Cities Direct


INTRODUCTION: is a website owned and operated by Cities Direct Ltd., a Tour Operator registered in the UK, Company No. 3896158. The data controller is Cities Direct Ltd.  This Privacy Policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us, in respect of your relationship with us as a customer or a potential customer.  This information may be collected via our websites (“Sites”), our contact centres, our questionnaires/surveys, our representatives, suppliers or appointed agents in overseas destinations, or our social media channels (collectively, our “Services”).

Please read the following information carefully. You are responsible for ensuring that the other people that you are acting on behalf of (such as those included with you on a booking), are aware of the content of this Privacy Policy and you have checked with them that they agree to their personal data being given to us to make a booking or other purchase on their behalf.

By making a booking or other purchase or otherwise giving your personal data to us, we will transfer, store or process it as set out below. We will take all reasonably necessary steps to ensure that your data is treated securely and in accordance with this Privacy Policy.

The purpose of this policy is to explain to you how we control, process, handle and protect your personal information, including your rights under current laws and regulations.


When you make a booking with Cities Direct, we need to collect information about you and any other person you include in your booking to process the transaction and book your travel services. We may collect, use, store and transfer different kinds of personal data about you as follows:

Personal data you give to us:

  • Identity Data – such as data relating specifically to your identity, for example your first name, maiden name, last name or similar identifier, passport details, marital status, title, date of birth, gender, personal preferences and special requests such as details about mobility impairment requirements.
  • Contact Data – such as how you may be contacted, your billing address, delivery address, email address and telephone numbers.
  • Financial Data – such as your means and methods of payment, bank account and payment card details.
  • Transaction Data – such as details about payments to and from you and other details of products and services you have purchased from us.
  • Technical & Usage Data  - this includes data that we may obtain when you make use of our website, such as your internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website and information about how you use our website, products and services. This information is used to help customize your user experience. We do not use this information to identify you.
  • Marketing and Communications Data – such as your preferences about whether or not you want to receive newsletters and other offers from us and also your communication preferences.
  • Data from other sources - We might also receive your personal data from third party sources who collect information about you on our behalf.  This includes if you tell a third party that you would like to receive marketing communications from us, in which case they will securely transfer your contact details and marketing preferences to us. This also includes if you book one of our holidays through a third party travel agent, in which event certain personal data (as applicable to your booking, such as your name, date of birth or any special requirements you have) will be passed to us to provide the services you have requested/booked.

When you make a reservation or booking on behalf of someone else travelling with you we will also receive and store information about that person or persons. You should obtain consent of other individuals prior to providing us with their personal information and travel preferences.  Please review our current privacy policy periodically in case this situation changes. 


Your personal data is held in a combination of our own systems and systems of the suppliers we use to provide our services. When you give your personal data to us, some of the personal data you provide will need to be given to and processed and stored by relevant third parties. These third parties include our travel partners, such as airlines, airports, hoteliers, insurance companies and ground handling agents (depending on the travel services you book), so that they can provide you with the arrangements and assistance you require, our card payment facilitators that help us process customer payments and assists us in detecting and preventing fraudulent payments or bookings, and our brochure fulfilment partners Lifestyle Media Group Ltd.

In order for you to travel overseas, we may be required to disclose certain of your personal data to government bodies or other authorities in the UK and in other countries, such as those responsible for immigration, border control, law enforcement, security and anti-terrorism.  We may pass your data to relevant third parties for the purpose of detecting and preventing fraudulent payments or bookings.


In order to provide our services to you, we use the data we hold in a number of different ways.  We process your data either because it is necessary for us to do so as part of a contract you enter into,  because we have legitimate business reasons for doing so, because we consider it is in your vital interests that we do so, where we have your consent to do so or where there is a legal requirement for us to do so, as described in the following paragraphs:

We may use your data when it is necessary in relation to a contract when administering your booking  internally and communicating your booking externally with our suppliers, to ensure the services you have requested are arranged and/or to communicate with you regarding your booking or any other purchase, including sending booking confirmation and travel documents.

We may use your data where it is in our legitimate interests as a business to do so such as:
To improve customer experience - such as to notify you of changes to our service and to ensure that the features of our sites and booking systems are presented in the most effective manner for you and your computer to enable you to book the holiday of your choice.

To protect our business against financial loss – such as for debt collection or credit vetting and for payment card and booking verification.

To promote our business and improve products and services:

  • By sending marketing correspondence about products and services similar to those you have previously bought from us. You can opt out and object to our sending you electronic marketing information and this option will be included in every marketing message we send you. See the section ‘When and how do we use your information for marketing for more information’.
  • To contact you if you make an enquiry with us on our website but do not complete a booking to check if there was a problem or you need any assistance to book.
  • For internal research/analysis to improve the quality of our Services, the products we offer and new products we are developing. 
    To support any potential company sale or acquisition we may disclose your personal data to the prospective seller or buyer of such business assets.

We may use your data where we consider it is in  your vital interests to do so such as:
To assist you or arrange for assistance to be provided to you by third parties in the event of an incident or emergency.

We may use your data where we have your consent to do so such as:
To assist you or arrange for assistance to be provided to you by third parties where you have special requirements in relation to special categories of personal data or to send marketing correspondence about our products and services where we have asked for your permission to do so.

We may use and process your data where is a legal requirement for us to do so:
For resolving complaints, dealing with disputes and legal proceedings. This might include contacting you proactively if we need to resolve any issues you may be experiencing or have experienced with a booking or other purchase.  In these circumstances we may also be required to pass your data to third parties acting on our instructions such as external law firms and their employees.


If you have made an enquiry or purchase on one of our Sites or by post or telephone your personal data may be used by us in the ways the law allows to contact you by post, electronic means (e-mail or text message) and/or by phone with information and offers relating to products or services that you can book/purchase from us.  We will only do this if you did not opt out of such marketing at the point where we collected your contact details.

If you have not made an enquiry or purchase, we will only send you information and offers by e-mail or text message if you sign up (opt in) to receive such marketing, either directly through us or by telling a third party that you would like to receive marketing from us.
By ordering a copy of our brochure you agree that our brochure fulfilment house Lifestyle Media Group Ltd can act as a Data Processor and hold your data for the purpose of dispatching the brochure to you for as long as is deemed necessary to ensure your brochure order is fully processed.

We will not pass your contact details to a third party that is not one of our business partners involved in providing holiday services or products for them to contact you or send you marketing communications unless you have expressly agreed that we may do so.


Using new technologies we may use your personal information in the following ways:

  • to try to ensure any marketing communications we send to you are offering products or services likely to be of interest to you.
  • to tailor and track our digital marketing (for example, our internet banner advertisements)

Please see our Cookies Policy for more information.


It is easy to opt-out or unsubscribe.  You have the right at any time to ask us not to process your personal data for marketing purposes. You can exercise your right to prevent such processing by selecting the relevant option on the forms we use to collect your data.  You can also exercise this right at any later time by using the unsubscribe link on any marketing e-mail you receive.  You can choose also to opt-out from all marketing communications by sending an unsubscribe request to :

Database, Cities Direct Ltd, 118 Eagle Tower, Cheltenham GL50 1TA or


Your Right to Access Your Personal Information. You have the right to make a Data Subject Access Request in many circumstances.  That is a request for access to the personal information that we hold about you.  If we agree that we have to provide personal information to you (or someone else on your behalf), we’ll provide it to you or them free of charge. We may ask for proof of identity and sufficient information about your interactions with us that we can locate your personal information. That may include information about your previous booking(s) or other purchases.  If someone is acting on your behalf they will need to provide written and signed confirmation from you that you have given your authority to that person/company for them to make the request.  We will ask for this to be provided before we give you (or another person acting on your behalf) a copy of any of your personal information we may be holding. We may not provide you with a copy of your personal information if it includes the personal information of other individuals or we have another lawful reason to withhold that information.  Please see the section titled ‘How to Contact Us’ if you need to make a Data Subject Access Request.

Correcting and updating your personal information. The accuracy of your information is important to us. If you change your name or address/e-mail address, or you discover that any of the other information we hold is inaccurate or out of date, please let us know. Please see the section titled ‘How to Contact Us’.

Withdrawing your consent. Where we rely on your consent as the legal basis for processing your personal information, as set out in section above titled ‘How we use your personal data’, you may withdraw your consent at any time. If you would like to withdraw your consent to receiving any direct marketing to which you previously opted-in, please see the section titled “

What you need to do if you don’t want our marketing communications’ for further details. If you would like to withdraw your consent to us processing any special categories of personal data, please contact our customer service team. Please note if you ask us to stop processing this information, it may mean we won’t be able to provide all or parts of the services you have requested. If we have to cancel your booking or other purchase as a result, you may incur a cancellation charge. If you withdraw your consent, our use of your personal information before you withdraw is still lawful.

Objecting to our use of your personal information. Where we rely on our legitimate business interests as the legal basis for processing your personal information for any purpose(s), you may object to us using your personal information for these purposes by e-mailing or writing to us at the address provided at the end of this policy. Except for the purposes for which we are sure we can continue to process your personal information, we will temporarily stop processing your personal information in line with your objection until we have investigated the matter. If we agree that your objection is justified in accordance with your rights under data protection law, we will permanently stop using your data for those purposes. Otherwise we will provide you with our justification as to why we need to continue using your data.

Erasing your personal information or restricting its processing. In certain circumstances, you may ask for your personal information to be removed from our systems by e-mailing or writing to us at the address at the end of this policy. Provided we do not have any continuing lawful reason to continue processing or holding your personal information, we will make reasonable efforts to comply with your request.  You may also ask us to restrict processing your personal information where you believe it is unlawful for us to do so, you have objected to its use and our investigation is pending or you require us to keep it in connection with legal proceedings.  We may only process your personal information whilst its processing is restricted if we have your consent or are legally permitted to do so, for example for storage purposes, to protect the rights of another individual or company or in connection with legal proceedings. 

Transferring your personal information in a structured data file. Where we rely on your consent as the legal basis for processing your personal information or need to process it in connection with your contract, as set out in section titled ‘How we use your personal data’, you may ask us to provide you with a copy of that information in a structured data file. You can ask us to send your personal information directly to another service provider, and we will do so if this is technically possible. Please see the section titled ‘How to Contact Us’ if you wish to do this. We may not provide you with a copy of your personal information if it contains the personal information of other individuals or we have another lawful reason to withhold that information. Once you have made your request and provided us with the information we need to begin a search for the data we hold on you (including proof of identity), we will have 30 days to respond.

Making a complaint. We encourage you to contact us if you have a complaint and we will seek to resolve any issues or concerns you may have.  You have the right to lodge a complaint with the data protection regulator where you believe your legal rights have been infringed, or where you have reason to believe your personal information is being or has been used in a way that doesn’t comply with the law.  The contact details for the Information Commissioner’s Office (ICO), the data protection regulator in the UK, are available on the ICO website.


Where you’ve made a booking or other purchase with us, your personal information will be retained to ensure we provide the best possible customer service to you.  We retain your personal data for as long as is necessary for us to use your data for marketing communication,  or such other time that may be required for our legal and audit purposes or that is required by law.


The transmission of information via the internet is not completely secure, and although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Sites, therefore any transmission is at your own risk. Once we have received your information, we will take all reasonable steps to keep your personal data secure and to try to prevent any unauthorised access, use or loss of your data by putting in place appropriate security measures and limiting access to those who have a business need to know.  All information you provide to us is stored on secure servers.   We do not store customer card data on our internal systems.  We have a process to deal with any suspected personal data breach and will notify you and the ICO of a breach where legally required to do so.


Our Sites contain links to websites of third parties offering information and services that we believe may be of interest to you in making your holiday and travel arrangements such as excursions, insurance, travel guides etc. If you follow a link or otherwise use any of these other websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies or for these third party websites. It is your responsibility to ensure that you are happy with the Privacy Policy of any such third party.


When you visit our Sites we may assign your computer a "cookie" (a small, unique identifier text file). You can always choose not to receive a cookie file by enabling your Web browser to refuse cookies. Please note that if you refuse to accept cookies or decide to remove cookies you may not be able to access many of the features on our Sites and we may not be able to provide you with our services efficiently.  If you choose to use our Sites without declining any non-essential cookies, then your use will constitute implied consent to the non-essential cookies that are set.   We use the following types of cookies on our Sites:

  • Essential Cookies – without which ours Sites would not work properly and allow you to make your travel booking and/or enable us to fulfil your booking requests.
  • Analytics, Customisation and Tracking Cookies (“customer experience cookies”) – which help us to provide you with a good experience when you browse our Sites and improve the way we service our customers.
  • Advertising Cookies – these may be used to help provide you with a selection of travel related products/services which are presented to you by “Google Adwords” when you visit other selected websites or social media channels. The adverts may feature different Cities Direct products/services that might be considered relevant to your Cities Direct browsing history. 
    You can find out more about what cookies are at:


We reserve the right to update or alter this Privacy Policy from time to time. You can request a copy of a previous version of our Privacy Policy. If you wish to contact us about this Privacy Policy, please see the section below.


If you have any queries about this Privacy Policy you can contact us at Cities Direct Ltd, 118 Eagle Tower, Cheltenham GL50 1TA. Email:  Tel: 01242 536900