Privacy Policy
We understand Data Privacy and the Security of Personal Data is a sensitive area and has become even more important with the latest General Data Protection Regulation (GDPR) legislation. This website is operated by Julian Slatter T/A Flight Bureau. Flight Bureau acts as an authorised agent of Avocet Travel Management Limited, registered in England 05984005, registered office: Suite 26 Chessington Business Centre, Cox Lane, Chessington, Surrey, England, KT9 1SD (represented on the website as “flightbureau.co.uk”,"we").
This Policy has been updated to cover how we collect, use, disclose, transfer and store personal information, informing our clients of their rights over their Personal Data.
This policy applies when our clients use our online services, by telephone or otherwise by using electronic means interacting with our websites, email or social media channels.
Overview
We are collecting your personal information for the purposes of booking the travel services that you request. This information, including any information about any health or medical issues that you tell us about and your passport details, will be sent to suppliers who will be providing your travel services. These suppliers may be based outside the EU where the protection of personal data may not be as strong as it is in the EU.
If you are making this booking on behalf of other people, please confirm that you have their consent to pass their personal details to us and for us to pass them on to suppliers who will be providing their travel services.
We may also use your details to notify you of travel offers that we think might be of interest to you. Please say if you do not wish to receive such offers.
By giving your consent you agree to us passing on your personal details for the purposes of your booking.
What do we collect & process, and why?
Personal Data
Personal Data we collect is limited to what is necessary to conduct travel bookings and includes name, date of birth, mailing address, contact telephone numbers, email address, contact preferences, passport details.
When you make a booking, depending on the arrangements you ask us to make, we will ask if you have special requirements, such as dietary, medical/health conditions, to ensure that your particular needs in relation to a booking are met.
Non-Personal Data
We additionally collect data that does not on its own make direct associations possible with users of our systems and services. This is considered ‘Non-Personal Data’.
We use the non-personally identifiable information we collect, including data collected by cookies, to track user trends, to provide you with a tailored experience and to improve the quality of our services. We may also use cookies to help speed up your future activities or to improve your user experience by remembering the information that you have already provided to us. If you have submitted personally identifiable information, then we may combine this information with the non-personally identifiable information that we collect in order to further enhance the service that we provide.
We make every practical effort to avoid excessive or irrelevant collection of data. If you believe the Site has collected excessive information, we encourage you to contact us at mailto:enquires@avocettm.co.uk
How we use your Personal Data:
We use the Personal Data we collect and process it, either because it is necessary for us to do so as part of the services we provide to you due to having entered into a contract with us or because we have a legitimate business reason for doing so.
A) Activities carried out in order to provide the services you have entered into a contract with us for, are the following:
Managing your booking internally, communicating your booking with external suppliers such as airlines, hotels, car rental companies, consulates and transfer companies to ensure that the services you requested are arranged, including the issuing of visas.
Communicating with you regarding your requested booking, including sending booking information and travel documents necessary for you to travel.
Assisting you or arranging for assistance to be provided to you by third parties in the event of an incident or health emergency which is in your vital interests.
B) Activities carried out on the basis of our legitimate interests as a business which you employ to provide your travel arrangement services, are the following:
1. The improvement of the customer experience using our services
2. The protection of our business against financial loss for payment card and booking verification
3. The promotion of our business, improving our products and services by:
• Sending marketing correspondence which you will only receive if you opt-in to and grant your permission for us to contact you about products and services like those that you have previously bought from us
• Contacting you if you make any enquiries on our website
• Inviting you to take part in customer surveys to improve our service offering to you
4. The resolution of complaints, dealing with disputes and legal proceedings which may include contacting you if we need to resolve any issues you may be experiencing or have experienced with a booking or other purchased service we have provided.
Which countries and who will your Personal Data be sent to?
We operate data centres within the European Economic Area (EEA). However, your Personal Data is held on a combination of EEA-based systems, the systems of the suppliers we use to provide our services (e.g. airlines, border controls) and ultimately the providers of the services you select such as a hotel, a taxi transfer service, etc. Some of these third parties which may be based outside the EEA may not be subject to the same level of controls in relation to data protection as we have in the UK and the EEA.
How do we choose our service providers for you?
We carefully select and source third party suppliers that are required to receive your Personal Data in order to deliver the travel services offered to you.
We ensure that our vendors are reputable suppliers, in particular:
• Without a known history of data protection breaches
• With credible data protection policies/practices to ensure the integrity and safety of the data
• With a policy of using the data only for the delivery of the contractually agreed Service.
Protection of Personal Information & Security
We acknowledge that the Information Security and the protection of our clients’ Personal Data is an ongoing commitment and will continue to evolve in complexity, as do threats. As a result, we have taken significant technical steps to ensure we are compliant with the DPA (Data Protection Act) and GDPR frameworks through an extensive GDPR-readiness program.
Legal and Governmental Authorities
When we are requested to provide Personal Data by law, legal process, litigation and/or requests from governmental authorities within or outside the clients’ country of residence, we will be obliged to comply and proceed with providing your Personal Data.
How long do we keep your Personal Data?
We retain your Personal Data for the period necessary to fulfil your booked travel arrangements except in cases when a longer retention period is required by law or other legal obligation. We will only hold the minimum necessary data to provide the services you have requested us to provide and we will do so for no longer than 24 months after the last booking has been completed. Should we be operating with you through a client contract and that is terminated, your data will not be kept for longer than 12 months. A period of up to 12 months post-contract termination is acceptable to cater for bookings which are made for up to 12 months in advance.
What are your rights as to your personal date?
Accessing it & requesting a copy
As entitled by the GDPR, as our clients, you have the right to request and receive a copy of your Personal Data in a user-friendly format.
Asking for it to be deleted – “Right to be forgotten”
You are also entitled to request the erasure of your personal data, exercising your “Right to be Forgotten”. It must be noted, however, that when travel is booked through an organisation (e.g. a University) with which we have a contract, all such requests can be actioned only when approved by the client organisation which acts as the Data Controller.
Note: We have the option to refuse such requests if they impact its ability to provide the contracted services to the organisation which the traveller belongs to or if there is a legal requirement to maintain the data. If either of these scenarios is enacted, we will work with the Data Controller towards resolution.
Withdrawing your consent
At any given point in time, you have the right to withdraw your consent for us to use your Personal Data when providing our services to you. As before, when travel is booked through an organisation (e.g. a University) with which we have a contract, all such requests can be actioned only when approved by the client organisation which acts as the Data Controller.
Changes in Our Policy
We reserve the right to change or remove this Privacy Policy at our discretion. If we decide to change our Privacy Policy, we will post those changes here. We encourage you to visit this area frequently to stay informed. If there is any material change in the type of personally identifiable information we collect, we will obtain your permission before we attempt to collect the additional personal information. We will not make any changes that allow us to give personal information to a third party without obtaining permission from you first.
How to Contact Us?
Any communications relating to data access requests or the withdrawal of your consent can be made in writing to:
GDPR Requests
Flight Bureau (a member of Avocet Travel Management)
277 Guardwell Crescent
Edinburgh
EH17 7SL
Alternatively, you may contact us by e-mail here.