About this policy
At Cretelakes, we are committed to only collecting, using and disclosing your personal data in ways that you expect, or have consented to or as we are required or permitted to by law. This policy explains how we use your information and applies to all Cretelakes customers and visitors to our apps and our website.
Who is the controller of your data?
When you book Cretelakes ltd is the controller of your personal data and where you book one of our trips, Cretelakes ltd is the relevant controller.
What do we use your personal data for?
The main way we use your personal data is to fulfil your booking to help us understand your needs and to provide you with a better service. We may store information about your travel history and your preferences. We may also use your personal data for marketing purposes, but we will make sure to not send you emails with offers and information if you have told us you would prefer not to receive these.
Where does your personal data come from?
Most of the data we process about you comes from you, for example, information you provide to us so that we can fulfil your travel booking.
Other information is gathered during your use of our websites (e.g. IP addresses or information obtained via cookies) and from your interaction with us.
A lot of the data we process is data which you provide to us, such as your name, contact details, payment card information, date of birth etc. You usually provide this information when you make a booking via our websites or call centre, or when you contact us via email, letter or phone.
If you use social media sites such as Facebook, Twitter and Instagram, booking engines or personal banking sites, these sites are operated by third party providers and they may share your personal data with us. We recommend you routinely review the privacy notices and preference settings of such information sharing platforms. We will respect any permissions you have set on those platforms regarding our use of your personal information.
Similar to other commercial websites, our websites utilise a standard technology to collect information about how our website is used by individual computers connected to the internet.
This information is gathered through "Cookies". Cookies are small files of letters and numbers that we put on your computer's hard drive. Cookies may collect personal information about you. These small files allow us to distinguish you from other users of our website, monitor website traffic and to personalise the content of the site for you. This ultimately helps us provide you with a good experience when you browse our websites and improve the content of our marketing and allows us to improve our site going forward.
Please note however that Cookies cannot retrieve any personal data from your hard drive or pass on computer viruses.
Do you have to provide your personal data?
In most cases, providing your personal data to us is optional, however, if you do not provide it, we will probably not be able to fulfil your booking. For example, if you book a trip with us, we need details such as your name and address to be able to complete your booking and we will need your payment card details to take your payment. When you make a booking, we will only collect information which is required for the purpose of your booking. In other cases, you have a choice over whether we collect your personal data, for example, you can turn off cookies on your browser and we will not place any cookies on your device or computer (although in this case you may not be able to use all parts of our website).
What personal data do we process?
We process information about you that you give us when you make a booking with us or purchase any other product or service from us, such as your name, date of birth, billing and home addresses, booking reference, email address, telephone number and payment card details. Where necessary we may also collect your passport and other travel authorisation documents. When you visit our website we also automatically receive your IP address which is a unique identifier for your computer or other device you are using to access our site.
You may provide us with limited details about other people (e.g. where you make a booking on behalf of a group or where you provide us with the name and contact details of a third party who we may contact in an emergency). Where you provide the details of other individuals you should ensure you are have their permission to do so. Please tell these people to read this policy if they want to find out more about our data protection practices.
Who do we share your personal data with?
We share your personal information with our chosen third party suppliers who provide services to you and us (for example) with local border control and law enforcement agencies (for example for fraud prevention or immigration control);
Some of these organisations may be located outside of the UK and therefore your personal data may be transferred between the UK and France. Where this happens, we have safeguards in place to ensure that your data is protected.
We are committed to the health and safety of our customers in managing the coronavirus (COVID-19) outbreak and will be working closely with health authorities, government agencies and our local suppliers to secure appropriate assistance and support. As part of these efforts, we may ask for or share information with these third parties about customers who are in, or who may have travelled through, impacted areas. We will do this solely as necessary to help manage your safety and the safety of others.
If we transfer personal data to another country where the recipient is outside of Cretelakes ltd we will only do this where we are required to do so by law, or where the country is recognised as providing an adequate level of legal protection, or where we are satisfied that alternative arrangements (such as direct contractual commitments and assurances from those third parties) are in place to protect your privacy rights.
How long do we keep your personal data for?
What are your rights?
You have several rights in relation to your personal data. These include accessing your data, correcting any mistakes, having your data erased, restricting the processing of your data, objecting to the processing of your data, data portability, and rights relating to automated decision making and profiling. In most cases there are conditions attached to these rights. Please see the relevant sections below if you want to find out more.
To exercise your rights please contact our Data Protection Officer at: firstname.lastname@example.org or, to make a request to access your data, follow the instructions below.
Accessing your data
You can ask us to confirm whether we are processing your personal data and to give you a copy of that data along with further information about how we use your personal data.
To make a request to access your data please send us your request in writing, signed and dated to the address below along with:
your full name and address;
a photocopy of your passport or driving licence, so that we can verify your identity;
If you are requesting a copy of personal data on behalf of a third party, please also send to us a signed authority from the individual whose data is required and a copy of their passport or driving licence. If the third party is a child under the age of 16, the written authority should come from a person with parental responsibility (along with a copy of the child’s passport).
Please send your request to: email@example.com
You do not have to pay a fee for a copy of your information unless your request is unfounded, repetitive or excessive, in which case we will charge a reasonable amount in the circumstances. We will let you know of any charges before completing your request.
We aim to respond to you within 1 month of receiving your request unless it is particularly complicated or you have made several requests, in which case we aim to respond within 3 months. We will let you know if we are going to take longer than 1 month in dealing with your request. If we have a lot of information about you we might ask you if you can tell us what exactly you want to receive. This will help us action your request more quickly.
Correcting your data
You can ask us to correct any data which is inaccurate or incomplete. This is free of charge.
We aim to deal with requests for correction within 1 month, although it might take us up to 3 months if your request is particularly complicated.
If we can't action a request to correct your data, we will let you know and explain why this is.
Erasing your data
This right is sometimes referred to as "the right to be forgotten". This is not an absolute right but you have the right to have your data erased, free of charge, in certain circumstances.
There are some exceptions to this right. If one of these applies, we will confirm this to you and we do not have to delete the data.
Restricting the processing of your data
You can ask us to restrict the processing of your personal data in some circumstances, free of charge. This is not an absolute right. If processing is restricted we can store the data and retain enough information to make sure the restriction is respected, but we cannot further process your data.
We will tell you if we decide to lift a restriction on processing your data.
Objecting to the processing of your data
Objecting to the processing of your data is free of charge. It is not an absolute right but you can object to our processing of your data where it is:
based on the legitimate interests ground; or
for the purposes of scientific/historical research and statistics.
We will stop processing your personal data unless we have compelling legitimate grounds for the processing which override your interests and rights, or unless we are processing the data for the establishment, exercise or defence of legal claims.
You can require us to stop using your data for direct marketing purposes. We will process your request as soon as it is received but it may take up to 14 days for this to be effective. There are no exemptions or reasons for us to refuse.
This allows you to obtain and reuse your personal data for your own purposes across different services. It applies where the following conditions are met:
you provided the personal data to us yourself;
we are processing the data either based on your consent or because it is necessary for the performance of a contract; and
the processing is carried out by automated means.
We will provide your data free of charge in a structured, commonly used and machine readable form. We aim to provide your data within 1 month of receiving your request unless it is particularly complicated or you have made several requests, in which case we aim to respond within 3 months. If we are going to take longer than 1 month we will let you know and explain why we need more time. If we consider that we cannot provide you with your data, we will contact you and explain why this is.
Contact and complaints
Cretelakes ltd operate both within the UK and the EU.
If you are in the UK:
if you have any questions about this policy or about how we use your personal data please contact the Data Protection Officer at firstname.lastname@example.org
Last Updated 2021