OUR PRIVACY PROMISE
Here at Holiday Architects we are committed to protecting and respecting your privacy. This privacy notice explains how we collect, use and store personal information about you, and tells you about your privacy rights and how the law protects you.
If you have any questions about this privacy notice or the ways in which we handle your personal information please contact us using the details set out in the “WHO WE ARE AND HOW TO CONTACT US” section below.
CHANGES TO OUR PRIVACY NOTICE
Our privacy notice was last updated on 10th December 2018. We may update our notice at any time, for example to make sure that we continue to collect, use and store your personal information fairly, securely and in accordance with data protection law in the UK. If we decide to materially change this privacy notice, the changes will be posted on our website so that you are always informed of the latest version. We suggest that you regularly revisit this update section to make sure that you keep up-to-date with any changes we make.
WHAT IS PERSONAL DATA?
Personal data, or personal information, means any information about you from which you can be identified.
WHEN DOES OUR PRIVACY NOTICE APPLY?
Our privacy notice applies when:
- you visit our website using any device, including your mobile phone;
- you contact us by post, telephone or email; and
- when you book a holiday and/or other services with us (such as a flight, hotel, lounge access, transportation, activity or excursion).
WHAT DOES OUR PRIVACY NOTICE TELL YOU?
Our privacy notice:
- explains how we collect, use and store personal data about you; and
- tells you about your privacy rights and how the law protects you.
Our privacy notice is set out in a layered format so that you can click through to the information you want to find using the headings set out below. You can also download a full pdf version of our policy here [LINK].
- WHO WE ARE AND HOW TO CONTACT US
- THE PERSONAL DATA WE COLLECT ABOUT YOU
- HOW YOUR PERSONAL DATA IS COLLECTED
- HOW WE USE YOUR PERSONAL DATA
- WHO WE SHARE YOUR PERSONAL DATA WITH
- TRANSFERS OF YOUR PERSONAL DATA OUTSIDE THE UK
- HOW WE KEEP YOUR PERSONAL DATA SECURE
- HOW LONG WE KEEP YOUR PERSONAL DATA
- YOUR LEGAL RIGHTS
References in this privacy notice to “we”, “us” or “our” means Holiday Architects, the trading name for A & D Holidays Ltd, a company registered in England and Wales under company number 07261883.
We operate the following websites: https://holidayarchitects.co.uk,
https://peruholidayarchitects.co.uk, https://moroccoholidayarchitects.co.uk, https://cambodiaholidayarchitects.co.uk, https://galapagosholidayarchitects.co.uk https://namibiaholidayarchitects.co.uk, https://newzealandholidayarchitects.co.uk https://laosholidayarchitects.co.uk, https://jordanholidayarchitects.co.uk https://zimbabweholidayarchitects.co.uk, https://zambiaholidayarchitects.co.uk https://botswanaholidayarchitects.co.uk, https://equadorholidayarchitects.co.uk
We are the “data controller”, which means that we are responsible for deciding how we hold and use personal data about you.
If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact us using the details set out in the “WHO WE ARE AND HOW TO CONTACT US” section below.
- Write to us at: Data privacy manager, A&D Holidays Ltd, Knapp Lane, Parker Court, Cheltenham GL50 3QJ,
- Email us at: [email protected]
- Call us on: 01242 253 073
If you are contacting us to exercise your legal rights relating to your personal data, please let us know what personal data you are contacting us about, and what you want us to do, or stop doing, with that data.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
- Identity Data includes first name, last name, [username, password, security question and answer ] title, date of birth, gender and, if you are travelling on a route requiring Advance Passenger Information, your passport or identity card details including your photograph, passport number, the country in which your passport was issued and the expiry date;
- Contact Data includes postal addresses, billing addresses, email addresses and telephone numbers (including mobile phone numbers);
- Travel Data includes your travel details, such as your travel itinerary, where you are flying from and to, any onward travel details if relevant (such as connecting flights), details of activities and excursions booked through us, your baggage requirements, any upgrade information, seat preferences, meal preferences and any other information to enable us to provide you with the travel or other services that you’ve arranged with us. Financial Data includes bank account and payment card details;
- Transaction Data includes details about payments and other details of products and services purchased from us;
- Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, operating system and platform and other technology on the devices you use to access our website, details of the website from which you visit us and keywords you used, the pages on our website that you visit and in what sequence, and the date and length of your visit.
- Profile Data includes your reasons for travelling (such as a wedding or honeymoon), meal and other travel preferences or dietary requirements and, if necessary, information about your health to the extent that it’s relevant to your fitness to fly, your holiday itinerary (such as any activities you wish to participate in) or to provide you with special assistance. We also collect information about the history of our interactions and communications with you, such as products and services you’ve purchased from us, your personal interests, preferences, feedback, complaints and survey responses.
- Sensitive Data this is most likely to include:
- information about your health, for example, if you ask us to provide you with special assistance during your holiday, or to determine your fitness to fly or participate in any excursions or activities you wish to book through us, or to specify a meal preference that indicates a medical condition, such as celiac disease; and/or
- information about your religion, for example, if you specify a meal preference that that indicates a particular religion, such as a kosher or halal meal.
- We seek to limit any sensitive personal data we collect and, unless we have another specific lawful reason to use this information, we will ask for your consent to collect it.
- Usage Data includes information about how you use our websites.
- Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
Other people’s details: Sometimes you may be given the opportunity to submit personal information about other people. For example you may be booking travel arrangements with us on behalf of a number of different people. You must obtain permission from other people, or from their parent or guardian if they are aged below 16 years old, before you submit their information to us and provide them with a copy of this privacy notice or direct them to the privacy notice displayed on our website.
We use different methods to collect data from and about you including through:
- Information you give us: Personal Data may be given by you directly when you:
- fill out a contact form, Quick Quote enquiry form, or sign-up to our newsletter on one of our websites;
- make a purchase of products or services from us e.g. when you book a holiday with us;
- sign up to receive emails or other marketing communications from us;
- enter a competition, promotion or survey (via any social media channels, email or one of our websites);
- contact us by post, telephone, email or social media; or
- when you attend any events we host.
- Information we collect about you: When you visit our websites we may automatically collect Technical Data about you. We collect this personal data by using cookies, server logs and other similar technologies.
- Information received from third parties or publicly available sources: We may also receive Personal Data about you from publicly available sources such as the electoral register and from third parties such as an airline or hotel if you make a complaint, and from analytics providers, e.g. Google.
We will only use your personal information when the law allows us to: We need to have a “lawful basis” to use your Personal Data. The types of “lawful basis” that we will rely on to process your personal data are as follows:
- To perform a contract: Where it is necessary to perform a contract we are about to enter into or have entered into with you to provide you with products or services that you request or purchase from us, for example, to book your flights, hotels, arrange a tour, excursions, activities, transportation, car hire, issue you with tickets/e-tickets or vouchers, provide you with customer service and support, deal with enquiries, changes to itineraries or scheduling changes, deal with your complaints or feedback and to provide you with any special assistance;
- It is in our legitimate interests: Where it is necessary for our legitimate interests (or those of a third party) and our interests are not overridden by the potential impact on your rights and interests.
We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we use your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
By “Legitimate Interests” we mean our interests in conducting and managing our business to enable us to give you the best products and services and the best and most secure experience, for example to:
- personalise your customer experience, such as tailoring the communications that we send you with your preferred destinations;
- improve our customer service, such as recording and/or monitoring calls for the purpose of improving our customer service, ensure quality assurance, training and security;
- optimise our websites to ensure that content from our site is presented in the most effective manner for you and for your computer;
- prevent fraud, for example, such as using your information to protect you against fraud and to ensure that our systems are safe and secure;
- conduct research, such as using your information to carry out aggregated and anonymised research using site analytics, or if you choose to take part in a customer survey, to study how customers use our products and services to help us develop and improve our products and services and inform our marketing strategy; and
- to send you marketing communications, for example, to keep you up-to-date with the latest news, events, brochures, promotions and competitions we think may be of interest and relevant to you. We may need your consent to send you marketing communications in certain circumstances, please see the “Direct Marketing – your choices” section below for more information)
We may also combine information we may receive about you with information you give to us and information we collect about you. We will use this information and the combined information for the purposes set out above (depending on the types of information we receive).
We may use automated processing to analyse combined information about you, which is software and other technology that analyses data and automatically makes decisions based on that analysis, for example, to decide which products and offers would be relevant for us to contact you about
You can obtain further information about how we assess our legitimate interests against potential impact on you by contacting us using the details in the “WHO WE ARE AND HOW TO CONTACT US” section above.
- To comply with a legal obligation: Where we need to comply with a legal or regulatory obligation, for example, a court order in a legal action.
- Where we have your consent: We will require your prior consent, for example, to use your Contact Data to send you electronic direct marketing (such as emails or texts) and we may require your prior consent to use any sensitive data about you, for example if you have asked us to provide you with any special assistance or we require certain details about your health to assess your fitness to fly or ability to participate in an activity or excursion you have asked us to book for you.
We may have more than one lawful basis to use your personal data depending on the specific purpose for which we are going to use that data. Please contact us using the details in the “WHO WE ARE AND HOW TO CONTACT US” section above if you need details about the specific ground we are relying on to process your personal data.
We will only use your personal data for the purposes for which we collected it:
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is related to the original purpose. If we need to use your personal data for an unrelated purpose, we will let you know and will explain the legal basis which allows us to do so.
Direct Marketing – your choices:
How to Opt-in: You will only receive electronic marketing communications from us (such as emails and texts) if you have:
purchased products or services such as a holiday from us and have not told us that you don’t want to hear from us; or
requested information from us, for example, by signing-up to our newsletter; or
specifically opted-in to receive details about our products, services, events, activities, promotions and special offers which we feel may be of interest to you when we have given you the choice to do so, for example, when you book a holiday and/or other services with us.
If you wish to be contacted for these purposes please make sure that you tick the appropriate box or boxes when you are given the option to do so, otherwise we will assume that you do not want to be contacted.
We will not pass your information onto third parties for marketing purposes before getting your express consent to do so.
How to Opt-out: Your participation in our marketing activities is voluntary. If you ever want to change your preferences regarding our use of your personal information for marketing purposes, or opt-out altogether from receiving further marketing information, you can:
- use the opt-out or unsubscribe links in any marketing message we send you; or
- contact us at any time by email or phone using the contact details in the “WHO WE ARE AND HOW TO CONTACT US” section above.
Where you opt-out of receiving marketing communications from us, we may continue to use your personal data for the other purposes we have explained in the “HOW WE USE YOUR PERSONAL DATA”] section of this policy.
We will only share your personal data with the following third parties or in the following circumstances:
- To our service providers and suppliers: So that we can make certain services and products available to you we may need to share your personal data with some of our service providers and suppliers, such as airlines, hotels, tour operators, transport companies, excursion providers, airport authorities, insurance companies, car hire companies, UK suppliers of ancillary services for your holiday, ground handling agencies and card processing providers, as well as IT providers, site analytics providers and marketing service companies to, for example:
- host our website;
- operate certain of the features of our website such as online bookings, ticket sales and the processing of online transactions;
- send marketing communications, run contests and promotions and conduct customer research on our behalf;
- manage and analyse our network status and the responsiveness of our services
- To other third parties: we may also share your personal data with the following third parties or in the following circumstances:
- Airports, immigration/border control and/or other government authorities: some destinations require airlines and tour operators to provide “Advance Passenger Information” about you to the border/immigration authorities of the country of your travel destination. Advance Passenger Information means the information contained in your passport that you would be required to present on your arrival. In addition, laws in certain destinations such as the US require airlines to provide certain additional advance information about you and your travel arrangements. We will provide this information where we are required to do so.
- On a business purchase, sale, transfer or merger: we may disclose your personal data to third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them, in which case we may disclose your personal data to such other businesses. If a change happens to our business, then the new owners may only use your personal data in the same way as set out in this privacy notice.
- To our professional advisers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.
- To HM Revenue & Customs, regulators and other authorities who require reporting of processing activities in certain circumstances.
- To comply with or enforce applicable laws or regulations: We may disclose personal data about you to third parties to comply with or enforce applicable laws and regulations. For example where:
- a complaint arises concerning your use of our website, products or services;
- we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, or situations involving potential threats to the physical safety of any person.
Safeguarding your personal data when we share it with other people: We require our suppliers, service providers and other third parties to respect the security of your personal data and to treat it in accordance with the law.
We do not allow our suppliers and service providers to use your personal data for their own purposes or pass your personal data to anyone else without our written consent. We only permit our suppliers and service providers to use your personal data to provide services to us and you, and for no other purpose, and in accordance with our written instructions.
Third party links, advertisers, sponsors and ad-servers: Our website may contain links to other sites that are not covered by this privacy notice and where privacy practices may be different from ours. We do not own or operate these sites. You should consult the privacy policies on such third party sites before submitting any personal information, as we are not responsible for, and have no control over, the manner in which such sites collect, use, disclose, or otherwise process your personal data.
Specifically, we may securely share website analytics and marketing data with Google and Facebook.
Opting out of Google Analytics:
You can opt out of Google Analytics by installing the Google Analytics Browser Opt-out Browser Add-on (link to https://tools.google.com/dlpage/gaoptout).
- Our service providers and suppliers
We are based within the European Economic Area (EEA). However, in certain circumstances information we collect about you will be sent to and held by us in countries outside the EEA where we work with suppliers and service providers that are based outside the EEA or have servers based outside the EEA. Countries outside the EEA protect information differently, and so where we do transfer your information to suppliers based outside the EEA, we will take all steps necessary to ensure that it is adequately protected and used in accordance with this privacy notice, including but not limited to relying on any appropriate cross-border transfer solutions such as the European Commission’s standard contractual clauses (
- Destination Territories
As we mentioned above, in certain circumstances we are required to share information about you with immigration or other government authorities.
Our security measures:
Unfortunately, the transmission of information via the Internet is not completely secure, however, please be assured that we have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. For example we:
- ensure the physical security of our office;
What you can do to keep your information secure:
There are things that you can do to protect your personal information
Here are a few of them:
- When using a public computer, always log out and close the browser when you have finished;
- Do not share your password or booking reference with anybody else or write it down anywhere;
- When you create a password, use at least eight characters and a combination of letters and numbers. Do not use any personal information in your password that can be easily obtained (such as your name). We also recommend that you change your password often;
- Use different passwords for your different online accounts;
- Keep your devices protected, for example, with suitable anti-virus software;
- Inform us immediately if you suspect that your password or booking reference has been compromised; and
- Be alert to any emails that may appear to be from us, but aren’t.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting obligations and requirements.
By law we have to keep certain basic information about our customers (including Contact, Identity and Financial Data) for six years after they cease being customers for tax purposes.
In some circumstances you can ask us to delete your data: see the [“YOUR LEGAL RIGHTS”] section below for further information.
Please note that if we have been informed by you that you no longer wish to be contacted by us, we will need to keep your relevant Identity Data and Contact Data about you indefinitely to ensure that we comply with your wishes.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
Under certain circumstances, you have the following rights under data protection laws in relation to your personal data:
You have the right to:
Request access to your personal data (known as a “data subject access request”): This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction of the personal data that we hold about you: This enables you to have any incomplete or inaccurate data we hold about you corrected, although we may need to verify the accuracy of the new data you provide to us.
Request erasure of your personal data: This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to use it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to us using it (see below), where we may have used your information unlawfully or where we are required to erase your personal data to comply with local law. Please note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Object to use of your personal data: You can object where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to us using your personal data on this ground as you feel it impacts on your fundamental rights and freedoms. In some cases, we may demonstrate that we have compelling legitimate grounds to use your information which override your rights and freedoms. Please see the “WHEN WE WILL USE YOUR PERSONAL DATA” section above.
Request that we stop using your personal data for marketing purposes: please see the “Direct Marketing – your choices” section above.
Request restriction of processing of your personal data: This enables you to ask us to suspend the use of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Request the transfer of your personal data to you or to a third party: We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract.
Withdraw consent: You can withdraw your consent at any time where we are relying on consent to use your personal data. However, this will not affect the lawfulness of any use carried out before you withdraw your consent.
How to exercise your rights: If you wish to exercise any of the rights set out above, please [by using the details in the “Who we are and how to contact us” section above, or by checking if the applicable boxes on forms that we use to collect your information, or to tell us that you don’t want to participate in marketing. If you wish to remove your information from our marketing circulation lists, which include receiving marketing emails, you can unsubscribe by scrolling to the bottom of the email and clicking the “unsubscribe” link.
No fee usually required: You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
What we may need from you: We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond: We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
N.B. The EEA includes EU countries and also UK, Iceland, Lichtenstein and Norway.
The EU countries are: Austria, Belgium, Croatia, Republic of Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden