Travel Escapes & Cruisescapes Privacy Policy

Privacy is a very important issue for everyone, and is a subject we handle as a priority. Looking after the personal data you share with us is extremely important. Trust, respect and fairness have always been values that are integral to our business and how we operate. This document outlines how we collect and use your personal data, so you can be confident it’s safe and secure with us, and to understand how we use it to give you a better customer experience. 

Our privacy notice aims to explain:

  • How we handle changes to this notice
  • Who we are
  • How to contact us
  • What types of personal data we collect, and why?
  • How we use the personal data provided to us
  • The legal bases we rely upon for processing personal data
  • How we protect and ensure personal data is handled securely
  • When and how we share personal data within our company and with other organisations
  • How long we store your personal information
  • The rights and choices you have in regard to your personal data
  • The consequences of not providing personal information to us

Changes to this notice

This notice replaces all previous versions. If the changes are significant, we will provide a prominent notice including, if we believe it is appropriate, email notification of privacy notice changes.  

Updated: August 2019

Who we are

The data controller is Spiral Hill Limited, trading as Travel Escapes, Cruisescapes and Cruise from Ireland (referred to in this notice as “we” or “us”) of Suite 30 The Hyde Building, The Park, Carrickmines. Dublin D18 EY94, Ireland.

We comply with the Data Protection Act 1998, the General Data Protection regulation 2016/679 and all relative European Union and Member State data protection legislation in force and as amended or replaced from time to time including, the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR).

How to contact us

We have appointed an internal data protection lead for you to contact if you have any questions regarding this privacy policy, our privacy practices or if you wish to exercise your data rights.

Data Protection Lead

Travel Escapes

Suite 30 The Hyde Building,

The Park, Carrickmines

Dublin D18 EY94

Ireland

dataprotection@travelescapes.ie

+353 1 2941000

What types of personal data we collect, and why?

Personal information you provide us

When you register for any of our services, request information, buy our products online or by telephone we will collect and store your information as required:

• Your personal details, including your email address, address and phone number

• Where applicable, your account login details e.g. your username and password

• Where applicable, passenger information, such as passport details, date of birth and insurance details

• Where applicable and with explicit consent, special requests such as dietary and disability requirements

• Your feedback and contributions to customer surveys and questionnaires. 

 • Personal data about other individuals, such as those people on your booking.  By providing other people’s personal data, you must be sure that they agree to this and you are allowed to provide it. You should also ensure that, where appropriate, they understand how their personal data is used by us. 

Personal information we collect about you

We collect information relating to your use of our services including: 

• Information on how you access our digital services, including your IP address, browser and operating system

• Information about your browsing behaviour on our websites

• Information on your browsing preferences in relation to our website through use of cookies. Click here to see our cookie policy

• Information about when and what you click on our website and on our adverts shown on other organisations’ websites

• Confirmation that you have opened or interacted with emails and other digital communications we send to you

• Information about your purchases or registrations, including what you bought, brochures you requested, when and how you made the purchase or requests

Other sources of personal data we use

• Specialist companies that supply information, and trusted partners 

• Your insurance company, their agents and medical staff exchange relevant personal data and special categories of personal data with us in circumstances where we/they need to act on your behalf or in the interest of other customers or in an emergency. Should we receive information from third parties, we will contact you to advise.

• If you log-in using your social network credentials e.g. Facebook and Twitter, your personal details are shared with us according to the terms and conditions of the social network. This could include your name, email address, date of birth and location. You can manage what you share via social sign-in through the social network’s own preference centre.  It should be noted that these third parties have their own security and privacy policies. You are advised to review these separately.

How we use personal data

To provide the products and services you request 

  • We need to process your personal data so that we can provide you with services that you have requested from us such as to provide you with the products and services you want, such as brochures and to manage your booking.  If you do not provide us with your personal data, this is likely to affect our ability to provide these services to you.
  • Where applicable and with explicit consent, we process any special requests you may have such as dietary and disability requirements.
  • You may receive service-related communications from us that provide important information about service, e.g., booking confirmations. 

Marketing and promotions activities

  • When you request a brochure, book or create an account with us we will ask if you would like to receive marketing communications. With your consent, we may periodically send you promotional material by email if you have opted in to receive marking communications from us.  You may at any time choose not to receive marketing communications from us by following the unsubscribe instructions included at the end of each email communication. You can change your contact preferences at any time by email, phone, in writing or by clicking the unsubscribe link that you will find on all our emails. This is entirely your choice but this will prevent you from receiving content or marketing information that we hope is of interest to you. 
  • We will not sell your data to 3rd parties and it would only be with your permission that we pass your details to our partners, including media publishers who will be named, so that they can send you information on their products and services. We will only do this if you agree to receive these marketing communications from those named partners.  
  • We will also keep you informed by post by using our legitimate business interest, with your consent to do so.
  • So that we can improve our products and services, we like to hear your views, so from time to time we will contact you for market research purposes. From time to time we invite our loyal customers to take part in surveys, questionnaires and other market research activities carried out by us or by other organisations on our behalf and we will process your personal data in order to improve the service we provide to you. We will only contact you with your explicit consent. You always have the choice about whether to take part in our market research. 
  • We measure your responses to marketing communications relating to products and services we offer, which enables us to offer products and services that better meet the needs of our customers.  We combine the personal data we collect across different sources, digital and offline, in order to provide you with relevant service and marketing communications (including online advertising relevant to your interests). 
  • We process your personal data so that we can manage any competitions you choose to enter. For example, if you win a prize. 

To personalise your experience  

We want to ensure that communications relating to our products and services, including our marketing information and that of our partners, including online advertising, are relevant to you.  To do this, we use your personal data, preferences, previous transactions and browsing behaviour to better understand you, and to try to predict what other products, services and information you might find the most relevant and interesting.  We use this information to evaluate your personal preferences and interests, which under the GDPR may constitute as customer profiling. We do so in pursuit of our legitimate interests which are:

  • To research and improve our products, services, and customer communications.
  • To personalise your experience.
  • To understand which of our products and services you find useful or interesting
  • To deliver services we believe you find useful or interesting
  • To understand the demographics of our customers
  • To manage and improve our products, websites, mobile apps, operations and other services. 

You can object to our use of your personal information for our legitimate interests, for profiling and for direct marketing purposes. If you do not want to receive a personalised service from us, you can change your preference by email, over the phone or in writing at any time. We will update our records as soon as we can.

Please contact us at: 

Data Protection Lead

Travel Escapes

Suite 30 The Hyde Building,

The Park, Carrickmines

Dublin D18 EY94

Ireland

dataprotection@travelescapes.ie

+353 1 2941000

To make contact and interact with you 

  • In the event you contact us, for example by email, post, telephone or via social media, we use personal data to provide clarification or assistance to you. 

To protect the vital interests of you or another individual

We may process your personal information if it is necessary to protect the vital interests of you or another individual and you are physically or legally incapable of giving consent, including:

  • To and to manage security operations, accidents or other similar incidents, including medical and insurance purposes.   This may include the exchange of personal data with your insurance company and medical staff in an emergency situation.
  • We use personal data to respond to and to manage security operations, accidents or other similar incidents, including medical and insurance purposes.  

To comply with our legal obligations

We may be required to process your personal information to comply with certain legal obligations to which we are subject, including:

  • To meet the entry requirements of the country you are visiting. So that you can travel, it is sometimes mandatory (as required by government authorities at the point(s) of departure and/or destination) to disclose and process your personal data for immigration, border control, security and anti-terrorism purposes, or any other purposes which they determine appropriate.   
  • Providing information to an Garda Síochána, the Revenue Commissioners or other Government bodies or agencies when required to do so by law.
  • If you have exercised one of your data rights, we will retain a copy of all correspondence to demonstrate our compliance with data-protection legislation
  • If you have exercised one of your data rights and ask us not to contact you by email at a particular email address, we will need to retain a copy of that email address in order to comply with your no-contact request
  • To carry out our statutory audit
  • If it is necessary to establish, exercise or defend legal claims

Legal basis for processing personal data

We collect your information for a number of purposes and rely on a number of different legal bases to use your personal information.  We will only collect and use your personal data if at least one of the following conditions applies: 

With your consent, which can be withdrawn at any time

We will, in certain circumstances, rely on your explicit consent to process your personal information.

  • Requests for brochures
  • Receive marketing communications from us
  • Your feedback and contributions to customer surveys and questionnaires
  • Participation in market research

To enter into and perform a contract with you

We will use your personal information to carry out our obligations arising from any contract you as our customer have entered into with including:

·To complete and manage a booking.

  • To receive service-related communications from us

To comply with our legal obligations

We may be required to process your personal information to comply with certain legal obligations to which we are subject, including:

  • To meet the entry requirements of the country you are visiting.
  • When required to do so by law.
  • To comply with data-protection legislation
  • To comply with your no-contact request
  • comply with your no-contact request
  • To carry out our statutory audit
  • To establish, exercise or defend legal claims

To protect the vital interests of you or another individual

We may be required to process your personal information if it is necessary to protect the vital interests of you or another individual and you are physically or legally incapable of giving consent, including:

  • To respond to and to manage security operations, accidents or other similar incidents, including medical and insurance purposes.  

Processing is necessary for the performance of a task carried out in the public interest 

We may process your personal information if it is in the public interest or we have official authority, including:

  • To respond to and manage security operations

Processing based on our legitimate interests

We process your personal information for carefully considered and specific purposes which are in our legitimate interests and enable us to enhance the services we provide, but which we also believe benefit our customers. Our legitimate business interests do not automatically override your interests. You have the right, free of charge, to object to our use of your personal information for our legitimate interests. If you wish to do so contact us at dataprotection@keithprowse.ie. Please bear in mind that if you do object, this may affect our ability to carry out certain tasks for your benefit.

  • We use personal data to manage and improve our products, websites, operations and other services. 
  • To better understanding your interests, so that we can predict which other products and services might be of most interest to you.  This ensures we can tailor our communications to be more relevant for you.
  • To research and improve our products, services, and customer communications.
  • To personalise your experience.
  • To understand which of our services you find useful or interesting
  • To deliver content we believe you find useful or interesting
  • To understand the demographics of our customers
  • To manage our everyday business needs. We may use your personal information to manage our every business needs, including for internal purposes such as auditing, data analysis, troubleshooting, accounting, providing customer service,  technical support and fraud prevention in our legitimate interest.  Our legitimate interest is the effective management of our business.
  • We use personal data to carry out market research and internal research and development, and to develop and improve our product range, services, IT systems, security, know-how and the way we communicate with you.  

Sharing personal data

With suppliers and partners

In order to provide products or services requested by you we share personal data with suppliers of your travel arrangements, including airlines, hotels and transport companies. 

  • We use Aer Lingus and Ryanair as two of our main short haul airline suppliers. While each customer will be provided with individual etickets or boarding passes as part of your travel documentation, the information contained on boarding passes for all clients on the same departure will be accessible for view via the airlines’s website using the booking reference provided by all customers on that group booking, this includes your full name and passport number.
  • We also work with carefully selected suppliers that carry out certain functions on our behalf. For example, companies that help us with IT services, storing and combining data, marketing, market research, processing payments and delivering products and services. When we share personal data with other reputable service providers it is conducted under contractual agreements where we require them to keep it safe, and we do not allow them to use your personal data for their own purposes including marketing. 
  • We only share the minimum personal data that enable our suppliers and partners to provide their services to you and us. 
  • On occasion, we need to share personal data to establish, exercise or defend our legal rights; this includes providing personal data to others for the purposes of preventing fraud and reducing credit risk. 
  • In the event that we enter into negotiations to sell or transfer any of our businesses or any of our rights or obligations under any agreement we have with you we will share your personal data with that organisation as necessary. If the transfer or sale goes ahead, the organisation receiving your personal data can use your data in the same way as us.

With regulatory authorities

  • So that you can travel, it is sometimes mandatory (as required by government authorities at the point(s) of departure and/or destination) to disclose and process your personal data for immigration, border control, security and anti-terrorism purposes, or any other purposes which they determine appropriate.   
  • Some countries will only permit travel if your advance passenger data is provided. These requirements differ depending on your destination and you are advised to check. Even if not mandatory, we assist where appropriate. 
  • We may share the minimum personal data necessary with other public authorities if the law says we must, or we are legally allowed to do so.  

With Other 3rd parties

  • We will not sell your data to 3rd parties and it would only be with your permission that we pass your details to our partners, including media publishers who will be named, so that they can send you information on their products and services. We will only do this if you agree to receive these marketing communications from those named partners.  

How we protect and ensure personal data is handled securely

 We take our responsibility to protect and manage your personal data very seriously. We take appropriate security and contractual measures to protect your personal data from accidental or unlawful destruction, loss, alteration, unauthorised disclosure, unauthorised access when it is being transmitted, stored or otherwise processed.  When we share personal data with other reputable service providers it is conducted under contractual agreements where we require them to keep it safe, and we do not allow them to use your personal data for their own purposes including marketing. 

Where you have been provided or chosen usernames and passwords for restricted areas of the websites, e.g. My Booking areas, you are responsible for keeping this information confidential. 

How long we store your personal information

We will retain your personal data for as long as it is necessary for the uses set out in this privacy notice and no longer than 12 years, and/or to meet legal and regulatory requirements. After this period, we will securely erase personal data or take appropriate measures to anonymise it, if data is needed after this period for analytical, historical or other legitimate business purposes.  

International transfers

Where applicable, and to fulfil the requirements of your holiday, we need to share your data with companies situated outside the European Economic Area (EEA).  These countries do not always afford an equivalent level of privacy protection and in such circumstances we take specific steps, in accordance with data protection law to protect your personal information.  In particular, for transfers of personal data outside the EEA we rely either on an adequacy decision by the European Commission or on contractual protection approved by the European Commission. Your personal data will be securely transferred within our group or to one of our reputable service providers who store and process this information outside the European Economic Area (EEA). Only the minimal amount of personal data required for a processing activity will be transferred and we can assure you that we have taken  appropriate steps to ensure your data is handled securely. We have appropriate agreements in place with our suppliers. 

Your data rights

You have several rights under data-protection law in relation to how we use your personal information.

  • You have a right to ask for a copy of the personal data we hold about you, and the right for data to be rectified or erased. You can write to us asking for a free copy of the personal data we hold about you, including any details you think will help us to identify and locate your personal data. Where further copies are requested we may charge a reasonable fee based on administrative costs. 
  • We want to ensure personal data held is accurate and up to date. If any of the details we hold are incorrect, please let us know. We will update or erase your data, unless we have to keep it for legitimate business or legal purposes.  
  • You can also object to the processing of your personal data, as well as the right, where technically feasible, to ask for personal data you provided to be transmitted to another organisation. 
  • You can restrict processing of your personal information in certain circumstances.
  • You can object to our use of your personal information for our legitimate interests, for profiling and for direct marketing purposes
  • You have the right not be subject to a decision which is based solely on automated processing where that decision produces a legal effect on you or otherwise significantly affects you. We do not make automated decisions of this nature
  • You can also contact the Data Protection Lead if you have a complaint about how we collect, store or use your personal data. We aim to resolve complaints but if you are dissatisfied with our response, you may complain to the local data protection authority.
  • In Ireland, this would be Data Protection Commission, 21 Fitzwilliam Square South, Dublin

D02 RD28, Ireland

  • For your security, we can ask you to verify your identity before we can act on your request or complaint.  

If you would like to make a request, please email or write to: 

Please contact us at: 

Data Protection Lead

Travel Escapes

Suite 30 The Hyde Building,

The Park, Carrickmines

Dublin D18 EY94

Ireland

dataprotection@travelescapes.ie

+353 1 2941000

Consequences of not providing information

Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to book a holiday). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.