This Privacy Notice sets out what information we collect, how we collect it and what we do with it.
We have endeavoured to structure this Notice in an easy to read and accessible way. We aim to be clear and transparent about the information we are collecting and what we do with that information.
It applies to you and is available on our website(s) and through other channels. In all your dealings with us you must ensure that others you represent are aware of the content of our Privacy Notice and consent to your acting on their behalf.
The data controller is Saddle Skedaddle, The Cycle Hub, Quayside, Newcastle Upon Tyne, Tyne and Wear, UK, NE6 1BU
In summary, we will:
- Only gather the essential information we need in order to provide you with your holiday or the service you are looking for
- Not share your information with anyone we don’t have to
- Only send you relevant information and give you the option to unsubscribe
- Only hold your information as long as we need to
- Take all reasonable steps to store your information securely
We will happily chat through our policy, feel free to call us if you have any questions. For the full details see below.
- Information we hold about you:
- Your personal information
- What we do with your information and who we share it with
- Your Marketing materials preferences
- The basis on which we use your data
- How long we hold your data
- Your rights
- Foreign Controls
- Advice and assistance
Information we hold about you
Your Personal Information
This refers to a combination of information such as your name, contact details including email phone number and address, travel preferences and arrangements, special needs/medical conditions/disabilities/dietary/height requirements, passport and emergency contacts that you supply to us or is supplied to us, your communication, enquiry and travel history with us, your use of our website including your social preferences, interests and activities and any information about other persons you represent (such as those on your booking).
Your information is collected when you contact us over the phone, by mail, by SMS, by email, or via our website; to make a booking; use our website(s) to search for or request information about our holidays or services; subscribe to newsletters or printed materials; make a general enquiry about our holidays; link to or from our website(s), connect with us via social media, and any other engagement we or our business partners have with you.
From time to time and where relevant we may receive personal data from third parties including, for example, business partners; sub-contractors in technical, payment and delivery services; advertising networks; analytics providers; search information providers; credit reference agencies and debt collection and tracing agencies; other companies in the same group as Saddle Skedaddle Limited.
We will update your information whenever we can to keep it current, accurate and complete.
Please remember, most of the personal information, and all of the marketing preferences we hold on you can be accessed and updated by you via the My Account section of our website.
What we do with your information and who we share it with
(1) We use your information to carry out our obligations arising from your holiday booking and subsequent contracts entered into between you and us and to provide you with the information, products and services that you request from us; to communicate and notify you about changes to our service; and where relevant, to provide customer support and assistance services.
(2) To enable us to administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes as part of our efforts to keep our site safe and secure.
(3) For the purpose of providing you with our holidays, services, security, incident/accident management or insurance etc we will need to pass on your information to our suppliers (including but not exclusively tour operator partners, accommodation, transfer companies, guides) and other bodies within the UK/EEA where the same data regulations apply. There may be instances where local authorities require certain information for security or anti-terrorism purposes or any other purposes which they determine appropriate. These requirements may differ depending on your destination and you are advised to check. Even if not mandatory, we may exercise our discretion to assist where appropriate.
Again, there may be instances where local authorities require certain information for security or anti-terrorism purposes or any other purposes which they determine appropriate. These requirements may differ depending on your destination and you are advised to check. Even if not mandatory, we may exercise our discretion to assist where appropriate.
(5) We collect and process your information for the purposes set out in this document and share the same with other companies for business purposes and our service providers who act as “data processors” on our behalf. These purposes include, administration, quality and improvement-related activities, customer care, product development, business management, operation and efficiencies, health and safety and risk assessment/management, legal and security, fraud and crime prevention/detection, monitoring, research and analysis, social media, reviews, advertising and marketing, loyalty programmes, profiling customer purchasing preferences, activities and trends, dispute resolution/litigation, credit checking and debt collection. These specifically include but is not exclusively restricted to:
- Share complaints with our membership organisations ABTOT or ABTA
- If we exchange email with you our email system is provided by Microsoft Corporation in the European Union
- If we send you information about our products and services, your details are processed by “Send Grid” or MailChimp
- If you choose to pay online via our website, your details are processed by Sagepay
- IT and websystems are maintanined by Root Solutions, JUMP and Adept Communications.
- We do not disclose information about identifiable individuals to our advertisers, but we may provide them with aggregate information about our customers
- Analytics and search engine providers Cameo assist us in the improvement and optimisation of our site
- Credit reference agencies for the purpose of assessing your credit score where this is a condition of us entering into a contract with you
- Central government as required
- Debt collection and tracing agencies
- Business associates and other professional advisers
- Employees and agents of the data controller
- If you were to make a complaint, share information with trade and professional bodies
- Police forces and private investigators
- Ombudsmen and regulatory authorities
(6) We will disclose your personal information to other third parties:
- In the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets.
- If Saddle Skedaddle Limited or substantially all of its assets is acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
(7) Information (such as health) may be considered “special category data” under the General Data Protection Regulation. We collect it to provide you with our services, cater to your needs or act in your interest, and we are only prepared to accept sensitive personal data on the condition that we have your positive consent. By booking with us you also agree for your insurers, their agents and medical staff to exchange relevant information and sensitive personal data with us in circumstances where we/they need to act on your behalf or in the interest of passengers or in an emergency.
If you do not agree to 'What we do with Your Information and who we share it with' above, we cannot engage/do business with you or accept your booking. If there is something you feel particularly concerned about do please contact us on email@example.com.
Your marketing material preferences
(1) Using your information, we may from time to time contact you with or make available to you (directly or indirectly) information on offers of goods and services, brochures, new products, forthcoming events or competitions from us and our group companies. You will have the choice to opt out of receiving such communications by indicating your choice at the booking or enquiry stage. You will also be given the opportunity on every e-communication that we send you to indicate that you no longer wish to receive our direct marketing material.
(2) We will try and tailor the information you receive or see; this will enable us to make available to you more personalised and relevant communications. You can inform this by checking certain boxes on the forms we use to collect your data. You can also ask us at any time by contacting us. We may also use innovative technologies to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you and work with business partners to achieve this.
(3) We will assume you agree to other general email communication when you make an enquiry, an e-booking or provide us with your email in other situations such as, competitions, promotions, prize draws and social media.
(4) If you do not wish to receive such information or would like to change your preference, please refer to “Your Rights” below.
The basis on which we might use your personal data.
We will only use your personal data where one or more of the following apply:
(1) You have given your consent to the use (which you can withdraw at any time by notifying us), or
(2) It is necessary for the performance of a contract between us, or for the taking of steps at your request with a view to entering into a contract, or
(3) It is necessary for compliance with a legal obligation that we must comply with, or
(4) It is necessary in order to protect your interests.
(5) It is either the disclosure of personal data by us as a member of an anti-fraud organisation or otherwise in accordance with any arrangements made by such an organisation; or any other use by us of personal data, and it is necessary for the purposes of preventing fraud or a particular kind of fraud.
(6) It is necessary for us to pursue our legitimate interests such as marketing our services in the appropriate circumstances for example where you have used our services and have not objected to receiving information about further services of a similar nature.
How long will we hold your personal data for?
We will keep your data only for as long as it is necessary for the particular purpose or purposes for which we hold it unless there are any legal or operational reasons to hold it for a longer period.
To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the personal data, the purposes for which we process it, and whether we can achieve those purposes through other means.
We must also consider periods for which we might need to retain personal data in order to meet our legal obligations or to deal with complaints, queries and to protect our legal rights in the event of a claim being made.
When we no longer need your personal data, we will securely delete or destroy it. We will also consider if and how we can minimise over time the personal data that we use, and if we can anonymise your personal data so that it can no longer be associated with you or identify you, in which case we may use that information without further notice to you.
(1) On completing our Data Subject Access Request form. You can ask to see a copy of the information that we hold about you, and for corrections to be made to any incorrect information. We want to be as helpful as possible and, in most cases will provide the information within one month of your request. We do not have to provide information in all cases including where it would involve disclosing information about another person or where a request is excessive or manifestly unfounded.
(2) You have the right to receive the data concerning you in a structured, commonly used and machine readable format and you have the right to transmit the data to another controller.
(3) You can also ask us for the following information:
- the purposes of the processing;
- the categories of personal data concerned;
- the recipients or categories of recipient to whom the personal data have been or will be disclosed;
- where it is possible for us to provide the information, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
- where we have not collected the data from you, any available information as to their source.
(4) You can ask us to erase any data that we hold about you where one of the following grounds applies:
- the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- you withdraw your consent to the processing and there is no other legal ground for the processing;
- you object to processing on grounds relating to your particular situation and our legitimate grounds for processing do not override your interests;
- you object to processing for direct marketing purposes;
- the personal data have been unlawfully processed;
- the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which we are subject.
(5) We are not required to erase your data where we need to process your data:
- for exercising the right of freedom of expression and information;
- for compliance with a legal obligation which requires processing by Union or Member State law to which we are subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in us;
- for reasons of public interest in the area of public health;
- for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes so far as the erasure of data is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
- for the establishment, exercise or defence of legal claims.
(6) You can ask us to restrict our processing of your data where one of the following applies:
- you contest the accuracy of the personal data we hold about you for a period enabling us to verify the accuracy of the personal data;
- the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
- we no longer need the personal data for the purposes of the processing, but the data are required by you for the establishment, exercise or defence of legal claims;
- you object to processing on grounds relating to your particular situation pending the verification of whether our legitimate grounds for processing override your interests.
(7) You have the right to ask in writing not to receive direct marketing material from us at any time. You can amend your previous preference on our website(s) through the My account facility, or where appropriate use the “unsubscribe” facility in our direct marketing, opt-out of personalised emails or refer to our literature containing instructions. Once properly notified by you, we will take steps to stop using your information in this way.
Please write to Saddle Skedaddle, The Cycle Hub, Quayside, Newcastle Upon Tyne, Tyne and Wear, UK, NE6 1BU or alternatively firstname.lastname@example.org.
Outside the European Economic Area (EEA), data protection controls may not be as strong as the legal requirements in this country.
Use of tools/"cookies" and links to other websites
Our website(s) may contain links to third party websites or micro-sites not controlled or owned by us. For example, reference sites or ancillary products and services sites or websites. It is your responsibility to check the status of these sites before using them. Please read carefully their applicable terms and conditions, etc.
To ensure that we carry out your instructions accurately, improve our service and for security and fraud, we may review, monitor and/or record: (1) telephone calls; (2) activities using CCTV in and around our premises; (3) transactions and activities at all points of contact; and (4) web, social media and app traffic, activities, etc. All recordings and derivative materials are and shall remain our sole property.
We have taken all reasonable steps and have in place appropriate security measures to protect your information in accordance with this privacy notice.
The data that we collect from you may be transferred to and stored at a destination outside the European Economic Area ("EEA"). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. This includes staff engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data and have contractual processes in place with our business partners to do this, we cannot guarantee the security of your data transmitted to our site. Once we have received your information, we will use relevant procedures and security features to try to prevent unauthorised access.
Advice and Assistance
Questions, comments and requests regarding this privacy notice are welcomed and should be addressed to the Saddle Skedaddle The Cycle Hub, Quayside Newcastle upon Tyne, Tyne and Wear, NE6 1BU
Should you be dissatisfied with the way that we are handling your data and you are unsatisfied with our response, you also have the right to lodge a complaint with the UK Information Commissioner’s Office. You can call their helpline on +44 (0) 303 123 1113 or https://ico.org.uk/concerns/. Alternatively you may chose to speak to your own national data protection regulator if you are outside the UK.
Changes to this privacy notice
We keep our privacy notice under regular review. This privacy notice was last updated on 23 May 2018.