Tom Rover

Book your flights, accommodation, and adventure activities! All in one place! Plan your dream holiday now!

Be the first to learn about our

Latest Deals!

Cheap City Breaks | Last Minute Holidays

Yellow taxi under bridge Budapest
Budapest Embankment privacy policy

This website is operated by TOMROVER.COM. The privacy of our users is extremely important to us and therefore we encourage all users to read this policy very carefully because it contains important information regarding:

Who we are

TOMROVER.COM (’we’, ’us’, ’our’) collect, use and are responsible for storing certain personal information about you (’you’, ’your’, ’yours’).

The personal information we collect and use

Personal information is information which you can be identified from (and does not include any anonymised forms of information).

1. Types of personal information

We may process the following types of personal information concerning you:

Contact details such as email addresses, phone numbers, physical addresses, bank details

2. Criminal information

We may collect and process information in respect of any criminal offences concerning you, including:

Enhanced DBS checks, and details of any civil injunctions, to individuals, where such an injunction carries a criminal penalty. For employment, social security and social protection.

We may collect and process information in respect of any criminal offences concerning you, including:

Enhanced DBS checks, and details of any civil injunctions, to individuals, where such an injunction carries a criminal penalty.

1. Personal information obtained from you directly

We will sometimes obtain information from you directly, including when you:

Subscribe to the newsletter, purchase a product, create a user profile, and contact us using the ’contact us’ chat service.

2. Personal information obtained by use of cookies or other automated means

We will sometimes obtain information via automated technology. This shall be by us of cookies and similar technology. A cookie is a small text file which is placed onto your computer or electronic device when you access our website. Similar technologies include web beacons, action tags, local shared objects (’flash cookies’) and single-pixel gifs. Such technologies can be used to track user’s actions and activities and to store information about them. Usually, this will be to monitor and obtain information regarding:

How many times the user visits the website, which pages a user visits, traffic data, and location data.

On the first occasion that you use our site, we will ask whether you consent to our use of cookies and/or other similar processing technologies. If you do not consent, such technologies will not be used. Thereafter you can opt out of using cookies at any time or you can set your browser not to accept cookies. However, some of our website features may not function as a result.

For further information on our use of cookies and other similar technologies, please see our policy document as described below.

3. Personal information obtained from third parties

We will sometimes obtain information about you from third-party sources. Usually, this shall be from the following entities:

4. Automated decision-making

You may be the subject of our automated decision-making processes. Automated decision-making means the use of personal information to make a decision which is undertaken by an electronic system (i.e. the decision is not made by a human).

In any circumstance where are the subject of automated decision-making, you always shall be notified that a decision has been made in this manner. You can make any request for that decision to be reviewed, or t be reconsidered via manual means within ONE month of that decision being made.

5. Additional sources

We shall collect personal information concerning you from the following sources:

From our specialist mobile phone application, through your device ID on any personal devices, through social media sign-ons, through location technology.

6. Changes to how we collect your personal information

If we need to obtain personal information concerning you from any other source than those described above, we shall notify you of this.

How we use your personal information

1. General purposes

In general, your personal information will generally be processed for the following purposes:

Any criminal offence information concerning you will generally be processed for the following purposes:

DBS checks are undertaken for fraud prevention purposes to verify your eligibility for certain products in line with insurance requirements.

Any automated decision-making will generally take place concerning the following matters:

We have an automated system which makes lending decisions. The system makes a decision based on the information you provide and information from credit reference agencies.

2. Monitoring

We may monitor communications, and in doing so we may obtain your personal information through this process. We will undertake monitoring in the following circumstances:

3. Use of your information for marketing purposes

We have described above that one of the general purposes for which your data shall be processed is for our marketing purposes.

We wish to make you aware that you have the right to object or opt opt-out of any direct marketing by:

4. Credit checking

We have described above that one of the purposes we use your personal information is to undertake credit checking on you. Any such search will be recorded on the files of the credit reference agency.

We may also disclose information about how you conduct your account to credit reference agencies and your information may be linked to records relating to other people living at the same address with whom you are financially linked.

Other credit businesses may use your information to:

  1. Make credit decisions about you and the people with whom you are financially associated;
  2. Prevent and detect fraud and money laundering;
  3. Ensure you are eligible for certain products and services; and/or
  4. Verify the information you provide us with.

5. Fraud prevention

We will undertake fraud checks via the use of your personal information. This will involve sharing and working with Fraud Prevention Agencies. We do so to protect our commercial interests (which are encompassed within our legitimate interests as a business).

In general, our information will be used for fraud prevention purposes:

We will use your information for fraud prevention purposes (with Fraud Prevention Agencies) at the outset of any transaction.

Fraud prevention agencies can hold your personal information for different periods, the maximum period being six years.

Lawful basis for processing your personal information

We have described above the purposes for which we may process your personal information. These purposes will at all times be justified by UK data protection law.

1. General lawful bases

The lawful basis upon which we can process your data are:

  1. Where we have your consent to use your data for a specific purpose;
  2. Where it is necessary to enter into a legal contract with you or to perform obligations under a legal contract with you;
  3. Where it is necessary to enable us to comply with a legal obligation;
  4. Where it is necessary to ensure our legitimate interests or the legitimate interests of a third party (provided that your interests and rights do not override those interests). Wherever we rely upon this basis, details of the legitimate interests concerned shall be provided to you;
  5. Where we need to protect our own vital interests (or the vital interests of another person); and/or
  6. Where it is needed in the public interest (or where we are acting in our official functions); provided that the task of function has a clear basis in law.

In general, to meet the purposes we have described above, we will process your personal where we have your express consent on each occasion that the data is processed.

2.  Lawful basis applicable to criminal information

We have explained above that we may process any criminal offence information concerning you. We have defined above the general purposes for which we process any criminal information. These purposes are justified by lawful conditions.

There are however additional conditions which must be met to process criminal offence data. To meet the purposes we have described above, the lawful condition we rely upon concerning criminal information is that:

The processing will be necessary for employment and/or social security and/or social protection requirements which are imposed by law.

3. Lawful bases specifically applicable to marketing

We will only ever use your personal information to send you marketing directly where we have your explicit consent (which will be obtained in a format separate from this policy).

Sharing your personal information

On any occasion where any of your personal information is shared with any third party, we shall only permit them to process such information for our required purposes, under our specific instruction, and not for their purposes. We are required to enter into a formal legal agreement to enable such sharing to take place.

We may ask for your consent to share your information with third parties for marketing purposes. Any such third parties will be specifically identified by name at the time your consent is obtained.

We will not share your personal information with any third parties for marketing purposes without your explicit consent.

Necessity of information

Where information is requested from you and you do not provide this:

It may prevent you from using certain features of the website and/or receiving products.

We will inform you at the point of collecting information, whether you are required to provide the information to us.

How long your personal information will be kept

Your personal information will only be kept for the period necessary for us to fulfil the above purposes.

We envisage that your personal information shall be retained by us for the following:

Name and postal address – 4 years, identity documents – 2 months, email address – 4 years, bank details – 3 months IP address – 7 months.

After the period described above, your information shall be properly deleted or anonymised.

Keeping your information secure

We will ensure the proper safety and security of your personal information and have measures in place to do so. We will also use technological and organisational measures to keep your information secure. These measures are as follows:

User account access is controlled by a unique username and password. All data is stored on secure servers. Payment details are encrypted using SSL.

We have proper procedures in place to deal with any data security breach, which shall be reported and dealt with following data protection laws and regulations. You shall also be notified of any suspected data breach concerning your personal information.

Use of your information outside of the United Kingdom

We have described above the purposes and lawful bases for which we process your personal information. To meet those needs, we may transfer your personal information outside of the United Kingdom.

Your personal information may be transferred to:

                France, Italy, Austria, Germany, Hungary, Croatia, Switzerland, USA

The recipient country or countries listed above have been deemed by the United Kingdom to have adequate protection in place so that the security of your personal information can be maintained.


Our website is not intended for children (anybody under the age of 18). We do not intend to collect data from children.

Your rights

Under the UK General Data Protection Regulation, you have several important rights free of charge. In summary, those include rights to:

  1. Fair processing of information and transparency over how we use your personal information;
  2. Access to your personal information and to certain other supplementary information that this Privacy Statement is already designed to address;
  3. Require us to correct any mistakes in the information which we hold;
  4. Require the erasure of personal information concerning you in certain situations;
  5. Receive the personal information concerning you which you have provided to us, in a structured commonly used and machine-readable format and have the right to transmit this information to a third party in certain situations;
  6. Object at any time to processing of personal information concerning you for direct marketing;
  7. Object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you;
  8. Object in certain other situations to our continued processing of your personal information, or ask us to suspend the processing procedure for you to confirm its assurance or our reasoning for processing it;
  9. Object to processing your personal information where we are doing so in reliance upon a legitimate interest of our own or of a third party and where you wish to object to this particular ground;
  10. Otherwise, restrict our processing of your personal information in certain circumstances;
  11. Claim compensation for damages caused by our breach of any data protection laws; and/or
  12. In any circumstance where we rely upon your consent for processing personal information, you may withdraw this consent at any time.

For further information on each of those rights, including the circumstances in which they apply, the Guidance from the UK Information Commissioner’s Office (ICO) on your rights under the General Data Protection Regulations.

If you would like to exercise any of these rights please contact our Data Protection Officer: TOM KORMOS, in the following manner:

                Via the Contact Form on the website

or via email to [email protected]

Changes to the privacy policy

This privacy policy was published on 22nd April 2024 and last updated on 24th April 2024. 04. 24.

We may change this privacy policy from time to time and will notify you of any changes by:

                By email if you have opted in to receive email.

                By a notice on the website header.

By a notice in the news section of the website.

Contacting us

Our Data Protection Officer is TOM KORMOS.

Any requests or questions regarding the use of your personal information should be made to the above-named person using the following method:

Via the Contact Form on the website

or via email to [email protected]