1. WHO’S RESPONSIBLE FOR YOUR PERSONAL DATA?
2. WHAT PERSONAL DATA DO WE COLLECT OR RECEIVE?/HOW DO WE COLLECT OR RECEIVE YOUR PERSONAL DATA?
Personal, contact, ID and payment details: Your full name and contact details (first name, middle name, last name, email address, phone number, postal address, country of residence), age, date of birth, gender, passport details and payment card details. You provide some of these details to us if you sign up to our emails, enter a competition, request a brochure, engage in online chat or book a holiday with us on this website or with one of our telesales consultants or when you book with a travel agent.
Sensitive personal data: We may collect details relating to your health or medical conditions, including details of any accessibility requirements, allergies or other health-related requests, also we may collect details of your meal preferences which may tell us about allergies or other dietary requirements, or potentially indicate your religion or beliefs. You provide some of these details to us if you tell us about medical conditions when you book with us directly or with a travel agent.
We will not sell, share or rent this information to others in ways different from what is disclosed in this policy. We collect information from you at several different points on our website including when you make a booking, request a brochure, subscribe to our newsletter, complete a survey, engage in chat or enter a competition.
3. WHAT WE DO WITH YOUR PERSONAL DATA AND WHO WE SHARE IT WITH
- Manage your booking with us. We will use your information to provide you with any travel or event services that you request or purchase. This entails booking your flights, accommodations, organising tours, transportation and car hire and providing you with your tickets (on the basis of performing our contract with you) and providing you with any special assistance you require (where you give us your consent). We may share your personal data with third party suppliers we work with to provide your booking and our other services to you. We may share your information with parties such as airlines, hotels, tour operators, transport companies, excursion providers, airport authorities, insurance companies, car hire companies, ground handling agencies, and cruise companies.
- Contact you with information about your bookings and support services: We will use your contact details to send you communications which relate to your booking or services you have requested. The types of information usually included would be: e-mails responding to enquiries, providing you with tickets, alerting you to changes in itineraries or responding to any complaints you have. We do these things in order to fulfil our contract with you and on the basis of our legitimate business interest of providing you with customer service. We share your personal data with third party suppliers that we use to provide services in connection with the experiences we offer to you. This might include marketing agencies and/or companies that run our marketing campaigns, IT developers, service providers and hosting providers, third parties that manage promotions or competitions, third party software companies ground agents, site analytics providers, medical service providers and credit card screening companies.
- Enable you to partake in a prize draw, competition or complete a survey: We do this to perform our contract with you or for our legitimate events of studying how customers use our services, develop them and grow our business.
- Send you marketing communications. We will use your information to contact you in order to keep you up to date with the latest news, offers, events, sales, brochures, promotions and competitions that we consider may be of interest or relevant to you. We will usually only do this when we have your consent to do so or on the basis of our legitimate interest to provide you with customer service. See Marketing.
- Ensure security and protect our business interests. In certain circumstances, we use your information to ensure the security of our services, buildings, and people, including to protect against, investigate and deter fraud, unauthorised or illegal activities, systems testing, maintenance and development (on the basis of our legitimate interests to operate a safe and lawful business or where we have a legal obligation to do so).
- Comply with our legal obligations. In certain circumstances, we will need to use your information to comply with our legal obligations, for example to comply with any court orders or subpoenas (on the basis of our legitimate interests to comply with a legal obligation). We may have to share your information with other third parties (such as legal, accountants or other advisors, regulatory authorities, courts and government agencies) to enable us to enforce our legal rights, or to protect the rights, property or safety of our employees or where such disclosure may be permitted or required by law; and sometimes we have to provide ‘Advance Passenger Information’ about you to border or immigration authorities of the country of your travel destination. This would usually be the basic information contained in your passport but the laws of certain countries may require additional information. We will provide this information when we are required to do so.
- Optimise our sites and app. If you use our sites or apps, we will use your information to ensure that the content from our websites are presented in an effective manner for you and your device, to provide you with access to our site and app in a manner that is effective, convenient and optimal, and to provide you with content that is relevant to you, using site analytics and research and in certain circumstances combining that with other information we know about you (on the basis of our legitimate interests to operate and present an effective and convenient website to our website users).
- Use data analytics to improve our website, products/services, marketing, customer relationships and experiences. This is necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy).
- Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
- Social Media Platforms. We may share your personal data, including your name, email address, address and date of birth – with third party social media platforms including Facebook for the purposes of allowing those platforms to display targeted advertisements to you. If you don’t want us to do this, you have the right to opt out (see below).
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
We may contact you for marketing purposes, including to tell you more about our services, share news or tell you about promotions from time to time. You're always in control of the emails that you receive and you can update your preferences or opt out at any time by email to email@example.com. Even if you've opted out of marketing messages, we'll still need to contact you in relation to your bookings with us.
We will only contact you in this way if:
- You have signed up to receive marketing communications from us and have not later told us that you don’t want to hear from us.
- You have requested information from us or entered a competition or registered for a promotion and provided your details and you have not told us that you do not want to hear from us.
- You have made a booking with us and have not told us that you do not want to hear from us.
5. LEGAL BASIS FOR USING YOUR PERSONAL DATA:
We only process your personal data to the extent that at least one of the following applies:
- You've consented to the processing of your personal data for a specific purpose – for example, we process your sensitive personal data based on your consent for us to do that;
- The processing is necessary for us to perform our contract with you (eg to provide your holiday) or for use to take steps at your request before we enter into the contract;
- Where we need to process your personal data to comply with a legal obligation that we're subject to;
- Where we need to process your personal data to protect your vital interests (or somebody else's), for example in case of a medical emergency; or
- Where the processing is necessary for the purposes of our legitimate interests or a third party's legitimate interests.
We rely on several legitimate interests for using and sharing your personal data, including:
- Improving our products and services;
- Understanding how customers travel with us;
- Marketing and promotional activities;
- Identifying and pursuing new ways to develop and grow our business; and
- Ensuring the security and safety of our staff and guests.
7. LOG FILES
We use IP addresses to analyse trends, administer the site, track usage and gather broad demographic information for aggregate use.
We only share aggregated demographic information with our partners and advertisers. This is not linked to any personal information that can identify any individual person. We use a credit card processing company for all billing.
From time to time, this web site may contain links to other sites. Please be aware that Topflight is not responsible for the privacy practices of such other sites. We encourage you to be aware of this when you leave our site and to read the privacy statements of each and every web site that collects personally identifiable information. This privacy statement applies solely to information collected by Topflight.
If you subscribe to our e-mail newsletter, we ask for contact information - your name and e-mail address at minimum, with the option to provide additional information.
10. BROCHURE REQUESTS
If you ask us to send you a printed holiday brochure, we ask for contact information - your name and postal address at minimum, with the option to provide additional information.
11. SURVEYS & CONTESTS
From time-to-time our site may request information from users via surveys or competitions. Participation in these surveys or competitions is completely voluntary and you therefore have a choice whether or not to disclose this information. Information requested may include contact information (such as name and address), and demographic information (such as age range). Contact information will be used to notify the winners and award prizes. Survey information will be used to help us improve the usability of our systems.
We take every precaution to protect all information collected. Sensitive information which you submit via the website is both communicated to us and stored in a secure manner. All personal information communicated to us as part of a booking is submitted over a secure channel, protected using SSL or TLS encryption. You can confirm this by looking for the "secure site" indicator on your web browser, which typically appears as a padlock or key. For information held on file, access is restricted to only those staff that require that information to perform a specific job. All employees are kept up-to-date on our security and privacy practices. If you have any questions about the security at our website, you can e-mail firstname.lastname@example.org
13. COMMUNICATIONS RELATING TO BOOKINGS
We communicate with customers in relation to their current holiday bookings. This communication may be by e-mail, conventional post, telephone, fax or other suitable medium. This communication is essential to the proper service of bookings and orders and must therefore take place regardless of the customer's consent to other (non-booking-related) communication.
Except where an actual booking or other business transaction is concerned, we communicate with you only where consent is given. We track consent to e-mail and conventional post communication and you may review or revoke this consent at any time. Every edition of a newsletter offers a quick unsubscribe link.
15. NOTIFICATION OF CHANGES
16. INTERNATIONAL TRANSFERS OUTSIDE THE EEA
We will only send your data outside the European Economic Area (“EEA”) to:
- follow your instructions
- comply with a legal duty
- work with our suppliers and third parties who we use to help deliver our services
Some of our external third parties are based outside the EEA so their processing of your personal data will involve a transfer of data outside the EEA.
If we do transfer information to parties outside of the EEA, we will make sure that it is given a similar degree of protection by ensuring that at least one of the following safeguards are implemented:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
- Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
- Where we use providers based in the U.S, we may transfer data to them if they are part of the US-EU privacy shield, which sets out standards for data sent between the US and EU countries.
17. YOUR PERSONAL DATA RIGHTS
What are your rights?
We want you to feel reassured that you have control of your personal information. With this in mind, we have explained below the rights you have in relation to the personal information we hold about you:
- The right to ask us to correct any information you believe is incorrect.
- The right to ask us to not to use your information for marketing purposes.
- The right to receive a copy of the personal data we hold about you or to request that we transfer this to another service provider.
- In certain circumstances, the right to ask us to stop using information about you.
- The right to lodge a complaint to the Data Protection Commissioner’s Office.
- The right to ask us to limit or cease processing or erase information we hold about you in certain circumstances.
- The right to withdraw consent that you have provided to us to use your personal information.
How can you exercise your rights?
You can exercise these rights over your data by email@example.com or by checking the applicable boxes on forms where we collect your information or to tell us that you don’t want to participate in marketing. You can also unsubscribe from any marketing circulation lists you are on by scrolling to the bottom of the e-mail and clicking the ‘unsubscribe’ link.
We will comply with your requests, unless we have a lawful reason not to do so. We will need you to provide additional details to confirm your identity in order to process your request.
18. DATA RETENTION
We will only keep your personal data for as long as necessary to fulfil the purpose we collected it for, including for the purpose of satisfying any legal accounting or reporting requirements.
We operate a data retention policy and look to find ways to reduce the amount of information we hold and the length of time we hold it for.
By law we have to keep basic information about booking and our customers for six years for legal claims and tax purposes.
18.1 DATA ERASURE
When exercising your rights, you can request that your personal information be deleted by emailing firstname.lastname@example.org. Please note that if you request deletion of your personal information:
- We may retain or anonymise your personal information as necessary for our legitimate business interests, as stated in section 18, such as those required to comply with our legal and regulatory obligations.
- Because we take measures to protect data from accidental or malicious loss and destruction, residual copies of your personal information may not be removed from our backup systems for a limited period of time.
19. HOW TO CONTACT US
If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact email@example.com using the details set out below.
You have the right to make a complaint at any time to the relevant data protection supervisory authority for data protection issues.
The Data Protection Commissioner in Ireland is (https://www.dataprotection.ie)
The Information Commissioner in the UK is (https://ico.org.uk/)
Updated: 22nd May 2018