This policy is in a layered format and you can re-route to the specific areas set out below with just a click. Please check the Glossary at the end which will give you a better understanding of the meaning of some of the terms mentioned under this policy.
Full name of legal entity: Travel Unravel Holidays Private Ltd
Email address: email@example.com
Postal address: Rear Ground Floor Hygeia Building, 66-68 College Road, Harrow, Middlesex, United Kingdom, HA1 1BE.
Telephone number: 0203 588 8444
If there is any concern regarding our use of your personal data, you may send a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority responsible to manage and protect the data and address issues related to it (www.ico.org.uk) We, however, would like to address a chance to deal with your concerns and address them before you approach the ICO. So in case of any concerns please contact us first.
This website includes third-party website links, some plug-ins, and applications. Clicking on any of these links or enabling the connected websites allows third party websites to collect or share the data about you. Travel Unravel has no control of these third-party websites and we cannot be held responsible for their privacy statements. Once you leave our website, we advise you to go through the privacy notice again on your next visit.
Personal information is defined as any information about an individual with which we as a service provider can identify a person. This does not include the identity in case it has been removed. This is known as anonymous data. We collect, use, store and transfer personal data about you which we have grouped together follows:
We collect, use and share Aggregated Data such as statistical or demographic data for marketing and other purposes. Aggregated Data is usually derived out from personal data but is not considered personal data. This is because under the law this data does not reveal your identity. For example, we may know the details regarding your Usage Data and from that, we can calculate the percentage of users accessing a specific website feature. But in case we combine Aggregated Data and personal data and identify you then it is treated as the combined data as personal data which will be used in this privacy notice.
Under Special Categories of Personal Data, we collect the necessary details to serve you with the services that you buy with us. These services include the details about your health, dietary requirements or any need for special medical support (e.g. oxygen or wheelchairs). Along with that, we may also require a clearance from your doctor to travel with a medical condition including pregnancy for more than 28 weeks. Apart from that, we do not collect any information about your race or ethnicity, religious, sexual life or orientation, political opinions etc.
In case we are required to collect your personal data by law or to fulfil your booking request and you fail to provide it, then we may not be held responsible for our inability to fulfil our services or to provide you with your requested bookings. But we will notify you if this is the case and we are cancelling your request at the time.
different methods are used to collect data from you. This includes:
We share your information about the travel arrangements and requirements from third-party suppliers. This is required to co-ordinate with flights booked directly with the airline.
(a) analytics [such as Google];
(b) advertising networks; and
(c) search information providers
When you reserve on someone else's behalf through us, we ask for personal information and other travel preferences. You should seek their consent before and only after that provide us with their information and preferences. If they want to amend or delete their information they can contact us directly otherwise their information will be accessible through your account only.
It is required by the law that we have a lawful basis in case we want to process your personal data. We use your personal data only if the law allows us to do so. We use your personal data in the following cases:
Our interest in conducting business and managing our business to enable us to give you the best service and secure experience is known as a legitimate interest. We balance any potential impact on you and your rights before processing your personal data. We make sure that we do not use your personal data for our interests that are overridden by the impact on you (unless we have your consent). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by Contacting us.
This means in order to process your data to perform and deliver your service to which you are a party or to take steps to fulfil your request before entering into such a contract. Comply with a legal or regulatory obligation intends at processing your personal data where necessary that we are subject to.
We do not rely on consent only as a legal basis to process your personal data other than sending you third-party direct marketing communications via emails. In case you do not want to receive that, you must withdraw the consent to market at any time by contacting us on the given details.
The below-listed are the ways we plan to use your personal data. Under the same, we have listed our legitimate interests for your information. We process your personal data for more than lawful grounds depending on the purpose of data use.
|Purpose/Activity||Type of data||Lawful basis for data processing including legitimate interest|
|New customer registration||(a) Identity
|Complete the requested services with you|
complete your travel booking including:
Managing payments, fees and charges
Providing you with information such as status updates about the service you have booked through us
Sharing booking information with suppliers so that they can fulfil your booking
Collecting any payments that you owe us
(e) Marketing and Communications
|(a) Complete the requested services
(b) Necessary for legitimate interests or to recover due payments
|Customer relationship management including:
(b) Asking you to write a service review
(d) Marketing and Communications
(a) Complete the requested services
(b) Necessary to comply with but under a legal obligation
(c) Necessary under legitimate interests to keep our data updated and insights on how customers use our services.
|To protect our business or the website (which includes troubleshooting, data analysis, testing, system maintenance, support, data hosting)||(a) Identity
(a) Necessary for our legitimate interests to run our business, network security, fraud prevention
(b) Necessary to comply with under a legal obligation
|Deliver website content and advertisements to customers and to measure or understand the effectiveness of the served advertisement||(a) Identity
(e) Marketing and Communications
|Necessary for legitimate interests to know how the customers use our services, to grow the business and to enhance our marketing strategy|
|Use data analytics to improve our website, services, marketing, customer relationships||(a) Technical
|Necessary for legitimate interests to define types of customers, to keep the website updated and relevant, business development|
|Suggestions and recommendations about services of your interest||(a) Identity
|Necessary for our legitimate interests to develop our services and business growth|
We give you the choice regarding personal data uses, particularly for marketing and advertising. We let you decide what marketing material you wish to receive from us or if you want to opt-out of receiving it.
We use your Name, Contact, Usage and Profile Data. This is used to form a view and decide what you may want or need or your interest. With this information, we decide the services and offers that we may be relevant for you. We send marketing communications you have requested information from us or details about the booked travel services on the details you shared with us. In such a case, you have not opted out of receiving our marketing emails.
We will get opt-in consent and only after receiving it we share your personal data with any company outside the Travel Unravel group for any purpose.
At any point in time, you can ask us or the third-party to stop sending you emails by logging into the website and adjusting your marketing preferences. You can also do this by Contacting Us on the provided details.
When you opt-out of receiving marketing messages, the same will not apply to personal data that we receive for making a booking or any other transactions.
We use your personal data for the purposes for which we collected it unless we reasonably consider that we need to use it for another reason which is compatible with the original purpose. If you want an explanation about the process for the new purpose, please contact us.
In case we use your personal data for an unrelated purpose, we will notify you.
We may share your data with the parties for the purposes set out above.
All the third parties associated with us respect the security of your personal data and to treat it by the law or as mentioned under this Policy. We do not allow third-party to use your personal data for any other purpose except the one specified under our instructions.
We share your personal data within the Travel Unravel Group. This includes transferring your data outside the EEA.
We make sure that your personal data is protected by all our group companies and they follow the same rules while processing your personal data. They are known as “binding corporate rules”. For more information, see European Commission: Binding corporate rules.
Our external third parties like the airlines and hotels are based outside the EEA. They may process your personal data and transfer it outside the EEA. If we transfer your personal data out of the EEA, we make sure that a similar degree of protection is offered and ensures following safeguards are implemented:
In certain circumstances we believe that the transfer is necessary for our contract with you. For example, if we have made a booking for you with a supplier outside the EEA or with your consent, which we seek and inform you about the situation. Contact us if you want any further information on the specific mechanism that we use when we transfer your personal data out of the EEA.
We have adequate security measures that help in preventing your personal data from being accidentally used or accessed in an unauthorised way. With that, we limit the access to your personal data to the employees and third parties associated with us who have a business need to know it. They use your personal data on our instructions and are subject to a duty of confidentiality under this Policy. We have put procedures to deal with suspected data breach and will notify you when we suspect any such activity.
We retain your data for as long as necessary. This is done to fulfil the services you requested for including any legal, accounting, or reporting requirements. To determine the exact retention period for personal data, the potential risk of harm from unauthorised use is considered as the determining factor for disclosure of your personal data. We use the data collected in during our previous transactions so that we can provide you with the best service when you book with us again. We are obligated under law to keep basic information about you for six years. Post that, you cease being customers and this is done solely for tax purposes. If you do not book with us again for more than six years we will delete your data.
In certain circumstances you are allowed to ask us to delete your data. Sometimes we may anonymise your personal data and use it for research or statistical purposes. In such a case, we use this information without any further notice to you.
Under some circumstances, you have the right under data protection laws regarding your personal data. With this, you may:
Ask to access your personal data (commonly known as 'data subject access request'. Under this, you can receive a copy of the personal data we hold about you and check if we are processing it lawfully.
You can ask us to correct the personal data about you. Under this, you have the right to get any incomplete or inaccurate data corrected. We will verify the accuracy of the new data and then do the required process.
Request deleting your personal data. You can do this under no good reason and ask us to stop processing it.
Note, however we may not be able to comply with your request of deleting for any legal reasons and we will inform you if applicable, at the time of request.
Intending to process your personal data we rely on a legitimate interest and your particular situation under which you want to object the processing. This must have the ground that you feel it might impact on your fundamental right or freedom. Your right to object can also arise is you have issues against direct marketing purposes. In cases like this, we may demonstrate that we have legitimate grounds to process your information.
You may request restriction of data processing. You may ask us to suspend the processing of your personal data: (a) to establish the data’s accuracy; (b) use of the data is unlawful; (c) to hold the data even if we no longer require it, exercise or defend legal claims; or (d) you have an objection to the use of your data but we are required to verify a legitimate grounds to use it.
You may withdraw the consent at any time to process your personal data. However, this will not affect the lawfulness of any processing carried out before your withdrawal. However, your withdrawal may lead to our inability to provide you with certain services to you. We will inform you about this at the time you withdraw your consent. If you still want to go ahead and practice any of the rights mentioned above, please Contact us.
We request you and ask you for specific information to confirm your identity and ensure that you have the right to access your personal data (or any of your rights). For us, this is a security measure to ensure that personal data is not disclosed to any other person who has no rights on it. We will contact you to ask you for further information about your request inorder to speed up the response and process.
We respond to all the legitimate requests within one month of the time from where the request has been initiated. However, it may take longer than a month if your request is complex or you have made multiple requests. In such a case, we will keep you updated.