Privacy Policy for International Travel Connections Ltd
Purpose of this Privacy Policy
International Travel Connections Ltd is committed to ensuring that your privacy is protected, and that we comply with the General Data Protection Regulation as it forms part of UK law (“UK GDPR”) and other applicable data protection rules (including the Data Protection Act 2018 and marketing and cookies laws, together with associated guidance) (the “Data Protection Laws“).
This Privacy Policy aims to inform you on how we (International Travel Connections Ltd), as a data controller collect, process and store your Personal Data, how you can exercise your rights and the procedures that we have in place to safeguard your privacy.
This Privacy Policy sets out how we handle the Personal Data of our customers and website users for the purposes of our business.
If you have any questions or need further clarity, please get in touch with our Data Protection Officer using the contact details below.
Definitions
- Personal Data: Personal Data means any information about an individual from which that person can be identified and which relates to them.
- Processing: Any operation performed on Personal Data, such as collection, storage, use, transfer, etc.
Who We Are
International Travel Connections Ltd, a company registered in England with company number 01030986 and registered office address: Bridgetown House, 80 Lower Bridge Street, Chester, CH1 1RU trades as:
- Inspiring Travel Company
- Elite Travel Concierge
- Private Clients
- Rainbow Tours
- Regent Holidays
- Spectate Travel
- Deva Travel
Within this Privacy Policy we will use “we”, “us” or “our” to refer to the trading names listed above.
Who is responsible for Processing your Personal Data?
| Legal Name | International Travel Connections Ltd |
| Name or title of DPO | Data Protection Officer |
| Email Address (if you wish to contact the DPO) | data@itc-uk.com |
| Postal Address | Bridgetown House, 80 Lower Bridge Street, Chester, CH1 1RU |
| Telephone Number | 01244 439683 |
How Your Personal Data Is Collected
We use different methods to collect your Personal Data – these are broadly categorised in the table below.
| Category | Description | Examples |
| Direct Interactions | You may provide us with Personal Data whilst directly interacting with our services such as by post, phone, email or other channels.
If you provide Personal Data to us concerning another person, you must ensure that you have the right to disclose that Personal Data to us and you must ensure that the person concerned is aware we will process their Personal Data as outlined in this policy |
Requesting a call back from our travel experts.
Phoning one of our travel experts. Initiating a live chat with a travel expert. Subscribing to a newsletter. Requesting marketing materials such as brochures. Making a booking. Entering a competition, promotion or survey. Providing us with feedback on a holiday. |
| Automated Technology or Interaction | Information may be collected about you when you interact with one of our websites.
We collect Personal Data by using cookies and other technologies to; enable us to administer and improve our websites; and to understand your browsing action and patterns to optimise your experience. More information on this can be found in our Cookie Policy here. |
Browsing our website.
|
| Third Parties | We may receive Personal Data about you from various third parties as set out below:
– Travel agencies / operators – Lead passengers Technical Data (see below) from: – Analytics providers such as Google. – Advertising networks – Search information providers
|
The Types of Data We Collect
Personal Data (defined above) does not include data which has been anonymised in accordance with Data Protection Laws (anonymous data).
We may collect, use, process, store and transfer different kinds of Personal Data about you which we have grouped together follows:
| Identity Data | This includes data relating specifically to your identity, such as your first name, surname, marital status, title, date of birth, gender and passport number.
In the event you are travelling as part of a group, we may also collect additional identity information for other party members. For countries which have specific visa entry requirements we may additionally ask for this information at the time of booking alongside relevant travel insurance cover. We collect this data through direct Interactions with you and through third parties.
|
| Contact Data | This includes data relating to how you may be contacted, such as your address, email address and telephone numbers.
In addition to this we may also collect emergency contact Personal Data. We collect this data through direct Interactions with you.
|
| Financial Data | This includes data relating to your means and methods of payment, such as your bank account and payment card details.
We collect this data through direct Interactions with you.
|
| Transaction Data | This includes data relating to the transactions you have carried out with us, such as details about payments to and from you and other details of products and services you have purchased from us.
We collect this data through direct Interactions with you.
|
| Technical Data | This includes more technical data that we may obtain when you make use of our website, such as your internet protocol (IP) address, from cookies, your login data, browser type and version, time zone setting and location, operating system and platform and other data we obtain using technology on the devices you use to access this website.
We collect this data through your use of our automated technology and through third parties.
|
| Profile Data | This includes the data related to your bookings, your interests, preferences, feedback and survey responses.
We collect this data through direct Interactions with you.
|
| Marketing & Communication Data | This includes your preferences in relation to whether or not you want to receive marketing from us and our third parties and also your communication preferences.
We collect this data through direct Interactions with you and through your use of our automated technology.
|
| Aggregated Data | Aggregated data may be derived from your Personal Data however it cannot be directly or indirectly used to reveal your identity and is not considered Personal Data in law.
We collect this data through direct Interactions with you, through your use of our automated technology and through third parties.
|
| Special Category Data | This includes dietary requirements, allergies and specific health conditions (see further below).
We collect this data through direct Interactions with you and through third parties.
|
| Usage Data
|
Information about how you access and use the website including the full Uniform Resource Locators (URL), clickstream to, through and from our sites (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page.
We collect this data through direct Interactions with you, through your use of our automated technology and through third parties. |
How We Use the Information About You
Your privacy is of utmost importance to us. When you share your Personal Data with us, you can expect it to be handled with the highest level of confidentiality and care. Our commitment is to manage, store, and process your Personal Data in line with Data Protection Laws and industry best practices.
We typically use your Personal Data in the following ways:
- To Fulfil Our Contractual Obligations: We use your Personal Data to perform the contract we have entered into with you, ensuring that your travel arrangements run smoothly and meet your expectations.
- To Improve Our Services: We continuously strive to enhance our services. Your Personal Data helps us to tailor our products and services to better meet your needs and preferences.
- Marketing Communications: In accordance with your preferences, we may occasionally send you emails and post about our other products and services. Where we have obtained your consent, you have the right to withdraw your consent at any time.
Legal Basis of Processing
Our lawful bases for collecting or using Personal Data include:
- Contract: For providing services and goods, especially related to your holiday booking.
- Consent: For certain types of Processing, especially for certain marketing purposes.
- Legal obligations: To comply with legal requirements such as accounting and financial audits.
Legitimate interests: A legitimate interest is when we have a business or commercial reason to use your information (for example, to manage our operations or improve business processes). Where we have relied on the legitimate interests’ ground, we have undertaken an assessment to ensure that your rights and freedoms, including your right to data privacy, are properly balanced against our commercial interests. You can ask questions around this balancing test and object by contacting us on the details above.
| Purpose/Activity | Type of Data | Lawful basis for Processing |
| To register you as a new client. | – Identity
– Contact |
Performance of a contract with you.
|
| To fulfil your booking, including managing payments, fees, charges, and collecting/recovering owed money. | – Identity
– Contact – Financial – Transaction
|
Performance of a contract with you.
Legitimate interests (to recover debts due to us).
|
| To manage our relationship with you, including notifying you about changes to our terms or Privacy Policy and/or inform you of important updates regarding your booking. | – Identity
– Contact
|
Performance of a contract with you.
Compliance with legal requirements and obligations e.g. to comply with Data Protection Laws.
|
| To conduct customer surveys and competitions. | – Identity
– Contact – Profile – Marketing Communications
|
Legitimate interests (to understand customer preferences and maintain records of how customers use our products/services).
|
| To administer and protect our business and website, including troubleshooting, data analysis, testing, and system maintenance. | – Identity
– Contact – Technical |
Legitimate interests (for running our business, administration of our IT systems and network security). |
| To deliver relevant website content and advertisements, (including to measure their effectiveness) and to market our services to you e.g. providing recommendations and suggestions for holidays or services that may interest you. | – Identity
– Contact – Profile – Usage – Marketing Communications – Technical |
Legitimate interests (to understand how customers use our services and improve our products, services and marketing strategy).
Consent where marketing and cookie rules require we obtain consent (via our cookie consent tool on our website) which you are free to refuse. With regard to direct marketing communications, we will, where legally required, only engage in such communications where you have consented to receive such communications. You will have the opportunity to withdraw your consent at any time if you no longer wish to receive direct marketing communications from us |
| To use data analytics to improve customer experience, including through information obtained in calls, live chat, websites, and marketing campaigns.
To carry out research to understand our customers and how they use our products and services and develop and improve our services to you and to our other customers. |
– Technical
– Usage |
Legitimate interests (to understand customer segments and enhance customer experiences).
Legitimate Interests: (to conduct research and analysis, including to produce statistical research and reports, for service improvement). Consent where marketing and cookie rules require we obtain consent (via our cookie consent tool on our website) which you are free to refuse.
|
| To monitor our communications with you for training, crime prevention, and legal defence. | – Identity
– Contact – Technical |
Legitimate interests (to train employees, improve service quality, and protect against legal claims).
Compliance with any legal obligations e.g. where we receive a law enforcement request or court orders. |
Special Category Data
Certain Personal Data falls into ‘special categories of Personal Data, such as data regarding race or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purposes of uniquely identifying a person, data concerning health (including mental and physical health), or data concerning sex life or sexual orientation.
We only process special categories of Personal Data where we are permitted to do so under applicable Data Protection Laws, e.g.
- we have explicit consent;
- the Processing is necessary to protect your (or someone else’s) vital interests where the individual concerned is physically or legally incapable of giving consent;
- the Processing is necessary to establish, exercise or defend legal claims;
- the Processing is necessary for the prevention or detection of crimes and unlawful acts;
- the Processing is necessary for regulatory requirements applicable to us or our business customers;
- the Processing is necessary for reasons of substantial public interest.
Other Websites
Our website contains links to other websites. This Privacy Policy only applies to our website, so when you click a link to other websites, you should read their privacy policies and we do not accept any responsibility or liability for these policies or your use of those websites.
Data Sharing
We may share your Personal Data with the following categories of recipients:
- Service Providers: Companies that provide services to help us with our business activities e.g., payment Processing providers, third party suppliers used for business administration and support services, or IT purposes, delivery companies, etc.
- Web hosting providers, analytics and search engines, or third parties that help deliver our website, that enable us to optimise and improve your website experience
- Partners: Companies that we collaborate with to offer you travel-related services such as hotels, airlines, airport transfers.
- Regulators: Authorities to whom we have a legal obligation to disclose your data e.g. law enforcement or fraud prevention agencies, as well as our legal advisers, courts, the police and any other authorised bodies, for the purposes of investigating any actual or suspected criminal activity or other regulatory or legal matters. HMRC or other tax bodies or agencies to comply with our legal and regulatory obligations.;
- Professional advisors: including without limitation tax, legal or other corporate advisors who provide professional services to us; and
- We may also share your Personal Data with third parties that will or may take control or ownership of some or all of our business (and professional advisors acting on our or their behalf) in connection with a corporate transaction or restructuring, including a merger, acquisition, asset sale, financing, initial public offering or in the event of our insolvency.
International Transfers
Whenever we transfer your Personal Data to countries outside the UK/EEA to countries which do not provide the same level of protection as the laws of your home country, we ensure a similar degree of protection to your personal data by implementing appropriate safeguards, such as standard contractual clauses approved by the European Commission which can be found here or the UK’s Standard Contractual Clauses which can be found here and taking such other supplementary measures required to ensure that your Personal Data has an adequate level of data protection as determined by Data Protection Laws.
Automated Decision-Making
We do not currently use automated decision-making processes, including profiling, that significantly affect you. If this changes, we will update this policy and provide relevant information.
Children’s Privacy
We do not knowingly collect Personal Data from children under 18 without parental consent. If we discover that we have collected Personal Data from a child without such consent, we will delete it promptly.
Your Data Protection Rights
Under certain circumstances, you have rights under Data Protection Laws in relation to your Personal Data.
Your rights include:
- The right to request access to your Personal Data
- The right to request correction of your Personal Data
- The right to request erasure of your Personal Data
- The right to object to Processing of your Personal Data
- The right to restrict Processing of your Personal Data
- The right to request transfer and portability of your Personal Data
- The right not to be subject to Processing based solely on an automated process, including profiling, which produces legal effects concerning you or similarly significantly affect you; and
- The right to withdraw consent when consent is the lawful basis
If you wish to exercise any of the rights set out above, please contact us via the ‘Who is responsible for Processing your Personal Data’ section above.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time to Respond
We try to respond to all rights requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
How to Complain
If you feel that International Travel Connections have not handled your Personal Data in accordance with this Privacy Policy, you have the right to complain via the contact details provided in the ‘Who is responsible for Processing Your Personal Data’ section.
In the event you remain unhappy with our response, you have a right to complain to the ICO:
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, Helpline number: 0303 123 1113 Website: ICO
Data Retention
We will only retain your Personal Data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements. We may retain your Personal Data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
Details of retention periods for different aspects of your Personal Data are available in our retention policy which you can request from us by contacting us.
By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for seven years after they cease being customers for tax purposes.
In some circumstances you can ask us to delete your data: see ‘Request Erasure’ above for further information. In some circumstances we may anonymise your Personal Data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
Security of your Personal Data
The Personal Data we process about you may be stored electronically or in hard copy. We have put in place reasonable physical, technical, and organisational measures to safeguard the information we hold. Such measures include but are not limited to: system access restrictions and authentication, firewall and virus protection systems, and physical security systems.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your Personal Data, we cannot guarantee the security of your data transmitted to us; any transmission is at your own risk.
If you have reason to believe that your interaction with us is no longer secure, please immediately notify us of the problem by contacting us at the details above. In the unlikely event that we believe the security of your Personal Data in our possession or control may have been compromised, we may seek to notify you of that development. If such a notification is appropriate, we will endeavour to do so as promptly as possible under the circumstances.
Changes to Our Privacy Policy
This Privacy Policy may be updated periodically. We will update the date at the bottom of this Privacy Policy accordingly and encourage you to check for changes to this Privacy Policy, which will be available on our website. On some occasions, we may also actively advise you of specific data handling activities or significant changes to this Privacy Policy, as required by applicable law.
This Privacy Policy was last updated on 18 September 2024.