WeRoad UK - Privacy Policy
Introduction and important information
This Privacy Policy will inform individuals whose Personal Data the Owner processes (“Users”) as to how the Owner looks after their Personal Data when they visit the website and tell them about their privacy rights and how the law protects them. This Privacy Policy is in a layered format so the User can click through to the specific areas set out within. Please also use the Glossary to understand the meaning of some of the terms used in this Privacy Policy.
This Privacy Policy aims to give information on how the Owner collects and processes User Personal Data through use of this Website, including any data the User may provide through this website when they sign up to the Owners newsletter or purchase a product or service or make an account.
This website is not intended for children and we do not knowingly collect data relating to children.
It is important that the Personal Data the Owner holds about the Users is accurate and current. Please keep the Owner informed if any of the details provided change, during the course of the Users relationship with the Owner.
WeRoad UK Limited, company number: 13313382 and registered office address at Huckletree Soho Ingetre Place, Ingestre Court, London, W1F 0JL is the controller and responsible for the Users Personal Data (collectively referred to as the “Owner” in this Privacy Policy. We have appointed a data privacy manager who is responsible for overseeing questions in relation to this privacy policy. If the User has any questions about this privacy policy, including any requests to exercise legal rights. Please content the data privacy manager using the details set out below.
Email Address: [email protected]
Address: Huckletree Soho Ingetre Place, Ingestre Court, London, W1F 0JL
The User has the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK regulator for data protection issues (www.ico.org.uk). The Owner would, however, appreciate the chance to deal with the Users concerns before the User approaches the ICO so please contact the Owner in the first instance.
Types of Data collected
Personal Data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of personal data about the User which we have grouped together follows:
Identity data which includes first name, last name, gender and date of birth; NiN; passport data, driving license.
Contact data which includes phone number, email address, address, country, name and telephone number of an emergency contact person.
Financial data which includes bank account and payment card details.
Transaction data which includes details about payments and other details of products and services the User has purchased.
Technical data which includes IP address, login data, browser type and version, time zone and setting location, operating system and platform, and other technology on the devices the Users uses to access this website.
Usage data which includes information about how the User uses the Website, products and services.
Marketing and communication data which includes the Users preferences in receiving marketing from the Owner and third parties and the Users communication preferences.
Further details on each type of Personal Data collected are provided in the dedicated sections of this privacy policy or by specific explanation texts displayed prior to the Personal Data collection.
Personal Data may be freely provided by the User, or, in case of Usage Data, collected automatically when using this Website. We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from Personal Data but is not considered Personal Data in law as this data will not directly or indirectly reveal the Users identity. For example, Usage Data may be aggregated to calculate the percentage of users accessing a specific website feature. However, if Aggregate Data is combined or connected with Personal Data so that it can directly or indirectly identify the User, the combined Personal Data will be treated in accordance with this Privacy Policy.
We will only collect and process sensitive personal data (which may include your dietary requirements which may disclose your religious or philosophical beliefs, health data, race or ethnicity) where you have provided us with your explicit consent to do so.
You are not under any obligation to consent to us processing your sensitive personal data. However, without your consent, we won’t be able to make the necessary arrangements to provide the travel services that you have booked or are attempting to book. As a result, if you do not provide your consent, we will be unable to proceed with your booking.
If you are happy to consent to our use of your sensitive personal data, you will also be able to withdraw your consent at any time. However, as this will prevent us from providing the travel service you have booked, we will be required to treat any withdrawal of consent as a cancellation of your booking and the cancellation charges referred to in our Booking Terms and Conditions will become payable.
Unless specified otherwise, all Personal Data requested by this Website is mandatory and failure to provide this Personal Data may make it impossible for us to perform the contract the Owner is or is trying to enter into with the User (for example, to provide the services to Users).If the User fails to provide the necessary details then the Owner will not be able to provide the services booked or are attempting to book. In this case, depending upon when the User fails to provide the necessary Personal Data, the Owner may either not be able to process the booking or may have to cancel the booking, in which case it will be treated as a cancellation by the User in accordance with the Package Tours Terms and Conditions. The User will be notified if the Owner is unable to process a booking or is required to cancel a booking for this reason. In cases where this Website specifically states that some Personal Data is not mandatory, Users are free not to communicate this Personal Data without consequences to the availability or the functioning of the Service.
Users who are uncertain about which Personal Data is mandatory are welcome to contact the data privacy manager.
Users are responsible for any third-party Personal Data obtained, published or shared through this Website and confirm that they have the third party's consent to provide the Personal Data to the Owner.
How Users Personal Data is collected
The Owner uses different methods to collect Personal Data from and about the User including through:
Direct interactions.
Users may provide Identity, Contact and Financial Data by filling in forms or by corresponding with the Owner by phone, phone, and email or otherwise. This includes Personal Data provided when:
A booking of travel services is made;
An account is created on the Website;
A subscription to the Owner’s newsletter or other publications is made;
A User requests marketing to be sent to them;
A User provides feedback to the Owner.
Automated technologies or interactions.
The Owner may automatically collect Technical Data about equipment, browsing actions and patterns. This is collected by using cookies and other similar technologies. Please see our Cookies Policy for further details. Any use of Cookies – or of other tracking tools – by this Website or by the owners of third-party services used by this Website serves the purpose of providing the Service required by the User, in addition to any other purposes described in the present document and in the Cookie Policy.
Third Parties.
In addition to the Owner, in some cases, the Personal Data may be accessible to certain types of persons in charge, involved with the operation of the Website (administration, sales, marketing, legal, system administration) or external parties such as those listed at the “Detailed information on the processing of Personal Data” section.
Please note that when using the Website, the User may be able to share information through social networks like Facebook and Instagram. For example, when the User ‘likes’, ‘shares’ or review the Owners services. When doing this, the User’s personal information may be visible to the providers of those social networks and/or their other users. It is the User’s responsibility to set appropriate privacy settings on social network accounts so the User is comfortable with how the information is used and shared on them. This will not be the responsibility of the Owner.
Mode and place of processing the Personal Data
Methods of processing
The Owner takes appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of the Personal Data. In addition, the Owner limits access to the Users Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They will only process the Users Personal Data on the instructions of the Owner and they are subject to a duty of confidentiality.
The Owner has put in place procedures to deal with any suspected personal data breach and will notify the User and any applicable regulator of a breach where the Owner is legally required to do so.
The Personal Data processing is carried out using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the purposes indicated.
Legal basis of processing
The Owner may process Personal Data relating to Users if one of the following applies:
The Provision of Data is necessary for the performance of an agreement with the User and/or for any pre-contractual obligations thereof;
Processing is necessary for compliance with a legal obligation to which the Owner is subject;
Processing is related to a task that is carried out in the public interest or in the exercise of official authority vested in the Owner;
Processing is necessary for the purposes of the legitimate interests pursued by the Owner or by a third party.
Generally the Owner does not rely on consent as a legal basis for processing the Users Personal Data other than in relation to sending direct marketing communications to the User via email or text message. The User has the right to withdraw consent to marketing at any time.
In any case, the Owner will gladly help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of Personal Data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.
Disclosures of Personal Data
The Owner may have to share the User’s personal data with the parties set out below for the purposes set out in the table.
(A) Internal Third Parties such as other companies in the WeRoad group acting as joint controller are based in Italy and provide booking management services, as well as IT and system administration services and undertake leadership reporting.
(B) External Third Parties such as:
Suppliers of travel services acting as processors based in Italy who provide the travel services that up any booking the User makes with the Owner.
Service providers acting as processors based in Italy and UK who provide IT and system administration services.
Professional advisors acting as processors or joint controller including lawyers, bankers, auditors and insurers based in Italy and UK who provide consultancy, banking, legal, insurance and accounting services.
HM Revenue & Customers, regulators and other authorities acting as processors or joint controller based in the UK who require reporting of processing activities in certain circumstances.
(C) Third parties to whom the Owner may choose to sell, transfer, or merge parts of the business or assets. Alternatively, the Owner may seek to acquire other businesses or merge with them. If a change happens to the Owner’s business, then the new owners may use the User’s Personal Data in the same way as set out in this Privacy Policy.
The Owner requires all third parties to respect the security of the User’s Personal Data and to treat it in accordance with the law. The Owner does not allow third-party service providers to use User’s Personal Data for their own purposes and only permit them to process User’s Personal Data for specified purposes and in accordance with the Owner’s instructions.
Place and international transfers
The Personal Data is processed at the Owner's operating offices in Italy and in the UK office and in any other places where the parties involved in the processing are located.
Depending on the User's location, data transfers may involve transferring the User's Data outside the UK. To find out more about the place of processing of such transferred Data, Users can check the section containing details about the processing of Personal Data. Many of the external third parties are based outside the UK so their processing of the Users Personal Data will involve a transfer of data outside the UK.
Whenever the Owner transfers Personal Data outside of the UK, a similar degree of protection will be afforded to it by ensuring at least one of the following safeguards is implemented:
The country(ies) that the Personal Data is being transferred to have been deemed to provide an adequate level of protection for Personal Data.
For certain service providers and external third parties, specific contracts approved for use in the UK are used which give Personal Data the same protection it has in the UK.
Users are also entitled to learn about the legal basis of Personal Data transfers to a country outside the UK and about the security measures taken by the Owner to safeguard their Personal Data.
The User should contract the Owner if further information on the specific mechanism used by the Owner when transferring Personal Data outside the UK is required.
Retention time
Personal Data shall be processed and stored for as long as required by the purpose they have been collected for.
Therefore:
Personal Data collected for purposes related to the performance of a contract between the Owner and the User shall be retained until such contract has been fully performed.
Personal Data collected for the purposes of the Owner’s legitimate interests shall be retained as long as needed to fulfil such purposes. Users may find specific information regarding the legitimate interests pursued by the Owner within the relevant sections of this document or by contacting the Owner.
The Owner may be allowed to retain Personal Data for a longer period whenever the User has given consent to such processing, as long as such consent is not withdrawn. Furthermore, the Owner may be obliged to retain Personal Data for a longer period whenever required to do so for the performance of a legal obligation or upon order of an authority.
By law the Owner has to keep basic information about the Users (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers for tax purposes.
To determine the appropriate retention period for Personal Data, the Owner will consider the amount, nature and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of the User’s Personal Data, the purposes of the processing and whether the Owner can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or requirements.
Once the retention period expires, Personal Data shall be deleted. Therefore, the right to access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after expiration of the retention period.
In some circumstances the Owner may anonymise Personal Data (so that it can no longer be associated with the User) for research or statistical purposes in which case the Owner may use this information indefinitely without further notice to the User.
The purposes of processing
The Personal Data concerning the User is collected to allow the Owner to provide its Service, comply with its legal obligations, respond to enforcement requests, protect its rights and interests (or those of its Users or third parties), detect any malicious or fraudulent activity, as well as the following: User database management, Interaction with external social networks and platforms, Contacting the User, Remarketing and behavioral targeting, Content commenting, Advertising, Analytics, Displaying content from external platforms, Tag Management, Managing landing and invitation pages, Managing contacts and sending messages, Handling payments and Managing support and contact requests.
For specific information about the Personal Data used for each purpose, the User may refer to the section “Detailed information on the processing of Personal Data”.
Detailed information on the processing of Personal Data
Personal Data is collected for the following purposes and using the following services:
Advertising.
This type of service allows User Data to be utilized for advertising communication purposes. These communications are displayed in the form of banners and other advertisements on this Website, possibly based on User interests.
This does not mean that all Personal Data are used for this purpose. Information and conditions of use are shown below.
Some of the services listed below may use Trackers to identify Users or they may use the behavioral retargeting technique, i.e. displaying ads tailored to the User’s interests and behavior, including those detected outside this Website. For more information, please check the privacy policies of the relevant services.
In addition to any opt-out feature offered by any of the services below, Users may opt out by visiting the Network Advertising Initiative opt-out page.
Users may also opt-out of certain advertising features through applicable device settings, such as the device advertising settings for mobile phones or ads settings in general.
Google Ad Manager (Google Ireland Limited)
Google Ad Manager is an advertising service provided by Google Ireland Limited that allows the Owner to run advertising campaigns in conjunction with external advertising networks that the Owner, unless otherwise specified in this document, has no direct relationship with. In order to opt out from being tracked by various advertising networks, Users may make use of Your online choices. In order to understand Google's use of data, consult Google's partner policy.
This service uses the “DoubleClick” Cookie, which tracks use of this Website and User behavior concerning ads, products and services offered.
Users may decide to disable all the DoubleClick Cookies by going to: Google Ad Settings.
Personal Data processed: Tracker; Usage Data.
Place of processing: Ireland – Privacy Policy.
Outbrain (Outbrain Inc.)
Outbrain is an advertising service provided by Outbrain Inc.
Personal Data processed: Tracker; various types of Data as specified in the privacy policy of the service.
Place of processing: United States – Privacy Policy – Opt Out.
Pinterest Ads (Pinterest, Inc.)
Pinterest Ads is an advertising service provided by Pinterest, Inc. that allows the Owner to run advertising campaigns on the Pinterest advertising network.
Users may opt out of behavioral advertising features through their device settings, their Pinterest personalization settings or by visiting the AdChoices opt-out page.
Personal Data processed: Usage Data.
Place of processing: United States – Privacy Policy – Opt out.
Analytics
The services contained in this section enable the Owner to monitor and analyze web traffic and can be used to keep track of User behavior.
Google Analytics (Google Ireland Limited)
Google Analytics is a web analysis service provided by Google Ireland Limited (“Google”). Google utilizes the Data collected to track and examine the use of this Website, to prepare reports on its activities and share them with other Google services.
Google may use the Data collected to contextualize and personalize the ads of its own advertising network.
Personal Data processed: Tracker; Usage Data.
Place of processing: Ireland – Privacy Policy – Opt Out.
Facebook Ads conversion tracking (Facebook pixel) (Facebook Ireland Ltd)
Facebook Ads conversion tracking (Facebook pixel) is an analytics service provided by Facebook Ireland Ltd that connects data from the Facebook advertising network with actions performed on this Website. The Facebook pixel tracks conversions that can be attributed to ads on Facebook, Instagram and Audience Network.
Personal Data processed: Tracker; Usage Data.
Place of processing: Ireland – Privacy Policy.
Google Ads conversion tracking (Google Ireland Limited)
Google Ads conversion tracking is an analytics service provided by Google Ireland Limited that connects data from the Google Ads advertising network with actions performed on this Website.
Personal Data processed: Tracker; Usage Data.
Place of processing: Ireland – Privacy Policy.
Analytics collected directly (this Website)
This Website uses an internal analytics system that does not involve third parties.
Personal Data processed: Tracker; Usage Data
Contacting the User
Phone contact (this Website)
Users that provided their phone number might be contacted for commercial or promotional purposes related to this Website, as well as for fulfilling support requests.
Personal Data processed: phone number.
Contact form (this Website)
By filling in the contact form with their Data, the User authorizes this Website to use these details to reply to requests for information, quotes or any other kind of request as indicated by the form’s header.
Personal Data processed: email address.
Mailing list or newsletter (this Website)
By registering on the mailing list or for the newsletter, the User’s email address will be added to the contact list of those who may receive email messages containing information of commercial or promotional nature concerning this Website. The Users email address might also be added to this list as a result of signing up to this Website or after making a purchase.
Personal Data processed: email address.
Content commenting
Content commenting services allow Users to make and publish their comments on the contents of this Website.
Depending on the settings chosen by the Owner, Users may also leave anonymous comments. If there is an email address among the Personal Data provided by the User, it may be used to send notifications of comments on the same content. Users are responsible for the content of their own comments.
If a content commenting service provided by third parties is installed, it may still collect web traffic data for the pages where the comment service is installed, even when Users do not use the content commenting service.
Facebook Comments (Facebook Ireland Ltd)
Facebook Comments is a content commenting service provided by Facebook Ireland Ltd enabling the User to leave comments and share them on the Facebook platform.
Personal Data processed: Tracker; Usage Data.
Place of processing: Ireland – Privacy Policy.
Displaying content from external platforms
This type of service allows the User to view content hosted on external platforms directly from the pages of this Website and interact with them.
This type of service might still collect web traffic data for the pages where the service is installed, even when Users do not use it.
Google Fonts (Google Ireland Limited)
Google Fonts is a typeface visualization service provided by Google Ireland Limited that allows this Website to incorporate content of this kind on its pages.
Personal Data processed: Usage Data; various types of Data as specified in the privacy policy of the service.
Place of processing: Ireland – Privacy Policy.
Google Maps widget (Google Ireland Limited)
Google Maps is a maps visualization service provided by Google Ireland Limited that allows this Website to incorporate content of this kind on its pages.
Personal Data processed: Tracker; Usage Data.
Place of processing: Ireland – Privacy Policy.
Instagram widget (Facebook Ireland Ltd)
Instagram is an image visualization service provided by Facebook Ireland Ltd that allows this Website to incorporate content of this kind on its pages.
Personal Data processed: Tracker; Usage Data.
Place of processing: Ireland – Privacy Policy.
YouTube video widget (Google Ireland Limited)
YouTube is a video content visualization service provided by Google Ireland Limited that allows this Website to incorporate content of this kind on its pages.
Personal Data processed: Tracker; Usage Data.
Place of processing: Ireland – Privacy Policy.
Handling payments
Unless otherwise specified, this Website processes any payments by credit card, bank transfer or other means via external payment service providers. In general and unless where otherwise stated, Users are requested to provide their payment details and personal information directly to such payment service providers. This Website isn't involved in the collection and processing of such information: instead, it will only receive a notification by the relevant payment service provider as to whether payment has been successfully completed.
Stripe (Stripe Inc)
Stripe is a payment service provided by Stripe Inc.
Personal Data processed: various types of Data as specified in the privacy policy of the service.
Place of processing: United States – Privacy Policy.
Interaction with external social networks and platforms
This type of service allows interaction with social networks or other external platforms directly from the pages of this Website. The interaction and information obtained through this Website are always subject to the User’s privacy settings for each social network.
This type of service might still collect traffic data for the pages where the service is installed, even when Users do not use it. It is recommended to log out from the respective services in order to make sure that the processed data on this Website isn’t being connected back to the User’s profile.
Facebook Like button and social widgets (Facebook Ireland Ltd)
The Facebook Like button and social widgets are services allowing interaction with the Facebook social network provided by Facebook Ireland Ltd
Personal Data processed: Tracker; Usage Data.
Place of processing: Ireland – Privacy Policy.
Managing contacts and sending messages
This type of service makes it possible to manage a database of email contacts, phone contacts or any other contact information to communicate with the User. These services may also collect data concerning the date and time when the message was viewed by the User, as well as when the User interacted with it, such as by clicking on links included in the message.
Mailgun (Mailgun Technologies, Inc.)
Mailgun is an email address management and message sending service provided by Mailgun Technologies, Inc.
Personal Data processed: address; country; date of birth; email address; first name; gender; last name; phone number.
Place of processing: Germany – Privacy Policy.
Managing landing and invitation pages
This type of service helps with building and managing landing and invitation pages, i.e., pages for presenting a product or service, where the User may add contact information such as an email address.Managing these pages means that these services will handle the Personal Data collected through the pages, including Usage Data.
Instapage (Instapage, Inc.)
Instapage is a landing page management service provided by Instapage, Inc., that allows this Website to collect the email addresses of Users interested in its service.
Instapage allows the Owner to track and analyze the User response concerning web traffic or behavior regarding changes to the structure, text or any other component of the created landing pages.
Personal Data processed: email address; Tracker; Usage Data.
Place of processing: United States – Privacy Policy.
Unbounce (Unbounce Marketing Solutions Inc.)
Unbounce is a landing page management service provided by Unbounce Marketing Solutions Inc., that allows this Website to collect the email addresses of Users interested in its service.
Unbounce allows the Owner to track and analyze the User response concerning web traffic or behavior regarding changes to the structure, text or any other component of the created landing pages.
Personal Data processed: email address; Tracker; Usage Data.
Place of processing: Canada – Privacy Policy.
Managing support and contact requests
This type of service allows this Website to manage support and contact requests received via email or by other means, such as the contact form. The Personal Data processed depend on the information provided by the User in the messages and the means used for communication (e.g. email address).
Zendesk (Zendesk, Inc.)
Zendesk is a support and contact request management service provided by Zendesk Inc.
Personal Data processed: various types of Data as specified in the privacy policy of the service.
Place of processing: United States – Privacy Policy.
Remarketing and behavioural targeting
This type of service allows this Website and its partners to inform, optimize and serve advertising based on past use of this Website by the User. This activity is facilitated by tracking Usage Data and by using Trackers to collect information which is then transferred to the partners that manage the remarketing and behavioral targeting activity. Some services offer a remarketing option based on email address lists.
In addition to any opt-out feature provided by any of the services below, Users may opt out by visiting the Network Advertising Initiative opt-out page.
Users may also opt-out of certain advertising features through applicable device settings, such as the device advertising settings for mobile phones or ads settings in general.
Criteo Dynamic Retargeting (Criteo SA)
Criteo Dynamic Retargeting is a remarketing and behavioral targeting service provided by Criteo SA., that connects the activity of this Website with the Criteo advertising network.
Personal Data processed: Tracker; Usage Data.
Place of processing: France – Privacy Policy – Opt Out.
Facebook Custom Audience (Facebook Ireland Ltd)
Facebook Custom Audience is a remarketing and behavioral targeting service provided by Facebook Ireland Ltd that connects the activity of this Website with the Facebook advertising network.
Users can opt out of Facebook's use of cookies for ads personalization by visiting this opt-out page.
Personal Data processed: email address; Tracker.
Place of processing: Ireland – Privacy Policy – Opt Out.
Facebook Remarketing (Facebook Ireland Ltd)
Facebook Remarketing is a remarketing and behavioral targeting service provided by Facebook Ireland Ltd that connects the activity of this Website with the Facebook advertising network.
Personal Data processed: Tracker; Usage Data.
Place of processing: Ireland – Privacy Policy – Opt Out.
Remarketing with Google Analytics (Google Ireland Limited)
Remarketing with Google Analytics is a remarketing and behavioral targeting service provided by Google Ireland Limited that connects the tracking activity performed by Google Analytics and its Cookies with the Google Ads advertising network and the Doubleclick Cookie.
Personal Data processed: Tracker; Usage Data.
Place of processing: Ireland – Privacy Policy – Opt Out.
Tag Management
This type of service helps the Owner to manage the tags or scripts needed on this Website in a centralized fashion. This results in the Users' Data flowing through these services, potentially resulting in the retention of this Data.
Google Tag Manager (Google Ireland Limited)
Google Tag Manager is a tag management service provided by Google Ireland Limited.
Personal Data processed: Usage Data.
Place of processing: Ireland – Privacy Policy.
User database management
This type of service allows the Owner to build user profiles by starting from an email address, a personal name, or other information that the User provides to this Website, as well as to track User activities through analytics features. This Personal Data may also be matched with publicly available information about the User (such as social networks' profiles) and used to build private profiles that the Owner can display and use for improving this Website.
Some of these services may also enable the sending of timed messages to the User, such as emails based on specific actions performed on this Website.
ActiveCampaign (ActiveCampaign, Inc.)
ActiveCampaign is a User database management service provided by ActiveCampaign, Inc.
Personal Data processed: email address; Tracker; various types of Data as specified in the privacy policy of the service.
Place of processing: United States – Privacy Policy.
Marketing.
The Owner provides the User with choices regarding certain Personal Data uses, particularly around marketing and advertising. Users can refer to the following Personal Data control mechanisms:
Promotional offers. The Owner may use Identity, Contact, Technical, Usage and Profile Data to form a view on what the Owner thinks the User may want or need or what they may be interested in. The User will receive marketing communications if they have requested information from the Owner or purchased services and have not opted-out of receiving the marketing.
Third-party marketing. The Owner will get the User’s express opt-in consent before sharing Personal Data with any third party for marketing purposes.
Opting out. The User can request the Owner and/or any third parties to stop sending marketing messages at any time by emailing [email protected] . If the User opts out of receiving marketing messages, this will not apply to Personal Data that has been provided as a result of a purchase of travel services or other such transactions,
Monitoring communications. The Owner may monitor, record, store and use any email or other communication with the User in order to check any instructions provided, for training purposes, for crime prevention and to improve customer service quality.
Set out in the table below is a description of other ways the Owner plans to use the Users Personal Data, and which of the legal bases the Owner will rely on to do so. The Owner has identified what the legitimate interests are where appropriate.
The Owner may process the Users Personal Data for more than one lawful ground depending on the specific purpose for which the Owner will be using the Personal Data. Users should contact the Owner if they need details about the specific legal ground the Owner will be relying on to process Personal Data where more than one ground has been set out in the table below.