Trust and Compliance


Effective Data Protection for CILOYALTY

CILOYALTY has always taken the privacy and confidentiality of your program participant's personal data seriously.

We comply with our obligations under all applicable privacy and data protection laws, in all the jurisdictions where we operate.


Data Processing Terms - GDPR

For our corporate customers to whom GDPR applies, when we process your participants’ personal data to create and manage a loyalty program on your behalf, we do so as your “processor”. We only process your participants’ personal data for this purpose and in accordance with your instructions.

The GDPR will require that such processing is carried out on specific terms that provide protection to data subjects (i.e. your participants).

With that in mind, we have introduced a data processing addendum for all our corporate customers in respect of whom GDPR applies. This document provides greater transparency and accountability in relation to how we process your participants’ personal data.

In accordance with the data processing addendum, affected corporate customers may subscribe to notifications of new sub-processors. European customers using Outlook may do so here. For all other customers, please contact your local Data Protection Officer (DPO) at the email address set out below.


Privacy Notice

When, under GDPR, we process personal data of individuals who are not corporate customers, we do so as a data controller and the provisions set out in our Privacy Policy shall apply.


Contacting our Data Protection Officer

The broad scope of the GDPR means that it will also impact businesses outside of Europe. As part of the global Flight Centre Travel Group, we have appointed global and regional data protection officers to provide an integrated approach to data security.

If you would like further information about the protections we’ve put in place, please contact your local DPO at:



Last updated 16 May 2018.