Using your personal Information
We at OTD understand and respect the importance of your privacy and we are committed to safeguarding your personal information. In providing our service to you, we must collect personal information from you and make subsequent use of it as detailed below.
We will only collect personal information from you by specifically asking for it:-
- When you buy a ticket from us over the telephone or via our internet booking facilities.
- When you register with us for newsletters, email updates, enter competitions or take part in surveys and customer feedback.
- When you write, fax, telephone or email us to make an enquiry.
WHAT INFORMATION WILL WE COLLECT?
We may collect all or some of the following information relating to you or other members of your travelling party:-
- names and contact details
- credit/ debit card or other payment details (these are encrypted on entry for your security)
- special requirements such as those relating to any disability or medical condition which may affect the chosen purchase
- dietary restrictions (which may disclose your religious beliefs)
- travel preferences
Some of the information we collect (such as about health or religion) will only be collected on the condition that we have your positive consent to its use. We will seek this consent when necessary. We will update your information whenever we get the opportunity to keep it current, accurate and complete.
WHAT WILL WE DO WITH IT?
(1) For the purpose of providing you with our services, we may disclose the information to the providers of the services making up your holiday arrangements (who could be located outside the UK/EEA). Only information necessary for this purpose will be disclosed.
(2) It may be mandatory (as requested government authorities) when you buy services to take place overseas to disclose your information for immigration, security and anti-terrorism purposes, or any other purposes which they determine appropriate. Even if not mandatory, we may exercise our discretion to assist where appropriate.
(3) We may need to disclose our customer list including any personal information relating to you to a third party who acquires or attempts to acquire all or substantially all of the asset/ stock in our company or our website.
(5) We may also disclose information to organisations who act as “data processors” on our behalf, or to other organisations who perform business functions on our behalf, some of whom are outside the UK/EEA. These functions include administration, providing services (and contacting you where necessary), customer care, business management and operation, re-organisation/structuring/sale of our business (or our group companies), risk assessment, security and crime prevention/detection, research and analysis, marketing, monitoring, measuring and assessing customer purchasing preferences and trends, dispute resolution, credit checking and debt collection.
(6) We may from time to time contact you with information about special offers, brochures, new products, forthcoming events or competitions. You will be given the opportunity on every communication we send you to indicate that you do not wish to receive our promotional material. Alternatively, if do not wish to receive such information, you may ask us in writing not to receive it.
(7) You may indicate your preference to/not to receive direct marketing material in the relevant opt-in/out boxes or be asked the same by our staff at the time you first supplied us your information (or at the earliest opportunity). 171
(8) We collect information relating to customer trends and patterns. This information is often used in its aggregate form. We, including our other brands, may disclose aggregate statistics about enquiries made, visitors, customers and sales in order to describe our services to prospective partners, purchasers, advertisers and other reputable third parties and for other lawful purposes. No personally identifying information is disclosed.
OUR SECURITY POLICY
We have taken all reasonable steps to have appropriate security measures in place to protect your information. Outside the European Economic Area, controls on data protection may not be as wide as the legal requirements in this country. The transmission of information via the internet is never completely secure. We exclude our liability for personal data lost in transmission to the website.
All sensitive information, including your personal details and credit card information, is kept confidential through the use of a secure socket layer (SSL). This means that information can only be exchanged between you and OTD, and that no third party can access this data. The padlock symbol on your browser shows which pages are covered by this security system.
WHAT CAN I DO?
If you do not agree to our use of the information as set out above, you should inform us as soon as possible by writing to us at:-
OTD, 171E Wingate Square, London, SW4 0AN
You may ask us in writing for a copy of the information we hold about you (for which we may charge a fee) and to correct any inaccuracies in your information. We aim to respond to you within 21 days from the date of request. You have the right to ask in writing not to receive direct marketing material about our products.
To ensure that we carry out your instructions accurately, to help improve our service and in the interest of security, we may monitor and/or record: (1) your telephone calls; and (2) customer transactions and activities on our website. All recordings are and shall remain our sole property.
UPDATES AND CHANGES
Any changes to this Policy will be either posted on our website, made available on request or supplied with your next booking with us. We will strive to ensure our practices comply with the most current available version of this Policy.
LINKS TO OTHER WEBSITES
Our website(s) may contain links to other sites not controlled by us. (1) These sites may send you cookies and collect data and personal information. We are not responsible for the actions, content or the privacy policies of those websites to which our website(s) may link. It is your responsibility to check the status of these sites.
Our commitment to GDPR
What is GDPR?
The General Data Protection Regulation (GDPR) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to reinforce data protection for everyone within the European Union. It defines new laws based on a set of principles that businesses which handle personal data of EU citizens must follow.
The major principles of GDPR require that personal data should be:
1. Processed lawfully, fairly and in a transparent manner in relation to individuals.
2. Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes.
3. Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
4. Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay.
5. Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals.
6. Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
What are we actually doing?
We take data security and privacy of our customers extremely seriously. We are constantly reviewing our systems and processes to ensure we abide by the GDPR principles. This is not limited to, but involves new policies and procedures for the following:
1. Internal access and permissions to view/edit data
2. Encryption of data in rest, transit and backup
3. Customer consent
4. Data minimisation and quality
5. Customer requests for rectification, portability or deletion
6. Network security
7. Breech notification
We hope that you won’t ever need to, but if you do want to complain about our use of personal data, please send an email with the details of your complaint to email@example.com. You also have the right to lodge a complaint with the UK data protection regulator, the Information Commissioner's Office (“ICO”). For further information on your rights and how to complain to the ICO, please refer to the ICO website https://ico.org.uk/concerns