MIDAS Travel Management – Site Privacy Policy

 
22nd May 2018

OUR COMMITMENT

MIDAS Travel Management (‘we’ or ‘us’ or ‘our’) are committed to ensuring the security and protection of the personal information that we process for visitors to our online site(s), and to provide a compliant and consistent approach to data protection. We recognise our obligations in updating and expanding this program to meet any changing demands of the General Data Protection Regulation (GDPR) and the UK’s Data Protection Bill.

MIDAS Travel Management collect and process different forms of data based on the services used. The below policy directly relates to our online site(s). A copy of our Client Privacy Policy has been provided to the relevant key contacts with companies we provide travel services for. It is our standard practice that all clients wishing to utilise our travel services will be provided with a copy of the Client Privacy Policy prior to the final agreement and always upon request.

If you would like a copy of our Client Privacy Policy or have further question on this or the site policy, please send a request to our Customer Services Team cst@midas-travel.com

Plese refer to the Cookie Policy, Detail and Options section towards the end of this document for all information on our site’s Cookies.

The Privacy Policy stated below pertains to all pages and MIDAS Travel owned online environments from the domain www.midas-travel.com

1. WHAT INFORMATION DO WE COLLECT FROM YOU?

We may collect information about you in a variety of ways including on our Sites and social media channels:

Personal Data

Personally, identifiable information, such as your name, postal address, email address, telephone number, and demographic information, such as your age, gender, hometown, and interests (business or personal), when you choose to complete out online Contact form, such as our events. You are under no obligation to provide us with personal information of any kind, however your refusal to do so may prevent you from using certain features of our Sites.

Technical Data

Information our servers automatically collect when you access our Sites, such as your IP address, your browser type, your operating system, your access times, the device you are using to view our Sites on, and the pages you have viewed directly before and after accessing our Sites.

Data from Contests, Giveaways, and Surveys and Social Media

Personal and other information you may provide when entering contact forms, contests or giveaways and/or responding to surveys or interacting with our public or private social media channels.

2. WHY DO WE COLLECT THIS INFORMATION?

Having accurate information about you permits us to provide you with a smooth, efficient, and customised experience. Specifically, we may use the information collected about you to:

• Compile anonymous statistical data and analysis for use internally.
• Deliver targeted advertising, newsletters, promotions and other information regarding our Sites, and business practices to you.
• Email you regarding your interest shown from visiting out site(s) or relevant travel industry information.
• Send you relevant newsletters.
• Send you relevant communications by post to your given address.
• Contact you by SMS about relevant information.
• Generate a personal profile about you to make future visits to our Sites more personalised.
• Increase the efficiency and operation of our Sites.
• Monitor and analyse usage and trends to improve your experience of our Sites.
• Notify you of updates to our Sites.
• Offer information on relevant new products, services, and/or recommendations to you.
• Perform other business activities as needed.
• Request feedback and contact you about your use of our Site(s).
• Respond to product and customer service requests.

3. WHAT DO WE DO WITH YOUR INFORMATION?

We may process, use or share information we have collected about you in certain situations.

We do not share your information with any other companies, nor do we sell your data to any companies. We take care to ensure any providers we select to work with comply with the GDPR.

In the unlikely event that we need to transfer your data outside of the European Union, we will ensure the organisation receiving the data has adequate safeguards in place that comply with the most up to date UK privacy laws, that individuals’ rights are enforceable and effective legal remedies for individuals are available following the transfer.

Furthermore, your information may be processed and disclosed as follows:

When There is a Suitable Legitimate Interest

In certain circumstances we may process or share your personal information and contact you without your consent if we can identify a Legitimate Interest to do so. The interest may be for our, yours, third parties or others benefit. If we choose to process your information in this way, we will carry out a suitable test to ensure it is the appropriate lawful basis for processing your personal information, and it does not infringe your rights and freedoms. We will inform you if we intend to process your information in this way and provide a simple method for you to opt-out of the communication if you wish to do so.

By Law or to Protect Rights

If we believe the release of information about you or your business is necessary to respond to legal process, to investigate or remedy potential violations of our policies, or to protect the rights, property, and safety of others, we may share your information as permitted or required by any applicable law, rule or regulation. This includes exchanging information with other entities or fraud protection and credit risk reduction.

4. THIRD PARTY WEBSITES

Our Sites may contain links to third-party websites and applications of interest, including advertisements and external services, that may or may not be affiliated to us. Once you have used these links to leave our Sites, any information you provide to these third-parties is not covered by this Privacy Policy, and we cannot guarantee the safety and privacy of your information. Before visiting and providing information to any third-party websites, you should inform yourself of the privacy policies and practices (if any) of the third party responsible for that website, and should take those steps necessary to, in your discretion, protect the privacy of your information. We are not responsible for the content or privacy and security practices and policies of any third parties, including other sites, services or applications that may be linked to or from our Sites.

5. HOW SECURE IS THE INFORMATION WE HOLD ON YOU?

We work hard to protect our users from unauthorised access to or unauthorised alteration, disclosure or destruction of information that we hold. In particular:

• We encrypt many of our services, using for example SSL.
• We review our information collection, storage, and processing practices, including physical security measures, to guard against unauthorised access to systems, and in line with the General Data Protection Regulation and Privacy and Electronic Communications Regulations.
• We review the types of information we hold, the reasons we hold it, and how long we hold it for and ensure our processes for doing this comply with the most up to date data privacy laws.
• We restrict access to personal information to MIDAS Travel’s employees, contractors and agents who need to know that information in order to process it for us and who are subject to strict contractual confidentiality obligations. They may be disciplined or their contract terminated if they fail to meet these obligations.

Whilst we take have taken reasonable steps to secure the personal information you provide to us, please be aware that despite our efforts, no security measures are perfect or impenetrable, and no method of data transmission can be guaranteed against interception or other type of misuse. Any information disclosed online is vulnerable to interception and misuse by unauthorised parties. Therefore, we cannot guarantee complete security if you provide personal information to us.

6. HOW WE USE YOUR DATA ON OUR WEBSITES?

Cookies

We may use cookies, tracking pixels, and other tracking technologies on our Sites to help customise our Sites and improve your experience. For more information on how we use cookies, please refer to our Cookie Policy towards the end of this document, which is incorporated into this Privacy Policy. By using our Sites, you agree to be bound by our Cookie Policy. We will ask for your consent to our use of cookies in accordance with our Cookie Policy when you first visit our site.

Website Analytics

We may also partner with selected third-party vendors, such as Google Analytics, to allow tracking technologies and remarketing services on our Sites through the use of first party cookies and third-party cookies, to, among other things, analyse and track users’ use of our Sites, determine the popularity of certain content and better understand online activity.

You should be aware that getting a new computer, installing a new browser, upgrading an existing browser, or erasing or otherwise altering your browser’s cookies files may also clear certain opt-out in/out cookies, plug-ins, or settings.

Controls for Do-Not-Track Features

Most web browsers and some mobile operating systems include a Do-Not-Track (“DNT”) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected.

No uniform technology standard for recognising and implementing DNT signals has been finalised.

As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this Privacy Policy.

7. HOW LONG DO WE KEEP YOUR INFORMATION?

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

8. POLICY FOR CHILDREN

We do not knowingly solicit information from or market to children under the age of 13. If you become aware of any data we have collected from children under the age of 13, please contact us using the contact information provided below.

9. THE OPTIONS YOU HAVE REGARDING YOUR INFORMATION

You may at any time review, change, request to see or request for the information to be deleted or transferred to a third party, that we hold on you. We will deal with your request in accordance with either the EU General Data Protection Regulation or the statutory UK law relating to Data Protection, whichever is enforced in the United Kingdom and its territories at the time of your request.

We are committed to upholding your full rights contained in the GDPR, which include:

• Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
• Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
• Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
• Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
• Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
• Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
• Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

To make a request regarding your personal data, or for more information, please contact us using the information provided below.

However, if you request for your information to be deleted, we may be required to retain certain information to prevent fraud, troubleshoot problems, assist with any investigations, enforce our Terms of Use and/or comply with legal requirements.

Emails and communications

If you no longer wish to receive correspondence, emails or other communications from us, you may opt-out by:

• Clicking on the email link on all email communications we send to you
• Contacting us using the contact information provided below

If you no longer wish to receive correspondence, emails, or other communications from third parties, you are responsible for contacting the third party directly.

10. COMPLIANCE AND COOPERATION WITH REGULATORY AUTHORITIES

We regularly review our compliance with our Privacy Policy. We also adhere to all UK data laws including, the EU General Data Protection Regulation (GDPR); and the Privacy and Electronic Communications Regulations (PECR) (as may be amended from time to time).

When we receive formal written complaints, we will contact the person who made the complaint to follow up. We work with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the transfer of personal data that we cannot resolve with our users directly.

11. CONTACT US

If you have questions or comments about this Privacy Policy, please contact us in writing at:

Customer Services Team

MIDAS Travel Management Ltd., 2 Foubert’s Place, London W1F 7PA

Phone: 020 7440 5300

Or by email to: cst@midas-travel.com

YOUR RIGHT TO COMPLAIN TO THE ICO

If you are not satisfied with our use of your personal data, or our response to any request you send to us to exercise any of your rights, then you have the right to complain to the Information Commissioners Office:

Information Commissioners Office

Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

Phone: 0303 123 1113

Or by email to: casework@ico.org.uk

COOKIE POLICY, DETAILS AND OPTIONS