PrivacyPolicy

ThisPrivacyPolicysetsouthowwe,HolidayBookingsOnlineLtd,collect,storeanduseinformationaboutyouwhen you use or interact with our websites, www.holiday-bookings-online.com, bookingadmin.com andbooking-system.net (ourwebsites) and where we otherwise obtain or collect information about you. ThisPrivacyPolicyiseffectivefrom1April2018

Contents

• Summary

• Ourdetails

• Informationwecollectwhenyouvisitourwebsite

• Informationwecollectwhenyoucontactus

• Informationwecollectwhenyouinteractwithourwebsite

• Informationwecollectwhenyouplaceanorderonourwebsite• Ouruseofautomateddecision-makingandprofiling• Howwecollectorobtaininformationaboutyoufromthirdparties

• Disclosureandadditionalusesofyourinformation

• Howlongweretainyourinformation

• Howwesecureyourinformation

• TransfersofyourinformationoutsidetheEuropeanEconomicArea

• YourrightsinrelationtoyourinformationHowlongweretainyourinformation

• Yourrighttoobjecttotheprocessingofyourinformationforcertainpurposes

• SensitivePersonalInformation

• ChangestoourPrivacyPolicy

• Children’sPrivacy

• CaliforniaDoNotTrackDisclosures

• Copyright,creditandlogo

Summary

Thissectionsummariseshowweobtain,storeanduseinformationaboutyou.Itisintendedtoprovideaverygeneral overview only. It is not complete in and of itself and it must be read in conjunction with the

correspondingfullsectionsofthisPrivacyPolicy.

• Datacontroller:HolidayBookingsOnlineLtd

• Howwecollectorobtaininformationaboutyou:o when you provide it to us (e.g. by contacting us , placing an order on our website, your

customersmakingbookingsviaourwebsiteandviaouradminwebsite,o fromyouruseofourwebsite,usingcookiesandsimilartechnologies,ando occasionally,fromthirdparties.

• Information we collect: name, contact details, IP address, information from cookies, information

aboutyourcomputerordevice (e.g.deviceandbrowser type), informationabouthowyouuseourwebsite(e.g.whichpagesyouhaveviewed,thetimewhenyouviewthemandwhatyouclickedon,thegeographicallocationfromwhichyouaccessedourwebsite(basedonyourIPaddress),company

nameor business name (if applicable), VAT number (if applicable), details of your properties, yourpropertyprices,youraccountandpropertysettings,yourcustomerdetailsandanyotherinformationyouchoosetocollectfromyourcustomers

• Howweuseyourinformation:foradministrativeandbusinesspurposes(particularlytocontactyouand process orders you place on our website), to improve our business and website, to fulfil ourcontractualobligations,toadvertiseourgoodsandservices,toanalyseyouruseofourwebsite,andinconnectionwithourlegalrightsandobligations.

• Disclosureofyourinformationtothirdparties:onlytotheextentnecessarytorunourbusiness,toour service providers, to fulfil any contracts we enter into with you, where required by law or toenforce our legal rights and where necessary to enable the processing of your bookings andpayments.

• Dowesellyourinformationtothirdparties(otherthaninthecourseofabusinesssaleorpurchase

orsimilarevent):No

• How longwe retain your information: for no longer than necessary, taking into account any legalobligationswe have (e.g. tomaintain records for tax purposes), any other legal basiswe have forusing your information (e.g. your consent, performance of a contract with you or our legitimateinterests as a business). For specific retention periods in relation to certain informationwhichwecollectfromyou,pleaseseethemainsectionbelowentitledHowlongweretainyourinformation.

• Howwesecureyour information:usingappropriate technicalandorganisationalmeasuressuchasstoringyourinformationonsecureservers,encryptingtransfersofdatatoorfromourserversusingSecure Sockets Layer (SSL) technology, encryptingpayments youmakeonor via ourwebsite usingSecureSocketsLayer(SSL)technology,onlygrantingaccesstoyourinformationwherenecessary.

• Use of cookies and similar technologies: we use cookies and similar information-gatheringtechnologies on our website only where necessary for the provision of our services to you, forexample toenableyour customers toplaceonlinebookings. Formore information,pleasevisitourcookiespolicyhere:https://www.holiday-bookings-online.com/HBO_Cookie_Policy.pdf

• Transfers of your information outside the European Economic Area: we will only transfer yourinformationoutsidetheEuropeanEconomicAreaifwearerequiredtodosobylaw

• Use of automated decisionmaking and profiling: we use automated decisionmaking. Automateddecision making is used to enable the display of your availability and prices and to enable yourcustomerstoplacebookings.Itsalsousedtoenableyoutoedityourbookingsandcustomerdetailsviaoursecureadminsite.Wedonotuseautomateddecisionmakingtoplaceadvertisementsorforourmarketingpurposes.

• Yourrightsinrelationtoyourinformationo toaccessyourinformationandtoreceiveinformationaboutitsuseo tohaveyourinformationcorrectedand/orcompletedo tohaveyourinformationdeletedo torestricttheuseofyourinformationo toreceiveyourinformationinaportableformato toobjecttotheuseofyourinformationo towithdrawyourconsenttotheuseofyourinformationo not tohavesignificantdecisionsmadeaboutyoubasedsolelyonautomatedprocessingof

yourinformation,includingprofilingo tocomplaintoasupervisoryauthority

• Sensitive personal information: we do not knowingly or intentionally collect what is commonlyreferred toas ‘sensitivepersonal information’.Pleasedonot submit sensitivepersonal informationaboutyoutous.Formoreinformation,pleaseseethemainsectionbelowentitledSensitivePersonalInformation.

Ourdetails

Thedata controller in respectofourwebsite isHolidayBookingsOnline Ltd (company registrationnumber:5341270of9HighSt.Wellington.Somerset.TA218QT.Youcancontactthedatacontrollerbywritingto9HighSt.Wellington.Somerset.TA218QTorcontactusviatheContactUsformonourwebsite.

IfyouhaveanyquestionsaboutthisPrivacyPolicy,pleasecontactthedatacontroller.

Informationwecollectwhenyouvisitourwebsite

WecollectanduseinformationfromwebsitevisitorsinaccordancewiththissectionandthesectionentitledDisclosureandadditionalusesofyourinformation.

Webserverloginformation

We use a third party dedicated server to host our website called IOMART, the privacy policy of which isavailablehere:www.iomart.com/privacy-policy/.OurwebsiteserverautomaticallylogstheIPaddressyouusetoaccessourwebsiteaswellasother informationaboutyourvisit suchas thepagesaccessed, informationrequested,thedateandtimeoftherequest,thesourceofyouraccesstoourwebsite(e.g.thewebsiteorURL(link)which referred you to ourwebsite), and your browser version and operating system and device typeused.

OurserverislocatedinEngland.

UseofwebsiteserverloginformationforITsecuritypurposes

Weandourthirdpartyhostingprovidercollect(s)andstore(s)server logstoensurenetworkandITsecurityandso that theserverandwebsite remainuncompromised.This includesanalysing log files tohelp identifyandpreventunauthorisedaccesstoournetwork,thedistributionofmaliciouscode,denialofservicesattacksandothercyberattacks,bydetectingunusualorsuspiciousactivity.

Unlessweareinvestigatingsuspiciousorpotentialcriminalactivity,We/wedonotmake,nordoweallowourhostingprovidertomake,anyattempttoidentifyyoufromtheinformationcollectedviaserverlogs.

Legalbasisforprocessing:compliancewithalegalobligationtowhichwearesubject(Article6(1)(c)oftheGeneralDataProtectionRegulation).Legalobligation:recordingaccesstoourwebsiteusingserverlogfilesisanappropriatetechnicalmeasuretoensurealevelofsecurityappropriatetoprotectinformationcollectbyourwebsiteunderArticle32(1)oftheGeneralDataProtectionRegulation.

Useofwebsiteserverloginformationtoanalysewebsiteuseandimproveourwebsite

Weusethe informationcollectedbyourwebsiteserver logstoanalysehowourwebsiteusers interactwithourwebsiteanditsfeatures.Forexample,weanalysethenumberofvisitsanduniquevisitorswereceive,thetimeanddateofthevisit,thelocationofthevisitandtheoperatingsystemandbrowserused

Weusetheinformationgatheredfromtheanalysisofthisinformationtoimproveourwebsite.Forexample,we use the information gathered to change the information, content and structure of our website andindividual pages based according towhat users are engagingmostwith and the duration of time spent onparticularpagesonourwebsite.

Legalbasisforprocessing:ourlegitimateinterests(Article6(1)(f)oftheGeneralDataProtectionRegulation).Legitimateinterest:improvingourwebsiteforourwebsiteusersandgettingtoknowourwebsiteusers’preferencessoourwebsitecanbettermeettheirneedsanddesires.

Cookiesandsimilartechnologies

Cookies are data files which are sent from a website to a browser to record information about users forvariouspurposes.

Weusecookiesandsimilartechnologiesonourwebsite,includingessentialandfunctionalcookies.Forfurtherinformation on how we use cookies, please see our cookies policy which is available here:https://www.holiday-bookings-online.com/HBO_Cookie_Policy.pdf

Youcanrejectsomeorallofthecookiesweuseonorviaourwebsitebychangingyourbrowsersettings,butdoingsocanimpairyourabilitytouseourwebsiteorsomeorallofitsfeatures.Forfurtherinformationaboutcookies, including how to change your browser settings, please visit www.allaboutcookies.org or see ourcookiespolicy.

Informationwecollectwhenyoucontactus

We collect and use information from individuals who contact us in accordance with this section and thesectionentitledDisclosureandadditionalusesofyourinformation.

Email

Whenyousendanemailtotheemailaddressdisplayedonourwebsitewecollectyouremailaddressandanyother information you provide in that email (such as your name, telephone number and the informationcontainedinanysignatureblockinyouremail).

Legalbasisforprocessing:ourlegitimateinterests(Article6(1)(f)oftheGeneralDataProtectionRegulation).Legitimateinterest(s):respondingtoenquiriesandmessageswereceiveandkeepingrecordsofcorrespondence.

Legalbasisforprocessing:necessarytoperformacontractortotakestepsatyourrequesttoenterintoacontract(Article6(1)(b)oftheGeneralDataProtectionRegulation).Reasonwhynecessarytoperformacontract:whereyourmessagerelatestousprovidingyouwithgoodsorservicesortakingstepsatyourrequestpriortoprovidingyouwithourgoodsandservices(forexample,providingyouwithinformationaboutsuchgoodsandservices),wewillprocessyourinformationinordertodoso).

Contactform

Whenyoucontactususingourcontactform,wecollectyourname,emailaddress, IPaddress ,browserandoperating system details.We also collect any other information you provide to uswhen you complete thecontactform,includinganyoptionalinformation,suchas:whetheryouhaveanaccountwithus,whattypeofaccommodationyouofferandyourwebsiteURL.

Ifyoudonotprovidethemandatoryinformationrequiredbyourcontactform,youwillnotbeabletosubmitthecontactformandwewillnotreceiveyourenquiry.

Legalbasisforprocessing:ourlegitimateinterests(Article6(1)(f)oftheGeneralDataProtectionRegulation).Legitimateinterest(s):respondingtoenquiriesandmessageswereceiveandkeepingrecordsofcorrespondence.

Legalbasisforprocessing:necessarytoperformacontractortotakestepsatyourrequesttoenterintoacontract(Article6(1)(b)oftheGeneralDataProtectionRegulation).Reasonwhynecessarytoperformacontract:whereyourmessagerelatestousprovidingyouwithgoodsorservicesortakingstepsatyourrequestpriortoprovidingyouwithourgoodsandservices(forexample,providingyouwithinformationaboutsuchgoodsandservices),wewillprocessyourinformationinordertodoso).

PhoneWhenyoucontactusbyphone,wecollectyourphonenumberandanyinformationprovidetousduringyourconversationwithus.

Wedonotrecordphonecalls.

Legalbasisforprocessing:ourlegitimateinterests(Article6(1)(f)oftheGeneralDataProtectionRegulation)Legitimateinterest(s):respondingtoenquiriesandmessageswereceiveandkeepingrecordsofcorrespondence.

Legalbasisforprocessing:necessarytoperformacontractortotakestepsatyourrequesttoenterintoacontract(Article6(1)(b)oftheGeneralDataProtectionRegulation).Reasonwhynecessarytoperformacontract:whereyourmessagerelatestousprovidingyouwithgoodsorservicesortakingstepsatyourrequestpriortoprovidingyouwithourgoodsandservices(forexample,providingyouwithinformationaboutsuchgoodsandservices),wewillprocessyourinformationinordertodoso).

Post

Ifyoucontactusbypost,wewillcollectanyinformationyouprovidetousinanypostalcommunicationsyousendus.

Legalbasisforprocessing:ourlegitimateinterests(Article6(1)(f)oftheGeneralDataProtectionRegulation)Legitimateinterest(s):respondingtoenquiriesandmessageswereceiveandkeepingrecordsofcorrespondence.

Legalbasisforprocessing:necessarytoperformacontractortotakestepsatyourrequesttoenterintoacontract(Article6(1)(b)oftheGeneralDataProtectionRegulation).Reasonwhynecessarytoperformacontract:whereyourmessagerelatestousprovidingyouwithgoodsorservicesortakingstepsatyourrequestpriortoprovidingyouwithourgoodsandservices(forexample,

providingyouwithinformationaboutsuchgoodsandservices),wewillprocessyourinformationinordertodoso).

Informationwecollectwhenyouinteractwithourwebsite

We collect and use information from individuals who interact with particular features of our website inaccordancewiththissectionandthesectionentitledDisclosureandadditionalusesofyourinformation.

Registeringonourwebsite

Whenyouregisterandcreateanaccountonourwebsite,wecollectthefollowinginformation:emailaddress,IP address, name, post code, website address, telephone number, number of properties and any otherinformationyouprovidetouswhenyoucompletetheregistrationform.

If youdonotprovide themandatory information requiredby the registration form, youwill notbeable toregisterorcreateanaccountonourwebsite.

If you do not supply the optional information requested by our registration form, wemay not be able tovalidateyouraccountandprovideyouwithanaccount.

Legalbasisforprocessing:necessarytoperformacontractortotakestepsatyourrequestpriortoenteringinto a contract (Article 6(1)(b) of the General Data Protection Regulation).Reasonwhynecessarytoperformacontract:creatinganaccountonourwebsiteisnecessarytoallowyoutoaccessthegoodsandservicesyouhavepurchasedfromus

Transferandstorageofyourinformation

Information you submit to us via the registration form on our website will be storedwithin the EuropeanEconomicArea onour third party hosting provider’s servers in England Our third party hosting provider isIOMARTlocatedinEngland.Theirprivacypolicyisavailablehere:https://www.iomart.com/privacy-policy/

Information we collect when you place an order on our

website

Wecollectanduse information from individualswhoplaceanorderonourwebsite inaccordancewith thissectionandthesectionentitledDisclosureandadditionalusesofyourinformation.

Informationcollectedwhenyouplaceanorder

Mandatoryinformation

Whenyouplaceanorder forgoodsorservicesonourwebsite,wecollectyourname,emailaddress,billingaddress,shippingaddress,companyname(ifapplicable),andVATnumber(ifapplicable).

If you do not provide this information, youwill not be able to purchase goods or services from us on ourwebsiteorenterintoacontractwithus.

Legalbasisforprocessing:necessarytoperformacontract(Article6(1)(b)oftheGeneralDataProtectionRegulation).

Reasonwhynecessarytoperformacontract:weneedthemandatoryinformationcollectedbyourcheckoutformtoestablishwhothecontractiswithandtocontactyoutofulfilourobligationsunderthecontract,includingsendingyoureceiptsandorderconfirmations.

Legalbasisforprocessing:compliancewithalegalobligation(Article6(1)(c)oftheGeneralDataProtectionRegulation).Legalobligation:wehavealegalobligationtoissueyouwithaninvoiceforthegoodsandservicesyoupurchasedfromuswhereyouareVATregisteredandwerequirethemandatoryinformationcollectedbyourcheckoutformforthispurpose.

Optionalinformation

Wealsocollectoptional informationfromyou,suchasyourphonenumberand informationabouthowyouheardaboutus.

Legalbasisforprocessing:ourlegitimateinterests(Article6(1)(b)oftheGeneralDataProtectionRegulation).Legitimateinterests:weaskforhowyouheardaboutussowecanimproveyourbusiness’advertisingmethods.Weaskforyourphonenumbertobeabletocontactthecustomerbyphonewhere(ifnecessary)in

relationtotheirorder

Processingyourpayment

Afteryouplaceanorderonourwebsiteyouwillneedtomakepaymentforthegoodsorservicesyouhaveordered.InordertoprocessyourpaymentweusePayPal.

PayPalcollects,usesandprocessesyourinformation,includingpaymentinformation,inaccordancewiththeirprivacy policies. You can access its policies via the following link(s):https://www.paypal.com/en/webapps/mpp/ua/privacy-full.

Transferandstorageofyourinformation

PayPalislocatedinUnitedStatesOfAmerica.InformationrelatingtotheprocessingofyourpaymentisstoredwithintheEuropeanEconomicAreaonourthirdpartypaymentprocessor’sserversinEngland.

ForfurtherinformationaboutthesafeguardsusedwhenyourinformationistransferredoutsidetheEuropeanEconomicArea,seethesectionofthisprivacypolicybelowentitledTransfersofyourinformationoutsidetheEuropeanEconomicArea.

Legalbasisforprocessing:necessarytoperformacontract(Article6(1)(b)oftheGeneralDataProtectionRegulation).Reasonwhynecessarytoperformacontract:tofulfilyourcontractualobligationtopayforthegoodsorservicesyouhaveorderedfromus.

Marketingcommunications

Wedonot sendmarketing communications. Nordoweprovide yourdetails to thirdparties formarketingpurposes.

Informationcollectedorobtainedfromthirdparties

Thissectionsetsouthowweobtainorcollectinformationaboutyoufromthirdparties.

Informationreceivedfromthirdparties

Generally,wedonotreceiveinformationaboutyoufromthirdparties.

Itisalsopossiblethatthirdpartieswithwhomwehavehadnopriorcontactmayprovideuswithinformationaboutyou.

Informationweobtainfromthirdpartieswillgenerallybeyournameandcontactdetails,butwillincludeanyadditionalinformationaboutyouwhichtheyprovidetous.

Legalbasis forprocessing:necessary toperformacontractor to take stepsat your request toenter intoacontract (Article 6(1)(b) of the General Data Protection Regulation).Reasonwhynecessarytoperformacontract:whereathirdpartyhaspassedoninformationaboutyoutous(such as your name and email address) in order for us to provide services to you, we will process yourinformation inorder to takestepsatyour request toenter intoacontractwithyouandperformacontractwithyou(asthecasemaybe).

Legal basis for processing: consent (Article 6(1)(a) of the General Data Protection Regulation).Consent:whereyouhaveaskedthatathirdpartytoshareinformationaboutyouwithusandthepurposeofsharing that information is not related to the performance of a contract or services by us to you, we willprocessyourinformationonthebasisofyourconsent,whichyougivebyaskingthethirdpartyinquestiontopassonyourinformationtous.

Legalbasisforprocessing:ourlegitimateinterests(Article6(1)(f)oftheGeneralDataProtectionRegulation).Legitimate interests: where a third party has shared information about you with us and you have notconsentedtothesharingofthatinformation,wewillhavealegitimateinterestinprocessingthatinformationincertaincircumstances.

Forexample,wewouldhavea legitimate interest inprocessingyour informationtoperformourobligationsunderasub-contractwiththethirdparty,wherethethirdpartyhasthemaincontractwithyou.Ourlegitimateinterestistheperformanceofourobligationsunderoursub-contract.

Similarly,thirdpartiesmaypassoninformationaboutyoutousifyouhaveinfringedorpotentiallyinfringedany of our legal rights. In this case, we will have a legitimate interest in processing that information toinvestigateandpursueanysuchpotentialinfringement.

Wherewereceiveinformationaboutyouinerror

Ifwereceiveinformationaboutyoufromathirdpartyinerrorand/orwedonothavealegalbasisforprocessingthatinformation,wewilldeleteyourinformation.

Informationobtainedbyusfromthirdparties

In certain circumstances (for example, to verify the information we hold about you or obtain missinginformation we require to provide you with a service) we will obtain information about you from certainpublicly accessible sources, both EU and non-EU, such as the electoral register, Companies House, onlinecustomerdatabases,businessdirectories,mediapublications,socialmedia,andwebsitessuchasourown.

Legalbasis forprocessing:necessary toperformacontractor to take stepsat your request toenter intoacontract (Article 6(1)(b) of the General Data Protection Regulation).

Reasonwhynecessarytoperformacontract:whereyouhaveenteredintoacontractorrequestedthatweenter into a contractwith you, in certain circumstances,wewill obtain information about you from publicsources in order to enable us to understand your business and provide services to you or services to asufficientstandard.

Forexample,wewouldobtainand/orverifyyouremailaddressfromyourwebsiteorfromadirectorywhereyouaskustosendyouinformationbyemailbutwedonotpossesstheinformationorweneedtoconfirmthatwehaverecordedyouremailaddresscorrectly.

Legalbasisforprocessing:ourlegitimateinterests(Article6(1)(b)oftheGeneralDataProtectionRegulation).Legitimate interests: in certain circumstances, we will have a legitimate interest in obtaining informationaboutyou frompublicandprivate sources. Forexample, if youhave infringedorwe suspect that youhaveinfringed any of our legal rights,wewill have a legitimate interest in obtaining and processing informationaboutyoufromsuchsourcesinordertoinvestigateandpursueanysuspectedorpotentialinfringement.

Disclosureandadditionalusesofyourinformation

Thissectionsetsoutthecircumstances inwhichwilldisclose informationaboutyoutothirdpartiesandanyadditionalpurposesforwhichweuseyourinformation.

Disclosureofyourinformationtoserviceproviders

Weuseanumberof thirdparties toprovideuswithserviceswhicharenecessary to runourbusinessor toassistuswithrunningourbusinessandwhoprocessyourinformationforusonourbehalf.Theseincludethefollowing:

• Telephone provider(s), including Gradwell and Cygnet Internet Services Ltd. Their privacy policy isavailable here: https://www.gradwell.com/terms-and-conditions/privacy-policy/,https://www.kapow.co.uk/download.html?id=1283

• Emailprovider(s),ourownhostedemailserver.• IT service provider(s), including IOMART. Their privacy policy is available here:

https://www.iomart.com/privacy-policy/• Hosting provider(s), including IOMART and Memset. Their privacy policy is available here:

https://www.iomart.com/privacy-policy/andhttps://www.memset.com/about-us/privacy-policy/

OurthirdpartyserviceprovidersarelocatedEngland

Yourinformationwillbesharedwiththeseserviceproviderswherenecessarytoprovideyouwiththeserviceyouhaverequested,whetherthatisaccessingourwebsiteororderinggoodsandservicesfromus.

Wedonotdisplaytheidentitiesofallofourserviceproviderspubliclybynameforsecurityandcompetitivereasons. Ifyouwould like further informationabout the identitiesofourserviceproviders,however,pleasecontactusdirectlyviaourcontactformorbyemailandwewillprovideyouwithsuchinformationwhereyouhavealegitimatereasonforrequestingit(wherewehavesharedyourinformationwithsuchserviceproviders,forexample).

Legal basis for processing: legitimate interests (Article 6(1)(f) of the General Data Protection Regulation).Legitimate interest relied on:wherewe share your informationwith these third parties in a context otherthanwhere is necessary to performa contract (or take steps at your request to do so),wewill share yourinformationwithsuchthirdpartiesinordertoallowustorunandmanageourbusinessefficiently.

Legalbasisforprocessing:necessarytoperformacontractand/ortotakestepsatyourrequestpriortoenteringintoacontract(Article6(1)(b)oftheGeneralDataProtectionRegulation).Reasonwhynecessarytoperformacontract:wemayneedtoshareinformationwithourserviceproviderstoenableustoperformourobligationsunderthatcontractortotakethestepsyouhaverequestedbeforeweenterintoacontractwithyou.

Disclosureofyourinformationtootherthirdparties

Wediscloseyourinformationtootherthirdpartiesinspecificcircumstances,assetoutbelow.

Providing information to third parties such asGoogle Inc.. Google collects information through our use ofGoogleAnalyticsonourwebsite.Googleuses this information, including IPaddressesand information fromcookies,foranumberofpurposes,suchasimprovingitsGoogleAnalyticsservice.InformationissharedwithGoogle on an aggregated and anonymisedbasis. To findoutmore aboutwhat informationGoogle collects,howitusesthisinformationandhowtocontroltheinformationsenttoGoogle,pleaseseethefollowingpage:https://www.google.com/policies/privacy/partners/

Legalbasisforprocessing:ourlegitimateinterests(Article6(1)(f)oftheGeneralDataProtectionRegulation).Legitimateinterest(s):meetingourcontractualobligationstoGoogleunderourGoogleAnalyticsTermsofService(https://www.google.com/analytics/terms/us.html)

You can opt out of Google Analytics by installing the browser plugin here:https://tools.google.com/dlpage/gaoptout

Sharingyourinformationwiththirdparties,whichareeitherrelatedtoorassociatedwiththerunningofourbusiness, where it is necessary for us to do so. These third parties include our accountants, advisors, andinsurers.Furtherinformationoneachofthesethirdpartiesissetoutbelow.

Legalbasisforprocessing:ourlegitimateinterests(Article6(1)(f)oftheGeneralDataProtectionRegulation).Legitimateinterest:runningandmanagingourbusinessefficiently.

Accountants

We share informationwithour accountants for taxpurposes. For example,we share invoiceswe issue andreceivewithouraccountantsforthepurposeofcompletingtaxreturnsandourendofyearaccounts.

OuraccountantsareTheTaxShop.OuraccountantsarelocatedinEngland.

Advisors

Occasionally, we obtain advice from advisors, such as accountants, financial advisors, lawyers and publicrelationsprofessionals.Wewillshareyour informationwiththesethirdpartiesonlywhere it isnecessarytoenablethesethirdpartiestobeabletoprovideuswiththerelevantadvice.

OuradvisorsareTheTaxShop.OuradvisorsarelocatedinEngland.

Insurers

Wewillshareyour informationwithour insurerswhere it isnecessarytodoso,forexample inrelationtoaclaimorpotentialclaimwereceiveormakeorunderourgeneraldisclosureobligationsunderour insurancecontractwiththem.

Hiscox.OurinsurersarelocatedinEngland.

Legalbasisforprocessing:necessarytoperformacontractortotakestepsatyourrequestpriortoenteringintoacontract(Article6(1)(b)oftheGeneralDataProtectionRegulation).Reasonwhynecessarytoperformacontract:weneedtoshareyourinformationwithothercompaniesinordertobeabletomeetourcontractualobligationstoyouortotakestepsatyourrequestpriortoenteringacontract.,forexamplebecauseoftheservicesorinformationyouhaverequested.

Wedonotdisplaytheidentitiesofalloftheotherthirdpartieswemayshareinformationwithbynameforsecurity and competitive reasons. If you would like further information about the identities of such thirdparties,however,pleasecontactusdirectlyviaourcontactformorbyemailandwewillprovideyouwithsuchinformationwhere you have a legitimate reason for requesting it (wherewehave shared your informationwithsuchthirdparties,forexample).

Wewillshareyourinformationwithaprospectiveoractualpurchaserorsellerinthecontextofabusinessorassetsaleoracquisitionbyus,amergerorsimilarbusinesscombinationevent,whetheractualorpotential.

Legal basis for processing: legitimate interests (Article 6(1)(f) of the General Data Protection Regulation).Legitimateinterest(s):sharingyourinformationwithaprospectivepurchaser,sellerorsimilarpersoninordertoallowsuchatransactiontotakeplace.

Disclosureanduseofyourinformationforlegalreasons

Indicatingpossiblecriminalactsorthreatstopublicsecuritytoacompetentauthority

Ifwesuspectthatcriminalorpotentialcriminalconducthasbeenoccurred,wewill incertaincircumstancesneedtocontactanappropriateauthority,suchasthepolice.Thiscouldbethecase,forinstance,ifwesuspectthatwe fraud or a cyber crime has been committed or if we receive threats ormalicious communicationstowardsusorthirdparties.

Wewillgenerallyonlyneedtoprocessyourinformationforthispurposeifyouwereinvolvedoraffectedbysuchanincidentinsomeway.

Legalbasisforprocessing:ourlegitimateinterests(Article6(1)(f)oftheGeneralDataProtectionRegulation).Legitimateinterests:preventingcrimeorsuspectedcriminalactivity(suchasfraud).

Inconnectionwiththeenforcementorpotentialenforcementourlegalrights

Wewilluseyourinformationinconnectionwiththeenforcementorpotentialenforcementofourlegalrights,including,forexample,sharinginformationwithdebtcollectionagenciesifyoudonotpayamountsowedtouswhenyouarecontractuallyobligedtodoso.Ourlegalrightsmaybecontractual(wherewehaveenteredintoacontractwithyou)ornon-contractual(suchaslegalrightsthatwehaveundercopyrightlawortortlaw).

Legalbasisforprocessing:ourlegitimateinterests(Article6(1)(f)oftheGeneralDataProtectionRegulation).Legitimateinterest:enforcingourlegalrightsandtakingstepstoenforceourlegalrights.

Inconnectionwithalegalorpotentiallegaldisputeorproceedings

Wemayneedtouseyour information ifweare involved inadisputewithyouorathirdpartyforexample,eithertoresolvethedisputeoraspartofanymediation,arbitrationorcourtresolutionorsimilarprocess.

Legalbasisforprocessing:ourlegitimateinterests(Article6(1)(f)oftheGeneralDataProtectionRegulation).Legitimateinterest(s):resolvingdisputesandpotentialdisputes.

Forongoingcompliancewithlaws,regulationsandotherlegalrequirements

Wewilluseandprocessyour information inordertocomplywith legalobligationstowhichwearesubject.Forexample,wemayneedtodiscloseyourinformationpursuanttoacourtorderorsubpoenaifwereceiveoneortotheNationalCrimeAgencyinconnectionwithsuspectedorpotentialmoneylaunderingmatters.

Legalbasisforprocessing:compliancewithalegalobligation(Article6(1)(c)oftheGeneralDataProtectionRegulation).Legalobligation(s):legalobligationstodiscloseinformationwhicharepartofthelawsofEnglandandWalesoriftheyhavebeenintegratedintotheUnitedKingdom’slegalframework(forexampleintheformofaninternationalagreementwhichtheUnitedKingdomhassigned).

Legalbasisforprocessing:ourlegitimateinterests(Article6(1)(f)oftheGeneralDataProtectionRegulation).Legitimateinterest:wherethelegalobligationsarepartofthelawsofanothercountryandhavenotbeenintegratedintotheUnitedKingdom’slegalframework,wehavealegitimateinterestincomplyingwiththeseobligations.

Howlongweretainyourinformation

Thissectionsetsouthowlongweretainyourinformation.Wehavesetoutspecificretentionperiodswherepossible.Wherethathasnotbeenpossible,wehavesetout thecriteriaweusetodeterminetheretentionperiod.

Retentionperiods

Serverloginformation:weretaininformationonourserverlogsforupto24months.

Order information:whenyouplaceanorderforgoodsandservices,weretainthat informationforsixyearsfollowingtheendofthefinancialyearinwhichyouplacedyourorder,inaccordancewithourlegalobligationtokeeprecordsfortaxpurposes.

Correspondenceandenquiries:whenyoumakeanenquiryorcorrespondwithusforanyreason,whetherbyemailorviaourcontactformorbyphone,wewillretainyourinformationforaslongasittakestorespondtoandresolveyourenquiry,andfor36months,afterwhichpointwewilldeleteyourinformation.

SupportQueries:Detailsofsupportquestionssentviaemailoroverthephoneregardingyourareretainedfor36monthsfromthedateofresolutionofthesupportquestion.

CurrentSubscriptions:DataRetentionOfYourBookingAndCustomerData:

Whereyouholdacurrentlivesubscriptionthedatawillberetainedasbelow:

• Yourcustomers’withbookingswillhavetheircustomer,bookingandotherassociateddataretainedforamaximumof7yearsfromthedateofthelastbookingorlastcustomerupdate,whicheveristhelonger.

• Foryourcustomers’whohavenoassociatedbookings,theirdatawillberetainedfor3years.

Youmayviayouradminsystemchoosetoretaincustomerdataforshorterperiods.

ExpiredSubscriptions:DataRetentionOfYourBookingAndCustomerData:

Whereyouraccountwithushasexpiredyourcustomerandtheirassociateddatawillberetainedasbelow:

• Yourcustomers’withbookingswillhavetheircustomer,bookingandotherassociateddataretainedforamaximumof90daysfromthedateofyoursubscriptionendingorfreetrialexpirydate.

• Foryourcustomers’whohavenobookings,theirdatawillberetainedfor90daysfromthedateyoursubscriptionorfreetrialexpired.

Criteriafordeterminingretentionperiods

Inanyothercircumstances,wewillretainyourinformationfornolongerthannecessary,takingintoaccountthefollowing:

• the purpose(s) and use of your information both now and in the future (such as whether it isnecessarytocontinuetostorethatinformationinordertocontinuetoperformourobligationsunderacontractwithyouortocontactyouinthefuture);

• whetherwehaveany legalobligation tocontinue toprocessyour information (suchasany record-keepingobligationsimposedbyrelevantlaworregulation);

• whetherwehaveanylegalbasistocontinuetoprocessyourinformation(suchasyourconsent);• howvaluableyourinformationis(bothnowandinthefuture);• anyrelevantagreedindustrypracticesonhowlonginformationshouldberetained;• thelevelsofrisk,costandliabilityinvolvedwithuscontinuingtoholdtheinformation;• howharditistoensurethattheinformationcanbekeptuptodateandaccurate;and• anyrelevantsurroundingcircumstances(suchasthenatureandstatusofourrelationshipwithyou).

Howwesecureyourinformation

We take appropriate technical and organisational measures to secure your information and to protect itagainstunauthorisedorunlawfuluseandaccidentallossordestruction,including:

• onlysharingandprovidingaccess toyour informationto theminimumextentnecessary, subject toconfidentialityrestrictionswhereappropriate,andonananonymisedbasiswhereverpossible;

• usingsecureserverstostoreyourinformation;• verifying the identity of any individual who requests access to information prior to granting them

accesstoinformation;

• usingSecureSocketsLayer(SSL)softwaretoencryptanyinformationyousubmittousviaanyformsonourwebsiteandanypaymenttransactionsyoumakeonorviaourwebsite;

• onlytransferringyourinformationviaclosedsystemorencrypteddatatransfers;

Transmissionofinformationtousbyemail

Transmissionof informationovertheinternet isnotentirelysecure,andifyousubmitanyinformationtousovertheinternet(whetherbyemail,viaourwebsiteoranyothermeans),youdosoentirelyatyourownrisk.

Wecannotberesponsibleforanycosts,expenses, lossofprofits,harmtoreputation,damages, liabilitiesoranyotherformoflossordamagesufferedbyyouasaresultofyourdecisiontotransmitinformationtousbysuchmeans.

Transfers of your information outside the European

EconomicArea

AllofyourinformationisstoredinthefollowingEuropeanEconomicArea(EEA)countriescountry/countries:UnitedKingdom.

Otherthantocomplywithany legalobligationstowhichwearesubject(compliancewithacourtorder, forexample),wedonotintendtotransferyourinformationoutsidetheEEAortoaninternationalorganisation.Intheunlikelyevent thatweare required to transferyour informationoutside theEEA (or toan internationalorganisation)forsuchapurpose,wewillensureappropriatesafeguardsandprotectionsareinplace.

Yourrightsinrelationtoyourinformation

Subject tocertain limitationsoncertainrights,youhavethefollowingrights inrelationtoyour information,whichyoucanexercisebywritingtoHolidayBookingsOnlineLtd,9HighSt,WellingtonTA218QTorcontactusviatheContactUsformonourwebsite:

• to request access to your information and information related to our use and processing of yourinformation;

• torequestthecorrectionordeletionofyourinformation;• torequestthatwerestrictouruseofyourinformation;• toreceiveinformationwhichyouhaveprovidedtousinastructured,commonlyusedandmachine-

readableformat(e.g.aCSVfile)• toobjecttotheprocessingofyourinformationforcertainpurposes(forfurtherinformation,seethe

section below entitled Your right to object to the processing of your information for certainpurposes);and

• towithdrawyourconsenttoouruseofyourinformationatanytimewherewerelyonyourconsenttouseorprocessthatinformation.Pleasenotethatifyouwithdrawyourconsent,thiswillnotaffectthelawfulnessofouruseandprocessingofyourinformationonthebasisofyourconsentbeforethepointintimewhenyouwithdrawyourconsent.

In accordancewithArticle77of theGeneralDataProtectionRegulation, youalsohave the right to lodgeacomplaintwithasupervisoryauthority,inparticularintheMemberStateofyourhabitualresidence,placeofworkorofanallegedinfringementoftheGeneralDataProtectionRegulation.

For the purposes of the UK, the supervisory authority is the Information Commissioner’s Office (ICO), thecontactdetailsofwhichareavailablehere:https://ico.org.uk/global/contact-us/

Furtherinformationonyourrightsinrelationtoyourpersonaldataasanindividual

Theaboverightsareprovidedinsummaryformonlyandcertainlimitationsapplytomanyoftheserights.Forfurther informationabout your rights in relation to your information, including any limitationswhich apply,pleasevisitthefollowingpagesontheICO’swebsite:

• https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/;and

• https://ico.org.uk/for-the-public/is-my-information-being-handled-correctly/

Youcanalso findout further informationaboutyour rights,aswellas informationonany limitationswhichapplytothoserights,byreadingtheunderlyinglegislationcontainedinArticles12to22and34oftheGeneralData Protection Regulation, which is available here: http://ec.europa.eu/justice/data-protection/reform/files/regulation_oj_en.pdf

Verifyingyouridentitywhereyourequestaccesstoyourinformation

Whereyourequestaccesstoyourinformation,wearerequiredbylawtouseallreasonablemeasurestoverifyyouridentitybeforedoingso.

Thesemeasures are designed to protect your information and to reduce the risk of identity fraud, identitytheftorgeneralunauthorisedaccesstoyourinformation.

Howweverifyyouridentity

Wherewepossessappropriateinformationaboutyouonfile,wewillattempttoverifyyouridentityusingthatinformation.

Ifitisnotpossibletoidentityyoufromsuchinformation,orifwehaveinsufficientinformationaboutyou,wemay requireoriginal or certified copiesof certaindocumentation inorder tobeable to verify your identitybeforeweareabletoprovideyouwithaccesstoyourinformation.

We will be able to confirm the precise information we require to verify your identity in your specificcircumstancesifandwhenyoumakesucharequest.

Your right to object to the processing of your information

forcertainpurposes

Youhavethefollowingrightsinrelationtoyourinformation,whichyoumayexerciseinthesamewayasyoumayexercisebywritingtoHolidayBookingsOnlineLtd,9HighSt,WellingtonTA218QTorcontactusviatheContactUsformonourwebsite:

• toobjecttoususingorprocessingyourinformationwhereweuseorprocessitinordertocarryoutatask in the public interest or for our legitimate interests, including ‘profiling’ (i.e. analysing orpredictingyourbehaviourbasedonyourinformation)basedonanyofthesepurposes;and

• to object to us using or processing your information fordirectmarketing purposes (including anyprofilingweengageinthatisrelatedtosuchdirectmarketing).

For more information on how to object to our use of information collected from cookies and similartechnologies,please see the sectionentitledHow toacceptor reject cookies inour cookiespolicy,which isavailablehere:https://www.holiday-bookings-online.com/HBO_Cookie_Policy.pdf

SensitivePersonalInformation

‘Sensitive personal information’ is information about an individual that reveals their racial or ethnic origin,politicalopinions,religiousorphilosophicalbeliefs,ortradeunionmembership,geneticinformation,biometricinformation for the purpose of uniquely identifying an individual, information concerning health orinformationconcerninganaturalperson’ssexlifeorsexualorientation.

Wedonotknowinglyorintentionallycollectsensitivepersonalinformationfromindividuals,andyoumustnotsubmitsensitivepersonalinformationtous.

If, however, you inadvertently or intentionally transmit sensitive personal information to us, you will beconsidered to have explicitly consented to us processing that sensitive personal information under Article9(2)(a)oftheGeneralDataProtectionRegulation.Wewilluseandprocessyoursensitivepersonalinformationforthepurposesofdeletingit.

ChangestoourPrivacyPolicy

WeupdateandamendourPrivacyPolicyfromtimetotime.

MinorchangestoourPrivacyPolicy

WherewemakeminorchangestoourPrivacyPolicy,wewillupdateourPrivacyPolicywithaneweffectivedatestatedatthebeginningofit.OurprocessingofyourinformationwillbegovernedbythepracticessetoutinthatnewversionofthePrivacyPolicyfromitseffectivedateonwards.

MajorchangestoourPrivacyPolicyorthepurposesforwhichweprocessyourinformation

WherewemakemajorchangestoourPrivacyPolicyorintendtouseyourinformationforanewpurposeoradifferentpurpose than thepurposes forwhichweoriginally collected it,wewillnotifyyoubyemail (wherepossible)orbypostinganoticeonourwebsite.

We will provide you with the information about the change in question and the purpose and any otherrelevantinformationbeforeweuseyourinformationforthatnewpurpose.

Wherever required, we will obtain your prior consent before using your information for a purpose that isdifferentfromthepurposesforwhichweoriginallycollectedit.

Children’sPrivacy

Becausewecareaboutthesafetyandprivacyofchildrenonline,wecomplywiththeChildren’sOnlinePrivacyProtectionActof1998(COPPA).COPPAanditsaccompanyingregulationsprotecttheprivacyofchildrenusingthe internet. We do not knowingly contact or collect information from persons under the age of 18. Thewebsiteisnotintendedtosolicitinformationofanykindfrompersonsundertheageof18.

It is possible thatwe could receive information pertaining to persons under the age of 18 by the fraud ordeception of a third party. If we are notified of this, as soon aswe verify the information, wewill, whererequiredbylawtodoso, immediatelyobtaintheappropriateparentalconsenttousethat informationor, ifweareunabletoobtainsuchparentalconsent,wewilldeletetheinformationfromourservers.Ifyouwouldliketonotifyusofourreceiptofinformationaboutpersonsundertheageof18,pleasedosobycontactingusviatheContactUsformonourwebsite.

CaliforniaDoNotTrackDisclosures

“DoNotTrack”isaprivacypreferencethatuserscansetintheirwebbrowsers.WhenauserturnsonaDoNotTracksignalintheirbrowser,thebrowsersendsamessagetowebsitesrequestingthattheydonottracktheuser.ForinformationaboutDoNotTrack,pleasevisitwww.allaboutdnt.org

Copyright,creditandlogo

This Privacy Policy is based on a General Data Protection Regulation (Regulation (EU) 2016/769) (GDPR)compliant template provided by GDPR Privacy Policy. For further information, please visithttps://gdprprivacypolicy.org

Thecopyright in thisPrivacyPolicy iseitherownedby,or licensedto,usand isprotectedbycopyright lawsaround the world and copyright protection software. All intellectual property rights in this document arereserved.

WherewedisplaytheGDPRPrivacyPolicylogoonourwebsite,thisisusedtoindicatethatwehaveadoptedaprivacypolicytemplateprovidedbyGDPRPrivacyPolicyasthebasisforthisPrivacyPolicy.