This website is operated by Crown Travel. This policy (together with our terms & conditions and any other documents referred to on it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. For the purpose of the General Data Protection Regulation 2016/679 ("GDPR"), the data controller for your personal data, is Crown Travel (registered at 103 Carlisle Road, Bradford, BD8 8BY, United Kingdom).
Personal Information We Collect from You
Generally, the type of personal data we collect is the information that we need to enable you to make your travel arrangements and bookings and to arrange travel related services and/or products on your behalf. This includes:
Uses Made of the Information
We use information held about you in the following ways:
We may also use your data, or permit selected third parties to use your data, to provide you with information about goods and services which may be of interest to you. We (or they) will contact you by electronic means only if you have consented to this. If you do not wish to receive this information, you may opt-out at any time within the e-mail or by emailing us.
In addition to the above, we undertake such day-to-day measures that are necessary for businesses providing services to consumers, such as bookkeeping, accounting, billing, fulfilling, anti-money laundering obligations and maintaining our website security. To the extent this is not mandatory under applicable laws; we undertake these measures based on our legitimate interest.
Disclosure of Your Information
We will disclose your personal information to third parties in the ways set out in this Notice only and, in particular, as set out below, and in accordance with the data protection laws. We may disclose your personal information to any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
We may disclose your personal information in the manner and purposes described below:
Transferring personal information globally
Crown Travel is a global business, which means your personal information may be transferred and stored in the countries which may be outside your country of residence. Some of these countries are subject to different standards of data protection than your country of residence. We will take appropriate steps to ensure that transfers of personal information are in accordance with applicable law, in connection with facilitation of your travel booking and/or to enable the performance of administrative, advisory and technical services.
In providing our services to you, it may be necessary for us to disclose personal information to relevant overseas travel service providers. We deal with many different travel service providers all over the world, so the location of a travel service provider relevant to your personal information will depend on the travel services being provided.
Security of information
In order to keep your personal data secure, we have implemented a number of technical and organizational security measures. The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area ("EEA"). It may also be processed by staff operating outside the EEA who works for us or for one of our suppliers. We have implemented and maintain appropriate technical and organisational security measures, policies and procedures designed to protect the personal information that you share with us and safeguard the privacy, such as, by placing confidentiality requirements on our staff members and service providers; destroying or permanently anonymising personal information if it is no longer needed for the purposes for which it was collected; and following security procedures in the storage and disclosure of your personal information to prevent unauthorised access to it. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Crown Travel is not responsible for any third party's actions or their security controls with respect to information that third parties may collect or process via their websites, services or otherwise.
All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted using SSL ("secure sockets layer") or TLS ("transport layer security") technology. SSL and TLS are industry standard encryption protocols used to protect online transaction channels.
According to the applicable data protection legislation, you have certain rights in relation to your personal information:
Finally, you also have the right to lodge a complaint with the applicable data protection supervisory authority.
If you wish to access any of the rights set out above, we may ask you for additional information to confirm your identity and for security purposes, in particular, before disclosing personal information to you.
You can exercise your rights by emailing us at mailto:firstname.lastname@example.org or by sending us a communication at Crown Travel UK Ltd, 103 Carlisle Road, Bradford, BD8 8BY, United Kingdom. You will receive acknowledgement of your request and we will advise you of the timeframe within which you will receive your information pack. We endeavor to respond to such requests within a month or less, although we reserve the right to extend this period for complex requests
Tracking Technologies, Cookies and IP Addresses
We may use third-party web analytics services on our website. The analytics providers that administer these services use technologies such as cookies and web beacons to help us analyse how visitors use our website and may record data regarding your device and the network you are using to connect with us, including your IP address. We may use IP addresses for system administration, investigation of security issues and compiling anonymised data regarding usage of our website and/or mobile applications.