Besides essential cookies, if you agree, we’d like to set optional ones that remember your wishlist for your next visit and that provide analytics for us to improve the site and our advertising. A cookie will remember your choice. If you change your mind, click on the ‘cookies’ link at the foot of the page. Learn more
While we try our best to use plain and simple language, we recognise that there will be some jargon. This section aims to provide simple definitions for some of the common privacy terminology;
The legislation with which any personal information processing must comply. In this case, the applicable law is England and Wales.
These are small pieces of data that are placed on your device’s browser (e.g. PC) when you access a website. Cookies are used for a variety of purposes, including enabling features on a website, helping us to understand which parts of our websites are the most popular, where website visitors are going, and how much time they spend there.
Data aggregation is any process in which information is gathered and expressed in a summary form, for purposes such as statistical analysis. A common aggregation purpose is to get more information about particular groups based on specific variables such as age, profession, or income.
A data controller is a person in an organisation that determines how and why personal data is to be “processed” (this includes using, storing and deleting the data). The data controller is responsible for this personal data, and for ensuring that processing of the data fully satisfies the requirements of the applicable law.
A data processor is an organisation that has been contracted to process personal data on behalf of a data controller. Responsibility for the data remains with the data controller, but data processors have contractual obligations to ensure that the processing activities are performed to meet the requirements of the data controller.
Data Protection Act 1998
The Data Protection Act 1998 (DPA 1998) is a UK law that defines the ways in which information or data related to an identified or identifiable person, such as name, age, telephone number, e-mail and mailing address ("Personal Data") may be legally used and handled.
Encryption, such as Secure Sockets Layer (SSL) encryption, is a system for protecting data, used when collecting or transferring sensitive data, such as credit card details or other personal information. Encryption is designed to make the data unreadable by anyone but the intended recipients.
General Data Protection Regulation (GDPR)
The data protection law in the UK changed on 25 May 2018 to align with the rest of the EU. The GDPR is a regulation in EU law on data protection and privacy for all individuals within the European Union. It also addresses the export of personal data outside the EU. The GDPR aims primarily to give control to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.
Hotelplan UK Group Companies
Hotelplan is a large European travel group with headquarters in Switzerland, owned by Migros, the leading Swiss co-operative retailer.
Hotelplan (U.K. Group) Ltd. is the parent company of our award-winning UK family of brands, which includes Inghams, Explore Worldwide, Ski Total, Esprit, Santa’s Lapland – all based in Farnborough, Hampshire – plus Inntravel, based in Whitwell, York.
Personal Information is any information about or relating to a uniquely identifiable individual, and includes:
• information that can be used to identify a specific person
• attributes of an already identified person
• information or attributes that alone may not identify an individual but which can be tied together with other information in Inntravel’s or a Third Party’s possession, or public information, to identify a person
Examples include name, address, phone number, email address, national insurance number, credit card number, driver’s license number, passport number or other government issued ID number, bank account number, race, physical traits, hobbies, usage patterns, family members, income, department and gender of employee when a department may only have one employee of a particular gender.
Personal information management
Personal Information Management is the set of processes and controls used to ensure that personal information is handled appropriately, to meet our internal and legal requirements.
Privacy statement is a legal document that discloses how a company gathers, uses, discloses and manages the personal information provided by an individual (such as a customer, partner, employee or potential employee). While this is a legal document, a privacy statement aims to provide transparency about these information handling practices, so should ideally be written in clear and simple language.
If you would like to unsubscribe from an email sent to you, follow the 'unsubscribe' link and/or instructions placed (typically) at the bottom of the email. If you use more than one email address to shop or contact us, you need to unsubscribe from each email account that you use.
Web beacons, also known as single pixel or clear gif technology, or action tags, tells us which visitors clicked on key elements (such as links or graphics) on an Inntravel web page or email.
These are non-Hotelplan companies contracted to perform functions on our behalf, such as fulfilling bookings, delivering contractual obligations such as airlines, coach companies, hotels etc., sending postal mail and emails, sending text messages (SMS), providing marketing assistance, etc.