TotalTrips.com Group Limited (referred to as "TotalTrips.com", "We", "Us" or “Our”) is the full name of the legal entity and controller of your personal data. We respect your data and your privacy is important to us. This policy explains what personal data we collect and how it is used. It also explains what rights you have over your personal data and how you can use those rights.
We operate an online service that provides users with information and recommendations for travel and travel planning, including flights, accommodation and attractions. In this policy, these are collectively referred to as our “services”. These services may be accessed via computer, phone, table or similar devices, collectively referred to as “device”.
2. Information collected
Personal data means any information that identifies an individual directly or that can be indirectly combined with other information to identify them. When you access or use our services, we collect information from and about you to provide a more personalised and relevant experience.
You may provide us with some data directly, including:
- Contact information such as your name and email address;
- Username and password;
- Photos, reviews, forum posts, social media posts and videos;
- Comments and feedback.
Other information may be collected automatically. For example, when you use our services by clicking-through from a third-party website or when you visit third-party websites via our services, those third-party websites may share information with us, including:
- Device information, such as when you accessed our services and information about the device used (for example, IP address, software or internet browser used);
- Online activity, including pages you have visited, content reviewed.
Children’s data: Our website does not knowingly collect any personally identifiable information from children under the age of 16. If a parent or guardian believes that we hold personally identifiable information of a child under the age of 16, please email firstname.lastname@example.org immediately to enable us to take appropriate action to remove this data.
Criminal offence data: We will not request any data related to criminal convictions or offences from you and you should not share this with us at any point, including via email, social media sites, or on our website.
3. Information uses
We are only allowed to use your data if we have a lawful basis for doing so, including:
- When it is in our legitimate interest;
- When you consent to it;
- To fulfil a contract we have with you; or
- To comply with the law.
The following section outlines how we use your personal data and the lawful basis for it.
A legitimate interest is when we have a business or commercial reason to use your data. This involves us making an assessment to validate whether we can fairly use this lawful basis. Our legitimate interests include keeping our records up to date, fulfilling our legal, compliance and contractual duties, working out which of our services may interest you, improving our website and services, developing and telling you about new services, and conducting market research.
We use your data under this lawful basis to:
- Communicate with you via our website, email, social media or other telecommunications. Data shared in this way may be used for staff training, troubleshooting, quality improvement purposes, and establishing facts and dealing with queries, concerns or complaints that you may raise.
- Register you for services such as our online forum to enable you to post comments, photos and videos on our website or social media, and to communicate with other users.
- Monitor comments you post on our website and social media to contact you and use this information to improve our services.
- Analyse data from your interactions with us to understand you better as a customer, including recording which electronic marketing or newsletters seem to be of interest to you, if you have consented to receive them. We may then send you emails including offers tailored to your perceived preferences.
- Customise your experience, including the advertisements visible to you across our services and the internet.
- Notify you about competitions, special offers, products or services available from us, our affiliates, or our partners that may be of interest to you.
- Send you invitations to participate in surveys or market research, and to contact you where you provide us with responses to discuss these further.
- Verify your identity in certain circumstances.
- Prevent potentially prohibited or unlawful activities.
- Enforce our terms outlined to you at the point of collection.
In certain instances, we need your explicit consent to process your personal data. We rely on your consent in order to:
- Send you electronic marketing or newsletters, including promotions and offers, in relation to our services.
- Use data for other purposes where we explain that purpose when we ask for your consent.
When you give consent, you are able to withdraw that consent at any time by emailing email@example.com. If you do so we can only continue to use your data if another legal basis applies, such as when we’re required to do something by law.
You have a right to opt-out of direct marketing at any time. You can opt out of marketing by selecting “unsubscribe” in emails or by emailing firstname.lastname@example.org.
We may request and record personal data at your request when entering into a contract with you, such contracts cover:
- The purchase of any products or services directly from us.
- If you enter a competition we run.
To comply with the law
In certain situations, we will process your data to comply with legal requirements, these may include:
- Legal, compliance and investigative purposes, including government and law enforcement
- Exercising your rights under data protection legislation, including requesting to unsubscribe from our marketing communications.
We do not undertake any form of automated profiling.
We will only use your personal data for the purpose it was originally collected or a compatible purpose. If we need to use your data for a new purpose, we will contact you to obtain consent and inform you of the new purpose.
4. Information sharing
In order to provide some of our services, we may need to share information with selected third parties. Third parties may only collect or access information for specified purposes and in accordance with our instructions.
Data is shared with the following third parties:
- Business partners: These may include professional contractors and service providers who provide IT and administration services, for example. This sharing is generally pursuant to agreements which include confidentiality, privacy and security obligations; however, we do not control the privacy practices of these third-party business partners.
- Social media sites: When you access our services via third-party social media sites or apps, the information you share will be governed by the privacy policies of those social media sites or apps and the privacy settings you have set with them.
- Community: Software? Data stored?
- Analytics: Google?
Certain device operating system versions permit you to opt out of certain types of information sharing. Please check your device settings if you want to limit such tracking.
We will not sell, distribute, or reveal your email addresses or other personal information without your consent. However, if our business is to be integrated with another business or sold, your details would be shared with our advisers and any prospective purchaser’s advisers. Your information could be passed to the new owners. You would be notified in this event.
Personal data may also be shared with government authorities and/or law enforcement officials for the prevention or detection of crime, if required by law or if required for a legal or contractual claim.
5. Information transfers
Sometimes we send or store your data outside of the European Economic Area (the EU plus Iceland, Lichtenstein and Norway) (‘EEA’). For example, to work with or receive services from our service providers who we use to help deliver our services.
If we transfer your information to other countries, we will use and protect that information as described in this Policy and in accordance with applicable law. We will also ensure there is a similar degree of security by using one of the following safeguards:
- Transfer it to organisations that are part of Privacy Shield. This is a framework that sets privacy standards for data sent between the US and EU countries. It makes sure those standards are similar to what is used within the EEA.
- Transfer it to a non-EEA country with privacy laws that give the same protection as the EEA. Some countries have been deemed adequate by the EU.
- Create a contract with the recipient that means they must protect it to the same standards as the EEA or use other mechanisms and measures to achieve adequate protection.
6. Information retention
We will only retain your information for as long as is necessary to fulfil the purposes we collected it for. We also keep your data in line with any statutory limitation periods and for tax, legal or regulatory purposes. In addition, we may retain your information for the duration of any period necessary to establish, exercise or defend any legal rights.
The period for which we will retain your personal data depends on the purposes for which we are processing it and where the same personal data is processed for two or more purposes, we will retain it for the longest period.
In some circumstances we may anonymise your personal data for analytical purposes, in which case we may use this information indefinitely without further notice to you.
7. Your rights
You have rights over your personal data, you can:
- ask for a copy of your information;
- ask for information to be corrected;
- ask for information to be erased or deleted;
- ask for us to limit or restrict processing;
- object to us processing your data, in particular, where we do not have to process the data to meet a contractual or other legal requirement and in relation to processing for direct marketing purposes, including profiling for direct marketing purposes;
- ask us to send you a copy in a structured digital format or ask for us to send it to another party.
You can unsubscribe from marketing communications at any time. To opt out of direct marketing, including profiling for direct marketing purposes, you can select “unsubscribe” in emails, or email email@example.com.
If you want a copy of your data, to object to how we use your data, ask us to delete it or restrict how we use it, please email firstname.lastname@example.org. To process a request from you, we may need to confirm your identity to ensure we’re accessing the right data. In some circumstances there may be a compelling legitimate interest to keep processing data.
You will not have to pay a fee to exercise any of your rights. However, we may charge a reasonable fee if your request is clearly unfounded, excessive or repetitive. We may also refuse to comply with a manifestly unfounded or excessive request.
We aim to respond to requests within one month although it may take longer if your request is particularly complex or you have made a number of requests. We will notify you if this is the case.
8. Cookies and similar technologies
If you have any questions about this Policy or how your personal data is managed, please email email@example.com.
You also have a right to complain to an EU data protection authority. In the UK, the authority is the Information Commissioner’s Office (the “ICO”). You can contact them by calling 0303 123 1113 or online at www.ico.org.uk/concerns.