- How we use your information
- Lawful bases for using your information
- Keeping you informed about our products and services
- Sharing your information (including information sent outside the European Economic Area – EEA)
- Amendment and retention of information
- Your rights
Gentlemen Tours are committed to protecting your privacy. We comply with the principles of the General Data Protection Regulation (GDPR) and associated data protection legislation. We aim to maintain best-practice standards in our processing of personal and/or special category personal data (this is also referred to as sensitive personal data).
How we use your information
Gentlemen Tours use the information we receive from you, together with information we have obtained from our dealings with you (including in relation to holiday services we provide to you and/or your use of those services), to provide holiday services that you request, to communicate with you, and to personalise information sent to you.
We do not sell, trade, or rent your personal information to others.
We store all the information you provide to us, including information provided via forms you complete on our website, and information which we may collect from your browsing. Our server, in common with nearly all web servers, logs each page that is downloaded from the site. If you contact us electronically we may collect your electronic identifier, e.g. Internet protocol (IP) address or phone number supplied by your service provider. This is to identify the number of visits to our websites.
We ask for your home, mobile phone number, and email address to enable us to contact you in relation to an enquiry you have made, to contact you if there is a problem with your order, notifying you about important functionality changes to the website, or if there is another genuine reason for doing so.
Sometimes we may need to collect information that the law defines as special category data (also called sensitive personal data). This includes, but is not limited to, information about racial or ethnic origin, sexual orientation, health data, and criminal records. We will not collect or use these types of data without your consent, unless the law allows us to do so. If we do, it will only be when it is necessary as determined by the law and the ICO.
Any new information you provide to us may be used to update an existing record we hold for you. If you provide a work email address we will not be responsible for third parties having access to any communications we send.
We collect credit or debit card details from you in order to pay for a service or product. We will keep such details secure and ensure that the details are only used further with your consent and/or for the purposes of any appropriate refunds.
In the event of phone calls from you, we also reserve the right to ask security questions (which we in our sole discretion deem appropriate) in order to satisfy ourselves that you are who you say you are.
Our own security procedures mean that we may occasionally have to request proof of identity or check your presence on the electoral roll.
Lawful bases for using your information
Before you provide any data to us we will endeavour to make it clear why we need it. Sometimes we may need special category (sensitive) personal data, for example we may need medical information if you ask us to book an easy access room due to a disability. When this is required, we will obtain your consent first. Without this information, we may not be able to fulfil the product or service you have requested.
A customer may properly give their partner’s consent over the phone or via the website providing the customer confirms they have permission to do so. If the consent is written, the spouse must independently endorse such consent via counter signature.
We use the information you provide to us, either orally or in writing and the information we obtain from you through the use of our website, and as a result of our dealings with you (including any data we obtain from third parties) to provide the service requested by you. It may also be used for market research, offering renewals and statistical purposes.
We recognise that we have a legitimate interest in processing the personal data we collect about you for a number of reasons, including, but not limited to: marketing purposes, to enables us to enhance, modify, personalise, or otherwise improve our services, identify and prevent fraud, enhance and protect the security of our network and systems, and market research (e.g. determining the effectiveness of campaigns and the products / services we offer). “Legitimate interests” means the interests of our company in conducting and managing our business to enable us to give you the best service and most secure experience.
When we use your information for our legitimate interests, we make sure to consider and balance any potential impact on you and your data protection rights. Where applicable, legitimate interest assessments are conducted to ensure that these rights are protected.
Keeping you informed about our products and services
When you contact us, we may ask for your permission to contact you about the products and services we offer. Where we have obtained your permission to do so we will contact you by post, telephone, email or other means to tell you about offers, products and services that may be of interest to you.
We also recognise that it is in our legitimate interests to send communications about our products and services, latest offers and rewards, so we may process your information to send you communications that are tailored to your interests.
At any time, you can opt out of receiving such information, revise the products you would like to hear about or change the method we use to communicate with you. You can update these preferences by emailing us on firstname.lastname@example.org
We also use your personal information to make decisions about what products, services and offers we think you may be interested in. This is called profiling for marketing purposes. You can contact us at any time and ask us to stop using your personal information this way. If you allow it, we may show or send you marketing material online (on our own and other websites including social media), or by email, phone or post.
We make outbound phone calls for a number of reasons relating to our holiday products. We are fully committed to the regulations set out by Ofcom and follow strict processes to ensure we comply with them.
We may use personal data, collected in respect of one product to market another product that we may deem appropriate and relevant to you based on the information we have collected.
Sharing your information
As previously mentioned, we do not sell, trade or rent your information, and will never disclose information about you (including information obtained from our dealings with you) to third parties, except:
- a) to fulfil your specific booking for a product or service or information in the event that third parties deliver the relevant product or service or information. For example, if you go on a holiday with us, the hotel and airline needs to know who you are.
- b) where third parties administer part or all of the product or service;
- c) to maintain management information for business analysis.
We may of course be obliged by law to pass on your information to the police or any other statutory or regulatory authority and in some cases, exemptions may apply under relevant data protection legislation, whereby we can legitimately release personal data e.g. to prevent or detect crime or in connection with legal proceedings.
Subsequent to your purchase of a product or service, we may enter into an arrangement for that service to be provided by a new third party. If this happens, the terms and conditions of your contract with us will provide that you consent to the transfer and processing of personal and/or special category personal data to the new provider, subject to the requirements of the GDPR and associated legislation.
If we provide information to a third party (either a provider of a product or service, or an external data processing agency such as a mailing house), we will exercise the strictest control over them contractually, requiring it and any of its agents and/or suppliers to:
- maintain the security and confidentiality of the information and restrict access to those of its own employees
- use the data for the agreed purpose only and prevent it being used for any other purpose by any other party
- refrain from communicating with you other than concerning the product in question
- return the data to us at the conclusion of any contract term, and destroy or delete any copies made of all or any part of the information unless copies are needed to be kept to comply with regulations
In addition, we will restrict the information disclosed to the absolute minimum necessary, for example, to provide the product or service.
Information sent outside the EEA
We provide products and services including holidays outside the EEA. Therefore, if you travel on such holidays the information you provide may occasionally be transferred outside the EEA. From time to time Gentlemen Tours may use service providers and organisations outside the EEA for the purpose of processing services, system testing and maintenance.
It is worth noting, however, that some non-EEA countries do not afford the same level of data security as the UK. We will always use every reasonable effort to ensure sufficient protections are in place to safeguard your personal information.
Amendment and retention of information
Please advise us in writing as to any changes in your circumstances, or if you feel we hold inaccurate information about you so that we can update our records accordingly.
We will hold your personal information in accordance with the principles of the GDPR (and associated legislation) and in line with our Data Retention Policy. We are obliged and permitted by law and regulation to retain certain types of data for a minimum period of time. The minimum period of time tends to be for six years but can be longer if the statute or regulation requires.
Access to your information: You have a statutory right of access to accessible personal and/or sensitive personal data that we hold about you. In order to exercise this right, your application must be in writing, either via letter or email. Please refer to the information you wish to see giving dates if possible. Please note that where relevant we may ask for proof of your identity.
We will not administer Subject Access Requests by a third party unless accompanied by a written authority of the individual who is the subject of the request.
We have one month to respond to a valid request.
Rights related to automated decision making including profiling: We use the information we know about you to make decisions which inform our pricing, fraud prevention and the products and services we can offer. Automated decision making enables us to make efficient and fair decisions, providing a better service for our customers. Whilst you have the right to object to us using your information in this way, this could have an impact on the products or services we may be able to offer you. We use automated decision making in the following areas:
Tailoring our marketing communications – as mentioned previously, we use your personal information to make decisions about what products, services and offers we think you may be interested in. This ensures the communications you receive from us are tailored and relevant to your interests. You can opt out of this at any time by contacting the Data Protection Officer.
The right to erasure: you have the right to request that your personal data is erased and to prevent processing in specific circumstances which are detailed by the ICO.
The right to data portability: you have the right to obtain and reuse the personal data that you have provided to us for your own purposes which includes transferring it to other services.
For further information regarding your rights, or to make a request; please write to email@example.com
You have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you feel your personal information has not been handled correctly. You can do this via contacting firstname.lastname@example.org