By providing personal information to us (or allowing another person to do so on your behalf), you agree that this Policy will apply to how we handle your personal information and you consent to us collecting, using and disclosing your personal information as detailed in this Policy. If you do not agree with any part of this Policy, you must not provide your personal information to us and this may affect the services we can provide to you.
In this Policy, where we say “disclose”, this includes to transfer, share, send, or otherwise make available or accessible your personal information to another person or entity.
What is personal information?
Personal information is information which relates to a living individual who can be identified from that information, or from that information and other information in a person’s possession, including any expression of opinion, whether true or not, and whether recorded in material form or not, about an identified or reasonably identified individual, and any indication of intention in respect of an individual.
How do we collect personal information?
Where practical, we will collect personal information directly from you. Generally, this collection will occur when you deal with us either in person, by telephone, letter, facsimile, email or when you visit our website (including the ‘My Topdeck’ area of our website) or use our mobile application. We may collect personal information about you when you purchase or make enquiries about travel arrangements or other products and services, when you enter competitions, when you register for promotions, when you subscribe to receive marketing from us (e.g. e-newsletters) or when you request brochures or other information from us. We may also collect your personal information when you complete surveys or provide us with feedback.
In some circumstances, it may be necessary for us to collect personal information about you from a third party. This includes where you book a travel arrangement through an agent or where a person makes a travel booking on your behalf which includes travel arrangements to be used by you (e.g. a family or group booking). Where this occurs, we will assume you have consented to your personal information being collected by us and to us handling it in accordance with this Policy. You should let us know immediately if you become aware that your personal information has been provided to us by another person without your consent.
What personal information do we collect?
Generally, the type of personal information we collect about you is the information that is needed to facilitate your travel arrangements and bookings and to arrange travel-related services and products on your behalf. For example, we may collect details such as your name, residential address, mailing address, telephone number, email address, credit/debit card details (including card type, card number, security number and expiry date), passport details, frequent flyer details, information about your dietary requirements and health issues (if any), and other details relevant to your travel arrangements or required by the relevant travel service providers (e.g. accommodation or activity providers). When you make contact with us for other purposes, we may also collect personal information about you in relation to those purposes. For example, we may collect your personal information so we can contact you about a competition you have entered (e.g. if you win) or to respond to an enquiry or feedback form you have sent to us, or to respond to or publish reviews or comments you have submitted to us, including via our website or our mobile application. We also collect information that is required for use in the business activities of Topdeck, including for example, financial details necessary in order to process various transactions, and any other relevant personal information you may elect to provide to us.
In some circumstances, we may collect personal information from you which is regarded as sensitive information. Sensitive information includes types of personal information such as your racial or ethnic origin, religious beliefs or affiliations, trade union membership, criminal record and health information. We will only collect sensitive information about you with your consent and where reasonably necessary for, or directly related to, one or more of our functions or activities. Where you provide sensitive information to us, you consent to us using that sensitive information for the purpose for which it was collected.
How do we use personal information?
Where you contact us in relation to a travel booking or query, the primary purpose for which we collect your personal information is generally to provide you with travel advice and/or to assist you with booking travel and/or travel related products and services. However, the purpose for collection may differ depending on the particular circumstances as disclosed in this Policy.
By providing us, or otherwise allowing us to collect, your personal information, you consent to us using and disclosing your personal information for the purposes for which it was collected, and for related or ancillary purposes, such as any one or more of the following purposes:
- identification of fraud or error;
- regulatory reporting and compliance;
- developing, improving and marketing our products and services;
- servicing our relationship with you by, among other things, providing updates on promotions and services we think may interest you;
- involving you in market research, gauging customer satisfaction and seeking feedback regarding our relationship with you;
- to facilitate your participation in loyalty programs;
- to analyse trends in sales and travel destinations;
- for marketing activities including but not limited to mail-outs, emails, e-newsletters, SMS notifications, mobile application messaging, notifications and alerts (where relevant), and telephone calls;
- internal accounting and administration.
We will only send e-newsletters, mobile application messages/alerts or other promotional materials to you if you have opted in to receive them. You can subscribe to receive e-newsletters and other promotional materials by following the relevant links on our website, and for mobile application messages/alerts via the application and device settings on your mobile device.
We are only allowed to store your personal information for as long as necessary having regard to the purpose for which it was collected or a related or ancillary purpose. We may therefore delete your personal information after a reasonable period of time and, if you have not used our services for some time, you may have to re-enter or re-supply your personal information to us.
Is personal information disclosed to third parties?
- in each of the circumstances set out in the previous section “How do we use personal information?”;
- to other members of your group where you are part of a group booking (specifically, through your group’s shared access to the ‘My Topdeck’ area of our website);
- as permitted or required by law;
- to various regulatory bodies and law enforcement officials and agencies, including to protect against fraud and for related security purposes;
- to third party suppliers of IT based solutions that assist us in providing products and services to you;
- to our related entities and brands (including companies based overseas);
- to travel service providers such as tour operators, airlines, hotels, activity providers and other service providers for the purpose for which the information was collected or for a related purpose (for example to facilitate and process your travel arrangements);
- to comply with our legal obligations and any applicable customs/immigration requirements relating to your travel;
- to comply with a request from a qualified government department if we are satisfied that they have the authority to make such request;
- where we suspect that unlawful activity has been or may be engaged in and the personal information is a necessary part of our investigation or reporting of the matter;
- to third parties who may involve you in market research for the purpose of servicing our relationship with you and improving the services we provide;
- to third parties who may engage you regarding customer satisfaction and seeking feedback for the purpose of improving the services we provide (for example, Feefo);
- to third parties for the purpose of analysing trends in sales and travel destinations; and
- if a third party acquires some or all of our business or assets, in connection with the sale.
Where we engage travel service providers to perform services for us, those travel service providers may be required to handle your personal information. Where we disclose your personal information to such travel service providers, you agree that we will not be required to ensure their compliance with applicable privacy laws or otherwise be liable or accountable for how they handle your personal information.
Other than the above, we will not disclose your personal information without your consent unless we reasonably believe that disclosure is necessary to lessen or prevent a threat to life, health or safety or for certain action to be undertaken by an enforcement body (e.g. prevention, detection, investigation, prosecution or punishment of criminal offences), disclosure is authorised or required by law or disclosure is otherwise permitted by applicable privacy laws.
Companies to whom personal information is disclosed which are registered in the United States may be required to provide information under the USA PATRIOT Act H.R. 3162.
Trans-Border data flows
When you provide, or otherwise allow us to collect, your personal information, and by continuing to use our services and/or providing us with your personal information, you consent to your personal information being disclosed to certain overseas recipients, as set out below. Where we disclose your personal information to an overseas recipient, you agree that we will not be required to ensure the recipient’s compliance with relevant privacy laws or otherwise be liable or accountable for how the recipient handles your personal information. If you have any objections to your personal information being disclosed to an overseas recipient, please let us know.
In providing our services to you, it may be necessary for us to disclose personal information to relevant overseas travel service providers. For instance, where you request travel to be booked with an overseas travel service provider, we will usually need to disclose your personal information to that provider for the purposes of arranging your booking with them. These travel service providers will in most cases receive your personal information in the country in which they will provide the services to you or in which their business is based.
We may also disclose your personal information to our overseas related entities and to travel service providers and other third parties who perform services for us overseas. Generally, we will only disclose your personal information to these overseas recipients in connection with facilitation of your travel arrangement and/or to enable the performance of administrative and technical services by them on our behalf.
We deal with many different service providers all over the world, so it is not possible for us to set out in this Policy all of the different countries to which we may send your personal information. However, if you have any specific questions about where or to whom your personal information will be sent, please refer to the “Feedback / Complaints / Contact” section below.
Security of information
Topdeck has implemented various physical, electronic and managerial security procedures in order to protect personal information from loss and misuse, and from unauthorized access, modification, disclosure and interference.
Topdeck regularly reviews security and encryption technologies and will strive to protect your personal information as fully as we protect our own confidential information.
Access to and correction of personal information
Subject to any exceptions set out in applicable privacy laws, we invite you to access any personal information we may hold about you. Where personal information we hold about you is not accurate, complete, up-to-date or relevant, you may ask us to correct that personal information, and we will respond to your request within a reasonable time. We reserve the right to confirm the identity of the person seeking access or correction to personal information before complying with such a request. If we deny access or correction, we will provide you with the reason for such denial. If you wish to access or seek correction of any personal information we hold about you, please refer to the “Feedback / Complaints / Contact” section below.
You must always provide accurate information and you agree to update it whenever necessary. You also agree that, in the absence of any update, we can assume that the information submitted to us is correct.
In addition to the above, this section applies in respect of the United Kingdom.
Under the Data Protection Act you have a right of access to (and to correct) the personal information we hold about you. If you wish to exercise this right, please send a Data Subject Access Request in writing to:
Data Protection Manager
Topdeck Tours Limited
Level 1, 107 Power Road
Chiswick, London, W4 5PY
Requests by telephone, fax, or e-mail cannot be accepted.
In accordance with the Data Protection Act, we are not obliged to comply with your request unless the prescribed fee is paid, and sufficient security information is provided to establish the requestor's identity, and we can locate the appropriate information.
Please enclose the following with your request:
- a postal order or cheque (made payable to Topdeck Tours Limited) for £10;
- a photocopy of your passport, or any other official document upon which your signature is present;
- details of any purchases you have made from us; and
- details of any specific documents you require that contain your personal details (if known).
You will receive acknowledgement of your request quoting the date by which you will receive your information pack.
Further correspondence regarding your request should only be made in writing to the Data Protection Manager at the above address. We may recover from you any additional reasonable costs of supplying you with access to this information. If we deny access, we will provide you with the reason for such denial.
User Generated Content
You agree that, by submitting, posting or otherwise providing any message, blog, data,information, recommendations, opinions, reviews, news articles, directories, guides, text, music, sound, photos, video footage, art, illustrations, imagery, design, graphics, logos, audio clips and images, code or other material (“Content”) to or through our website or mobile application (including by using interactive communication facilities such as blogs, discussion groups and other communication forums where individuals may submit or post reviews, plans, comments and other information (“Interactive Facilities”)), you:
- grant to us and our affiliates (including, without limitation, our related entities) a worldwide, nonexclusive, royalty-free, perpetual, transferable, irrevocable and fully sub-licensable right to use, reproduce, modify, adapt, translate, distribute, publish, broadcast, communicate, create derivative works from, publicly display and perform such Content throughout the world in any media, for any purpose whatsoever (“Licence”);
- expressly acknowledge that we may sub-license our rights under the Licence to third parties who may make use of the Content consistent with the Licence including, by way of example, on websites, in a written publication, compilation of works, training materials, film, television program, script or screenplay of either ourselves or a third party expressly authorised by us;
- grant us and our affiliates and sub-licensees the right to use your name or any other name that you submit in connection with such Content, at our discretion;
- waive any entitlement to any moral rights you may have as an author of the Content (and warrant that you have obtained a waiver of moral rights from any person who may have such rights in the Content); and
- agree that we are under no obligation to treat the Content as confidential.
We reserve the right to disclose any Content as necessary to satisfy any applicable law, regulation or lawful request.
In addition, you understand that we may use statements made by you and other passengers, and/or your or their photographs or videos, may be used in our advertising and publicity material, and you consent to such use of your comments or photographic / video likeness. If you do not wish for your comments or photographic / video likeness to be used for these purposes, pleaserefer to the“Feedback / Complaints / Contact” section below and let us know.
Should you no longer wish to receive e-newsletters or other promotional material, participate in market research or receive other types of communication from us, please refer to the“Feedback / Complaints / Contact” section below.
Social Media Integrations
Our website and mobile application may use social media features and widgets (such as “Like” and “Share” buttons/widgets) (“SM Features”). These are provided and operated by third party companies (e.g. Facebook) and either hosted by a third party or hosted directly on our website or mobile application. SM Features may collect information such as the page you are visiting on our website/mobile application, your IP address, and may set cookies to enable the SM Feature to function properly.
If you are logged into your account with the third party company, then the third party may be able to link information about your visit to and use of our website or mobile application to your social media account with them. Similarly, your interactions with the SM Features may be recorded by the third party. In addition, the third party company may send us information in line with their policies, such as your name, profile picture, gender, friend lists and any other information you have chosen to make available. You can manage the sharing of information via your privacy settings for the third party social media platform.
We may receive, store and process Log Data, which is information that is automatically recorded by our servers whenever you access or use the mobile application, regardless of whether you are registered with Topdeck or logged in to your My Topdeck account, such as your IP Address, the date and time you access or use the mobile application, the hardware and software you are using, referring and exit pages and URLs, the number of clicks, pages viewed and the order of those pages, and the amount of time spent on particular pages.
Data and Location Services
Certain services available via the mobile application may make use of location data sent by your mobile device. You can turn off location services at any time by turning off the location services settings for the mobile application on your mobile device, or for the mobile device as a whole. If you use the mobile application, you consent to us and our affiliates collecting, transmitting, maintaining, processing and using your location data and queries to provide and improve location-based services. You may withdraw your consent at any time by turning off the location services settings.
Notifications and alerts
By using the mobile application, you acknowledge and agree that you may receive:
- push notifications;
- alerts (if requested).
from us and our affiliates at any time. You have the option to turn these messages off at any time by turning off the notifications settings for the mobile application on your mobile device.
In order to be able to receive alerts, notifications and messages, you must ensure that your mobile device is switched on and able to receive messages and you are located within a coverage area of your mobile service provider.
You acknowledge and agree that the mobile application may collect and store information relevant to your use of the mobile application (such as your registration details, and product and usage information), including location information as described above, and will request your mobile device to transmit that data back to our web-server, in order to provide you with the mobile application and associated services, to help us continually improve the mobile application and enhance your user experience when you next use the mobile application.
You can reset the mobile application to remove any stored data. However, if you do this, you acknowledge that any information stored on your mobile device and/or within the mobile application relating to our services and the mobile application may be lost.
Tracking Technologies / Cookies
We use both session ID cookies and persistent cookies. A session ID cookie expires when you close your browser. A persistent cookie remains on your hard drive for an extended period of time. When the visitor revisits the website, we may recognize the visitor by the cookie and customise the visitor's experience accordingly. You can remove persistent cookies by following directions provided in your Internet browser’s “help” file.
If you reject cookies, you may still have access to our website, but your ability to use some areas of our website, such as contests or surveys, will be limited.
Third party cookies
Our current providers, and information regarding their data practices and how to opt out, include the following:
Web Beacons / Gifs
We employ a software technology called clear gifs (a.k.a. Web Beacons), that help us better manage content on our website by informing us what content is effective. Clear gifs are tiny graphics with a unique identifier, similar in function to cookies, and are used to track the online movements of Web users. In contrast to cookies, which are stored on a user’s computer hard drive, clear gifs are embedded invisibly on Web pages and are about the size of the period at the end of this sentence. We do not tie the information gathered by clear gifs to our customers’ personal identifiable information. We may also use web beacons and tracking URLs in our messages to you to determine whether you have opened a certain message or accessed a certain link.
Behavioural Targeting / Re-Targeting
Our website may contain links to third party sites over which we have no control. We are not responsible for the privacy practices or the content of such web sites. We encourage you to read the privacy policies of any linked sites you visit as their privacy policies and practices may differ from ours.
Feedback / Complaints / Contact
If you have any enquiries, comments or complaints about this Policy or our handling of your personal information, please contact us.We will respond to any complaints received as soon as practicable.
Changes to our Policy
From time to time it may be necessary for us to review and revise this Policy. We reserve the right to change our Policy at any time and for any reason. If we make a change to the Policy, the revised version will be posted on our website. We recommend that you check back regularly to ensure you are aware of the most up-to-date version of this Policy.
Last updated 8 July 2016.