GDPR Privacy Policy Introduction 9.1- Reight Travel Group is committed to respecting it’s clients privacy and protecting all personal information. This privacy notice outlines: • When we collect personal information about you; • What types of personal information we collect; • Why we collect it; • How we keep it safe; • Who we share personal information with; and • Your rights and choices about the personal information that we hold. 9.2- This privacy notice has been set to reflect GDPR (the General Data Protection Regulation) which came into effect in May 2018. How and when we collect personal data about our clients 9.3- We collect personal information from our clients whenever a booking request is raised or otherwise interact with a member of our team via telephone, website enquiry, email or other methods of contact The types of personal data we collect and why we collect it 9.4- Type of personal data Why we collect it Personal and contact details To be able to make and fulfil your booking. To communicate with you about your booking. Ad-hoc information about, for example, interests, special occasions, special requests. To arrange or provide services tailored to your requirements. Payment information To be able to process your payment. How do we use clients personal data? 9.5- Reight Travel Group will only process clients personal information where we have a legal basis to do so. Examples of these are: • So that Reight can perform it’s contract with the client or otherwise fulfil their booking • because it is in our legitimate interests to use clients personal information to operate and improve our business as a travel agency; • to comply with a legal obligation; • to protect the vital interests of all of our clients • because clients have consented to Right Group using their information for a particular purpose. How do we keep your personal information safe? 9.6- Reight Travel Group ensures to protect the confidentiality and integrity of all clients personal data and we take the matter very seriously. We use appropriate technical and organisational measures to help to keep personal data secure against unauthorised or unlawful processing, and against accidental loss, destruction or damage. Who do we share your personal information with? 9.7- With suppliers - in order for us to fulfil clients bookings we share personal data with suppliers i.e Hotels. In many cases such suppliers will themselves separately be controllers of your personal data. Marketing communications 9.8 - When you book or register with us, we may ask if you would like to receive marketing communications. If you have previously agreed to receive marketing communications, we may send you relevant offers and news about our products. 9.9 - Reight Travel Group will respect your choice as to what communications you wish to receive and the methods by which you have sent them. Data retention 9.10 - Reight Travel Group will keep client’s personal data for only as long as it is necessary for the purposes set out in this privacy notice. An example of this, after travel we will keep the information related to clients booking so that we can respond to any complaints and fulfil our record keeping obligations. After this time, all personal data will be securely erased. Your rights and choices about the personal information that we hold 9.11 - All clients have the right to request a copy of all personal data we have on hold about them. 9.12 - Clients have the right to lodge a complaint about how we have handled personal information with the Information Commissioner's Office (ICO). 10.Corporate Social Responsibility The agency will have a system in place to enable carbon offsetting and/or tracking of carbon footprint and capability to produce carbon reports. 11.Fees The agency will outline all fees that may be incurred in relation to the service. The agency does not currently charge a management fee for services, unless otherwise agreed. 12.Cardholder Policy Reight has a Data Protection Policy which acknowledges this threat, there are several precautions which can be exercised to limit the vulnerability of client information and maintain client privacy. These threats include perpetrators who may target a hotel as a non-guest, a guest, or an employee. In all three cases, it is essential that guests’ names, address, credit card information, and other personal information are protected