We believe that it is important to protect your Personal Data (as defined in the Data Protection Act 1998) and we are committed to give you a personalized service that meets your needs in a way that also protects your privacy. We know that you care how information about you is used and shared and we appreciate your trust in us to do that carefully and sensibly.
Where the context permits, reference to “you”, “your” and “yourself” will include you and everyone on whose behalf you have provided us with Personal Data subsequently added or substituted at a later date. "We", "us" and "our" all refer to CARUS Travel Ltd.
Who are we?
CARUS Travel Ltd. is a tour organising company which provides you with bespoke travel arrangements. Such bespoke holiday arrangements include e. g. accommodation, transfers, opera and sport tickets, Hospitality Packages, admission tickets, restaurant arrangements. Our registered office is at 3 Acorn Business Centre, Northarbour Road, Cosham, Portsmouth, PO6 3TH, UK, our registered number is 07704220 and our office is at 2 South Pines, 2a Brownsea Road, Poole, Dorset, BH13 7QP, UK.
CARUS Travel Ltd., trading as CARUS Travel, is the Data Controller for the website www.carus-travel.com (the “Website”) andour General Data Protection Owner can be contacted by email:firstname.lastname@example.org.
Lawful Basis for obtaining your Personal Data
We require your Personal Data in order to be able to
· provide you with the service you have requested from us. This also includes steps taken at your request before entering into a contract (e. g. contacting you via email or telephone to discuss your specific requests and sending you our booking proposal)
· comply with legal obligations (For example, we can pass on details of people involved in fraud or other criminal activity affecting the Partnership to law enforcement. UK Goverment also requires that invoices have to include name and address of the costumer we are invoicing, see https://www.gov.uk/invoicing-and-taking-payment-from-customers/invoices-what-they-must-includeand we also need Personal Data from you in order to provide you with the financialprotection of your payments which we’re legally required to provide to you under European Package Travel Regulation)
· fullfill statutory provisions, in particular with regard to accounting, accounting purposes, internal record keeping and/or archival purposes.
· monitor and assess the quality of our services and to comply with the law regarding data sharing. In legal terms this is called ‘legitimate interests’.
Consent as lawful basis for collecting Personal Data
If we collect Personal Data based on consent from you it will be done by using „Consent Forms“. Such „Consent Forms“ will store information related to the consent given by you.
Contract as lawful basis for collecting Personal Data
We use your Personal Date to fulfill our obligations related to your booking and agreements with you, our suppliers and partners.
Legitimate Interest as lawful basis for collecting Personal
We may use Personal Data if it is considered to be of legitimate interest, and if your privacy interests do not override our interest. This legal basis is primarily related to our sales and marketing purposes.
1. Definition of Personal Data
2. Owner of your Personal Data
3. Collecting of your Personal Data
4. Typ of collected Personal Data
5. Usage of your Personal Data
6. Protecting of your Personal Data
7. Duration of storage of Personal Data
8. Controlling the collection, use and distribution of your Personal Data
9. Correcting, updating and deleting of your Personal Data
10. Direct Marketing Material
11. Links to other sites
12. Intellectual Property
14. Third Party Services
15. Further information
17. Changes to this policy
1. DEFINITION OF PERSONAL DATA
"Personal Data" is information that would allow someone to identify or contact you. Suchinformation includes for example, your full name, address, telephone number and e-mail address. A name is the most common means of identifying someone. However, whether any potential identifier actually identifies an individual depends on the context. By itself the name Michael Schmid may not always be personal data because there are many individuals with that name.Personal Data do not include aggregated information that, by itself, does not permit the identification of individuals. Some of the Personal Data may be 'sensitive personal data' within the meaning of the Data Protection Act 1998, for example special requirement data relating to dieats, disability or health. These information will be required by us only to act in your interest and cater for your needs when your booking with us includes a pre-booked mealand we will accept this sensitive Personal Data only on the condition that
· we have your positive consent to provides such information to the supplier for the meal servicesor
· in case of an emergency when you are on holiday and it may be necessary to share this information with e. g. our insurers or advisors.
2. OWNER OF YOUR PERSONAL DATA
All (Personal) Data collected through the Websites and our office are owned by us. The operation and hosting of the Websites and operation and hosting of other software used in our office may be outsourced. Nevertheless a third party will not have any right or any ownership interest to use the personal information apart from the operation of the Websites and other softwares.
3. COLLECTING OF YOUR PERSONAL DATA
3.1.Information we may collect from you and why we collect it
3.1.1.We (may) collect Personal Data about you from you when you contact us with an enquiry or in response to a communication from us, in which case, this may tell us something about how you use our services. This Personal Data may include your contact details(name, address, telephone number and email address), Characteristics (such as gender, language, nationality), travel preferences, special needs/disabilities/dietary requirements, pick-up and drop-off information and any information about other persons on your booking (“your information”)
You may provide us with this information through our website or via email, phone or through other off-line means.
If you contact us, we may keep a record of your email(s) or other correspondence.
4. TYP OF COLLECTED PERSONAL DATA
4.1. We collect title, fore- and surname, address, phone number, email address and if you are a business client we collect also your company’s name and contact information. We may also collect feedback and comments received from you in relation to our provided service and dietary requirements/food allergies. In case we have to make a refund to you due to e.g. overpayment or (part) cancellation of your contract with us we have to ask for your bank details in order or process the refund.From our websites Jimdo may collect IP-address and actions taken on the site only for generic statist purposes (see clause 13. and 14.).
5. USAGE OF YOUR PERSONAL DATA
5.1. Personal Data about you is an
important part of our business and we shall only use your Personal Data for the purposes set out below and inour
registration with the Office of the Information Commissioner. We shall not keep such Personal Data longer than is necessary to fulfil these purposes. Please note that we can’t provide you with
our service in case we don’t receive all required Personal Data at the requested time.
We use your personal data
5.1.1. To help us to
· reply to web forms you have completed on our website www.carus-travel.com
· identify you when you contact us and to understand your needs, arrange and provide you with the service you have requested. We also use it to advise you of information concerning your holiday booking, enquiry or other transaction.
· follow up on requests (e. g. emails, phone).
5.1.2.In some cases we may also need to collect sensitive personal data such as information concerning medical conditions, disabilities and special requirements,if you made us aware of such conditionsin order to be able to consider your particular needs in relation to a booking and to eavluate if we and our supplier are able to accommodate your request.
5.1.3. In order to
· perform contractual obligations such as a booking confirmation, invoice, reminders, and similar.
· process your booking and to make certain that your travel arrangements run well and meet your needs. In order to do so we must pass some of the provided Personal Data on to the relevant suppliers of your travel arrangements(e. g. hotels, transport companies, event organising companies, catering companies, third-party partners). Our suppliers require some personal informationprior to your arrival in order to be able to provide you with the arrangements you have requested through/booked with us. Theyare only permitted to use the information in connection with the delivery or administration of our service.
In most cases this will only be your title,initial/forenameand surname – which wouldn’t allow them to identify you without any further personal information (e g. full address, telephone number and e-mail address).In case your booking includes
Ø Private Chauffeurservice/Private Coachservice/Taxiservice it may also be necessary to provide the supplier of such service with your mobile number so the supplier of this service may be able to contact you if needed (e. g. delay for pick up at the airport).However we will only provide the supplier with this information if we receive your content to do so.
Ø Restaurant arrangements: we may need to provide such supplier also with your email address in order to send you an invitation to be able to select your dishes online.
If pre-ordered meals are part of the package you book with us our suppliers (e.g. hotel, catering companies, event organising companies) require notice of any dieatery requirements/food allergies prior to the service date. In such cases we contact you and ask you if our suppliers have to be notified of any any dieatery requirements/food allergies.
· notify youabout any disruptions to your booked services.
5.1.4.To provide you with the 100% financial protection (Stand Alone Safe Seat Plane Guarentee Certificate ) for the payments you have made - which you have a right to receive under European Package Travel Regulation -. In order to be able to do so we have to pass on Personal Data to the Travel Trust Association of whom we are a member (membership number U9905, you can verify our membership through the following website
5.1.5. For our cloud based bookkeeping/accounting system.
5.1.6. To help us to identify services which you could have from us or selected partners from time to time.
5.1.7. To allow us to carry out marketing analysis, conduct research, management reporting.
5.1.8. To help to prevent and detect fraud or loss.
5.1.9.To handle complains.
5.2.We will not
· pass any information on to any person who is not responsible for part of your travel arrangements. This applies to any sensitive information that you give to us as well.
· share data with third parties for marketing purposes.
5.3.We may allow other people and organisations to use Personal Data we hold about you in the following circumstances:
5.3.1. If we, or substantially all of our assets or capital stock, are acquired or are in the process of being acquired by a third party or in the event of bankruptcy, in which case Personal Data held by us, about our customers, will be one of the transferred assets.
5.3.2. If we have been legitimately asked to provide information for legal or regulatory purposes or as part of legal proceedings or prospective legal proceedings or debt collection.
5.3.3. We can disclose any information about you to private entities, law enforcement or other government officials if we in the unlikely event need to investigate or resolve possible problems or inquiries. The decision to do so is in our sole discretion if we believe it necessary or appropriate. This may also include the disclosure to regulatory or Government body, in your country of origin or elsewhere, upon a valid request to do so. These requests are assessed on a case-by-case basis and take the privacy of our customers into consideration.
5.3.5. In connection with any transaction/service which we enter into with you, if you provide false or inaccurate information to us and we suspect fraud, we will record this and may share it with other people and organisations.
5.3.6. For a variety of purposes (e. g. operating, business management, reviews , enhancing our Web Site and/or our services) we also use personal information on an aggregated basis.
6. PROTECTING OF YOUR PERSONAL DATA
We have taken all reasonable steps and have in place appropriate security measures to protect your information.
6.1. We work to protect the security of your information during transmission by using Secure Sockets Layer (SSL) software, which encrypts information you input and firewalls. Regarding Security measures see also clause 13. Third party services.
6.2. We maintain physical, electronic and procedural safeguards in connection with the collection, storage and disclosure of personally identifiable customer information.
6.3. However, perfect security does not exist on the Internet. Please remember that communications over the Internet, such as emails and webmails (messages sent through a website), are not secure unless they have been encrypted. Your communications may go through a number of countries before they are delivered - this is the nature of the Internet. We cannot accept responsibility for any unauthorised access or loss of Personal Data that is beyond our control.
7. DURATION OF STORAGE OF PERSONAL DATA
Your Personal Data will be stored by us for as long as we find it necessary to fulfill the purpose for which your Personal Data has been collected and also to comply with legal requirements under applicable laws, to attend to any legal claims/complaints and for safeguarding purposes(e.g. when you book a travel arrangement with us we will keep your personal data for 6 years from end of the financial year after the travel arrangement has been concluded). While doing so we will also consider our need to answer your queries or resolve possible problems. Your Personal Data will therefore be stored for a reasonable period of time after your last interaction with us.
8. CONTROLLING THE COLLECTION, USE AND DISTRIBUTION OF YOUR PERSONAL DATA
8.1. By following the instructions stated below in no. 9. you can control the content of the personal information we have collected of you.
8.2. Different rules may be relevant to the use or disclosure of your personal information if you give any information on your own or directly to parties who provide services connected with our Sites. We advise you ask questions before disclosing information to third parties.
8.3. Although your privacy is very important to us, we cannot fully ensure that the Personal Data you provide will not be unlawfully intercepted by third-parties.
9. CORRECTING, UPDATING AND DELETING OF YOUR PERSONAL DATA
At any point while we are in possession of or processing your personal data, you have the following rights:
a) Right of access – you have the right to request a copy of the information that we hold about you. You can do this by emailing us at email@example.com writing to us at the addressnoted above.
b) Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete. We aim to keep the PersonalData we hold about you accurate and up to date. Please email us firstname.lastname@example.org write to us at the office address noted above in order to update or delete your Personal Data.
c) Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records. Once you have informed us that you would like your Personal Data deleted, we cannot use these Data in the future norcan we disclose them to third parties nor will you able to receive future services from us until we receive again an booking enquiry/request and therefore consent from you to use your Personal Data again. Under certain circumstances, deletion may be precluded by statutory provisions, in particular with regard to accounting, accounting purposes and/or archival purposes.In this case we only use your date for the above mentioned purposes.
d) Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.
e) Right of portability – you have the right to have the data we hold about you transferred to another company/organisation.
f) Right to object – you have the right to object to certain types of processing such as direct marketing.
g) Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling.
h) Right to judicial review: in the event that we refuse your request under rights of access, we will provide you with a reason as to why. You have the right to complain as outlined in clause 15. below.
All of the above requests will be forwarded on should there be a third party involved in the processing of your personal data.
10. DIRECTMARKETING MATERIAL
When we intend to contact you in any way (e. g. mail, email, telephone) about products and services offered by us and selected partners (such as flyer, new tours, forthcoming events) we will give you the opportunity to tell us if you do or do not want to receive marketing information from us when we first obtain Personal Data from you, or when you take a new service or product(s) from us. As we take your privacy serriously we will only send you direct marketing when we have received consent from you to contact you for this purpose and also have received information from you how you like to be contacted (post, email, telephone).
If you have given us consent to send you direct marketing email you can of course revoke consent in sending us an email email@example.com call us under the telephone number which you can find on the homepage of our website www.carus-travel.com.Once properly notified by you, we will take steps to stop using your information in this way.
11. LINKS TO OTHER SITES
11.1. Our website may contain links to other websites. Please be aware that we do not have any control over any other website once you have used these links to leave our site. Therefore such sites are not governed by this privacy statement and we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites. You should exercise caution and look at the privacy statement applicable to the website in question
11.2.We do not provide any personally identifiable customer Personal Data to third-party websites.
11.3. We exclude all liability for loss that you may incur when using these third party websites.
12. INTELLECTUAL PROPERTY
Services sold by us and Website content may be subject to copyright, trade mark or other intellectual property rights in favour of third parties. We acknowledge those rights.
Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. This information is used to track visitor use of the website and to compile statistical reports on website activity.
You can set your browser not to accept cookies and the above websites tell you how to remove cookies from your browser. However, in a few cases some of website features may not function as a result.
Our website is created with Jimdo GmbH – a company based in Germany - which is a service that is offered internationally. Thus, it extends not only beyond the federal republic of Germany, but also beyond the European Union. Jimdo would prefer to use European service providers for particular services and service offerings, where such providers can deliver the required services at a comparable and competitive price and service level. However for many of the services that Jimdo uses they state that there is simply no comparable, acceptable alternative. As a result Jimdo therefore employs the use of a range of service providers outside the European Union, in particular from the USA. Jimdo take steps to ensure that measures according to European Data Protection law are taken and applied so as to guarantee an adequate level of data protection.
The scope of the processing of personal data concerned depends on whether Jimdo’s websites are merely being visited or alternatively being used by a Jimdo User or more specifically if a registration as a user takes place.
As some of your personal information is processed on behalf of us, we have a data processing contract with Jimdo in place. Our contract with Jimdo includes a clause that Jimdo is obliged to carry out the data processing, insofar as this deviates from section 4.1. of our contract directly on our behalf, is carried out only in Member States of the European Union (EU) or the European Economic Area (EEA) or, in the case of processing of data in a third country, to make arrangements that allows that data are processed in a permissible manner in accordance to §§ 4b, 4c BDSG.
If you like to pay for your booked travel arrangements with a Credit Card we povide you with a hosted payment service from Worldpay. Through this hosted payment page, card processing is managed by Worldpay, therefore you can be confident that payment details are processed securely in line with PCI DSS compliance. Worldpay captures your sensitive payment information for us, helping us to reduce our security costs. Your credit card details are not stored by us and cannot be accessed by anybody within our company.
You can access Worldoays Hosted Payment Pages through our webpage „Kartenzahlungen“.
You should review Worldpays (Worldpay Limited, Worldpay (UK) Limited, Worldpay AP Limited and Worldpay BV Pivacy (https://www.worldpay.com/uk/comprehensive-privacy-policy) to ensure you are happy with it.
Xero (Xero Limited, PO Box 24 537, Wellington 6142, New Zealand) is a provider of online accounting software that gives business owners and their advisors real-time visibility of a business’ financial position. The Service involves the storage of Data about a company or individual which can include personal information.
d) Apple Products
e) Travel Trust Association (part oft The Travel Network Group Limited)
The Travel Trust Association is a travel trade association. Their members consist of travel agents, tour operators and travel organisers. It exists in order to protect you with 100% financial protection and has been doing so for over 20 years. The Travel Trust Association will protect you in the unlikely event of us becoming insolvent. Should we for any reason financially fail or cease trading, the Travel Trust Association will liaise with our suppliers to ensure that your holiday goes ahead unaffected. If for any reason this is not possible, the Travel Trust Association will administer a claim for a refund of money that you have paid to us for your holiday. Furthermore they support their members in getting appropriate insurance cover for their customer bookings. This may involve that we have to disclose personal information to them. They also process payments as a part of their internal finance function. This information will include name, address, payment details and on occasion other information such as date of birth. You could review The Travel Network Group Limited’s Pivacy Policy here https://www.thetravelnetworkgroup.co.uk/privacy-policyto ensure you are happy with it.
15. FURTHER INFORMATION
In the event that you wish to make a complaint about how your personal data is being processed by us (or third parties as described in 14. above), or how your complaint has been handled, you have the right to lodge a complaint directly with the supervisory authority and our GDPR Owner.
The details for each of these contacts are:
GDPR Owner contact details:
CARUS Travel Ltd., Attn. Managing Directors, 2 South Pines, 2a Brownsea Roady, Poole, BH13 7QP, UK
Tel.: +44 (0)1202 287576
Supervisory authority conatct details:
Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF, UK (https://ico.org.uk/concerns/)
17. CHANGES TO THIS POLICY