Personal data relates to any living individual who can be identified from that data. As of May 25, 2018, in the European Union the processing of personal data is governed by the General Data Protection Regulation (GDPR).
We understand that your privacy is important to you and that you care about how your personal data is used and shared. We respect and value the privacy or everyone who comes into contact with la Concordia Personal Travel Planning LLP and will only collect and use personal data in ways that are described here, and in a manner that is consistent with our obligations and your rights under the law.
1. WHO WE ARE
“la Concordia”, “us” and “we” refer to la Concordia Personal Travel Planning LLP, a limited liability partnership registered in England with registration number OC374977 and registered office address: 11 Wolseley Place, Manchester, M20 3LR.
2. WHAT INFORMATION DO WE COLLECT
We collect and use (“process”) your personal data when you use our website, subscribe to mailing lists and when you contact us online and offline. This information includes:
- information relating to the travel arrangements we will be making on your behalf including destinations, countries and products you are interested in, information regarding you, your family and travel companion(s) such as names, dates of births, addresses, telephone details, emergency contacts, special service needs, passport information, insurance information, visa information, nationality, frequent flier program membership details, flight details (in the event that flights are not arranged by us) and country of residence. This information can include special category data (which is sometimes also referred to as “sensitive personal data”) such as information about disabilities or medical or dietary restrictions;
- information relating to your trip such as reviews, blogs, image or video uploads and feedback;
- financial data such as your bank account and payment card details;
- information about your preferences in receiving marketing communications from us and your communication preferences; and
- any other information that you voluntarily give us that is relevant to the work we will be performing for you.
3. HOW WE COLLCT AND STORE YOUR INFORMATION
We collect data about you through a variety of different methods including by post, phone, email or when you provide data by filling in forms on our website or by subscribing to our newsletter.
All the data you provide us with in relation to your trip (or potential trip or other services we provide for you) is collected securely in our database and is only accessible by us. We will also retain all email correspondence with you.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know such data. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
Although our website and communications may contain links to other websites, we are not the owners of these sites, and therefore are not responsible for the privacy practices of such sites.
4. HOW WE USE YOUR PERSONAL DATA
We will only use your personal data when legally permitted. The most common uses of your personal data are:
- to enable us to supply our services to you which include researching, planning and tailoring travel arrangements for you and your travel companions;
- to book the travel services you have requested us to book, through our travel partners globally;
- to book flights on your behalf and on behalf of your travel companions;
- to send you travel related documentation such as booking confirmations;
- replying to emails from you;
- to send you newsletters that you have opted into (you may unsubscribe or opt-out at any time by clicking on “Unsubscribe” in the email);
- to maintain our records and audit our business;
- to comply with legal or regulatory obligations;
- to retain factual information which can be relevant to resolving disputes; and
- to prevent and to assist in the detection of crime.
With your permission and where permitted by law, we may also use your data for marketing purposes which may include contacting you by email, telephone or post with information, news and events on our services. We will not, however, send you any unsolicited marketing or spam and will take all reasonable steps to ensure that we fully protect your rights and comply with our obligations under the GDPR and the Privacy and Electronic Communications (EC Directive) Regulations 2003.
5. CHANGE OF PURPOSE
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to find out more about how the processing for the new purpose is compatible with the original purpose, please email us at email@example.com.
If we need to use your personal data for a purpose unrelated to the purpose for which we collected the data, we will notify you and we will explain the legal ground of processing.
We may process your personal data without your knowledge or consent where this is required or permitted by law.
6. WHO ELSE MAY SEE YOUR DATA
We may share your information, only to the extent that such sharing is necessary for achieving the purposes listed in section 4 above, with the following third parties:
- Our global travel partners for the purpose of providing our services to you, namely local ground operators, airlines, hoteliers, transport companies, car hire companies and other travel companies involved in delivering the services we provide to you. Some of your details may need to be passed to our partners and individuals outside the EU where less stringent data protection controls may be in place. We will not pass on your details to third parties for any other purposes.
- Cloud storage providers for storage of electronic documents and information, including Dropbox.
- Delivery companies for the purpose of delivering documents related to your travel arrangements, such as couriers and the Royal Mail.
- Competent authorities in jurisdictions you may be travelling to where this is required to comply with applicable laws and regulations. Advanced Passenger Information (API) is required by many countries prior to arrival (or departure). API information includes personal identity information such as name, passport details, visa information, nationality, transit and destination data. Airlines and transport companies are required to transmit this information by law and data entry is requested at the time of ticket issue. To comply with these regulations we pass the relevant information to the transport companies who transmit the information to the relevant authorities.
- Law enforcement or fraud prevention agencies, as well as our legal advisers, courts and any other authorised bodies for the purposes of investigating any actual or suspected criminal activity or other regulatory or legal matters, and to ensure the safety of others and the property of others.
- Our legal advisors and the courts for the purpose of enforcing our rights.
7. DATA RETENTION
We will only retain your personal data for as long as is necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
By law, we have to keep basic information about our customers (including contact, identity, financial and transaction data) for six years after they cease being clients for tax purposes.
8. YOUR LEGAL RIGHTS
You have the right to withdraw your consent to us using your personal data at any time and to request that we delete it by emailing us at firstname.lastname@example.org.
Under certain circumstances, you also may have rights under data protection laws in relation to your personal data. You can see more about these rights at: