Your privacy is important to us, and so is being transparent about how we collect, use, and share information about you. This policy is intended to help you understand:
• What personal information will we ask you for?
• What do we use this information for?
• Lawful Basis For Using your Personal Data in this way:
• What happens if you do not provide this Personal Information?
• Who do we share your data with?
• How long do we keep your data for?
• How do we keep your data safe?
• Do we transfer your personal information outside the EEA and what safeguards are in place?
• Do we collect any other information from you?
This policy also explains your choices about how we use information about you. Your choices include how you can object to certain uses of information about you and how you can access and update certain information about you. If you do not agree with this policy, do not use our Services or interact with any other aspect of our business.
What personal information will we ask you for?
We collect information about you when you provide it to us, when you use our Services. This will include contact details so that we may provide information to you and create accurate quotes.
What do we use this information for?
How we use the information we collect depends in part on which Services you use, how you use them, and any preferences you have communicated to us. Below are the specific purposes for which we use the information we collect about you
For quotes: we use your details to provide you with the information requested and to be able to pass this information on to you.
For marketing purposes: We would like to use this information to keep informed about our products and services as well as future events and special offers that we think you will be interested in. This may be based on your travel preferences where appropriate. You can use the Unsubscribe button on our marketing emails to remove yourself from the list at any time.
Please get in touch with our Data Protection Administrator using the details at the bottom of this policy if you would like us to remove your details from our customer records entirely.
For bookings: We use your data for contact purposes, to prepare quotes and book holiday arrangements according to your requirements including your payment, flight, holiday, security, incident/accident management or insurance, etc.In order for you to travel abroad, it may be mandatory to disclose and process your information for immigration, border control, security and anti-terrorism purposes, or any other purposes which they determine appropriate. Some countries will only permit travel if you provide your advance passenger data (for example Caricom API and US secure flight data). These requirements may differ depending on your destination and you are advised to check. Even if not mandatory, we may exercise our discretion to assist where appropriate.
It may sometimes be necessary to collect personal data that may be considered Special Category (e.g. health, religion) to cater to your needs or act in your interest. We will only be able to accept this data for booking purposes with your consent.
With your consent: We use information about you where you have given us consent to do so for a specific purpose not listed above. For example, we may publish testimonials or featured customer stories to promote the Services, with your permission.
Lawful Basis For Using your Personal Data in this way:
Contract: We use the personal information provided because you have asked for something to be done e.g. for some information to be sent or a quote.
Contract: The processing is necessary in relation to a contract you have entered into for a holiday or other arrangement or because you have asked for something to be done e.g. a quote, car hire, travel insurance
Consent: If it is necessary to process sensitive personal information in relation to your request (e.g. relating to health or religion) we will obtain your consent to collect this data and to share it with suppliers when necessary.
Legitimate Interest: If you have requested any of our services e.g. A quote, registered for attendance at one of our events or requested an informational download, we would like to keep in touch about our products and services. If you do not want to receive any further information on forthcoming events, destination news and special offers, no problem. Just let us know using the contact details above or use the unsubscribe option on our emails.
What happens if you do not provide this Personal Information?
If you do not wish to supply us with this information, it will not be possible for us to answer your enquiry
Who do we share your data with?
• WE WILL NEVER SHARE YOUR DATA WITH OTHER COMPANIES FOR MARKETING PURPOSES. NOR WILL WE SELL OR RENT YOUR DATA TO THIRD PARTIES.
• No 3rd parties have access to your personal data unless the law allows them to do so.
• We use email marketing software to keep in touch. You can access their privacy statement here
• In the case of a confirmed booking, please be informed that we must pass it to suppliers of your travel arrangements, including airlines, hotels and transport companies; we may also supply it to public authorities such as customs and immigration. When you make this booking, you consent to this information being passed to the relevant people. We will let you know who we need to share your information with at the time of booking.
• We sometimes use GDPR compliant third party software to help us with tasks and therefore need to process your data via their servers for processes such as bookings, and sending marketing emails. We disclose only the personal information that is necessary to deliver the service and we have a contract in place that requires them to keep your information secure and not to use it for their own direct marketing purposes.
How long do we keep your data for?
Personal data that we process via this website for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
We will retain your personal data as follows:
(a)Personal data supplied for the purposes of a holiday enquiry or quote will be retained for a minimum period relating to the valid date of a quote and for a maximum period of the length of our business relationship.
(b) Data supplied for the purposes of general enquiries will be kept until the enquiry has been satisfactorily answered.
(c) Personal details attached to your booking will remain on our booking system invoices and be retained in accordance with the law relating to income tax and audit purposes.We do not retain any payment card details.
How do we keep your data safe?
No system is guaranteed 100% secure but we have taken the appropriate precautions to safeguard your data wherever possible.
• Our website is protected by an SSL encryption certificate to create a secure link between our website and your browser protecting your information from hackers.
• Our Website is hosted on highly secure UK data servers with dedicated firewall protection.
• We only use GDPR compliant third party service processors for helping us to manage tasks (such as sending you mailings). We disclose only the personal information that is necessary to deliver the service and we have a contract in place that requires them to keep your information secure and not to use it for their own direct marketing purposes.
• Enquiries made via our holiday search or offers pages are processed securely by third party software hosted on highly secure UK data servers.
• We store your personal details securely on our CRM software hosted on UK servers
• We have taken all reasonable steps and have in place appropriate security measures to protect your information. All staff our trained in our Data Protection Policies and we use security measures such as password protected access to our in- house computer systems, data sharing agreements with joint controllers e.g. Tour Operators and processing contracts with our software providers.
• We store your personal details securely on our CRM software hosted on UK servers and protected by password access.
Do we transfer your personal information outside the EEA and what safeguards are in place?
Our website uses an expert third party processor called Sendgrid to securely deliver your website enquiries to us. Your information will be processed via their servers located in the US and secured in line with GDPR requirements under their EU-US Privacy Shield Framework. A processor agreement is in place to protect the privacy of your data.
As a travel company it is sometimes necessary for us (or our suppliers) to send your data to countries outside the EEA and outside the EC list of countries deemed to have adequate levels of Data Protection for international transfers of data in order to fulfil your booking. Please ask if you have any concerns.
Do we collect any other information from you?
Your information is controlled by Malvern World Travel If you have questions or concerns about how your information is handled, please direct your enquiry to Malvern World Travel, as set out below:
Malvern World Travel Data controller E-mail. [email protected]