We are committed to safeguarding the privacy of our clients under the General Data Protection Regulation (GDPR) – Regulation (EU) 2016/679, Transun Travel Limited has a legal duty to protect any personal information we collect from you. Transun Travel Limited of 1A Iffley Road, Oxford, OX4 1EA will act as Data Controller in all instances pertaining to the handling of your data.
PERSONAL INFORMATION WE COLLECT AND HOW WE USE IT
Transun does not capture or store any personal information given to us, except in circumstances provided in this policy. Personal information may be given to Transun in a variety of circumstances in order to carry out our business activities effectively. Such information may be provided to us in the following ways:
- You make a booking, enquiry, purchase or subscribe to a membership through our websites, or through our consultant teams by email, phone, letter, electronic form or in person;
- You make amendments or changes to a booking, enquiry or purchase as above;
- You consent and take part in a survey or provide us with feedback;
- You subscribe to our newsletter and travel updates;
- You enter one of our competitions;
- You accept cookie usage on one of our Websites or Digital Tools allowing us to track information about your computer or device, and your visits to and use of our services
- You send us any other information which is pertinent to the fulfilment of your travel booking, in particular this may extend to personal information about your family members or friends for holiday bookings
- You enquire or place a booking through your travel agent
- You have applied for a job vacancy
- In other forms of correspondence such as email, letter, and telephone which pertain to the activities of the business.
Telephone calls are recorded and monitored for quality and training purposes and these may contain personal information and are backed-up and stored for up to one year. All email correspondence is stored locally and backed-up and can be accessed for quality and regulatory purposes. Bookings and travel records are held for seven years after travel to comply with UK regulations. Travel profiles are held while you remain an active client/traveller, and can be reviewed at any time at the client’s request providing this does not prevent the company from carrying out its business activities.
Any marketing materials we send you will be sent to you by post or in electronic format or communicated by telephone. Should you wish to remove your details from our email marketing list, then you will need to follow the unsubscribe link at the bottom of our emails. Should you wish to opt-out of postal mailings, then please contact Transun via telephone, email or letter and we will change your preferences accordingly.
If you provide payment details to us to facilitate a travel booking, then this information is stored on secure, encrypted databases that comply with the Payment Card Industry (PCI-DSS) security standards and is only used for payment and accounting purposes.
SENSITIVE PERSONAL INFORMATION
If you wish, you may provide us with some special categories of Personal Information in order for Transun to provide you with a better standard of service. For example, when booking a flight or holiday with us you may provide us with information about your dietary or medical requirements, which may reveal details about your mental or physical health or condition. The provision of this information is entirely voluntary. If you do not consent to our processing of this type of Personal Information, we may be unable to provide you with certain goods and/or services that you wish to book.
Transun may use aggregate information and statistics for the purposes of monitoring Websites’ and Digital Tools’ usage, in order to help us develop our Websites and Digital Tools and our services and may provide such information in aggregate to third parties. These statistics and data will not include any information that can be used to identify any individual.
Additionally some or all of our Websites and Digital Tools use:
Facebook and Instagram - We use a Facebook ‘pixel’ to collect aggregated, anonymised data about the behaviour of our website visitors, in order to promote relevant adverts to them. The ‘pixel’ is a cookie that collects data about what webpages a visitor has been on, aggregates demographic data (e.g. age range, gender) and whether somebody who has visited our website via Facebook has gone on to make a ‘conversion’ (e.g. make an enquiry, request a brochure, sign up to our newsletter). Typically we use this data is to provide relevant adverts to our website visitors based on expressed holiday interests from browsing our website. At no point in time do we know the users’ identities when collecting the data and advertising to them.
Campaign Master - Campaign Master is an email marketing platform that we use to send our databases’ emails. We also use Campaign Master to email travel agents with news or occasional relevant information. We use a Campaign Master cookie on our website that tracks whether an individual who has been sent an email has proceeded to order a brochure or make an enquiry. It is possible to identify somebody who has opened one of our emails, including what they have clicked on. We use aggregated data to identify what was popular in any given email so we can better understand clients’ preferences. We also aggregate the data to provide more personalised emails based on a theme of interest. We never use the data to identify individual users’ preferences, only a collated dataset that is impartial.
Zolv – WTP CMS - All data captured is handled by Zolv in a data processor capacity and is stored in Microsoft Azure encrypted cloud based system. We have an extended validation SSL certificate (Secure Socket Layer), which means that the information you enter when making your booking is full encrypted and it’s impossible for anyone else to read this information. The green address bar or padlock icon on your web browser, which shows that you’re in a secure part of the website.
All data is collected, Google Analytics, Google and Bing AdWords, Facebook pixels, Campaign Master and Zolv WTP CMS is stored securely and is not shared with anybody outside the Transun company, unless expressly for the delivery of the business’ activities.
Transun will only hold your information for as long as it is necessary for the purpose for which it was collected. However, in line with our Data Security Policy, some regulatory bodies do require us to hold records for up to seven years after travel.
Save as stated below, your personal information is not disclosed to third parties unless this is indicated by our consultants, or is indicated on our Websites or Digital Tools and/or the relevant form at the point of collecting the information, or as required or allowed by law.
We may disclose your personal information to any member of our Group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 736 of the UK Companies Act 1985.
HOW WE PROTECT YOUR INFORMATION
At Transun, payment security is of paramount importance. To give you confidence, our online & telephone booking service uses industry-standard encryption technology to ensure that your credit or debit card transaction is secure.
Please note, however, that the transmission of information via the internet is never completely secure and, although we will take steps to protect your Personal Information, we cannot guarantee the security of your Personal Information transmitted via the Website – any transmission is therefore at your own risk.
All Transun employees and data processors, who have access to or are associated with the processing of personal information, are obliged to respect the confidentiality of that information. Access to our systems is secured by password. Should Transun receive any complaint, notice, request or communication which relates directly to the processing of your personal information by a third party supplier (whether travel principal or technology supplier) and the supplier’s compliance with Data Protection laws, we shall notify you as soon as possible of any breach or suspected breach of personal information.
Transun ensures that your personal information is not disclosed to government institutions and authorities, except if required or allowed by law.
Email security - All Transun outbound emails are encrypted, but please note that unless encrypted an email sent from you to us via the internet may not be secure and could be intercepted and read by someone else. Please keep this in mind when deciding whether to include personal information in any email you intend to send us.
Links - Our Websites and Digital Tools may contain links to and from other websites, including those of our suppliers. If you follow a link to any of these websites, please note that these websites will have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check external websites policies before you submit any personal information to these websites.
Data protection by design - Transun’s Data Protection Policy covers all new processes, technology and procedures introduced at Transun including Data Protection at the design stage.
Clients 16 and under - If you are aged 16 or under, please get your parent/guardian’s written permission sent to us before you provide personal information to Transun Website, Digital Tools or consultants. Clients/users aged 16 or under without this consent are not allowed to provide us with personal information.
ACCESSING YOUR PERSONAL INFORMATION AND DATA TRANSUN HOLDS ON YOU
Transun will process any personal information that it collects in accordance with the Data Protection Act 1998. If you wish to access personal information collected from you or you have an enquiry or concern regarding the processing of personal data by Transun, please make an individual information request to:
Customer.Services@transun.co.uk or write to our Data Protection Officer at Transun Travel, 1A Iffley Road, Oxford, OX4 1EA .
Under the Data Protection Act 1998 you can request a copy of your personal information. Transun will provide you with a legible copy of the personal information it holds and to which you are entitled. This will be sent to you within 30 days of your request. Please note Transun requires proof of your identity before supplying the information and may ask you for further information to assist in locating your personal information. Individual traveller requests are free of charge.
Your right to rectify - You can ask Transun to update your personal information if something is inaccurate or missing. You do not need to submit an information request to do this, simply send any changes by email or post to Transun.
Your right to restrict processing - If you think there is something wrong with the date being held about you, or you are unsure Transun is complying with the GDPR rules, you can restrict any further use of your personal information until the problem is resolved. However please note we will not be able to make any future travel bookings or provide tickets/documentation for imminent travels while such a restriction is in place.
Your right to erasure - From 25th May 2018 you have the right to erasure, which means after an individual data request, you may instruct Transun to erase the personal information we hold on you. Subject to there being no legal reasons to retain this information, Transun will erase the information within one month and provide you with a written confirmation of its erasure. In cases where we are required to keep travel records for legal or regulatory reasons or for the integrity of trend reporting, we may anonymise your personal information rather than erase it, but your information will be anonymised in a non-redactable way.
Your right to data portability - You can request a copy of your information by writing to the Data Protection Officer at Transun Travel, 1A Iffley Road, Oxford OX4 1EA. Your information will be provided via electronic media in a commonly used format which is compatible with other IT systems.
Your right not to be subject to automated decision making - Transun does not use automated decision making in any of its processes. Should this change, Transun will always provide an opt-out capability and will always review any objections within the GDPR framework.
For individual clients this information will be provided free of charge, although we reserve the right to charge for repeated or excessive requests.
Unless otherwise agreed, no delay, act or omission by us or you in exercising any right or remedy will be deemed a waiver of that, or any other, right or remedy.
This policy will be governed by and interpreted according to the laws of England and Wales. All disputes arising under this policy will be subject to the exclusive jurisdiction of the England and Wales courts.
Transun Travel Limited | May 2018