Data protection and cookies guidelines
These data protection guidelines describe how personal data is processed when the RSD Travel Ltd website is used, including its mobile applications (our “Apps”). They also explain the choices you have regarding your personal data “(Your rights”), and how you can contact us.
I. Who is responsible and how can I contact the data protection officer?
The responsible body in terms of GDPR is RSD Travel Ltd 2nd Floor Suite, Cuttlemill Farmhouse Cuttlemill Business Park, Watling Street, Towcester NN12 6LF, UK.
Other contact options and the names of company representatives can be found in the legal information. For questions relating to the processing of your personal data by ourselves or the subject of data protection in general, please contact our data protection officer, who can be reached at the address listed under the Legal information or at the following e-mail address: firstname.lastname@example.org.
II. Your rights as a data subject
Each and every data subject has the following rights:
- Right of Access – to your personal data (commonly known as a ‘data subject access request’). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- Right to Rectification of Incorrect Data – This enables you to have any incomplete or inaccurate data we hold about you corrected, though we need to verify the accuracy of the new data you provide to us.
- Right to Erasure or ‘Right to be Forgotten’ – This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to restrict processing of your personal data (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
- Right to Object to Processing – where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you object to processing on this ground as your feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
- Right to Restrict Processing of Personal Data – This enables you to ask us to suspend the processing of your personal data in the following scenarios – If you want us to establish the data’s accuracy
– Where our use of the data is unlawful but you do not want us to erase it
– Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims
– You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
- Right to Data Portability – more commonly known as ‘the right to transfer your personal data’ enables you to ask us to transfer your personal data to you or a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machinereadable,format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Withdraw Consent – where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdrew your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent. If you wish to exercise any of the rights set out above, please contact us. You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
To exercise your rights as the concerned party, the easiest option is to contact email@example.com. or the address listed in the Legal information. You also have the right to complain to the data protection authority responsible for you.
III. Processing of personal data by RSD Travel Ltd
Below we would like to offer you a summary of how we safeguard the protection of your personal data when you access our website, and what types of personal data we use for what purpose and to what extent.
1. Processing of personal data from orders
1. Your trip
If you book a trip via RSD Travel Ltd, we will call upon appointed and regulated service providers to gather the data required to implement the trip. This may include your name, address, telephone number and email address, travel details (date of departure and arrival, departure airport or bus boarding location) and also booking data (trip selected, potentially an extension week). You are obliged to provide us with the data necessary to implement the contract otherwise we will not be able to book your trip.
For the implementation and handling of the trip, we pass on the necessary data to an agency which takes on local responsibility for organising the trip. This includes transmitting sufficient data to other companies involved in implementing the trip, such as the airline, the bus company responsible for local travel (to the hotel or for the round trip) and the hotel for pending overnight accommodation. If your holiday destination is outside the European Union / European Economic Area, both the agency and the other service providers will be based outside the European Union / European Economic Area. In this case, your data will be handled in accordance with the legal system in the relevant country where the companies are based. Your data will be transferred to the agency and other service providers of the booked destination country to perform the contract. Please obtain local information about the additional scope of data processing.
If you contact us by email with a query or use our contact form, we will collect the data shared with us in this way in order to handle your enquiry. Depending on the nature of your query, we will comply with possible requests to get in touch and respond to other information requests or a request to send out material (e.g. brochure orders).
The travel booking data will also be used to handle potential warranty claims or other complaints. In addition, this data may be passed on to external auditors and/or tax advisers for consultancy and auditing purposes. By law we have to keep basic information about our customers (including contact, identity, financial and transaction data) for six years after they cease being customers for tax and limitation purposes and data may be deleted once the compulsory legal retention periods have elapsed.
2. On the use of data for marketing purposes
RSD Travel Ltd and relevant appointed, regulated service providers (e.g. Lettershops) use name and address information for additional activities relating to customer loyalty and customer response. This includes sending out further information about interesting products and services by post and also issuing vouchers. This enables RSD Travel Ltd to alert its customers to additional interesting options for their holiday and to ensure long-term customer loyalty. Data will not be passed on to third parties for marketing purposes. Telephone numbers and email addresses will be used for promotional purposes, if separate consent has been given. The following exception applies: if RSD Travel Ltd has obtained your email address in conjunction with product sales, RSD Travel Ltd will use the email address to promote its own, similar products. You can object to this promotional use at any time, and you will be informed of this option when your data is collected and whenever a promotional approach is made. In the absence of additional consent, your name and address (including email address) will no longer be used for marketing purposes, unless you communicate an interest in continuing your customer relationship with RSD Travel Ltd over a period of 7 years. We use the following activity indicators: travel booking or trip reservation.
Furthermore, RSD Travel Ltd processes order data and data from the use of online products / services (company’s own websites) to personally customise your travel booking, to offer continuous enhancements and to present you with offers in future which are in line with your interests. We may use travel booking data plus data collected as part of using our offers / services to provide you with optimum support regarding your reservation and to point out interesting destinations from our range. Within the company, we process this data under a pseudonym in order to comply with your legitimate interest in the protection of your personal data. This data processing allows us to present you with products which we assume you will be interested in via personalised offers (website, email or as part of a postal promotion).
Your name and address plus the travel booking data and also any data arising from the use of our offers / services will no longer be used for marketing purposes (including profiling associated with direct marketing) unless you have indicated your interest in continuing your customer relationship with RSD Travel Ltd over a period of up to 5 years, for instance by booking a product offered by RSD Travel Ltd. We use the following activity indicators: travel booking or trip reservation. Once this 5 year period has elapsed, we may continue to use your name, address, date of birth, latest travel booking and destination for postal marketing purposes for an additional two years. If there is no response to our advertising within this period, we may delete this data once the two years have expired.
3. Subscription to email newsletters
We will send you an email newsletter once you have given your explicit consent for this. This consent includes newsletter personalisation.
RSD Travel Ltd has appointed a service provider to issue the email newsletter. Unless there is additional consent in place, this company generates anonymous statistics for us regarding newsletter access. This provides RSD Travel Ltd with an overview of the extent to which the newsletter is actually opened and how many subscribers have looked at a product. This data is collated purely in statistical form and is anonymous.
4. Credit card payment
Your credit card data is collected by TeleCash GmbH & Co. KG (TeleCash) and used exclusively to handle payment for the trip booked with us. Your data will not be used for any other purposes by TeleCash. RSD will not receive your credit card data in plain text format; instead, as evidence of payment, TeleCash simply provides us with an ID plus your credit card number in truncated, nonreadable format (123456******7890).
In order to verify whether the credit card details you have supplied are correct, our payment service provider TeleCash temporarily reserves a sum of £ 1 on your credit card. However, this sum is immediately released again. The actual debit will not take place until later.
5. Customer recommendations
If our customers inform us of other parties who might be interested in our offering, we collect the personal data shared with us for customer acquisition purposes. We process and use the name and postal address purely for sending out our brochure. For this purpose, we will pass on your data to the relevant designated service provider, such as a supplier or our service team. If the prospective party is not interested in our services, no further brochures will be sent. You are also obliged to let the person nominated by you know that you have shared their address details with us. For our records we will store your details (details regarding the interested party and the fact that you recommended this potentially interested party) for one year. Legal foundation for data processing: it is necessary for the purposes of our legitimate interests (or that of a third party).
2. Processing of data from access to our website – log files
Information of a general nature is documented automatically when you access our website. This information (server log files) includes the type of web browser and operating system used, the domain name of your Internet service provider and similar details. Your IP address is also transferred and used to offer you the service you want. This information is technically required in order to correctly provide you with the website content you have requested, and is generated anyway when you use the Internet.
We immediately anonymise or delete this log file data once the usage process has finished.
According to our IT security concept, the log file data generated is stored for a period of six weeks in order detect any attacks on our website and analyse them.
3. Processing of data from use of our website – your requests
If you send us a request via e-mail or via the contact form, we collect the data you have shared with us for processing and to answer your query. We store this information for audit purposes for a period of up to two years
4. Subscription to an e-mail newsletter.
We use the double opt-in method to process subscriptions to our newsletter. This means that, after you provide us with your e-mail address, we send a confirmation e-mail to your specified e-mail address in which we ask you to confirm that you would like to receive our newsletter. If you do not confirm your registration within 48 Hours, your registration will be automatically deleted. If you confirm your wish to receive the newsletter, we will save your e-mail until you unsubscribe from the newsletter. This data is stored in order to allow us to send you the newsletter. When you register and confirm, we also store your IP addresses and the times of your registration in order to prevent any misuse of your personal details and to provide proof that we are sending you the information correctly.
The only mandatory information required for us to send you the newsletter is your e-mail address. You have the right to withdraw your consent to being sent the newsletter at any time. Your withdrawal of consent will not affect the legality of the processing of your personal data up until that point. You can communicate your withdrawal of consent by clicking on the link included in every newsletter e-mail, by e-mailing firstname.lastname@example.org or by sending a message to the contact details set out in the Legal information.
5. Notes regarding the safeguarding of data security
On our sites, we take technical and operational security precautions in order to protect the personal data we store against access by third parties, loss or misuse, and to safeguard a secure transfer of data.
We must point out, however, that the structure of the Internet means that unwanted data access by third parties can still occur. It is therefore your responsibility to protect your data through encryption or other means against misuse. Without suitable protective measures, data transferred in unencrypted format especially, even if this is done via e-mail, can be read by third parties.
IV. Integration of third-party services
1. Integration of social plugins
Our website uses social plugins from various social networks such as Facebook.com, Twitter.com and Google+. These plugins are used to provide you with an opportunity to interact with your contact and easily share interesting information. These plugins can be recognised by their logos on the network. We use a 2-click solution, so that simply visiting the website does not cause any transfer of data.
Only if you click on such a plug-in will your browser establish a direct connection with server of the social network in question. The plugin content will be transferred by the network directly to your browser and integrated by the browser into the website. If these networks are based outside the EU or EEA, we are therefore unable to guarantee that your data will not be transferred to a server outside the EU / EEA and processed there. We have no influence on the scope of the data that the network in question gathers when this plugin is used, nor how long it is used for, and we therefore notify you based our present level of understanding:
by integrating the plugin, the network in question obtains information that you have visited the page on our website that you are currently on. If you are logged in to one of the networks, this network can allocate the information to your profile. If you do not want the network to gather information about your visit to our website, you must first log out of the network. It is however possible in theory that your network will learn your IP address and store it, even if you have not registered with it or are not logged in. We also do not have any information regarding how to delete the data collected by the plugin provider.
The plugin provider saves your data as a user profile and uses it for the purposes of advertising, market research and/or the needs-led design of its website. This type of analysis takes places in particular (including for users who are not logged in) to display needs-led advertising and to notify other users of the social network about your activities on our website. You have the right to refuse the creation of these user profiles by the service providers.
Information regarding the purpose, duration and scope of data collection, processing and use of your data, as well as your rights and options regarding privacy protection, can be found in the respective social network’s data privacy information:
2. Integration of YouTube
Our website uses plugins from the YouTube site operated by Google. The sites are operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.
If you visit one of our pages which is equipped with the YouTube plugin, a connection with YouTube’s servers will be established. This will tell the YouTube server which of our pages you have visited.
If you are logged in to your YouTube account, you enable YouTube to allocate your surfing behaviour directly to your personal profile. You can prevent this by signing out of your YouTube account.
YouTube is used in the interests of displaying appropriate offerings online. We only record the extent to which the YouTube videos integrated into our site are called up, and we delete this data after two years.
Further information on the use of user data can be found in YouTube’s data protection policy at: https://www.google.de/intl/de/policies/privacy.
3. Integration of Google Fonts
This website uses external fonts from Google Fonts, a service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (“Google”). To do this, the terminal device you are using calls up the selected fonts from Google Fonts and therefore automatically transfers the IP address being used, as well as the website you are visiting. With this add-on, the text and fonts on the page can be displayed correctly. Please be aware that data may be processed outside the EU / EEA. Google has signed up to the Privacy Shield to ensure an adequate level of protection. Whether and to what extent the queries are stored by Google is entirely Google’s responsibility.
V. Our cookies guidelines
You have the choice of whether to allow cookies or not. You can make changes in your browser settings. You basically have the choice of whether to accept all cookies, be notified when cookies are installed or reject all cookies. If you choose the last option, you may not be able to use all of the functions on our website.
If cookies are used, a distinction must be made between mandatory cookies and those used for other purposes (such as measuring access figures, advertising purposes).
2. Mandatory cookies when using the website
We use session cookies on our websites that are mandatory for the use of our website. These include cookies that allow us to recognise you while you visit the site in the context of a single session. These session cookies help to ensure the safe use of our service by allowing the secure processing of the basket function and payment process.
Below is a summary of the cookies that we use with your consent, obtained when you start using the website. For every instance of use, you will also find an opt-out option.
Tracking by Google Analytics
This website uses Google Analytics, a web analysis service from Google Inc. (“Google”). Google Analytics uses “cookies”, text files that are stored on your computer and which permit an analysis of your use of the website. The information generated by the cookie about your use of this website is generally transmitted to a Google server in the USA and stored there. If IP anonymisation is enabled on this website, Google first truncates your IP address within the Member States of the European Union or in other states of the European Economic Area Agreement. The full IP address is only communicated in full to a Google server in the USA and truncated there in exceptional cases. On our behalf, Google will use this information to evaluate your use of this website, to create reports about website activities and to provide us with other services associated with website use and Internet use. The IP address transmitted by your browser as part of Google Analytics will not be merged by Google with other data.
You can prevent the installation of cookies by making the appropriate settings in your browser software; we do point out, however, that by doing so you may be unable to use the full functionality of this website. You can also prevent any data generated by the cookies or data relating to your use of this website (including your IP address) from being transferred to Google or being processed by Google by downloading and installing the browser plug-in available via the following link: http://tools.google.com/dlpage/gaoptout?hl=de
We use Google Analytics to be able to analyse the use of our website and regularly improve it. The statistical information we obtain from this allows us to improve our services and make them more interesting for you as a user. For exceptional cases in which personal data is transferred to the USA, Google has signed up to the EU-US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework. The legal foundation for the storage of cookies is the consent given (Art. 6 para. 1 a of the GDPR). The further analysis of the data collected with Google Analytics takes place over a period of 26 months.
More information on this can also be found at http://tools.google.com/dlpage/gaoptout?hl=de or https://www.google.de/intl/de/policies/privacy/
(general information on Google Analytics and data protection).
Online marketing – Google Adwords tracking and remarketing
We use the Google Adwords service to draw attention to our attractive offers on external websites through the use of advertising materials (Google Adwords). These advertising materials are provided by Google through “ad servers”. Ad server cookie are used, which allow the evaluation of performance parameters such as ad impressions, clicks and conversions. This means that we are able to determine in relation to the advertising campaign data how successful the individual advertising measures are. If you access our website via a Google advertisement, Google Adwords stores a cookie on your PC. Generally speaking, these cookies become obsolete after 30 days and must not be used to identify you personally. The following analysis values are generally stored for this cookie:
- Unique cookie ID
- Number of ad impressions per placement (frequency)
- Last impression (relevant for post-view conversions)
Opt-out information (stipulates that the user no longer wishes to be approached)
These cookies allow Google to remember your Internet browser. If a user visits certain pages of the website of an Adwords customer, and the cookie stored on his computer has not yet expired, Google and the customer are able to detect that the user has clicked on the advertisement and has been forwarded to this page. Every Adwords customer is assigned a different cookies. Cookies therefore cannot be tracked via the websites of Adwords customers. We ourselves do not collect or process any personal data in the specified advertising measures. Google simply provides us with statistical analyses. These analyses allow us to determine which of the advertising measures used are particularly effective. We do not receive any further data from the use of advertising materials, and in particular we cannot identify users based on this information. The legal foundation for the storage of cookies by Google is the consent given.
Based on the marketing tools used, your browser automatically establishes a direct connection with the Google server. Please note that Google may process data outside the European Union. Google has signed up to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-USFramework. We also have no influence on the scope and further use of the data collected by Google through the use of this tool, and therefore inform you based on our current understanding:
Through the use of “tracking tools”, Google receives information that you have visited the relevant page of our website or have clicked one of our advertisements. If you are registered for a Google service, Google can assign the visit to your account. Even if you are not registered with Google and/or are not logged in, it is possible for the provider to learn your IP address and store it. You can find more information on data protection at Google here: http://www.google.com/intl/de/policies/privacy/ and https://services.google.com/sitestats/de.html
Use of DoubleClick by Google
By implementing these tools, your browser automatically establishes a direct connection with the Google server. Please note that data may be processed outside the European Union or European Economic Area. Google has signed up to the EU-US Privacy Shield,
https://www.privacyshield.gov/EU-USFramework. We also have no influence on the handling and further use of data by Google; this is Google’s responsibility.
Facebook Pixel / Custom Audience
We have integrated a Facebook Pixel into our website. When our site is accessed, users are forwarded to Facebook via a redirect mechanism. The following data can be transferred during this process:
- Unique cookie ID
- Website visited
Facebook can then tag the terminal device you are using with a cookie and unique ID, or any cookie that is already present can be read. If you are logged in to Facebook, this data can be used to post targeted advertising for us on your Facebook pages. The legal foundation for the storage of cookies is the consent given. You can refuse the further analysis of the collected data, for which Facebook is responsible, here: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen