Privacy Statement
This Privacy Statement applies to C. I. Travel Group Ltd, trading as FlyDirect, which acts as the data controller for the personal data described below
How we keep your data safe, secure, and confidential
Your personal information is collected when you purchase travel, accommodation or an inclusive holiday, and when you request information about our products or services. We also keep records of your activity with us, including visits to our website.
We use this personal information to handle your requests, manage your booking, meet our legal and contractual obligations, and, where you have opted into marketing communications, offer you other products and services. We also use personal information for internal administration, reporting, analytics, service planning and service improvement, including through our data platform and related systems. We respect the privacy and confidentiality of your information and will not disclose it to third parties without your consent, unless required to do so by law or where this is necessary for these purposes and appropriate safeguards are in place
In limited circumstances, we may process information relating to a passenger’s mobility, accessibility or other assistance requirements, where this is necessary to make appropriate travel arrangements or support related internal reporting and analysis. This information is handled with appropriate safeguards, restricted access and data minimisation measures
We may also use information collected from our website to personalise your repeat visits and improve your online experience.
What information is collected?
In order to make a booking, we collect the following information:
Full name of the lead passenger
Full names of other passengers travelling with you
Dates of birth of all passengers
Your address
Your email address
Your mobile telephone number
Your credit or debit card details
Where relevant to your booking, we may also collect limited information relating to restricted mobility or accessibility requirements, to ensure suitable arrangements can be made with transport providers or accommodation partners.
The above information must be provided in order to make your booking. Refusal to provide the required details will result in our inability to provide travel and accommodation booking services. Access to and deletion of your data
We collect, store and process your personal data in order to fulfil your holiday arrangements, meet our legal and contractual obligations, and support our legitimate interests in internal administration, reporting, analytics, service planning and business improvement. In particular, we may use your personal data as follows:
- to manage bookings, itineraries, passenger records and related operational data;
- to provide your details to government bodies, immigration authorities, airlines, ferry operators, accommodation providers and other competent authorities where required by law or necessary for your travel arrangements.
- to securely transfer, store, organise, combine and analyse data within systems operated by us, including our data platform and related systems hosted in the UK;
- to support internal reporting, analytics, service planning and business improvement;
- to use AI-enabled productivity, analysis and support tools, including Microsoft 365 services, to assist with internal administration, reporting, customer service, document handling and service improvement, with appropriate safeguards and human oversight where relevant;
- to work with trusted service providers acting on our behalf, including C5 Alliance Limited as our implementation and support partner and Microsoft Ireland Operations Limited / Microsoft group companies as cloud platform and hosting providers;
Where we use personal data for internal reporting and analytics, we aim to limit the data used to what is necessary, apply role-based access controls, and retain data in line with our internal retention policies and legal obligations. Any processing carried out by our sub-processors or service providers is subject to contractual, technical and organisational safeguards designed to protect your personal data. Where access to personal data may take place outside Jersey, we rely on appropriate contractual and organisational safeguards.
We may also process your personal information under our legitimate interest in advising you of additional products or services that may enhance your holiday experience. This may include, but is not limited to, excursions, car hire, transfers and travel insurance.
Access to and deletion of your data
You have the right to access the information we hold about you and to receive it in a format suitable for data portability. This information can be provided either as a PDF (Portable Document Format) or as a text (.txt) file.
You may request the deletion of your personal data once your travel has been completed, subject to any legal or regulatory requirements to retain certain information. Where deletion is not possible, we will restrict processing of the relevant data to the extent required by law.
Requests for your data or deletion of your data can be made by:
Retrieving your previous bookings online by visiting the secure View My Bookings area. You will be required to enter your name and booking reference. Use the ‘Update my preferences’ option to send your data by email.
Calling us on 03301 344 733 to request your personal data.
- If you have any questions about how your personal data is handled, you can contact us at infosec@citravelgroup.com or via the contact details provided on our website.
For security reasons, personal data can only be sent to the email or postal address associated with your booking.
Retention of data provided during the booking process
If you have opted out of marketing communications, all data will be automatically removed from our booking systems and marketing databases 180 days after the completion of your travel, provided there are no outstanding balances on your account. Once removed, this data will no longer be accessible by you or by us.
If you have opted in to receive marketing communications, your data and booking history will be retained for up to ten years, or until you update your preferences or request deletion.
When you provide credit card details to make a payment, once the transaction has been authorised, your full card details are no longer stored or accessible by us. Our website uses secure encryption technology to ensure that your payments remain safe.
Feefo Feedback
We work with global ratings and review provider Feefo to gather and publish feedback on your holiday experience. Your email address, return travel date and accommodation choice (if booked) are securely shared and you will receive an email after your holiday inviting you to review our service.
If you choose to submit a review, it will be published on FlyDirect and www.feefo.com/fly-direct. Published feedback does not contain any personal information, and you may choose to remain anonymous.
Feefo will remove or amend feedback upon request via amendfeedback@feefo.com.
Insolvency
In the event of our insolvency, we or any appointed insolvency practitioner may disclose your personal information to the CAA and/or ABTOT so that they can assess the status of your booking and advise you on the appropriate course of action under any scheme of financial protection.
The CAA’s General Privacy Notice is available at www.caa.co.uk/Our-work/About-us/General-privacy-notice
ABTOT’s Privacy Notice is available at www.abtot.com/privacy-policy-cookies
When browsing the website
When you browse our website, cookies are used to enhance your experience and the usability of the website. They may also be used to market holidays and services provided by C. I. Travel Group while you browse the internet.
Cookies are small text files placed on your browser to store your preferences and browsing behaviour. Cookies are anonymous and do not provide us with access to your personal information, name, location, email address or contact details. Cookies are not harmful to your browser and are unique to it.
We also use cookies for general monitoring, helping us to identify user trends and improve the efficiency of our website.
You can view or manage your stored cookies at any time. Most browsers automatically accept cookies, but you can change this through your browser settings. For more information, visit www.allaboutcookies.org.
How we use cookies
We use both first-party and third-party cookies on this website.
“Analytical” cookies, including those set by third-party analytics tools, allow us to calculate the aggregate number of visitors, understand how users interact with the site, and identify which parts of the site are most popular. This helps us improve our website and better serve users.
Some of our pages allow third parties to set their own cookies (for example, when using social media sharing buttons or viewing embedded videos). We do not have access to data stored in these cookies.
“Session” cookies enable you to carry information across pages of the website and avoid re-entering information. They also help us understand how the site is being used and improve its structure.
| Cookie type | What is collected | Why this information is collected |
|---|---|---|
| Google Analytics | Information about how you use our site, including pages viewed, visit duration, number of visits, and browser or device used. | To help us improve your browsing experience. |
| Facebook Pixel | Information about which pages you have viewed or actions taken on the website. | To enable targeted remarketing on Facebook based on your website use. |
| Hotjar | Information about how visitors interact with the website, including mouse movements, clicks, scrolling behaviour, pages visited, device type, browser information, and screen resolution. This data is collected in an anonymised form and does not directly identify individual users. | To help us understand how users interact with our website so we can improve usability, functionality, and overall user experience. |
Links to other websites
Our website may contain links to other websites of interest. However, once you leave our site, we have no control over those websites. Therefore, we cannot be responsible for the protection and privacy of any information you provide while visiting such sites, which are not governed by this privacy statement. You should review the privacy statement of any website you visit.
Accuracy of information
You have the right to have any inaccurate information we hold about you corrected. If you believe that any information we hold is incorrect or incomplete, please write to or email us at the address below, and we will promptly correct it.
Marketing communications
We will only send marketing communications about C. I. Travel Group products and services if you have opted in to receive them.
The personal information we hold for marketing purposes will never be shared with any third party.
Information may be collected if you opt in during the booking process, complete a newsletter sign-up form, or contact us directly to request inclusion. You will be required to confirm your subscription by opening the ‘confirm your subscription’ email and clicking to verify.
Our marketing email provider is MailChimp. Only your email address and preferred departure airport are shared securely with MailChimp and never with any other third party.
You can unsubscribe or update your preferences at any time by clicking the relevant link in any marketing email, or by emailing marketing@citravelgroup.com.
Jersey Office of the information commissioner contact details
You may exercise your right to complain to the Jersey Office of the Information Commissioner if you feel that C. I. Travel Group Ltd has misused your data.
Visit Website: JOIC
Postal Address:
Jersey Office of the Information Commissioner
2nd Floor, 5 Castle Street
St Helier
Jersey, JE2 3BT
Telephone: 01534 716530
This privacy statement is reviewed periodically and updated as necessary to reflect changes in our practices or legal requirements.
V1.4 – 11 June 2026