How It All Started
1. ABOUT THIS NOTICE
This Website is operated by igot2travel Limited ("igot2travel", referred to in this notice as "we" or "us"), a company registered in Scotland. We collect, use and are responsible for certain personal information about you, and when we do so, we are regulated under the General Data Protection Regulation ((EU) 2016/679) or "GDPR", which applies across the European Economic Area ("EEA") (including in the United Kingdom).
IGOT2TRAVEL respects your privacy and is committed to protecting your data. This privacy notice will inform you as to how we look after your data when you visit our Website at www.igot2travel.co.uk (the "Website") (regardless of where you see it from) and tell you about your privacy rights and how the law protects you. You must read this privacy notice together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy notice supplements the other notices and is not intended to override them.
IGOT2TRAVEL is a "data controller" for this notice.
1. OUR COLLECTION AND USE OF YOUR PERSONAL INFORMATION
We collect personal data about you when you access our Website, register with us, and contact us. We collect this personal information from you either directly or indirectly, such as through your browsing activity while on our Website (see 'Cookies' below). We may collect, use, store and transfer different kinds of personal data about you, which we have grouped follows:
· Identity data, where you fill in a contact form, which includes your name, email address, and any personal data provided by you in your message to us. You may also correspond with us by email, post or phone and provide identity data in that manner.
· Usage data, which includes information about how you use our Website, products and services.
We may also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may use aggregated data to calculate the percentage of users accessing a specific website feature. Suppose we combine or connect aggregated data with your data so that it can directly or indirectly identify you. In that case, we treat the combined data as personal data, which will be used following this privacy notice.
We do not collect any special categories of personal data about you through your use of the Website, nor do we collect any information about criminal convictions and offences.
1. HOW WE USE YOUR PERSONAL DATA
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
· Where we need to perform the contract we are about to enter into or have entered into with you or an entity represented by you. For example, we may use identity data for this purpose.
· Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. For example, we may use your identity, technical and usage data to deliver relevant content via the Website. We may use your technical and usage data to administer and protect our business and this Website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data).
· Where we need to comply with a legal or regulatory obligation. Generally, we do not rely on consent as a legal basis for processing your data.
1. CHANGE OF PURPOSE
We will only use your data for the purposes we collected it unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your data for an unrelated purpose, we will notify you and explain the legal basis that allows us to do so.
1. PROVIDING INFORMATION TO THIRD PARTIES
We ensure that any third-party service providers we use are required to take appropriate security measures to protect your personal data in line with our policies, and we only permit them to process your personal data for specified purposes and in accordance with our instructions. We will not share any of the information you provide to us with any third parties for marketing purposes.
1. TRANSFER OF YOUR PERSONAL DATA OUT OF THE EEA
We do not currently envisage that we will need to transfer any of your personal data to which this notice applies outside the EEA. If in the future we decide to transfer personal data covered by this notice to external third parties based outside the EEA, we will ensure that adequate safeguards are in place, as required under the GDPR.
1. DATA RETENTION
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the appliigot2travelle legal requirements.
1. DATA SECURITY
We have put in place security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need-to-know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
1. PROCESSING IN LINE WITH YOUR RIGHTS UNDER THE GDPR
Under certain circumstances, by law you have the right to:
· Request access to your personal information (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it; Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected;
· Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below);
· Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground;
· Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it;
· Request the transfer of your personal information to another party.
1. DATA PRIVACY MANAGEMENT
We have appointed an internal team to oversee compliance with this privacy notice. If you have any questions about this privacy notice or how we handle your personal information, don't hesitate to get in touch with us in the first instance: email: email@example.com; telephone: +44 (0)1372 279328.
If you want to review, verify, correct or request the erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact us in writing at: firstname.lastname@example.org, or
10 The Hayes
1. BREACHES OF DATA PROTECTION PRINCIPLES
We hope to resolve any query or concern you raise about our use of your information. If not, contact the Information Commissioner at https://ico.org.uk/concerns/ or telephone: 0303 123 1113 for further information about your rights and how to make a formal complaint.
1. CHANGES TO THIS PRIVACY NOTICE
This notice was last updated on 10th January 2022. We reserve the right to vary this notice from time to time by uploading a new version to the Website.