The GDPR Privacy Notice
West End Travel Ltd is the data controller and we are responsible for your personal data.
The new GDPR (General Data Protection Regulation) comes into effect on 25th May 2018 and will replace the Data Protection Act 1998.This new legislation has been introduced to protect and limit data which we hold about our clients. Everybody will have a number of “rights” including
The right to be informed – you have a right to know how your data will be used by the company. This information will be supplied with a month of your written request.
The right to access your personal data – you can ask the company to share with you the data we have about you!
The right to rectification – this just means you can update your data if it’s inaccurate or if something is missing.
The right to erasure – this means that you have the right to request that the company deletes any personal data we have about you.
The right to restrict processing – if you think there’s something wrong with the data being held about you, or you aren’t sure a company is complying to rules, you can restrict any further use of your data until the problem is resolved.
The right to object – you can object to the ways your data is being used. This should make it easier to avoid unwanted marketing communications and spam from third parties.
Who we are
West End Travel Ltd are travel agents and tour operators and our head office is shown at the top of this letter. You can contact our Data Protection Officer by mail or email to: david.kershman@westendtravel.co.uk
Your rights
You have the right to object to how we process your personal information. You also have the right to access, correct, sometimes delete and restrict the personal information we use. If you are not happy with any aspect of how we collect and use your data, you have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). However we would ask that you contact us first.
How we collect personal information
We only collect data from information that you, your family or employer have directly provided by telephone, email, fax or letter to enable us to carry out our services on your behalf.
What data do we hold.
- Identity Data includes your first name, last name, title and gender.
- Contact Data includes your billing address, email address and telephone numbers.
- Financial Data may include your credit card & bank account details.
- Transaction Data may include details about invoices & payments between us
- Technical Data may include your passport, date of birth, frequent flyers membership numbers & dietary requirements.
How we use your personal information
We use the personal information to enable us to book travel & accommodation facilities as you have requested and to be paid for the services as agreed. We may process your personal data without your knowledge or consent where this is required or permitted by law.
Our products and services
We provide air, train & other transportation methods together with accommodation & other facilities.
Sharing and transferring personal Information
We share personal information with our travel suppliers where required to provide you with the agreed service. We require all third parties to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the law. We only allow such third parties to process your personal data for specified purposes and in accordance with our instructions.
We would also share this information with law enforcement authorities, HM Revenue & Customs, regulators and other authorities based in the United Kingdom and other relevant jurisdictions who require reporting of processing activities in certain circumstances Sometimes we transfer personal information to other countries (according to where you are travelling to) outside the UK for travel purposes. We do not share or sell any data with any other type of organisation.
Keeping personal information
We keep your personal information secure in encrypted data files for as long as we need to for the purposes described. We have in place appropriate security measures & safeguards to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. We are fully PCI compliant. In addition, we limit access to your personal data to those employees & other third parties who have need to know of such data.
By law we have to keep financial information about our customers (including Invoices, Identity, and Transaction Data) for six years for tax purposes.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Your consent
Upon receipt of information from you, we assume that we have your consent to use this data to book the travel arrangements that you have requested and pass this onto the appropriate airline or travel principle.