This Privacy Notice, inclusive of our Website Terms, explains what personal data we collect, how we use your personal data, reasons we may need to disclose your personal data to others and how we store your personal data securely.
For clarity, Tourism Concern may be both data controller and a data processor for your personal data under certain circumstances. We are registered with the Information Commissioner’s Office (registration number Z3040582).
We must advise that this policy is subject to change, so please check our website on a regular basis for any further changes.
Data Protection law will change on 25 May 2018 – please see our GDPR statement for details on what we have done to ensure compliance with GDPR.
This Privacy Notice sets out your rights under the new laws.
Who are we?
Tourism Concern is a unique independent charity that campaigns for ethical and fairly traded tourism, based in Croydon, London. Our registered office is at Unit 35, Central Shopping Centre The Drummond Centre, Keeley Road, Croydon CR0 1T.
How the law protects you?
Data protection laws state that we are only able to process personal data if we have valid reasons to do so. The basis for processing your personal data includes, but is not limited to, your consent, performance of a contract, to enable billing and remittance, and to contact you for customer service purposes.
How do we collect personal data from you?
We receive information about you from you when you use our website, complete forms on our website if you contact us by phone, email or otherwise in respect of any of our products and services or during the purchasing of any such product. Additionally, we also collect information from you when you sign up, enter a competition, promotion or survey or when you inform us of any other matter.
Your personal data may be automatically collected when you use our services, including but not limited to, your IP address, device-specific information, server logs, device event information, location information and unique application numbers.
What type of data do we collect from you?
The personal data that we may collect from you includes your name, address, email address, phone numbers, payment information and IP addresses. We may also keep details of your visits to our site including, but not limited to traffic data, location data, weblogs and other communication data. We also retain records of your queries and correspondence, in the event you contact us.
Please be aware that any video, image, or other content posted, uploaded or otherwise made available by you onto your website, whether published content or not, is not subject to our Privacy Notice.
We merely process such data on your behalf, subject to our Terms and Conditions and you are responsible for any applicable legal requirements in respect of your content.
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
If you submit a form on our site you will be opting in for us to save your name, email address and other relevant information. These subscriptions are so we can notify you about related content, discounts & other special offers.
These subscriptions are so we can notify you about related content, discounts & other special offers.
You can opt out or unsubscribe at any time in the future by clicking the link in the bottom of any email.
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
How do we use your data?
We use information about you in the following ways:
- To process orders that you have submitted to us;
- To provide you with products and services;
- To comply with our contractual obligations we have with you;
- To help us identify you and any accounts you hold with us;
- To enable us to review, develop and improve the website and services;
- To provide customer care, including responding to your requests if you contact us with a query;
- To administer accounts, process payments and keep track of billing and payments;
- To detect fraud and to make sure what you have told us is correct;
- To carry out marketing and statistical analysis;
- To review job applications;
To notify you about changes to our website and services;
- To provide you with information about products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes; and
- To inform you of service and price changes.
We will keep your personal data for the duration of the period you are a customer of Tourism Concern. We shall retain your data only for as long as necessary in accordance with applicable laws.
On the closure of your account, we may keep your data for up to 7 years after you have cancelled your services with us. We may not be able to delete your data before this time due to our legal and/or accountancy obligations. We may also keep it for research or statistical purposes. We assure you that your personal data shall only be used for these purposes stated herein.
Who has access to your personal data?
For the avoidance of doubt, we do not and never shall sell your personal data to third parties for marketing or advertising purposes.
We work closely with a number of third parties (including business parties, service providers and fraud protection services) and we may receive information from them about you. These third parties may collect information about you including, but not limited to, your IP address, device-specific information, server logs, device event information, location information, and unique application numbers. We use their features within our website, however, in some instances, they may be acting as data controller and they will have their own privacy policies, which we advise you to read.
We may pass your personal data to third parties for the provision of services on our behalf (for example processing your payment). However, we will only ever share information about you that is necessary to provide the service and we have specific contracts in place, which ensure your personal data is secure and will not be used for any marketing purposes.
We may share your personal data if we are under a duty to disclose data in order to comply with any legal obligation or to protect the rights, property, or safety of Tourism Concern, our members, or others. This includes but is not limited to exchanging information with other companies and organisations for the purposes of fraud protection, credit risk reduction and dispute policies. However, we will take steps with the aim of ensuring that your privacy rights continue to be protected.
In preventing the use or processing of your personal data, it may delay or prevent us from fulfilling our contractual obligations to you. It may also mean that we shall be unable to provide our services or process the cancellation of your service.
You have the right to object to our use of your personal data, or ask us to delete, remove or stop using it if there is no need for us to keep it. This is known as your right to be forgotten. There are legal and accountancy reasons why we will need to keep your data, but please do inform us if you think we are retaining or using your personal data incorrectly.
Our Privacy Notice shall be made clear to you at the point of collection of your personal data.
You can also make choices about Tourism Concern’ collection of your data and how we use it.
You have the right to ask us not to process your personal data for marketing purposes. If you choose not to receive marketing communications from us about our products and services, you will have the choice not to choose these by ticking the relevant boxes situated on the sign-up pages or via your account manager.
We will not contact you for marketing purposes unless you have given us your prior consent. You can change your marketing preferences at any time by contacting Tourism Concern.
Accessing and updating your data
You have the right to access the information we hold about you. Please email your requests to firstname.lastname@example.org so that we can obtain this information for you.
Links to other sites
Tourism Concern may provide links to third-party sites. Since we do not control those websites, we encourage you to review the privacy policies of these third-party sites. Any information that is supplied on these sites will not be within our control and we cannot be responsible for the privacy policies and practices of these.
Where we store your personal data
We follow accepted ISO standards to store and protect the personal data we collect, including the use of encryption if appropriate.
All information you provide to us is stored on our secured servers within the EEA. From time to time, your information may be transferred to and stored in a country outside the EEA in relation to provision of the services. The laws in these countries may not provide you with the same protection as in the EEA; however, any third party referred to above outside of the EEA has agreed to abide by European levels of data protection in respect of the transfer, processing and storage of any personal data. By providing your data to us, you agree to this transfer and storage. However, we will ensure that reasonable steps are taken to protect your data in accordance with this privacy notice.
As the transmission of information via the internet is not completely secure, we cannot guarantee the security of your data transmitted to our site and any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Any sensitive data (payment details for example) are encrypted and protected.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping the password confidential. We ask you not to share a password with anyone.
We agree to take reasonable measures to protect your data in accordance with applicable laws and in accordance with our General Terms and Conditions:
In the event of a data breach, we shall ensure that our obligations under applicable data protection laws are complied with where necessary.
Please email any questions or comments you have about privacy to us at email@example.com
Your right to make a complaint
You have the right to make a complaint about how we process your personal data to the Information Commissioner:
Information Commissioner’s Office
Tel: 0303 123 1113
A cookie is a small text file passed to your computer’s hard disk through your web browser so the website remembers who you are when you return.
To find out more about cookies and how to disable them please visithttp://www.allaboutcookies.org/
Do we track whether users open our emails?
Our emails may contain a single pixel image that tells tell us whether our campaign emails are opened and verify any clicks within the email. We may use this information for determining what is being opened, clicked on and read in order to ascertain which of our emails are more interesting to our supporters.
The posting of personal information on the website means your information is publicly accessible. Such information can be viewed online and collected by third parties. We are not responsible for the use of information by such third parties.
The following applies to research carried out by Tourism Concern. Some research will be carried out by third parties and may have different data collection protocols although these will be available to participants before taking part.
Tourism Concern takes special care of the personal information you give us when you take part in our research. We make sure that your personal information is:
- Only used for the research project you agreed to take part in
- Held securely, so that other people can’t see it
- Safely destroyed after the project is finished
- Never passed on to anyone else
If we have to collect your name, address, email or telephone number these are not stored together with any other information you give. We write our reports in a way that protects your identity, so no one will ever know who took part. We plan our research to make sure that it doesn’t cause you any harm or distress. You can contact us by email if you want us to change or delete any of the information we hold about you, or for more information about any of our projects.
Once you have read this, and you choose to participate in our research, you are consenting for Tourism Concern use your information in the ways described here.
Data Protection Act (1998)
We are registered with the Information Commissioner’s Office (Z3040582) and our work is covered by the General Data Protection Rules (2018) which states that all personal and sensitive information will be:
- Used in a way that is fair and lawful
- Used for limited purposes
- Adequate, relevant and not excessive
- Not kept longer than necessary
- Used in accordance with the data subject’s rights
- Not transferred to countries without adequate protection
You can find out more about this law from the Information Commissioner’s Office