Data Protection Policy
The Data Protection Policy 1998 came into force 1st March 2000 and describes how organisations must collect, handle and store personal information. These rules apply regardless of whether data is stored electronically or on paper.
Every organisation that processes personal information has to register with the Information Commissioner’s Office (ICO), unless they are exempt.
Greatdays Travel Group have the following registrations with the Data Protection Registrar (ZA109288, Greatdays Holidays Services Ltd, ZA109286, Greatdays Holidays Ltd).
There are 8 principles governing the processing of personal data:
- Must be processed fairly and lawfully
- Obtained only for specified and lawful purposes
- Subject to appropriate technical and company measures to protect against unauthorised use, loss, destruction or damage.
- Be adequate, relevant and not excessive in relation to the purpose for which it is obtained
- Be accurate and kept up to date
- Not be kept longer than necessary
- Processed in accordance with the rights of data subjects under the Act
- Shall not be transferred outside of the EU unless that country ensures adequate level of data protection.
Personal Data is defined as “data which relates to a living individual who can be identified from the data”.
Greatdays holds the following Personal Data. This is to maintain our database and interact with suppliers in order to deliver your holidays booked with us.
- Contact details (name, address, email, phone number)
- Dietary or Disability Special Needs
- Passport and/or date of birth(where provided)
We sometimes need to share the above personal information we hold with hotels, airlines or other transportation services. To comply with their needs to plan your arrival and special requests, this is required. It’s also to comply with other legal requirements.
Subject Access Requests (SAR)
Your rights:
- We will take all reasonable steps to retain personal data. Only for the duration of the purpose for which it was obtained. The maximum retention period is 7 years, to comply with legal objectives. When that period has expired or when requested by you to do so, we will delete personal information from current operational systems where it is no longer required. In limited circumstances we may need to continue to hold some details about you after your relationship with us has ended, for example for legal and regulatory reasons.
- You have the right to receive certain information from us about the personal data as set out in the GDPR Act 2018 that we hold about you. In certain circumstances you are also entitled to object to the processing of your personal data and have certain rights of access, rectification and/or removal of your personal data. To exercise these rights you should write to us at: Greatdays Travel Group, Data Protection Officer, Chapel House, 1 Borough Road, Altrincham, Cheshire, WA15 9RA.
- You have the right to complain to the ICO should you think that your personal data is not being handled correctly.