Gowan Group Travel is the Data Controller under the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 for the processing of your personal data.
Gowan Group Travel is required to gather and use personal data about individuals and this can include business contacts, corporate customers, individual customers, and other people who we have a relationship or may need to interact with.
This policy describes how this personal data is collected, handled and stored to comply with Data Protection law. Gowan Group Travel takes its obligations and responsibilities seriously and it is committed to protecting and respecting your privacy.
2. Purpose of the policy.
To ensure that we:
- Comply with Data Protection law and follow good practice.
- Protect the rights of individuals whom we have a relationship with or may need to contact.
- Are clear about how we store and process individuals' data.
- Protect the company from the risks of a data breach
Contact details are - Gowan Group Travel, 25 High Street, Carrickfergus, Co. Antrim BT38 7AN, Telephone: (028) 9336 6889, Fax: (028) 9335 0553
Questions regarding this policy should be directed to the manager who is responsible for ensuring compliance with all relevant data protection legislation.
3. Data Protection law
The General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018 (DPA) regulates how organisations collect, handle and store personal information and became law on 25th May 2018.
The law applies regardless of whether data is stored electronically, on paper or on other storage format. To comply with the law, personal information must be collected and used fairly, stored and disposed of safely and not disclosed unlawfully. The GDPR and DPA is underpinned by six important principles to which we will adhere.
That personal data shall be:
2. Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
3. Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
4. Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
5. Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and
6. Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
4. Legal Basis for processing your personal data.
Gowan Group Travel will only process your personal information when it has a legal basis for doing so. The following are the legal basis under GDPR by which we can process your personal information:
2) For the purposes of entering a travel contract with you or to take steps to enter into a contract with you. - Article 6 (1) (b)
3) Where it is in pursuit of our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. - Article 6 (1) (f)
5. The type of information we process
When you wish to make a booking, the personal data we need to collect and process is likely to include:
- Name of the organisation;
- Names of all persons travelling;
- Contact details (such as telephone number, postal and e-mail addresses) of the person making the booking
- Passport information of all persons travelling if required
- travel insurance details for all persons travelling
- dietary information where applicable
- information in respect of any medical condition, disability or reduced mobility which may affect you or anyone travelling with you - this comes within special categories of personal data (see below)
This will include details of corporate clients, individual customers, suppliers and staff from partner organisations who provide travel services.
Personal details of corporate clients such as name, address, business telephone number, business e-mail address and passport details to manage your booking.
Personal details of individual customers such as your name, title, personal telephone, e-mail address, address and passport details to facilitate travel bookings
Personal information and individual profiles of individuals who provide travel services for Gowan Group Travel.
Special category personal information to include data relating to health, disability and allergy information as appropriate.
Any other additional personal information you provide to Gowan Group Travel.
6. Purpose of why we process personal data.
In pursuit of our legitimate interests to facilitate business between customers and us.
We use your data to prepare quotes and book holiday arrangements according to your requirements including your payment, flight, Sea voyage, security, incident/accident management and insurance, etc.
In order for you to travel it may be mandatory to process your information for immigration, border control, security and anti-terrorism purposes, or any other purposes which the country of destination determine appropriate.
To provide you with further information on our services. This may include technical information and/or marketing information - in pursuit of our legitimate interests (keeping you informed about our products, services and business updates).
To consider any requirements relating to special category personal data on health, disability or allergy requirements - where you have consented to provide it to us in connection with the services we are providing - this will usually be done with your explicit consent.
To facilitate your transaction or proposed transaction with us - to perform the contract with you or to take steps to enter into a contract with you.
To provide you with information on our products and services - where you have given us your consent to update you.
To process payment information for your holiday or trip.
We will only use your personal information for the purposes for which it was collected, unless we reasonably consider that we need to use it for another reason, which is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis, which allows us to do so.
7. Sharing your personal information with partner organisations?
We may share your personal information with partner organisations but only when absolutely necessary or required to by law.
To facilitate the contract entered into with you relating to our travel partners for example:- coach company, airlines, sea carriers, hotels and venues to visit.
Travel and ticket booking software providers in order to facilitate the requested bookings.
Professional advisers such as travel guides to provide expert advice / information and a solicitor but only when necessary to defend a claim or obtain legal advice.
8. Failing to provide complete personal information?
If you fail to provide certain information when requested, we may not be able to perform the contract we have entered into with you or we may be prevented from complying with our legal obligations (such as to ensure an individuals health and safety).
9. Data Retention.
Where we have collected your personal information during the course doing business, we will retain your information for 6 years
10. How we retain your personal information
Personal data is stored on an electronic information system with a high level of information security applied against hacking, virus and malicious attacks. Paper records are held securely behind two locked barriers.
11. Rights available to an individual under GDPR
Request access to your personal information (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
Request the erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to stop processing personal information where we are relying on a legitimate interest and there is something about your particular situation, which makes you want to object to processing on this ground.
Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of your personal information, for example if you want us to establish its accuracy or the reason for processing it.
You will not have to pay a fee to access your personal information (or to exercise any of the other rights), however, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to another person who has no right to receive it.
We may provide you with marketing information, but only with your consent.
13. Do we transfer your personal information outside the EEA
We do not transfer personal data outside the EEA.
14. Right to complain
You have a right to make a complaint directly to Gowan Group Travel or to the Information Commissioner's Office who regulates Data Protection law within the UK. They can be contacted in writing at Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, by telephone (0303 123 1113) or by e-mail (email@example.com).
15. Changes to this privacy notice