Privacy Notice

The Challenge Group (thereafter referred to as the « Group« , “Challenge Group”, “Company”, “We” or the “Organization”) is committed to protecting Your personal data.

This privacy notice (the “Privacy Notice” or the “Notice”) applies to users or visitors of our website (the “Website” or the “Site”), as well as to any individuals or organizations’ representatives who interact with us through the Website (e.g., by browsing the website, or submitting information or applications online or subscribing our newsletter) (together “You”).

This Notice aims to give You information on how We collect and process Your personal data, including Your rights, the third parties we share Your data with and how long We keep Your data in compliance with the General Data Protection Regulation EU 2016/679 (“GDPR”) on the protection of individuals with regard to the processing of personal data and on the free movement of such data.

1. Data controller

This Privacy Notice is issued on behalf of the Challenge Group, which is the controller (“Controller”).

An inter-company agreement has been implemented within the Group to govern the transfer of personal data within the various entities that form part of the Group.

We have appointed a Data Protection Officer. If You have any questions regarding the processing of Your personal data or any complaint, You can contact the Data Protection Officer at any time using the following contact:

2. How Your data is collected

Your data might be collected from You directly, when You may give us Your data by filling in forms or by contacting us or when You engage with us to provide our services.

3. What personal data we collect, why we collect it, and what is the legal basis

A – Access to website and log file

When you visit this Website, our web server automatically stores the domain name or IP address of the requesting computer system (usually your internet access provider), including the date, time and length of your visit, the sub-sites/urls you visit, and information on the applications and devices you use to view our Website. Hosting takes place in Belgium, Europe.

Data collected

  • Log file
  • IP address
  • Login info
  • Pages viewed,
  • Duration website visits
  • Site usage, user’s operating system
  • User’s internet service provider


We collect and use your data to better understand our users’ needs, to continuously improve our website and to enable users to access the website, for purposes of (network) security, to measure and improve the effectiveness of this website, to help diagnose problems with our server, to administer this website, to see where website traffic is coming from and to identify our users.

Legal basis

Art. 6 (1) (f) of GDPR, the process is necessary to fulfil our legitimate interests.

Retention period

The data collected is retained for a one-year period.

 B – When you contact us

Data collected

  • Name
  • Email address
  • Anything under the section “Your message”


  • To process your request
  • To respond to your question/query
  • To provide support (if agreed in a contract)

Legal basis

Art. 6 (1) (f) of GDPR Processing is necessary for our legitimate interests in conducting an existing business relationship or performing our other business activities

This data is not being stored on the website but an email message is sent through the website to the responsible department and it is stored on Microsoft cloud.

In relation to the legal basis of our legitimate interest under art. 6 (1) (f) GDPR, in addition to the purposes listed above, we might process Your data also for the purposes of preventing fraud, ensuring network and information security, reporting of criminal acts or threats to public security, exercise of a legal rights of the Company.

4. If You fail to provide Your personal data

If You fail to provide the personal data requested we won’t be able, for instance, to process Your request, to enter into a contractual relationship with You, to provide our services or to provide You with offers.

5. Security

We have implemented appropriate technical, organizational and security measures (TOMs) designed to reduce the risk of accidental destruction or loss, or unauthorized disclosure or access to such personal data, according to the nature and context of the type of data and processing carried out.

In addition, we limit access to Your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process Your personal data on our instructions, and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify You and any applicable regulator of a breach where we are legally required to do so.

6. How we share Your personal data

We may share Your Personal Data as follows:

  • to the extent necessary, with regulators, to comply with all applicable laws, regulations and rules, and requests of law enforcement, regulatory and other governmental agencies or if required to do so by court order;
  • to professional advisers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services;
  • where You have provided Your consent to us in sharing the Personal Data (e.g., where You provide us with marketing consents or opt-in to optional additional services or functionality);
  • within the Group, we may disclose personal data processed to other companies within the Group in accordance with the Intra Group Data Transfer Agreement;
  • Trusted service providers we are using to run our business including ground handling agents assisting our customers at airports in all countries we operate, call centres and flight connection service providers and cloud service providers.
  • In the event that we are acquired by or merged with a third party entity, or in the event of bankruptcy or a comparable event, we reserve the right to transfer, or assign Personal Data in connection with the foregoing events, when allowed or imposed by applicable law and in compliance with legal and regulatory requirements.
  • Social media: You may be able to access third party social media services through our website or before coming to our website. Please refer to the privacy policy of these third-party social media providers to find out more about these practices.

We process and share Your personal data with immigration authorities to comply with our legal obligations which include customs controls, passport – borders controls and international travel control activities.

7. Automated decision making

In principle, we do not use any automated decision-making (including profiling) within the meaning of Article 22 GDPR in connection with operation of our Website.

8. Transfer extra EU

Data may be transmitted to the entities, subsidiaries and affiliates forming part of the Group and to third parties which may be located outside of EU. Where the recipient and/or third party is situated in a jurisdiction outside of the EU that has not received an adequacy decision issued by the European Commission (Art. 45 GDPR), the transmission of data shall be subject to appropriate safeguards within the meaning of Article 46(1) of Regulation (EU) 2016/679 and any contractual agreement shall include the Standard Contractual Clauses (SCCs) for the transfer of personal data to third countries. You can obtain a copy of the Standard Contractual Clauses (SCCs) by contacting us at and

Regarding the sharing of personal data with Israel, the European Commission has issued an adequacy decision. [Please see the link]

Where we receive requests for Personal Data from law enforcement or regulators we carefully validate these requests before any Personal Data is disclosed.

9. Your rights

According to GDPR, You have the following rights:

  1. Request access to Your personal information. This enables You to receive a copy of the personal information We hold about You and to check that We are lawfully processing it;
  2. Request rectification of personal data that We hold about You.
  3. Request erasure of Your personal data (where applicable). This enables You to ask the Organization to delete or remove personal information where there is no good reason for Us continuing to process it.
  4. Object to the processing of Your personal data (where applicable) where We are relying on a legitimate interest (or those of a third party) and if there is something about Your particular situation which makes You want to object to processing on this ground. If personal data that relates to You is processed for direct marketing or profiling purposes, You have the right to object at any time to the processing of Your personal data for such purposes.
  5. Request that We provide You with any personal data that You may have provided Us, in a structured, commonly used and machine-readable format;
  6. Request the restriction of processing of Your personal information.
  7. Request that We transmit Your personal data directly to You or to another controller indicated by You.

You have also the right to withdraw Your consent. Please note that there may be circumstances in which we are entitled to continue processing Your data, in particular if the processing is required to meet our legal and regulatory obligations.

If You want to access to Your records, you may submit a Data Subject Access Request to

There is no charge for the provision of this information except in circumstances where the request is manifestly unfounded or excessive.

You have a right to lodge a complaint with Your local data protection supervisory authority (i.e., Your place of habitual residence, place or work or place of alleged infringement) at any time. The identified lead supervisory authority is the Information and Data Protection Commissioner Office (IDPC), the Maltese supervisory authority for data protection issues. We would, however, appreciate the chance to deal with Your concerns before You approach the IDPC so please contact us in the first instance. The IDPC’s contact details are as follows:

10. Retention of Your Personal Data.

We will only retain Your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of Your personal data, the purposes for which we process Your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

If obliged to do so by law, we process personal data according also to commercial or tax law or to meet legal security requirements.

Details of retention periods for different aspects of Your personal data are available in our Data Retention Policy which You can request from us by contacting our DPO.

If Your personal data is no longer required by us, we will either securely delete or anonymise them.

11. Use by children

We do not offer our products or services for use by children. If You are under 18, You may not use the Website, or provide any Personal Data to the Website without involvement of a parent or a guardian. We do not knowingly collect Personal Data from, and/or about children.

12. Links to and interaction with third party products

The Website allows you to interact with or contain links to your Third Party Account and other third party websites, mobile software applications and services that are not owned or controlled by us (each a “Third Party Service”). We are not responsible for the privacy practices or the content of such Third Party Services. Please be aware that Third Party Services may collect Personal Information from you. Accordingly, we encourage you to read the terms and conditions and privacy policy of each Third Party Service that you choose to use or interact with.

13. Third parties technology

When You visit or access our Services (for example when You visit our Website), we use (and authorise third parties to use) cookies and other technologies (« Tracking Technologies« ).

The Tracking Technologies allow us to automatically collect information about You and Your online behaviour, as well as Your device (for example Your computer or mobile device), for different purposes, such as in order to enhance Your navigation on our Services, improve our Services’ performance and customize Your experience on our Services. We also use this information to collect statistics about the usage of our Services, perform analytics, deliver content which is tailored to Your interests and administer services to our users

14. Integration of social networks and other plugins

We may implement so called plug-ins (“Plugins”) from social networks ( “Social Networks”) and other platforms ( “Platforms”) on certain webpages of this Website such as “Share” or “Like” buttons, video player or interactive maps. We use such Plugins in order to give You the possibility to share or recommend interesting offers in Social Networks, to use interactive maps on our Website or to watch videos and to promote our services.

You may find the following Plugins on this Website:

  • Duplicate Page
  • Elementor
  • Elementor Pro
  • Imagify
  • JetBlocks For Elementor
  • JetElements For Elementor
  • JetEngine
  • JetMenu
  • JetSmartFilters
  • JetTabs For Elementor
  • Make Column Clickable Elementor
  • Ocean Extra
  • Rank Math SEO
  • SecuPress Free — WordPress Security
  • Security Headers
  • Simple Custom Post Order
  • WP Engine Automated Migration
  • WP-Optimize
  • WPCode Lite

Through the aforementioned plug-ins Challenge Group is not collecting any personal information.

15. Cookies


The below is the cookie policy as visible on the Challenge Group website.

16. Changes to Privacy notice

This version was last updated on 22/12/2022.

It is important that the personal data we hold about You is accurate and current. Please keep us informed if Your personal data changes during Your relationship with us. 

17. Disclaimer and limitations of these data protection notices

These Notice only apply to processing for the website Challenge Group Website.

Other websites are not covered by these Notice and provide their own specific data protection notices.

18. Contact us

If You have any questions, concerns or complaints regarding our compliance with this Notice and the data protection laws, or if You wish to exercise Your rights, we encourage You to first contact us at and