Privacy statement

We collect a considerable amount of data about you and this statement sets out how seriously we take your data privacy and security.

Inntravel understands and respects the importance of your privacy. We are committed to safeguarding your personal information and this statement outlines our commitment to you;
• we will be transparent about the information we collect and what we will do with it;
• we will use the information you give us only for the purposes described in our Privacy Statement;
• we will use the information to help understand your needs and provide more relevant offers;
• if you tell us to cease marketing messages, we will stop sending them (albeit we will continue to send important information relating to a product or service you have purchased to keep you informed about your booking and travel itinerary);
• we will put in place measures to protect your information and keep it secure;
• we will respect your data protection rights and aim to give you control over your own information.

We have appointed a Data Privacy Manager ([email protected]) who is responsible for responding to questions you may have. The Hotelplan UK Group has also appointed a Data Protection Officer ([email protected]) who is a point of escalation should you feel your request has not be dealt with satisfactorily by the Data Privacy Manager. If you feel your data has been incorrectly handled, or you are unhappy with our response to any requests you have made, you have the right to make a complaint to the Information Commissioner’s Office (ICO). You can contact them on 0303 123 1113 or go online to www.ico.org.uk/concerns.

Summarises what personal information we collect, and where this information originates.

We may collect information about you when you, or someone acting on your behalf, contact(s) us by phone, email, post or otherwise, and when you correspond with us via our website and online forms. Please note that calls may be recorded for training and quality control purposes. Information that you provide us with can take many forms, including;
• when booking holiday arrangements, we will ask you to provide information such as;
    • your name, gender, date of birth, contact details (postal address, email address and telephone number) and marketing preferences;
    • your preferred rooming arrangements and other special requests (which may include Special Categories of personal data, see below);
    • the name and telephone number of an emergency contact person (whom we will only contact in urgent circumstances while you are away);
    • your travel insurance details;
    • where necessary, we may also request your passport details and other information directly required to provide your holiday arrangements;
• when you call us or correspond with us about your booking, we may record the call and/or keep information on why you contacted us, and the advice we gave you;
• when you make a payment to us, we will receive information from you including details of your payment card or your bank account (this information is processed using a third party payment services provider and is not stored by us);
• on your return from holiday we e-mail or post a satisfaction survey to you. This gives us specific feedback on any issue you may have experienced, and statistical data we can amalgamate in order to monitor the quality of our holidays;
• when you visit us at a public event, such as trade show or exhibition or participate in one of our surveys, competitions or prize draws, we may ask for information, such as your name, contact details, interests and marketing preferences;
• when you use our online services, we may receive content that you choose to upload such as reviews, comments, photos, forum posts or details of your interests and marketing preferences;
• you may also provide us with written or photographic content for us to load on to our website, including reviews and articles.

INFORMATION WE MAY COLLECT FROM OTHER SOURCES
We may also collect information from publicly available sources and third parties, including:
• from a Travel Agent acting on your behalf in the sale of a travel arrangement to you, and sharing some information about you and your purchase with us;
• information about you from other Hotelplan UK Group companies that you interact with;
• payment information from our payment services provider including debit/credit card numbers, bank account and other details in order to issue refunds;
• information relating to your use of any of our social network applications, pages or plugins.

INFORMATION WE MAY COLLECT WHEN YOU USE OUR WEBSITE
Our websites provide us with information about your use, including:
• details of the content that you view and interact with during a browsing session;
• technical information such as, but not limited to, service, product or server logs, IP address, time and location, domain, device and application settings, errors and hardware activity etc;
• interests and preferences that you specify during the curation of your holiday arrangements;
• email/chat communications you have with us may be monitored and logged.

AGGREGATED INFORMATION DERIVED FROM YOUR PERSONAL DATA
We collect, use and share aggregated data such as statistical and demographic data for analytical purposes. Whilst derived from your personal data, it is not considered personal data as this data does not directly or indirectly reveal your identity.

SPECIAL CATEGORIES OF PERSONAL DATA
We may collect, use and share the following special categories of personal data about you only where it is strictly necessary in order to deliver the travel arrangements you have purchased (for example, to assist with visa applications or ensure appropriate food for those with serious/life threatening allergies);
• dietary requirements which may disclose health matters or your religious or philosophical beliefs;
• health, including information about any disability or medical condition which may affect the chosen holiday arrangements.

IF YOU FAIL TO PROVIDE PERSONAL INFORMATION
Should you fail to provide data required either by law, or necessary to provide your chosen travel arrangements, we will not be able to provide the services you have booked or are attempting to book. This may result in Inntravel being unable to process your booking and be forced to cancel the booking. In this case, we will treat this as a ‘cancellation by you’ in accordance with the relevant Booking Terms & Conditions and notify you accordingly.
 
We ask that you please take care when submitting information to us, in particular when completing free text fields or uploading documents and other materials. Some of our services are automated and we may not recognise that you have accidentally provided us with incorrect or sensitive information.

This explains how we may use the information we collect for a wide range of purposes.

We may use the information we collect for a wide range of purposes to ensure we give you the best possible customer experience and ensure the appropriate performance of the contract, including;

GENERAL
• to share your data with third party service providers used in the delivery of your purchased holiday arrangements. These providers will be named on your holiday confirmation and/or in your holiday documentation, and include;
    • accommodation, restaurants and transport providers;
    • local ground partners and agents, where we use them;
    • equipment hire operators, including our cycling partners and ski hire providers;
    • guides, tutors and local attractions where booked on your behalf.
• to provide you with information on our products and services, and also to deal with your requests and enquiries regarding holiday arrangements;
• to contact you if we need more information or if there are changes to your travel arrangements;
• to provide customer care and to deal with any questions or issues that you have prior to, during, or on your return from holiday;
• for staff training and quality assurance purposes;
• to ask for your opinions on our products and services (via ourselves or through a third party agent);
• to conduct prize draws, contests and other promotional offers;
• to consider employing you if you send us your details in response to our recruitment advertising or if you approach us with a speculative employment enquiry.

MARKETING COMMUNICATIONS
We may use your information to send you brochures, newsletters and other communications if you have provided your prior consent or we are permitted under an identified and assessed legitimate interest.

PERSONALISED AND TARGETED CONTENT, RECOMMENDATIONS AND ADVERTISEMENTS
We may use the information we collect to personalise and more effectively target our services, content, recommendations, adverts and communications. For example, you may see an advertisement for a holiday that you have recently viewed on one of our websites when browsing at a later stage.

This personalisation and targeting on our websites or in our online advertisements and communications may make use of cookies set by us or our third party advertising partners. Please see our Cookie Policy for more information.

STATISTICS
We may use your information to create anonymous, aggregated statistics about the use of our websites, products, services and loyalty programs, which we may share with third parties and/or make available to the public.

PRODUCT IMPROVEMENT
We may use your information to develop and improve new and existing products and services, recommendations, advertisements and other communications and learn more about our customers’ holiday preferences in general.

PUBLISH YOUR REVIEWS, COMMENTS AND CONTENT
Where you upload or provide us with product reviews, comments or content to our websites that are publicly visible, we may link to, publish or publicise these materials elsewhere including in our own advertisements.

COMBINING THE INFORMATION WE COLLECT
We may link or combine the information that we collect from the different sources outlined above (including information received from other Hotelplan UK Group companies) via a unique identifier, such as a cookie or email address. We may do this to provide a more seamless customer support whenever you contact us and to provide you with better, personalised services, content, marketing and adverts.

Summarises how your information is shared within Inntravel and with selected third parties that assist with providing your travel arrangements.

We will not use information about you in ways that are not explained in this Privacy Statement. We may share information about you in the following circumstances:

LEGAL AND BUSINESS PURPOSES
• to share your data with third party service providers used in the delivery of your purchased holiday arrangements;
• to disclose to organisations who act as data processors and perform business functions on our behalf. Such business functions include marketing analysis and assessment of customer preferences, payment processing, e-mail newsletter delivery and brochure delivery services;
• to government bodies and law enforcement agencies to prevent fraud, to comply with the law and to meet a reasonable request from such bodies;
• to third parties (including professional advisors) to enforce or defend the legal rights of Inntravel or the terms and conditions of any Inntravel product or service.

ANONYMOUS STATISTICS
We prepare anonymous, aggregate or generic data (including “generic” statistics) for a number of purposes. As we consider that you cannot reasonably be identified from this information, we may share it with trusted third parties such as our partners, advertisers, industry bodies, the media etc.

SHARING OF INFORMATION BY YOU
Some of our online services allow you to upload and share messages, reviews, photos, video and other content and links with others. We will obtain consent if we publish this information on our websites, marketing collateral or social media profiles.

You should not expect any information that you make publicly available to others via our online services to be kept private or confidential and you should always exercise discretion when using such services.

Your information may be transferred, processed or stored by individuals or service providers outside of the European Economic Area. This sets out the precautionary measures and available steps taken to protect your data.

We may need to transfer your data to third parties based outside the EEA and who may process, share and store your personal data in order to fulfil the holiday arrangements you have booked with us. By submitting your personal data, you are acknowledging this transferring, storing and processing.

For all other transfers of data that are unrelated to the provision of holiday arrangements to you, whenever your personal data is transferred outside the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
• we will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission;
• where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe;
• where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US.

Details how we use your personal information to send you marketing communications, and how you can change your marketing preferences.

BROCHURES AND OTHER PRINTED MATERIALS
We sell our holidays directly to customers and so sending out brochures and other marketing communications by post from time-to-time is very important to the way we do business.

We use data we have collected from bookings, brochure requests and other forms of engagement to decide what marketing information our customers may like to receive, and we have identified and assessed this as our Legitimate Interest.

We do however provide an opportunity to opt-out of this direct marketing during the booking or enquiry process and in subsequent communications. You may contact us at any time to opt-out of this direct marketing, full contact details can be found in the “Contact us” section of our Privacy Statement. We have found over the years that the majority of people welcome these communications and, those who do not, are happy to let us know so we can ensure no more are sent.

EMAIL COMMUNICATIONS
When you communicate with us, we may give you the opportunity to subscribe to our weekly email newsletter. Once subscribed, you can choose to unsubscribe at any time:
• to unsubscribe from an email sent to you, follow the ‘unsubscribe’ link and/or instructions placed (typically) at the bottom of the email;
• this method will only unsubscribe specifically for the e-newsletter or other communication received. Should you receive other marketing such as brochure mailings, you will need to opt-out separately by contacting us to change your marketing preferences.

GENERAL
You can contact us using the details in the “Contact us” section below in order to change your marketing preferences at any time.

Please note that despite opting out of marketing communications, you will still receive service communications where necessary, for example, to confirm your booking or to provide you with an update on its status.

If you ask us to stop sending marketing communications, we will retain your personal information for the purposes of indicating that you do not want to receive marketing communications. You may continue to receive postal communications for up to 4 weeks and emails for up to 5 days after your requested change while our systems are fully updated.

Identifies our legal rationale as to why we may collect and process your personal data, which could alternate between contractual obligations, legitimate interest, legal compliance or consent depending on the nature of its use.

We will only process your personal information where we have a legal basis to do so. The legal basis will depend on the reason or reasons we collected and need to use your information. Under EU and UK data protection laws in almost all cases the legal basis will be:
• because we need to use your information to process your booking, fulfil your travel arrangements and otherwise perform the contract we have with you;
• because there is a Legitimate Interest to use your personal information to operate and improve our business as a tour operator and travel provider (a Legitimate Interest assessment is performed prior to making this determination);
• because we need to use your personal information to comply with a legal obligation;
• because you have consented to us using your information.

Explains how long we will keep your personal data to fulfil the purposes described in this statement, and what happens to your data at the end of that retention period.

We will keep your personal information for only as long as needed to fulfil the purposes described in this statement. For example, where you book a holiday with us, we will keep the information related to your booking, so we can fulfil the specific travel arrangements you have made and after that, we will keep the information for a period which enables us to handle or respond to any complaints, queries or concerns relating to the booking and to fulfil our obligations to our third party suppliers who provided your holiday arrangements. The information may also be retained so that we can continue to improve your experience with us while you continue to engage with and purchase from us.

We will actively review the information we hold and delete it securely, or in some cases anonymise it, when there is no longer a legal requirement, business need or customer interest for it to be retained.
By law we have to keep basic information about our customers for legal and tax purposes (including identity, contact, financial and transaction data) for up to 7 years after they cease being customers.

Lists the steps we take to protect your personal information and keep it secure.

We take a number of steps to protect your information from unauthorised access, use or alteration and unlawful destruction, including where appropriate:
• we are PCI compliant when processing your payments;
• we put in place physical, electronic, and procedural safeguards in line with industry standards to limit access to the information we collect about you;
• we monitor our system for possible vulnerabilities and attacks to identify ways to further strengthen our security.

This alerts you to the fact that our websites use cookies placed on your computer to collect and log information and visitor behaviour in order to distinguish you from other users. This helps to optimise performance and personalise content as well as ensuring the site operates efficiently.

Please note that in order for us to provide you with the optimum service, we use ‘Cookies’ on our website. Cookies are small text files sent to your computer when you access our site. The cookies used on our site are anonymous and contain no personal information (such as name and address) or card details, but do identify your computer so that you can navigate our site more easily and our website can remember your preferences. For more information regarding deleting and controlling cookies, please visit www.aboutcookies.org.uk.

Please refer to our Cookie Policy.

Explains how you can access your personal information and outlines your rights, for example requesting corrections and asking us to exclude you from direct marketing.

For a copy of the personal information that we store about you in our customer databases, please contact us using the details given in the “Contact us” section below. You will be asked to provide some proof of identification so that we can verify that it is you making the request.
This is in addition to your legal rights including;
• the right to access a copy of your personal information;
• the right to request the deletion or updating of any inaccurate personal data;
• and the right to object, in certain circumstances, to our processing of your personal data for direct marketing.

If you are concerned that we have not complied with your legal rights or applicable privacy laws, you may contact the Information Commissioner’s Office (www.ico.org.uk) which is the regulator responsible for data protection in the United Kingdom, where Inntravel is located. Alternatively, if you are located outside of the United Kingdom, please contact your local data protection authority.

Explains that our websites may occasionally contain links to or from third-party websites and that this privacy statement and our responsibility does not extend to these other websites.

Our website may contain links to other websites that are not operated by Inntravel. While we try to link to sites that share our high standards and respect for privacy, we are not responsible for the content, security or privacy practices of those websites. You should view the privacy and cookie policies displayed on those websites to find out how your personal information may be used.

Provides contact details for you if we not have answered your questions satisfactorily, or to request what personal data we hold on you.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if any of the details you provide to us should change, during the course of your relationship with us.

If you need further assistance or would like to make a comment, you can contact us in a number of ways:
1. By mail to Data Privacy Manager, Inntravel, Near Castle Howard, York, YO60 7JU, UK
2. By telephone on 01653 617771
3. By email on [email protected]
The appointed Data Protection Officer (DPO) for the Hotelplan UK Group can also be contacted in the following ways;
1. By mail to Data Protection Officer, Mountain House, Station Road, Godalming, Surrey, GU7 1EX, UK
2. By email on [email protected]