INFORMATION WE COLLECT
We collect information from you voluntarily as you are enquiring over your holiday plans. In order for us to provide you with the best holiday options we are in need of the basic information to begin with for example, amount of people travelling including the amount of children, your contact number / email, your chosen destination, departure date, how many nights etc. You may also voluntarily email us or use our website which is hosted by wix.com.
We may collect the following information:
names of potential travellers which includes children and infant names;
contact information including email address and phone numbers;
demographic information such as address, postcode, preferences and interests in destinations;
other information relevant to customer holidays.
WHERE THE INFORMATION IS PROCESSED & WHAT WE DO WITH THE INFORMATION WE GATHER
We require the above information to understand your needs and provide you with a better service, and in particular for the following reasons:
Internal record keeping;
We may use the information to improve our services;
We may periodically send promotional emails about special offers or other information which we think you may find interesting using the email address which you have provided with your consent via our newsletter;
From time to time, we may also use your information to contact you for targeted marketing in line with legitimate business interests. We will contact you in the ways you have expressed to us with your consent to do so;
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online, over the phone, in store and electronically.
HOW WE USE YOUR INFORMATION
LEGAL BASIS FOR RETAINING YOUR INFORMATION
We are required by HMRC to retain booking records for a minimum of 7 years before they can be destroyed. In the event that you would like to know all the information we have on you these bookings can be supplied. If you wish for records to be deleted, we can delete as much of the “non essential” details as possible and can completely be deleted once 7 years have passed.
We also have a contractual basis for retaining your data on file and legitimate business interests that need to be upheld. Our processing of your data allows us to book your holiday for you which fulfils a contractual obligation to you. Furthermore to legitimate interests, your data fulfils us to provide improved customer service to enhance our business and services we can provide for you.
Finally the most important, consent. We require your consent in order to process your data. We are required by law in order to do so, if you have voluntarily given your details to us you have given consent for us to contact you regarding a legitimate business interest i.e your intended holiday. Once booked you will only receive post, emails and phone calls regarding your holiday option.
We do not sell your data. In the interest of trust with our clients we hold your information as strictly personal to you. There are however some instances where third parties may be involved which are strictly in the realm of legitimate business interests only. Outlined as below:
Marketing: As mentioned above, we use Mailchimp for our marking material. Within Mailchimp lies a database which holds information on how you would like to be contacted by us.
Emergency: As mentioned above, we use Highrise to load essential information retaining to your booking. In the case of an emergency out of hours we are able to help you immediately.
Relevant Companies: We are required to pass on essential information to the tour operator that ultimately books your holiday with your consent for purposes consistent with this policy only.
Legal Requirements: We may disclose your information if required to do so by law in good faith that such action will be necessary.
THIRD PARTY PROGRAMS
We do use a third party program in Highrise. Highrise operate out of the US and are also protected under the US-EU Privacy Shield. We load minimal data about your holiday in order for us to help you when you have an issue in resort out of hours. It is a crucial part of being able to assist in an emergency situation. We have a “Model Clause Agreement” in place for compliance with GDPR regulations.
You can voluntarily request to be added to our mailing list via our API (Advanced Passenger Information) Form or via our email signatures, website or over the phone. We use Mailchimp for our newsletters. For those already signed up initially you would have been sent a GDPR email asking you to update your preferences which you can also do at any time. If you no longer wish to receive marking information from us and “opt-out” then please feel free to unsubscribe at any time. You will find the link at the bottom of any email, you can log in to change your preferences or you can manually request via email or phone.
LINKS TO OTHER WEBSITES
On our website there are a few links to websites of interest which will relate to your holiday needs for example – Official US ESTA Visa, Canada ETA Visa and the UK Government Travel site which are not operated by or controlled by Off Broadway Travel. We suggest you contact them directly if you wish to obtain details on their privacy policies.
YOUR RIGHT TO CHANGE & DELETION
If you need to update the data that we retain on you, for example if you have moved house, have a new phone or passport you must inform us as soon as possible so that our records are current and up to date. You can also unsubscribe from our marketing emails at any time via the following means: via the “unsubscribe” link at the bottom of a marketing email, by email request to firstname.lastname@example.org, by phone on 01438716200 or by updating your preferences on Mailchimp.
How can I access the data you have about me?
If you wish to see the data you have on you then you will have to submit a “Data Access Request” form. We will provide you in a clear concise manner the data we retain via email PDF or letter via post if requested.
How do I update my data with you?
If you wish to send through updated information, please forward any updates to email@example.com and we will modify the data we hold. Please entitle the mail “Personal Data Request” and give clear instruction as to what you would like changed, you also may be contacted for verification before any changes are made. You will receive a notification once the changes have been made.
How do I restrict the data you use?
You have the right to ask us to stop or limit the data we use on you in certain circumstances. Please note that without essential information we would not be able to book your holiday. If we have no lawful reason to keep your data on file, for example if it is just an enquiry and you booked elsewhere then your data would be automatically deleted and disposed. You have the right to “opt out” of all marketing forms. To exercise this right please see above.
CHANGES TO THIS POLICY