Your personal data allows us to the provide you with the Services You have asked for, as well as enabling us to improve and personalise our Services by understanding your interests and preferences.
We are registered in England and Wales under company number 11513523 and have our registered office at 10 Norwich Street, London EC4A 1BD.
When you visit our website or use our Services, we collect personal data from you via three main methods:
Information you provide to us directly. This may include when you:
we get from third parties. Most of the data we collect about you we collect from you directly but sometimes we might also collect personal data about you from publicly available materials or trusted third parties like our marketing and sales partners, travel agents and travel websites. Information from these sources may be used to supplement the personal data we already hold about you, to personalise and improve our Services or to validate data provided by you.
Depending on which of our Services you use or access, we may collect, use, store and transfer different kinds of personal data about you including:
We will only ever process your personal data:
Primarily we use your personal data to operate our website, to provide our Services to you and to manage our relationship with you. We may also use your personal data for other purposes including:
We may need to share and/or process your personal data with third parties. We will only disclose your personal data to:
Most personal data collected and processed during the use of any of our Services is stored on servers located in the European Economic Area (“EEA”). Information may be transferred to our other offices and/or to third parties, which may be situated outside the EEA and may be processed by staff operating outside the EEA. When we transfer personal data from the EEA to other countries in which applicable laws do not offer the same level of data privacy protection as in the EEA, we take measures to provide an appropriate level of data privacy protection and such transfers are only made with your express individual consent, and/or for the reason that the transfer is necessary for one of the following reasons:
We may use your Identity, Contact, Technical, Usage and Profile Data to form a view as to what we think you may want or need, or what may be of interest to you. This is how we decide which of our Services and offers may be relevant for you.
You may receive marketing communications from us if you have requested information from us or purchased Services from us or if you provided us with your details when you registered for an account on our website or a promotion and, in each case, you have not opted out of receiving that marketing.
We will get your express opt-in consent before we share your personal data with any company outside the GHS group of companies for marketing purposes.
You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us at firstname.lastname@example.org.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
We will we keep your Contact Data after for a reasonable period of time after a contract between you and us has ended in case you choose to use the relevant Services again. In such event and unless you have opted-out of receiving marketing communications from us, we may contact you about our Services during this time.
Following the period outlined above we will ensure that your personal data is deleted or anonymised.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
If you register for an account on our website you are responsible for upholding the confidentiality of your password and account information.
You have rights under data protection laws in some circumstances to:
You can exercise these rights at any time by sending an email to email@example.com.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
You will not usually have to pay a fee to access your personal data (or to exercise any of your other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
If you are not happy with the way in which we are processing your personal data you have the right to make a complaint to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance at firstname.lastname@example.org .
Attn: The Data Protection Officer
Blue Orchid Group Limited
The Wellington Hotel
71 Vincent Square
London SW1P 2PA