Privacy Policy

When you share your personal, or business, information with Travel Vogue Ltd, you trust us with your information. We are committed to protecting and respecting your privacy and take this trust very seriously.

The purpose of this Privacy Policy is to explain how we collect, use, disclose and safeguard your information, through you accessing our website, making a travel enquiry with us, or a travel booking. It is also intended to advise you of the choices you have regarding our use of your information and how you can correct that information.

Using or accessing our website, giving your explicit consent either in writing or verbally, or by agreeing to our booking conditions, indicates your acceptance of this Privacy Policy and of any changes to it.

We may change this Privacy Policy at any time, and for any reason. We will alert you about any changes by updating the “Revised” date of this Privacy Policy. Any changes or modifications will be effective immediately upon posting the updated Privacy Policy on our website, and you waive the right to receive specific notice of each such change or modification. You are encouraged to periodically review this Privacy Policy to stay informed of updates. You will be deemed to have been made aware of, will be subject to, and will be deemed to have accepted the changes in any revised Privacy Policy by your continued use of our website after the date such revised Privacy Policy is posted.

For the purpose of the General Data Protection Regulation (GDPR) and EU Privacy and Electronic Communications Regulations (PECR), our registration number is ZA066436. We are registered with the Information Commissioners Office as a business who processes personal data, and abide by their code of conduct.

For ease of navigation, these are the sections covered in this Privacy Policy:

1. WHO WE ARE

2. WHAT INFORMATION DO WE COLLECT FROM YOU?

3. WHY DO WE COLLECT THIS INFORMATION?

4. HOW WE USE YOUR PERSONAL INFORMATION

5. OTHER

6. POLICY FOR CHILDREN

7. THE OPTIONS YOU HAVE REGARDING YOUR INFORMATION

8. UNSUBSCRIBE FROM COMMUNICATIONS

9. HOW WE PROTECT YOUR INFORMATION

10. COMPLIANCE AND COOPERATION WITH REGULATORY AUTHORITIES

11. CONTACT US

12. YOUR RIGHT TO COMPLAIN TO THE ICO

13. DOLPHIN DYNAMICS & DOLPHINANYWHERE HOSTING

1. WHO WE ARE

We are Travel Vogue Ltd, 15 The Parade, Wrotham Road, Meopham. Kent. DA13 0JL. Our registered office is: 15 The Parade, Wrotham Road, Meopham. Kent. DA13 0JL and our company number is 02857123.

2. WHAT INFORMATION DO WE COLLECT FROM YOU?

We may collect information about you in a variety of ways including on our website, when you make a travel enquiry or a travel booking, through our social media channels, at our events, through competitions or prize draws we run, and via other forms of communication including email and direct mail.

The information we collect may include:

If you subscribe to join our mailing list we will ask for information that may include your name, postal address, email address, telephone number, age, gender, occupation, details of holiday habits and details you are interested in receiving further information on.

In addition, when you make a travel enquiry or booking, information gathered may include credit/debit card details or bank details, passport numbers of people travelling, visa information, health information and other personal data.

Occasionally, we may offer visitors to our websites an opportunity to participate in a survey or competition. We may also run competitions and surveys in magazines, newspapers, radio, television, by direct mail, with third parties including on their websites and on other similar media. Information collected by Travel Vogue Ltd when you participate may include your full name, age, postal address, email address and telephone number.

Some of our marketing activity may include a ‘recommend a friend’ promotion. In this case your details may be provided to us by somebody who knows you. The person who has passed your details onto Travel Vogue Ltd for this activity will need to advise you and have your permission to send your personal details to us. Your personal information will be handled in the way as detailed in this privacy policy.

By accessing our website and social media channels, our servers may also collect derivative data about you, such as your IP address, your browser type, your operating system, your access times, the device you are using to view our sites on, and the pages you have viewed directly before and after accessing our sites.

3. WHY DO WE COLLECT THIS INFORMATION?

Having accurate information about you permits us to provide you with a smooth, efficient, and customised experience. Specifically, we may use the information collected about you to:

  • Facilitate, fulfil and manage your travel booking, including liaising with third party suppliers such as airlines, tour operators and ancillary travel product providers.
  • Notify you about updates and changes regarding your travel arrangements.
  • Provide you with a tailored travel quotation.
  • Compile anonymous statistical data and analysis for use internally.
  • Deliver targeted advertising, newsletters, promotions and other information regarding our website, and business practices to you.
  • Email you regarding your ongoing and future travel requirements
  • Send you relevant newsletters.
  • Send you relevant communications by post to your given address.
  • Contact you by SMS about relevant information.
  • Generate a personal profile about you to make future visits to our website more personalised.
  • Increase the efficiency and operation of our website.
  • Monitor and analyse usage and trends to improve your experience of our website.
  • Notify you of updates to our website, and booking conditions.
  • Offer information on relevant new products, services, and/or recommendations to you.
  • Perform other business activities as needed.
  • Request feedback and contact you about your use of our website, and the service we provide you.
  • Respond to customer service requests.

4. HOW WE USE YOUR PERSONAL INFORMATION

  • We may process, use or share information we have collected about you in certain situations as explained above.

In general, the data we hold on you will be used for the purpose of processing your travel booking, in accordance with your booking terms and conditions. We only share your information with preferred suppliers when fulfilling your travel bookings, HM Revenue & Customs where necessary.

In addition, we may process your data for use in our marketing activities, either with having your explicit consent to do so, or when we have highlighted a Legitimate Interest, this may include engaging with third party agencies to perform our own marketing activities only.

We do not sell, rent or trade your personal information to third parties for marketing purposes without your express consent.

In the event that we need to transfer your data outside of the European Union, to fulfil the contract we have with you to process your travel booking, we will ensure the organisation receiving the data has adequate safeguards in place that comply with the most up to date UK privacy laws, that individuals’ rights are enforceable and effective legal remedies for individuals are available following the transfer.

Furthermore, your information may be processed and disclosed as follows:

With your consent

Where possible we will explicitly seek your consent to use your information for any purpose other than what it was collected for. By becoming a customer, we may also rely on another legal basis to process your personal information, such as having a Legitimate Interest. Before we do this, we will carry out a suitable test to ensure it is the appropriate lawful basis for processing your personal information, and it does not infringe your rights and freedoms. We will inform you if we intend to process your information in this way, and provide a simple method for you to opt-out of the communication if you wish to do so.

For Contractual Purposes

We may disclose only relevant information about you to uphold our contractual obligations to you as a customer in fulfilling your travel arrangements. This may include disclosing relevant personal information with third party businesses and organisations, including airlines, tour operators, travel ancillary providers, banking organisations, and public authorities such as customs/immigration. This may include transferring your data outside of the European Union.

By Law or to Protect Rights

If we believe the release of information about you or your business is necessary to respond to legal process, to investigate or remedy potential violations of our policies, or to protect the rights, property, and safety of others, we may share your information as permitted or required by any applicable law, rule or regulation. This includes exchanging information with other entities or fraud protection and credit risk reduction.

Third Parties

We will only share your personal data with third party businesses when there is a requirement to do so to fulfil our contractual obligations when processing your travel bookings. As a Data Controller we will take all suitable precautions to ensure your data is managed and processed in accordance with our own Privacy Policy when sharing your data.

For training purposes

If you telephone us, calls may be recorded for training and quality purposes. We will only share your personal information with our authorised travel service providers, and only as necessary to complete a transaction that you have specifically requested.

On our website

We may use cookies, tracking pixels, and other tracking technologies on our website to help customise our sites and improve your experience.

A cookie is a small file that a website transfers to the cookie file of the browser on your computer’s hard disk so that the website can remember who you are. Cookies identify the computer you are using, not you personally.

On travel-vogue.co.uk we use Google Analytics to understand which website pages you are visiting and to help improve the customer journey through the website and site effectiveness. This data allows us to improve the quality of your visit and develop programs, navigation and content that will be of interest to you. Google Analytics leaves cookies on your browser but this does not identify you personally.

We currently do not use third party cookies or web beacons. The website travel-vogue.co.uk system is protected by firewalls. We collect information about your computer (not your name, address, email address or telephone number) through your permanent cookie file for the purpose of assessing the effectiveness of site content and traffic. This data allows us to improve the quality of your visit.

By using our website, you agree to be bound by our Cookie Policy.

Internet-Based Advertising

Additionally, we may use third-party software to serve ads on our website, implement email marketing campaigns, and manage other interactive marketing initiatives. This third-party software may use cookies or similar tracking technology to help manage and optimise your online experience with us.

You should be aware that getting a new computer, installing a new browser, upgrading an existing browser, or erasing or otherwise altering your browser’s cookies files may also clear certain opt-out in/out cookies, plug-ins, or settings.

The below highlights the specific legal bases we intend to use to process personal data:

Purpose/Activity Type of Data Lawful basis for processing 
To respond to your travel enquiry  Identity
Contact
Health 
Legitimate Interest
Consent 
Arrange and book your travel requests Identity
Contact
Financial
Health 
Performance of a contract with you 
Communicating special offers to you Contact
Profile
Identity 
Consent
Legitimate Interest 
General accounting purposes Identity
Contact
Financial
Transactional 
Performance of a contract
Legal 
Contacting you in an emergency in relation to your booking Identity
Contact 
Legitimate interest
Consent
Vital interest 
To communicate general information about our business and our services Contact
Identity
Profile
Personal preferences 
Consent
Legitimate Interest 
Surveys and feedback questionnaires Identity
Contact
Profile
Usage 
Consent
Legitimate Interest 
Partaking in prize draws, promotions, offers and incentives Contact
Identity
Profile 
Consent
Legitimate Interest 
Reporting and analysis Identity
Contact
Financial
Transactional
Profile
Usage 
Consent
Performance of a contract with you 
To administer and protect our business (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) Identity
Contact
Technical
Usage
Profile 
Legitimate Interest 

5. OTHER

We may also pass your details to any successor to our business (or any relevant part of it).

Information you provide may also be used for statistical purposes.

6. POLICY FOR CHILDREN

We do not knowingly solicit information from or market to children under the age of 13. If you become aware of any data we have collected from children under the age of 13, please contact us using the contact information provided below.

7. THE OPTIONS YOU HAVE REGARDING YOUR INFORMATION

You may at any time review, change, request to see or request for the information to be deleted that we hold on you. We will deal with your request in accordance with the EU General Data Protection Regulation or the statutory UK law relating to Data Protection, whichever is enforced in the United Kingdom and its territories at the time of your request.

We are committed to upholding your full rights contained in the GDPR, which include:

  • Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
  • Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
  • Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
  • Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
  • Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
  • Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
  • Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

To make a request regarding your personal data, or for more information, please contact us using the information provided below.

However, if you request for your information to be deleted, we may be required to retain certain information to prevent fraud, troubleshoot problems, assist with any investigations, enforce our Terms of Use and/or comply with legal requirements.

8. UNSUBSCRIBE FROM COMMUNICATIONS

If you no longer wish to receive correspondence, emails or other communications from us, you may opt-out by:

  • Clicking and following the unsubscribe link found in the footer of all email communications we send to you
  • Contacting us using the contact information provided below

9. HOW WE PROTECT YOUR INFORMATION

The data we collect from you will be stored within the UK. By submitting your personal data, you agree to the storing and processing of this data. We will take all reasonable steps to ensure that your data is treated securely and in accordance with this privacy policy.

Transferring your data outside of the EU

If we need to transfer your data outside of the European Union, (e.g. If your holiday is outside of the EEA) we will ensure the organisation receiving the data has adequate safeguards in place that comply with the most up to date UK privacy laws, that individuals’ rights are enforceable and effective legal remedies for individuals are available following the transfer.

10. COMPLIANCE AND COOPERATION WITH REGULATORY AUTHORITIES

We regularly review our compliance with our Privacy Policy. We also adhere to all UK data laws including, the EU General Data Protection Regulation (GDPR); and the Privacy and Electronic Communications Regulations (PECR) (as may be amended from time to time).

When we receive formal written complaints, we will contact the person who made the complaint to follow up. We work with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the transfer of personal data that we cannot resolve with our users directly.

11. CONTACT US

If you have questions or comments about this Privacy Policy, please contact us in writing to:

The Data Protection Team
Travel Vogue Ltd
15 The Parade
Wrotham Road
Meopham
Kent
DA13 0JL

Phone: 01474 814 411
Email: info@travelvogue.co.uk

12. YOUR RIGHT TO COMPLAIN TO THE ICO

If you are not satisfied with our use of your personal data, or our response to any request you send to us to exercise any of your rights, then you have the right to complain to the Information Commissioners Office:

Information Commissioners Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Tel: 0303 123 1113
Email: casework@ico.org.uk

13. Dolphin Dynamic. DolphinAnywhere

Introduction

Under the General Data Protection Regulation (“GDPR”), a “controller” determines why and how personal data is processed. A “processor” processes personal data on behalf of the controller. Dolphin Dynamics has limited knowledge of the personal data (“Customer Data”) that each DolphinAnywhere User (“Dolphin User”) processes via the DolphinAnywhere hosting infrastructure. Also, Dolphin Dynamics only processes Customer Data in accordance with the Dolphin User’s instructions. Therefore, Dolphin Dynamics is a processor of Customer Data hosted on DolphinAnywhere servers; Dolphin Users are controllers.

Customer Data

Dolphin Dynamics treats Customer Data as sensitive and confidential. This section describes the infrastructure and processes that are in place to protect this data.

The DolphinAnywhere primary hosting service and associated disaster recovery hosting service operate within secure private cloud hosting facilities accessed via secure websites accepting TLS 1.2 connections. Client applications are accessed via Remote Desktop, which utilises RSA Security’s RC4 cipher, encrypted using a 56 or 128-bit key, based on the maximum level allowable by your local client.

Dolphin Dynamics uses ICE ICT, one of the Travel Industry’s leading hosting service providers, as its sub processor. ICE ICT provide an additional layer of security to prevent intrusion and protect against DDOS attacks. A secure multi-layered firewalled architecture restricts access to data solely to business layer APO’s. Rigid separation of internal and production systems to protect Customer Data is enforced by design. Sensitive data including passwords, account details and lodge card details are encrypted using AES encryption when written to the database.

Dolphin Dynamics will continue to invest in the security behind the DolphinAnywhere hosting service to ensure it remains compliant with applicable legislation.

Dolphin Dynamics uses Customer Data only to provide the services agreed upon with the Dolphin User. Dolphin Dynamics never mines such data for marketing, advertising or related purposes.

Dolphin Dynamics restricts the storage of Customer Data to the primary and disaster recovery datacentres as well as optionally making the Customer Data available to the Dolphin User for downloading. Should a copy of a Dolphin User’s database need to be transported elsewhere for any reason, such as error fixing or customer support, all Customer Data will be permanently removed from that copy before it is transported.

Where the Dolphin User makes travel bookings with 3rd party travel suppliers through the Dolphin system, Customer Data will be transferred to those suppliers as required by those suppliers.

Dolphin Dynamics takes stringent measures to protect Customer Data from inappropriate access, including limits for Dolphin personnel and subcontractors. While Dolphin Users can access their own Customer Data at any time and for any reason.

If a Dolphin User ceases to use the DolphinAnywhere hosting service, Dolphin Dynamics follows strict standards and specific processes for removing that Dolphin User’s database from the DolphinAnywhere hosting environment. Dolphin Dynamics uses 3rd party disposal companies for obsolete hardware and hard drives are wiped and physically destroyed.

Dolphin User Data

Dolphin Dynamics will, from time to time, monitor and capture Dolphin User’s activity within the Dolphin products to identify usage trends, common issues, errors and system performance to proactively improve the end user experience of the product. Dolphin Dynamics uses Microsoft Azure’s Insights platform to conduct such activity. Information captured includes end user workflows through various dialogs in the system and time spent within them. The following end user data is captured to allow for proactively identifying and resolving issues, errors and performance.

  • IP Address: This allows Dolphin Dynamics to Identify where the traffic originates.
  • City: This is identified by the IP address by Microsoft Azure to indicate the city from which the access originates.
  • User ID: This is the computer login that is used by the end user.
  • Operating System: This identifies and helps Dolphin Dynamics to understand the operating system that the Dolphin product is being used on.
  • Device Type: This is the type of computer the Dolphin product is running on.
  • Session ID: This is the identifier of the current end user’s session.
  • BMM Version: This identifies the BMM version the end user is using.
  • DB Name: This is the name of the database that has been used.

Additionally, data regarding the name of dialogs opened, time spent on a dialog, errors, exceptions and other key pieces of information required for troubleshooting will also be recorded. Any Customer Data entered by the end user regarding customers, bookings, payments etc, will not be captured by Microsoft Azure.

Access Controls

Physical access to the sites containing the DolphinAnywhere hosting infrastructure is restricted and controlled 24 x 7 by security guards. Physical access requests for hardware vendor engineers and any other visitors must be raised by an authorised ICE ICT employee. The site requires vehicle registration, government issued photo ID and multiple security gate controls. Network level access is granted only to Dolphin Dynamics staff who require access and to the 3rd party datacentre management company that Dolphin Dynamics engages for this purpose. Passwords are secure and expire at regular intervals and users are locked down to specific security groups. Access is reviewed on a regular basis. Employees’ accounts are disabled immediately when they cease employment at Dolphin Dynamics.

Vulnerability Procedures

Vulnerability & Penetration testing is carried out regularly using vulnerability scanning tools and 3rd party penetration testing providers.
Vulnerabilities are addressed at the earliest opportunity. Routine patching of the DolphinAnywhere hosting environment hardware and operating systems is undertaken at regular intervals by Dolphin Dynamics’ 3rd party datacentre management company and verified by Dolphin Dynamics IT.

Disaster Recovery

Full nightly backups of Dolphin User databases are sent to the physically separate and secure disaster recovery facility and retained for 8 days. All data is mirrored in real-time in our Disaster Recovery facility.

Breach reporting

A log is maintained for reporting any suspected security incidents which are investigated and addressed according to Dolphin’s incident response plan. Should a personal data breach of Customer Data be identified, Dolphin will inform the Dolphin User as stipulated under the GDPR.

Questions regarding Dolphin Dynamics role as a Data Processor

Address any questions directly to the Information Security Officer by email via ISO@dolphind.com or by post at Dolphin Dynamics Limited, 3rd Floor, 162-164 Upper Richmond Road, London, SW15 2SL or telephone 020 8394 6000