hbo privacy policy.docx - holiday bookings online ltd · obligations we have (e.g. to maintain...
TRANSCRIPT
PrivacyPolicy
ThisPrivacyPolicysetsouthowwe,HolidayBookingsOnlineLtd,collect,storeanduseinformationaboutyouwhen you use or interact with our websites, www.holiday-bookings-online.com, bookingadmin.com andbooking-system.net (ourwebsites) and where we otherwise obtain or collect information about you. ThisPrivacyPolicyiseffectivefrom1April2018
Contents
• Summary
• Ourdetails
• Informationwecollectwhenyouvisitourwebsite
• Informationwecollectwhenyoucontactus
• Informationwecollectwhenyouinteractwithourwebsite
• Informationwecollectwhenyouplaceanorderonourwebsite• Ouruseofautomateddecision-makingandprofiling• Howwecollectorobtaininformationaboutyoufromthirdparties
• Disclosureandadditionalusesofyourinformation
• Howlongweretainyourinformation
• Howwesecureyourinformation
• TransfersofyourinformationoutsidetheEuropeanEconomicArea
• YourrightsinrelationtoyourinformationHowlongweretainyourinformation
• Yourrighttoobjecttotheprocessingofyourinformationforcertainpurposes
• SensitivePersonalInformation
• ChangestoourPrivacyPolicy
• Children’sPrivacy
• CaliforniaDoNotTrackDisclosures
• Copyright,creditandlogo
Summary
Thissectionsummariseshowweobtain,storeanduseinformationaboutyou.Itisintendedtoprovideaverygeneral overview only. It is not complete in and of itself and it must be read in conjunction with the
correspondingfullsectionsofthisPrivacyPolicy.
• Datacontroller:HolidayBookingsOnlineLtd
• Howwecollectorobtaininformationaboutyou:o when you provide it to us (e.g. by contacting us , placing an order on our website, your
customersmakingbookingsviaourwebsiteandviaouradminwebsite,o fromyouruseofourwebsite,usingcookiesandsimilartechnologies,ando occasionally,fromthirdparties.
• Information we collect: name, contact details, IP address, information from cookies, information
aboutyourcomputerordevice (e.g.deviceandbrowser type), informationabouthowyouuseourwebsite(e.g.whichpagesyouhaveviewed,thetimewhenyouviewthemandwhatyouclickedon,thegeographicallocationfromwhichyouaccessedourwebsite(basedonyourIPaddress),company
nameor business name (if applicable), VAT number (if applicable), details of your properties, yourpropertyprices,youraccountandpropertysettings,yourcustomerdetailsandanyotherinformationyouchoosetocollectfromyourcustomers
• Howweuseyourinformation:foradministrativeandbusinesspurposes(particularlytocontactyouand process orders you place on our website), to improve our business and website, to fulfil ourcontractualobligations,toadvertiseourgoodsandservices,toanalyseyouruseofourwebsite,andinconnectionwithourlegalrightsandobligations.
• Disclosureofyourinformationtothirdparties:onlytotheextentnecessarytorunourbusiness,toour service providers, to fulfil any contracts we enter into with you, where required by law or toenforce our legal rights and where necessary to enable the processing of your bookings andpayments.
• Dowesellyourinformationtothirdparties(otherthaninthecourseofabusinesssaleorpurchase
orsimilarevent):No
• How longwe retain your information: for no longer than necessary, taking into account any legalobligationswe have (e.g. tomaintain records for tax purposes), any other legal basiswe have forusing your information (e.g. your consent, performance of a contract with you or our legitimateinterests as a business). For specific retention periods in relation to certain informationwhichwecollectfromyou,pleaseseethemainsectionbelowentitledHowlongweretainyourinformation.
• Howwesecureyour information:usingappropriate technicalandorganisationalmeasuressuchasstoringyourinformationonsecureservers,encryptingtransfersofdatatoorfromourserversusingSecure Sockets Layer (SSL) technology, encryptingpayments youmakeonor via ourwebsite usingSecureSocketsLayer(SSL)technology,onlygrantingaccesstoyourinformationwherenecessary.
• Use of cookies and similar technologies: we use cookies and similar information-gatheringtechnologies on our website only where necessary for the provision of our services to you, forexample toenableyour customers toplaceonlinebookings. Formore information,pleasevisitourcookiespolicyhere:https://www.holiday-bookings-online.com/HBO_Cookie_Policy.pdf
• Transfers of your information outside the European Economic Area: we will only transfer yourinformationoutsidetheEuropeanEconomicAreaifwearerequiredtodosobylaw
• Use of automated decisionmaking and profiling: we use automated decisionmaking. Automateddecision making is used to enable the display of your availability and prices and to enable yourcustomerstoplacebookings.Itsalsousedtoenableyoutoedityourbookingsandcustomerdetailsviaoursecureadminsite.Wedonotuseautomateddecisionmakingtoplaceadvertisementsorforourmarketingpurposes.
• Yourrightsinrelationtoyourinformationo toaccessyourinformationandtoreceiveinformationaboutitsuseo tohaveyourinformationcorrectedand/orcompletedo tohaveyourinformationdeletedo torestricttheuseofyourinformationo toreceiveyourinformationinaportableformato toobjecttotheuseofyourinformationo towithdrawyourconsenttotheuseofyourinformationo not tohavesignificantdecisionsmadeaboutyoubasedsolelyonautomatedprocessingof
yourinformation,includingprofilingo tocomplaintoasupervisoryauthority
• Sensitive personal information: we do not knowingly or intentionally collect what is commonlyreferred toas ‘sensitivepersonal information’.Pleasedonot submit sensitivepersonal informationaboutyoutous.Formoreinformation,pleaseseethemainsectionbelowentitledSensitivePersonalInformation.
Ourdetails
Thedata controller in respectofourwebsite isHolidayBookingsOnline Ltd (company registrationnumber:5341270of9HighSt.Wellington.Somerset.TA218QT.Youcancontactthedatacontrollerbywritingto9HighSt.Wellington.Somerset.TA218QTorcontactusviatheContactUsformonourwebsite.
IfyouhaveanyquestionsaboutthisPrivacyPolicy,pleasecontactthedatacontroller.
Informationwecollectwhenyouvisitourwebsite
WecollectanduseinformationfromwebsitevisitorsinaccordancewiththissectionandthesectionentitledDisclosureandadditionalusesofyourinformation.
Webserverloginformation
We use a third party dedicated server to host our website called IOMART, the privacy policy of which isavailablehere:www.iomart.com/privacy-policy/.OurwebsiteserverautomaticallylogstheIPaddressyouusetoaccessourwebsiteaswellasother informationaboutyourvisit suchas thepagesaccessed, informationrequested,thedateandtimeoftherequest,thesourceofyouraccesstoourwebsite(e.g.thewebsiteorURL(link)which referred you to ourwebsite), and your browser version and operating system and device typeused.
OurserverislocatedinEngland.
UseofwebsiteserverloginformationforITsecuritypurposes
Weandourthirdpartyhostingprovidercollect(s)andstore(s)server logstoensurenetworkandITsecurityandso that theserverandwebsite remainuncompromised.This includesanalysing log files tohelp identifyandpreventunauthorisedaccesstoournetwork,thedistributionofmaliciouscode,denialofservicesattacksandothercyberattacks,bydetectingunusualorsuspiciousactivity.
Unlessweareinvestigatingsuspiciousorpotentialcriminalactivity,We/wedonotmake,nordoweallowourhostingprovidertomake,anyattempttoidentifyyoufromtheinformationcollectedviaserverlogs.
Legalbasisforprocessing:compliancewithalegalobligationtowhichwearesubject(Article6(1)(c)oftheGeneralDataProtectionRegulation).Legalobligation:recordingaccesstoourwebsiteusingserverlogfilesisanappropriatetechnicalmeasuretoensurealevelofsecurityappropriatetoprotectinformationcollectbyourwebsiteunderArticle32(1)oftheGeneralDataProtectionRegulation.
Useofwebsiteserverloginformationtoanalysewebsiteuseandimproveourwebsite
Weusethe informationcollectedbyourwebsiteserver logstoanalysehowourwebsiteusers interactwithourwebsiteanditsfeatures.Forexample,weanalysethenumberofvisitsanduniquevisitorswereceive,thetimeanddateofthevisit,thelocationofthevisitandtheoperatingsystemandbrowserused
Weusetheinformationgatheredfromtheanalysisofthisinformationtoimproveourwebsite.Forexample,we use the information gathered to change the information, content and structure of our website andindividual pages based according towhat users are engagingmostwith and the duration of time spent onparticularpagesonourwebsite.
Legalbasisforprocessing:ourlegitimateinterests(Article6(1)(f)oftheGeneralDataProtectionRegulation).Legitimateinterest:improvingourwebsiteforourwebsiteusersandgettingtoknowourwebsiteusers’preferencessoourwebsitecanbettermeettheirneedsanddesires.
Cookiesandsimilartechnologies
Cookies are data files which are sent from a website to a browser to record information about users forvariouspurposes.
Weusecookiesandsimilartechnologiesonourwebsite,includingessentialandfunctionalcookies.Forfurtherinformation on how we use cookies, please see our cookies policy which is available here:https://www.holiday-bookings-online.com/HBO_Cookie_Policy.pdf
Youcanrejectsomeorallofthecookiesweuseonorviaourwebsitebychangingyourbrowsersettings,butdoingsocanimpairyourabilitytouseourwebsiteorsomeorallofitsfeatures.Forfurtherinformationaboutcookies, including how to change your browser settings, please visit www.allaboutcookies.org or see ourcookiespolicy.
Informationwecollectwhenyoucontactus
We collect and use information from individuals who contact us in accordance with this section and thesectionentitledDisclosureandadditionalusesofyourinformation.
Whenyousendanemailtotheemailaddressdisplayedonourwebsitewecollectyouremailaddressandanyother information you provide in that email (such as your name, telephone number and the informationcontainedinanysignatureblockinyouremail).
Legalbasisforprocessing:ourlegitimateinterests(Article6(1)(f)oftheGeneralDataProtectionRegulation).Legitimateinterest(s):respondingtoenquiriesandmessageswereceiveandkeepingrecordsofcorrespondence.
Legalbasisforprocessing:necessarytoperformacontractortotakestepsatyourrequesttoenterintoacontract(Article6(1)(b)oftheGeneralDataProtectionRegulation).Reasonwhynecessarytoperformacontract:whereyourmessagerelatestousprovidingyouwithgoodsorservicesortakingstepsatyourrequestpriortoprovidingyouwithourgoodsandservices(forexample,providingyouwithinformationaboutsuchgoodsandservices),wewillprocessyourinformationinordertodoso).
Contactform
Whenyoucontactususingourcontactform,wecollectyourname,emailaddress, IPaddress ,browserandoperating system details.We also collect any other information you provide to uswhen you complete thecontactform,includinganyoptionalinformation,suchas:whetheryouhaveanaccountwithus,whattypeofaccommodationyouofferandyourwebsiteURL.
Ifyoudonotprovidethemandatoryinformationrequiredbyourcontactform,youwillnotbeabletosubmitthecontactformandwewillnotreceiveyourenquiry.
Legalbasisforprocessing:ourlegitimateinterests(Article6(1)(f)oftheGeneralDataProtectionRegulation).Legitimateinterest(s):respondingtoenquiriesandmessageswereceiveandkeepingrecordsofcorrespondence.
Legalbasisforprocessing:necessarytoperformacontractortotakestepsatyourrequesttoenterintoacontract(Article6(1)(b)oftheGeneralDataProtectionRegulation).Reasonwhynecessarytoperformacontract:whereyourmessagerelatestousprovidingyouwithgoodsorservicesortakingstepsatyourrequestpriortoprovidingyouwithourgoodsandservices(forexample,providingyouwithinformationaboutsuchgoodsandservices),wewillprocessyourinformationinordertodoso).
PhoneWhenyoucontactusbyphone,wecollectyourphonenumberandanyinformationprovidetousduringyourconversationwithus.
Wedonotrecordphonecalls.
Legalbasisforprocessing:ourlegitimateinterests(Article6(1)(f)oftheGeneralDataProtectionRegulation)Legitimateinterest(s):respondingtoenquiriesandmessageswereceiveandkeepingrecordsofcorrespondence.
Legalbasisforprocessing:necessarytoperformacontractortotakestepsatyourrequesttoenterintoacontract(Article6(1)(b)oftheGeneralDataProtectionRegulation).Reasonwhynecessarytoperformacontract:whereyourmessagerelatestousprovidingyouwithgoodsorservicesortakingstepsatyourrequestpriortoprovidingyouwithourgoodsandservices(forexample,providingyouwithinformationaboutsuchgoodsandservices),wewillprocessyourinformationinordertodoso).
Post
Ifyoucontactusbypost,wewillcollectanyinformationyouprovidetousinanypostalcommunicationsyousendus.
Legalbasisforprocessing:ourlegitimateinterests(Article6(1)(f)oftheGeneralDataProtectionRegulation)Legitimateinterest(s):respondingtoenquiriesandmessageswereceiveandkeepingrecordsofcorrespondence.
Legalbasisforprocessing:necessarytoperformacontractortotakestepsatyourrequesttoenterintoacontract(Article6(1)(b)oftheGeneralDataProtectionRegulation).Reasonwhynecessarytoperformacontract:whereyourmessagerelatestousprovidingyouwithgoodsorservicesortakingstepsatyourrequestpriortoprovidingyouwithourgoodsandservices(forexample,
providingyouwithinformationaboutsuchgoodsandservices),wewillprocessyourinformationinordertodoso).
Informationwecollectwhenyouinteractwithourwebsite
We collect and use information from individuals who interact with particular features of our website inaccordancewiththissectionandthesectionentitledDisclosureandadditionalusesofyourinformation.
Registeringonourwebsite
Whenyouregisterandcreateanaccountonourwebsite,wecollectthefollowinginformation:emailaddress,IP address, name, post code, website address, telephone number, number of properties and any otherinformationyouprovidetouswhenyoucompletetheregistrationform.
If youdonotprovide themandatory information requiredby the registration form, youwill notbeable toregisterorcreateanaccountonourwebsite.
If you do not supply the optional information requested by our registration form, wemay not be able tovalidateyouraccountandprovideyouwithanaccount.
Legalbasisforprocessing:necessarytoperformacontractortotakestepsatyourrequestpriortoenteringinto a contract (Article 6(1)(b) of the General Data Protection Regulation).Reasonwhynecessarytoperformacontract:creatinganaccountonourwebsiteisnecessarytoallowyoutoaccessthegoodsandservicesyouhavepurchasedfromus
Transferandstorageofyourinformation
Information you submit to us via the registration form on our website will be storedwithin the EuropeanEconomicArea onour third party hosting provider’s servers in England Our third party hosting provider isIOMARTlocatedinEngland.Theirprivacypolicyisavailablehere:https://www.iomart.com/privacy-policy/
Information we collect when you place an order on our
website
Wecollectanduse information from individualswhoplaceanorderonourwebsite inaccordancewith thissectionandthesectionentitledDisclosureandadditionalusesofyourinformation.
Informationcollectedwhenyouplaceanorder
Mandatoryinformation
Whenyouplaceanorder forgoodsorservicesonourwebsite,wecollectyourname,emailaddress,billingaddress,shippingaddress,companyname(ifapplicable),andVATnumber(ifapplicable).
If you do not provide this information, youwill not be able to purchase goods or services from us on ourwebsiteorenterintoacontractwithus.
Legalbasisforprocessing:necessarytoperformacontract(Article6(1)(b)oftheGeneralDataProtectionRegulation).
Reasonwhynecessarytoperformacontract:weneedthemandatoryinformationcollectedbyourcheckoutformtoestablishwhothecontractiswithandtocontactyoutofulfilourobligationsunderthecontract,includingsendingyoureceiptsandorderconfirmations.
Legalbasisforprocessing:compliancewithalegalobligation(Article6(1)(c)oftheGeneralDataProtectionRegulation).Legalobligation:wehavealegalobligationtoissueyouwithaninvoiceforthegoodsandservicesyoupurchasedfromuswhereyouareVATregisteredandwerequirethemandatoryinformationcollectedbyourcheckoutformforthispurpose.
Optionalinformation
Wealsocollectoptional informationfromyou,suchasyourphonenumberand informationabouthowyouheardaboutus.
Legalbasisforprocessing:ourlegitimateinterests(Article6(1)(b)oftheGeneralDataProtectionRegulation).Legitimateinterests:weaskforhowyouheardaboutussowecanimproveyourbusiness’advertisingmethods.Weaskforyourphonenumbertobeabletocontactthecustomerbyphonewhere(ifnecessary)in
relationtotheirorder
Processingyourpayment
Afteryouplaceanorderonourwebsiteyouwillneedtomakepaymentforthegoodsorservicesyouhaveordered.InordertoprocessyourpaymentweusePayPal.
PayPalcollects,usesandprocessesyourinformation,includingpaymentinformation,inaccordancewiththeirprivacy policies. You can access its policies via the following link(s):https://www.paypal.com/en/webapps/mpp/ua/privacy-full.
Transferandstorageofyourinformation
PayPalislocatedinUnitedStatesOfAmerica.InformationrelatingtotheprocessingofyourpaymentisstoredwithintheEuropeanEconomicAreaonourthirdpartypaymentprocessor’sserversinEngland.
ForfurtherinformationaboutthesafeguardsusedwhenyourinformationistransferredoutsidetheEuropeanEconomicArea,seethesectionofthisprivacypolicybelowentitledTransfersofyourinformationoutsidetheEuropeanEconomicArea.
Legalbasisforprocessing:necessarytoperformacontract(Article6(1)(b)oftheGeneralDataProtectionRegulation).Reasonwhynecessarytoperformacontract:tofulfilyourcontractualobligationtopayforthegoodsorservicesyouhaveorderedfromus.
Marketingcommunications
Wedonot sendmarketing communications. Nordoweprovide yourdetails to thirdparties formarketingpurposes.
Informationcollectedorobtainedfromthirdparties
Thissectionsetsouthowweobtainorcollectinformationaboutyoufromthirdparties.
Informationreceivedfromthirdparties
Generally,wedonotreceiveinformationaboutyoufromthirdparties.
Itisalsopossiblethatthirdpartieswithwhomwehavehadnopriorcontactmayprovideuswithinformationaboutyou.
Informationweobtainfromthirdpartieswillgenerallybeyournameandcontactdetails,butwillincludeanyadditionalinformationaboutyouwhichtheyprovidetous.
Legalbasis forprocessing:necessary toperformacontractor to take stepsat your request toenter intoacontract (Article 6(1)(b) of the General Data Protection Regulation).Reasonwhynecessarytoperformacontract:whereathirdpartyhaspassedoninformationaboutyoutous(such as your name and email address) in order for us to provide services to you, we will process yourinformation inorder to takestepsatyour request toenter intoacontractwithyouandperformacontractwithyou(asthecasemaybe).
Legal basis for processing: consent (Article 6(1)(a) of the General Data Protection Regulation).Consent:whereyouhaveaskedthatathirdpartytoshareinformationaboutyouwithusandthepurposeofsharing that information is not related to the performance of a contract or services by us to you, we willprocessyourinformationonthebasisofyourconsent,whichyougivebyaskingthethirdpartyinquestiontopassonyourinformationtous.
Legalbasisforprocessing:ourlegitimateinterests(Article6(1)(f)oftheGeneralDataProtectionRegulation).Legitimate interests: where a third party has shared information about you with us and you have notconsentedtothesharingofthatinformation,wewillhavealegitimateinterestinprocessingthatinformationincertaincircumstances.
Forexample,wewouldhavea legitimate interest inprocessingyour informationtoperformourobligationsunderasub-contractwiththethirdparty,wherethethirdpartyhasthemaincontractwithyou.Ourlegitimateinterestistheperformanceofourobligationsunderoursub-contract.
Similarly,thirdpartiesmaypassoninformationaboutyoutousifyouhaveinfringedorpotentiallyinfringedany of our legal rights. In this case, we will have a legitimate interest in processing that information toinvestigateandpursueanysuchpotentialinfringement.
Wherewereceiveinformationaboutyouinerror
Ifwereceiveinformationaboutyoufromathirdpartyinerrorand/orwedonothavealegalbasisforprocessingthatinformation,wewilldeleteyourinformation.
Informationobtainedbyusfromthirdparties
In certain circumstances (for example, to verify the information we hold about you or obtain missinginformation we require to provide you with a service) we will obtain information about you from certainpublicly accessible sources, both EU and non-EU, such as the electoral register, Companies House, onlinecustomerdatabases,businessdirectories,mediapublications,socialmedia,andwebsitessuchasourown.
Legalbasis forprocessing:necessary toperformacontractor to take stepsat your request toenter intoacontract (Article 6(1)(b) of the General Data Protection Regulation).
Reasonwhynecessarytoperformacontract:whereyouhaveenteredintoacontractorrequestedthatweenter into a contractwith you, in certain circumstances,wewill obtain information about you from publicsources in order to enable us to understand your business and provide services to you or services to asufficientstandard.
Forexample,wewouldobtainand/orverifyyouremailaddressfromyourwebsiteorfromadirectorywhereyouaskustosendyouinformationbyemailbutwedonotpossesstheinformationorweneedtoconfirmthatwehaverecordedyouremailaddresscorrectly.
Legalbasisforprocessing:ourlegitimateinterests(Article6(1)(b)oftheGeneralDataProtectionRegulation).Legitimate interests: in certain circumstances, we will have a legitimate interest in obtaining informationaboutyou frompublicandprivate sources. Forexample, if youhave infringedorwe suspect that youhaveinfringed any of our legal rights,wewill have a legitimate interest in obtaining and processing informationaboutyoufromsuchsourcesinordertoinvestigateandpursueanysuspectedorpotentialinfringement.
Disclosureandadditionalusesofyourinformation
Thissectionsetsoutthecircumstances inwhichwilldisclose informationaboutyoutothirdpartiesandanyadditionalpurposesforwhichweuseyourinformation.
Disclosureofyourinformationtoserviceproviders
Weuseanumberof thirdparties toprovideuswithserviceswhicharenecessary to runourbusinessor toassistuswithrunningourbusinessandwhoprocessyourinformationforusonourbehalf.Theseincludethefollowing:
• Telephone provider(s), including Gradwell and Cygnet Internet Services Ltd. Their privacy policy isavailable here: https://www.gradwell.com/terms-and-conditions/privacy-policy/,https://www.kapow.co.uk/download.html?id=1283
• Emailprovider(s),ourownhostedemailserver.• IT service provider(s), including IOMART. Their privacy policy is available here:
https://www.iomart.com/privacy-policy/• Hosting provider(s), including IOMART and Memset. Their privacy policy is available here:
https://www.iomart.com/privacy-policy/andhttps://www.memset.com/about-us/privacy-policy/
OurthirdpartyserviceprovidersarelocatedEngland
Yourinformationwillbesharedwiththeseserviceproviderswherenecessarytoprovideyouwiththeserviceyouhaverequested,whetherthatisaccessingourwebsiteororderinggoodsandservicesfromus.
Wedonotdisplaytheidentitiesofallofourserviceproviderspubliclybynameforsecurityandcompetitivereasons. Ifyouwould like further informationabout the identitiesofourserviceproviders,however,pleasecontactusdirectlyviaourcontactformorbyemailandwewillprovideyouwithsuchinformationwhereyouhavealegitimatereasonforrequestingit(wherewehavesharedyourinformationwithsuchserviceproviders,forexample).
Legal basis for processing: legitimate interests (Article 6(1)(f) of the General Data Protection Regulation).Legitimate interest relied on:wherewe share your informationwith these third parties in a context otherthanwhere is necessary to performa contract (or take steps at your request to do so),wewill share yourinformationwithsuchthirdpartiesinordertoallowustorunandmanageourbusinessefficiently.
Legalbasisforprocessing:necessarytoperformacontractand/ortotakestepsatyourrequestpriortoenteringintoacontract(Article6(1)(b)oftheGeneralDataProtectionRegulation).Reasonwhynecessarytoperformacontract:wemayneedtoshareinformationwithourserviceproviderstoenableustoperformourobligationsunderthatcontractortotakethestepsyouhaverequestedbeforeweenterintoacontractwithyou.
Disclosureofyourinformationtootherthirdparties
Wediscloseyourinformationtootherthirdpartiesinspecificcircumstances,assetoutbelow.
Providing information to third parties such asGoogle Inc.. Google collects information through our use ofGoogleAnalyticsonourwebsite.Googleuses this information, including IPaddressesand information fromcookies,foranumberofpurposes,suchasimprovingitsGoogleAnalyticsservice.InformationissharedwithGoogle on an aggregated and anonymisedbasis. To findoutmore aboutwhat informationGoogle collects,howitusesthisinformationandhowtocontroltheinformationsenttoGoogle,pleaseseethefollowingpage:https://www.google.com/policies/privacy/partners/
Legalbasisforprocessing:ourlegitimateinterests(Article6(1)(f)oftheGeneralDataProtectionRegulation).Legitimateinterest(s):meetingourcontractualobligationstoGoogleunderourGoogleAnalyticsTermsofService(https://www.google.com/analytics/terms/us.html)
You can opt out of Google Analytics by installing the browser plugin here:https://tools.google.com/dlpage/gaoptout
Sharingyourinformationwiththirdparties,whichareeitherrelatedtoorassociatedwiththerunningofourbusiness, where it is necessary for us to do so. These third parties include our accountants, advisors, andinsurers.Furtherinformationoneachofthesethirdpartiesissetoutbelow.
Legalbasisforprocessing:ourlegitimateinterests(Article6(1)(f)oftheGeneralDataProtectionRegulation).Legitimateinterest:runningandmanagingourbusinessefficiently.
Accountants
We share informationwithour accountants for taxpurposes. For example,we share invoiceswe issue andreceivewithouraccountantsforthepurposeofcompletingtaxreturnsandourendofyearaccounts.
OuraccountantsareTheTaxShop.OuraccountantsarelocatedinEngland.
Advisors
Occasionally, we obtain advice from advisors, such as accountants, financial advisors, lawyers and publicrelationsprofessionals.Wewillshareyour informationwiththesethirdpartiesonlywhere it isnecessarytoenablethesethirdpartiestobeabletoprovideuswiththerelevantadvice.
OuradvisorsareTheTaxShop.OuradvisorsarelocatedinEngland.
Insurers
Wewillshareyour informationwithour insurerswhere it isnecessarytodoso,forexample inrelationtoaclaimorpotentialclaimwereceiveormakeorunderourgeneraldisclosureobligationsunderour insurancecontractwiththem.
Hiscox.OurinsurersarelocatedinEngland.
Legalbasisforprocessing:necessarytoperformacontractortotakestepsatyourrequestpriortoenteringintoacontract(Article6(1)(b)oftheGeneralDataProtectionRegulation).Reasonwhynecessarytoperformacontract:weneedtoshareyourinformationwithothercompaniesinordertobeabletomeetourcontractualobligationstoyouortotakestepsatyourrequestpriortoenteringacontract.,forexamplebecauseoftheservicesorinformationyouhaverequested.
Wedonotdisplaytheidentitiesofalloftheotherthirdpartieswemayshareinformationwithbynameforsecurity and competitive reasons. If you would like further information about the identities of such thirdparties,however,pleasecontactusdirectlyviaourcontactformorbyemailandwewillprovideyouwithsuchinformationwhere you have a legitimate reason for requesting it (wherewehave shared your informationwithsuchthirdparties,forexample).
Wewillshareyourinformationwithaprospectiveoractualpurchaserorsellerinthecontextofabusinessorassetsaleoracquisitionbyus,amergerorsimilarbusinesscombinationevent,whetheractualorpotential.
Legal basis for processing: legitimate interests (Article 6(1)(f) of the General Data Protection Regulation).Legitimateinterest(s):sharingyourinformationwithaprospectivepurchaser,sellerorsimilarpersoninordertoallowsuchatransactiontotakeplace.
Disclosureanduseofyourinformationforlegalreasons
Indicatingpossiblecriminalactsorthreatstopublicsecuritytoacompetentauthority
Ifwesuspectthatcriminalorpotentialcriminalconducthasbeenoccurred,wewill incertaincircumstancesneedtocontactanappropriateauthority,suchasthepolice.Thiscouldbethecase,forinstance,ifwesuspectthatwe fraud or a cyber crime has been committed or if we receive threats ormalicious communicationstowardsusorthirdparties.
Wewillgenerallyonlyneedtoprocessyourinformationforthispurposeifyouwereinvolvedoraffectedbysuchanincidentinsomeway.
Legalbasisforprocessing:ourlegitimateinterests(Article6(1)(f)oftheGeneralDataProtectionRegulation).Legitimateinterests:preventingcrimeorsuspectedcriminalactivity(suchasfraud).
Inconnectionwiththeenforcementorpotentialenforcementourlegalrights
Wewilluseyourinformationinconnectionwiththeenforcementorpotentialenforcementofourlegalrights,including,forexample,sharinginformationwithdebtcollectionagenciesifyoudonotpayamountsowedtouswhenyouarecontractuallyobligedtodoso.Ourlegalrightsmaybecontractual(wherewehaveenteredintoacontractwithyou)ornon-contractual(suchaslegalrightsthatwehaveundercopyrightlawortortlaw).
Legalbasisforprocessing:ourlegitimateinterests(Article6(1)(f)oftheGeneralDataProtectionRegulation).Legitimateinterest:enforcingourlegalrightsandtakingstepstoenforceourlegalrights.
Inconnectionwithalegalorpotentiallegaldisputeorproceedings
Wemayneedtouseyour information ifweare involved inadisputewithyouorathirdpartyforexample,eithertoresolvethedisputeoraspartofanymediation,arbitrationorcourtresolutionorsimilarprocess.
Legalbasisforprocessing:ourlegitimateinterests(Article6(1)(f)oftheGeneralDataProtectionRegulation).Legitimateinterest(s):resolvingdisputesandpotentialdisputes.
Forongoingcompliancewithlaws,regulationsandotherlegalrequirements
Wewilluseandprocessyour information inordertocomplywith legalobligationstowhichwearesubject.Forexample,wemayneedtodiscloseyourinformationpursuanttoacourtorderorsubpoenaifwereceiveoneortotheNationalCrimeAgencyinconnectionwithsuspectedorpotentialmoneylaunderingmatters.
Legalbasisforprocessing:compliancewithalegalobligation(Article6(1)(c)oftheGeneralDataProtectionRegulation).Legalobligation(s):legalobligationstodiscloseinformationwhicharepartofthelawsofEnglandandWalesoriftheyhavebeenintegratedintotheUnitedKingdom’slegalframework(forexampleintheformofaninternationalagreementwhichtheUnitedKingdomhassigned).
Legalbasisforprocessing:ourlegitimateinterests(Article6(1)(f)oftheGeneralDataProtectionRegulation).Legitimateinterest:wherethelegalobligationsarepartofthelawsofanothercountryandhavenotbeenintegratedintotheUnitedKingdom’slegalframework,wehavealegitimateinterestincomplyingwiththeseobligations.
Howlongweretainyourinformation
Thissectionsetsouthowlongweretainyourinformation.Wehavesetoutspecificretentionperiodswherepossible.Wherethathasnotbeenpossible,wehavesetout thecriteriaweusetodeterminetheretentionperiod.
Retentionperiods
Serverloginformation:weretaininformationonourserverlogsforupto24months.
Order information:whenyouplaceanorderforgoodsandservices,weretainthat informationforsixyearsfollowingtheendofthefinancialyearinwhichyouplacedyourorder,inaccordancewithourlegalobligationtokeeprecordsfortaxpurposes.
Correspondenceandenquiries:whenyoumakeanenquiryorcorrespondwithusforanyreason,whetherbyemailorviaourcontactformorbyphone,wewillretainyourinformationforaslongasittakestorespondtoandresolveyourenquiry,andfor36months,afterwhichpointwewilldeleteyourinformation.
SupportQueries:Detailsofsupportquestionssentviaemailoroverthephoneregardingyourareretainedfor36monthsfromthedateofresolutionofthesupportquestion.
CurrentSubscriptions:DataRetentionOfYourBookingAndCustomerData:
Whereyouholdacurrentlivesubscriptionthedatawillberetainedasbelow:
• Yourcustomers’withbookingswillhavetheircustomer,bookingandotherassociateddataretainedforamaximumof7yearsfromthedateofthelastbookingorlastcustomerupdate,whicheveristhelonger.
• Foryourcustomers’whohavenoassociatedbookings,theirdatawillberetainedfor3years.
Youmayviayouradminsystemchoosetoretaincustomerdataforshorterperiods.
ExpiredSubscriptions:DataRetentionOfYourBookingAndCustomerData:
Whereyouraccountwithushasexpiredyourcustomerandtheirassociateddatawillberetainedasbelow:
• Yourcustomers’withbookingswillhavetheircustomer,bookingandotherassociateddataretainedforamaximumof90daysfromthedateofyoursubscriptionendingorfreetrialexpirydate.
• Foryourcustomers’whohavenobookings,theirdatawillberetainedfor90daysfromthedateyoursubscriptionorfreetrialexpired.
Criteriafordeterminingretentionperiods
Inanyothercircumstances,wewillretainyourinformationfornolongerthannecessary,takingintoaccountthefollowing:
• the purpose(s) and use of your information both now and in the future (such as whether it isnecessarytocontinuetostorethatinformationinordertocontinuetoperformourobligationsunderacontractwithyouortocontactyouinthefuture);
• whetherwehaveany legalobligation tocontinue toprocessyour information (suchasany record-keepingobligationsimposedbyrelevantlaworregulation);
• whetherwehaveanylegalbasistocontinuetoprocessyourinformation(suchasyourconsent);• howvaluableyourinformationis(bothnowandinthefuture);• anyrelevantagreedindustrypracticesonhowlonginformationshouldberetained;• thelevelsofrisk,costandliabilityinvolvedwithuscontinuingtoholdtheinformation;• howharditistoensurethattheinformationcanbekeptuptodateandaccurate;and• anyrelevantsurroundingcircumstances(suchasthenatureandstatusofourrelationshipwithyou).
Howwesecureyourinformation
We take appropriate technical and organisational measures to secure your information and to protect itagainstunauthorisedorunlawfuluseandaccidentallossordestruction,including:
• onlysharingandprovidingaccess toyour informationto theminimumextentnecessary, subject toconfidentialityrestrictionswhereappropriate,andonananonymisedbasiswhereverpossible;
• usingsecureserverstostoreyourinformation;• verifying the identity of any individual who requests access to information prior to granting them
accesstoinformation;
• usingSecureSocketsLayer(SSL)softwaretoencryptanyinformationyousubmittousviaanyformsonourwebsiteandanypaymenttransactionsyoumakeonorviaourwebsite;
• onlytransferringyourinformationviaclosedsystemorencrypteddatatransfers;
Transmissionofinformationtousbyemail
Transmissionof informationovertheinternet isnotentirelysecure,andifyousubmitanyinformationtousovertheinternet(whetherbyemail,viaourwebsiteoranyothermeans),youdosoentirelyatyourownrisk.
Wecannotberesponsibleforanycosts,expenses, lossofprofits,harmtoreputation,damages, liabilitiesoranyotherformoflossordamagesufferedbyyouasaresultofyourdecisiontotransmitinformationtousbysuchmeans.
Transfers of your information outside the European
EconomicArea
AllofyourinformationisstoredinthefollowingEuropeanEconomicArea(EEA)countriescountry/countries:UnitedKingdom.
Otherthantocomplywithany legalobligationstowhichwearesubject(compliancewithacourtorder, forexample),wedonotintendtotransferyourinformationoutsidetheEEAortoaninternationalorganisation.Intheunlikelyevent thatweare required to transferyour informationoutside theEEA (or toan internationalorganisation)forsuchapurpose,wewillensureappropriatesafeguardsandprotectionsareinplace.
Yourrightsinrelationtoyourinformation
Subject tocertain limitationsoncertainrights,youhavethefollowingrights inrelationtoyour information,whichyoucanexercisebywritingtoHolidayBookingsOnlineLtd,9HighSt,WellingtonTA218QTorcontactusviatheContactUsformonourwebsite:
• to request access to your information and information related to our use and processing of yourinformation;
• torequestthecorrectionordeletionofyourinformation;• torequestthatwerestrictouruseofyourinformation;• toreceiveinformationwhichyouhaveprovidedtousinastructured,commonlyusedandmachine-
readableformat(e.g.aCSVfile)• toobjecttotheprocessingofyourinformationforcertainpurposes(forfurtherinformation,seethe
section below entitled Your right to object to the processing of your information for certainpurposes);and
• towithdrawyourconsenttoouruseofyourinformationatanytimewherewerelyonyourconsenttouseorprocessthatinformation.Pleasenotethatifyouwithdrawyourconsent,thiswillnotaffectthelawfulnessofouruseandprocessingofyourinformationonthebasisofyourconsentbeforethepointintimewhenyouwithdrawyourconsent.
In accordancewithArticle77of theGeneralDataProtectionRegulation, youalsohave the right to lodgeacomplaintwithasupervisoryauthority,inparticularintheMemberStateofyourhabitualresidence,placeofworkorofanallegedinfringementoftheGeneralDataProtectionRegulation.
For the purposes of the UK, the supervisory authority is the Information Commissioner’s Office (ICO), thecontactdetailsofwhichareavailablehere:https://ico.org.uk/global/contact-us/
Furtherinformationonyourrightsinrelationtoyourpersonaldataasanindividual
Theaboverightsareprovidedinsummaryformonlyandcertainlimitationsapplytomanyoftheserights.Forfurther informationabout your rights in relation to your information, including any limitationswhich apply,pleasevisitthefollowingpagesontheICO’swebsite:
• https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/;and
• https://ico.org.uk/for-the-public/is-my-information-being-handled-correctly/
Youcanalso findout further informationaboutyour rights,aswellas informationonany limitationswhichapplytothoserights,byreadingtheunderlyinglegislationcontainedinArticles12to22and34oftheGeneralData Protection Regulation, which is available here: http://ec.europa.eu/justice/data-protection/reform/files/regulation_oj_en.pdf
Verifyingyouridentitywhereyourequestaccesstoyourinformation
Whereyourequestaccesstoyourinformation,wearerequiredbylawtouseallreasonablemeasurestoverifyyouridentitybeforedoingso.
Thesemeasures are designed to protect your information and to reduce the risk of identity fraud, identitytheftorgeneralunauthorisedaccesstoyourinformation.
Howweverifyyouridentity
Wherewepossessappropriateinformationaboutyouonfile,wewillattempttoverifyyouridentityusingthatinformation.
Ifitisnotpossibletoidentityyoufromsuchinformation,orifwehaveinsufficientinformationaboutyou,wemay requireoriginal or certified copiesof certaindocumentation inorder tobeable to verify your identitybeforeweareabletoprovideyouwithaccesstoyourinformation.
We will be able to confirm the precise information we require to verify your identity in your specificcircumstancesifandwhenyoumakesucharequest.
Your right to object to the processing of your information
forcertainpurposes
Youhavethefollowingrightsinrelationtoyourinformation,whichyoumayexerciseinthesamewayasyoumayexercisebywritingtoHolidayBookingsOnlineLtd,9HighSt,WellingtonTA218QTorcontactusviatheContactUsformonourwebsite:
• toobjecttoususingorprocessingyourinformationwhereweuseorprocessitinordertocarryoutatask in the public interest or for our legitimate interests, including ‘profiling’ (i.e. analysing orpredictingyourbehaviourbasedonyourinformation)basedonanyofthesepurposes;and
• to object to us using or processing your information fordirectmarketing purposes (including anyprofilingweengageinthatisrelatedtosuchdirectmarketing).
For more information on how to object to our use of information collected from cookies and similartechnologies,please see the sectionentitledHow toacceptor reject cookies inour cookiespolicy,which isavailablehere:https://www.holiday-bookings-online.com/HBO_Cookie_Policy.pdf
SensitivePersonalInformation
‘Sensitive personal information’ is information about an individual that reveals their racial or ethnic origin,politicalopinions,religiousorphilosophicalbeliefs,ortradeunionmembership,geneticinformation,biometricinformation for the purpose of uniquely identifying an individual, information concerning health orinformationconcerninganaturalperson’ssexlifeorsexualorientation.
Wedonotknowinglyorintentionallycollectsensitivepersonalinformationfromindividuals,andyoumustnotsubmitsensitivepersonalinformationtous.
If, however, you inadvertently or intentionally transmit sensitive personal information to us, you will beconsidered to have explicitly consented to us processing that sensitive personal information under Article9(2)(a)oftheGeneralDataProtectionRegulation.Wewilluseandprocessyoursensitivepersonalinformationforthepurposesofdeletingit.
ChangestoourPrivacyPolicy
WeupdateandamendourPrivacyPolicyfromtimetotime.
MinorchangestoourPrivacyPolicy
WherewemakeminorchangestoourPrivacyPolicy,wewillupdateourPrivacyPolicywithaneweffectivedatestatedatthebeginningofit.OurprocessingofyourinformationwillbegovernedbythepracticessetoutinthatnewversionofthePrivacyPolicyfromitseffectivedateonwards.
MajorchangestoourPrivacyPolicyorthepurposesforwhichweprocessyourinformation
WherewemakemajorchangestoourPrivacyPolicyorintendtouseyourinformationforanewpurposeoradifferentpurpose than thepurposes forwhichweoriginally collected it,wewillnotifyyoubyemail (wherepossible)orbypostinganoticeonourwebsite.
We will provide you with the information about the change in question and the purpose and any otherrelevantinformationbeforeweuseyourinformationforthatnewpurpose.
Wherever required, we will obtain your prior consent before using your information for a purpose that isdifferentfromthepurposesforwhichweoriginallycollectedit.
Children’sPrivacy
Becausewecareaboutthesafetyandprivacyofchildrenonline,wecomplywiththeChildren’sOnlinePrivacyProtectionActof1998(COPPA).COPPAanditsaccompanyingregulationsprotecttheprivacyofchildrenusingthe internet. We do not knowingly contact or collect information from persons under the age of 18. Thewebsiteisnotintendedtosolicitinformationofanykindfrompersonsundertheageof18.
It is possible thatwe could receive information pertaining to persons under the age of 18 by the fraud ordeception of a third party. If we are notified of this, as soon aswe verify the information, wewill, whererequiredbylawtodoso, immediatelyobtaintheappropriateparentalconsenttousethat informationor, ifweareunabletoobtainsuchparentalconsent,wewilldeletetheinformationfromourservers.Ifyouwouldliketonotifyusofourreceiptofinformationaboutpersonsundertheageof18,pleasedosobycontactingusviatheContactUsformonourwebsite.
CaliforniaDoNotTrackDisclosures
“DoNotTrack”isaprivacypreferencethatuserscansetintheirwebbrowsers.WhenauserturnsonaDoNotTracksignalintheirbrowser,thebrowsersendsamessagetowebsitesrequestingthattheydonottracktheuser.ForinformationaboutDoNotTrack,pleasevisitwww.allaboutdnt.org
Copyright,creditandlogo
This Privacy Policy is based on a General Data Protection Regulation (Regulation (EU) 2016/769) (GDPR)compliant template provided by GDPR Privacy Policy. For further information, please visithttps://gdprprivacypolicy.org
Thecopyright in thisPrivacyPolicy iseitherownedby,or licensedto,usand isprotectedbycopyright lawsaround the world and copyright protection software. All intellectual property rights in this document arereserved.
WherewedisplaytheGDPRPrivacyPolicylogoonourwebsite,thisisusedtoindicatethatwehaveadoptedaprivacypolicytemplateprovidedbyGDPRPrivacyPolicyasthebasisforthisPrivacyPolicy.