Your privacy is paramount to us. This Privacy Notice explains in detail the types of personal data we may collect about you when you interact with us. It also explains how we’ll store and handle that data, and keep it safe.
We know that there’s a lot of information here but we want you to be fully informed about your rights, and how Club Europe uses your data.
We hope the following sections will answer any questions you have but if not, please do get in touch with us.
We will never share your data with a third party for marketing purposes; it’s not how we work.
Personal data refers to information about you, and from which you could be identified. It does not include data where the identity has been removed (anonymous data). There are “special categories” of more personal data which require a higher level of protection.
For the purposes of the General Data Protection Regulations (EU)(2016/679), the Data Protection Act (2018) and all similar or related legislation (“the Data Protection Legislation), Club Europe holidays Ltd is the data controller. We have appointed Tim Johnson as the Data Processing Officer.
To keep things simple, when we refer to “we” and “us” it means Club Europe.
The new laws of data protection set out a number of different reasons for which a company may collect and process your personal data. We believe the following apply to you in terms of how we work:
In specific situations, we can collect and process your data with your consent.
For example, when you tick a box to receive our marketing updates.
In certain circumstances, we need your personal data to comply with our contractual obligations.
For example, in planning and executing your tour, we will need important personal data such as names, emergency mobile contact numbers, passport information and dietary or medical requirements. We use these only to fulfil our contractual obligations and promise to keep them safe
Where we have an ongoing relationship with you, we will use the non sensitive data we store such as email addresses & past tour information to help us keep you informed of our products and social events.
For example, we will look back on previous tour destinations you may have been to and offer new tours that may be relevant.
We will also use your details to send you direct marketing information by email and occasionally post, telling you about products and services that we think might interest you.
You will have the right to unsubscribe at any time and we will respect your preferences.
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
Identity Data: including your first, middle and/or last name, title, date of birth, gender and passport/identity card details.
Contact Data: including your email address, school or club address and telephone numbers, emergency contact details.
Financial Data: Includes payment information, such as bank details, required for us to process your booking.
Transaction Data: includes details about payments to and from you and details of services you have purchased from us.
Special category data: including information relating to disabilities or medical conditions and any dietary restrictions, which may also disclose your religious beliefs.
Profile Data: including your username and password for our portal/website.
Marketing and Communications Data: including your preferences about receiving marketing communications from us and your communication preferences.
Usage Data: including personal data which relates to your usage of our website, products and services.
Technical Data: includes information such as your internet protocol (IP) address, login data, traffic data, weblogs and other communication data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website.
Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to cancel a product or service you have with us.
Direct Interactions: Some of the personal data we hold is collected through direct interactions with you. This includes personal data that you provide when you engage with us, enquire about our products/services or place a booking with us.
Third Parties: We may collect information about you from a third party when required to do so to fulfil our contractual obligations relating to a booking (for example, when you are a confirmed participant/passenger of a confirmed booking).
Automated technologies and interactions: As you interact with our website, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies (see further below and our cookies policy).
The Data Protection Legislation sets out a number of different reasons for which a company may collect and process your personal data. We will only use your personal data where the law allows us to. We believe the following apply to you in terms of how we work:
|Purpose/Activity||Type of Data||Lawful Basis|
In order to carry out our obligations arising in connection with any contract entered into between you and us, including:
To manage our relationship with you, including dealing with any enquiries that you may have.
To administer and protect our business/website (including troubleshooting, data analysis, system maintenance, support, reporting and hosting of data)
To make suggestions and recommendations to you about goods or services that may be of interest to you/marketing
To use data analytics to improve our website, products/services, marketing, customer relationships and experiences
If you have consented to receive marketing communications, we will also use your details to send you direct marketing information by email and occasionally post, telling you about products and services that we think might interest you. You have the right to unsubscribe at any time and we will respect your preferences.
In the course of preparing your tour we are required to share your personal data with trusted third party suppliers such as transport companies, accommodation suppliers, ski suppliers, concert or sport agents etc. for the purpose of performing our contract with you. These suppliers may be located outside of the UK/EEA.
Where data is required to be transferred outside the UK/EEA for the performance of our contract with you, we will take steps to ensure that all personal data is provided with adequate protection and that all transfers of personal data outside the UK/EEA are done lawfully.
Where personal data is transferred outside the EEA, we will ensure that one of the following applies:
In order for you to travel abroad, it may be mandatory (as required by government authorities at the point(s) of departure and/or destination) to disclose and process your information for immigration, border control, security and anti-terrorism purposes, or any other purposes which they determine appropriate. These requirements may differ depending on your destination and you are advised to check. Even if not mandatory, we may exercise our discretion to assist where appropriate.
We may share your personal data with marketing agencies to improve our products and services where we have a lawful basis to do so. We select very carefully our suppliers who process your personal data on our behalf and require that they comply with high security standards for the protection of your personal data.
Through our website we may provide links to third party sites. We are not responsible or liable for the content, privacy policies or services offered by websites or apps other than our website, including those which are linked to from any of the our website. We encourage you to read and familiarise yourself with the privacy policies, terms and conditions and/or other notices on other websites you visit.
Whenever we collect or process your personal data, we’ll only keep it for as long as is necessary for the purpose for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.
At the end of that retention period, your data will either be deleted completely or anonymised, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning.
To determine the appropriate retention period for personal data, we will consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process you personal data and whether we can achieve those purposes though other means.
Some examples of customer data retention periods:
In the case of any booked group, we’ll keep the personal data you give us for five years so we can comply with our legal and contractual obligations. Any sensitive data such as dietary or health conditions or passport information will be deleted at the point at which it is no longer necessary.
If you’ve not booked a trip with us or had any interaction with us for more than five years, you will be flagged as inactive and we’ll contact you to ask whether you want to be kept on our database. Unless you reply to say ‘yes’ within 30 days, we’ll delete or anonymise the personal data associated with it.
We know how much data security matters to all our customers. With this in mind we will treat your data with the utmost care and take all appropriate steps to protect it.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
You have more rights now than ever before and here is an overview of your different rights.
You have the right to:
Request access to your personal data (commonly known as a "data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:
Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
You can contact us to request to exercise these rights at any time as follows:
To ask for your information please contact The Data Protection Officer, Club Europe Ltd, 22-24 Jaggard Way, London SW12 8SG or email email@example.com
To ask for your information to be amended please contact your account manager or simply call us up and we will amend the details.
If we choose not to action your request we will explain to you the reasons for our refusal.
Where we rely on our legitimate interest
In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation.
We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data.
You have the right to stop the use of your personal data for direct marketing activity through all channels, or selected channels. We must always comply with your request.
Checking your identity
To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make under this Privacy Notice.
If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.
If you'd prefer to restrict, block or delete cookies from this website you can use your browser to do this. Visit www.aboutcookies.org to view full details of how to manage cookies on different types of web browsers.
As we work with clients both in the EU and outside of the EU we will aim to treat everyone’s personal data in the same way. The GDPR regulations apply to every member state across the EU, so we all work under the same rules.
Whilst those clients outside of the EU are not directly protected by the GDPR, we will aim to follow the same code and offer you the same assurances.
We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.
If you have any questions about this privacy notice or how we handle your personal information, please contact Tim Johnson on firstname.lastname@example.org.
Updated November 2019