Data Protection Privacy Policy
This privacy policy sets out how Fox Private Travel Limited (Fox Private Travel, we, us and our) uses and protects your personal data.
What is the purpose of this privacy policy?
This privacy policy is to give you information about what personal data we collect from you, why we do so and what we will do with this data. It also tells you about some of the key rights which you have under data protection laws. You and your personal data is protected by the Data Protection Act 2018. In this privacy policy, we refer to this legislation and any UK regulations made in connection with it as Data Protection Laws.
We will only process your personal data as set out in our privacy policy or otherwise notified to or agreed by you or as we are otherwise permitted to do in accordance with Data Protection Laws.
Words and expressions used in this privacy policy which have a defined meaning in Data Protection Laws have the same meaning in this privacy policy.
What is our role in relation to your personal data?
For the purposes of Data Protection Laws, Fox Private Travel is a data controller in respect of the personal data you provide us with.
Can this privacy policy be changed?
Yes, from time to time, we may need to make changes to this privacy policy. These may be required as a result of changes in Data Protection Laws or in the guidance issued by regulators such as the Information Commissioner’s Office (which is usually referred to as the ICO) or where we make changes to our procedures. The latest version of this privacy policy can be found on our website: https://www.foxprivatetravel.com/privacy-policy
What personal data will we collect from you, how will we do so and why?
In order to respond to an enquiry, process and fulfil your booking request or send you any information or promotional material, we need to collect personal data from you.
When we refer to personal data, we mean any information which relates to an identified or identifiable individual.
Depending on what’s required, the personal data we collect is likely to include, in respect of all persons travelling, names, title, dates of birth, gender and contact details (such as mobile number, postal and e-mail addresses which will usually be just for the person making the booking (lead name)) as well as credit/debit card details and other payment information.
Personal data collected may also include information relating to any disability, restricted mobility or medical condition which may affect your travel arrangements and dietary restrictions which may disclose your religious beliefs. This sort of information is regarded as sensitive personal data. All references in this privacy policy to personal data include sensitive personal data unless otherwise stated.
Personal data is usually collected by our asking for this on the telephone or by email or your inputting this information on our website. As you interact with our website, we will also automatically collect technical data. Technical data includes your IP address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, device ID and other technology on the devices you use to access our website.
We also collect, use and share aggregated data such as statistical or demographic data which is not personal data as it does not directly or indirectly reveal your identity.
How do we use your personal data?
The law requires us to have a legal basis for collecting and using your personal data. We rely on one or more of the following legal bases:
Performance of a contract with you: Where we need to perform the contract we are about to enter into or have entered into with you.
Legitimate interests: We may use your personal data where it is necessary to conduct our business and pursue our legitimate interests, for example to prevent fraud and enable us to give you the best and most secure customer experience. We make sure we consider and balance any potential impact on you and your rights (both positive and negative) before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
Legal obligation: We may use your personal data where it is necessary for compliance with a legal obligation that we are subject to. We will identify the relevant legal obligation when we rely on this legal basis.
Consent: We rely on consent only where we have obtained your active agreement to use your personal data for a specified purpose, for example if you subscribe to an email newsletter.
Who may we provide your personal data to?
Where you make a booking, appropriate personal data will be passed on to the relevant operator(s) of your chosen arrangements (such as airlines, hotels, activity / excursion operators, car hire companies etc.) together with any other third party (such as banks and/or credit card companies) who need this information so that your chosen arrangements can be provided. Personal data may also be provided to government / public authorities such as customs or immigration if required by them, or as required by law. Certain personal data may also be passed on to security or credit checking companies.
We may also make certain limited personal data available to companies who provide services on our behalf, such as mailing marketing material.
We only provide third parties with the personal data they require in order to deliver their services. Other than government / public authorities (over whom we have no control), we require all third parties to whom we provide your personal data for any reason to keep it secure, treat it in accordance with the law and our instructions and only use it for the purposes of providing their services.
If we cannot pass appropriate personal data to the relevant service providers and other third parties as applicable, we and those service providers will be unable to fulfil your booking. Accordingly, in making your booking request, you consent to personal data being made available to the relevant service providers and other third parties.
Where will we process your personal data?
Your personal data will be stored, used and otherwise processed within the UK. As appropriate for the arrangements you have chosen, it may also be stored, used and otherwise processed in country(ies) of the European Economic Area (EEA) and elsewhere. EEA countries are all member states of the European Union (EU) together with Norway, Iceland and Liechtenstein. We may also store, use or otherwise process personal data outside the EEA.
Data protection laws may not be as strong outside the UK and EEA as they are in the UK and EEA. Personal data will not be transferred to a country outside the UK and EEA unless (1) the country to which it is transferred is one which the UK and/or European Commission considers to provide an adequate level of data protection or (2) the personal data is transferred to a United States company which has signed up to the Safe Harbour scheme or (3) the personal data is transferred to a company which is required by our contract with them only to deal with the data in accordance with our instructions and to maintain appropriate security to protect the personal data which we are satisfied they have or (4) we are obliged to provide the personal data to a government / public authority in order to provide your travel arrangements.
How do we protect your personal data?
We take appropriate technical and organisational measures to protect against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data, which is appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures.
What about international transfers?
We endeavour where possible to only transfer personal data to countries that have been deemed by the UK to provide an adequate level of protection for personal data. Whenever we transfer your personal data out of the UK to service providers and other third parties in countries with laws which do not provide the same level of data protection as UK law, we take steps to ensure appropriate protection is afforded to it. This protection will usually be provided by appropriate contract provisions.
Can we use your personal data to send you information about our services and the travel arrangements we offer in the future?
We will only retain and use your personal data for marketing purposes where you have specifically consented to our doing so. You may provide your consent by opting to receive marketing material by e-mail, on-line or by telephone. You may also choose in what ways you are happy to receive communications from us. You may, for example, be happy to receive information and offers by e-mail but not by telephone.
Can you withdraw your consent to our processing your personal data for marketing purposes?
Yes, you can withdraw your consent to receiving marketing material or other communications from us, either generally or in any particular way, at any time by e-mailing kate@foxprivatetravel.co.uk
How can you find out what information we are holding about you?
You are entitled to ask us by e-mail to kate@foxprivatetravel.com what personal data of yours is being held or processed, for what purpose and to whom it may be or has been disclosed. No fee will be charged for responding to this request unless it is obviously unfounded or excessive or we have previously provided the same information. We promise to respond to your request without delay and in any event within 1 month unless the request is complex or you have made numerous requests in which case we may be able to extend our response time by a further 2 months.
What should you do if the personal data we are holding is inaccurate, out of date or incomplete?
If you believe this is the case, please tell us by e-mail as soon as possible. We will rectify the problem within 1 month or within 3 months if the rectification request is complex.
How long can we retain and process your personal data?
We will not keep and use your personal data in a form which enables you to be personally identified for any longer than is necessary in order to fulfil the purpose for which it was originally collected or for any other legitimate business purpose.
If you have consented to receiving marketing communications from us, we may continue to use your personal data for this purpose until you withdraw your consent or otherwise for as long as we reasonably consider your consent remains valid and effective.
Where you have provided your personal data to enable us to provide the travel arrangements or other services you have contracted, we are entitled to retain this information for a period of 6 years after the end of those arrangements. In certain limited circumstances, we may be able to retain it for a longer period.
Can you ask us to delete your personal data?
Yes, you can ask us to remove your personal data in certain circumstances for example where you have withdrawn your consent to our further using this for marketing purposes. However, this is not always the case. Please see the previous paragraph for further information on the period of time we may retain personal data.
Does our website use cookies?
Yes, as is the common practice, our website uses cookies. A ‘cookie’ is a small data file that our website server stores on your computer in order to collect information about your visit and to remember you when you visit again at a later date. The main purpose of a cookie is to identify users and to personalise their visit by customising web pages for their use. You will receive a warning that a cookie is to be placed on your computer before this happens.
We may also use third parties who will collect data which is not personally identifiable to analyse site visits and carry out other similar activities. In the course of doing so, they may place their own cookies on your computer so that they can collect information about your visit. You may if you wish disable or delete such cookies through your internet browser. However, doing so may mean you will be unable to access our website or parts of it, your experience of our website may be adversely affected and/or you may not receive information which is relevant to your personal interests.
Can we send you marketing communications?
You will receive marketing communications from us if you have requested information or purchased services from us and you have not opted out of receiving marketing material.
We may also analyse your identity, contact information, technical data, usage data (such as your interaction with and use of our website and services) and profile data (such as purchases and orders made and your interests) to form a view om which services and offers may be of interest to you so that we can then send you relevant marketing communications.
What about third party marketing?
We will obtain your express consent before we share your personal data with any third party for their own direct marketing purposes.
How can you opt out of marketing communications?
You can ask us to stop sending you marketing communications at any time by following the opt-out links within any marketing communication sent to you or by contacting kate@foxprivatetravel.com
If you opt out of receiving marketing communications, you will still receive service related ones which are essential for managing any booking you have or for administrative or customer service purposes.
How long will we keep and use your personal data for?
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements.
We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means as well as the applicable legal, regulatory, tax, accounting or other requirements.
By law we have to keep basic information about our customers (including contact, identity, financial and transaction data) for six years after they cease being customers for tax and possible litigation purposes.
In some circumstances, we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
What are your legal rights?
You have a number of rights under Data Protection Laws in relation to your personal data.
You have the right to:
Request access to your personal data (commonly known as a subject access request). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Request deletion of your personal data in certain circumstances. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) as the legal basis for that particular use of your data (including carrying out profiling based on our legitimate interests). In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your right to object.
You also have the absolute right to object any time to the processing of your personal data for direct marketing purposes.
Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain services to you. We will advise you if this is the case at the time you withdraw your consent.
Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in one of the following scenarios:
If you want us to establish the data's accuracy;
Where our use of the data is unlawful but you do not want us to erase it;
Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
What should I do if I have a complaint about the processing of my personal data?
If you have any complaint about the way in which your personal data has been dealt with, please let us know by e-mail to kate@foxprivatetravel.com We will investigate and respond to you as soon as we reasonably can. If you remain dissatisfied, you may complain to the Information Commissioner’s Office. For further details, see www.ico.org.uk
© Copyright MB Solicitors Limited trading as mb LAW, Studio 3, The Quays, Concordia Street, Leeds LS1 4ES tel +44 (0)113 2424444 www.mb-law.co.uk Ref: CGI