This is the privacy notice of Boutique Tours of Wales Ltd. We are a limited company registered in the UK and our company number is 11905538. Our registered office can be found at Commodore House, 51 Conwy Road, Colwyn Bay, Conwy, LL29 7AW.
It covers information that could identify you (“personal information”) and information that could not. In the context of the law and this notice, “process” means collect, store, transfer, use or otherwise act on information. It tells you about your privacy rights and how the law protects you.
We are committed to protecting your privacy and the confidentiality of your personal information. Our policy is not just an exercise in complying with the law, but a continuation of our respect for you and your personal information. We will undertake to preserve the confidentiality of all information you provide to us, and hope that you also reciprocate.
Our policy complies with the Data Protection Act 2018 (Act) accordingly incorporating the EU General Data Protection Regulation (GDPR). The law requires us to tell you about your rights and our obligations to you in regard to the processing and control of your personal data. We do this now, by requesting that you read the information provided at http://www.knowyourprivacyrights.org
Except as set out below, we do not share, or sell, or disclose to a third party, any information that we have collected through our website.
Communicating with us:
When you contact us, whether by telephone, through our website or by e-mail, we collect the data you have given to us in order to reply with the information you need.
Data that we process
Personal information that we collect and use:
We may collect, use, store and transfer different kinds of personal data about you. Personal information means details which identify you or could be used to identify you, such as your name and contact details, your travel arrangements and purchase history. It may also include information about how you use our websites and mobile applications. In the course of you making a private tour booking with us, we will collect the following personal information from you in order that we can fulfil your booking arrangements.
We have collated these into groups as follows:
- Your identity information, such as first name, last name, title, date of birth, and other identifiers that you may have provided at some time, including any accompanying passenger names.
- We may also require additional details such as medical or disability conditions or personal diets that may affect you.
- Your contact information includes elements such as your personal address in the country of residence, email address, telephone numbers and any other information you have given to us for the purpose of communication, administering booking and operating our tours.
- Your financial data includes information such as your bank account and payment card details.
- Transaction data includes details about payments or communications to and from you and information about products and services that you have purchased from us.
- Technical data includes your internet protocol (IP) address, browser type and version, time zone setting, geo-location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website and communicate to us.
- Your profile may include information such as purchases or bookings made by you, your interests, preferences and feedback.
- Marketing data includes your preferences in receiving marketing from us; communication preferences; responses and actions in relation to your use of our services.
- We may aggregate anonymous data such as statistical or demographic data for any purpose. Anonymous data is data that does not identify you as an individual. Aggregated data may be derived from your personal data but is not considered personal information in law because it does not reveal your identity.
For example, we may aggregate profile data to assess interest in a product or service. However, if we combine or connect aggregated data with your personal information so that it can identify you in any way, we treat the combined data as personal information and it will be used in accordance with this privacy notice.
If you do not provide the personal information we need:
Where we need to collect personal data by law, or under the terms of a booking that we have with you, and you fail to provide that data when requested, we may not then be able to perform the administration of your booking with us. In this case, we may have to stop providing a service to you. If so, we will notify you of this at the time of its occurrence.
Our services are not directed at individuals under the age of 18. If we obtain actual knowledge that any information that we collect has been provided by an individual under the age of 18, we will promptly delete that information.
Our privacy promises:
We will use the information to help us understand you better and so that we can give you relevant offers and provide the relevant services. If you tell us you don’t want to receive marketing messages, we will stop sending them. We will, of course, continue to send important information relating to a product or service that you have purchased and to keep you informed about your booking. We will put in place measures to protect your information and keep it secure. We will respect your data protection rights and aim to give you control over your own information.
Bookings made through travel agents and operators
If you have booked a tour and/or other services through a travel agent, your travel agent will forward to us your details. At this point, you will have consented your travel agent to pass to us this information in order that we can make and conduct your booking with us.
We share your name, contact details with our third-party suppliers such as accommodation providers, ferry companies and visitor attractions for the purpose of your tour only. This allows us to offer a high level of service and tour. Without this, we would not be able to fulfil your tour booking and quality of service. In these circumstances we are a ‘data processor’.
Our suppliers (hotels, transportation companies, attractions, restaurants, etc.) will only use your details to fulfil the service that we are booking. When we do so, we are regulated under the General Data Protection Regulation which applies across the European Union (including in the United Kingdom) and we are responsible as ‘controller’ of that personal information for the purposes of those laws.
How we use your personal information
We require this information to understand your needs and to provide you with a better service, and in particular for the following reasons:
- Respond to your enquiries.
- Process online bookings that you have placed with us for our products and services.
- To fulfil and manage the tour process throughout
- To provide services tailored to your requirements and to treat you in a more personal way.
- We may periodically send promotional email about new products, special offers or other information which we think you may find interesting using the email address which you have provided.
- From time to time, we may also use your information to contact you for market research purposes.
- We may contact you by email, phone or mail.
- To keep you informed of our products and services.
- We may use the information to customise the website according to your interests.
When we collect information directly from you, we will ask you if you want to ‘opt in’ to our marketing communications. If you decide you would no longer like to see our marketing communications, you can change your mind at any time, each marketing communication we send by email will have an unsubscribe option which will allow you to stop receiving further marketing emails from us.
Please note that if you tell us that you do not wish to be sent further marketing communications, you will still receive service communications which are necessary, for example, to confirm your booking and/or to provide you with an update on your tour booking.
Who we share your personal information with:
We share your name, address, contact telephone numbers and email address with our third-party suppliers such as accommodation providers, ferry companies and visitor attractions for the purpose of your tour only. For a list of our third-party suppliers related to your booking please contact us.
This data sharing enables us to source appropriate providers (e.g. accommodation providers, ferries, trains, car hire, visitor attractions, etc) and allows us to offer a high level of service with our private tour arrangements. Without this, we would not be able to fulfil your tour booking, along with the quality of service.
We will share data with credit and charge card companies, credit reference agencies and anti-fraud screening service providers to process payments, and (where necessary) to carry out fraud-screening. We may also be required to share personal information with law enforcement agencies or other legal authorities if required to do so by law.
You can unsubscribe to general mailings at any time by clicking the unsubscribe link at the bottom of any of our emails or by emailing email@example.com
When you purchase a tour ticket, book a private tour or purchase any other service through Boutique Tours of Wales Ltd in person, via telephone, via letter or online, then your name, address data, email and contact numbers will be stored in our booking system and with Squareup International Ltd,
To assist in combating fraud, we share information with credit reference agencies, so far as it relates to clients or customers who instruct their credit card issuer to cancel payment to us without having first provided an acceptable reason to us and given us the opportunity to refund their money.
How long do we keep your information?
If you purchase any products and services from us, then under UK tax law we are required to keep your basic personal data (name, address, contact details) for a minimum of 6 years after which time it can be erased on your request. We will hold your personal information on our systems indefinitely for marketing purposes or until you contact us and state that you no longer wish us to do so, unless your request contradicts our statutory obligations.
Information we process because we have a contractual obligation with you:
When you buy a product or service from us, or otherwise agree to our terms and conditions, a contract is formed between yourself and us. In order to carry out our obligations under that contract we must process the information you give us. Some of this information may be personal information.
We may use it in order to:
- verify your identity for security purposes
- sell products to you
- provide you with our services
- provide you with suggestions and advice on products, services and how to obtain the most from using our website
We process this information on the basis there is a contract between us, or that you have requested we use the information before we enter into a legal contract. We shall continue to process this information until the contract between us ends or is terminated by either party under the terms of the contract.
Disclosure and sharing of your information
Information we obtain from third parties:
Although we do not disclose your personal information to any third party (except as set out in this notice), we sometimes receive data that is indirectly made up from your personal information from third parties whose services we use. No such information is personally identifiable to you.
Specific uses of information you provide to us
Information provided on the understanding that it will be shared with a third party
Our website allows you to post information with a view to that information being read, copied, downloaded, or used by other people.
- posting a message on our forum
- tagging an image
- clicking on an icon next to another visitor’s message to convey your agreement, disagreement or thanks
In posting personal information, it is up to you to satisfy yourself about the privacy level of every person who might use it. We do not specifically use this information except to allow it to be displayed or shared. We do store it, and we reserve a right to use it in the future in any way we decide.
Once your information enters the public domain, we have no control over what any individual third party may do with it. We accept no responsibility for their actions at any time. Provided your request is reasonable and there is no legal basis for us to retain it, then at our discretion we may agree to your request to delete personal information that you have posted. You can make a request by contacting us.
Information relating to your method of payment:
For your security and to limit the possibility of fraud with your card data, we encourage you to use our links for payment through Squareup International Ltd.
At the point of payment, you are transferred to a secure payment page on Squareup International Ltd which is not controlled by us. Your payment information is encrypted in their system and we hold no records of your card data on file.
Alternatively, we recommend calling us directly with your card data. This helps protect you from any possible fraudulent interception of your card data and as soon as card transaction is run manually by us, we shred and destroy your card data and no record is kept on file.
Cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
Personal identifiers from your browsing activity:
Requests by your web browser to our servers for web pages and other content on our website are recorded. We record information such as your geographical location, your Internet service provider and your IP address. We also record information about the software you are using to browse our website, such as the type of computer or device and the screen resolution. We use this information in aggregate to assess the popularity of the webpages on our website and how we perform in providing content to you.
If combined with other information we know about you from previous visits, the data possibly could be used to identify you personally, even if you are not signed in to our website.
Links from us to other websites:
In order to provide you with further information or additional reference points, our website may contain links to other websites run by other organisations. We are not responsible for the privacy practices or the content of any other websites linked to our website. If you have followed a link from this website to another website you may be supplying information to a third party.
Transferring your information outside of Europe:
In order to complete some forms of communications or service delivery, we may need to pass your information to service suppliers who are registered outside the European Union. For example, this may occur if we use the American based newsletter emailing service provider Mail Chimp in the USA. By submitting your personal data, you agree to this transfer, storing or processing of your information. When transferring your information outside of the European Union, we will take steps to ensure that your privacy rights continue to be protected.
Disclosing and sharing your data:
We may also transfer personal data to the Company-affiliated companies in other countries. These may be outside the European Economic Area. By supplying personal data to the Company, you consent to any such transfer.
Many of our external third parties are based outside the European Economic Area, so their processing of your personal data will involve a transfer of data outside the European Economic Area. Whenever we transfer your personal data out of the European Economic Area, we ensure a similar degree of protection is adhered to by ensuring at least one of the following safeguards is implemented:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
- Where we use certain service providers. We may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
- Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data share between the Europe and the US.
Under the current UK Data Protection Regulations, you have a number of important rights free of charge. In summary, those include rights to:
- Fair processing of information and transparency over how we use your use your personal information.
- Access to your personal information requires us to correct any mistakes in your information that we have a record for.
- Require the erasure of personal information concerning you in certain situations.
- Receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations.
- Object at any time to processing of personal information concerning you for direct marketing.
- Object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you.
- Object in certain other situations to our continued processing of your personal information.
- Otherwise restrict our processing of your personal information in certain circumstances.
- For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation.
If you would like to exercise any of those rights, please contact us with the subject title “My data request” including the following required Information:
- Your full name:
- A description of the data that you are requesting (such as tours booked/taken with us), including a date range:
- Confirmation of booking references and/or email addresses (past and present) used to book tours or products with us:
- Any other information that may assist us with identifying the data you require.
Please note that we may contact you to request additional information to verify your identity before we share any data requested. From the date that we receive all of the required information, we will process your request in the time frame outlined in current UK legislation.
Restricting our marketing communications:
It is important for you to know that you have a choice about whether or not you wish to receive marketing information or service notifications from us. If you have previously given us consent to process your personal data and send you marketing information, you can withdraw this consent at any time by unsubscribing from our email messages in response to the email received or alternatively you can contact us.
We will aim to cease the delivery of all marketing communications to you immediately on receipt on your objection or your request to unsubscribe.
Keeping your personal information secure:
We have appropriate security measures in place to prevent personal information from being accidentally lost, used or accessed in an unauthorised way.
Our website is protected with 128 Bit SSL encryption. This means that any information we collect from you via our website is protected and secure. When you are asked for any personal data on our website, you will see a lock icon in your browser, ratifying that your data is secure.
We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
In the unlikely event of our systems and your data being breached, then we will notify you within at least 30 days including full details of what parts of your personal data have been compromised. If you want detailed information on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org
How to access your information, update or even delete the information we hold on record
Accessing your data:
You have the right to ask for a copy of the information that we hold about you. You can request a copy of this data at any time by contacting us. We will, where possible, always supply your personal data in a convenient and transferable format within 30 days and whether we require any fee for providing it to you.
Updating your data:
Your personal data can change at any time and the accuracy of your information is important to us. Therefore, if any of your contact details do change, or the information we hold becomes inaccurate or out of date, then please contact us with your updated information and we can then amend your personal data.
Deleting your data:
If you would like us to delete your personal information from our systems, then where possible (if not required for statutory or contractual requirements), we will do so within 30 days and provide confirmation that your data has been removed from our systems. To request that your personal data is erased from our records, then please contact us. This may limit the service that we can provide to you.
Verification of your information:
When we receive any request to access, edit or delete personal identifiable information we shall first take reasonable steps to verify your identity before taking any action. This is an important step to help safeguard your information.
Retention period for personal data:
Except as otherwise mentioned in this privacy notice, we keep your personal information only for as long as required by us:
- to provide you with the services you have requested;
- to comply with other law, including for the period demanded by our tax authorities;
- to support a claim or defence in court.
Business Transfers and Corporate Changes:
Because it is in our legitimate interest to do so, we reserve the right to disclose and transfer all information related to the tour services that we have provided, including personal information, to a subsequent owner, co-owner, or operator or in connection with (including, without limitation, during the negotiation or due diligence process of) a corporate merger, consolidation, or restructuring; the sale of substantially all of our stock and/or assets; financing, acquisition, divestiture, or dissolution of all or a portion of our business; or other corporate change.
Compliance with the law:
If you are not satisfied with our response or believe that we are not processing your personal data in accordance with the law, you can complain to the Information Commissioner’s Office (ICO), who may be contacted at https://ico.org.uk/concerns/ or telephone: 0303 123 1113.
How to contact us:
Alternatively, you can write to us at our registered address:
Boutique Tours of Wales Ltd, Commodore House, 51 Conwy Road, Colwyn Bay, Conwy, LL29 7AW.
Our office hours are 09:00 through to 17:00, Monday to Friday.