Uni-Travel ltd trading as The Independent Traveller, Ranch Rider, Farm Tours and Uni-Travel is serious about privacy and data storage. We are compliant with the GPDR regulations that come into effect on 25 May 2018. This is now regulated by the ICO and certain statements below are required to meet those regulations. All companies are required to comply with the new regulations and be in a position if challenged to demonstrate that in relation to the perceived risks they have taken appropriate steps to comply with both the letter and spirit of the regulations.
As part of the booking process we need/are required to collect certain data to process you’re booking. Throughout the booking process we take steps to ensure that it is safely stored and not accessed improperly. You will however appreciate that certain data has to be passed on to 3rd parties to facilitate your booking. We ensure that they in turn are compliant with the GPDR rules. Contacts/emails from this source are sent are sent under contracts basis for processing.
Your contact details which contains Name, address, email address and phone number are also stored on a separate contacts data base which is securely hosted in the UK which in turn has signed off that it is GPDR compliant. This is used to email our newsletters in respect of the services we offer and any special offers we might have. Contacts/emails from this source are sent under the legitimate interest basis for processing.
Each and every email sent out has a clear unsubscribe button should you no longer want to receive emails from us. Please note it takes up to 5 working days from hitting that button for your name to be removed. Alternatively you can always email firstname.lastname@example.org or call 01509 618800 and we will remove your name without question.
Please note that emails are not a secure means of transfer of information so please do not send sensitive information by email.
How long do we store data?
Data in respect of your booking is stored for varying periods of time to meet the requirements of various government agencies. For example ATOL certificates are destroyed 2 months post travel, Hard copies of your travel files are shredded on site 3 years post travel and digital copies are deleted 7 years post travel to comply with the Inland Revenue service requirements. All data is securely destroyed as soon as we are not required to keep it. Data held in our marketing data base is held for 7 years and then revivified. There is a clear unsubscribe button on every email.
Sharing of data
All data held by us is never shared with another 3rd party other than to directly facilitate your booking. We do not sell/rent or in any other way share your contacts with another party.
A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about webpage traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help us provide you with a better website by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
Right of access
You have the right of access to any data held by us. We ask this is done in writing or by email for the sake of clarity on both sides. We have 30 days under the GPDR regulations to facilitate access to the data. We would normally be able to do this much quicker than the legally required period. All requests for access will be acknowledged with 1 working day of receipt. We will require full and proper identification such as a passport to process such a request.
You have a right to have the data erased unless it is required to be kept to comply with the law.
You have the right to have any information which demonstratively wrong corrected.
You have the right to object or restrict processing of information unless we are require to do so by law.
In 40 years of trading we have never had a data breach. However when a 15 year old boy can breach the data protection precautions of the US Pentagon it proves we all need to be very vigilant.
We have systems in place to deal and limit any breach of data whether it be in the form of hard data (files) or digital data. Clearly we are not going to spell those out! We hold regular meetings with our IT suppliers to access if there are additional steps that we should take to improve security.
Should such a breach occur and there be a reasonable expectation that personal data has fallen into wrong hands we will follow the following steps.
1. Fully assess the risk in particular looking at is there any significant risk to personal data
2. Immediately work with our IT team to eliminate or reduce the risk.
3. Inform the IOC as required by law.
4. Assess the potential risk to anybody on our data list.
5.Inform that list in a timely fashion of any risk and give best advice as to what steps to take to limit the risk. Please note we do not store any passwords of any client in this office in any format whether it be written or digitally.
6. Work with IOC and our IT providers to ensure no further breach can occur.
Last updated 11/04/2018