As the policy is in a layered format, you can re-route to the particular areas set out below with just a click. For better clarification about the meaning of some of the terms mentioned in this policy document, please check the Glossary at the end.
PURPOSE OF THIS PRIVACY NOTICE
Full name of legal entity: Holiday Breakz
Email address: email@example.com
93, Ravenswood Crescent Raynes Lane,
Harrow HA2 9JL United Kingdom
Telephone number: 0203-3763-404
In case of any concern regarding our usage of your personal data, you may send a complaint to the Information Commissioner’s Office (ICO), the UK supervisory authority accountable to protect and manage the data, and address issues related to it (www.ico.org.uk). We, although, would like to deal with your issues and address them before you contact the ICO. So if you have any concern, please contact us first.
The definition of personal information explains that any data about an individual with which we, as a service provider, can identify that individual. It does not comprise the identity in case it has been removed which is called anonymous data. We gather, store, use and transfer personal data which has been grouped as follows:
We gather, use and share Aggregated Data such as demographic or statistical data for marketing and other purposes. Aggregated Data is normally obtained from personal data which is not considered personal data as according to the law, it does not reveal your identity. For example, we may have your Usage Data and from that, we are capable of calculating the percentage of users using a specific website feature. But if we accumulate personal data and Aggregated Data, and try to identify you, then it will be treated as the combined data including your personal data which will be used in this privacy notice.
Under Special Categories of Personal Data, we gather the relevant details to serve you with the services that you purchase with us. These services include crucial information about your dietary requirements, health or any requirement for special medical support (e.g. wheelchairs or oxygen). Additionally, we may also need a clearance prescription from your doctor to travel with a medical condition which includes pregnancy for more than 28 weeks. In spite of that, we do not gather any data about your ethnicity or race, sexual life, religion, or orientation, political opinions etc.
By law, if we need to gather your personal data to complete your booking request and due to any reason, you fail to provide it, we may not be held accountable for our inability to provide our services or to offer you with your requested bookings. However, you will be notified in this particular case about your request being cancelled by us at that point in time.
Various methods are used to gather data from you, which includes:
We share your data about the requirements and travel arrangements from third-party suppliers. This is needed to co-ordinate with flights booked directly with the airline.
When you use our website, your Technical Data including actions on the site, your browsing device and patterns are automatically collected by us with the help of cookies and similar technologies about which you can read in our updated Cookies Policy. If you visit other websites using our cookies, we get your Technical Data.
Third-party or publicly available sources. We at Holiday Breakz may attain your personal data from third parties, as set out below:
(a) Analytics [such as Google]
(b) Advertising networks
(c) Search information providers
Financial, Contact and Transaction Data from delivery and payment services such as Emerchantpay/Firstdata or any verified payment gateway.
When you book on behalf of someone else through Holiday Breakz, we ask for travel preferences along with personal information of everyone whose booking is being made. Before sharing these details with us, you should ask for their consent and only after that share that information and preferences with us. If they feel like deleting or modifying their information, they can directly contact us otherwise their data will be accessible through your account only.
Based on the law, we are permitted to process your personal information. However, we use your personal data only if the law allows us to do so. We use your personal details in the below-mentioned cases:
Legitimate interest refers to our interest in conducting and managing our business, enabling us to give you excellent service and secure experience. Before using and processing your personal data, we try and balance any potential impact on you and your rights. Although, we make sure your personal details are not used by us for our interests that are overridden by the impact on you (unless we have your permission). You can collect further details about how we evaluate our legitimate interests against any potential impact on you in respect of specific activities by contacting us.
This means in order to process your data to perform and deliver your service to which you are a party or to take steps to fulfil your request before entering into such a contract. Comply with a regulatory or legal obligation intends at processing your personal information where necessary that we are subject to.
We do not rely on a permission only as a legal basis to process your personal details other than sending you third-party direct marketing communications via emails. If you do not want to receive that, you must withdraw the permission to market at any time by contacting us on the given details.
The below-mentioned are the ways we plan to utilize your personal data. Under the same, we have listed our legitimate interests for your details. We process your personal information for more than lawful grounds depending on the purpose of data use.
|Purpose/Activity||Type of data||Lawful basis for data processing including legitimate interest|
|New customer registration||
|Complete the requested services with you|
To complete your travel booking including:
Managing payments, fees and charges
Providing you with information such as status updates about the service you have booked through us
Sharing booking information with suppliers so that they can fulfil your booking
Collecting any payments that you owe us
(e) Marketing and Communications
(a) Complete the requested services
(b) Necessary for legitimate interests or to recover due payments
Customer relationship management including:
(b) Asking you to write a service review
(d) Marketing and Communications
(a) Complete the requested services
(b) Necessary to comply with but under a legal obligation
(c) Necessary under legitimate interests to keep our data updated and insights on how customers use our services.
|To protect our business or the website (which includes troubleshooting, data analysis, testing, system maintenance, support, data hosting)||
a) Necessary for our legitimate interests to run our business, network security, fraud prevention
(b) Necessary to comply with under a legal obligation
|Deliver website content and advertisements to customers and to measure or understand the effectiveness of the served advertisement||
(e) Marketing and Communications
|Necessary for legitimate interests to know how the customers use our services, to grow the business and to enhance our marketing strategy|
|Use data analytics to improve our website, services, marketing, customer relationships||
|Necessary for legitimate interests to define types of customers, to keep the website updated and relevant, business development|
|Suggestions and recommendations about services of your interest||
|Necessary for our legitimate interests to develop our services and business growth|
We give you the choice concerning personal data uses, specifically for advertising and marketing. We at Holiday Breakz let you make the decision what marketing material you wish to receive from us or if you want to opt-out of receiving it.
We utilize your usage, name, contact and profile data. All this data collection is used to create a view and decide what you want, need or what is your interest. With this important data, we decide the offers and services that may be necessary for you. We send marketing communications you have asked details from us or information about the booked travel services on the details you shared with us. In these cases, you have accepted of receiving our marketing emails.
We will get an opt-in permit and only after receiving it, we share your personal information with any company outside the Holiday Breakz for any purpose.
To opt-out of receiving our updated emails, you can ask us or the third-party to stop sending emails by logging into the website and changing your marketing preferences. This can also be done by contacting us on the provided information. When you opt-out to receiving marketing messages, the same will not apply to personal details that we receive to make a booking or any other transactions.
We use your personal information for the reasons we reasonably consider that we require it or for the purposes similar to the original reasons. In case you need any explanation related to the process for another reason, please feel free to contact us. In case we use your personal information for an unrelated purpose, we will notify you.
We may share your details with the parties listed below for important reasons-
Internal Third Parties: Companies in the Holiday Breakz acting as joint controllers and to provide IT and system administration services or undertake leadership reporting.
External Third Parties
We share your personal information within the Holiday Breakz. This includes transferring your data outside the EEA.
We ensure that your personal information is safeguarded by us and we follow the same instructions while processing your personal data. They are called “binding corporate rules”. For more details, see European Commission: Binding corporate rules
Our external third parties such as hotels and airlines are based outside the EEA. They may process your personal details and transfer it outside the EEA. If we transfer your personal data out of the EEA, we make sure that a similar degree of protection is offered and ensures the following safeguards are executed:
Personal data transfer to countries deemed to offer a sufficient level of protection for personal information by the European Commission.
If we use service suppliers, we may use the approved use of details by the European Commission. Under this policy, you will get the exact level of protection as it persists in Europe. For any further details, read the
If we make use of service suppliers of the U.S., we transfer details to them only if they are a part of the Privacy Shield. If yes, they offer a similar level of protection to personal information shared between the U.S. and Europe.
In certain situations, we believe that the transfer is compulsory for our contract with you. For example, if a booking has been made from our side through a service provider outside the EEA or with your consent, which we seek and inform you about the circumstance. In case you require any further details on the particular procedure used by us to transfer your personal information out of the EEA, feel free to contact us.
We have sufficient security measures helping in intercepting your personal data from being accidentally accessed or used in an unethical way. We limit our employees and third parties connected with us from accessing and using your personal details by any means. If they actually require your personal data, they utilize it on our instructions and are liable to a duty of confidentiality under this policy. We practice various procedures to deal with breach of the suspected data and notify you in case of any such activity.
We keep your personal data for as long as needed. This is done to provide services you requested for, comprising any accounting, legal or reporting requirements. To determine the precise retention period for personal details, the potential risk of harm from unethical usage is considered as the deciding factor for disclosure of your personal data. We make use of your personal details used in previous transactions in order to offer the best possible service when you book with us again. As per the law, we are compelled to keep your basic personal information for six years. After that, you cease the information being customers and this is done completely for tax purposes. In case you do not book with us again for more than six years, your data will be deleted from our servers.
In certain conditions, you are permitted to ask us to delete your details. Sometimes we may anonymize your personal data and use it for statistical or research purposes. In such cases, we use these details without any further notice to you.
Under some situations, you have certain rights under data protection policies concerning your personal data. With this, you may:
Request to access your personal information (generally known as 'data subject access request'). Under this policy, you receive a copy of your personal details we hold and check if we are processing it ethically and according to the laws.
You can ask us to modify or correct your personal data. Under this, you have the complete right to get any inaccurate or incomplete data corrected. We will authenticate the accuracy of the new details and then do the required process.
Request to delete your personal information from our servers. You do not require any reason for the same and ask us to stop processing it.
Note, although we may not be able to act in accordance with your request of deleting your personal details for any legal reasons and we will notify you if applicable, at the time of the request.
When processing your personal information, we bank on a legitimate interest and your specific situation under which you want to question the processing. This objection should have the ground that you think it might impact on your fundamental right or freedom. If you have problems against direct marketing, your right to object can also be accepted. In scenarios like this, we may demonstrate that we have legitimate grounds to process your data.
Also, you may request the processing of your personal data restriction. On the following grounds, you may request us to stop the processing of your personal details: (a) to establish the accuracy of the data; (b) unlawful use of the personal data; (c) to keep hold of the data even if we no longer need it, exercise or defend legal claims; or (d) you have an objection for the use of your personal information but we are needed to verify a legitimate grounds to use it.
You may withdraw your permission any time to process your personal information. Although, this will not affect the authority of any processing carried out before your withdrawal. Your withdrawal may lead to our lack of ability to offer you certain services to you. At the time you withdraw your consent, we will inform you about the same. If you still want to go ahead and practice any of the rights mentioned above, please contact us.
We request/ask you for specific data to confirm your identity and ensure that you have the right to access your personal data (or any of your rights). For us, this is a security measure to make sure that personal information is not disclosed to any other individual who has no legal rights on it. We will contact you to ask you for further details about your request in order to speed up the response and process.
We respond to all the legitimate requests within one month of the time from where the request has been initiated. However, it may take longer than a month if your request is complex or you have made multiple requests. In these kinds of cases, we will keep you updated.