Data Protection and privacy notice
Data protection policy and privacy notice
Adventure Alternative complies with all aspects of the Data Protection Act 1998 and the General Data Protection Regulation (Regulation EU 2016/679) which is being implemented in May 2018. We are registered with the Information Commissioners Office (ICO) and our Registration Number is: Z2125893.
We only collect information that we need for the specific purpose of organising a holiday, we keep it secure, we ensure it is relevant and up to date, we only hold as much as we need, and only for as long as we need it, and we allow the subject of the information to see it on request. We do not use any personal information or data that is unfair to the individual.
Any client of ours can ask how we have complied with the Data Protection principles and correct any inaccuracies about their personal information, and also to request that we stop using their personal information for any purpose.
Description of processing
We collect personal information to enable us to provide tour operation services to our customers and also to promote our services.
This information includes personal details such as name, address, email address, date of birth, next of kin, dietary preferences and physical and mental health information. We also collect information relating to religious or other beliefs of a similar nature which might be pertinent to the inclusion on one of our trips, and information about criminal offences where it is related to any activity involving children. We also have social media pages where clients interact and share personal information and opinions.
We keep this data on a secure, password protected database which can only be accessed online and only by the main staff members in the UK office who have a legitimate reason for using this data for the purpose of organising and running holidays.
We do not collect or keep any financial information or data whatsoever.
We do not record any telephone calls, however we do take and keep notes about telephone calls which relate to the holiday being discussed.
We do not have any automatic processing facilities.
No personal data or information is kept in paper format or on external hard drives.
Some personal information is kept in the form of email correspondence relating to a holiday booking on staff computers, which are password protected.
If you want to participate in any of our online surveys or feedback forms you may be asked to provide personal information. The nature of the information may vary depending on the type of survey that is being conducted, but it is likely to include contact information and demographic information. We will use this information to improve our service to you. With your consent, we may use content from these online feedback forms and surveys in our marketing material.
Sharing of information
We share personal information among our staff in the UK office for the purposes of the organisation of a holiday and with a strict need to know, and we share only certain necessary information with our third party suppliers in other countries, such as name, age, gender, dietary and other preferences relating specifically to the holiday which the client has booked. The information is shared by email on an Excel document or using an online sharing facility like google documents.
We sometimes need to share the personal information we process with the individual themselves, their relatives, guardians or other representatives in the event of an accident or repatriation, and sometimes with other organisations such as insurance companies.
We use personal information such as email addresses, addresses, phone numbers and social media pages for the purpose of promoting our services through newsletters, direct email marketing and social media marketing. Any individual has the right to opt out of these promotional services at any time and with immediate effect.
Retention of information
Information about individuals is held online in a secure database from the period when the information is inputted during a holiday booking up until the period of the holiday itself, after which the only information kept is the name and email address and name of trip attended for a period of three years. All other information is deleted.
Email correspondence containing personal information is regularly deleted every three months, and only email addresses and names are kept for possible future correspondence relating to another holiday booking.
We may collect information about your computer, click-stream data - including where available your IP address - operating system and browser type, for system administration. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual.
Links with other websites
Our site may, from time to time, contain links to and from third parties’ websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Data Protection Issues
We take all reasonable safeguards to keep all your personal information as secure as is humanly possible. In addition to a rigorously enforced data handling policy, all our staff members are made aware of their obligations to keep the information for authorised use only. Of course, no technology is fail-safe, but we have made every reasonable effort to keep our systems up-to date-with the relevant protocols.
Any issues relating to the misuse of data, or requests from clients for access to data, or accidental sharing of data is handled directly by the company Director and in conjunction with the Information Commissioners Office.
We regularly update our IT systems and change passwords to ensure that our computers, servers and devices are up to date and do not present a potential threat to security. Staff also regularly keep up to date with industry standards on data protection through membership of trade bodies like AITO.
In the event of a catastrophic event in the office such as fire, all personal information would still be accessible online through the password protected database.
We outsource the management of our website and our server to specialist companies and are happy and confident that each of those companies is compliant with the law on data protection and also operates strict internal policies for the protection of all data.
To find out more about your rights and the Data Protection Act please visit this page on the Information Commissioners website.