Think Travel. Think TUI.

It is important to us that we look after the personal data that you share with us. Looking after the personal data you share with us is important for us. We want you to be confident that your data is safe and secure with us, and understand how we use it as part of our recruitment process. It is important that you carefully read and understand each section of this Privacy Notice (“Notice”) before starting your application and sharing your personal information with us.

What this Privacy Notice covers

The data controller is TUI AG’s subsidiaries in the UK and Ireland (referred to in this Notice as “TUI”, “we” or “us”). We are committed to doing the right thing when it comes to how we collect, use and protect your personal data. Your privacy matters to us, so please do take the time to read our Privacy Notice which explains:

  • What types of personal data we collect and why we collect it.
  • When and how we may share personal data within the TUI Group and with other organisations.
  • The choices you have, including how to access and update your personal data.

We have tried to keep this Notice as simple as possible, but if you are not familiar with terms such as data controller, special categories of personal data, then read about these and some others in Key terms.

Personal data we collect

All personal data we collect about you as part of the recruitment process is used to assess your suitability for the advertised position you have applied for. You don’t have to provide what we ask for but it might affect our ability to assess your application if you don’t. 

When you browse our recruitment websites and mobile apps, we may collect:

  • Information about your browsing behaviour on our websites and mobile apps.
  • Information about the way you access our digital services, including operating system, IP address, online identifiers and browser details.

As part of the application and selection process we may obtain any or all of the following:

  • Your personal details, including your passport, ethnic group, gender, religious background, sexual orientation, age group, marital status, disability, qualifications, personal address, email address, phone number and date of birth.
  • Your work experience, including your CV, cover letter, application questionnaire, professional qualifications, career development, performance, training and certifications.
  • Any relevant health conditions (if any) and other relevant medical information as necessary.
  • Social preferences, interests and activities.
  • Personal data you provide us including by email, post and phone or through social media, such as your name, working experience, qualifications, interests and contact details.
  • Results generated as part of our recruitment process, including when you complete our assessments, tests, occupational or personality profile questionnaires, and/or any notes generated by us during the interview process.
  • Your feedback and contributions to our online surveys and questionnaires.

Other sources of personal data

    • We may use personal data from other sources, including without limitation public authorities, medical examiners, recruitment agencies, head hunters, accreditation organisations and training providers.
    • We may use CCTV images, IP address and browser details collected in or in the immediate vicinity of our offices, car park premises, and other buildings where you may be invited to attend an interview.
    • If you contact one of our recruitment helplines or HR services, we may record your calls for quality and training purposes. 

Using your personal data

We use your personal data in a variety of ways, as explained below.

To manage your application

We need to process your personal data so that we can manage your application process. It will also be used to assist us in monitoring the diversity of our applicants.

We will use your personal data to assess your suitability for the role you have applied for.

We may also use your personal data to progress your application for employment and, if your application is successful, to administer your employee record.

To make contact and interact with you

We may use your contact details to contact you (either by post, phone, email or text message) as part of our recruitment process to arrange an interview, obtain more information about you or give you updates on the status of your application.

If you have subscribed to one of our job alert services, we may also send you job alerts and emails about new vacancies available, information about other TUI Group companies’ recruitment campaigns and other recruitment information which might interest you.  We will only do this if you previously agreed to receive these communications. You can change your mind at any time by unsubscribing from these emails.

We do not sell your personal data to third parties.

To manage and improve our recruitment services

We use personal data to manage and improve our online recruitment platform, mobile apps, and other recruitment services.

We monitor how recruitment platforms are used to help protect your personal data, detect and prevent fraud, other crimes and the misuse of services. This helps us to make sure that you can safely use our recruitment services.

To improve our recruitment services and our interaction with you, we may invite you to take part in our surveys or questionnaires carried out by the TUI Group and by other organisations on our behalf.

Unsuccessful application

If your application with us is unsuccessful for the particular role you applied for, we will retain your application details including your contact details and where required a copy of your CV for 6 months. We will ask for your consent to keep your application details on our talent data base for a period of 24 months so we can be in touch with you if we have new vacancies which might interest you.

Conditional offer

If we make you a conditional offer, we may ask you to provide us with further information or complete further questionnaires to meet the requirements of the role. Without such information, we may have to withdraw the offer. 

Pre-employment checks

We are under legal obligation to verify your identity and right to work in the United Kingdom. We may also seek for further assurance as to your trustworthiness, integrity and reliability. We may ask you:

  • Proof of your identity, including your driving license and passport
  • Proof of your professional qualifications and diplomas
  • Contact details of your references, so we can contact them to verify information on your CV (such as your previous professional experiences)
  • To complete a questionnaire about your health, so we can establish your fitness to work or obtain professional advice if any adjustments are needed so that you may work effectively. This questionnaire will be processed by one of our occupational healthcare advisors. In addition, as part of our recruitment process for pilots or cabin crew members, we may ask you to attend a medical examination organised by certified aviation medical examiners.

Criminal records

Depending on the nature of the position offered and to protect our customers and members of staff, we may ask you to complete a Disclosure and Barring Service (DBS) check, criminal records declaration to declare any unspent conviction and we may also check your details with fraud prevention agencies. Should we identify any convictions or act of fraud or any other criminal offence which may be incompatible with the nature of the position offered to you or present a high level of risk for the interests and/or safety of our customers or members of our staff, we may decide to interrupt or terminate your recruitment process.

Final offer

If we make a final offer, we may ask you for:

  • Your bank details so we can process with the payment of your salary
  • Emergency contact details, so we know who to contact in case you have an emergency at work.

Before providing another person’s other people’s personal data, you must be sure that they have agreed to this and you are allowed to provide it. You should also ensure that, where appropriate, they understand how their personal data may be used by us.

Use of data processors

We also work with carefully selected suppliers that carry out certain functions on our behalf or provide elements of our recruitment service for us. For example, companies that help us store and combine data, manage our online recruitment system, online assessment providers, credit check agencies and our occupational healthcare advisors.

When we share personal data with other organisations we require them to keep it safe, and they must not use or share your personal information with any organisation apart from us. They cannot do anything with your personal information unless we have instructed them to do it.

We only share the minimum personal data to enable our suppliers to provide their services to you and us.

Sharing personal data with regulatory authorities

We may share the minimum personal data necessary with public authorities if the law says we must, or we are legally allowed and have a permitted reason to do so.

Sharing personal data within the TUI Group

We may share the minimum personal data necessary with other companies in the TUI Group, for example, when you apply for a role in another country that TUI operates in.

We may also share personal data with an organisation we sell or transfer (or enter into negotiations to sell or transfer) any of our businesses or any of our rights or obligations under any agreement we may have with you. If the transfer or sale goes ahead, the organisation receiving your personal data can use your data in the same way as us.

Protecting your personal data

We know how important it is to protect and manage your personal data. We take appropriate security measures to help protect your personal data from accidental loss and from unauthorised access, use, alteration and disclosure.

When you apply to one of our positions based overseas, the personal data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). It may also be processed by TUI AG’s subsidiaries, data processors or organisations operating outside the EEA who work for us or for one of our suppliers. We put in place appropriate protections to make sure your personal data remains adequately protected and that it is treated in line with this Notice. These protections include, but are not limited to, appropriate contract clauses, such as standard contract clauses approved by the European Commission, and appropriate security measures.

Data retention

If your application is successful, we will retain your personal data only for as long as it is necessary for the uses set out in our Employee Privacy Notice and/or to meet legal and regulatory requirements. This includes your criminal records declaration, fitness to work, records of any anti-fraud checks and references.

If your application is unsuccessful at any stage of the recruitment process, all personal data you provided and all information generated throughout the recruitment process (such as, your application details, CV, interview notes and questionnaire results) will be retained for 6 months from termination of your application unless you consented to a longer retention period for future opportunities.

After this period, we will securely erase your personal data. If data is needed after this period for analytical, historical or other legitimate business purposes, we will take appropriate measures to anonymise this data.

We may also retain anonymised information so we can monitor the effectiveness of our recruitment campaigns, for example, to monitor equal opportunities, but also assess which source if more effective to run our recruitment campaign. This anonymised information will be retained for 7 years from the end of the recruitment campaign.

About cookies

Cookies are small data files that allow a website to collect and store a range of data on your desktop computer, laptop or mobile device. Cookies help us to provide important features and functionality on our websites and mobile apps, and we use them to improve your experience on our website. Please see our separate Cookie Notice.

Social media

We may advertise some of our vacancies and job adverts on our social media channels or through social media providers (such as, LinkedIn) that have their own privacy notices. Please make sure you read their terms and conditions and privacy notices carefully before providing any personal data as we do not accept any responsibility or liability for these features.

Accessing and updating your personal data; and complaints

You have a right to ask for a copy of the personal data we hold about you. You can write to us asking for a copy of other personal data we hold about you.

Please include any details to help us identify and locate your personal data. Where we can provide data access, we will do so free of charge except where further copies are requested in which case we may charge a reasonable fee based on administrative costs.

We want to make sure that the personal data we hold about you is accurate and up to date. If any of the details we hold are incorrect, please let us know.

You can also ask for your personal data to be rectified or erased, to object to the processing of your personal data and, where technically feasible, to ask for personal data you provided to be transmitted to another organisation.

We will update or erase your data, unless we have to keep it for legitimate business or legal purposes.

You can also contact us if you have a complaint about how we collect, store or use your personal data. We aim to resolve complaints but if you are dissatisfied with our response, you may complain to the Information Commissioner’s Office.

Please submit your query, request or complaint to our HR Services Team in writing:

By post: TUI UK Limited, Data Protection Officer, Wigmore House, Wigmore Place, Wigmore Lane, Luton LU2 9TN.

Email address:

Open 08.30 – 17.30, Monday to Friday

You can also contact the Data Protection Officer in writing:

By post: TUI UK Limited, Data Protection Officer, Wigmore House, Wigmore Place, Wigmore Lane, Luton LU2 9TN.

By email:

Please note that we may ask you to verify your identity before we can act on your request or complaint. We may also ask you for more information to help ensure that you are authorised to make such a request or complaint when you contact us on behalf of someone else.

 Legal basis for processing personal data

We will only collect and use your personal data if at least one of the following conditions applies:

  • We have your consent; – explicit, freely given, specific and informed expression of consent

Example: Job Alerts

You give us permission to process your personal data when you want to register for our job alert services.

  • It is necessary for a contract with you or to take steps at your request prior to entering into a contract;

Example: To proceed with successful application

If your application is successful, we need to process your personal data in order to take steps prior to entering into an employment contract, so we can manage our payroll system, administer personnel and employment records, and grant access to our IT facilities and/or premises.

  • It is necessary for us to comply with a legal obligation; – employment laws, health and safety regulations, tax and social contributions, specific regulations applicable to certain positions (e.g. regulations from the civil aviation authorities)

Example: Sharing personal data with public, governmental and regulatory authorities

It may be mandatory (as required by government authorities to employers) to disclose and process your personal data to ensure that you are allowed to work in the United Kingdom, to monitor equal opportunities, or any other purposes which such authorities determine appropriate.

  • It is necessary to protect your vital interests or those of another individual;

Example: In an emergency

In the event of accident, we may contact your next to kin or share your information with our first aider and emergency services.

  • It is in the public interest or we have official authority; or

Example: Security operations

We may use personal data to respond to and to manage security operations, accidents or other similar incidents, including health and safety purposes.

  • It is in our own or a third party’s legitimate interests and these are not overridden by your interests or rights.

Example: To protect our customers and members of staff

We may check your criminal records to ensure you have no previous or current convictions which may be incompatible with the nature of the position offered to you or present a high level of risk for the interests or safety of our customers (including, children and vulnerable persons travelling with us) or members of our staff.

Special categories of personal data

Where we need to process special categories of personal data (for example, health data for medical reasons) we will only do so if one or more additional conditions apply. For example, we have your explicit consent; it is necessary to protect the vital interests of you or another individual and you are physically or legally incapable of giving consent; it is necessary so we can comply with our legal obligations as an employer; it is necessary to establish, exercise or defend legal claims; it is necessary for reasons of substantial public interest; or it is necessary for preventive or occupational medicine.

Example: To monitor equal opportunities

We record racial or ethnic origin or religious beliefs to fulfil our statutory obligations to ensure equality of opportunity at work.

Changes to our Notice

This Notice replaces all previous versions. We may change the Notice at any time so please check it regularly on our website(s) for any updates. If the changes are significant, we will provide a prominent notice on our website(s) including, if we believe it is appropriate, electronic notification of Privacy Notice changes.

Last update: May 2018


Key terms

Data controller: The data controller determines the purpose and manner in which personal data is used.

Data Processor: The data processor processes personal data on behalf of the data controller.

European Economic Area (EEA): EU Member States plus Norway, Iceland and Lichtenstein.

Personal Data: any information related to a natural person that can be used to directly or indirectly identify an individual.

Special categories of personal data: These are categories of personal data revealing racial or ethnic origin; political opinions; religious or philosophical beliefs; trade union membership; genetic data, biometric data for the purpose of uniquely identifying a natural person; health data; and data concerning a natural person’s sex life or sexual orientation.