We understand that making purchases online or over the telephone involves a great deal of trust on your part. We take this trust very seriously, and are committed to collecting, using, sharing and storing your Personal Data in a way that respects and protects your privacy.
We (“Newmarket Holidays Limited”) gather and process data in accordance with the prevailing data protection legislation, including the General Data Protection Regulation (GDPR) 2016 and the Data Protection Act 2018.
2. Information we may collect about you
We may collect and process the following data about you in the following ways:
Information that you give us
- when booking a holiday for you;
- when approaching us to supply a holiday to you;
- by filling in a newspaper coupon or similar form requesting information
- when subscribing to our emails;
- when requesting further information, services or brochures; and
- when completing surveys and questionnaires.
This information may include your title, gender, age, full name, address and other communication contact information, and similar information for those whom you are seeking to book a holiday for.
If you take steps to book a holiday with us, we will also collect other information such as details included in your passport; medical, dietary and disability information, and details of your holiday.
Details of your visits to our website. This includes, but is not limited to:
- details of the computer or other device that you are using;
- details of the web browser you are using;
- traffic data;
- location data;
- other communication data; and
- IP address data.
Information provided by reputable third-party data sources such as partners and travel agents.
If you contact us, we may keep a record of any correspondence or conversation, including any information provided or required to resolve your enquiry or issue.
A ‘cookie’ is a small piece of information which is sent to your browser and stored on your computer’s hard drive. Cookies do not damage your computer, and by themselves cannot be used to discover the identity of the user.
You can find more about how cookies are used and opting out of their use at www.allaboutcookies.org.
4. Storage of personal data
We implement appropriate security measures to protect information from:
- unauthorised access or modification;
- alteration; or
Our security systems include password authenticated access to internal databases. We also encrypt and anonymise data wherever it is appropriate to do so. We regularly take back-ups of our data, and regularly review overall web security and audit procedures. When you book a holiday with us via the internet your data is protected, even in transmission to us, using the “HTTPS”, Hypertext Transfer Protocol for secure communication. In HTTPS, the communication protocol is encrypted by Transport Layer Security.
If you make a payment with us, we do not store the details of your debit or credit card. We comply with the Payment Card Industry Data Security Standard, which is validated by an external Qualified Security Assessor.
In conforming with data protection laws, we endeavour to implement appropriate procedures to protect your personal data and to prevent any unauthorised access or misuse of it. Our servers, on which your personal data is kept, are located in the United Kingdom.
Please be aware that the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data when transmitted via the internet between us: any such transmission is at your own risk.
5. Uses made of the information
We use information held about you in the following ways:
- To provide you with details of and complete your holiday.
- To carry out the requirements of any contracts entered into between you and us.
- To provide you with information about the holidays we offer.
- To provide you with relevant information about other holidays and services that you request from us or which we feel may interest you.
- To ensure that content from our site is presented in the most effective manner for you and for your computer.
- To notify you about changes to our services.
6. Disclosure of your information
We may disclose your relevant personal information to the extent that we are under a duty to or it is proper to disclose or share your personal data in order to:
- comply with any potential or actual legal obligation;
- protect the rights, property, or safety of Newmarket Holidays Limited, our customers, or others.
We use Rackspace, Inc; Cisco, Inc; Freshservice, Inc; Censhare, Inc; and Dropbox, Inc to assist us in managing your data. While those companies are located in the United States, each of them has joined the Privacy Shield system allowing the processing of data by those company in accordance with the GDPR.
If we are selling our business, we may disclose your relevant personal information to the other travel company or organisation to whom we are considering selling part of our business.
7. Your rights
The data protection legislation gives you a number of rights. These rights include:
- Right to data erasure which is explained under the heading “Data Retention” below.
- Right to make a “subject access request”, which is a request for a copy of the data which we hold about you.
- Right of correction of data which we hold about you where this is inaccurate.
- Right to data portability.
- Right to withdraw your future consent to our processing your personal data.
- Right to contact and make enquiries of our data protection co-ordinator who can be contacted by email to firstname.lastname@example.org or in by post to Data Protection Co-ordinator, Newmarket Holidays Limited, Cantium House, Railway Approach, Wallington, Surrey SM6 0BP.
- Right to complain to the Office of the Information Commissioner.
Please be aware that if you exercise one of these rights, that in order to protect your privacy, we may require you to undergo some verification tests to ensure that we are dealing with you.
- Contract - To consider potential or to fulfil actual contracts with you. If we were not able to collect, process and transfer this data we would be unable properly to perform our side of any actual or potential contract with you.
- Legitimate Interest - In order to consider potential or to fulfil actual contracts with you and others, we need to collect, process and transfer personal data about you.
- Consent – We may also rely on your express consent for us to use your personal data.
8. Data Retention
We normally hold and process your data for a maximum of eight years from the date when you last interacted with our services. In this context “interact” means booking a holiday or making an enquiry about booking a holiday. However, we delete some data, such as passport identity data about you, shortly after you return from holiday.
We are committed to responsible email practices. We only send email to individuals whose data has been lawfully and fairly obtained. In any event we will stop the processing of your data where you ask us to do so by contacting us at data.protection@.newmarketholidays.co.uk, by clicking the unsubscribe link in our emails or by post to Data Protection Co-ordinator, Newmarket Holidays Limited, Cantium House, Railway Approach, Wallington, Surrey SM6 0BP. The only circumstances in which we will not do so are where we have a legal obligation or a legitimate interest to continue processing your data.
Our websites and emails may contain links to and from the websites of third parties. If you follow a link to any of these websites, please note that these websites have their own privacy policies. We do not set and are not responsible for those policies.
9. Analytic Suppliers
In common with the comparable travel companies that use the internet we occasionally use your personal data to help Analytic Suppliers match relevant ads to you using the data analytics of those Analytic Suppliers. However, we only use the data in that way where you are a subscriber to the services of Analytic Suppliers and have therefore agreed to this service by acceding to the relevant Agreements of those Analytic Suppliers. Accordingly, we do not control the countries in which those Analytic Suppliers process data.
We mean by Analytic Suppliers companies such as: Facebook; Google; Twitter and Microsoft. Analytic Suppliers supply us with statistical information on how users interact with our website to help us improve our user experience.