Introduction and background
The purpose of this policy is to outline how Holiday Designers has established measures to protect your privacy and information rights.
For the purposes of the Data Protection Act 1998 and the General Data Protection Regulation, we (Holiday Designers) are a data controller.
What are your rights as a data subject?
We recognise that you have rights as a 'data subject', and that we have an obligation to uphold these.
This privacy notice aims to outline how we maintain these rights. In particular it outlines:
- How we collect and process your information
- Why we do this
- How you can exercise your rights
- Who to contact in the event you're unhappy with our performance.
Depending on why we have collected your information, your information rights could include:
Right to be informed - This encompasses the obligation for us to be transparent in how we collect and use your personal data.
Right of access - You have the right to access your personal data and supplementary information.
Right to rectification - If the information we hold on you is inaccurate or incomplete, you can request we correct this.
Right to erasure - You can request we delete or remove personal data where there is no compelling reason for us to continue processing.
Right to restrict processing - You have the right to request we cease processing your data, if:
• You consider it inaccurate or incomplete;
• Where you object to processing and we are considering whether we still have a legitimate interest to process it.
• Where we don’t need the data for the original reason we collected it, but may need it to support a legal claim
Right to data portability - Where you have consented to our processing your data, or where the processing is necessary for us to deliver a contract, you can request a copy of that data be provided to a third party in electronic form.
Right to object - You have the right to object to our processing under certain circumstances. For example, you can object to:
• direct marketing (including profiling); and
• processing for purposes of scientific/historical research and statistics
Rights relating to automated decision making including profiling - Where we apply automated decision making, we must
• give you information about the processing;
• introduce simple ways for you to request human intervention or challenge a decision;
• carry out regular checks to make sure that our systems are working as intended
Information related to automated decision making is contained later in this notice.
What personal information will we collect?
In order to process your booking, we need to collect certain personal details from you. These details will include, where applicable, the names and addresses of party members, email address, postal address, telephone number, credit/debit card or other payment details, passport numbers, dates of birth and special requirements such as those relating to any disability or medical condition which may affect the chosen holiday arrangements and any dietary restrictions which may disclose your religious beliefs. If we need any other personal details, we will tell you before we obtain them from you.
What do we use this information for?
How we use the information we collect depends in part on which Services you use, how you use them, and any preferences you have communicated to us. Below are the specific purposes for which we use the information we collect about you
For quotes: we use your details to provide you with the information requested and to be able to pass this information on to you.
For marketing purposes: We would like to use this information to keep you informed about our products and services as well as future events and special offers that we think you will be interested in. This may be based on your travel preferences where appropriate. You can use the Unsubscribe button on our marketing emails to remove yourself from the list at any time. Please get in touch with our Data Protection Administrator using the details at the bottom of this policy if you would like us to remove your details from our customer records entirely.
For bookings: We use your data for contact purposes, to prepare quotes and book holiday arrangements according to your requirements including your payment, flight, holiday, security, incident/accident management or insurance, etc.In order for you to travel abroad, it may be mandatory to disclose and process your information for immigration, border control, security and anti-terrorism purposes, or any other purposes which they determine appropriate. Some countries will only permit travel if you provide your advance passenger data (for example Caricom API and US secure flight data). These requirements may differ depending on your destination and you are advised to check. Even if not mandatory, we may exercise our discretion to assist where appropriate.
It may sometimes be necessary to collect personal data that may be considered Special Category (e.g. health, religion) to cater to your needs or act in your interest. We will only be able to accept this data for booking purposes with your consent.
With your consent: We use information about you where you have given us consent to do so for a specific purpose not listed above. For example, we may publish testimonials or featured customer stories to promote our Services, with your permission.
Lawful basis for using your personal data in this way
Contract: We use the personal information provided because you have asked for something to be done e.g. for some information to be sent or a quote.
Contract: The processing is necessary in relation to a contract you have entered into for a holiday or other arrangement or because you have asked for something to be done e.g. a quote, car hire, travel insurance
Consent: If it is necessary to process sensitive personal information in relation to your request (e.g. relating to health or religion) we will obtain your consent to collect this data and to share it with suppliers when necessary.
Legitimate Interest: If you have requested any of our services e.g. A quote, registered for attendance at one of our events or requested an informational download, we would like to keep in touch about our products and services. If you do not want to receive any further information on forthcoming events, destination news and special offers, no problem. Just let us know using the contact details below or use the unsubscribe option on our emails.
What happens if you do not provide this Personal Information?
If you do not wish to supply us with this information, it may not be possible for us to assist with your enquiry or booking.
Who do we share your data with?
- WE WILL NEVER SHARE YOUR DATA WITH OTHER COMPANIES FOR MARKETING PURPOSES. NOR WILL WE SELL OR RENT YOUR DATA TO THIRD PARTIES.
- No 3rd parties have access to your personal data unless the law allows them to do so.
- We use email marketing software to keep in touch. You can access their privacy statement here https://www.campaignmonitor.com/policies/#privacy-policy
- In the case of a confirmed booking, please be informed that we must pass it to suppliers of your travel arrangements, including airlines, hotels and transport companies; we may also supply it to public authorities such as customs and immigration. When you make this booking, you consent to this information being passed to the relevant people. We will let you know who we need to share your information with at the time of booking.
- We sometimes use GDPR compliant third party software to help us with tasks and therefore need to process your data via their servers for processes such as bookings, and sending marketing emails. We disclose only the personal information that is necessary to deliver the service and we have a contract in place that requires them to keep your information secure and not to use it for their own direct marketing purposes.
How long do we keep your data for?
Personal data that we process via this website for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
We will retain your personal data as follows:
(a)Personal data supplied for the purposes of a holiday enquiry or quote will be retained for a minimum period relating to the valid date of a quote and for a maximum period of the length of our business relationship.
(b) Data supplied for the purposes of general enquiries will be kept until the enquiry has been satisfactorily answered.
(c) Personal details attached to your booking will remain on our booking system invoices and be retained in accordance with the law relating to income tax and audit purposes.We do not retain any payment card details.
How do we keep your data safe?
No system is guaranteed 100% secure but we have taken the appropriate precautions to safeguard your data wherever possible.
- Our website is protected by an SSL encryption certificate to create a secure link between our website and your browser protecting your information from hackers.
- Our Website is hosted on highly secure UK data servers with dedicated firewall protection.
- We only use GDPR compliant third party service processors for helping us to manage tasks (such as sending you mailings). We disclose only the personal information that is necessary to deliver the service and we have a contract in place that requires them to keep your information secure and not to use it for their own direct marketing purposes.
- Enquiries made via our holiday search or offers pages are processed securely by third party software hosted on highly secure UK data servers.
- We store your personal details securely on our software hosted on UK servers
We have taken all reasonable steps and have in place appropriate security measures to protect your information. All staff are trained in our Data Protection Policies and we use security measures such as password protected access to our in-house computer systems, data sharing agreements with joint controllers e.g. Tour Operators and processing contracts with our software providers.
Do we transfer your personal information outside the EEA and what safeguards are in place?
As a travel company it is sometimes necessary for us (or our suppliers) to send your data to countries outside the EEA and outside the EC list of countries deemed to have adequate levels of Data Protection for international transfers of data in order to fulfil your booking. Please ask if you have any concerns.
The Holiday Designers website sets cookies in order to help with the tracking of site usage statistics and to enable certain user features, such as brand tracking. The data is only used internally for reporting and management of the business. You may of course choose to block these cookies if you wish, and the majority of the site will continue to function normally. This can be done by changing the security settings in your internet options.
Your information is controlled by Holiday Designers Ltd and If you believe that any of your personal details which we are processing is inaccurate, incorrect or have questions or concerns about how your information is handled, please direct your inquiry to Dan Lion, Holiday Designers Ltd as set out below:
Holiday Designers Ltd
23/24 Bourne Court