose request we reasonably consider to be justified in connection with any allegations by any party about your abuse of our services, to operate our systems properly or to protect ourselves or our users.

We may share your data among Affinion controlled affiliates, subsidiaries and our parent company throughout the world who are acting as our data processor and only processing your data according to our instructions for legitimate business purposes. If you would like to see an up to date list of these companies, please click here. Your data is still protected in the same manner as set out in this Policy in line with applicable laws.

2.3 Deletion of Data

In order to maintain the security and integrity of your data we will delete your data from our systems when;

(a)   12 months have passed since the start date of your latest break booking.

  1. Cookies

Like many websites, we analyze log file information and other data collected through cookies, web beacons, and other tracking technology, to collect information about your browsing behavior when you visit the website.

  1. Security

Securing your personal and non-personal information is very important to us. All customer databases are held in a secure environment and (except for law enforcement authorities in limited circumstances), only those Loyaltybuild employees or other persons who need access to your information in order to perform their duties are allowed such access. Any of these employees or persons who violate our privacy and/or security policies may be subject to disciplinary action, including possible termination and civil and/or criminal prosecution.

Where you are using our websites, we take proactive steps to put safeguards in place to provide for the secure transmission of your data from your computer to our servers. However, due to the inherent open nature of the Internet, we cannot guarantee that communications between you and us, and us and you, will be free from unauthorised access by third parties, such as hackers. We have implemented all necessary and reasonable technical and organisational measures to protect your data including:

  • data minimisation and encryption of personal data;
  • the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
  • the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; and
  • a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.

Our websites utilise Standard SSL encryption on pages where secure information is transmitted over the Internet. We also use GeoTrust as our Certificate of Authority. If you would like more information on our GeoTrust Certificate, click on the seal below.

  1. Business Transfers

In the unlikely event that we sell or otherwise dispose of some or all of our business to another party, we reserve the right to transfer your information as part of any assets sold or disposed of.

  1. Transfers Overseas

As part of the services offered to you, for example through our website, the information you provide to us will be transferred to and processed in countries inside and outside of the European Economic Area (EEA) in particular to the US for email services, Spain for call centre services and to countries where you have booked your services for. If we transfer or store your personal data outside the EEA in this way, we will take steps with the aim of ensuring that your privacy rights continue to be protected, as outlined in this privacy policy and in accordance the General Data Protection Regulation. If you use our service while you are outside the EEA, your personal data may be transferred outside the EEA in order to provide you with these services.

Whenever we process or transfer your personal data out of the EEA, we always ensure that an adequate level of protection is afforded to it. It is the case for example when we process or transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission (to see the list, please visit: http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.htm). Whenever our affiliates or providers based in the US process your data, we include relevant mechanisms (such as standard contractual clauses approved by the European Commission, so-called EC model clauses) in contracts and agreements with them and/or rely on the EU-US Privacy Shield framework when our affiliate or provider is Privacy Shield certified to ensure that any processing of your data is in accordance with Privacy Shield obligations, namely : Notice; Choice; Accountability for Onward Transfer; Security; Data Integrity and Purpose Limitation; Access and Recourse; and Enforcement and Liability. If you would like to know more about our parent company’s privacy policy and privacy shield certification, please visit: http://www.privacyshield.gov or contact our Data Protection Officer.  When providers or affiliates based in other countries that have not been deemed to provide an adequate level of protection for personal data by the European Commission process your data, we always use EC model clauses in contracts and agreements with them to maintain a similar level of protection as if your data was processed within the EEA.

You can contact our Data Protection Officer if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.

  1. Other Sites

Our website(s) may contain links to other websites. Other websites may also reference or link to our website. We are not responsible for their privacy practices or the content of such other sites.

  1. Unsubscribing/Amending your information

You can update and correct your information held by us by emailing us at info@Loyaltybuild.com.

You can remove your information from our marketing database entirely by using the contact details above, specifying your name, the email or other address/ telephone number you used to register with us and, if referring to a web registration, your user name in the email.

If you would like to see the data we process on you, restrict the processing of your data or have it deleted you can contact our Data Protection Officer by email at dpo@loyaltybuild.com who will investigate the matter and take you through the necessary steps to provide you with the data you requested or to delete it. If you would like it deleted, in particular any data which is necessary for us to process to provide you with the product/service, you will no longer be able to use the product/service. If applicable, our Data Protection Officer will explain any circumstances where we are not be able to erase your data such as the exercise or defence of a legal claim and situations where you can restrict the processing of your data. We may request that you supply personal identifiers that you supplied previously to us (e.g. username, email address and date of birth). We do this to validate your identity. We will also require your full name and residential address. Your request will be dealt with as soon as possible in accordance with the Data Protection Acts 1988 and 2003.

  1. The Right to Object

You may review your personal information upon request at any time, without delay. You can request an overview of your personal data by emailing at info@Loyaltybuild.com.

You have the right to contact Loyaltybuild if you:

  • believe that the personal information is incorrect and needs to be amended
  • believe we are no longer entitled to use your personal information
  • have questions about how your personal information is being used
  • have any questions about the Privacy Policy
  • would like have your personal information usage restricted or deleted permanently from our systems.
  1. Contact

If you have a concern about your data or a question about this Policy for our Data Protection Officer, please contact them by email at dpo@loyaltybuild.com.  If you are not happy with the response you received or believe your data has not been used in accordance with this policy and therefore not processed in line with applicable laws, you may lodge a complaint with the Data Protection Commissioner (DPC), the Irish Supervisory authority. We would, however, appreciate the chance to deal with your concerns before you approach the DPC so please contact us in the first instance.


  1. Your Acceptance of this Statement

In providing personal information to us or using our web sites you signify your assent to our Privacy Statement. If you do not agree to this statement, please do not use the website or provide your data to us. This Privacy Statement supersedes all privacy policies and other similar standards previously issued by us. Since the privacy standards set forth herein are subject to updates and other changes from time to time, please note that this Privacy Statement is subject to change at any time. In the event of any such changes, we will notify all of our customers of such changes in the manner to the extent required by law. Your continued use of our website and services following the posting of changes to these terms means you accept these changes.

This policy was last updated June 2018.