About Your Privacy
In this section we’d like to let you know how we promise to look after all your personal information.
This applies whether you are a customer, potential customer, enquirer, book directly or through a travel agent, are a website visitor, app user, call centre user, competition entrant or job applicant.
Here we explain what information we collect, how we do it, what we do with it, who we share it with, how long we keep it, how we keep it secure and we tell you about your privacy rights and how the law protects you.
We are the data controller for your information and looking after your data and using appropriately is as important to us as providing you with a wonderful holiday.
So, we have tried to be as clear and brief as we can. If you need more explanation, or would like to discuss anything here, please contact us.
Who are we?
Really Good Holidays Ltd is based at 15 Norbiton Ave, Kingston upon Thames, KT1 3QR. You can contact us by post at the above address, by email at email@example.com or by telephone on 020 8004 3003.
We are not required to have a data protection officer, so any enquiries about our use of your personal data should be addressed to the contact details above.
How does the law protect you?
As well as our own privacy policies, you are protected by law. The scope and requirements of data protection were updated in the General Data Protection Regulation adopted by the UK government in May 2018. In this section we will explain how it works.
The law says that we are allowed to use/hold personal information only if we have legal grounds to do so. This includes sharing it outside Really Good Holidays Ltd.
You also enjoy rights to view your information, restrict its use and to have it deleted (subject to certain statutory or legal considerations). We explain more about this here.
On what legal grounds will we hold or use your information?
We will hold/use your information for either:
• The performance of your contract with us and the provision of our services to you;
• To comply with a legal obligation we have;
• For our legitimate interests (we explain what we mean by this below);
• To protect your vital interests;
• With your express consent;
• For establishing, exercising or defending legal claims.
What do we mean by 'legitimate interests'?
In certain circumstances we may use your personal information to pursue legitimate interests of our own or those of third parties, as long as your interests and fundamental rights do not override those interests.
By ‘legitimate interests’ we mean our interests in conducting and managing our business activities and to ensure that we are guaranteeing the best service and experience for you.
• Using your information to protect you against fraud when you transact on our site, and to ensure that our systems and sites are secure;
• Determining the effectiveness of our site / tools / services and improving the security and optimisation of our network, sites and services;
• Confirming information that you provide to us in a CV or application, by reference to past employers and/or publicly available employment or business profiles;
• Personalising, enhancing, modifying or otherwise improving the services and/or communications that we provide to you, such as sending you marketing and serving you with advertising that is relevant and likely to be of interest to you; and/or
• Detecting, monitoring and preventing fraud or other unlawful acts, and operating a safe and lawful business.
Where we use your information for our legitimate interests, we make sure that we take into account any potential impact that such use may have on you. Our legitimate interests don’t automatically override yours, and we won’t use your information if we believe your interests should override ours unless we have other grounds to do so (such as when we have your consent, or we have a legal obligation to use your information in that way).
If you have any concerns about our processing your information, please read Your rights over your information (below) or contact us using the information given here.
As we outline in the section ‘Your Rights’ below, you have the right to object to our using your information for our legitimate interests. However, please keep in mind that your objection to this sort of processing may affect our ability to carry out the tasks that we have set out above.
What information do we collect?
The type of information we collect about you depends on the nature of your interactions with us. Depending on the circumstances, we collect any of the following:
• Details about you. Your name, email address, address, telephone number, date of birth, your accommodation/travel preferences, payment details, meal/dietary requirements, hobbies and social interests, if necessary, information about your health to the extent that it’s relevant to your fitness to fly or work, your holiday itinerary or to provide you with special assistance; any information about other persons you represent (such as those on your booking);
• Identification documents. If you are travelling on a route requiring Advance Passenger Information (API), your passport or identity card details including your passport number, the country in which your passport was issued and the expiry date;
• Details about the services you arrange with us. Your travel details, including details of your travel itinerary, where you are flying from and to, your booking information, any onward travel details if relevant (for example if you need our assistance for a connecting flight, if you’ve booked transportation or a tour with us), details of experiences, extras or excursions booked through us, your baggage requirements, any upgrade information, your lounge visits, seat preferences, meal preferences or requirements, details of any special assistance you might need from us and any other information relevant to enable us to provide you with the travel or other services that you’ve arranged with us;
• Your interactions with us. Information about your interactions or conversations with us and our people, including when you make enquiries, comments, complaints or submit feedback to us (whether via email, third party feedback or simply verbally to us);
• Job applications. If you apply for a job with us, your CV, (work history, educational details etc), the role you’re applying for, your NI number, nationality, gender, date of birth, contact details and passport/right to work details;
• Your use of our systems and services. Details of the way in which you use our site, app, call centres and/or social media pages please see What we collect when you interact with our site and apps for more information.
We will update your information whenever we can to keep it current, accurate and complete.
How do we collect information about you?
Your information is collected when you request information from us, contact us (and vice versa), make a booking, use our website(s)/apps, link to or from our website(s)/apps, connect with us via social media, review our services, seek employment with us and any other engagement we or our business partners have with you.
How we collect information about you will depend on how you interact with us and what services you arrange with us. Depending on the circumstances, we collect information in any of the following ways:
• When you browse our site or mobile application;
• When you book or search for a holiday or other service (such as a flight, hotel chalet etc) via our site/app, our call centre;
• When you fill in part of the booking information on our site but do not complete the booking;
• When you apply for a job with us by email or via the site;
• When you contact us via our call centre, press office, social media, post, email;
• When you request a brochure, sign up to receive email updates, participate in any of our competitions, promotions (for example via any social media channels, email or our site), surveys or market research;
• When you provide us with information about an accident, illness or incident that occurred in connection with your holiday;
• When you make a complaint;
• When you attend any events we host.
What we collect when you interact with our sites and apps
As you may already know, most sites and apps collect certain information automatically in log files about the way in which you interact with them. This might include your IP address, geographical location, device information (such as your hardware model, mobile network information, unique device identifiers) browser type, referral source, length of visit to the site or app, number of page views, the search queries you make, and similar information.
This information will be collected by us or by a third party site analytics service provider and will be collected using cookies.
We use this information to save your settings, such as the last holiday you searched for so you can find it easily the second time, give you access to more great features on our website, help improve our functionality and services, run diagnostics, analyse trends, track visitor movements, gather broad demographic information and personalise our services.
How do we use your personal information?
We’ll use your information for a variety of different purposes, some of which will depend on the services that you engage us for. This includes:
• To manage your booking with us. We will use your information to provide you with any services that you request or purchase from us. This includes booking your flight, accommodation, arranging a tour, transportation or car hire, and issuing you with your tickets, and providing you with any special assistance;
• To send you service communications and support services. We will use your information to send you any communications relevant to the services you’ve requested or purchased from us. This includes sending you an email to notify you of changes to your itinerary, or providing you with a voucher, ticket or e-ticket. We will also provide you with customer service and support, deal with your enquiries, scheduling changes, complaints, comments or observations shared with us (on the basis of performing our contract with you or on the basis of our legitimate interests to provide you with customer service);
• To send you marketing communications. We will use your information to keep you up to date with the latest news, events, offers, sales, brochures, promotions and competitions that we think might be of interest or relevant to you (either on the basis of your consent where we have requested it, or our legitimate interests to provide you with marketing communications where we may lawfully do so). See Our Marketing to you below for more information;
• To provide assistance with online bookings. We collect your information when you fill in the required fields of our online booking forms but do not complete your booking or transaction in order to offer our assistance in case you are experiencing difficulties with our website;
• To personalise your customer experience. We use your information to provide you with a more personalised service. For example tailoring the communications that we send to you with your preferred destinations, serving you only with advertising that we think you might like and/or enhancing your holiday experience (on the basis of our legitimate interests to present you with the right kinds of products and services);
• To improve our customer service. We may record calls to our call centre and/or monitor calls for the purposes of improving our customer service, ensure quality assurance, training, security and for general business purposes (on the basis of our legitimate interest in improving our customer service);
• To process your job applications. We will use your information to process any job applications that you submit to us, whether directly or via an agent or recruiter (speculatively or in response to any ad) on the basis of our legitimate interest to recruit new employees or contractors;
• To optimise our sites and app. If you use our sites or apps, we will use your information to ensure that the content from our websites are presented in an effective manner for you and your device, to provide you with access to our site and app in a manner that is effective, convenient and optimal, and to provide you with content that is relevant to you, using site analytics and research and in certain circumstances combining that with other information we know about you (on the basis of our legitimate interests to operate and present an effective and convenient website to our website users);
• To ensure security and protect our business interests. In certain circumstances, we use your information to ensure the security of our services, buildings, and people, including to protect against, investigate and deter fraud, unauthorised or illegal activities, systems testing, maintenance and development (on the basis of our legitimate interests to operate a safe and lawful business or where we have a legal obligation to do so);
• To conduct research. We use your information to carry out aggregated and anonymised research about general engagement with our services and systems, or if you choose to participate in customer surveys, consumer focus groups and research (on the basis of our legitimate interests to improve our products, services and customer service); and
• To comply with our legal obligations. In certain circumstances, we will need to use your information to comply with our legal obligations, for example to comply with any court orders or subpoenas (on the basis of our legitimate interests to comply with a legal obligation).
Who do we share your information with?
We share your personal information with the following third parties:
• Third party suppliers that we work with to provide your booking and our other services to you. This includes: our cloud-based reservations system, credit/debit card processors, airlines, yacht charter providers, hotels, tour operators, transport companies, excursion providers, airport authorities, insurance companies, car hire companies, ski hire and lift pass companies and ground handling agencies;
• Other third party suppliers that we work with in connection with our business. marketing agencies and/or companies that run our marketing campaigns, IT developers, service providers and hosting providers, third parties that manage promotions or competitions that we may run, third party software companies that provide us with applications on a white label basis, review sites, advertising providers and networks, site analytics providers, and credit card screening companies;
• Airports, immigration / border control and/or other government authorities. Some destinations require airlines and tour operators to provide Advance Passenger Information (API) about you to the border/immigration authorities of the country of your travel destination. API comprises the basic information contained in your passport that you would be required to present on your arrival. In addition, laws in certain destinations such as the USA and other countries require airlines to provide certain additional advance information about you and your travel arrangements. We will provide this information where we are required to do so;
• Third parties for marketing. We share your information with any selected third party that you consent to our sharing your information with for marketing purposes;
• Courts or advisers. We share your information with other third parties (including legal, accountants or other advisors, regulatory authorities, courts and government agencies) where necessary to enable us to enforce our legal rights, or to protect the rights, property or safety of our employees or where such disclosure may be permitted or required by law.
Where we do share your information with third parties, we will require them to maintain appropriate security to protect your information from unauthorised access or processing, unless we have no ability to do so (for example, where we are sharing information with border agencies or enforcement authorities).
How long do we keep your personal information?
We keep your information for as long as is reasonably necessary to enable us to:
• Provide you with the services that you have requested from us;
• Comply with any legal obligations that require us to keep information;
• or for as long as we reasonably require for our legitimate interests, including for example for the purposes of exercising our legal rights or defending ourselves against claims.
We operate a data retention policy and look to find ways to reduce the amount of information we hold and the length of time that we need to keep it.
We try to adopt a paperless approach wherever possible and securely destroy any paper correspondence we receive on a regular basis unless we are required to retain it for evidential or legal purposes.
We retain personal information including CVs, or job application forms and interview notes s so that we can demonstrate that our recruitment has been conducted in a fair and transparent way and that candidates have not been discriminated against.
If your application has been unsuccessful, we will retain this for a period of up to 1 year in case we think you might be suited to another opportunity that becomes available in the near future.
Our Marketing to you
We can only use your personal information to send you marketing messages if we have either your consent or a ‘legitimate interest’. Legitimate interest is when we have a business or commercial reason to use your information in a way that is fair and potentially beneficial to you.
We will keep you up to date with our latest routes, offers, partnerships, sales, promotions, competitions that we think might be of interest/relevant to you if you have:
• Purchased services such as a holiday from us and have not told us that you don’t want to hear from us; or
• Signed up to receive marketing communications from us and have not later told us that you don’t want to hear from us.
If you no longer want to hear from us, you can opt out or unsubscribe by:
• Following the “unsubscribe” link contained in any marketing communications that you receive from us;
• By Email to: firstname.lastname@example.org
• By Phone on: 020 8004 3003
Your rights over your information
From 25 May 2018, you will have certain additional rights in respect of the information that we hold about you, including:
• The right to withdraw consent that you have provided to us to use your personal information;
• The right to receive a copy of any information we hold about you (or request that we transfer this information to another service provider) in a structured, commonly-used, machine-readable format;
• The right to object to our using your information on the basis of our legitimate interests and there is something about your particular situation which makes you want to object to processing on this ground;
• The right to ask us to limit or cease processing or erase information we hold about you in certain circumstances.
You can exercise your rights by contacting us using the details above, or by checking the applicable boxes on forms that we use to collect your information, or use the unsubscribe function at the bottom of the emails we send you.
We will comply with your requests unless we have a lawful reason not to do so.
Please be aware that we may need you to provide additional information (such as to confirm your identity and/or to confirm what information you wish to access) in order to process your request.
Your right to complain
However, if you’d still like to make a formal complaint or have concerns regarding the ways in which we use your information, you can contact the Information Commissioner’s Office (also known as the “ICO”). The ICO is an independent authority and the UK’s supervisory authority for information rights.
You can register your concerns on the ICO site by clicking here.
How do we look after your information?
We strive to constantly keep our security practices under review to make sure that we’re keeping your information as safe as possible. We use a variety of different technical and operational security measures to protect your information against unauthorised access or unlawful use. For example we:
• Ensure the physical security of our offices;
• Ensure the physical and digital security of our equipment, devices and systems by making sure they are in good working order, mandating appropriate password protection, encryption and access restrictions;
• Ensuring we work with only PCI DSS compliant companies, meaning that we and they apply certain high standards of security in respect of your payment information;
• Ensure appropriate access controls so that access to your information is only granted to those of our people that need to use it in the course of their work;
• Carry out regular penetration testing of our systems and third party reviews of our software; and
• Maintain internal policies and deliver data protection and confidentiality training to make sure our people also understand their responsibilities in looking after your information and commit to taking appropriate measures to enforce these responsibilities.
In certain circumstances information that we collect about you will be sent to and held by us in countries outside of the EU.