Vacaciones eDreams S.L. is a Spanish-based company, with tax ID number ESPB61965778.

As mentioned above, while Vacaciones eDreams S.L.U. is the primary Data Controller for most of our services in all our Platforms, the specific Data Controller may vary depending on the service and domain you are using. For example, unless otherwise stated in our General terms and conditions  and our Prime terms and conditions .

This includes completing and managing your booking, advising you on ancillary products or other related products for your trip, sending you contractual-based communications by email, call, or SMS in relation to your booking (e.g. confirmations, modifications, and reminders), and responding to your queries. Such communications could be managed by us or by our travel partners. In this sense, we endeavour to show to you the most relevant travel data and help you in a customised manner with your booking and post-booking. When you book a service through us (such as a flight or hotel) and accept the service provider's terms and conditions, you agree that we need to process and share certain information with them so they can fulfil their services. This sharing is essential for them to provide the service you have requested. For example, airlines are legally required to process specific passenger data (for instance, by the EU Directive 2016/681, concerning Passenger Name Records or PNR). As a result, we are also required to initially process and share this information with them. These processing activities described are necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract.

We might save your data for future bookings to make it easier for you to finish a booking with us. This processing is necessary for legitimate interest purposes, namely, we have a commercial interest to facilitate further booking reservations. However, we only store your payment details for future bookings if you have a Prime subscription as it is necessary to fulfil our contract with you. Otherwise, we will ask for your consent to store your payment details for future use. Remember that a Prime subscription requires having at least one valid credit card assigned to it in order to manage the recurrent payment. In case you want to stop paying for it, you will have to cancel your Prime subscription in your account or through our Customer Service, in accordance with the Prime terms and conditions .

We may as well ask you when needed for your consent in order to retrieve the booking information that you have already provided, so you do not have to enter your data again in the same booking process.

To maintain a consistent record of your input during multi-stage interactions with us through our Platforms, such as filling out online forms across multiple pages or tracking items added to your shopping cart, we need to process browsing and device data that link your actions throughout your session. The processing is limited to the duration of your active session on the Platform and is necessary for the performance of a contract to which you are a party.

We also may use your geolocation to provide a better search experience for you, in order to pre-populate the “origin” field of the search form. This processing of personal data is only possible if you consent to it.

We offer you the option to create an account with us at any given time. This processing is initially based on your consent. However, during the booking process when you enter your payment information, account creation becomes necessary for our legitimate interests, namely improving the efficiency and effectiveness of our customer service operations. The account created allows for a more efficient and convenient booking experience for you by automatically filling in stored information (such as your contact details and travel preferences), simplifies future bookings, provides access to your booking history, and facilitates better customer service as it allows us to provide you with tailored recommendations and services. Additionally, it enables us to show you accommodation deals customised for your trip, since acting as a travel agency, we have deals with several travel providers (such as hotels) that we can only offer you special prices if you have an account with us. In the booking process, you have the option of opting out to such account creation. If you do not activate it, it will be deactivated automatically.

Processing activities related to your subscription (such as your Prime account) are necessary for the performance of our contract with you. This includes storing your payment details within your Prime account. We store the payment information you provide when you initially subscribe and create your Prime account, as well as any payment details provided for subsequent bookings. You can update your payment details in your Prime account at any time.

To authenticate your identity when you log in to the Platform, we use browsing and device data (such as session IDs). This allows you to access authorised content, including viewing your account balance and transaction history, and ensures seamless navigation during your session. This processing is limited to the duration of your active session on the Platform and is necessary for the performance of a contract to which you are a party.

To enhance the support and customer service we provide, we may consider your previous interactions with us to ensure a more efficient and tailored service experience. This processing is necessary for our legitimate interest in improving the efficiency and effectiveness of our customer service. We believe this processing is also in your interest as it benefits you by enabling us to provide more tailored and relevant assistance, ultimately leading to a smoother and more satisfying experience.

This Privacy Notice shall apply to such data processing based on other travel-related services provided by us. This processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract.

We may occasionally inform you about services that can assist you in the event of travel incidents or disruptions, such as flight cancellations or significant delays. This includes information about potential compensation or rebooking options. This processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract.

We may request your authorisation to process your personal data for certain purposes related to our travel-related services, such as contacting you through specific instant messaging platforms different from those stated in the “Booking” subsection (e.g. WhatsApp, Telegram, etc.), or to send information previously requested by travel services providers. For those cases, we will process your personal data once you provide us with your consent.

When performing a search in our Platform, we may use recent historical data of past bookings in the last one to twelve months (including the same information that the one filled in each search with us) when you have an existing account to customise the search. If no account is detected, this customisation of the search is only made with aggregated data to recommend the most relevant data for your search. This customisation aims to apply a similar search criteria to the one already provided when contracting past bookings. This processing is necessary for legitimate interest purposes, since we have a commercial interest in facilitating further booking reservations, and also you may have an interest in our services as travel agents to customise your search.

To send you discount codes, deal alerts, specific price alerts, and a birthday surprise with eDreams newsletter. For this purpose, we will process your personal data once you provide us with your consent.

When you book with us, you are subscribed to our marketing list, hence making you eligible to receive commercial offers and communications (through email, web, including through social media, telephone, including calls, SMS, and push-up notifications and postal mailing), unless you state otherwise, before confirming your booking or in any moment after that. Our marketing list allows us to send you regular news and offers on travel, transportation and accommodation-related products and services within our intermediation services that we provide you as your travel agent, and that we think you might find interesting, and to administer any promotional activity where you participate. You can easily unsubscribe from our marketing list at any time by: clicking on the unsubscribe link included in each newsletter, by objecting to the processing of your data through our Privacy form , or if we are calling you for any commercial purpose, by objecting to the processing of your data for this purpose at any moment during the call. This processing is necessary for legitimate interest purposes as long as you are our customer, since we have a commercial interest to show you travel products and services related to those you have already purchased.

We may show you customised offers in the content displayed to you on our Platforms when you access them, or in third-party platforms (including social media sites). Such offers can be booked on our site and can consist of other third-party offers or products we think you might find interesting, always related to the services we are providing you with. When using cookies for this purpose, we will rely on your consent (for more information, check out our ).

Otherwise, we will use your identification and contact data pseudonymised (e.g. hashing your data) for this purpose, and we will rely on our legitimate interests as long as you are our customer to show you our travel-related products and services to those you have already contracted. This will only be done if you have an account with the corresponding digital company that provides online advertising services, and they have the possibility to match your details securely based on their terms and conditions and your preferences in your account with them.

With regard to processing activities aimed at customising offers using your identification and contact data as the ones described above, we have a legitimate interest in avoiding sending promotional content that is irrelevant or of no interest to you. For example, we might exclude in our Prime marketing campaigns for new subscriptions those users who are already Prime subscribers.

Not all calls or chats are recorded. However, when you contact Customer Service or when our Customer Service team contacts you due to contractual and legal purposes, we must record them, albeit they are kept for a limited amount of time and automatically deleted thereafter (unless we have a legitimate interest to keep such recordings for a longer period, including fraud investigation and legal purposes). This processing covers the calls performed between us and the agents of travel providers (such as airlines and hotels agents). These processing activities are necessary for the performance of a contract to which you are a party.

With regard to those calls and online communications recorded for quality purposes such as service and practices improvement, and agents training, those processing activities are necessary for preserving our legitimate interest in improving the quality of our services.

Where legally required,we will rely on your consent to record the call.

Our teams work to enhance the user experience. For this purpose, we need to be able to use the data:

• for testing and troubleshooting to avoid or fix any technical glitches,
• for audience measuring,
• for keeping user preferences and settings across our Platforms, and
• for improving the functionality and quality of our online travel services.

The processing of your personal data will be necessary for legitimate interest purposes, since we have an interest in improving the network and information security, and since we have an interest in improving the quality of our services, respectively. For this, we need to understand how our customers interact with our Platform (including if our customers come once, twice or more times to make a booking, which is the overall conversion rates, etc.).

Finally, we will also elaborate anonymised statistics regarding the overall conversion rate of our Platforms. This processing is necessary for legitimate interests purposes, since we have a commercial interest to assess the percentage of users that have become customers.

To enhance the security of the services you have requested we process browsing and device data. This includes detecting repeated failed login attempts, performing software updates necessary for security purposes, identifying potential breaches of our terms of service, and implementing other security measures to protect our login systems from abuse. This processing helps maintain or restore the security of our information society services and terminal equipment, prevent fraud, and detect technical faults. The processing is limited to the duration necessary for these security purposes and is necessary for the performance of a contract to which you are a party.

We process technical load balancing and multimedia data (e.g., image quality, buffering) to ensure proper network communication for transmitting data, including routing information, ensuring data packets are reassembled in the proper order, optimising website performance to ensure an efficient service delivery, and detecting transmission errors. This processing is necessary for our legitimate interests in maintaining connectivity and communication over electronic networks.

Whenever we contact you, or you contact us through any channel, our staff is instructed to perform authentication questions, ensuring that your reservation details are kept confidential. To streamline your experience and expedite service, we use an automated system to identify your phone number and link it to your existing reservations when you call our customer service team. If you contact us through email, we also identify your email address and link it to your existing reservations. This reduces the need to manually confirm your booking details, saving you time. However, our customer service representatives may still request additional verification to ensure the security of your reservation information. These processing activities are necessary for the performance of a contract to which you are a party.

With regard to the security measures implemented, note that your data may be processed in different ways, such as:

• Through our five-attempt password policy (if you incorrectly enter your password more than five times, we will block your account, requiring you to change your password).
• Through our preventive stolen-credential control on the internet (if we might have any hint that your credentials could have been compromised, we may also block your account and ask you to reactivate it with a new password).
  
  With these examples, among other actions, we protect your data and reduce fraud risk.

When you exercise your Privacy Rights or contact us through our Privacy form , we will process the data you submit to respond to your request, comply with data protection regulations, and document the procedure for any potential claims or legal proceedings. This processing is necessary for compliance with our legal obligations.

When you provide consent or enter into a contractual agreement with us, we need to collect and retain necessary information, including browsing and device data and statements, to demonstrate that data processing is conducted in accordance with applicable regulatory provisions. This ensures we can provide evidence of our lawful processing activities. This processing is necessary for compliance with our legal obligations.

• Contract: you have a contract or pre-contract with us. As an example, when booking an airline or hotel with us, or when accepting our General terms and conditions  or any other of our terms (e.g. Prime terms and conditions ), we need relevant data to process your reservation or handle your account respectively.
• Legal Obligation: we have a legal obligation. Normally, accounting and tax regulations require the storage of necessary data for compliance purposes.
• Legitimate Interest: it is in our legitimate interest, and it is judged not to affect your rights and freedoms significantly.
• Your Consent: we rely on your consent for processing your personal data when there is no other lawful Basis, in accordance with the law. We will provide you with transparent information regarding the use of your data for the specific purpose

Other lawful bases, only exceptionally used:

• Vital Interest: you or a third party have a vital interest. We will not normally process data based on this legal basis, but if we do, we will let you know.
• Public Task: we have a public task to perform. We will not normally process data based on this legal basis, but if we do, we will let you know.

We may use automated processes to analyse your account activity and other information related to your interactions with our Platforms, such as your booking history and payment patterns, to identify potential risks, such as fraudulent activity or violations of our Terms and Conditions. These automated processes may also be used to assess the risk associated with certain reservations or user behaviour. However, any decisions that could have an impact on you, such as account suspension or restrictions on services, will always be reviewed and made by a human. Automated decisions are used to assist our team in making informed decisions, not to make decisions autonomously. Bear in mind that account monitoring and risk assessment are necessary for the performance of our contract with you, and to protect our legitimate interests in maintaining a secure and safe platform for all users.

You can always contact us through our Privacy form  to request us a review of any decision that you believe impacts you.

In case we shall make any Automated Decision that could produce legal effects or similarly significantly affect you, we will apply all appropriate measures and inform you.

For example, your name, surname, gender, nationality, billing address, date of birth, email address and telephone number.

Please, bear in mind that your email will be your identity data. We will be able to link your data based on your email.

For instance, email and password (we never store the passwords in a non-encrypted form), price alerts, search history, specific settings, preferred choices and other details saved in your account. This also applies if you have a Prime account.

Usually, this means the payment card details. For example, credit card number, cardholder name and expiration date (we always store the credit card data in an encrypted form).

For example, the number and expiration date of the ID and/or Passport, contact data, travel preferences, boarding passes or e-tickets.

Please, bear in mind that in the case you provide data from travel companions, you should have previously obtained the consent of other individuals before providing us with their data and travel preferences, as any access to view or change their data will be available only through your account or email.

Such as customer support cases, metadata, and notes generated by our systems and agents.

For example, IP address, browser type, internet service providers, geographic location, technical data about the device, pages accessed and links clicked, the time and duration of request and visit, and the method used to submit the request to the server.

Please note that we may associate this data with your account or email.

Some of this data may be collected by using different types of Cookies or similar technologies. For more information, please find our .

One example for which we may collect and process such data would be if exceptional circumstances arose, such as a health emergency, where we might offer you the possibility to provide us with any relevant data in order to share it with the corresponding airline booked, for example, so as to smooth the check-in process or due to mandatory reasons.

In any case, the corresponding appropriate security measures will be implemented to protect your Sensitive Personal Data in line with this Privacy Notice.

Additionally, you may ask us to inform the airline, the hotel, etc. of a special service (such as a menu or an adapted room) which might constitute Sensitive Personal Data because they may imply or suggest data about your religion, health, or other related data. In any case, this information will not be mandatory to provide in any of our booking funnels, so you are free to either provide it or not.

The limited cases where we might need to collect minors’ data would be as a booking passenger.

If we become aware that we have processed the data of a child without the valid consent of a parent or guardian, we will delete it.

In particular, we centralise the processing of your data through the Spanish subsidiary eDreams International Network, SLU, acting as a Data Controller for internal administrative purposes. Likewise, we share your data as customers with other companies from our group, to manage the services provided by us as Data Controller, and for accountability purposes as a group of undertakings, including financial, fiscal and legal duties. Those companies that are included in our group of companies are detailed in our General terms and conditions .

The eDO Group has a common Privacy Policy applying to all of them to ensure that any data processing carried out within our group, is made under the same level of privacy requirements and will be processed exclusively for the same purposes for which the data had been collected, according to the applicable laws. This also applies to our common group Security Policy.

We may need to further disclose your data to competent authorities to protect and defend our rights or properties, or the rights and properties of third parties. We are also required by law to share your information with administrative bodies when we are providing you our online travel agency’s services under certain circumstances.

These recipients might be outside the European Economic Area (EEA), implying international data transfers. For more information on this, please see below (Section 5.3: International data transfers).

Some examples of security measures we implement are as follows:

• Data Encryption and Pseudonymisation: We implement pseudonymisation and encryption where applicable to ensure the security of your data. When using our online platforms, your information is transmitted via a secure connection using Hypertext Transfer Protocol Secure (HTTPS), which guarantees encryption during transit to protect it from unauthorised interception.
  
  In addition, as part of our commitment to safeguarding your data, we are certified in accordance with leading industry standards, including ISO/IEC 27001:2013 for information security management. Furthermore, when processing payment information, we adhere to the Payment Card Industry Data Security Standards (PCI DSS). These certifications reflect our ongoing dedication to upholding the highest standards of data security and privacy. In addition, we have numerous suppliers who handle payment data and information, so we ensure that they too continue to be compliant on an annual basis. For further details regarding our IT standards, regulatory compliance, and security protocols, please refer to our dedicated resources here.
• Confidentiality and Data Integrity: We uphold the confidentiality, integrity, availability, and resilience of our processing systems. We have implemented comprehensive physical, electronic, and procedural security measures for the collection, storage, and sharing of your data. As part of our security procedures, we may require identity verification before disclosing sensitive information. Furthermore, our platforms include security features to protect against unauthorised access and potential data loss.
  
• Business Continuity: We have established protocols to restore the availability and accessibility of personal data in a timely manner following any physical or technical incidents.
• Regular Security Audits: We routinely test, assess, and evaluate the effectiveness of our technical and organisational measures to ensure the ongoing security of data processing activities.

Usually, we process your data for a maximum period of ten years, since your last trip or any further action related to it ended or since you performed your last action with our communications or Platforms for the purposes described above. With regard to unfinished bookings, we might store the information for a maximum period of one year for security and fraud prevention, unless we need to store it for longer periods to fulfil our legal obligations.

Other specific terms might apply, such as a maximum term of three years for accountability purposes regarding data protection-related interactions, or a maximum term of ten years for tax and accounting purposes or for as long as any legal claim is open.

If you provide us with your contact email address, but then you are unable to finish your booking, we will keep your email address only temporarily and, in any case, for a maximum period of seven days to help you with the booking if you are still interested.

For the purpose of customised offers, you will periodically get email offers from us, and in every email, there will be a clear and easy way to unsubscribe and therefore object to this type of processing. We will keep and use your data for this purpose until you unsubscribe or after a maximum period of two years from your last interaction with us (e.g. performing a search, performing a booking, or updating your Prime subscription), or two years after three months of your Prime account expiration. If you unsubscribe from our marketing list, bear in mind that you will still receive service emails about your bookings, as well as notifications of any updates in relation to your account, our terms, our policies and any other critical information. Changes on our marketing list typically go into effect after forty-eight hours, but can take up to seven business days.

For those processing activities based on your consent, we will store your personal data for as long as such processing activities are necessary for the purpose for which they were collected, unless you withdraw your consent or request their deletion prior to that date, and there is no legal or judicial mandate to keep the personal data. Unless otherwise specified in this Privacy Notice, the duration of consent for processing activities based on consent shall be three years from the date of consent or until you withdraw your consent, whichever occurs first.

Browsing and device analytical data collected for improving our services or developing new services will be processed for two years.

Regarding Cookies duration, please check our .

To check the list of Third Countries, click here. We make reasonable endeavours to regularly update this link. If you have any questions regarding the international transfer of your data, or you want to receive a copy of these Adequacy Decisions or SCCs, you can do so by selecting “Other Data Protection comments or suggestions” in our Privacy Form and asking for it anytime.

Do not share your Booking ID

When you make a booking you will be assigned with a Booking ID. This reference will be included in your booking confirmation email.

Please, always keep your Booking ID confidential. If you share it with third persons, they might access your data. If you travel with others and you do not want them to have access to your booking data it might be advisable that you carry out your booking separately. For example, we recommend you not to share this data or any other relating to your trip on social media.

Do not share your account data with anyone and use a unique and strong password

To make sure that access to your account on our Platforms is safe please do not share your login data with anyone.

When you finish using our Platforms, please make sure to log out of your session if someone else might access your device. Avoid connecting using your account from non-trusted devices or networks like the ones in hotels, libraries or cyber coffees. If you do, please do not forget to log out once finished.

It is important that you protect yourself against unauthorised third-party access to your password and to your devices. We recommend that you use a unique strong password for your account that you do not use for other online accounts and you should renew it every reasonable period of time, such as once a year. Malicious actors may try to connect to your account using stolen credentials from other (non-related to us) services.

Of course, apply the same approach for your email account, by using unique strong credentials (as is our secure touchpoint to send you “reset link passwords”).

Be cautious and protect yourself from internet fraud and “Phishing”

Please, always double-check the sender of the emails and the links or documents attached to them. If you do not trust or have doubts, do not open the attachments or click on the links.

Be mindful of fake websites that may attempt to impersonate us to commit fraud. Our services (including bookings, account management, etc.) can only be provided directly through the official channels of our Platforms. We do not authorise any individual or third party to accept bookings on our behalf. Furthermore, we will never initiate a phone call to request your bank account information or any sensitive financial details as a method of payment. We prioritise the security and confidentiality of our customers' personal and financial information.

There is a broadly spread type of internet fraud practice known as “Phishing” aimed to illegally obtain your data by deception or by installing malware on your device and stealing your saved credentials.

“Phishing” is unsolicited emails that lead you to insert or confirm your passwords or bank details on a false or cloned website. Also, they try to make you download documents with malware, or install malicious software on your computer that will be used to steal your information, like your credentials.

These fraudsters pretend to be somebody of your trust, a bargain, somebody that needs urgent action from you, etc.If you have doubts regarding any communication that you might have received by someone saying that is us, please, contact us through our chat in our Help Center .

Use only original software

You may want to download our applications from alternative markets. Applications on those markets are not uploaded by us, so they may contain malware used to steal your credentials.

Please use only the official applications from Google Play or Apple Store.

Regarding your account:

• If you want to modify your payment details in your Prime subscription account: Log into your account, and change them in the Payment method section. Also, if you have a Prime subscription account, your payment methods used when booking will be included there as informed in the booking funnel.
• If you want to close your account session: Click on “Log out” in your account, and your account session will close after that action. You will be able to log in anytime after that while your account is active.
• If you want to cancel your Prime subscription: Check our article here.
• If you want to erase your account. Log into your account, go to “Account details” and click on “I want to delete my account”. This can only be done if you have no upcoming bookings or an active Prime subscription.

Regarding your trip:

• If you want to access it, to review the passenger's and trip information, including the check-in details: Log into your account and, if you do not have any, access your trip directly with your booking ID and email.
• If you want to rectify your passenger’s data for an already booked trip which requires the airline or hotel or other travel service provider to change the data before your trip or stay: Please contact our Customer Service here as soon as possible and ask for a “passenger name correction” with the relevant information. Our Customer Service team will check this with the airline, hotel or any other contracted service that requires them to modify the data and will come back with their decision on your request. Check our article for more information here.
• If you want to change one person to another for an already booked trip, which requires the airline or hotel or other travel service provider to change the data before the trip or stay. Please contact as soon as possible our Customer Service here and ask for a “passenger change” with the relevant information. Our Customer Service team will check this with the airline, hotel or any other contracted service accordingly and will come back with their decision on your request. Check our article for more information here.
• If you have not received your booking confirmation email. Check our article on this matter here. If for any reason, the instructions of the article are not useful for you, the most probable thing that happened is that you might have incorrectly introduced your email when registering it. If so, go to our Help Center , select “rectify my data”, “correct my email”, provide all the necessary information, and follow the instructions. Our team will review your case and come back to you asap.
• If you want to access your billing details or request invoices: Log into your account and, if you do not have any, access your trip directly with your booking ID and email, and select the billing option.

You have the right to ask us to correct inaccurate or incomplete data about you (and which you cannot update yourself with your account settings or through our Customer Service).

You may request information relating to your data and copies of such data.

You may also be entitled to request copies of the data that you have provided to us in a structured, commonly used, and machine-readable format where technically feasible.

You may request to have your data deleted. In some cases, we may not be able to erase it due to the fact that the data processing may be necessary for the performance of the contract between you and us, for compelling legitimate interests (i.e. promotion of a safe and trustworthy service, and legal and compliance), or to comply with our legal obligations (i.e. legal reporting, and auditing obligations). In any case, we will immediately erase them when we can do so. Because we protect our services from accidental or malicious loss and destruction, residual copies of your data may not be removed from our backup systems for a limited period of time (within a week).

You may require us not to process your data for certain specific purposes (including profiling) where such processing is based on legitimate interest, such as for direct marketing. If you object to such processing, we will no longer process your data for these purposes unless we can demonstrate compelling legitimate grounds for such processing or such processing is required for the exercise or defence of legal claims. You can object at any time to the following processing activities of your personal data described in Section 3: What types of data do we process?:

• Storing your data for future bookings to make it easier for you to finish a booking with us.
• Creating an account during the booking process when entering the payment information.
• Considering your previous interactions with us to ensure a more efficient and tailored service experience.
• Informing you about services that can assist you in the event of travel incidents or disruptions.
• Customising your searching process.
• Storing your search and contacting you in case you have not finalised a booking online.
• Informing you how to contact us if you need assistance while you are away, or other data that we feel might be useful to you in your planning.
• Collecting customer experience reviews.
• Asking you for a review of your experience with us or the travel provider.
• Subscribing you to our marketing list and sending you regular news of travel-related products and services (we remind you that you can also unsubscribe at any moment in each commercial communication, by clicking on the footer’s unsubscription link).
• Showing you customised categorised offers on our Platforms, or in third-party platforms.
• Avoiding sending promotional content that is irrelevant or of no interest to you.
• Using call or chat recordings for quality purposes and training.
• Improving our services or developing new services.
• Elaborating anonymised statistics regarding the overall conversion rate of the website.

Exceptionally, this right is not susceptible to be satisfied for the purposes of promotion of a safe and trustworthy service, and legal and compliance, since we rely on a compelling legitimate interest of protecting from any potential fraud or attack against the provision of our services.

If we are processing your data based on your consent, you may withdraw your consent at any time, specifying which consent you are withdrawing. Please note that the withdrawal of your consent does not affect the lawfulness of any processing activities based on such consent before its withdrawal. You can withdraw at any time your consent to the following processing activities of your personal data described in Section 3: What types of data do we process?:

• Saving your payment data for future bookings in those cases in which you are not a Prime subscriber. 
• Retrieving the booking information that you have already provided so you do not have to enter your data again in the same booking process.
• Using your geolocation to pre-populate the 'origin' field of the search form.
• Creating your account.
• For certain purposes related to our travel-related services, such as contacting you through specific instant messaging platforms, or in order to send information previously requested by travel services providers.
• When you take part in a market research survey with us.
• Sending you discount codes, deal alerts, and a birthday surprise with eDreams newsletter.