1 DATA PROTECTION AT A GLANCE
The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data by which you can be personally identified. For more detailed information on data protection, please refer to our data protection statement below this text.
Data collection on this website
Who is responsible for data collection on this website?
Data processing on this website is carried out by the website operator. You can find his contact details in the imprint of this website.
How do we collect your data?
On the one hand, your data is collected by you providing it to us. This can be, for example, data that you enter in a contact form. Other data is collected automatically or with your consent by our IT systems when you visit the website. This is mainly technical data (e.g. internet browser, operating system or time of page access). This data is collected automatically as soon as you enter this website.
What do we use your data for?
Some of the data is collected in order to ensure error-free provision of the website. Other data may be used to analyse your user behaviour or for marketing purposes.
What rights do you have regarding your data?
You have the right to receive information free of charge at any time about the origin, recipient and purpose of your stored personal data. You also have the right to request the correction or deletion of this data. If you have given your consent to data processing, you can revoke this consent at any time for the future. You also have the right to request the restriction of the processing of your personal data under certain circumstances. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.
For this purpose, as well as for further questions on the subject of data protection, you can contact us at any time at the address given in the imprint.
Analysis tools and third-party tools
When visiting this website, your surfing behaviour may be statistically analysed. This is mainly done with so-called analysis programmes. Detailed information on these analysis programmes can be found in the following data protection declaration.
This website is hosted by an external service provider (hoster). The personal data collected on this website is stored on the hoster’s servers. This may include, but is not limited to, IP addresses, contact requests, meta and communication data, contractual data, contact details, names, website accesses and other data generated via a website.
The hoster is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 para. 1 lit. b DSGVO) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f DSGVO).
Our hoster will only process your data insofar as this is necessary for the fulfilment of its service obligations and follow our instructions with regard to this data. We use the following hoster: METANET AG, Josefstrasse 218, CH–8005 Zurich
3 GENERAL NOTELS AND MANDATORY INFORMATION
The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this data protection declaration.
We would like to point out that data transmission on the Internet (e.g. when communicating by e-mail) can have security gaps. Complete protection of data against access by third parties is not possible.
Note on the responsible office
The responsible party for data processing on this website is:
Golf and Travel AG
Tel. +41 (0)41 799 71 99
The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g. names, e-mail addresses, etc.).
Responsible party in terms of data protection rights
Among other things, tools from companies based abroad, namely in the USA, are integrated on our website. If these tools are active, your personal data may be transferred to the (US) servers of the respective companies. We would like to point out that the USA is not a safe third country in the sense of EU data protection law. US companies are obliged to hand over personal data to security authorities without you as a data subject being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g. intelligence services) process, evaluate and permanently store your data located on US servers for surveillance purposes. This also applies to other countries. We have no influence on these processing activities.
Revocation of your consent to data processing
Many data processing operations are only possible with your express consent. You can revoke consent you have already given at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
Right to object to data collection in special cases and to direct marketing (Art. 21 GDPR)
If data processing is based on Art. 6(1)(E) or (F) DGPR, you have the right to object to the processing of your personal data at any time on grounds relating to your particular situation; this also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this data protection declaration. If you object, we will no longer process your personal data concerned unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims (objection under Article 21(1) of the GDPR).
If their personal data are processed for the purposes of direct marketing, they have the right to object at any time to the processing of personal data concerning them for the purposes of such marketing; this also applies to profiling insofar as it is related to such direct marketing. If you object, your personal data will subsequently no longer be used for the purpose of direct marketing (objection pursuant to Art. 21 (2) GDPR).
Right to data portability
You have the right to have data that we process automatically on the basis of your consent or in fulfilment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another person responsible, this will only be done insofar as it is technically feasible.
SSL or TLS encryption
For security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the site operator, this site uses SSL or TLS encryption. You can recognise an encrypted connection by the fact that the address line of the browser changes from «http://» to «https://» and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
Encrypted payment transactions on this website
If, after the conclusion of a contract with costs, there is an obligation to transmit your payment data to us (e.g. account number in the case of direct debit authorisation), this data is required for payment processing.
Payment transactions via the common means of payment (credit card such as Visa/MasterCard, direct debit) are made exclusively via an encrypted SSL or TLS connection. You can recognise an encrypted connection by the fact that the address line of the browser changes from «http://» to «https://» and by the lock symbol in your browser line. With encrypted communication, the payment data you transmit to us cannot be read by third parties.
Information, deletion and correction
Within the framework of the applicable legal provisions, you have the right at any time to free information about your stored personal data, its origin and recipient and the purpose of the data processing and, if applicable, the right to correction or deletion of this data. For this purpose, as well as for further questions on the subject of personal data, you can contact us at any time at the address given in the imprint.
Objection to advertising e-mails
We hereby object to the use of contact data published within the framework of the imprint obligation to send advertising and information material that has not been expressly requested. The operators of the pages expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, for example by spam e-mails.
4 DATA COLLECTION ON THIS WEBSITE
When you visit our website, certain usage data is transmitted to us by your web browser and stored in log files. In particular, this involves the following data: Browser type and browser version, operating system used, referrer URL, host name of the accessing computer, time of the server request, IP address of your computer or mobile device. This data is not merged with other data sources.
This data forms the basis for statistical, anonymous evaluations, serves to optimise and continuously develop the websites and can also be evaluated for marketing purposes. If you do not wish this, you can adjust your settings in the Cookie Preference Centre at any time (by clicking on the partially visible field at the bottom right of every page).
When using the website, data is either provided manually (e.g. first and last name, address, telephone number etc. in the contact form or when subscribing to the newsletter) or it depends on the technical settings of your web browser and, depending on the settings, is collected automatically or provided by third parties (e.g. cookies – see below, cookies, date, time and number of visits to the website, pages and content accessed, referring websites, files downloaded). If you do not wish to provide us with this personal data, you may not be able to use certain offers of the website or its functionality may be impaired.
We use personal data in the context of concluding and implementing sales with our customers, for providing and developing the website and improving and ensuring the customer-friendliness of the website, for statistical evaluation of the use of the website, for testing and optimising procedures for needs analysis for the purpose of directly addressing customers, for advertising and marketing our products and services, for asserting legal claims and defending legal disputes as well as for measures for the further development of services and products and, if applicable, in connection with transactions under company law. We may also use the data to comply with our legal and regulatory obligations.
If you have consented to the processing of your personal data for a specific purpose in an individual case, we base the processing on this consent. You can revoke your consent at any time, whereby the revocation only applies to the future, and the lawfulness of data processing that has already taken place is not affected by this. Data processing based on consent includes in particular the delivery of the newsletter or the submission of a contract offer based on the information you have provided.
Which cookies do we use? – a.) Absolutely necessary cookies (functional). These cookies are technically necessary for the website to function and cannot be deactivated in your systems (e.g. shopping cart function, display option for videos). As a rule, these cookies are only set in response to actions you take that correspond to a service request, such as setting your privacy preferences, logging in or filling out forms. You can set your browser to block these cookies or to notify you of these cookies. However, some areas of the website will then not function. These cookies do not store any personal data. b.) Performance/optimisation cookies (statistics). These cookies allow us to count visits and traffic sources so that we can measure and improve the performance of our website. They help us answer questions about which pages are most popular, which are least used and how visitors move around the site. All information collected by these cookies is aggregated and therefore anonymous. If you do not allow these cookies, we will not be able to know when you have visited our website (e.g. Google Analytics). c.) Cookies for marketing purposes (marketing). These cookies may be set via our website by our advertising partners. They may be used by these companies to profile your interests and show you relevant ads on other websites. They do not directly store personal data but are based on a unique identification of your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, the functionality of this website may be limited.
Cookie consent with Complianz
Our website uses the cookie consent technology of “Complianz GDPR/CCPA Cookie Consent” to obtain your consent to the storage of certain cookies in your browser and to document this in a data protection compliant manner. The provider of this technology is Complianz B.V., Atoomweg 6b, 9743 AK Groningen, Netherlands (hereinafter Complianz).
When you enter our website, a Complianz cookie is stored in your browser, in which the consents you have given or the revocation of these consents are stored.
The data collected will be stored until you request us to delete it or delete the Complianz cookie yourself, or until the purpose for storing the data no longer applies. Mandatory legal retention periods remain unaffected. Details on data processing by Complianz can be found at https://complianz.io/privacy-statement.
If you send us enquiries via the contact form, your details from the enquiry form, including the contact details you provide there, will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. We do not pass on this data without your consent.
The processing of this data is based on Art. 6 Para. 1 lit. b DSGVO, insofar as your enquiry is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the enquiries addressed to us (Art. 6 para. 1 lit. f DSGVO) or on your consent (Art. 6 para. 1 lit. a DSGVO) if this has been requested.
The data you enter in the contact form will remain with us until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g. after we have completed processing your enquiry). Mandatory legal provisions – in particular retention periods – remain unaffected.
Contact form Formcraft
For the complex contact forms (with detailed additional information) we use the cloud-based software Formcrafts to collect the data. The service provider is: Subtle Web Inc, 1-386 Roncesvalles Avenue, Toronto ON M6R 2M9; Canada. The legal basis for the processing of the data is Art. 6 para. 1 lit. a DSGVO if the user has given his consent. If the registration serves the fulfilment of a contract to which the user is a party or the implementation of pre-contractual measures, the additional legal basis for the processing of the data is Art. 6 para. 1 lit. b DSGVO. The legal basis for the processing of personal data using cookies is Art. 6 para. 1 lit. f DSGVO.
The service is used to collect your contact data and orders via online form. This is also our legitimate interest for collecting the data. The data will no longer be used as soon as the contractual relationship has been fully processed and will be deleted after expiry of the obligation to keep records under tax and commercial law. You can find Formcraft’s data protection declaration at: https://formcrafts.com/terms
Enquiry by e-mail or telephone
If you contact us by e-mail or telephone, your enquiry including all resulting personal data (name, enquiry) will be stored and processed by us for the purpose of processing your request. We do not pass on this data without your consent.
The processing of this data is based on Art. 6 (1) lit. b DSGVO if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the enquiries addressed to us (Art. 6 (1) (f) DSGVO) or on your consent (Art. 6 (1) (a) DSGVO) if this has been requested.
The data you send to us via contact requests will remain with us until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g. after we have completed processing your request). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.
5 SOCIAL MEDIA
Elements of the social network Facebook are integrated on this website. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the data collected is also transferred to the USA and other third countries. An overview of the Facebook social media elements can be found here: https://developers.facebook.com/docs/plugins/.
When the social media element is active, a direct connection is established between your end device and the Facebook server. Facebook thereby receives the information that you have visited this website with your IP address. If you click the Facebook «Like» button while you are logged into your Facebook account, you can link the content of this website on your Facebook profile.
Insofar as consent has been obtained, the above-mentioned service is used on the basis of Art. 6 Para. 1 lit. a DSGVO and § 25 TTDSG. The consent can be revoked at any time. If no consent has been obtained, the service is used on the basis of our justified interest in the
interest in the greatest possible visibility in social media.
Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 DSGVO). The joint responsibility is limited exclusively to the collection of the data and its forwarding to Facebook. The processing by Facebook that takes place after the forwarding is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in a joint processing agreement. The text of the agreement can be found at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the data protection information when using the Facebook tool and for the data protection-secure implementation of the tool on our website. Facebook is responsible for the data security of the Facebook products. You can assert data subject rights (e.g. requests for information) regarding the data processed by Facebook directly with Facebook. If you assert the
If you assert the data subject rights with us, we are obliged to forward them to Facebook.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://de-de.facebook.com/help/566994660333381und https://www.facebook.com/policy.php.
6 ANALYSIS TOOLS AND ADVERTISING
This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited («Google»), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics enables the website operator to analyse the behaviour of website visitors. In doing so, the website operator receives various usage data, such as page views, length of stay, operating systems used and the origin of the user. This data is summarised in a user ID and assigned to the respective end device of the website visitor. Furthermore, Google Analytics allows us to record your mouse and scroll movements and clicks, among other things. Furthermore, Google Analytics uses various modelling approaches to supplement the data records collected and uses machine learning technologies in the data analysis. Google Analytics uses technologies that enable the recognition of the user for the purpose of analysing user behaviour (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is usually transferred to a Google server in the USA and stored there.
The use of this service is based on your consent according to Art. 6 para. 1 lit. a DSGVO. The consent can be revoked at any time.
The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.
You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
The website operator offers you a newsletter in which he informs you about current events and offers. If you would like to subscribe to the newsletter, you must provide a valid e-mail address. The processing of the data entered in the newsletter registration form is based exclusively on your consent (Art. 6 para. 1 lit. a DSGVO). You can revoke your consent to the storage of the data, the e-mail address and their use for sending the newsletter at any time, for example via the «unsubscribe» link in the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.
The data you provide us with for the purpose of receiving the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe from the newsletter or after the purpose has ceased to exist. We reserve the right to delete or block e-mail addresses from our newsletter distribution list at our own discretion within the scope of our legitimate interest according to Art. 6 Para. 1 lit. f DSGVO.
After you have unsubscribed from the newsletter distribution list, your email address will be stored by us or the newsletter service provider in a blacklist, if necessary, in order to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 Para. 1 lit. f DSGVO). The storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest.
8 PLUGINS AND TOOLS
YouTube with enhanced data protection
This website embeds videos from the website YouTube. The operator of the pages is Google Ireland Limited («Google»), Gordon House, Barrow Street, Dublin 4, Ireland. We use YouTube in extended data protection mode. According to YouTube, this mode means that YouTube does not store any information about visitors to this website before they watch the video. However, the transfer of data to YouTube partners is not necessarily excluded by the extended data protection mode. Thus, regardless of whether you watch a video, YouTube establishes a connection to the Google DoubleClick network.
As soon as you start a YouTube video on this website, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited.
If you are logged into your YouTube account, you enable YouTube to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account.
Furthermore, after starting a video, YouTube may save various cookies on your end device or use comparable recognition technologies (e.g. device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to collect video statistics, improve the user experience and prevent fraud attempts.
If necessary, further data processing processes may be triggered after the start of a YouTube video, over which we have no control.
YouTube is used in the interest of an appealing presentation of our online offers.
This represents a legitimate interest within the meaning of Art. 6 Para. 1 lit. f DSGVO. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.
This website uses plugins from the video portal Vimeo. The provider is Vimeo Inc, 555 West 18th Street, New York, New York 10011, USA. When you visit one of our pages equipped with a Vimeo video, a connection to the Vimeo servers is established. This tells the Vimeo server which of our pages you have visited. In addition, Vimeo obtains your IP address. This also applies if you are not logged in to Vimeo or do not have an account with Vimeo. The information collected by Vimeo is transmitted to the Vimeo server in the USA.
If you are logged into your Vimeo account, you enable Vimeo to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your Vimeo account.
This represents a legitimate interest within the meaning of Art. 6 Para. 1 lit. f DSGVO. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission and, according to Vimeo, on «legitimate business interests». Details can be found here: https://vimeo.com/privacy.
All in One Security AIOS
For the security of our website we use the plugin «All-In-One Security (AIOS) – Security and Firewall». The purpose of data processing is to increase the security and protection of our website and to detect and identify security vulnerabilities. As well as to protect us from brute force and spam attacks. Cookies may be used to collect and store your full IP address. This is recorded in log files. The data is stored on our servers. The data is not passed on to third parties. Your personal data is processed on the basis of Art. 6 Para. 1 lit. f DSGVO due to our overriding legitimate interest in protecting our website from automated spying, misuse and spam. You can find more information on data processing when using the plug-in at https://de.wordpress.org/plugins/all-in-one-wp-security-and-firewall/.
This website uses the LiteSpeed Cache plug-in from QUIC Cloud Inc, 233 Mt. Airy Road, Suite 100, Basking Ridge, NJ 07920, USA, to provide faster response time and a better user experience. LiteSpeed Cache potentially stores a duplicate copy of each web page displayed on this website. All cache files are temporary and are never viewed by third parties unless necessary to obtain technical support from the cache plugin provider. The cache files expire on a schedule set by the website administrator, but can be deleted by the administrator before their natural expiry date if necessary. Further information: https://www.quic.cloud/privacy-policy/
Google Fonts (local hosting)
This site uses the map service Google Maps. The provider is Google Ireland Limited («Google»), Gordon House, Barrow Street, Dublin 4, Ireland. To use the functions of Google Maps, it is necessary to store your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transmission. If Google Maps is activated, Google may use Google Fonts for the purpose of uniform font display. When you call up Google Maps, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.
We reserve the right to amend the data protection declaration as required without prior notice and notification. We will publish the change here. You should therefore visit this website regularly to find out about the current status of the data protection declaration.
Golf and Travel AG – PRIVACY NOTICE
1 IMPORTANT NOTICE
1.1 This is the Privacy Notice of Golf and Travel AG . Where this Privacy Notice refers to «Golf in Switzerland», «we», «us» or «our», it is referring to Golf and Travel AG. This Privacy Notice sets out how we collect and process your personal data in relation to the brand known as Golf in Switzerland. This Privacy Notice also provides certain information that is legally required and lists your rights in relation to your personal data. Please read this Privacy Notice to understand how we may use your personal data.
1.2 This Privacy Notice relates to personal information that identifies «you» meaning a customer or potential customer, individuals who browse our website or individuals outside our organisation with whom we interact. If you are an employee, contractor or otherwise engaged in work for us or applying to work for us, a separate privacy notice applies to you instead.
1.3 We refer to this information throughout this Privacy Notice as «personal data» and section 3 sets out further detail of what this includes.
1.4 This Privacy Notice may vary from time to time so please check it regularly. This policy was last updated on 20th September 2018.
2 HOW TO CONTACT US
2.1 Data controller and contact details
2.1.1 For the purposes of relevant data protection legislation, we are a controller of your personal data and as a controller we use the personal data we hold about you in accordance with this Privacy Notice.
2.1.2 If you wish to correct your personal data held by us or to opt out at any time from receiving marketing correspondence from us or to alter your marketing preferences please send your inquiries to firstname.lastname@example.org for how to do this.
2.1.3 If you need to contact us in connection with our processing of your personal data, then our contact details are email@example.com.
3 CATEGORIES OF PERSONAL DATA WE COLLECT
3.1 The categories of personal data about you that we may collect, use, store, share and transfer are:
3.1.1 Advertising Data. This includes personal data which relates to your advertising preferences, such as information about your preferences in receiving marketing materials from us and your communication preferences;
3.1.2 Information Technology Data. This includes personal data which relates to your use of our website, such as your internet protocol (IP) address, login data, traffic data, weblogs and other communication data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website;
3.1.3 Individual Data. This includes personal data which relates to your identity, such as your first name, middle name, last name, username or similar identifier, marital status, title, date of birth, place of birth, passport number and gender;
3.1.4 Account and Profile Data. This includes personal data which relates to your account or profile on our website, such as your username and password, proposals and bookings made by you, your interests, preferences, feedback and survey responses;
3.1.5 Usage and Operational Data. This includes personal data which relates to your usage and operation of our website, such as information about how you use our website, products and services;
3.1.6 Economic and Financial Data. This includes personal data required for us to process your booking in line with our obligations under the Payment Card Industry Data Security Standard (PCI) and for the prevention of fraud;
3.1.7 Enquiry and Sales Data. This includes personal data which relates to the transactions you have conducted with us, such as details about payments to and from you, details of subscriptions to our services or publications and other details of products and services you have purchased from us;
3.1.8 Communication Data. This includes personal data which relates to a method of communication such as your billing address, delivery address, email address and telephone numbers.
3.2 We may also create Personal Data about you, for example, if you contact us by telephone to make a complaint, for example about our services or goods, then we may make a written record of key details of the conversation so that we can take steps to address the complaint.
3.3 In addition, we may obtain certain special categories of your data («Special Categories of Data»), and this Privacy Notice specifically sets out how we may process these types of personal data. The Special Categories of Data are data relating to sexuality, religious beliefs or health.
4 THE SOURCES FROM WHICH WE OBTAIN YOUR PERSONAL DATA
4.1 We obtain your personal data from the following sources:
4.1.1 Directly from you, either in person (at our locations or otherwise), via our website, via email or by telephone. This could include personal data which you provide when you:
(a) request a brochure;
(b) book an appointment;
(c) apply for our products or services;
(d) browse or create an account on our website;
(e) subscribe to our service or publications;
(f) request marketing to be sent to you;
(g) enter into a competition or promotion;
(h) completing a survey from us;
(i) saving a proposal;
(j) entering details at an event;
(k) send an email to us.
4.1.2 Automated technologies, such as call recording, cookies, server logs and other similar technologies.
4.1.3 Third parties, such as:
(a) analytics providers;
(b) advertising networks;
(c) search information providers;
(d) providers of technical, payment and delivery services;
(e) travel agents.
5 HOW WE USE YOUR PERSONAL DATA & OUR BASIS FOR USING IT
5.1 Where we are relying on a basis other than consent
We may rely on one or more of the following legal bases when processing your personal data. We have set out below the purposes for which we may process your personal data and the relevant legal basis upon which we will rely (this is what the law allows us to do):
5.1.1 For managing your booking we will use information provided by you to deliver our products and services. This includes booking holidays, tours, transportation, car hire and the issuing of tickets. We will rely on the following legal basis to process this personal data: (a) the processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract;
5.1.2 To make suggestions and recommendations to you about our products and services that may be of interest to you, for determining and measuring the effectiveness of promotional campaigns and advertising and making sure our marketing is relevant to you. We will rely on the following legal basis to process this personal data: (a) the processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data;
5.1.3 To deal with your enquiries, to send you information you have requested or to provide you with important-real time information about our products and service you have ordered from us (e.g. a change of time or location due to unforeseen circumstances). We will rely on the following legal bases to process this personal data: (a) the processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data; (b) the processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract;
5.1.4 For the development, delivery and improvement of our products and services, marketing, customer relationships and experiences in the provision of products and services to our customers. We will rely on the following legal basis to process this personal data: (a) the processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data;
5.1.5 To protect our rights or property (including our website), administer and improve our IT services and network security, prevent fraud and facilitate any business reorganisation or group restructuring exercise. We will rely on the following legal basis to process this personal data: (a) the processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data;
5.1.6 In order to comply with our own legal obligations, e.g. health and safety legislation, or to assist in an investigation (e.g. from the Police). We will rely on the following legal basis to process this personal data: (a) the processing is necessary for compliance with a legal obligation to which we are subject;
5.1.7 In order to use your personal data in life or death situations where there is no time to gain your consent (e.g. in the event of an accident and we have to give personal details to medical personnel). We will rely on the following legal basis to process this personal data: (a) the processing is necessary in order to protect the vital interests of the data subject or of another natural person;
5.2 Special Categories of Data In addition, we may lawfully process Special Categories of Data in certain ways. We set out below the purposes for which we may process Special Categories of Data along with the legal bases on which we process these Special Categories of Data (this is what the law allows us to do):
5.2.1 we may need to process your health information (for example to enable us to make arrangements for special assistance and any dietary preferences or requirements or for determining your fitness to fly). In relation to the processing of such Special Categories of Data: (a) We rely on the following legal basis to process such Special Categories of Data: (i) the processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract; (ii) the processing is necessary in order to protect the vital interests of the data subject or of another natural person; (b) Additionally, we can only process such Special Categories of Data where: (i) The processing is necessary in order to protect the vital interests of you or another individual where you or the individual is physically or legally incapable of giving consent; (ii) The processing is necessary for reasons of public interest in the area of public health for example: (a) protecting against serious cross-border threats to health; (b) ensuring high standards of quality and safety of healthcare and of medicinal products or medical devices;
5.2.2 we may need to disclose any Special Categories of Data we hold on you, where to do so is in the substantial public interest (for example your health information in order to prevent an epidemic, in the event of illness or injury or some other related emergency, to record any accident or injury or other incident you may suffer when visiting any of our locations or to arrange for you to receive medical assistance), provided that when we do so we provide suitable measures to protect your rights. In relation to the processing of such Special Categories of Data: (a) We rely on the following legal basis to process such Special Categories of Data: (i) The processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us. (b) Additionally, we can only process such Special Categories of Data where: (i) The processing is necessary for reasons of public interest in the area of public health for example: (a) protecting against serious cross-border threats to health; (b) ensuring high standards of quality and safety of healthcare and of medicinal products or medical devices;
5.2.3 we may need to process information about your religion (for example to enable an airline to provide you with a meal indicating a particular religion e.g. halal or kosher) or your sexuality (for example to enable us to provide you with a specific holiday which you have requested from our range). In relation to the processing of such Special Categories of Data: (a) We rely on the following legal basis to process such Special Categories of Data: (i) the processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract; (b) Additionally, we can only process such Special Categories of Data where: (i) You have given us explicit consent to the processing of such Special Categories of Data for the purpose. You may at any time withdraw this specific consent but we will be unable to fulfil your booking in such event and we may have to cancel your booking. We will always attempt to minimise the amount of sensitive personal data collected unless there is a specific lawful reason (e.g. an emergency situation).
6 WHO RECEIVES YOUR PERSONAL DATA
6.1 We may disclose your personal data to:
6.1.1 our third party suppliers or sub-contractors who may process data on our behalf to enable us to provide you with our services. Any such disclosure will only be so that we can process your personal data for the purposes set out in this Privacy Notice;
6.1.2 our group companies and affiliates or third party data processers who may process data on our behalf to enable us to carry out our usual business practices. Any such disclosure will only be so that we can process your personal data for the purposes set out in this Privacy Notice;
6.1.3 Legal and other regulators or authorities, including those who request your personal data or to report any potential or actual breach of applicable law or regulation; 6.1.4 external professional advisers such as accountants, bankers, insurances, auditors and lawyers;
6.1.5 law enforcement agencies, courts, immigration authorities, customs and excise authorities or other relevant party, to the extent necessary for the establishment, exercise or defence of legal rights;
6.1.6 third parties where necessary for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties;
6.1.7 third parties which are considering or have decided to buy some or all of our assets or shares, merge with us or to whom we may transfer our business (including in the event of a reorganisation, dissolution or liquidation);
6.1.8 third parties operating plugins or content (such as Facebook, Twitter, Instagram) on our website which you choose to interact with;
7 PERSONAL DATA ABOUT OTHER PEOPLE WHICH YOU PROVIDE TO US
7.1 If you provide personal data to us about someone else you must ensure that you are entitled to disclose that personal data to us and that, without our taking any further steps, we may collect, use and disclose that personal data as described in this Privacy Notice.
7.2 You must ensure the individual concerned is aware of the various matters detailed in this Privacy Notice, as those matters relate to that individual, including our identity, how to contact us, the way in which we collect and use personal data and our personal data disclosure practices, that individual’s right to obtain access to the personal data and make complaints about the handling of the personal data, and the consequences if the personal data is not provided.
8 ACCURACY OF YOUR PERSONAL INFORMATION
8.1 It is important that the personal data we hold about you is accurate and current and we take all reasonable precautions to ensure that this is the case but we do not undertake to check or verify the accuracy of personal data provided by you. Please keep us informed if your personal data changes during your relationship with us either by logging onto your account on the website or by contacting us. We will not be responsible for any losses arising from any inaccurate, inauthentic, deficient or incomplete personal data that you provide to us.
9 HOW LONG WE WILL STORE YOUR PERSONAL DATA FOR
We ensure that we only keep your personal data for the minimum period as is necessary for us to abide by our relevant legal obligations and we will act in accordance with any group data retention policy mandated by our parent company which is place from time to time. In relation to personal data relating to your bookings with us, we will store your personal data for 10 years from your departure date. In relation to personal data relating to marketing, we will store your personal data for 10 years from your last interaction with us. We keep the length of time that we hold your personal data under review. These reviews take place annually.
10 CONTRACTUAL OR STATUTORY REQUIREMENTS ON YOU TO PROVIDE PERSONAL DATA
10.1 In certain circumstances the provision of personal data by you is a requirement:
10.1.1 to comply with the law or a contract; or
10.1.2 necessary to enter into a contract.
10.2 You are required to provide personal data which is necessary to comply with the law and the consequences of failing to provide your personal data are the inability for us to fulfill your product or service request.
10.3 It is your choice as to whether you provide us with your personal data necessary to enter into a contract or as part of a contractual requirement. If you do not provide your personal data then the consequences of failing to provide your personal data are that we may not be able to perform to the level you expect under our contract with you. An example of this would be where we are unable to provide you with certain products or services as we do not have your full details, or where we cannot perform our contract with you at all because we rely on the personal data you provide in order to do so.
11 YOUR RIGHTS IN RELATION TO YOUR PERSONAL DATA
11.1 Subject to applicable law including relevant data protection laws, in addition to your ability to withdraw any consent you have given to our processing your personal data (see section 5.2.3), you may have a number of rights in connection with the processing of your personal data, including:
11.1.1 the right to request access to your personal data that we process or control;
11.1.2 the right to request rectification of any inaccuracies in your personal data or, taking into account the purposes of our processing, to request that incomplete data is completed;
11.1.3 the right to request, on legitimate grounds as specified in law: (a) erasure of your personal data that we process or control; or (b) restriction of processing of your personal data that we process or control;
11.1.4 the right to object, on legitimate grounds as specified in law, to the processing of your personal data;
11.1.5 the right to receive your personal data in a structured, commonly used and machine-readable format and to have your personal data transferred to another controller, to the extent applicable in law.
12 LINKS TO OTHER WEBSITES