Introduction and background
The purpose of this policy is to outline how TBG Travel Group Limited has established measures to protect your privacy and information rights.
We recognise that you have rights as a ‘data subject’, and that we have an obligation to uphold these.
This privacy notice aims to outline how we maintain these rights. In particular, it outlines:
How we collect and process your information
Why we do this
How you can exercise your rights;
Who to contact in the event you’re unhappy with our performance.
Depending on why we have collected your information, your information rights could include:
|Right to be informed||This encompasses the obligation for us to be transparent in how we collect and use your personal data.|
|Right of access||You have the right to access your personal data and supplementary information.|
|Right to rectification||If the information we hold on you is inaccurate or incomplete, you can request we correct this.|
|Right to erasure||You can request we delete or remove personal data where there is no compelling reason us to continue processing|
|Right to restrict processing||You have the right to request we cease processing your data, if:|
You consider it inaccurate or incomplete;
Where you object to processing and we are considering whether we still have a legitimate interest to process it.
Where we don’t need the data for the original reason we collected it, but may need it to support a legal claim
|Right to data portability||Where you have consented to our processing your data, or where the processing is necessary for us to deliver a contract, you can request a copy of that data be provided to a third party in electronic form.|
|Right to object||You have the right to object to our processing under certain circumstances. For example, you can object to:|
direct marketing (including profiling); and
processing for purposes of scientific/historical research and statistics
|Rights relating to automated decision making including profiling||Where we apply automated decision making, we must|
give you information about the processing;
introduce simple ways for you to request human intervention or challenge a decision;
carry out regular checks to make sure that our systems are working as intended
Information related to automated decision making is contained later in this notice.
Information we collect
We collect certain personal data about you and about any other person you include on your booking. The sort of personal data we collect is information that you provide to us, that we collect from you or observe about you, or that we obtain from other sources
Personal data you give to us
When you make a booking or other purchase or enquiry we will ask you for your name, address, e-mail address, telephone number, date of birth, and personal travel preferences. We need to collect this information in order to arrange the travel and other services you are requesting.
If you enter a competition or promotion, complete a survey, or if you report a problem with any of our Services, we will collect your name and relevant contact information and any other personal information you choose to give us.
We may ask to see and retain a copy of passport details and other identification documents if, for example, you are purchasing foreign currency or completing a money transfer.
If you contact us online, we may keep a record of your e-mail or other correspondence, and if you call us by telephone, we may monitor and/or record phone conversations for training and customer service reasons.
If, when using our Services, you make a holiday/travel search on our website or with one of our travel consultants and you enter or provide any of your personal data (including telephone number or e-mail address), but do not make a booking or other purchase, we will keep and use the data you’ve provided for a limited time and purpose, as mentioned below.
To help us keep your information current, accurate and complete, please ensure you tell us if anything needs to be changed.
Personal data we collect and/or observe about you
Based on how you have used our Services in the past and your activity on our website, social media channels, or with our contact centre and stores, we collect the following personal data about you:
Details of the services we have provided to you in the past, including your previous travel arrangements, such as holidays and other purchases, and matters related to those arrangements, such as details of your previous requirements or complaints.
We collect details of your visits to our Sites and Apps (including, but not limited to, traffic data, location data and weblogs) whether this is required for our own purposes or otherwise, and of the resources that you access. We use third party technology services, such as Google Analytics to administer these services.
We collect details of website(s) you visited before you use a link to our Sites, pages visited in our Sites, and time spent on each page.
We may collect information about your computer (or mobile device/tablet) including, where available, your IP address, operating system, device location, browser type, cookie identification numbers, for system administration purposes, marketing purposes (both our own, and third party advertisers for whom we provide advertising services) and to report aggregate information to our advertisers. This is statistical data about our users’ browsing actions and patterns, and any reports we share do not identify any individuals.
Images of you taken on our events through Licklist, a 3rd party photography company
Personal data obtained from other sources
We might also receive your personal data from third party sources who collect information about you on our behalf. This includes:
If you tell a third party that you would like to receive marketing communications from Student Getaways, they will securely transfer your contact details and marketing preferences to us.
If you book one of our holidays through a third-party travel agent, certain personal data (as applicable to your booking, such as your name, date of birth or any special requirements you have) will be passed to us to provide the services you have requested/booked.
If you complete any of our customer feedback questionnaires/surveys, the information you provide will be processed on our behalf and provided to us by a third party such as reviews.co.uk
Where is your data stored and who it’s shared with:
Your personal data is held on a combination of our own systems and systems of the suppliers we use to provide our services.
When you give your personal data to us, some of the personal data you provide will need to be given to and processed and stored by relevant third parties. These third parties include:
our technology and data management partners who help us to administer the services we provide (such as Digital Trip Limited)
our travel partners, such as airlines, airports, hoteliers, insurance companies and ground handling agents (depending on the travel services you book), so that they can provide you with the arrangements and assistance you require.
our card payment facilitators, that help us process customer payments and assists us in detecting and preventing fraudulent payments or bookings.
Some of these third parties may be based outside of the European Economic Area (“EEA”). Organisations that are based outside of the EEA may not be subject to the same level of controls in regard to data protection as exist within the UK and the EEA. We aim only to transfer your data to third parties outside of the EEA where either:
(a) your personal information will be subject to one or more appropriate safeguards set out in the law, if you’d like more information about our safeguards, please contact us. These safeguards might be the use of standard contractual clauses in a form approved by regulators, or having our suppliers sign up to an independent privacy scheme approved by regulators (like the US ‘Privacy Shield’ scheme); or
(b) the transfer is necessary to enable your contract to be performed.
In order for you to travel overseas, we may be required to disclose certain of your personal data to government bodies or other authorities in the UK and in other countries, such as those responsible for immigration, border control, law enforcement, security and anti-terrorism.
Even if it is not mandatory for us to provide information to such authorities, we may exercise our discretion to assist them where appropriate in the interests of detecting and preventing criminal activity.
We may disclose your personal information to any member of our Group for business purposes, (those business purposes include holding your data on central/shared systems for administering bookings and supporting customers in destination countries). Our Group means our subsidiaries and our ultimate holding company and its subsidiaries.
We may pass your data to relevant third parties, such as a payment facilitator Trust EV for the purpose of detecting and preventing fraudulent payments or bookings.
How do we use your information when providing our services to you:
In order to provide our services to you, we use the information we hold in a number of different ways. We process your information either because it is necessary for us to do so as part of a contract you enter into, or because we have a legitimate business reasons for doing so.
The following activities are carried out by us using your personal data because it is necessary in relation to a contract which you have entered into or because you have asked for something to be done so you can enter into a contract;
Administering your booking internally and communicating your booking externally with our suppliers, to ensure the services you have requested are arranged;
To communicate with you regarding your booking or any other purchase, including sending booking confirmation and travel documents;
We may use and process your personal information as set out below where it is necessary for us to carry out activities for which it is in our legitimate interests as a business to do so:
To improve customer experience:
To ensure that content from our Sites, Apps and booking systems is presented in the most effective manner for you and for your computer;
To notify you about changes to our service;
To inform you about our service in destination;
To protect our business against financial loss;
For debt collection or credit vetting
For payment card and booking verification (including using Google reCAPTCHA on some of our Sites to ensure only genuine customer bookings are made).
To maintain a safe and secure environment and prevent and detect criminal activity;
Using CCTV in our premises.
To promote our business, improve our products and services;
To send marketing correspondence about products and services similar to those you have previously bought from us. You can opt out and object to our sending you electronic marketing information and this option will be included in every marketing message we send you. See the section ‘When and how do we use your information for marketing for more information’.
To contact you if you make an enquiry with us on our website but do not complete a booking to check if there was a problem or you need any assistance to book;
For internal research/analysis to improve the quality of our Services, the products we offer and new products we are developing by:
Inviting customers to take part in surveys or customer/business discussion groups;
Using aggregated customer data to make informed decisions based on analysis of customer booking or other purchase trends and behaviours.
To promote our business, brands and products and measure the reach and effectiveness of our campaigns;
To contact you with targeted advertising delivered online using Google DoubleClick and through social media and other platforms operated by other companies. You may receive advertising based on information about you that we have provided to the platform or because, at our request, the platform has identified you as having similar attributes to the individuals whose details it has received from us. To find out more, please refer to the information provided in the help pages of the platforms on which you receive advertising from us;
We use this information in two ways:
We identify links between your attributes and your behaviours and market to others with the same attributes, in our direct marketing campaigns and through targeted advertising delivered through our Sites, Apps or third party platforms including social media channels.
We tailor and personalise our interactions with you to make them more relevant to your interests. These interactions include your journey around our Sites and the content that appears on it and marketing communications we send or show to you in our direct marketing campaigns and through online targeted advertising described in the paragraph above. Please see ‘How we personalise marketing for you’ for more information;
To support any potential company sale or acquisition:
In the event that we sell or buy any business or assets, we may disclose your personal data to the prospective seller or buyer of such business or assets.
We may use and process your personal information as set out below where we consider that it is in your vital interests that we do:
To assist you or arrange for assistance to be provided to you by third parties either in the event of an incident or emergency.
We may use and process your personal information as set out below where we have your consent to do so:
To assist you or arrange for assistance to be provided to you by third parties where you have special requirements in relation to special categories of personal data (please refer to the section: ‘What types of personal data do we collect about you and why do we collect it’).;
To send marketing correspondence about our products and services where we have asked for your permission to do so. See the section ‘When and how do we use your information for marketing for more information’.
We and third parties acting on our instructions, such as external law firms and their employees, may use and process your personal information as set out below where there is a legal requirement for us to do so:
For resolving complaints, dealing with disputes and legal proceedings. This might include contacting you proactively if we need to resolve any issues you may be experiencing or have experienced with a booking or other purchase;
When and how do we use your information for marketing:
If you have made an enquiry or purchase on one of our Sites, your personal data may be used by us in the ways the law allows, to contact you by post, electronic means (e-mail or text message) and/or by phone with information and offers relating to products or services that you can book/purchase from Student Getaways.
If you have not made an enquiry or purchase, we will only send you information and offers by e-mail or text message if you sign up (opt in) to receive such marketing, either directly through us or by telling a third party that you would like to receive marketing from us.
If you have expressed an interest into going to one of our resorts on our website we will only send you information and offers related to what you showed an interest in.
We will not pass your contact details to a third party that is not one of our business partners involved in providing Student Getaways services or products for them to contact you or send you marketing communications unless you have expressly agreed that we may do so.
How do we personalise our marketing to you:
To try and ensure that our marketing communications and advertising are relevant to you, we work with third parties to offer a better experience to customers and potential customers.
Using new technologies and marketing activation platforms (including Active Campaign), we may use your personal information in the following ways:
to try to ensure any marketing communications we send to you are offering products or services likely to be of interest to you.
to tailor and track our digital marketing (for example, our internet banner advertisements) and links from our marketing partners’ websites to our Sites. This digital marketing may include marketing related to Student Getaways or marketing related to business partners to whom we provide advertising services.
Our business partners and advertising networks may serve you with non-personalised adverts on our Sites via advertising technology Google Double Click for Publishers. Non-personalised adverts are targeted using contextual information regarding the pages visited on our site, rather than the past behaviour of a user. We allow third parties to collect information about your online activities using cookies and other technologies. The third parties may include other Student Getaways companies, our suppliers/business partners who collect information when you view or interact with an advert on one of our Sites, and advertising networks. We also collect information about your online activities using cookies and other technologies when you use websites other than our Sites to provide advertising services on behalf of our business partners. This technology allows us to display an advert to you relating to a business partner on other websites based on your page visits and other behaviours whilst on our Sites.
Please see our Cookies Policy for more information.
What you need to do if you don’t want our marketing communications:
We understand you might no longer want to hear from us and that’s ok. It is easy to opt-out or unsubscribe
You have the right at any time to ask us not to process your personal data for marketing purposes.
You can exercise your right to prevent such processing by not opting in to receiving these. You can also exercise this right at any later time by using the unsubscribe link on any marketing e-mail you receive or by emailing [email protected]
You can choose to opt-out by following the opt-out instructions on any direct marketing communication sent by post, or by sending an unsubscribe request to:
TBG Travel Group Limited
Retention of data
TBG Travel Group Limited retains information for seven (7) years from our point of last contact with regards to bookings. We hold this information to support our legal and regulatory requirements. If you object to this retention, please contact us – details provided in the ‘Contact’ section. For marketing, we retain information for 2 years since you last engaged with us after receiving a marketing communication, or such other time that may be required for our legal and audit purposes or that is required by law.
Securing your information
We take data security very seriously
The transmission of information via the internet is not completely secure, and although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Sites, therefore any transmission is at your own risk. Once we have received your information, we will take all reasonable steps to keep your personal data secure and to try to prevent any unauthorised access, use or loss of your data, by putting in place appropriate security measures and limiting access to those who have a business need to know. All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted using TLS technology. We do not store customer card data on our internal systems. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Sites, you are responsible for keeping that password confidential. We ask you not to share a password with anyone.
We have a process to deal with any suspected personal data breach and will notify you and the ICO of a breach where legally required to do so.
What happens when you follow a link from our website to a third party website:
Our Sites contains links to and frames of websites of our principals, suppliers, advertisers and other third parties. You can tell when a third party is involved in supplying a product or service you have requested because their name will appear with ours. If you follow a link or otherwise use any of these other websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies or for these third party websites. Please check these policies before you submit any personal data to these websites.
Some cookies are essential to make our Sites work properly and to allow you to make your travel booking or other purchases and enable us to fulfil your purchase requests
Customer Experience Cookies (Analytics, Customisation & Tracking)
These types of cookies help us to provide you with a good experience when you browse our Sites and allow us to track your experience between different devices to improve our Sites or the way we provide our service to customers.
Third party adverts on our Sites and social media: This type of advertising is intended to provide you with a selection of products/services that you’ve viewed on other third-party websites, or social media channels, which are presented to you by our agency when you visit our Sites or social media channels. The adverts may feature variations on the products/services that might be considered relevant to your browsing history on these other third-party websites.
Student Getaways adverts on third party websites: This type of advertising is intended to provide you with a selection of travel related products/services that you’ve viewed on our website, which are presented to you by our agency when you visit other selected websites or social media channels. The adverts may feature different Student Getaways products/services that might be considered relevant to your browsing history.
We use advertising soltions delivered by Google DoubleClick for Publishers (DFP). Where we share data for the purposes mentioned above, it is encrypted and does not include your name.
If you choose to remove cookies parts of website you are on may not work properly or your use of the website may be impaired.
If you choose to use this website you are on without declining any non-essential cookies, then your use will constitute implied consent to the non-essential cookies that are set.
You can accept or decline advertising, and customer experience (analytics, customisation and tracking) cookies at any time by using the ‘Manage Cookies’ link above.
You can opt-out of third-party advertising networks using your information for interest-based advertising. Our Sites participate in Google DoubleClick for Publishers (DFP) partner network, you can opt-out of this here: Google Double Click Opt Out
You will need to opt-out on each device you use to access our Sites.
Your information will not be shared with our third party advertising network partners for the purpose interest-based advertising if you opt-out, however, you will continue to receive interest-based advertising from Student Getaways and its business partners when using one of our Sites.
Please note these opt-out mechanisms use a cookie on your device, and if you clear the cookies from your browser it will ‘forget’ the opt-out.
Alternatively you can review cookies by accessing the preference panels from your browser’s main menu (usually found under ‘Edit’, ‘Tools’ or ‘Options’). Do not track (DNT) is a feature offered by some browsers, with some newer browsers offering it as default. If you enable it, it sends a signal to websites to request that your browsing isn’t tracked, for example by third party advertisers or social networks, or analytic companies. No industry-wide agreed standard to determine how DNT requests should be managed has been put in place, so our Sites don’t currently support DNT requests. Until that standard is established, we’ll continue to review DNT and other new technologies, but won’t respond to DNT requests.
We recognise that you may have questions on how we process and/or store your data, or may want to change either the data we hold on you or how we communicate with you in the future.
If you have given consent for processing, you are free to withdraw that consent. To let us know this is the case please email us at [email protected]
If you have any questions in respect of this notice, or would like to exercise your rights as a data subject (for example, to correct data or to exercise your right to access):
TBG Travel Group Limited as data controller, can be contacted as follows:
By writing to:
Or by emailing: [email protected]
Barry Moore, Student Getaways DPO can be contacted at [email protected]
If you are unhappy that we have responded to your query adequately, of if you have a further complaint, The Information Commissioner’s Office can be contacted on 01625 545745 or by writing to Information Commissioner’s Office at
May 2018, version 1