Privacy statement for clients of Different Planet Travel Ltd.
Last reviewed: May 2018
‘The Company’ refers to Different Planet Travel Ltd.
Different Planet Travel Ltd’s privacy notice sets out the ways the Company processes clients’ personal data. This policy relates to how Different Planet Travel Ltd. processes any data collected by the Company through our website or via emails and telephone calls. The Company takes its’ responsibilities for your personal data security very seriously and this policy is designed to comply with the UK data protection legislation, namely the General Data Protection Regulations 2018.
The data protection principles:
Different Planet Travel Ltd. complies with data protection law. This says that the personal data we hold about you must be:
Used lawfully, fairly and in a transparent way
Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes
Relevant to the purposes we have told you about and limited only to those purposes
Accurate and kept up to date
Kept only as long as necessary for the purposes we have told you about
We are accountable for these principles and must be able to show that we are compliant.
What information do we collect?
In the event that you wish to use the services of Different Planet Travel Ltd. it will be necessary for the Company to request certain personal information from you to facilitate any bookings. This will include your name, date of birth, passport information, credit card information, frequent flyer or reward points programmes and contact details for example. If you are travelling with companions it will be necessary for the Company to collect, store and process the same information about them, including information about any children. For a full list of the information that Different Planet Travel Ltd. holds about you or would need to request in order to assist you with your travel arrangements, please contact firstname.lastname@example.org.
On rare occasions, we may hold data that is considered special category personal data related to your health where you have given us this information in order to make particular arrangements on your behalf such as organising wheelchair assistance. This information is securely stored on our systems and only processed in accordance with your instructions.
You are entitled not to provide us with certain of your personal information if you do not wish to, however if you choose not to disclose some of the information we request, we may be unable to fulfil our contract with you. For example, if you refuse to share your passport details with us, we may be unable to confirm a flight booking with an airline on your behalf.
Any information that you provide will be used only for the purposes outlined to you at the point of collection and it will be processed in accordance with the necessary data protection legislation. Further, the Company will limit its data collection only to that which is necessary to facilitate the arrangements that you have requested us to make on your behalf.
How do we collect your personal information?
The personal information that we hold about you is collected directly from you, or from a representative acting on your behalf, such as family member or travelling companion. Information is normally collected from our direct email and telephone correspondence with you; some basic contact information including your name and telephone number may be collected via our website if you use the contact us feature to connect with the Company. Further, we will only seek to request additional information from you, such as passport information or credit card details, at the point it becomes necessary to process it which is normally after you have accepted a quote for your travel arrangements in order to make any confirmed bookings.
It is possible that some of the personal data we hold about you will be created by a third party such as a tour operator when a booking is confirmed by an agent, or alternatively by us in processing your request to make a travel arrangement via a tour operator, airline or hotel for example.
What is the legal basis we rely on to process your information?
Different Planet Travel Ltd. may rely on any of the following reasons to lawfully process your personal data:
Based on your consent (where you give Different Planet Travel Ltd. the authority to make the arrangements it has discussed with you on your behalf for example)
To fulfil our contract with you
To comply with a legal obligation (such as to provide your passport information to an airline to book a flight)
Where it is necessary for our legitimate interests (or those of a third party) provided that your interests and fundamental rights do not override ours. You have the right to challenge our legitimate interests and request that we stop this processing.
What do we use/process your information for?
Processing means any operation which is performed on personal data such as:
Collection, recording, organisation, structuring or storage;
Adaption or alteration;
Retrieval, consultation or use;
Disclosure by transmission, dissemination or otherwise making available;
Alignment or combination; and
Restriction, destruction or erasure.
The Company will use/process your personal data for the following purposes only:
To make and confirm travel arrangements that you have requested us to carry out on your behalf. Travel arrangements could include flight, cruise, car hire, transfer, accommodation, restaurant, wedding or activity reservations, or to facilitate any other booking you have asked us to make on your behalf
To send you from time to time specific marketing information from Different Planet Travel Ltd. provided always that you have the option to unsubscribe from these emails / newsletters etc. at any time if you wish
To carry out the contract we have entered into
For the establishment or defence of legal rights
For the avoidance of doubt the Company does not make automated decisions using your personal data, nor does it ever sell your personal data to a third party.
How is your data stored?
Your personal data is securely stored on a database system which is password protected. The computer equipment is only accessed by the Director of Different Planet Travel Ltd., requires a password to log in and is housed in a locked office. Different Planet Travel Ltd. may retain paper copies of holiday confirmations which include your name and accompanying notes which set out your requirements. This information is retained as part of our legal obligation in the event we are requested to provide it by a legal authority such as HMRC. The information is stored in a locked filing cabinet accessible only by the Director of Different Planet Travel Ltd.
Who are we sharing your data with?
Different Planet Travel Ltd. works with a number of UK tour operators (third parties) who are appropriately bonded to provide you with necessary travel protections. We carefully consider the organisations that we partner with to provide you with the best quality holiday experience. Depending on the nature of your plans, your holiday may be booked through one of our partner UK tour operators. In this circumstance Different Planet Travel Ltd. will provide your personal information to the particular tour operator to facilitate any bookings. Information shared will be limited only to that which is deemed necessary to make the arrangements you have requested and all recipient organisations will be required to afford your data the appropriate level of confidentiality and to use it in accordance with the law and our policies. Further we do not allow third party organisations to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and based on our instructions.
Due to the nature of our business, it may be necessary to transfer your personal data outside the European Economic Area in order to make the travel arrangements you have specifically requested. While some countries have adequate protections for personal data under applicable laws, in other countries steps will be necessary to ensure appropriate safeguards apply to it. Different Planet Travel Ltd. will require the recipient country processing your personal data to process it in accordance with the General Data Protection Regulation and our data protection policy and the recipient country will need to confirm and demonstrate their compliance with our policies. Furthermore, the Company will take all reasonable steps within its’ control to secure your personal data during transmission such as using password protection where appropriate.
If you have any concerns or questions about the sharing of your personal data with third party organisations or countries outside the EEA, then please contact email@example.com.
How long will we keep your data for?
Different Planet Travel Ltd. will keep your personal data for as long as required to fulfil the purposes for which it was collected and processed and in accordance with the General Data Protection Regulation. The Company may retain your personal data for as long as may be necessary to defend itself from any legal claim you may bring against us or to satisfy legal requirements such as reporting to HMRC. After which time personal data will be securely destroyed unless you have requested that we retain it in the event of future business.
What happens if there is a data breach?
Whilst the Company has processes and practices in place to limit the possibility of a data breach, if a breach should occur we must document and retain evidence of the breach including any facts relating to it, its effects and the action taken in our records. If a data breach is likely to result in a risk to the rights and freedoms of individuals, the Company is required to notify The Information Commissioner’s Office (ICO) within 72 hours of the breach; further the Company will notify the affected individuals without due delay.
Your data subject rights
You have a number of data subject rights:
You have the right to be informed about the processing of your personal data
You have the right to have your personal data corrected if it is inaccurate and to have incomplete personal data completed
You have the right to object to processing of your personal data
You have the right to restrict processing of your personal data
You have the right to have your personal data erased
You have the right to request access to your personal data and information about how we process it
You have the right to move, copy or transfer your personal data
You have the right to be informed without delay of any breach of your personal data that could result in a material risk to your rights and freedoms
If you want to review, verify, correct or request erasure of your personal data, object to the processing of your personal data, or request that we transfer a copy of your personal data to another party, please contact firstname.lastname@example.org.
In the event you have any concerns or questions about the management of your personal data, then you should contact email@example.com. You have the right to complain to the Information Commissioner and can do so by contacting the ICO’s office; contact details can be found on their website: www.ico.org.uk. The website contains further information on your rights and our obligations.