Your privacy is paramount to us. This Privacy Notice explains in detail the types of personal data we may collect about you when you interact with us. It also explains how we’ll store and handle that data, and keep it safe.
We know that there’s a lot of information here but we want you to be fully informed about your rights, and how Club Europe uses your data.
We hope the following sections will answer any questions you have but if not, please do get in touch with us.
We will never share your data with a third party for marketing purposes; it’s not how we work.
Personal data refers to information about you, and from which you could be identified. It does not include data where the identity has been removed (anonymous data). There are “special categories” of more personal data which require a higher level of protection.
Club Europe holidays Ltd is the data controller and we have appointed Tim Johnson as the Data Processing Officer. To keep things simple, when we refer to “we” and “us” it means Club Europe.
The new laws of data protection set out a number of different reasons for which a company may collect and process your personal data. We believe the following apply to you in terms of how we work:-
In specific situations, we can collect and process your data with your consent.
For example, when you tick a box to receive our marketing updates.
In certain circumstances, we need your personal data to comply with our contractual obligations.
For example, in planning and executing your tour, we will need important personal data such as names, emergency mobile contact numbers, passport information and dietary or medical requirements. We use these only to fulfil our contractual obligations and promise to keep them safe and secure.
Where we have an ongoing relationship with you, we will use the non sensitive data we store such as email addresses & past tour information to help us keep you informed of our products and social events.
For example, we will look back on previous tour destinations you may have been to and offer new tours that may be relevant.
We will also use your details to send you direct marketing information by email and occasionally post, telling you about products and services that we think might interest you.
You will have the right to unsubscribe at any time and we will respect your preferences.
We collect your name, email address, school or club address, mobile telephone and work contact number as a minimum.
Where you are planning a tour with us we will, at the appropriate time, request that you complete additional passenger information for the group you are responsible for. The information we will request is passport details, dietary or medical requirements, dates of birth, gender, ski ability, height, weight and details of any musical instruments your group may be bringing. If we need to refund you monies then we will request an appropriate bank or building society account. The account and sort code will only be stored in our secure Banking software in case we need to pay you again.
We’ll only ask for and use your personal data collected for recommending tours or inviting you to social events we may be planning. Of course, it’s always your choice whether you share such details with us.
If you'd prefer to restrict, block or delete cookies from this website you can use your browser to do this. Visit www.aboutcookies.org to view full details of how to manage cookies on different types of web browsers.
In the course of preparing your tour we are required to share your personal data with trusted third party suppliers such as transport companies, accommodation suppliers, ski suppliers, concert or sport agents etc. These people may be outside of the UK/EEA and so we will endeavour to ensure that any data passed onto these trusted suppliers is kept safe and secure.
In order for you to travel abroad, it may be mandatory (as required by government authorities at the point(s) of departure and/or destination) to disclose and process your information for immigration, border control, security and anti-terrorism purposes, or any other purposes which they determine appropriate. These requirements may differ depending on your destination and you are advised to check. Even if not mandatory, we may exercise our discretion to assist where appropriate.
We may share your personal data with marketing agencies to improve our products and services.
We select very carefully our suppliers who process your personal data on our behalf and require that they comply with high security standards for the protection of your personal data.
Through our website we may provide links to third party sites. We are not responsible or liable for the content, privacy policies or services offered by websites or apps other than our website, including those which are linked to from any of the our website. We encourage you to read and familiarise yourself with the privacy policies, terms and conditions and/or other notices on other websites you visit.
Whenever we collect or process your personal data, we’ll only keep it for as long as is necessary for the purpose for which it was collected.
At the end of that retention period, your data will either be deleted completely or anonymised, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning.
Some examples of customer data retention periods:
In the case of any booked group, we’ll keep the personal data you give us for five years so we can comply with our legal and contractual obligations. Any sensitive data such as dietary or health conditions or passport information will be deleted within a reasonable period of time, or at the point at which it serves no purpose to us.
If you’ve not booked a trip with us or had any interaction with us for more than five years, you will be flagged as inactive and we’ll contact you to ask whether you want to be kept on our database. Unless you reply to say ‘yes’ within 30 days, we’ll delete or anonymise the personal data associated with it.
We know how much data security matters to all our customers. With this in mind we will treat your data with the utmost care and take all appropriate steps to protect it.
Access to our network is password protected and within the network our reservations system “CERS” is also password protected. When using our “portal” this uses ‘https’ technology, as well as password protection / encryption. Our staff are given regular training about how to prevent cyber attacks.
We regularly monitor our system for possible vulnerabilities and attacks.
You have more rights now than ever before and here is an overview of your different rights
You have the right to request:
You can contact us to request to exercise these rights at any time as follows:
To ask for your information please contact The Data Protection Officer, Club Europe Ltd, 22-24 Jaggard Way, London SW12 8SG or email email@example.com
To ask for your information to be amended please contact your account manager or simply call us up and we will amend the details.
If we choose not to action your request we will explain to you the reasons for our refusal.
Your right to withdraw consent
Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent.
Where we rely on our legitimate interest
In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation.
We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data.
You have the right to stop the use of your personal data for direct marketing activity through all channels, or selected channels. We must always comply with your request.
Checking your identity
To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make under this Privacy Notice.
If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.
As we work with clients both in the EU and outside of the EU we will aim to treat everyone’s personal data in the same way. The new GDPR regulations apply to every member state across the EU, so we all work under the same rules.
Whilst those clients outside of the EU are not directly protected by the GDPR rules, we will aim to follow the same code and offer you the same assurances.
We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.
If you have any questions about this privacy notice or how we handle your personal information, please contact Tim Johnson on firstname.lastname@example.org.
Updated 12th May 2018
Sarah Whitbread, London