Customer Privacy Notice

1. Background

This Privacy Notice (“Notice”) sets out how Wordsworth Travel Limited, a company incorporated in the United Kingdom, protects the privacy of customer personal information. As an Independent Travel Agency we need to collect, use and disclose personal information in order to perform our business functions and activities, including making and managing travel bookings on behalf of our customers. We are firmly committed to protecting the privacy and confidentiality of personal information and to maintaining various physical, electronic and procedural safeguards to protect personal information in our care.

We will be a registered “data controller” for the purposes of the General Data Protection Regulation 2016/679 (“GDPR”) for any personal information we collect and hold for our customers in connection with our relationship and a “data processor” for any holidays booked through us an agent for a third party travel service provider.

2. What personal information do we collect?

Personal information has the meaning of personal data given under the GDPR. Personal information generally means information which relates to a living individual who can be identified from that information.

Generally, the type of personal information we collect about customers is the information that is needed to facilitate travel arrangements and bookings and to arrange travel related services and/or products on their behalf. We therefore typically process the following types of personal information :

• contact information (such as name, residential/mailing address, telephone number, email address);
• payment account information (credit/debit card details, including card type, card number, security number and expiry date); This information is processed but not stored.
• passport details;
• other details relevant to travel arrangements or required by the relevant travel service provider(s) (e.g. airlines and accommodation or tour providers).

We will only collect sensitive information (e.g. ethnic origin, religion etc) with customer explicit consent and where it is reasonably necessary for, or directly related to, one or more of our functions or activities (e.g. to make travel arrangements), unless we are otherwise required or authorised to do so by law.

3. How do we collect personal information?

We usually collect personal information during the course of the customer relationship with us. We will collect this information directly from the customer unless it is unreasonable or impracticable to do so.

Generally, this collection will occur:

• when the customer deals with us either in person, by telephone, letter, email;
• when the customer visits our website

We may collect personal information :

• when the customer purchases or make enquiries about travel arrangements or other products and services;
• when the customers subscribe to receive marketing from us (e.g. e-newsletters or holiday offers).

In some circumstances, it may be necessary for us to collect personal information from a third party. This includes where a person makes a travel booking on another customer’s behalf which includes travel arrangements to be used by that customer (e.g. a family or group booking). Where this occurs, we will rely on the authority of the person making the travel booking to act on behalf of any other traveller on the booking.

We make every effort to maintain the accuracy and completeness of your personal information which we store and to ensure all personal information is up to date.

4. How do we use personal information?

We will only process customer information, where:

• customers have given consent to such processing (which you may withdraw at any time by contacting us via telephone, letter or email);
• the processing is necessary to provide our services
• the processing is necessary for compliance with our legal obligations; and/or
• the processing is necessary for our legitimate interests or those of any third party recipients that receive your personal information (as detailed in sections 5 below).

Where customers contact us in relation to a travel booking or query, the purpose for which we collect personal information is generally to provide travel advice and/or to assist with booking travel and/or travel related products and services.

When customers book or otherwise arrange travel related products and services through us, we usually act as an agent for the relevant travel service providers (e.g. for a package holiday provider or Cruise Company ). In this case, we process the personal information as necessary so as to provide the services requested from us. This usually includes collecting personal information for our internal purposes as described in this Notice and for the travel service provider for whom we act as agent (e.g. to provide the booked services). For example, if ca customer books a package holiday through us, then we use their personal information to enable the holiday to be booked and disclose it to the holiday provider to enable them to provide the holiday.

We may therefore share information with our travel service providers such as package holiday or cruise companies, car rental, or other providers, who fulfil travel bookings.

Please note that these travel service providers also may use personal information as described in their respective privacy policy. We encourage customers to review the privacy policies of any third-party travel service providers whose products they purchase through us. We will provide with copies of all relevant travel service provider terms, conditions and privacy policies on request.

The purposes for which we collect and process personal information further include

• regulatory reporting and compliance;
• developing and improving our products and services
• servicing our relationship with you by, among other things, creating and maintaining a customer record showing holidays booked. This helps us to build up a customer profile that helps us identify the types of holidays you prefer to help us in any future bookings.
• Gauging customer satisfaction and seeking feedback regarding our relationship with you and/or the service/holiday we have provided;
• internal accounting and administration;
• to comply with our legal obligations and any applicable customs/immigration requirements relating to your travel; and
• other purposes as authorised or required by law (e.g. to prevent a threat to life, health or safety, or to enforce our legal rights).

Where agreed by the customer we may use personal information to send information on travel related issues and special offers that we think may be of interest. These may include, but are not limited to, Newsletters, Special Offers and Special Events.

5. Is personal information disclosed to third parties?

We do not and will not sell, rent out or trade personal information. We will only disclose personal information to third parties in the ways set out in this Notice and, in particular, as set out below, and in accordance with data protection laws. Note that, in this Notice, where we say “disclose”, this includes to transfer, share (including verbally and in writing), send, or otherwise make available or accessible your personal information to another person or entity.

Customer personal information may be disclosed to the following types of third parties:

• travel service providers such as travel companies, tour operators, airlines, hotels, car rental companies, transfer handlers and other service providers relevant to your booking;
• as required or authorised by applicable law, and to comply with our legal obligations;
• customs and immigration to comply with our legal obligations and any applicable customs/immigration requirements relating to your travel;
• government agencies and public authorities to comply with a valid and authorised request, including a court order or other valid legal process;
• various regulatory bodies and law enforcement officials and agencies, including to protect against fraud and for related security purposes; and

Other than the above, we will not disclose personal information without consent unless we reasonably believe that disclosure is necessary to lessen or prevent a threat to life, health or safety of an individual or to public health or safety or for certain action to be undertaken by an enforcement body (e.g. prevention, detection, investigation, prosecution or punishment of criminal offences), or where such disclosure is authorised or required by law (including applicable privacy / data protection laws).

6. Security of information

We are committed to safeguarding and protecting personal information and will implement and maintain appropriate technical and organisational measures to ensure a level of security appropriate to protect any personal information provided to us from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal information transmitted, stored or otherwise processed.

Wordsworth Travel has implemented various physical, electronic and managerial security procedures in order to protect the personal information it holds from loss and misuse, and from unauthorised access, modification, disclosure and interference. We regularly review security and will strive to protect your personal information as fully as we protect our own confidential information. In particular we have implemented the following procedures to safeguard your information:-

• Implementation of effective firewall and virus checks on all computers
• Computer set up to automatically receive updates to further avoid any virus issues
• Staff are only allowed access to personal information they need to do their job in providing services to you
• Regular data back ups are taken and kept in a safe and separate location.
• All information removed from old computers before disposal
• No group emails sent revealing other recipient addresses
• All confidential waste is shredded before being recycled
• Premises alarmed during non- opening times

7. How long do we retain your personal information

We will retain customer personal information whilst they are still receiving services from us, unless they request for it to be removed from our database. This will be reviewed on an annual basis. Bookings information will be retained for a period of 5 years after the completion of the booking. This is in line with the current regulations for the storage of financial business data.

8. Customer rights in relation to the personal information we collect

Under the General Data Protection Regulation (GDPR) and The Data Protection Act 2018 (DPA) customers have a number of rights with regard to personal data. They have the right to request from us access to and rectification or erasure of personal data, the right to restrict processing, object to processing as well as in certain circumstances the right to data portability.

If they have provided consent for the processing of data they have the right (in certain circumstances) to withdraw that consent at any time which will not affect the lawfulness of the processing before their consent was withdrawn.

Customers have the right to lodge a complaint to the Information Commissioners’ Office if they believe that we have not complied with the requirements of the GDPR or DPA 18 with regard to their personal data.

Please note that, if customers request that we restrict or stop using personal information we hold on them or withdraw a consent they have previously given to the processing of such information, this may affect or negatively impact our ability to provide services to them.

For example, most travel bookings must be made under the traveller's full name and must include contact details and appropriate identification We cannot make bookings without that information.

Customers can opt out at any time from any of our travel related communications via post or email. On the email they can ‘Unsubscribe’ at the bottom of the communication and their data will be omitted from our database automatically. If they choose to unsubscribe from our posted travel related communications they will need to contact us via telephone, letter or email to inform us of their decision

9. Feedback / Complaints / Contact

If customers have any enquiries, comments or complaints about this Notice or our handling of their personal information, or wish to inform us of a change or correction to their personal information, please contact us using the details set out at the beginning of this notice:

We will respond to any enquiries or complaints received as soon as practicable and no later than one month after your notification.

10. Changes to our Notice

We may amend this Notice from time to time. If we make a change to the Notice, the revised version will be posted on our website and be available for viewing at our offices. Major changes to the notice will be notified to all relevant customers and stakeholders.

This Privacy Notice was last updated on 10 May 2018.