IDENTITY & CONTACT DETAILS OF THE CONTROLLER & THE DATA PROTECTION OFFICER
Elegant Resorts Limited (ER) is a UK tour operator providing tailor-made, luxury holiday to the finest hotels in the world, complemented by the highest standards of client service and travel, particularly in First and Club. ER is committed to protecting and respecting your privacy whilst remaining compliant with The General Data Protection Regulation (EU GDPR) and the Data Protection Act (DPA). In order for ER to drive compliance, we have a Personal Information Management System which is compliant with BS 10012:2017 Data Protection.
Elegant Resorts Limited (ER) is the Data Controller and have an appointed Data Protection Officer whom can be contacted via email; DPO@portmantravelgroup.com
You can also contact ER via post at; Elegant House, Sandpiper Way, Chester Business Park, Chester, CH4 9QE.
PURPOSE OF THE PROCESSING AND THE LEGAL BASIS FOR THE PROCESSING
In order for Elegant Resorts (ER) to fulfil its contractual and client obligations, there is a requirement to collect specific personally identifiable information relating to our clients. There are a couple of legal bases for the processing of such personally identifiable information; primarily personal information is processed on the basis of consent. We retain evidence of the details of consent which has been provided by our clients in order to process their information. Where consent cannot be obtained for various reasons, we may legally process the information you provide to us because we have a legitimate interest in doing so, e.g. direct marketing.
LEGITIMATE INTERESTS OF ELEGANT RESORTS (ER) OR THIRD PARTY
Elegant Resorts (ER) have a legitimate interest in further processing the information which is provided by clients at the point of sale and/or enquiry for marketing purposes.
We may also use your information for other specific legitimate purposes such as:
- To ensure that content from our site is presented in the most effective manner for you and for your computer
- To provide you with information, products or services that you request from us or which we feel may interest you, where you have either explicitly consented to or we believe you have a legitimate interest in
- To carry out our obligations arising from any contracts entered into between you and us
- To allow you to participate in interactive features of our service, when you choose to do so
- To notify you about changes to our service
We do not sell, rent or lease client lists to third parties. We may share data with trusted partners to help us perform affiliate marketing, statistical analysis, send you email or postal mail, provide customer support or arrange for deliveries. All such third parties are prohibited from using your personal information except to provide these services to us, and they are required to maintain the confidentiality of your information.
If you are an existing customer, we will only contact you by electronic means (e-mail, SMS, Push or Post) with information about goods and services similar to those which were the subject of a previous sale to you.
If you are a new customer, and where we permit selected third parties, such as participating restaurants or Bookatable, to use your data, we (or they) will contact you by electronic means only if you have consented to this or have a legitimate interest.
INFORMATION WE MAY COLLECT FROM YOU
We may collect and process the following data about you:
- Username and password – If we collect a username and password, this is so we can keep your information secure and so that we can have your information to hand each time you visit us.
- Name, address and postcode – Without this we won’t know where to send your booking confirmation or to whom, we also use postcodes to quickly get your full address to save you typing it out. If you have location services enabled on your smart device we may also use this to recommend hotels / amenities in within the area you are in.
- Email address – We send confirmation of your orders via email and will send you informational messages as well as offers which may interest you.
- Telephone numbers – If there are any problems with your booking or we need to check anything, we need to be able to contact you quickly.
Information that you provide by registering on our website (www.elegantresorts.co.uk) and application such as;
- If you contact us, we may keep a record of that correspondence.
- We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them.
- Details of your visits to our site and the resources that you access.
- App usage data – including location services.
RECIPIENTS OF THE PERSONAL DATA
Elegant Resorts (ER) is required to transfer the personal information provided by its customers to third parties in order to fulfil contractual and booking obligations. The following are categories of recipients that customer information could be transferred to:
- Air Providers
- Hotel Providers
- Other Travel Agencies
- Payment Providers
All information you provide to us is stored on our secure servers. Any payment transactions are encrypted using SSL technology. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
We will not disclose your information to any of the relevant third parties listed above for marketing purposes.
Our Data Protection Officer can provide you with contact details of our third parties upon request if required. You are able to do this by emailing our Data Protection Officer at DPO@portmantravelgroup.com
DETAILS OF TRANSFERS TO THIRD COUNTRIES & SAFEGUARDS
In order to fulfil any holiday booking requests, we are required to transfer your data to relevant third parties. These third parties are at your discretion and choice in holiday destination / provider. We cannot accept any liability for any compromise of your data as a result of a travel provider data breach.
We have offices operating outside of the EEA in Dubai, Barbados, Antigua and Mauritius. Whilst your data is not stored in any of these countries and remains in the UK, it is accessible to our employees in these other offices.
ER retain all customer information for 6 years after they last interacted with us. Where there has been a period of 6 years and there has been no interaction between the organisation and the Client, their information is erased and securely disposed of.
RIGHTS OF DATA SUBJECTS
As a Data Subject (individual) which ER process information on behalf of, you have the right to withdraw consent from our processing at any given time (please see terms and conditions). You are able to do this through the contact details provided on page 1 of this policy. You can exercise the right at any time by contacting us at DPO@portmantravelgroup.com
You also have a right to lodge a complaint with the Supervisory Authority (Information Commissioners Office in the UK), should you feel that we have not handled your information in line with legislative and regulatory requirements.
You have the right to make a Subject Access Request to ER’s Data Protection Officer in the event that you wish to determine what information we hold on you. We welcome these requests and aim to respond within 72 working hours of receipt. Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies.