Privacy Policy

About this policy

Last Updated 11^th February 2022

At Touring Highlights, we are committed to only collecting, using and disclosing your personal data in ways that you expect, or have consented to or as we are required or permitted to by law. This policy explains how we use your information and applies to all Touring Highlights customers and visitors to our apps and our websites (together our “websites”).

We understand that not everybody needs or wants to know how we use their information in the same level of detail, so we have created two levels of information for you.  If you just want to know the basics, please read the ‘essential information’ section for each topic.  If you want to know more, please read the ‘detailed information’ section so that you can learn more about a particular issue.

Who is the controller of your data?

Where you book one of our holidays, Touring Highlights Limited is the relevant controller. If you have any questions about this policy please contact our Data Protection Officer here: [email protected] .

If you are using our websites, please note that some of the products and services advertised are provided by third parties.  These partners will be the controllers of any information about you that they process in connection with the products and services they provide, and you should read the privacy policy which is available on each of their websites to find out how they will use your data.

What do we use your personal data for?

Essential Information

The main way we use your personal data is to fulfil your booking to help us understand your needs and to provide you with a better service.  We may store information about your travel history and your preferences.  We may also use your personal data for marketing purposes, but we will make sure to not send you emails with offers and information if you have told us you would prefer not to receive these.

Detailed Information

As well as to fulfil your flight or holiday booking and to provide you with updates about your booking, we use your information in the following ways:

• to develop our customer insights: we use personal data you have provided to us through your interactions with us (eg. through booking your holiday with us, or using our website), to develop a single view of you as our customer, improve the products and services we provide and keep you informed about offerings that may be of interest to you.
• for marketing purposes: We may use your personal data to inform you, by email, letter or phone or SMS, about offers, products and services that we think may be of interest to you and we may tell you about other organisations’ products and services. We will tell you about this when we collect your information and if you do not wish to receive these communications, please let us know. You can change your mind at any time by contacting us at [email protected]. You can also unsubscribe following the instructions that we will include in any communication, such as email or text, we send to you;
• for marketing purposes with social media: We may use your personal data to generate targeted marketing on various social media sites, for example but not limited to, Facebook. We recommend you routinely review the privacy notices and preference settings that are available to you on social media platforms. If you do not wish to receive such targeted marketing generally, you are able to switch this off within the social media site. If you do not want to receive such targeted marketing from us, you can contact us at: [email protected] ;
• for communication and marketing purposes via push notifications: We may use your personal data to generate targeted messages or marketing where you receive notifications directly from applications on your mobile device. If you do not want to receive such push notifications from us, you can change your permissions via your mobile device settings at any time;
• to respond to and deal with any complaint or query or request which you contact us with.  As part of our customer care procedures, we may also follow-up, either by letter, phone, SMS, email, or via social media, with customers who have travelled with us, for example to resolve a complaint or to ask for a testimonial;
• to comply with your requests to exercise your rights under data protection legislation such as when you request access to your personal data;
• to administer promotions and competitions which we run from time to time;
• for market research: from time to time, we may also use your information to contact you by letter, phone, SMS or email to conduct customer satisfaction surveys or similar market research exercises;
• for the purposes of ensuring safety and security on our flights and in our resorts;
• to help us design our websites and improve your experience: we may collect information about the way you use and access our websites. Our web system collects information about each visitor, including IP address, the length of time spent on the website and the order in which pages are visited. Our website may use technologies to help analyse how users navigate our web pages, links and forms and helps us provide you with a good experience when you browse our websites and improve the content of our marketing. You can change the way your browser manages cookies, which may be used to deliver online advertising, by following the settings on your browser. This is explained in more detail in the cookies section here.
• for fraud prevention: to protect our customers and us from fraud and theft, we may look at information that we get from identity checks along with information in our customer records and other information which is publicly available (including on social media);
• for meeting our regulatory obligations, including liaising with regulatory authorities and for our own internal audit purposes;
• for complying with applicable laws and regulations;
• for training and quality purposes to make sure we continue to deliver the standard of service that you expect from us;
• to comply with lawful requests by public authorities, health authorities, discovery requests, or where otherwise required or permitted by applicable laws, court orders, government regulations, or regulatory authorities;
• for the purposes of safeguarding children (up to 18 years) on our flights and in our resorts;
• to enforce our legal rights and obligations and for any purposes in connection with any legal claims made by or involving you including reviewing information which you have made publicly available and which may be relevant to any claim (including information available on social media sites); and
• for planning, due diligence and implementation in relation to a commercial transaction or service transfer that affects customers, for example mergers and acquisitions or a sale of all or part of our business.

Where does your personal data come from?

Essential Information

Most of the data we process about you comes from you, for example, information you provide to us so that we can fulfil your travel booking.

Other information is gathered during your use of our websites (e.g. IP addresses or information obtained via cookies) and from your interaction with us at airports and hotels (e.g. data we may receive from airport check-in systems).

Detailed Information

A lot of the data we process is data which you provide to us, such as your name, contact details, payment card information, date of birth etc.  You usually provide this information when you make a booking via our websites or call centre, or when you contact us via email, letter or phone.

If you use social media sites such as Facebook, Twitter and Instagram, booking engines or personal banking sites, these sites are operated by third party providers and they may share your personal data with us. We recommend you routinely review the privacy notices and preference settings of such information sharing platforms. We will respect any permissions you have set on those platforms regarding our use of your personal information. 

Cookies

Essential Information

Similar to other commercial websites, our websites utilise a standard technology to collect information about how our website is used by individual computers connected to the internet.

This information is gathered through “Cookies”. Cookies are small files of letters and numbers that we put on your computer’s hard drive. Cookies may collect personal information about you. These small files allow us to distinguish you from other users of our website, monitor website traffic and to personalise the content of the site for you. This ultimately helps us provide you with a good experience when you browse our websites and improve the content of our marketing and allows us to improve our site going forward.

Please note however that Cookies cannot retrieve any personal data from your hard drive or pass on computer viruses.

Detailed Information

To find out more about our use of cookies please read our cookies policy here.

Do you have to provide your personal data?

Essential Information

In most cases, providing your personal data to us is optional, however, if you do not provide it, we will probably not be able to fulfil your booking.  For example, if you book a flight with us, we need details such as your name to be able to complete your booking and we will need your payment card details to take your payment.  When you make a booking, we will only collect information which is required for the purpose of your booking.  In other cases, you have a choice over whether we collect your personal data, for example, you can turn off cookies on your browser and we will not place any cookies on your device or computer (although in this case you may not be able to use all parts of our website).  Sometimes, we are required by law to collect certain data for border control purposes and where you have booked a flight with us you cannot prevent this collection of data other than by choosing not to check-in for this flight.

What personal data do we process?

Essential Information

We process information about you that you give us when you make holiday booking with us or purchase any other product or service from us, such as your name, date of birth, billing and home addresses, booking reference, email address, telephone number and payment card details.  Where necessary we will also collect your passport and other travel authorisation documents such as visas.  When you visit our websites we also automatically receive your IP address which is a unique identifier for your computer or other device you are using to access our site.

You may provide us with limited details about other people (e.g. where you make a travel or holiday booking on behalf of a group or where you provide us with the name and contact details of a third party who we may contact in an emergency). Where you provide the details of other individuals you should ensure you are have their permission to do so. Please tell these people to read this policy if they want to find out more about our data protection practices.

Detailed Information

A more detailed description of the information we process about you can be found below.

• Contact details – your name, home and billing addresses, postcode, email address and telephone numbers and social media details;
• Age / date of birth – you will need to provide this information as part of the booking process;
• Payment card details – card number, security code, expiry date, issue number and name of card holder;
• Booking history – details of bookings you have previously made via our websites, our contact centre or via travel agents;
• Booking Reference – to allow us to identify your booking in order to manage any changes to it;
• Device details – information about the device (e.g. computer, mobile phone) that you use to access our websites;
• CCTV images – your image may be captured on CCTV footage whilst at airports from which we operate;
• Call Recordings – if you call our contact centre we may record your call for quality monitoring purposes to improve services. You will be informed when making a call if it is being recorded;
• Information contained in enquiries or complaints – if you make a complaint about a booking, product or service, or call our customer helpline (either before or during your holiday), you will provide us with associated information which might in some cases include special categories of data such as information about health (e.g. where you notify us of any requirement of disabled passengers) or religion (e.g. where you request a specific meal choice);
• Identity documents – we require details included on your passport in order to allow us to process your booking. Also, if you exercise any of your rights under data protection laws such as requesting information about your personal data that we hold, we may ask for proof of your identity such as a copy of your passport or driving licence;
• IP address and cookie data – When you visit our websites we also automatically receive your IP address which is a unique identifier for your computer or other device you are using to access our site.  Our websites also use cookies – please click here for further information; and
• Special categories of data – We may also process information about you that the law considers to fall within special categories, such as information about your health or disabilities, racial or ethnic origin, religious or other beliefs or sexual orientation.  This information is known as “special categories of data” and receives extra protection under data protection laws. We may collect this to ensure we can meet any specific health requirements you have when travelling or to ensure we provide meals which meet any religious based dietary requirements. In other cases, we may need this information about you to fulfil your order, answer a complaint, respond to a safeguarding concern about a child, or defend a legal claim from you or we may be able to assume some information about you from what you tell us.

What are the legal grounds for processing your personal data?

Essential Information

Data protection laws require us to tell you what legal basis we use for processing your personal data.  These bases are set out in the applicable data protection law.  We generally use the following grounds:

• the processing is necessary to perform a contract with you (i.e. the contract for the sale and purchase of your flight or holiday), or to take steps requested by you before entering into this contract;
• the processing is in our or someone else’s legitimate interests, and these interests are not overridden by your interests or rights in the protection of your personal data;
• you have given your consent to the processing of your data; or
• the processing is necessary to meet a legal obligation which applies to us.

Sometimes we process data about you which the law considers to fall within special categories (see section “What personal data do we process?” for more details), in which case, we use one of the following grounds:

• the processing is necessary to protect your vital interests or those of another person where you are physically or legally incapable of giving consent (e.g. in the event of a medical emergency);
• the processing is necessary for the establishment, exercise or defence of legal claims;
• the processing is necessary for reasons of substantial public interest on the basis of EU or domestic law; or
• you have freely given your consent to the processing.

Please see the table below if you want to know which particular grounds we use for each particular processing activity.

Detailed Information

We explain below which particular ground we use for each activity.  Where we rely on the ground that the processing is in our or someone else’s legitimate interests, we explain what those interests are (data protection laws require us to tell you about this).

Type of data/ processing activity	Compliance with a legal obligation	Perform-ance of a contract	Touring Highlight’s legitimate interests	Consent	Special category data	Details about the legitimate interest
To make bookings for holidays ourselves and with suppliers.	–	√	–	–	N/A	N/A
To amend bookings and answer queries relating to existing bookings.	–	√	–	–	N/A	N/A
Payment data gathered in the course of making and receiving payments.	–	√	–	–	N/A	N/A
Marketing of holidays to our customers.	–	–	√	–	N/A	To market flights and holidays to customers who have a relationship with Touring Highlights and are likely to be interested in hearing about future offers.
Develop a single view of our customers	–	–	√	–	N/A	To improve Touring Highlights products and services and better understand customer needs.
Emails and SMS messages providing updates relating to flight and holiday details.	–	–	√	–	N/A	To provide flight and holiday updates to customers relating to their bookings.
Answering customer complaints and queries.	–	–	√	–	Specific consent where special category data is provided as part of a query / complaint.	To investigate and respond to complaints and queries about our products and services.
To conduct satisfaction surveys with customers.	–	–	√	–	N/A	To allow Touring Highlights to improve the quality of the products and services which it provides to customers.
To manage safety of customers and report safety incidents.	√	–	–	–	Necessary for reasons of substantial public interest.	To ensure safety of customers and to manage aircraft and resort safety.
Printing and posting travel tickets to customers	–	√	–	–	N/A	N/A
To safeguard and protect children.	–	√	–	–	Necessary for reasons of substantial public interest.	To ensure child guests are safeguarded and protected from harm.
Tailoring Touring Highlights website content to customers.	–	–	√	–	N/A	To assist Touring Highlights in designing their website and improving the customer experience.
Selling excursions to Touring Highlights customers before departure or in resort.	–	√	–	–	N/A	N/A
Management of any customer health and safety issues.	–	–	√	–	Specific consent where required.	To manage and record passenger medical issues.
For training and quality purposes.	–	–	√	–	N/A	Processing of customer data as part of our ongoing training programme for our team.
Detection and prevention of fraud.	–	–	√	–	N/A	To protect Touring Highlights and its customers against fraudulent activity
To manage payment of compensation under The Flight Compensation Regulation 261/2004.	√	–	–	–	N/A
To respond to Subject Access Requests.	√	–	–	–	Specific consent as required to process Subject Access Requests	N/A
To assess and defend claims made against Touring Highlights	–	–	√	–	As necessary to defend claim.	To investigate and manage legal claims.
To assist law enforcement bodies with their functions.	–	–	√	–	N/A	To comply with lawful requests by law enforcement bodies.

Who do we share your personal data with?

Essential Information

We share your personal information with our chosen third party suppliers who provide services to you and us (for example, hotels, tour operators etc); with local border control and law enforcement agencies (for example for fraud prevention or immigration control).

Some of these organisations may be located outside of the UK and therefore your personal data may be transferred between the UK and other countries. Where this happens, we have safeguards in place to ensure that your data is protected.

We are committed to the health and safety of our customers in managing the coronavirus (COVID-19) outbreak and will be working closely with health authorities, government agencies and our local agents, hotels and suppliers to secure appropriate assistance and support. As part of these efforts, we may ask for or share information with these third parties about customers who are in, or who may have travelled through, impacted areas. We will do this solely as necessary to help manage your safety and the safety of others.

Detailed Information

The types of third party service providers who we share your data with include;

• Third party suppliers that we work with to provide your flight, holiday or any other service you buy from us (e.g. hotels, transport companies, local operators excursion/attraction providers, car hire companies, travel insurance providers). We provide these parties only with the essential personal information about you that is needed to make sure your holiday runs smoothly together with any follow up information that may need to be shared to deal with incidents, complaints or feedback. Where those parties are using your personal information to provide their own services to you separate from your booking with us (for example, your chosen hotel may collect your address for their own local booking requirements or your car hire company may collect your driving licence details to meet local legal requirements) , they will be separate data controllers of that information. We would encourage you to read the individual hotel/attraction provider/etc privacy policy to understand how they handle your information and how to exercise your rights.

• Third party providers we are using to provide us services, for example, to help us understand our customer behaviour or help improve our website (e.g. marketing agencies, IT developers).

• We also share personal information with law enforcement agencies and other organisations involved in fraud prevention and detection (such as third party fraud management solution providers, banks and financial institutions) in order to identify potentially fraudulent bookings. We may also share your information with law enforcement and government agencies where this is reasonable for the prevention and detection of crime or if we believe a claim is being made fraudulently or if we have a safeguarding concern about a child.

• Courts, legal advisers, claims handlers – in order to assess and defend any legal claims made against us, we may share your personal information with our legal advisors and claims handlers.

• Third party successors to our business – If we sell or buy any business or assets, we will disclose your personal data to the prospective seller or buyer of such business or assets, and if we or part of our business is acquired by a third party, personal data about our customers will be transferred to that third party.

PTS or the CAA – In the event of our insolvency we, or any appointed insolvency practitioner, may disclose your personal information to the CAA, and/or PTS so that they can assess the status of your booking and advise you on the appropriate course of action under any scheme of financial protection.

How long do we keep your personal data for?

Essential Information

We will store your personal information for as long as is reasonably necessary for the purposes for which it was collected, as explained in this Privacy Policy. In some cases we may store your personal information for longer periods of time where we need to maintain an accurate record of your dealings with us to help manage complaints or claims you or others may raise, or otherwise comply with legal or regulatory requirements. If you would like to know more about how long we retain information please contact us

What are your rights?

Essential Information

You have several rights in relation to your personal data. These include accessing your data, correcting any mistakes, having your data erased, restricting the processing of your data, objecting to the processing of your data, data portability, and rights relating to automated decision making and profiling. In most cases there are conditions attached to these rights. Please see the relevant sections below if you want to find out more.

To exercise your rights please contact our Data Protection Officer at: [email protected] or, to make a request to access your data, follow the instructions below.

Detailed Information

Accessing your data

You can ask us to confirm whether we are processing your personal data and to give you a copy of that data along with further information about how we use your personal data.

You can request your data in writing or over the phone. To make a request in writing, please send your request to:  Touring Highlights, First Floor, Kennedy House, 31 Stamford Street, Altrincham, WA14 1ES; or electronically to: [email protected]. Please include details of the personal data you require in your request (along with any further details which may help us to identify you, such as dates and times of flights, destination and booking reference number if you know this).  To make a request over the phone, please call our contact centre, who will send your request onto us on your behalf.

Once we have received your request, we will seek to verify your identity through appropriate checks (which may include security questions or evidence of identification such as a copy of your passport).

If you are requesting a copy of personal data on behalf of a third party, please also send to us written authority from the individual whose data is required and a copy of their passport or driving licence. If the third party is a child under the age of 16, the written authority should come from a person with parental responsibility (along with a copy of the child’s passport).

You do not have to pay a fee for a copy of your information unless your request is unfounded, repetitive or excessive, in which case we will charge a reasonable amount in the circumstances.  We will let you know of any charges before completing your request.

We aim to respond to you within 1 month of receiving your request unless it is particularly complicated or you have made several requests, in which case we aim to respond within 3 months.  We will let you know if we are going to take longer than 1 month in dealing with your request.  If we have a lot of information about you we might ask you if you can tell us what exactly you want to receive.  This will help us action your request more quickly.

Correcting your data

You can ask us to correct any data which is inaccurate or incomplete.  This is free of charge.

We aim to deal with requests for correction within 1 month, although it might take us up to 3 months if your request is particularly complicated.

If we can’t action a request to correct your data, we will let you know and explain why this is.

Erasing your data

This right is sometimes referred to as “the right to be forgotten”.  This is not an absolute right but you have the right to have your data erased, free of charge, in certain circumstances. 

There are some exceptions to this right.  If one of these applies, we will confirm this to you and we do not have to delete the data.

Restricting the processing of your data

You can ask us to restrict the processing of your personal data in some circumstances, free of charge.  This is not an absolute right.  If processing is restricted we can store the data and retain enough information to make sure the restriction is respected, but we cannot further process your data.

We will tell you if we decide to lift a restriction on processing your data.

Objecting to the processing of your data

Objecting to the processing of your data is free of charge.  It is not an absolute right but you can object to our processing of your data where it is:

• based on the legitimate interests ground; or
• for the purposes of scientific/historical research and statistics.

We will stop processing your personal data unless we have compelling legitimate grounds for the processing which override your interests and rights, or unless we are processing the data for the establishment, exercise or defence of legal claims.

You can require us to stop using your data for direct marketing purposes.  We will process your request as soon as it is received but it may take up to 14 days for this to be effective.  There are no exemptions or reasons for us to refuse.

Data Portability

This allows you to obtain and reuse your personal data for your own purposes across different services.  It applies where the following conditions are met:

you provided the personal data to us yourself;

• we are processing the data either based on your consent or because it is necessary for the performance of a contract; and
• the processing is carried out by automated means.

We will provide your data free of charge in a structured, commonly used and machine readable form.  We aim to provide your data within 1 month of receiving your request unless it is particularly complicated or you have made several requests, in which case we aim to respond within 3 months.  If we are going to take longer than 1 month we will let you know and explain why we need more time.  If we consider that we cannot provide you with your data, we will contact you and explain why this is.

Contact and complaints

If you have any questions about this policy or about how we use your personal data please contact the Data Protection Officer at: [email protected]

If you’re unhappy about how we are processing your data or how we have responded to request or complaint, you have the right to make a complaint to our regulator. This is the Information Commissioner’s Office (ICO)