Privacy Policy
Last updated: August 2024
At Oliver's Travels, we understand the significance of your privacy and are dedicated to protecting your personal data. This privacy policy will inform you about how we collect and process your personal data in relation to the brand known as Oliver’s Travels.
Purpose of this privacy policy
Oliver's Travels Ltd, referred to as "Oliver's Travels," "we," "us," or "our" in this privacy policy, is responsible for your personal data. Oliver’s Travels Ltd is a company incorporated in England (company number 06631130), whose registered office is at Unit 6G, Clapham North Art Centre, 26-32 Voltaire Rd, London, SW4 6DH.
The purpose of this privacy policy is to outline the types of personal data we collect, how we process it, and your rights regarding your data.
We will process your personal data strictly in accordance with this privacy policy, or as otherwise communicated to you or agreed upon by you, and as permitted by data protection laws.
This website is not intended for children and we do not knowingly collect data relating to children. You must be at least 18 years old to make a booking on our website.
Please read this policy carefully to understand our practices regarding your personal data and how we will treat it. If you have any questions about this privacy policy or need further information, please contact our Data Protection Officer (DPO) at the contact details provided below.
Data controller and contact details
For the purposes of data protection legislation, we are a data controller in respect of the personal data you provide us with.
We have appointed a DPO who is responsible for overseeing questions related to this privacy policy. If you have any questions about this policy, including requests to exercise your legal rights, please contact the DPO using the details below.
Contact Details:
Full name of legal entity: Oliver's Travels Ltd
Data Protection Officer (DPO): Natasja Hassall
Email address: natasja@oliverstravels.com
Postal address: Unit 6G, Clapham North Art Centre, 26-32 Voltaire Rd, London, SW4 6DH
Telephone number: 0333 888 0205
Personal data we collect
We will collect, store and process information about you or other members of your party if you voluntarily provide us with such information when you use our services or make enquiries either by you or by a third party through whom you have made an enquiry or booking.
If you provide us with personal data about someone else, you must ensure you have the right to do so and that we can collect, use, and disclose this information as outlined in our Privacy Policy without needing further consent. You must also inform the individual about the details in this Privacy Policy, including our identity, contact information, data collection and use practices, disclosure practices, their rights to access and complain about their data, and any consequences of not providing the data.
The types of information we may obtain include:
- Identity and Contact Data – name, username or similar identifier, title, address, date of birth, place of birth, passport number, gender, email address, telephone number
- Financial Data – credit/debit card information (including card number, cardholder name, expiry date), bank account details and details about payments to and from you
- Marketing and Advertising Data – personal data related to your advertising preferences and your preferences in receiving marketing communications from us and third parties.
- Technical and Information Technology Data – personal data related to your use of our website, such as your IP address, login data, browser type and version, time zone setting, location, browser plug-in types and versions, operating system and platform, and other technology on your devices.
- Account and Profile Data – personal data related to your profile on our website, such as your username and password, enquiry and booking history, interests, preferences, feedback, and survey responses.
- Usage Data – personal data related to how you use our website, products, and services.
We also collect and use Aggregated Data, which consists of statistical or demographic information derived from your personal data but does not identify you. For example, we might aggregate Usage Data to determine how many users access certain features. While Aggregated Data itself is not considered personal data, if combined with personal data in a way that identifies you, we will treat it as personal data and handle it according to this Privacy Policy.
In addition, we may obtain certain Special Categories of Data which relates to your health or which reveals your racial or ethnic origin. Information regarding any disability, dietary restrictions, medical condition, restricted mobility or other health-related issues which may affect your travel arrangements (and related requirements) as well as dietary restrictions which disclose your religious beliefs or a health issue are special categories of personal data. This Privacy Policy specifically sets out how we may process these types of personal data.
If we require personal data to fulfil a contract with you and you do not provide it when requested, we may be unable to complete the contract. As a result, we might need to cancel the service you ordered, and we will inform you if this happens.
Sources of Personal Data Collection
We use various methods to collect data from and about you, including:
- Direct Interactions – you may provide us with your personal data directly through:
- Enquiring about our services via our website
- Requesting brochures
- Creating an account on our website
- Contacting us via phone, email, or post (please note all our calls are recorded for training and monitoring purposes)
- Subscribing to our services or newsletters
- Requesting marketing communications
- Participating in competitions, promotions, or surveys
- Providing feedback
- Making payments through our payment system
- Automated Technologies or Interactions – as you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions, and patterns through:
- Cookies
- Server logs
- Call recording
- Other similar technologies
- Third Parties – we may receive personal data about you from various third parties and public sources, including:
- Analytics providers
- Advertising networks
- Search information providers
- Providers of technical, payment, and delivery services
- Distribution channels
- Travel agents
How we use your personal data
We use your personal data for various purposes, relying on different legal bases for processing as permitted by law. Most commonly, we will use your personal data to facilitate or fulfil your booking. We provide more details about the lawful basis for using your data in the following list.
- Handling Enquiries, Communications, and Customer Registration
- Purpose: To respond to your enquiries, send requested information, register you as a new customer, and provide important updates about our products and services.
- Legal Basis: Legitimate interests and performance of a contract with you.
- Managing Your Booking
- Purpose: To deliver our products and services, including booking holidays, providing customer service, informing you about changes to our terms or privacy policy, providing important real-time information about the products and services you have ordered from us, and asking you to leave a review or take a survey.
- Legal Basis: Performance of a contract with you or taking steps at your request before entering into a contract.
- Processing and Delivering Your Order
- Purpose: To manage payments, fees, and charges, as well as collecting and recovering money owed to us. Credit/debit card payments are processed via our merchant provider on their secure platform.
- Legal Basis: Performance of a contract with you and necessary for our legitimate interests (to recover debts owed to us).
- Providing Suggestions and Recommendations
- Purpose: To suggest products and services that may interest you, measure the effectiveness of promotional campaigns, and ensure our marketing is relevant to you.
- Legal Basis: Legitimate interests, except where these are overridden by your interests or fundamental rights.
- Developing and Improving Products and Services
- Purpose: To enhance our website, products, services, marketing efforts, customer relationships, administrative processes and overall customer experience.
- Legal Basis: Legitimate interests.
- Administering and Protecting Our Business and Website
- Purpose: To administer and protect our business and website, including troubleshooting, data analysis, system maintenance, IT services, network security, fraud prevention, and facilitating business reorganisation.
- Legal Basis: Legitimate interests.
- Complying with Legal Obligations
- Purpose: To comply with legal obligations, such as health and safety legislation, and to assist in investigations or disclose information as required by law or legal authorities.
- Legal Basis: Compliance with a legal obligation.
- Engaging with Promotions and Communications
- Purpose: To enable you to participate in prize draws, competitions, and surveys, and to occasionally contact you with information about special offers, brochures, new products, events, or competitions. If you prefer not to receive such information, you can opt out in writing.
- Legal Basis: Legitimate interests.
Generally, we do not rely on consent as a legal basis for processing your personal data, except for sending third-party direct marketing communications via email or text. You can withdraw your consent to marketing at any time by contacting us.
Special Categories of Data
We may process special categories of data under the following condition.
- Sharing Health-Related and Dietary Information
- Purpose: To share information about disabilities, restricted mobility, or other health-related issues with property owners, and to share dietary restrictions with catering suppliers, as requested by you. Any other special categories of data will only be shared with third parties if explicitly requested and consented by you.
- Legal Basis: Performance of a contract with you. Explicit consent, which you may withdraw at any time.
We minimise sensitive data collection unless legally necessary, such as in emergencies.
Opt-Out Policy
Subscribers have the flexibility to opt out of receiving marketing communications at any time. You can manage your preferences by logging into our website and adjusting your settings or by following the opt-out links included in our marketing messages. Additionally, you can email us directly at marketing@oliverstravels.com to unsubscribe. Please note that opting out of marketing messages does not affect any personal data collected through transactions such as product or service purchases, warranty registrations, or other related activities.
Sharing Your Personal Data
We may share your personal data with various third parties for the following purposes:
- Service Providers: We disclose your data to suppliers and subcontractors who assist in delivering our services, such as villa owners, experience providers, and catering services. This also includes third parties involved in processing payments or performing administrative tasks.
- Regulatory and Legal Authorities: We may need to provide your data to government bodies, law enforcement, and regulatory agencies as required by law or for legal proceedings.
- Business Operations: Your data might be shared with professional advisers (such as accountants, lawyers, bankers and auditors) and to third parties during business transactions like mergers or asset sales.
- Marketing and Communications: If you opt-in, we may share your information with selected third parties for marketing purposes and with companies who provide services on our behalf, such as holiday gifts and marketing material.
We ensure that any third parties with whom we share your data adhere to strict security standards and use your information only for the intended purposes. Other than in relation to government and public authorities (over whom we have no control), we take appropriate measures to protect your data and ensure its secure handling.
International Data Transfers
To deliver our services, we may need to share your personal information with relevant overseas travel service providers. These providers will typically receive your information either in the country where they will perform the services or where their business operations or management are located.
Your personal data may be processed within the UK, the European Economic Area (EEA), or outside these regions. When transferring data outside the EEA, we ensure adequate protection through:
- Transfers to countries deemed to have adequate data protection by the European Commission.
- Implementation of standard contractual clauses to ensure data is handled securely.
Note: We may also transfer personal data to countries that do not have an adequacy decision from the European Commission. In such cases, we ensure that the recipient company is contractually obligated to handle your data strictly according to our instructions and to maintain robust security measures to protect it.
Data Security and Protection
We implement robust administrative, technical, and physical measures to safeguard your personal data against unauthorised access, accidental loss, or unlawful processing. Our security protocols include restricting access to your data to only those who need it for business purposes and ensuring that any third-party service providers are contractually bound to maintain data confidentiality and security. Additionally, we have procedures in place to address and report any data breaches in accordance with legal requirements.
Data Retention and Storage Period
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, and reporting requirements. Typically, we keep basic information for a minimum of six years following the end of our relationship with you, in compliance with tax regulations.
For data related to bookings, we store personal information for up to eight years from the date of departure. Marketing-related data is kept for eight years from the last interaction. After these periods, we may either delete your data or anonymize it for research or statistical purposes, depending on the context.
We review our data retention policies regularly to ensure compliance with legal requirements and adjust as necessary. For details on how to request data deletion or further information on our retention policies, please refer to the relevant sections in this policy.
Your Data Rights
You have several rights regarding your personal data, subject to applicable laws. These include:
- Access: Request a copy of the personal data we hold about you.
- Rectification: Request corrections to any inaccurate or incomplete personal data.
- Erasure: Ask us to delete your personal data where there is no valid reason for us to keep it, or if you have successfully objected to processing.
- Restriction: Request to limit the processing of your personal data in certain circumstances.
- Portability: Request your personal data in a structured, machine-readable format for transfer to another organization.
- Withdraw Consent: Withdraw consent for processing where applicable.
To exercise these rights or make a complaint, please contact our DPO using contact details above. We may need to verify your identity before processing your request.
We aim to respond to all valid requests within one month. If your request is complex or if you’ve made multiple requests, it may take longer. In such cases, we will notify and update you.
Updates to our Privacy Policy
Our Privacy Policy may be updated periodically to reflect changes in data protection laws, regulatory guidance, or our internal procedures. We encourage you to review the Policy from time to time to stay informed about how we collect, use, and protect your personal information. Updates to the Policy will be posted on our website, in brochures, and made available upon request.