Your right to privacy is very important to us. This document sets out Helicon Arts’ policy with regard to collecting and utilising the personal details of our clients and website visitors.
As a data controller we fully comply with the Data Protection Act 1998, the Privacy and Electronic Communications (EC Directive) Regulations 2003 and other relevant legislation. As of May 25, 2018, this will include the processing of personal data as governed by the General Data Protection Regulation (GDPR). We are recorded on the ICO Data Protection Register under registration number ZA371571.
What data do you collect?
When you join our mailing list:
When you subscribe to our mailing list you will be asked to provide your name and email address, and if you wish, some additional information such as your telephone number and specific interests pertaining to our course offerings. This information is only used in order to send relevant course information and other notices that we consider will be of interest to you. To ensure that our emails get to your inbox, please add firstname.lastname@example.org to your Address Book or Safe Senders. We will never share your information with others for marketing purposes.
You are able to unsubscribe from our mailings at any time, by clicking on the unsubscribe link in any of our messages. Alternatively, you can send an email with “unsubscribe” in the subject line to email@example.com.
When you make a booking:
When you make a booking on one of our holidays, we must collect personal details in order to fulfil your request. These details may include:
- Full name and address
- Date and place of birth
- Passport details
- Travel insurance details
- Emergency contact details
- Special requirements (such as a disability or medical condition which may affect your enjoyment of the holiday, as well as any dietary restrictions)
You are responsible for ensuring that other members of your party are aware of the content of this Policy and consent to you acting on their behalf in all your dealings with us.
How is the data processed and stored?
The data you provide is used to carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products and services that you request from us. This includes sharing some of your personal details relating to your booking with trusted external partners including hotels and transportation providers. These external partners may have access to the personal information necessary to perform their functions, but may not use it for other purposes.
We may retain personal details for the following purposes:
- To complete and manage your booking(s).
- To send booking updates and for general communication.
- To provide you with details of our holiday courses, forthcoming events, surveys or offers.
- To disclose to our service providers (in so far as reasonably necessary) in order to secure your booking. These can include overseas destination management companies, and accommodation and transport suppliers. Please note some may be located outside the UK/EEA.
- Card payment transactions relating to our website and services are handled by our payment services provider, Stripe. We share transaction data with Stripe only to the extent necessary for the purposes of processing your payments and any related matters. Your credit card details are not stored by our website or by us.
- In addition to the specific purposes mentioned above, we may also process your details if necessary for compliance with a legal obligation.
- To disclose to organisations that perform business functions on our behalf and use the information for analysis including monitoring, measuring and assessing trends.
- To disclose your information for immigration, security and anti-terrorism purposes, if requested by overseas government authorities.
How we protect your data
We ensure that we have appropriate physical and technological security measures in place to protect your information, and that when we outsource any processes that the service provider has necessary security accreditations.
The information you provide to us is stored on secure platforms managed by approved third-party Data Processors. These platforms include (but are not limited to): Zoho, Mailchimp, Xero, Gravity Forms.
All data entered via our website is SSL encrypted before it is sent to us. We also have a Firewall in place to protect our internal information from the Internet.
When Helicon Arts collects, holds and uses an individual’s personal data, that individual has the following rights over that data. We will ensure our data processes comply with those rights and will make all reasonable efforts to fulfil requests from an individual in relation to those rights.
- Right to be informed: whenever we collect data from you it will provide clear and specific information explaining why it is being collected and how it will be used
- Right of access: individuals can request to see the data Helicon Arts holds on them and confirmation of how it is being used. Requests should be made in writing to the Director of Helicon Arts.
- Right to rectification: individuals can request that their data be updated where it is inaccurate or incomplete.
- Right to object: individuals can object to their data being used for a particular purpose. Helicon Arts will always provide a way for an individual to withdraw consent in all marketing communications. Where we receive a request to stop using data we will comply unless we have a lawful reason to use the data for legitimate interests or contractual obligation.
- Right to erase: individuals can request for all data held on them to be deleted. Helicon Arts will ensure that data is not held for longer than is reasonably necessary in relation to the purpose it was originally collected. If a request for deletion is made we will comply unless there is a legal requirement to keep the data.
We use Google Analytics to collect information about how visitors use our site. The cookies collect information anonymously, including the number of visitors to the site, where visitors have come to the site from and the pages they have visited. We use this information to compile reports and to help us improve the site.
If you have any questions relating to this policy please contact us via firstname.lastname@example.org or in writing to Helicon Arts Limited, 13 Humbolt Road, London W6 8QH.