Data Protection Policy

Holidaybreakz.co.uk – Data Protection Policy

We understand the importance of privacy and we ensure that we uphold your personal information at Holidaybreakz.co.uk. This Data Protection Policy describes the manner in which we gather, utilise and safeguard your personal information during your use of our site or when you call us on the phone. It also gives you your privacy rights and our compliance with the UK GDPR and other legal data protection obligations.

This policy aims at making it simple and easy to navigate thus ensuring that you can find the information that is most important to you in the shortest time possible. You’ll learn about:

  • Who we are and how to contact us
  • What types of data do we collect
  • How and why we collect your personal data
  • How your information is used and shared
  • Data storage, retention, and international transfers
  • The measures we take to keep your data secure
  • Your rights under data protection laws

The definitions of some of the terms employed in this policy can be found in the Glossary section located at the end.

Important Information and Who We Are

Purpose of This Privacy Notice

This Privacy Policy explains our data collection, use, and saving methods related to your personal data when you access our site, make a booking, subscribe to our newsletter, or call us.

Customers of 16 years and above are targeted on our site and services. We are not aware of collecting personal information of children, other than the legitimate use of such information to finalise a booking placed by an adult.

We urge you to read this Privacy notice along with any other privacy policy on fair process that we give to you at particular points in time, when we collect or process your personal information. This makes you well aware of how and why we use your information. The Privacy Policy is an addition to those notices, and not intended to supersede them.

Controller

Holidaybreakz.co.uk is operated by Friendztravel UK Limited, which acts as the data controller for this Privacy Policy. When we mention “we,” “us,” or “our,” we are referring to Friendztravel UK Limited, the company responsible for handling your personal data.

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us using the details below:

Email:booking@holidaybreakz.co.uk
Telephone: 0203 376 3404

In case you are not quite pleased with the way we process your data, you are entitled to a complaint with the Information Commissioner’s Office (ICO), which is the UK data protection regulator at the site www.ico.org.uk.

We would like to hear your concerns and would prefer to have a first hand conversation with you before getting in touch with the ICO.

Changes to This Privacy Policy & Your Duty to Inform Us

We could revise this Privacy Policy every now and then to implement the changes in our practices or legal regulations. You should go and revisit it at regular intervals to ensure that you are not left out of any changes.

So that we can deliver the best services, it is desirable that the personal information that we maintain about you is correct and as up to date as possible. It is important to notify us whenever your details change in the process of your relationship with us.

Third-Party Links

Our website may include links, plug-ins or applications to third-party websites. By clicking such links or allowing such connections, you may give third parties a chance to gather or transfer information about you.

It is important to mention that these third party websites are beyond our control and we are not responsible for their privacy practices. We recommend reviewing the Privacy Policy of any other website you visit after leaving ours.

Data We Collect About You

Your personal information is any data that can be used to allow identification of you as a person. It does not include anonymous data where your identity has been removed. At Holidaybreakz, we receive, process, store and transfer different categories of personal information, which are grouped as follows:

Identity Data: Includes your first name, last name, title, date of birth, gender, marital status, and passport details (such as passport number and a copy, if required for verification).

Contact Data: Includes your billing address, delivery address, email address, and phone number so that we can contact you and organise your bookings effectively.

Financial Data: Covers payment card and bank details required for processing your bookings securely. It is important to note that we do not store or access your full financial information, as payment is done via our trusted payment partner (WorldPay).

Transaction Data: This will contain information on the payments you have completed, the history of booking with us and details of services or products that you have bought from our website.

Technical Data: This segment contains the details about your IP address, browser type and version, operating system, time zone set up, and other technologies that you use in accessing our site via the same.

Profile Data: Includes your username, password, preferences, feedback, survey responses, and communication history to help us tailor your experience.

Usage Data: Includes information regarding the usage of our website, products and services and includes actions you do or pages you visit as you go through them.

Marketing and Communications Data: This contains your preferences for the marketing communications that we will send to you and your preferences on the way we communicate with you.

Aggregated Data: Aggregated data is also collected and used by us like demographic or statistical information. This data might be based on your personal information, but it does not directly identify you.

We can apply the statistics of the usage of websites to know the most popular pages. Once aggregated information can be traced back to you, then it will be considered as personal data under this Privacy Policy.

Special Categories of Personal Data: We may collect limited sensitive information necessary to complete your travel bookings. This may include:

  • Health-related details such as mobility needs, medical assistance (e.g. oxygen or wheelchair), or dietary requirements.
  • In some cases, medical clearance may be requested, for example, for passengers travelling during pregnancy beyond 28 weeks.

We do not collect data about your race, ethnicity, religion, political opinions, sexual orientation, or similar sensitive information.

If You Choose Not to Provide Your Data

If we are required by law or by a contract to collect your personal information (for example, to process a booking), and you fail to provide it when requested, we may not be able to fulfil your reservation or provide our services.

In such cases, we will inform you if your booking must be cancelled or cannot proceed.

How We Use Your Personal Data

At Holidaybreakz.co.uk, we will never access your personal information without your permission as outlined in the law and in good faith and trust we do not jeopardise your privacy or your information. We do not sell or abuse your information. We aim to make the travelling experience more captivating, easy to book, and assist customers in a friendly manner.

We use your personal data for the following purposes:

To Process Your Bookings and Deliver Our Services

We use your identity, contact, financial and transaction information to:

  • Make your flight, hotel or holiday reservation.
  • Send booking confirmations, invoices and travel documents.
  • Booking of changes, cancellations and refunds.
  • Negotiate with the airlines, hotels, and travel partners on your behalf.

Such processing is required to meet our contractual requirements towards you.

To Manage Your Account and Customer Relationship

We use your information to:

  • Add and manage your Holidaybreakz account.
  • Answer questions, messages, and commentaries.
  • Offer after sales services and fix service problems.

This would assist us in providing uniform, stable service and enhancing customer satisfaction to customers.

To Improve and Personalise Your Experience

We analyse usage, profile, and technical data to:

  • Know what our visitors do on our site.
  • Make it more usable, functional and designed.
  • Provide personal travel recommendations, offers, and information according to your interests.

This means that you will always have a quicker and more relaxed experience whenever you go.

For Marketing and Promotional Communications

With your consent we may use your contact and marketing data to:

  • Send special offers, travel updates and newsletters.
  • Keep you informed of promotions, discounts and seasonal deals.
  • Recommend places and services that suit your preferences.

At any point you will be able to discontinue by clicking the unsubscribe link in our emails or by addressing us personally.

For Legal, Regulatory, and Security Purposes

We may process your data to:

  • Stop fraud, unauthorised access, or any other illegal action.
  • Adhere to legal, tax and accounting standards.
  • Help in investigations or assist other concerned authorities where it is legally stipulated.

This enables your information to be managed in a secure and transparent manner.

To Improve Our Website and Services

We use technical and analytics data to:

  • Measure the performance of websites and debug problems.
  • Know trends, sources of traffic, and customer behaviour.
  • Create new features, products, and alliances.

This perpetual enhancement assists us in offering you superior prices, more functionalities and high reliability.

To Deliver Targeted Advertising

We can also use limited, anonymised data (including browsing history) to show customers relevant offers and advertisements on our site or third-party sites that we trust.

We do not give private identifiable data to advertisers.

Legal Basis for Processing

We use your personal information on the grounds of the following lawful basis:

  • Contractual necessity: To offer travel bookings and services associated with them.
  • Legitimate interests: To enhance services, stop fraud, sell applicable offers.
  • Legal requirements: To adhere to the relevant laws and regulatory requirements.
  • Consent: Marketing communications and optional promotional activities.

Disclosures of Your Personal Data

We respect your privacy at Holidaybreakz.co.uk. We will not give out personal information unless we need to provide the service that you have requested, as required by the law, or to enhance your experience with us. We do not sell or rent your personal information.

When We Share Your Data

We can disclose your individual data to the following groups of recipients:

  1. Travel Partners and Service Providers: In order to make your booking, we have to disclose the relevant information to our trusted travel partners, which are airlines, hotels, car rental companies, and other suppliers that will provide the services according to your choice.
  2. Third-Party Vendors and Technical Support: We operate with a highly curated group of vendors who assist us in running our business - including payment processors, IT service vendors, data storage vendors, customer support vendors and marketing vendors.

Both partners are bound by strict confidentiality and data protection contracts to help ensure your personal data is safely managed and not disclosed to anybody and used only as instructed by us.

  1. Professional Advisors: We can share your information with professional advisors (legal consultants, auditors and insurers) where required either to comply, resolve a dispute or protect business.
  2. Regulatory Authorities and Legal Compliance: In some situations, we might have to disclose your personal data to government agencies, law enforcement agencies or other regulatory agencies in order to meet the requirements of the law, court decree, or legal procedures.
  3. Business Transfers: In the event that our company is subjected to a merger, acquisition or restructuring, your data could be transferred during that process. When this happens, we will make sure that your information is secured and is processed in line with this Privacy Policy.

Data Security and Third-Party Protection

Any third parties that handle your data under our instruction are liable to strict data protection requirements under the UK GDPR.

We ensure that:

  • Your information is never employed in any unlawful contractual use.
  • It is safe from unauthorised access or abuse; and
  • It is overwritten or anonymised when it is not needed.

We do not allow any third party service providers to market your personal information that they may possess.

International Data Transfers

Our travel partners and service providers are based in some of the locations beyond the United Kingdom or the European Economic Area (EEA).

Whenever the transfer of your data happens across the international borders, we ensure that all reasonable measures are taken to ensure that they get the same protection as they would have had in the UK. These protection measures can include:

  • Transferring data only to countries recognised by the UK as providing adequate data protection.
  • Implementing standard contractual clauses approved by the UK Information Commissioner’s Office.

You may direct us with any queries on protecting your data when making an international transfer to booking@holidaybreakz.co.uk.

International Data Transfers

Some of our partners and service providers at Holidaybreakz.co.uk are located outside the United Kingdom (UK) and the European Economic Area (EEA). It implies that in some situations your personal data can be transferred or accessed outside of these areas.

In case of such transfers, we make sure that your data is given as much protection as it is in the UK, in full compliance with the UK GDPR and the European data protection laws.

How We Protect Your Data During Transfers

We make every reasonable legal, technical, and organisational effort to ensure that your privacy and data security are maintained. These include:

  • Adequacy Decisions – We may transfer your information to other countries that have been formally acknowledged by the UK government or the European Commission to offer an acceptable degree of protection of personal data.
  • Standard Contractual Clauses (SCCs) – Where we use service providers in countries without an adequacy decision, we implement legally binding agreements (known as Standard Contractual Clauses) approved by the European Commission and the UK Information Commissioner’s Office (ICO). These ensure that your personal data remains protected at all times.
  • Privacy Framework Participation – When working with service providers based in the United States, we only transfer personal data to organisations certified under the UK Extension to the EU–U.S. Data Privacy Framework, ensuring equivalent protection standards.

Transfers to Travel Partners

Since Holidaybreakz.co.uk collaborates with foreign airlines, hotels, and travel services, the information about the reservation (including your name, contact details and travelling style) might be disclosed to the suppliers located outside the EEA. When such happens, we will ensure the transfer of your data in a safe and secure manner and only take the necessary actions to process your travel plans or on the basis of completing your booking request.

Your Rights and Further Information

If you would like more details about how we safeguard your data during international transfers or to request a copy of the applicable contractual protections please contact us at booking@holidaybreakz.co.uk

Data Security

Secrecy of your personal information is a priority of ours. In order to ensure your personal information is not lost, accessed, disclosed, altered or abused accidentally we have put in place very strong technical, organisational and administrative measures.

Only employees, agents, and people who are contractors and trusted third-party partners will have access to your personal information as they require the information to accomplish their responsibilities. It is the responsibility of these individuals and organisations to uphold confidentiality and they will only process your information as per our directives, and in line with the relevant data protection laws.

We have also clearly laid down procedures to detect, investigate and act upon any suspected data breach. In the unlikely event of such an incident, we will inform you and the concerned regulatory authorities as soon as possible, and this is according to the law.

Trust means a lot to us and we are constantly revising and upgrading our security procedures so that your personal data is always secured.

Data Retention

We do not keep your personal information any longer than is necessary to provide services that you have requested as well as any legal, accounting, or regulatory requirements. The specific time will be determined by the characteristics of the data, its sensitivity and the possibility of unauthorised access/misuse.

The information we obtain on your past transactions will be used to give you a more enjoyable booking experience whenever you visit our site again. To meet the requirements of the UK law, we must keep some basic personal and transactional information about you for six (6) years upon the time that you are no longer our customer, mainly due to tax and record-keeping reasons.

In case you fail to book or communicate with us within a period of more than 6 years, your information will be destroyed in our systems safely.

In other instances, you can demand to have your personal information be deleted. We can, but are not required to, keep anonymised data to be used statistically or in research, and which would not identify you personally, and could be used without any prior warning.

Your Legal Rights

The UK data protection laws have granted you a number of rights to the collection, use and storage of your personal information by us. The rights are aimed to provide you with better control over your data and ensure that it is processed legally and in a transparent way.

You may exercise the following rights at any time:

Request Access

You have the right to request access to the personal information we hold about you (commonly known as a “data subject access request”). This will enable you to get a copy of your information and ensure that the information is being handled legally and in a fair way.

Request Correction

If you believe any of the personal data we hold is inaccurate or incomplete you have the right to request that it be amended or updated. The new information will be checked and amendments made only after that.

Request Deletion

At your request, we will remove your personal data from our files without the need to state your reason. But in some instances we might not be in a position to fulfil your request where there are special legal or regulatory requirements that dictate that we must keep some of your information. Suppose this is the case, we will make you aware of it when you request it.

Object to Processing

In cases where we use legitimate interests as the legal basis to process your data, you are free to object in the case you hold that such processing interferes with your fundamental rights or freedoms. At any point, you might also object to the use of your personal data to be used in direct marketing.

Request Restriction of Processing

You can request us to hold the processing of your personal information under the following cases:

  • To ensure the validity of your information.
  • In case the use of your data is not legal, but you do not want it to be deleted.
  • When you are required to keep our data in order to prove, assert, or protect legal claims.
  • In the case that you have already objected to our processing of your data, but we are determining whether we have some compelling legitimate reasons to proceed with it.

Withdraw Consent

In case you have already given consent to the processing of your personal information, you can cancel it whenever you wish. This will not, however, have any impact on the legality of processing that has preceded your withdrawal. However, taking back consent can imply that we cannot go on with offering some services to you. We shall tell you whether this is so or not.

Verification of Your Identity

In order to secure your privacy and safety we might have to seek out certain details that will help us in confirming your identity prior to the execution of your request. This is done as a precaution not to expose any personal data to a person who does not have the legal right to access.

Response Time

All legitimate requests will be responded to within one month. It might be very slow in case your request is very complicated or you have already made several requests. When this happens we will inform you and make you aware of the progress.