About this policy
Trafalgar UK: Privacy
Trafalgar USA: Privacy
Trafalgar Canada: Privacy
Trafalgar Australia: Privacy
Trafalgar New Zealand: Privacy
Trafalgar Europe: Privacy
Trafalgar South Africa: Privacy
Trafalgar Asia / Rest of the World: Privacy
We will only use and retain your personal data with your consent or other lawful basis. We ask for your consent on those occasions and in those places where we specify what we will use your personal data for.
This document and all content of our websites is Copyright© 2021 Trafalgar Tours Pty Ltd. ALL RIGHTS RESERVED.
We respect your right to privacy and we aim to ensure you have a trustworthy experience with us, when using our website and reading our content. We understand that you care about how your personal data is used by us, and we want to share with you the policies and practices we’ve adopted. This way you can feel confident about how we handle your personal data.
Our Readers and Contributors
Terms used in this policy
When we refer to “processing” of your personal data, this includes obtaining, recording, storing or holding your personal data, and anything we do with it, such as organizing, adapting or altering it, retrieving, consulting or using it, disclosing it or otherwise making it available to others, combining it with other data, and blocking, erasing or destroying it.
What types of personal data we process
Data concerning you as an individual
We may collect the following:
– social networking contact details,
– proofs of identity and address, copies of passports, driving licences, and utility bills,
– results of searches carried out against you (such as to verify your identity, address, and credit status),
– your preferences,
– any other information provided to us by or in relation to you which concern you as an individual.
Information collected or generated out of any surveys we conduct.
Information collected or generated out of any competitions or promotions we run.
Account, Registration and Loyalty Information
Information concerning any accounts, registrations, or memberships with us, or participation in any loyalty program.
Correspondence, communications, and messages, including between you and us, and between us and third parties.
Website Usage Information
We may collect information about your visits to, browsing of, and use of our website unless your web browser blocks this. The range of data we collect will depend on how you interact with our website. This information may include:
– your IP address (a unique identifier allocated to your computer for your connection to the internet);
– your computer device details (PC, tablet, smartphone, watch, etc.);
– the make and version of web browser (e.g. Internet Explorer, Firefox, Safari, Opera, Chrome) you are using;
– your operating system (e.g. Windows, Windows Phone, OSX, iOS, Android, Linux, etc);
– your time-zone;
– your browser plug-ins;
– any web-page you came from, identified as the referrer web page address by your web browser;
– page response times;
– download error;
– pages and parts of pages you visit;
– the usage you make of our website, including inquiries and searches undertaken, and registrations for accounts, forums, etc.;
– services and products you viewed;
– length of visit to website and pages;
– page interaction information (such as scrolling, keys pressed, mouse clicks, touches, and mouse-overs).
This information may also include:
– data inputted into forms and fields;
– registrations for any accounts,
– feedback mechanism,
– social functionality,
– newsletters or other features of our site;
– usernames and passwords,
– log-in / out history, and settings;
– actions are taken within any account or other registration, including view and update and changes to settings; and posts to any forum, feedback, review or other social functionality on our website.
How we collect or generate your personal data
This section sets out the ways in which we may collect or generate personal data concerning you.
Visiting our website
By visiting and using our website you or your computer may provide personal data. This includes: information which is automatically provided by your browser to our servers; information record on our web servers about your interaction with our website and pages viewed; information we capture or place on your computer or generate using cookies or other technologies on our website; and information you input into forms and fields on our website.
Data you provide
Your personal data will include data you provide (or later amend), whether:
– from correspondence with you;
– verbally to us over the phone or in-person;
– by filing in any field or form on a website;
– by filling in any printed form we provide you with;
– by e-mail;
– from documents you provide us with; and
– from updates to any information you provide to us from time to time.
This includes when you:
– register or subscribe for any service, account, members, or loyalty program,
– make an inquiry or booking for a holiday with Trafalgar Tours Pty Ltd or other travel services whether in person, by phone, through our website or otherwise;
– send us your comments or suggestions;
– subscribe to any newsletter or other publication;
– request sales and advertising information, including brochures, from Trafalgar Tours Pty Ltd
Data generated by us
We and any suppliers or sub-contractors working for us may generate personal data relating to you, including:
– in connection with responding to and dealing with any inquiry, booking or complaint through Trafalgar Tour Pty Ltd; or
– in performing any booking or other contract with you through Trafalgar Tour Pty Ltd; or
– through the analysis of your personal data; or
– data gained from your use of our website.
We may record telephone calls with you.
What do we use your personal data for
This section sets out the uses which we make of your personal data and the legal basis on which we rely to do this.
Operate our website
To operate and provide the search function of our website, and to inform us of the type of content best suited for our audience
Provide information and respond to inquiries
To provide information to you about our website, and to keep you updated generally. This is done on the basis of our legitimate interests in ensuring our business is run efficiently.
Communication with customers
To communicate with you concerning any inquiries, problems, and complaints, and to respond to any submissions, inquiries or requests from you. This is done on the basis of our legitimate interests in ensuring our business is run efficiently.
To keep internal records and maintain reasonable archives, including concerning as to inquiries and complaints. This is done on the basis of our legitimate interests in ensuring our business to run efficiently.
Manage and Improve our business
To analyze, audit, provide, operate, administer, maintain and improve our business, website, and services;
– to carry out surveys and analyze the results;
– to run promotions and competitions;
– undertake customer research/development;
– to assist us in and help us to improve our content
– editorial, advertising, and marketing processes;
– to carry out other business development and improvement activities; and
– to provide training for our staff, sub-contractors, and suppliers.
For example, we may use your personal data to help us profile how our audience generally are using our website and engaging with our content. We may also use this information to ascertain interests so that we can better tailor our content offerings. This is done on the basis of our legitimate interests in ensuring our business to run efficiently.
To carry out direct marketing to you, see section ‘Use of your personal data for direct marketing” for further information.
To report aggregate information concerning the usage of our website to our advertisers. We normally create anonymous statistical data about browsing actions and patterns and do not identify any individual.
Anything you have specifically consented to
For any purpose which we have obtained your consent to. We will do this only where you have a choice whether to consent or not, you have control over that data and you have had to take an affirmative step to give consent on an informed basis
Consequences of Not Providing your Data
You are not obligated to provide your personal information, however, where the information is required for us to provide you with our services/content, we may not be able to offer some/all our services/content without it.
Data Retention Policy
Trafalgar Tours Ltd seeks to ensure that it retains only data necessary to effectively conduct its program activities and work in fulfilment of its mission. The need to retain data varies widely with the type of data and the purpose for which it was collected. Trafalgar Tours Ltd strives to ensure that data is only retained for the period necessary to fulfil the purpose for which it was collected and is fully deleted when no longer required. This policy sets forth Trafalgar Tours Ltd’s guidelines on data retention and is to be consistently applied throughout the organization.
This policy covers all data collected by Trafalgar Tours Ltd and stored on Trafalgar Tours Ltd owned or leased systems and media, regardless of location. It applies to both data collected and held electronically (including photographs, video and audio recordings) and data that is collected and held as hard copy or paper files. The need to retain certain information may be mandated by federal or local law, federal regulations and legitimate business purposes, as well as the EU General Data Protection Regulation (GDPR).
Reasons for Data Retention
Trafalgar Tours Ltd retains only that data that is necessary to effectively conduct its program activities, fulfil its mission and comply with applicable laws and regulations.
Period for retaining your data
We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Data destruction ensures that Trafalgar Tours Ltd manages the data it controls and processes it in an efficient and responsible manner. When the retention period for the data as outlined above expires, Trafalgar Tours Ltd will actively destroy the data covered by this policy. If an individual believes that there exists a legitimate business reason why certain data should not be destroyed at the end of a retention period, he or she should identify this data to his/her supervisor and provide information as to why the data should not be destroyed.
Use of your personal data for direct marketing
We do not use or disclose your personal data for direct marketing purposes unless:
– we have obtained your consent to do this, such as through an opt-in box or a form on our website and/or
– you have made a booking with Trafalgar Tour Ptd Ltd and there is a legitimate interest to do is.
In addition to data protection law, if we use your personal information for direct marketing purposes we may also be subject to additional rules that regulate direct marketing. The term “direct marketing” essentially means direct marketing material or advertising at a particular individual.
Direct marketing by us
We will use your personal data to send you marketing information (including newsletters) about our content, as well as travel services offered by Trafalgar Tours Pty Ltd. These travel services include:
- Products and services offered by Trafalgar Tours Pty Ltd
- Products and services which can be booked with third parties through us
- Products and services which can be booked with other companies within our group (i.e. the Travel Corporation Group); and
- Products and services offered by third parties and selected by us.
Where applicable we will only send you marketing information about the content or services you have selected. Also, we will only contact you in the manner you agreed to (e.g. by email).
Withdrawing from Direct Marketing
You are free to stop receiving marketing information from us at any time by contacting us as detailed in this privacy notice or by following the instructions set out in our marketing communications. If you email us to withdraw your consent, it would be helpful if you could insert the word “Unsubscribe” as the subject heading.”
When you elect to stop receiving marketing information we will, from that point onwards, not share your information further with any other third parties.
You are also free, at any time, to notify any third party to whom we have previously passed your contact details to, that you no longer wish to receive marketing communications from them.
Disclosure of your personal data
We transfer your personal data to third parties in the following circumstances:
Business Function Outsourcing
Where we use third parties to host, provide, operate or supply any part of our websites, databases, systems, business, or services, or carry out on our behalf any of our business functions or actions (including sending mail, providing marketing assistance, providing customer and advertising analysis, and providing customer services), then then we may provide your personal data to them as required for use for or processing as part of those purposes.
Public forums etc.
We may supply personal data to a government authority or regulator where required to:
– comply with a legal requirement,
– for the administration of justice,
– where reasonably required to protect your vital interests or
We may disclose your personal data where otherwise required by or permitted by law.
Access to your personal data
You may request us to tell you whether we are processing personal data about you, to tell you what personal data we are processing and for what purposes, and to provide you with a copy of your personal data that we hold. The law does allow us, in certain cases to refuse your request, and we will advise you at the time if this is the case.
You have the right to have your personal data amended if it is inaccurate or incomplete.
A right to object
You have the right to object to the use of your personal information for direct marketing or where we use it on the basis that we say we have a legitimate interest in using it.
Deletion of Data inaccuracies
You have the right to have your personal information deleted or removed in certain circumstances and we may have the right in some cases to refuse to do so.
You have the right to obtain and re-use your personal information for your own use in certain circumstances.
You may prevent or suppress the processing of your personal information in certain circumstances.
Complaints to applicable authority
In addition to your rights above, it is open to you, if you have a complaint or concern, to seek assistance from this supervisory authority who has powers to compel us to comply with applicable laws and fine us for non-compliance. However, before you do so, we would hope that you will contact us first to discuss any complaints or concerns you have. You can contact us using the details provided in the ‘Contacting Us’ section of this our privacy notice.
Right to withdraw your consent
You are free to withdraw your consent at any time. Please contact us using the details outlined in this policy.
TTC Covid-19 processing activities specific Privacy Notice
23 July 2020
Trafalgar Covid-19 Privacy Notice
This Privacy Notice supplements our standard Privacy Notice and should be read in conjunction with that Notice. This Privacy Notice gives specific details about how we will deal with personal information in light of Covid-19.
Due to the current public health situation, Trafalgar may temporarily collect additional information from customers, including health or biometric information. In some countries, such information is considered as “sensitive” or “special categories of personal data”.
Trafalgar will always treat the information we collect from customers, in particular health and biometric information, with the highest standards of care and in line with all applicable legal requirements and guidelines from public authorities. Trafalgar complies with the EU General Data Protection Regulation 2016/679 (GDPR), the UK Data Protection Act 2021 and all amendments, any other legislation relating to personal data and all other local or national legislation and regulatory requirements in force from time to time which apply to us relating to the use of your personal data.
The purpose of this specific privacy notice is to inform our customers of what personal data Trafalgar collects, for which purposes and under which legal grounds we may process it during the SARS-CoV-2 pandemic.
Who are we?
Trafalgar is a company registered in Trafalgar Tours Pty Ltd. All references to Trafalgar, ‘we’, ‘us’, ‘our’ are references to Trafalgar, its group, subsidiaries and sister companies. If you have any questions or concerns about this privacy notice, or Trafalgar’s personal data policies or practices, please contact us either by e-mail to firstname.lastname@example.org.
We are the Data Controller for the purposes of the matters detailed in this Privacy Notice.
What personal data do we collect?
Depending on the situation, we may collect the following information:
- Your name and contact details.
- Where authorised by local regulations or where you agree, we may collect your temperature before giving you access to our services/premises or to a public area. On such occasions, we do not record this information, which is deleted immediately unless the readings are not within acceptable levels in which case we may refuse access and we may retain the data in order to demonstrate that our refusal of access was reasonable.
- When you have accepted or where required by local regulations, we may collect your name, contact details, date, time and location of your presence in the premises we manage for contact tracing purposes. If you notify us that you have been tested positive, we will not record this information, but only the date, time and location of the risk in order for us be able to notify the relevant customers that may have been exposed unless otherwise required by law.
- Your medical insurance information, as required by tourism and travel regulations.
Why do we collect personal data?
Depending on the situation, we collect and process your personal data for the
- To check body temperature prior to giving access to public areas and our premises, to protect the health and safety of our customers, staff, contractors and suppliers;
- To record attendance in certain premises we manage, in order to notify our customers if they have been exposed to a risk and to recommend to self-isolate;
- If you choose to share such information with us, to record if you have a particular risk to your health so we can take any additional measure appropriate to ensure your safety;
- To record your medical insurance information as required by health regulations.
What are our legal grounds to collect and process your personal data?
We rely on the following legal bases to collect and process your personal data:
- Your explicit consent.;
- To perform the contract you have with us;
- To comply with a legal obligation: when we are required to collect and process your information because we have a legal requirement to do so in some jurisdictions;
- To protect your vital interest: when required by the circumstances, we may process your data to protect your vital interests or the vital interests of other individuals;
- Our legitimate interests: we may process your data because it is our legitimate interests to do so, or the legitimate interests of others.
Special category data
Depending on the circumstances, we rely on the following legal bases to collect and process your health information:
- Your explicit consent;
- To comply with a legal obligation: when we are required to collect and process your information because we have a legal requirement to do so in some jurisdictions, in particular, to protect and safeguard public health;
- To protect your vital interests, when you are not legally or physically able to give consent.
Who are we sharing your personal data with?
We will not share data with third parties other than as documented in our regular privacy notice. However, in some circumstances, your data may be shared with:
- Public authorities, in particular health authorities, if we have a legal obligation to do so;
Our providers, including qualified health professionals in line with local regulations,
We will not share your data outside of the European Economic Area (EEA) except when:
- It is necessary to perform your contract with us (for instance, because you are travelling outside the EEA);
- We have the legal obligation to do so.
How long do we keep your data for?
We will endeavour to record your personal data, especially your health data, only for the time strictly necessary for the purposes set out in this privacy notice. This includes the following periods:
- For the time of your tour or travel;
- 15 days to one month after your visit to our premises, unless a longer period is required by law;
- For as long as necessary to comply with our legal obligations, contractual requirements or the establishment, exercise or defence of legal claims;
We will delete/destroy your personal data immediately after the relevant retention period above is reached.
How do we protect your data?
We will always collect and process your data, in particular health and biometric information, with due care and we will keep this data separate from our other regular business processing activities.
The information you share with us under the scope of this Privacy Notice will be secured by additional technical and organisational measures and only staff required to see this information will be able to access it on a “need-to-know” basis.
Paper-based records will be kept securely in locked cabinets. Digital records will be kept in encrypted and separate databases or folders with strict access controls in place.
What are my rights and how do I exercise them?
You have the right to:
- be informed of any data processing;
- access to your personal data;
- rectify your personal data;
- erase your personal data, in some circumstances;
- restrict processing of your personal data, in some applicable circumstances;
- data portability, in applicable circumstances;
- object to the processing of your personal data, in some circumstances;
- to withdraw consent to the processing of your personal data, where applicable.
If you wish to exercise any of your rights, please contact us either by e-mail to email@example.com.
You will not have to pay a fee to exercise any of your rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances and we will explain the reasons in our response to you.
You also have the right to make a complaint at any time to the relevant supervisory authority, for example, the Information Commissioner’s Office in the UK.
Further information about your rights is included in our standard Privacy Notice above which this Notice supplements.