Privacy Statement Summary
Holiday World International Travel LTD, trading as Leisureworld Educational Tours is committed to protecting your safety and privacy.
We collect some personal data from you to manage your booking, communicate with you, fulfil our administrative purposes and to comply with our legal obligations.
We have to share your data with third parties such as airlines, coach providers, ferry operators and hoteliers to provide your tour arrangements. Some of this information we also need to share with border control and airport security.
We only collect the personal data we need, and we collect, process, store and share this personal data safely and securely. We also ensure the third parties we work with are equally as careful with your data as us. Furthermore, we only store your personal data for as long as necessary.
We may use your data to personalise the communications you receive to include your preferred destination and curriculum area. We may also collect information on how you use our website to improve your online experience.
You’re in control of your data and if the information we hold on you is wrong, let us know what needs updating and we’ll correct it. You can also choose to opt out from receiving marketing communications at any time.
This Privacy Statement applies when you use this website, request information from us or when you confirm your booking with initial deposits.
What personal data do we collect
We collect some personal data, for example when you book a tour with us, use our website or contact us. When using the term ‘personal data’ in our Privacy Statement, we mean information that relates to you (or a member of your group) and allows us to identify you (or members of your group), either directly or in combination with other information that we may hold. Your personal data may include for example your name, your contact details, information relating to your itinerary such as your booking reference number) or information on how you use our website or how you interact with us. Personal data for your group members may include, for example: names, passport details, Gender, dates of birth and dietary requirements. We presume you have gained the necessary consent from group members’ parents and/or guardians to use their personal data.
Categories of data we collect
We may collect and process the following categories of information about you:
|Name, job title/role within school, contact details (address, contact telephone numbers, email address). Information about your destination preferences & curriculum interests.||When you request information from us such as a quote or book a trip with us and we provide confirmation of your booking. To send you marketing communications to inform you about trips linked to your curriculum and destination preferences|
|Information about how you use our website and other forms of electronic communication||When you navigate our website and open and view our email communications. See section 7 for more information|
|Information about your transaction, including payment card details||When you pay your deposit and any subsequent payments|
|The communications you exchange with us (for example, your emails, letters, calls, or your messages on our online chat service)||When you contact us or when we contact you|
|Information about your booking & itinerary requirements for you and your group members. This will include any dietary, physical or mental health (SEND) information/requirements – please see ‘sensitive personal data’ section below.||We use your information to provide services to you, for example to confirm your travel arrangements with third parties such as airlines, coach providers, ferries, hoteliers and visits and excursions|
|Passenger information which includes where applicable, full name, gender, date of birth, nationality, passport number, code of issuing state, passport issue date & expiry date, dietary requirements, medical conditions, special care & assistance requirements, country of residence, citizenship, dietary request code, passenger name record (PNR), visa number, visa expiry date, visa issued by, green card number, green card expiry date, destination travelling to and residence whilst in that destination, tour reference, transport booking references, group leader contact mobile number.||When we book and ticket your flights and confirm your tour arrangements with other third parties such as hoteliers and agents|
|We provide a visa processing service||This is via a third party who will collect the relevant data from you directly|
|Your claims for insurance purposes or recording of accidents, incidents and near misses||When you make a claim on your insurance policy due to, for example, a cancellation or stolen/lost property|
|Your feedback to us and your ratings on independent review sites||When you complete our group leader questionnaire or respond to a Feefo rating request
When we respond to your post tour feedback
When you reply to our requests to participate in customer surveys
|Your posts on social media||When you interact with us on social media|
|Images, video and associated content||We collect and store this for marketing promotions where explicit consent is provided|
Sensitive personal data
When we provide our services to you, we may collect information that could reveal racial or ethnic origin, physical or mental health, (including SEND) or religious beliefs. This information is considered ‘sensitive personal data’ under GDPR and other data protection laws. We only collect this information where it is necessary to deliver our services to you.
For example, if you inform us about specific dietary requirements, this could indicate specific religious beliefs. If you provide us with passenger information details, your nationality may imply your racial or ethnic origin. If you request special assistance during a flight or an adapted room this could reveal information about health (for example if you ask for a wheelchair). By providing any sensitive personal data you explicitly agree that we may collect and use it in order to provide our services and in accordance with this Privacy Statement. If you do not allow us to process any sensitive personal data, this may mean we are unable to provide all or parts of the services you have requested from us. Please be aware that in such circumstances you will not be entitled to cancel or obtain a refund of any price you have paid.
By providing any sensitive personal data you explicitly agree that we may collect and use it in order to provide our services and in accordance with this Privacy Statement.
For more information on the parties who may share your personal data with us, please see section 7 below. In addition, we may also receive your personal data from our suppliers who provide services to you on our behalf.
How & why we use personal data
We use personal data for the following purposes:
To manage your tour booking & provide tour arrangements to you
When you book a tour with us, we use your information to provide services to you, for example, to confirm your travel arrangements such as flights, coach travel and overseas crossings, your accommodation, and itinerary arrangements.
To communicate with you & manage our relationship
We will need to contact you by email for administrative or operational reasons, for example to send you confirmation of your booking and payments and to inform you about your tour itinerary. If you are using our mobile app, we may also send you app notifications for these purposes. Please be aware that these communications are not made for marketing purposes and as such, you will continue to receive them even if you have not opted into receiving marketing communications.
We will also use your personal data after you have sent us a request, filled in a web-form through our website or contacted us on social media, where required, to meet your request.
In order to manage our relationship with you as our customer and to improve our services and experiences for customers we will use the communications you exchange with us and the feedback you may provide.
To personalise & improve customer experience
We may use personal data to tailor our services to your needs and preferences and to provide you with a personalised customer experience. For example, if you inform us about your preferred destination and curriculum area and/or role in school, we will be able to send you communications relevant to your preferences.
We may also collect information on how you use our website, which pages of our website you visit most, which destinations and products you search for and what products you book, in order to understand what you like. We may use this information to tailor the content and offers that you see on our website and if you have agreed, to accept the use of marketing cookies on our website.
To inform you about trips linked to your curriculum & destination preferences
When you provide your personal data via our website(s) or it is available in the public domain, for example, on a school’s website, we use this information for our legitimate business interests which is to provide educational tours. Before doing this, though, we will also carefully consider and balance any potential impact on you and your rights.
An example of when we might use this approach is for ensuring postal and digital marketing is relevant for you and tailored to your interests, determined by your transactional history, your job role or known curriculum and/or destination preferences.
We will also hold information about you so that we can respect your preferences for being contacted by us.
When we process your personal data for our legitimate interests, we will consider and balance any potential impact on you and your rights under data protection and any other relevant law.
Our legitimate business interests do not automatically override your interests – we will not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
You can also choose to opt out from receiving marketing communications at any time, by clicking on the relevant unsubscribe link at the bottom of any marketing related email you may receive from us. .
Please note that we do not share your contact details and other personal data with other companies for marketing purposes.
To improve our services, fulfil our administrative purposes & protect our business interests
We will use your information for the following business purposes which include accounting, billing and audit, credit or other payment card verification, safety, security and legal purposes, statistical and marketing analysis, customer feedback requests, systems testing, maintenance and development.
To comply with our legal obligations, for example, our obligation to provide your information to border control agencies.
Requesting access to your personal data
We respect your right to control your data. Your rights include:
Right of access – you have the right to access and obtain a copy of the personal data that we hold about you. We will only charge you for making such an access request where we feel your request is unjustified or excessive.
Right to rectification – you have the right to request that we correct any inaccuracies in the personal data stored about you.
Right to erasure – in certain circumstances, you have the right to request that we erase your personal data. For example, you may exercise this right in the following circumstances: (All data is stored on our company server)
- your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed by us;
- where you withdraw consent and no other legal ground permits the processing;
- where you object to the processing and there are no overriding legitimate grounds for the processing;
- your personal data have been unlawfully processed; or
- your personal data must be erased for compliance with a legal obligation.
Where we store your personal data for statistical purposes, we may not be able to comply with such a request where it would likely impair such statistical purposes or where we require your personal data for compliance with a legal obligation or in connection with legal proceedings.
Right to restriction – you have the right to restrict our processing of your personal data where any of the following circumstances apply:
- where you feel that the personal data which we hold about you are not accurate. This restriction will be in place for a period to enable us to verify the accuracy of your personal data;
- where the processing is unlawful and you do not want your personal data be erased and request the restriction of its use instead;
- where we no longer need to process your personal data (e.g. any of the purposes outlined above have been completed or expire), but we require it in connection with legal proceedings;
- where you have objected to our processing of your personal data pending the verification of whether or not our legitimate business interests override your interests, rights and freedoms.
Where you exercise your right to restrict our processing of your personal data, we will only continue to process it with your consent or in connection with legal proceedings or for the protection of the rights of other people or for reasons of important public interest.
Right to data portability – you have a right to receive and transfer the personal data that you provide to us in a structured, commonly used and machine readable format where we process your personal data on the legal bases of: a) your consent; or b) where it is necessary to perform our contract with you. Where you make such a request, we will directly transfer your personal data on your behalf to another controller of your choice (where it is feasible for us to do so).
Right to withdraw consent – you have a right to withdraw your consent, at any time, to our processing of your personal data which is based on your consent. Where you exercise this right, our processing of your personal data prior to your withdrawal of consent will remain valid.
Right to object to processing – In certain circumstances, you have a right to object to our processing of your personal data where we process it on the legal bases of our legitimate business interest or your consent to marketing. We may not be able to comply with such a request where we can demonstrate that there are compelling legitimate grounds for us to process your personal data which override your interests, rights and freedoms or where the processing of your personal data is required for compliance with a legal obligation or in connection with legal proceedings.
If you would like to make a personal data access request, please email us at Data.Protection@holidaybreak.com with the subject title ‘My data request’ including the following required Information:
- your full name;
- a description of your data access request;
- all email addresses (past and present) used to book trips with us; and
- attach to the email a copy of your current and valid photo ID (for example, passport photo page).
From the date that we receive ALL the required Information, we have one month to process your request. If the request is complex or numerous we may require an additional two months and will contact to explain why the extension is necessary within the first month of your request.
If you have questions in relation to your personal data, please contact us directly.
Security of your personal data
We are committed to taking appropriate technical and organisational measures to protect your personal data against unauthorised or unlawful processing and against accidental loss, destruction or damage to personal data. When you provide your personal data through our website(s), this information is transmitted across the internet securely using high-grade encryption.
As described in this Privacy Statement, we may in some instances disclose your personal data to third parties. Where LesiureWorld discloses your personal data to a third party, we require that third party to have appropriate technical and organisational measures in place to protect your personal data; however in some instances we may be compelled by law to disclose your personal data to a third party, such as border control agencies, and have limited control over how it is protected by that party.
The information that you provide to us will be held in our systems, which are located on our premises or those of an appointed third party. We may also allow access to your information by other third parties who act for us for the purposes described in this Privacy Statement or for other purposes approved by you. Your personal data may be accessed by and processed outside the European Economic Area – including by staff operating outside the EEA who work for one of our suppliers or agents (this includes staff engaged in, among other things, the fulfilment of your booking, ground handlers, and the provision of support services). Where your personal data is transferred outside of the EEA, we require that appropriate safeguards are in place.
Holding of your personal data
For marketing purposes, to manage our relationship, personalise your customer experience, improve our services and fulfil our administrative purposes, we’ll hold onto your personal data such as name, email address, job title, details of trips taken and destination preferences.
The personal data we request to help manage your tour booking and provide tour arrangements to you will be held for a period of 24 months after your tour return date.
All our agreements with third parties will include a provision on the process for returning and/or deleting personal data. Third parties providing services to us in order to help us run our business and improve our services will hold onto the data we supply for a maximum of three months from the point that you no longer require the contracted services, or the contract has been fulfilled.
Where we or third parties who are required to comply with legal obligations, we will hold the data for the period we/they are legally obliged to.
We respect your right to control your data.
Cookies or other tracking technologies
Cookies are text files containing small amounts of information which are downloaded to your device when you visit a website. Cookies are then sent back to the originating website on each subsequent visit, or to another website that recognises that cookie. Cookies are useful because they allow a website to recognise the device you are using and provide you with a better website experience.
For example, we use software to monitor customer traffic patterns and website usage to help us develop the design and layout of the website in order to enhance the experience of the visitors to our website. This software does not enable us to collect any personal data, however it does recognise your IP address.
You can delete cookies if you wish; while certain cookies are necessary for viewing and navigating on our website, most of the features will still be accessible without cookies.
How to manage or opt out of cookies
If you’d prefer to restrict, block or delete cookies from this website you can use your browser to do this. Visit www.aboutcookies.org to view full details of how to manage cookies on different types of web browser.
How do I change my cookie settings?
Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set, visit www.aboutcookies.org or www.allaboutcookies.org
Find out how to manage cookies on popular browsers visit the browser developer’s website.
We are planning to enhance our cookie tool to allow users to more easily change cookie settings after their initial choice.
Sharing your personal data
We may also share some of your personal data with, or obtain your personal data from, the following categories of third parties:
Suppliers providing services to us in order to help us run our business and improve our services and your customer experience. We may share your personal data with the companies who provide services, for example, airline carriers, ferry operators, rail operators, Eurostar, accommodation providers, agents who may book these services on our behalf, guides and representatives who assist your group whilst on tour and visit providers. We have a data protection agreement in place as part of our contractual agreements with the third parties we work with. Where we’re required to transfer personal data outside the EEA for the provision of travel services, we ensure adequate protection in respect of the processing of this data through our data protection agreement.
We may share your personal data with marketing agencies to improve our products and services.
We may share your personal data with airports, government authorities, law enforcement bodies and regulators when this is necessary to get you to your destination or is required by law.
We select very carefully our suppliers who process your personal data on our behalf and require that they comply with high security standards for the protection of your personal data.
In addition to the above, we may disclose your personal data when this is required by the law of any jurisdiction to which LeisureWolrd may be subject.
Through our website we provide links to third party websites which are subject to separate Privacy Polices. Please be aware that this Privacy Statement does not apply to such websites and LeisureWolrd is not responsible for your information that third parties may collect through these websites.
Updates to our Privacy Statement
This Privacy Statement is effective from the 25 May 2018. We may make changes to this Privacy Statement from time to time, we will update the Privacy Statement and we will publish on our website any new version of this statement.
If you believe that any aspects of your data protection or privacy rights have been infringed by LeisureWorld, you can complain directly to us at firstname.lastname@example.org or to the UK Information Commissioner’s Office which regulates and enforces data protection law in the UK. Details of how to do this can be found at www.ico.org.uk