When you travel with us, we want you to have the experience you’ve been imagining. And, when you’re looking for inspiration and help on planning your next trip, we want to give you the ideas you’re looking for. To help us do this, we need to ask you for a little personal information. But, we know how important it is to keep your personal information safe, and we’ll always be open with you about how we collect and keep it.
We’ll ask you for information such as your name and contact information, your email address, and, if you travel with us, your passport details. We collect your personal data for three main reasons:
When you visit our website or use our mobile and/or tablet apps, to give you the best possible experience, based on what you want to find out and which device you’re using.
So we can contact you successfully, if you get in touch or ask us for information.
And, when we’re planning your trip, to ensure that we make the right arrangements for you.
If you’re travelling with us, we’ll ask you to tell us a little more about yourself, such as any health conditions. We only do this so we can plan your trip around any special requirements you might have.
How we share your personal information
We’ll only either ask you for personal information directly or, with your permission, gather it by tracking how you use our website or our mobile and/or tablet apps. We won’t share your personal information with third parties for any marketing activities.
When we do share your personal information, it’s always so we can provide you with a better service when you’re travelling with us.
Safeguarding your personal information
We keep your personal information securely, and we only keep it for limited and appropriate amounts of time. If you’d like to stop receiving our email marketing, you can click ‘unsubscribe’ at any time.
Your rights to your personal information
Please email us at email@example.com.
1. Who are we
1.1 At Audley Travel Group Limited we are committed to protecting and respecting your privacy, whilst striving to provide the very best user experience. We work very hard to keep your information safe and we want our services to be safe and enjoyable for everyone. We follow strict security procedures on how personal information is stored and used and who sees it to help stop any unauthorised person getting hold of it. We also recognise that it is important for you to understand how we use your personal information.
1.3 We have a legal duty to protect personal information that we collect under the Data Protection Act 1998 (and any law which replaces it, including the new UK Data Protection Bill) (the “DPA”) and the General Data Protection Regulation (EU) 2016/679, (the “GDPR”). For the purpose of the DPA and GDPR, we (Audley Travel Group Limited) are the data controller (in other words, the organisation that determines how your personal information is used) and are located at New Mill, New Mill Lane, Witney, Oxfordshire, OX29 9SX. Our contact details are set out in part 10 below.
2. Personal information we collect, how we use it and our lawful basis for processing
2.1 We may collect and use various types of personal information about you. Details of this information, together with an overview of the way that we use it and our lawful bases for the processing in each case are set out below:
Enquiries and bookings
a) We will collect personal information from you when you make an enquiry or request a brochure from us. This includes your name and contact information, details about the destinations and countries that you are most interested in, the brochures that you request, information about your geographic location, and any additional details of your travel plans which you voluntarily give to us. We may also collect details about the best time to contact you and any in-person appointments that you request as well as what prompted you to contact us and any other requests or comments that you may make.
We will use this information so that we can provide you with information that you have requested or contact you if you have indicated you want to hear from us. For example, to enable you to find the right destination, we will call you once the brochure has been sent out to you. We also collect personal information from you when you make a booking through a travel agent or Responsible Travel, if that is how you come to us. Lastly, we use your personal information to help us better understand, direct and respond to your enquiries and requests.
We have a legitimate interest to use your information in this way to make sure that we are able to help you find the right destination and start to plan the best holiday for you, and to enable us to contact you in the most appropriate and business-efficient manner. Where we rely on our legitimate interests, we'll always ensure that your rights are protected.
b) If you book trips with us, we will ask you to provide certain details about your travel arrangements. This is likely to include details of your passports, emergency contacts, travel insurance arrangements, preferences and special requirements, frequent flier club membership, visa requirements, flights (if you arrange your own flights) and amounts (if any) to be contributed to offset the carbon for your flights through the ClimateCare scheme. This will also include details of any other friends or family who are accompanying you as part of your booking.
We will use this information to help us organise your trip, make bookings on your behalf and ensure that you (and any other friends or family accompanying you) receive the products and services set out in your itinerary.
We collect this information so we can fulfil our contract with you and provide you with the quality of service we strive to provide.
Where you are a regular customer we may retain some of this personal information so that we can use it when you next book with us as we have a legitimate interest to improve our customer journey and ensure we look after our regular customers.
c) If you have made an enquiry with us, or booked a trip with us, we will send you our Traveller magazine through the post.
We send you this on the basis of our legitimate interests, but you always have a right to object to direct marketing (see further below) and if you do not want to receive Traveller magazine please let us know using the contact details in section 10.
Websites, apps, marketing and advertising
d) We will collect certain technical information about you when you visit our website. This is likely to include: the internet domain you use, your IP address or other device identifier, your browser type and version (e.g. Chrome or Internet Explorer), the operating system and platform that you are using (e.g. Windows or Mac), the screen resolution of your device, the dates and times when you access our website, the full URLs of the pages you visit and the websites or links that you use to access our website, login information, details of products or services that are viewed and the length of visits to certain pages of the website.
We use this information for site management and security purposes (such as troubleshooting and testing) as well as to help us improve our website. We do not try to identify individual users or their usage habits from this data. Raw data logs are retained temporarily as required for security and site management purposes only.
We collect this information so we can fulfil our legitimate interests as a business to ensure that our website is fit for purpose and promotes our services appropriately for our customers, including by displaying information that our customers are interested in. We also rely on our legitimate interest in measuring customer satisfaction and troubleshooting any website issues. Where required by law, we may also seek and rely on your consent.
e) We will collect and use information about you when you use our apps. This may include identity data, contact data, transaction data, device data, usage data, location data (if you wish to use this particular feature, you will be asked to consent to your data being used for this purpose and you can withdraw your consent at any time by disabling location data in your settings). It will also include text in your journal on the app and photographs which you add to the app.
We have a legitimate interest to collect and use this information either directly, or through our app solution provider, to fulfil our contract with you or in order to enhance your Audley experience. Where we rely on our legitimate interests, we'll always ensure that your rights are protected.
f) We may collect and use information from various sources in connection with the marketing and advertising of our services. This may include your contact details (and your marketing preferences) to contact you with certain marketing messages (e.g. marketing emails). We may also use data we collect from you (either directly or via our website or advertising) to help us to measure the effectiveness of our advertising and to establish what interests you and what doesn't.
We rely on your consent to contact you directly about our offering. In other scenarios in carrying out efficient and appropriate marketing and advertising for our services, we will rely on our legitimate interests, whilst always ensuring that your rights are protected. You can withdraw your consent or opt out of our direct marketing at any time through our marketing preference centre or through the 'unsubscribe' option in any marketing email.
g) We may collect your contact details when you enter into competitions or promotions, or complete surveys.
We will rely on your consent or on our legitimate interests (depending on whether we are marketing or carrying out market research), whilst always ensuring that your rights are protected.
h) We may collect details about you, such as your user name, when you engage with us on social media (by mentioning or tagging us in a post or contacting us directly) this is so that we can respond to any comments and queries you have.
We rely on our legitimate interests to do this as we want to ensure our customers have the best possible experience, whilst always ensuring your rights are protected.
Honeymoon Gift Service
i) We may collect information if you register to use our Honeymoon Gift Service. Once you’ve confirmed your honeymoon, we will use your information to set up your honeymoon website. You may choose to personalise it as much as you’d like with details about your wedding and honeymoon and your family and friends may visit to contribute to your honeymoon and check wedding details. You can include photos (of you both or others), add details about your wedding day, such as the schedule of events and include other useful information for your guests, such as places they can stay and directions. Guests can make a general contribution or buy a particular extra that’s on your itinerary, e.g. a balloon trip. We use this information to administer our Honeymoon Gift Service.
We rely on our legitimate interests to provide you with added value service whilst celebrating your big day and we will also process this information so we can fulfil our contract with you.
j) If you make a contribution to a honeymoon of friends or family members through our Honeymoon Gift Service either online or by calling us; we will collect and use your payment information (including credit or debit card details) in order to process the payment.
We collect this information so we can fulfil our contract with you and process the payment.
Administrative or other business purposes
k) We may collect and use certain other personal information when we correspond with you (whether by telephone, email or otherwise). For example, we may record both in-bound and out-bound telephone calls or collect information when you use our LiveChat feature to speak with our Specialists to ensure quality of service and for training purposes.
We collect this information so we can fulfil our legitimate interests as a business to ensure that our Specialists are trained to the highest level so that our customers receive the very best travel advice.
l) We may collect certain other information that you give us, for example, when you contact us for a particular reason other than those set out above such as to report problems with our website.
It is in our legitimate interests as a business to use your data in this way, for example, we have a clear interest in ensuring that our website works properly and in ensuring that we operate our business efficiently. We will always ensure that your rights are protected.
2.2 As well as collecting personal information directly from you, we also collect some from third parties such as Google Analytics and our app solution provider (mTrip).
2.3 We may also collect and use certain especially sensitive personal information about you, namely specific details of any relevant health conditions, disabilities, access requirements and special dietary requirements that you may have. We collect this information directly from you to try to ensure that your trip is appropriate for your needs and to try and keep you safe during any trip that you plan through us. We may need to ask for your explicit consent in order to process this information.
3. How we share personal information
3.1 In order to make sure that we run our business efficiently, and to make sure that you get the service that you expect, we will need to share your personal information, from time to time, as necessary, with the following third parties:
(a) Members of our group, which means our subsidiaries, our ultimate holding companies and their subsidiaries (including Audley Travel US, Inc.), as we share operations with some members of our group.
(b) Selected trusted third party business partners (such as the local businesses we partner with in the locations our customers travel to) and service providers (such as Campaign Monitor and Travelport) to perform services related to the contracts we enter into with you.
(c) Prospective buyers of our business or assets, which may include your personal information.
(d) Any other third parties if necessary to comply with legal obligations or enforce agreements, for example, we are required to provide airlines with a passenger mobile phone number and email contact details under IATA Resolution 830d for the airline to inform the passenger of any operational difficulties.
(e) Any other third parties if this is necessary to protect our or your rights, property, or safety and/or those of others.
3.2 We do not share your personal information with third parties for them to use for the purposes of sending you marketing information or for those third parties to use your information for their own purposes.
4. Automated decisions and profiling
4.1 In performing certain of the functions above, we rely on technology that makes automatic and instantaneous decisions based on the criteria we determine to be relevant and the personal information we collect about you when you make an enquiry or request a brochure from us. We routinely test our software to improve the accuracy of these decisions and to prevent unintended bias. These decisions may affect the routing of and responses to your enquiries or requests, but we do not otherwise tailor our services based on the results of any automated decisions.
5. Where we transfer and store personal information
From time to time we may process (or ask or permit a third party to process) your personal information outside of the European Economic Area (EEA) where local laws may not provide legal protection for your information in the same way as is applicable in the EEA.
For example, when you book a trip, we will need to provide your information to local accommodation or service providers. In other cases, we may need to share your information with an overseas service provider such as our local partners who host you during your safari experience, the provider of a cruise or experience train journey.
Whenever we send (or permit a third party to send) your personal data outside of the EEA, we will make sure that we take steps necessary to protect your data as required by applicable laws. For example, we may require the overseas recipient to enter into particular contract terms, or we will make sure that the information that we give to them will be limited to what is needed to perform our contract with you.
If you wish to learn more about the safeguards in place to protect your personal information when we transfer it outside of the EEA, please contact us using the details in section 10 below.
The personal data that we collect from you will also be processed by staff operating outside the EEA who work for us or for one of our suppliers. This includes staff involved in, among other things, providing support services.
6. Security of your personal information
6.1 We take the security of your information very seriously and have put physical, technical, operational and administrative strategies, controls and measures in place to help protect your personal information from unauthorised access, use or disclosure as required by law and in accordance with accepted good industry practice. We will always keep these under review to make sure that the measures we have implemented remain appropriate.
7. Retention of personal information
7.1 We will keep your personal information for limited and appropriate periods of time only and the applicable retention periods will always be linked to our purposes for processing your personal information. This means that the retention periods will vary according to the type of personal information. For example, some transaction information will be kept for a number of years in order to comply with various finance and tax related obligations. If you need more information on this, please contact: firstname.lastname@example.org
8. Your rights in your personal information
8.2 Your rights:
(a) Access: We will confirm to you whether or not we are processing and using personal information about you, at your request and, if so, provide you with access to and a copy of such personal information and the other details to which you are entitled.
(b) Rectification: We will correct any inaccurate personal data and complete any incomplete personal data (including by providing a supplementary statement) that we hold about you.
(c) Prevention of processing likely to cause damage or distress: We will respect your rights to require us to cease or not to begin processing your personal information for a specific purpose, or in a specific way, that is likely to cause you or any third parties unwarranted damage or distress.
(d) Erasure: We will erase your personal information at your request without undue delay where there is no good reason for us to continue to use it.
(e) Restriction: We will restrict the processing of your personal information in certain circumstances, if you ask us to do so.
(f) Data portability: We will provide you or third parties on your behalf with a copy of any personal information that we hold about you which you have provided to us in a structured, commonly used and machine readable format.
(g) Objection (including objection to direct marketing): We will respect your general rights to object to the processing of your personal information in certain circumstances, including for direct marketing purposes.
(h) Automated decisions and profiling: We will respect your rights to require us not to carry out decisions based solely on automated processing, including profiling, which produce legal or similarly significant effects on you.
9. Changes to our policy
10. Contact and complaints
17 June 2019