What is our role in relation to your personal data?
For the purposes of data protection laws, Hidden History Travel is a data controller in respect of the personal data you provide us with. Thus, in order to deal with enquiries, make your booking and provide your holiday and any requested information, we need to collect some personal data and process this.
The information below describes in more detail how and why we obtain and process data which can identify you. It also describes how you can exercise your rights and who to contact in the event you are unhappy with our performance.
What is my personal data and what do you mean by process?
When we refer to personal data, we mean any information which relates to an identified or identifiable individual. Where we refer to process or processing, we mean anything which we may do with your personal data including collecting, storing, using, disclosing to third parties and erasing it.
What personal data do we collect, and how?
We collect personal data when you enquire about our holidays, register for our email newsletters, or request a brochure by telephone, email or through one of our website enquiry forms. This normally consists of your name and email address, and/or a telephone number and postal address when required.
If you make a booking with Hidden History Travel, we also need to collect additional personal data, which will usually include some or all of the following information:
1) For tours within the UK:
- Full names of all persons travelling.
- Postal address, telephone number and email address of the person making the booking.
- Special requests or additional requirements (such as any relevant medical conditions or health issues which may affect your holiday experience, any room needs or preferences, and any dietary requirements).
- Emergency contact information. This is usually your next of kin (their name, relationship to you, telephone number and/or email address).
2) For tours outside the UK we additionally require:
- Dates of birth of all persons travelling.
- Passport information of all persons travelling.
- Travel insurance details (insurance company, policy number and the emergency assistance telephone number).
Voluntary information: We may also ask some further voluntary questions during your enquiry to help us create a holiday experience tailored to your personal requirements. For example, the destinations or themes you are most interested in, any special occasions such as your wedding anniversary, or your preferences regarding hotel room types. We may store this information to help provide a better service in future.
Questionnaire feedback: We welcome all feedback on our holidays, and will process and store your responses in order to assess our tours, help us to improve them, and address any complaints or queries. We may also from time to time use a quote from your feedback as a testimonial on our website or in one of our brochures, but we will of course refrain from publishing your comments or remove them immediately if you ask us to do so.
Images: When travelling on our tours opportunities may occasionally arise for photographs or videos which document the tour in some way. These can be useful for promoting our tours in, for example, our brochure or on our website. Naturally, such images can sometimes include our tour participants but their use will not include your name or any other personal data unless expressly agreed by you. We will of course refrain from using any images in which you are included if you ask us to do so.
Website activity: We use Google Analytics as a data processor to collect statistical data about our users’ browsing actions and patterns on our website. This information does not identify any individual and is not stored by Hidden History Travel. Google may collect information about your computer including, where available, your IP address, operating system and browser type, for system administration purposes.
We may allow third parties to serve cookies on our website, and we may use these to help us with market research and to help us to improve site functionality. To learn more about cookies, and how you can choose to disable them on your internet browser, visit www.aboutcookies.org
Credit/debit card details: If you choose to pay for your holiday by credit or debit card, Hidden History Travel does not store your card details. The card details you give us by telephone are, instead, sent directly to our authorised payment provider (currently WorldPay Ltd), via an encrypted connection. Our compliance with WorldPay’s security requirements does not allow us to record or retain the details.
Generally speaking, clients who have travelled with Hidden History Travel, or who have ‘opted-in’ to receive brochures, newsletters or other information, like to be kept informed of future holiday possibilities or events. If you have previously travelled or ‘opted-in’ in this way, we may keep sending you such information for as long as we reasonably consider your consent remains valid and effective with legitimate interests.
However, you can choose to ‘opt-out’ and stop receiving further marketing communications at any time, and you can choose in what ways you are happy to receive communications from us—post, e-mail, text or phone call. To do this simply either click on the unsubscribe link which appears on all our marketing e-mails, or call 0121 444 1854, or email firstname.lastname@example.org.
If you are subscribed to our email newsletters, we may track whether you open the message and click on any of the information enclosed. This helps us to know if you received it, and to improve the content and style of our email messages.
Who may we disclose personal data to?
We never sell personal data to any third party. We only share it with third parties where necessary in order to fulfil your booking, or if required by law. Your personal information may be shared with:
- Hidden History Travel’s appointed representatives and service providers, including hotels or accommodation providers, ground handlers and destination management companies, visa processing companies, airlines and other transportation providers. Please note that because of the nature of our business these companies may be located outside the UK/EEA.
- For brochure and marketing mailings, your name and postal address will be shared with the mailing company which prints the envelopes and mails them for us. They do not receive any other personal data from us and we use reputable mailing companies with their own data protection policies.
- UK and overseas government agencies, who may request your passport information or contact details for visas, immigration, security and anti-terrorism purposes.
We only provide third parties with the personal data they require in order to deliver their services. Other than in relation to government / public authorities (over whom we have no control), we will take appropriate steps which are intended to ensure that anyone to whom we pass your personal data for any reason agrees to keep it secure, only uses it for the purposes of providing their services and does not collect any personal data from you in the course of performing their services.
Protection of your personal data
We take appropriate technical and organisational measures to protect against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data. Keeping personal data secure is of great importance to us and there are a number of measures we have in place to maintain its security.
We have appropriate security measures in place to protect against loss, misuse or alteration of information that we have collected. We use network access control technology, including VPN encryption, to limit access to the systems on which personal information is stored, and we monitor for possible vulnerabilities and attacks. A firewall (security software) is in place to protect our internal information from the Internet. Anti-virus and anti-malware software is in place to regularly scan our network and prevent or detect threats. We make regular back-ups of all data to minimise loss due to disasters such as fire, flood, theft or malware. This back-up data is stored in a separate. secure location and enables us to get up and running as quickly as possible after a disaster. Any paper records of personal data that need to be retained are securely stored until due for destruction.
Please be aware that data transmission over the Internet cannot be 100% guaranteed to be totally secure. As a result, whilst we strive to protect your personal information, you should be aware that any information you send to us is done so at your own risk.
We recognise that you have rights as a ‘data subject’, and that we have an obligation to uphold these. You have a right to be informed about how we collect and use your personal data. You have a right to access this personal data and to request that we correct any inaccuracies, or delete it if there is no legitimate interest for us to process it.
Accessing and updating your personal information
You are entitled to ask us what personal data of yours is being held or processed, for what purpose and to whom it may be or has been disclosed. We want to make sure that we have the most accurate, relevant and up-to-date information at all times, and will endeavour to contact you if we think that our information is not correct. Please contact us if you believe that we have inaccurate information, or if your personal information has changed.
How long can we retain and process your personal data?
We will not process your personal data in a form which enables you to be personally identified for any longer than is necessary in order to fulfil the purpose for which it was originally collected or for any other legitimate business purpose.
Where your personal data has been provided for the purpose of the holiday arrangements or other services you have contracted, we are entitled to retain this data for a period of up to seven years after those arrangements have been completed. We hold this information to support our legal and regulatory requirements.
If you have consented to receiving marketing communications from us, we may continue to use your personal data for this purpose until you withdraw your consent or otherwise for as long as we reasonably consider your consent remains valid and effective with legitimate interests.
Can you ask us to delete your personal data?
Yes, you can ask us to erase your personal data in certain circumstances, for example where you have withdrawn your consent to further marketing material where the data in question has only been processed for this purpose. However, this is not always the case. Please see the previous paragraph for further information on the period of time we may retain personal data.
Changes to this policy
What should I do if I have a complaint about the processing of my personal data?
If you have any complaint about the way in which your personal data has been dealt with, please let us know by e-mail to email@example.com. We will investigate and respond to you as soon as we reasonably can. If you remain dissatisfied, you may complain to the Information Commissioner’s Office. For further details, see www.ico.org.uk
- By telephone: 0121 444 1854.
- By email: firstname.lastname@example.org
- By post: Hidden History Travel, 103 Addison Road, Birmingham, B14 7EP
Registered office: Hidden History Travel, 103 Addison Road, Birmingham, B14 7EP