22nd May 2018
MIDAS Travel Management (‘we’ or ‘us’ or ‘our’) are committed to ensuring the security and protection of the personal information that we process for visitors to our online site(s), and to provide a compliant and consistent approach to data protection. We recognise our obligations in updating and expanding this program to meet any changing demands of the General Data Protection Regulation (GDPR) and the UK’s Data Protection Bill.
- WHAT INFORMATION DO WE COLLECT FROM YOU?
We may collect information about you in a variety of ways including on our Sites and social media channels:
Personally, identifiable information, such as your name, postal address, email address, telephone number, and demographic information, such as your age, gender, hometown, and interests (business or personal), when you choose to complete out online Contact form, such as our events. You are under no obligation to provide us with personal information of any kind, however your refusal to do so may prevent you from using certain features of our Sites.
Information our servers automatically collect when you access our Sites, such as your IP address, your browser type, your operating system, your access times, the device you are using to view our Sites on, and the pages you have viewed directly before and after accessing our Sites.
Data from Contests, Giveaways, and Surveys and Social Media
Personal and other information you may provide when entering contact forms, contests or giveaways and/or responding to surveys or interacting with our public or private social media channels.
- WHY DO WE COLLECT THIS INFORMATION?
Having accurate information about you permits us to provide you with a smooth, efficient, and customised experience. Specifically, we may use the information collected about you to:
- Compile anonymous statistical data and analysis for use internally.
- Deliver targeted advertising, newsletters, promotions and other information regarding our Sites, and business practices to you.
- Email you regarding your interest shown from visiting out site(s) or relevant travel industry information.
- Send you relevant newsletters.
- Send you relevant communications by post to your given address.
- Contact you by SMS about relevant information.
- Generate a personal profile about you to make future visits to our Sites more personalised.
- Increase the efficiency and operation of our Sites.
- Monitor and analyse usage and trends to improve your experience of our Sites.
- Notify you of updates to our Sites.
- Offer information on relevant new products, services, and/or recommendations to you.
- Perform other business activities as needed.
- Request feedback and contact you about your use of our Site(s).
- Respond to product and customer service requests.
- WHAT DO WE DO WITH YOUR INFORMATION?
We may process, use or share information we have collected about you in certain situations.
We do not share your information with any other companies, nor do we sell your data to any companies. We take care to ensure any providers we select to work with comply with the GDPR.
In the unlikely event that we need to transfer your data outside of the European Union, we will ensure the organisation receiving the data has adequate safeguards in place that comply with the most up to date UK privacy laws, that individuals’ rights are enforceable and effective legal remedies for individuals are available following the transfer.
Furthermore, your information may be processed and disclosed as follows:
When There is a Suitable Legitimate Interest
In certain circumstances we may process or share your personal information and contact you without your consent if we can identify a Legitimate Interest to do so. The interest may be for our, yours, third parties or others benefit. If we choose to process your information in this way, we will carry out a suitable test to ensure it is the appropriate lawful basis for processing your personal information, and it does not infringe your rights and freedoms. We will inform you if we intend to process your information in this way and provide a simple method for you to opt-out of the communication if you wish to do so.
By Law or to Protect Rights
If we believe the release of information about you or your business is necessary to respond to legal process, to investigate or remedy potential violations of our policies, or to protect the rights, property, and safety of others, we may share your information as permitted or required by any applicable law, rule or regulation. This includes exchanging information with other entities or fraud protection and credit risk reduction.
- THIRD PARTY WEBSITES
- HOW SECURE IS THE INFORMATION WE HOLD ON YOU?
We work hard to protect our users from unauthorised access to or unauthorised alteration, disclosure or destruction of information that we hold. In particular:
- We encrypt many of our services, using for example SSL.
- We review our information collection, storage, and processing practices, including physical security measures, to guard against unauthorised access to systems, and in line with the General Data Protection Regulation and Privacy and Electronic Communications Regulations.
- We review the types of information we hold, the reasons we hold it, and how long we hold it for and ensure our processes for doing this comply with the most up to date data privacy laws.
- We restrict access to personal information to MIDAS Travel’s employees, contractors and agents who need to know that information in order to process it for us and who are subject to strict contractual confidentiality obligations. They may be disciplined or their contract terminated if they fail to meet these obligations.
Whilst we take have taken reasonable steps to secure the personal information you provide to us, please be aware that despite our efforts, no security measures are perfect or impenetrable, and no method of data transmission can be guaranteed against interception or other type of misuse. Any information disclosed online is vulnerable to interception and misuse by unauthorised parties. Therefore, we cannot guarantee complete security if you provide personal information to us.
- HOW WE USE YOUR DATA ON OUR WEBSITES?
We may also partner with selected third-party vendors, such as Google Analytics, to allow tracking technologies and remarketing services on our Sites through the use of first party cookies and third-party cookies, to, among other things, analyse and track users’ use of our Sites, determine the popularity of certain content and better understand online activity.
You should be aware that getting a new computer, installing a new browser, upgrading an existing browser, or erasing or otherwise altering your browser’s cookies files may also clear certain opt-out in/out cookies, plug-ins, or settings.
Controls for Do-Not-Track Features
Most web browsers and some mobile operating systems include a Do-Not-Track (“DNT”) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected.
No uniform technology standard for recognising and implementing DNT signals has been finalised.
- HOW LONG DO WE KEEP YOUR INFORMATION?
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
- POLICY FOR CHILDREN
We do not knowingly solicit information from or market to children under the age of 13. If you become aware of any data we have collected from children under the age of 13, please contact us using the contact information provided below.
- THE OPTIONS YOU HAVE REGARDING YOUR INFORMATION
You may at any time review, change, request to see or request for the information to be deleted or transferred to a third party, that we hold on you. We will deal with your request in accordance with either the EU General Data Protection Regulation or the statutory UK law relating to Data Protection, whichever is enforced in the United Kingdom and its territories at the time of your request.
We are committed to upholding your full rights contained in the GDPR, which include:
- Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
- Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
- Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
- Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
- Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
To make a request regarding your personal data, or for more information, please contact us using the information provided below.
Emails and communications
If you no longer wish to receive correspondence, emails or other communications from us, you may opt-out by:
- Clicking on the email link on all email communications we send to you
- Contacting us using the contact information provided below
If you no longer wish to receive correspondence, emails, or other communications from third parties, you are responsible for contacting the third party directly.
- COMPLIANCE AND COOPERATION WITH REGULATORY AUTHORITIES
When we receive formal written complaints, we will contact the person who made the complaint to follow up. We work with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the transfer of personal data that we cannot resolve with our users directly.
- CONTACT US
Customer Services Team
MIDAS Travel Management Ltd., 2 Foubert’s Place, London W1F 7PA
Phone: 020 7440 5300
Or by email to: email@example.com
YOUR RIGHT TO COMPLAIN TO THE ICO
If you are not satisfied with our use of your personal data, or our response to any request you send to us to exercise any of your rights, then you have the right to complain to the Information Commissioners Office:
Information Commissioners Office
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Phone: 0303 123 1113
Or by email to: firstname.lastname@example.org