About Cheap Holidays privacy notice
1. Hays Travel is committed to respecting your privacy and protecting your personal information. This privacy notice sets out:
• When we collect personal information about you;
• What types of personal information we collect;
• Why we collect it;
• How we keep it safe;
• Who we share personal information with; and
• Your rights and choices about the personal information that we hold.
2. This privacy notice has been updated to reflect GDPR (the General Data Protection Regulation) coming into effect in May 2018.
When we collect personal information about you
3. We collect personal information about you whenever you make a booking or otherwise interact with in person or via telephone, our websites, email or other contact methods (whether directly with us or through agents acting on our behalf).
The types of personal data we collect and why we collect it
|Type of personal data||Why we collect it|
|Personal and contact details||To be able to make and fulfil your booking.|
To communicate with you about your booking.
|Passport information||To complete required Advance Passenger Information or Electronic Travel Authorisations.|
To arrange visas.
To obtain boarding cards.
|Information about medical conditions||So that suppliers can provide assistance / provide special arrangements.|
To be able to arrange assistance in a medical or other emergency.
So that travel insurers can provide cover.
|Ad-hoc information about, for example, interests, special occasions, special requests.||To arrange or provide services tailored to your requirements.|
|Payment information||To be able to process your payment.|
|Information about past and current bookings||To arrange or provide services tailored to your requirements.|
To communicate in a relevant way.
For purposes of accounting, reporting, analysis and regulatory disclosures.
|Correspondence, including complaints||To assist customers in relation to their travel arrangements and to handle complaints.|
|Call Recordings||Staff Development / Identifying errors and issues.|
Evidence of what was said.
Our legal basis for using your personal information
5. We will only process your personal information where we have a legal basis to do so. Depending on the circumstances, the legal basis will almost always be one or more of the following:
• so that we can make and fulfil your booking or otherwise perform our contract with you;
• because it is in our legitimate interests to use your personal information to operate and improve our business as a travel agency;
• to comply with a legal obligation;
• to protect the vital interests of you or another person; or
• because you have consented to our using your information for a particular purpose.
How do we keep your personal information safe?
6. Protecting the confidentiality and integrity of your personal data is a responsibility that we take seriously at all times. We use appropriate technical and organisational measures to help to keep personal data secure against unauthorised or unlawful processing, and against accidental loss, destruction or damage.
Who do we share your personal information with?
7. With suppliers – in order to provide products or services requested by you we share personal data with suppliers of your travel arrangements, including airlines, hotels and insurance providers. In many cases such suppliers will themselves separately be controllers of your personal data.
8. Within the Hays Travel Group – we share personal information with the other companies in our group (Hays Tour Operating Limited, Hays Beds Limited, Hays Transfers Limited, Hays Foreign Exchange Limited, Hays Transport Limited) where necessary for them to be involved in providing the services you have requested. This privacy notice applies to their processing of personal information as well as to Hays Travel’s.
9. Payment processing companies to process your payment.
10. With regulatory authorities – it may be necessary to disclose personal data for immigration, border control, security and anti-terrorism purposes, or any other purposes required by regulatory authorities.
11. It is often necessary for us to send your personal information outside the European Economic Area to fulfil your travel arrangements. This is because the suppliers providing your travel services are located around the world. Also your personal information may need to be transferred to border control and immigration outside of the EEA. This may involve sending your data to countries where under their local laws you may have fewer legal rights.
12. When you book or register with us we will ask if you would like to receive marketing communications. If you have previously agreed to receive marketing communications we may send you relevant offers and news about our products.
13. You can change your marketing preferences by contacting us in any way or by using the ‘unsubscribe’ link in our marketing emails or by replying STOP to our marketing text messages.
14. We will respect your choice as to what communications you wish to receive and the methods by which you are sent them.
15. We will keep your personal data for only as long as it is necessary for the purposes set out in this privacy notice. For example, after travel we will keep the information related to your booking so that we can respond to any complaints and fulfil our record keeping obligations. After this time, we will securely erase or anonymise personal data.
Your rights and choices about the personal information that we hold
16. You can ask us for a copy of the information that we hold about you.
17. You can also ask us to correct any information which you don’t think is correct or to delete the information we hold about you.
18. To comply with these requests we may need you to confirm your identity by providing documents or additional information.
19. You have the right to lodge a complaint about how we have handled your personal information with the Information Commissioner’s Office (ICO).