Privacy Policy
Privacy Policy
This Privacy Policy sets out how we, Coral Tree Travel Ltd, trading as Coral Tree, Unique Family Safaris (company number 12146405), registered office: Frogmore House, Ormond Place, Cheltenham, GL50 1JD, UK (“we” or “us”), collect and process your personal data through your use of this website, https://www.coraltreetravel.com (our “website“), or where we otherwise obtain or collect your personal information (such as over the telephone). This Privacy Policy was updated on 22 June 2021.
It is important that you read this Privacy Policy together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This Privacy Policy supplements the other notices and is not intended to override them.
We recommend that you print off a copy of this Privacy Policy and any future versions in force from time to time for your records.
Contents
- Summary
- Our details
- How we collect or obtain personal information about you
- Personal information we collect or obtain about you
- How we use your personal information
- How long we retain your personal information
- How we secure your personal information
- Our use of cookies and similar technologies
- Transfers of your personal information to other countries and safeguards used
- Your rights in relation to your personal information
- Your right to object to the processing of your personal information for certain purposes
- Consequences of not providing your personal information to us
- Changes to our Privacy Policy
- Changes to your information
- Children’s Privacy
- California Do Not Track Disclosures
- Copyright, credit and logo
Summary
This summary provides an overview of how we obtain, store and use your personal information. It is intended to provide a very general overview only. It is not complete and must be read in conjunction with the corresponding full sections of this Privacy Policy.
- Data controller: Coral Tree Travel Ltd, trading as Coral Tree, Unique Family Safaris
- How we collect or obtain your information:
- when you provide it to us (e.g. by contacting us, completing a checkout process, placing an order on our website, signing up to our newsletter)
- from your use of our website, using cookies
- occasionally, from third parties
- Personal information we collect: name, passport information, dates of birth, marital status, gender, contact details, dietary requirement Information, information about health Issues, data about previous transactions, details of marketing preferences information about your computer (e.g. your IP address and browser type), payment information (e.g. your credit or debit card details when making payment through our website), information about how you use our website (e.g. which pages you have viewed, the time you viewed them, and what you clicked on), information about your mobile device (such as your geographical location).
- How we use your personal information: for administrative and business purposes (particularly to contact you and process your holiday bookings), to improve our business and website, for advertising and analytical purposes, in connection with our legal rights and obligations and for certain additional purposes only with your explicit consent.
- Disclosure of your personal information to third parties: only to the extent necessary to run our business, fulfil any contracts we enter into with you, where required by law or to enforce our legal rights.
- Do we sell personal information to third parties: No
- How long we retain your personal information: for no longer than necessary, taking into account any legal obligations we have (e.g. to maintain records for tax purposes) and any other legal basis we have for using your personal information e.g. your consent, performance of a contract with you or our legitimate interests as a business.
- How we secure your personal information: using appropriate technical and organisational measures such as storing your personal information on secure servers, encrypting transfers of data to or from our servers, encrypting payments on our site via Secure Sockets Layer (SSL) and only granting access to your personal information where necessary.
- Use of cookies: we use cookies and similar information-gathering technologies such as web beacons on our website including analytical and targeting cookies. To find out more please visit our cookies policy here: https://www.coraltreetravel.com/cookie-policy/
- Transfers of your personal information outside the European Economic Area: we will transfer your personal information outside of the European Economic Area. Where we do so, we will ensure appropriate safeguards are in place.
- Your rights in relation to your personal information
- to access your personal information and to be informed about its use
- to correct your personal information
- to have your personal information deleted
- to restrict the use of your personal information
- to object to the use of your personal information
- to complain to a supervisory authority
- to withdraw your consent to the use of your personal information
- to use appropriate technical and organisational measures such as storing personal information on secure servers
- only granting access to personal information where necessary
- using a non-standard URL for logging in to the content management system
Contact Details
The Data Controller in respect of our website is Coral Tree, Unique Family Safaris (company number 12146405), registered office: Frogmore House, Ormond Place, Cheltenham, GL50 1JD, UK. You can contact the Data Controller by writing to Frogmore House, Ormond Place, Cheltenham, GL50 1JD or sending an email to hello@coraltreetravel.com.
We have appointed a data privacy manager who is responsible for overseeing questions in relation to this Privacy Policy. If you have any questions about this Privacy Policy, including any requests to exercise your legal rights, please contact the data privacy manager using the details set out above for the data controller.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
Third-party links
This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
The data we collect about you
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). We may collect, use, store and transfer different kinds of personal data about you which we have grouped together follows:
(A) Identity Data
This includes data relating specifically to your identity, such as your first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender.
(B) Contact Data
This includes data relating to how you may be contacted, such as your billing address, delivery address, email address and telephone numbers.
(C) Financial Data
This include data relating to your means and methods of payment, such as your bank account and payment card details.
(D) Transaction Data
This includes data relating to the transactions you have carried out with us, such as details about payments to and from you and other details of products and services you have purchased from us.
(E) Technical Data
This includes more technical data that we may obtain when you make use of our website, such as your internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
(F) Profile Data
This includes the data that we receive when you create a profile on our website and make use of that profile, such as your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.
(G) Usage Data
This includes information about how you use our website, products and services.
(H) Marketing and Communications Data
This includes your preferences in relation to whether or not you want to receive marketing from us and our third parties and also your communication preferences.
We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we will treat the combined data as personal data which will be used in accordance with this Privacy Policy.
Special Categories of personal data
We collect the following special categories of personal data about you. Details about your:
- dietary requirements which may disclose your religious or philosophical beliefs;
- health;
We collect and process the above data only where it is strictly necessary to do so in order to deliver the travel service that you have purchased. Furthermore, we will only collect and process the above special categories of sensitive personal data where you have provided us with your explicit consent to do so.
You are not under any obligation to consent to us processing your sensitive personal data. However, without your consent, we won’t be able to make the necessary arrangements to provide the travel services that you have booked or are attempting to book. As a result, if you do not provide your consent, we will be unable to proceed with your booking.
If you are happy to consent to our use of your sensitive personal data, you will also be able to withdraw your consent at any time. However, as this will prevent us from providing the travel service you have booked, we will be required to treat any withdrawal of consent as a cancellation of your booking and the cancellation charges referred to in our Booking Terms and Conditions available here https://www.coraltreetravel.com/booking-conditions/ will become payable.
If you fail to provide personal data
Where we need to collect personal data by law or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you.
In other words, where we require details from you in order to provide you with your chosen travel services, if you do not provide us with the necessary details then we will not be able to provide the services you have booked or are attempting to book.
In this case, depending upon when you fail to provide the necessary data, we may either not be able to process your booking or we may have to cancel your booking, in which case we will treat this as a ‘cancellation by you’ in accordance with our Booking Terms and Conditions available here https://www.coraltreetravel.com/booking-conditions/. We will notify you if we are unable to process a booking or are required to cancel a booking for this reason.
How we collect or obtain personal information about you
Information received from you via direct interactions
You may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
- make a booking of travel services;
- begin a live chat on our website;
- subscribe to our newsletter or other publications;
- request marketing to be sent to you;
- enter a competition, promotion or survey;
- give us some feedback; or
Information received about you from third parties
We may receive personal data about you from various third parties as set out below:
- Technical Data from analytics providers such as Google and Bing based both inside and outside the UK.
- Contact, Financial and Transaction Data from providers of technical, payment and delivery services including American Express, First Data, WorldPay and PTS, all based inside the UK.
- Identity and Contact Data and Special Category Data, from travel agencies and concierge services, all based Inside the UK, where you make a booking or an enquiry in respect of travel services which we will supply.
Please note that when using our website, you may be able to share information through social networks like Facebook and Twitter. For example, when you ‘like’, ‘share’ or review our services. When doing this, your personal information may be visible to the providers of those social networks and/or their other users. Please remember it is your responsibility to set appropriate privacy settings on your social network accounts so you are comfortable with how your information is used and shared on them. This will not be our responsibility.
We may also receive information about you from third parties such as our affiliates and business partners, (where authorised or permitted by law) as well as third parties with whom we have had no prior contact.
Information collected from your use of our website
We also collect information about your use of our website through cookies and similar technologies. As you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We may also receive Technical Data about you if you visit other websites employing our cookies. Our cookies policy sets out more of the information on how we use cookies and similar technologies to collect information about you. You can access our cookies policy via this link: https://www.coraltreetravel.com/cookie-policy/
Circumstances where we will provide you with the information in this Privacy Policy if we obtain your personal information from someone other than you
Where we obtain personal information about you from a source other than yourself, we will provide you with the information in this Privacy Policy unless:
- you already have the information;
- providing you with the information would prove impossible or would involve a disproportionate effort;
- we are under an EU or EU member state law obligation to obtain or disclose the information which provides appropriate measures to protect your legitimate interests; or
- we are obliged to keep the information confidential as a result of an obligation of professional secrecy regulated by EU or EU member state law.
Timeframes for providing you with the information in this Privacy Policy where we have obtained your personal information from a source other than you
Where we obtain personal information about you from a source other than yourself, and we are required to provide you with the information in this Privacy Policy, we will provide it to you at the following points in time:
- if we intend to use your personal information to communicate with you, at the point when we first communicate with you;
- if we envisage that we will disclose your personal information to a third party, when we disclose your personal information to that third party (at the latest); and
- in any other circumstances, within a reasonable period after obtaining your personal information (and in any event within one month at the latest), taking into account the specific circumstances in which we use your personal information.
How we use your personal information
We will only use your personal information when the law allows us. Most commonly, we will use your personal data in the following circumstances:
- Where we need to perform the contract we are about to enter into or have entered into with you.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal or regulatory obligation.
Generally we do not rely on consent as a legal basis for processing your personal data other than in relation to sending direct marketing communications to you via email. You have the right to withdraw consent to marketing at any time by contacting us.
Purposes for which we will use your personal data
We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.
Purpose/Activity | Type of data | Lawful basis for processing including basis of legitimate interest |
To register you as a new customer.
|
(a) Identity;
(b) Contact. |
Performance of a contract with you. |
To process and deliver your booking including:
(a) Manage payments, fees and charges; (b) Collect and recover money owed to us. |
(a) Identity;
(b) Contact; (c) Financial; (d) Transaction; (e) Marketing and Communications. |
(a) Performance of a contract with you;
(b) Necessary for our legitimate interests (to recover debts due to us). |
To manage our relationship with you which will include:
(a) Notifying you about changes to our terms or Privacy Policy; (b) Asking you to leave a review or take a survey. |
(a) Identity;
(b) Contact; (c) Profile; (d) Marketing and Communications. |
(a) Performance of a contract with you;
(b) Necessary to comply with a legal obligation; (c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services).
|
To enable you to partake in a prize draw, competition or complete a survey. | (a) Identity
(b) Contact (c) Profile (d) Usage (e) Marketing and Communications |
(a) Performance of a contract with you;
(b) Necessary for our legitimate interests (to study how customers use our products/services, to develop them and grow our business). |
To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data). | (a) Identity
(b) Contact (c) Technical |
(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise);
(b) Necessary to comply with a legal obligation. |
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you | (a) Identity
(b) Contact (c) Profile (d) Usage (e) Marketing and Communications (f) Technical |
Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy) |
To use data analytics to improve our website, products/services, marketing, customer relationships and experiences | (a) Technical
(b) Usage |
Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy) |
To make suggestions and recommendations to you about goods or services that may be of interest to you | (a) Identity
(b) Contact (c) Technical (d) Usage (e) Profile (f) Marketing and Communications |
Necessary for our legitimate interests (to develop our products/services and grow our business) |
To monitor our communications with you in order to check any instructions given to us, for training purposes, for crime prevention, to improve the quality of our customer service and to defend legal claims. | (a) Identity
(b) Contact (c) Technical |
(a) Necessary for our legitimate interests (to assist us in training our employees and defend our business in the event of a claim).
(b) Necessary to comply with a legal obligation |
To protect our business and our business interests, including for the purposes of credit and background checks, fraud and website misuse prevention and debt recovery | (a) Identity
(b) Contact |
(a) Necessary for our legitimate interests (preventing criminal activity such as fraud or money laundering, for ensuring that our website and services are not misused. Where we carry out credit and background checks, we will only carry out such checks to the extent that we are permitted or authorised by law to do so and to the minimum extent necessary)
(b) Necessary to comply with a legal obligation |
To communicate with our business advisors and legal representatives | (a) Identity
(b) Contact |
(a) Necessary for our legitimate interests (to obtain legal or professional business advice. In such circumstances, we will only share your personal information where it is necessary to do so, to the minimum extent necessary, subject to appropriate confidentiality restrictions and on an anonymised basis wherever possible)
(b) Necessary to comply with a legal obligation
|
To ensure physical, network and information security and integrity | (a) Identity
(b) Contact (c) Technical (d) Usage (e) Profile (f) Marketing and Communications |
(a) Necessary for our legitimate interests (to ensure that our IT systems and networks are secure and uncompromised, including, for example, preventing malware, viruses, bugs or other harmful code, preventing unauthorised access to our systems, and any form of attack on, or damage to, our IT systems and networks)
(b) Necessary to comply with a legal obligation |
In connection with any legal or potential legal dispute or proceedings | (a) Identity
(b) Contact |
(a) Necessary for our legitimate interests (to resolve disputes)
(b) Necessary to comply with a legal obligation |
To comply with laws, regulations and other legal requirements or indicate possible criminal acts or threats to public security to a competent authority | (a) Identity
(b) Contact |
Necessary to comply with a legal obligation
|
The processing of your personal information to comply with legal obligations to which we are subject applies to legal obligations of other countries where they have been integrated into the legal framework of the United Kingdom, for example in the form of an international agreement which the United Kingdom has signed. Where the legal obligations of another country have not been so integrated, we will process your information to comply with such obligations where it is in our legitimate interest to do so.
Use of your personal information only where we have your consent
We will process your personal information for one or more of the following purpose(s) only where we have obtained your consent to do so:
- To provide you with offers relating to goods and services we offer from time to time.
Opting Out
Where we process your personal information on the basis of your consent, you can withdraw your consent to such processing at any time by emailing us at hello@coraltreetravel.com or writing to us at Frogmore House
Ormond Place, Cheltenham, GL50 1JD. Where you opt out of receiving these marketing messages, this will not apply to personal data that you have provided to us as a result of a purchase of travel services or other such transactions.
Monitoring communications
We may monitor, record, store and use any telephone, email or other communication with you in order to check any instructions given to us, for training purposes, for crime prevention and to improve the quality of our customer service.
Disclosures of your personal data
We may have to share your personal data with the parties set out below for the purposes set out in the table earlier in this document.
(A) External Third Parties, including:
i. Suppliers of travel services acting as processors or controllers In common based in Kenya, Tanzania, Uganda, Seychelles, Maldives, South Africa, Botswana, Rwanda, Mozambique, Namibia, Zambia and Zimbabwe who provide the travel services that make up any booking of travel services that you make with us.
ii. Service providers acting as processors based in the United Kingdom who provide IT and system administration services.
iii. Professional advisers acting as processors or joint controllers including lawyers, bankers, auditors and insurers based In the United Kingdom who provide consultancy, banking, legal, insurance and accounting services.
iv. HM Revenue & Customs, regulators and other authorities acting as processors or joint controllers based in the United Kingdom who require reporting of processing activities in certain circumstances.
v. Providers of analysis of statistical information acting as processors such as Google Analytics and SOZO Design Ltd based in the United Kingdom who use this for research purposes, including market research, better understanding our respective customers, and tailoring our respective products and services to their needs.
vi. Providers of mail delivery services acting as processors, such as MailChimp based In United Kingdom to deliver out newsletter. For more information, please see MailChimp’s privacy notice: https://www.mailchimp.com/legal/privacy.
vii. Providers of review services acting as processors, such a Trustpilot based in the United Kingdom, to obtain feedback from clients regarding our services.
(C) Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Privacy Policy.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
Third-party marketing
We will get your express opt-in consent before we share your personal data with any other company for marketing purposes.
How long we retain your personal information
In general, we will retain your information for no longer than necessary, taking into account the following:
- the purpose(s) for which we are processing your personal information, such as whether it is necessary to continue to store that information in order to continue to perform our obligations under a contract with you or for our legitimate interests;
- whether we have any legal obligation to continue to process your information, such as any record-keeping obligations imposed by applicable law; and
- whether we have any legal basis to continue to process your personal information, such as your consent.
Where you contact us with an enquiry, we will retain your information for as long as it takes to respond to and resolve your enquiry, and for a reasonable further period, after which point we will delete your information.
How we secure your personal information
We take appropriate technical and organisational measures to secure your personal information and to protect it against unauthorised or unlawful use or processing as well as against the accidental loss or destruction of, or damage to, your personal information, including:
- only sharing and providing access to your personal information to the minimum extent necessary, subject to confidentiality restrictions where appropriate, and on an anonymised basis wherever possible;
- using secure servers to store your personal information;
- verifying the identity of any individual who requests access to personal information prior to granting them access to personal information;
- using Secure Sockets Layer (SSL) software or other similar encryption technologies to encrypt any payment transactions you make on or via our website;
- only transferring your personal information via closed system or encrypted data transfers;
Transmission of information (including personal information) over the internet is not entirely secure, and if you submit any information to us over the internet (whether by email, via our website or any other means), you do so entirely at your own risk. We cannot be responsible for any costs, expenses, loss of profits, harm to reputation, damages, liabilities or any other form of loss or damage suffered by you as a result of your decision to transmit information to us by such means.
Our use of cookies and similar technologies
Cookies are data files which are sent from a website to a browser to record information about users of a website.
We use cookies and similar technologies on or via our website. For further information on how we use cookies and similar technologies, including the information we collect through our use of cookies and similar technologies, please see our cookies policy, which is available via the following link: https://www.coraltreetravel.com/cookie-policy/
You can reject some or all of the cookies we use on or via our website by changing your browser settings, but doing so may impair your ability to use our website or some or all of its features. For further information about cookies, including how to change your browser settings, please visit www.allaboutcookies.org
We use Google Analytics on our website to understand how you engage and interact with it. For information on how Google Analytics collects and processes data using cookies, please visit www.google.com/policies/privacy/partners/. You can opt out of Google Analytics tracking by visiting: https://tools.google.com/dlpage/gaoptout
We use web beacons in our marketing emails and on our website. For information on how third parties use information gathered from our use of web beacons, please visit https://www.mailchimp.com. Some (but not all) browsers enable you to restrict the use of web beacons by either preventing them from sending information back to their source (e.g. when you choose browser settings which block cookies and trackers) or by not accessing the images containing them (e.g. if you select a “do not display images (in emails)” setting in your email server).
Transfers of your personal information to other countries and safeguards used
Many of our external third parties are based outside the European Economic Area (EEA) so their processing of your personal data will involve a transfer of data outside the EEA.
Where you have requested a booking for travel arrangements which are located or otherwise due to be fulfilled outside the EEA, we will have to transfer your personal data to the suppliers fulfilling or providing those travel arrangements outside the EEA in order to make your booking and for those suppliers to be able to provide you with the travel arrangements you have booked. Where we are unable to rely on one of the safeguards outlined below when transferring data to those suppliers outside the EEA, we will rely on the derogation under Article 49 of the UK GDPR in order to transfer your personal data to countries outside the EEA (as the transfer relates to the performance of a contract for your benefit), and you hereby permit us to do so. You also acknowledge that where your personal data is transferred outside the EEA, controls on data protection may not be as wide as the legal requirements within the EEA.
For all other transfers of data, where we transfer your personal information outside the European Economic Area, the country to which it is transferred will either be subject to an adequacy decision by the European Commission, or if not (or if we transfer your personal information to an international organisation), we will ensure that the transfer takes place on the basis of one or more of the following safeguards:
- data protection policies adhered to by the Data Controller and other companies and entities within our corporate group from time to time, which comply with applicable laws, known as “binding corporate rules” or “BCRs”;
- standard data protection clauses adopted by the European Commission or adopted by the Information Commissioner’s Office (ICO) and approved by the European Commission in accordance with relevant law;
- a code or codes of conduct produced by an association or other body approved by the ICO;
- an approved certification mechanism; or
- (where authorised by the ICO) contractual clauses between the Data Controller or processor and the Data Controller, processor or recipient of the personal information in the third country or international organisation.
Due to the nature of our business, personal information including names, dates of birth and nationality are shared with booked hotels, lodges and resorts.
If you would like to learn more about how your data is shared outside of the European Economic Area then please email hello@coraltreetravel.com.
Your legal rights in relation to your personal information
You have the following rights in relation to your personal information, which you can exercise by writing to the following address: Frogmore House
Ormond Place
Cheltenham, GL50 1JD or sending an email to hello@coraltreetravel.com:
- to request access to your personal information and information related to our use and processing of your personal information;
- to request the correction or deletion of your personal information;
- to request that we restrict our use of your personal information;
- to receive personal information which you have provided to us in a structured, commonly used and machine-readable format (e.g. a CSV file) and the right to have that personal information transferred to another Data Controller (including a third party Data Controller);
- to object to the processing of your personal information for certain purposes (for further information, see the section below entitled ‘Your right to object to the processing of your personal information for certain purposes’); and
- to withdraw your consent to our use of your personal information at any time where we rely on your consent to use or process that personal information. If you withdraw your consent, this will not affect the lawfulness of our use and processing of your personal information on the basis of your consent before the point in time when you withdraw your consent.
You also have the right to lodge a complaint with a supervisory authority, which, for the purposes of the UK, is the Information Commissioner’s Office (ICO), the contact details of which are available here: https://ico.org.uk/global/contact-us/
Further information on your rights in relation to your personal data as an individual
For further information about your rights in relation to your personal information, including certain limitations which apply to some of those rights, please visit the following pages on the ICO’s website:
- https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/; and
- https://ico.org.uk/for-the-public/is-my-information-being-handled-correctly/
You can also find out further information about your rights, as well as information on any limitations which apply to those rights, by reading the underlying legislation contained in Articles 12 to 22 and 34 of the General Data Protection Regulation (GDPR), which is available here: https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679
No fee usually required
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
Verifying your identity where you request access to personal information
Where you request access to personal information, we are required by law to use all reasonable measures to verify your identity before doing so. Where we possess appropriate information about you on file, we will attempt to verify your identity using that information. If it is not possible to identity you from such information, or if we have insufficient information about you, we may require original or certified copies of certain documentation in order to be able to verify your identity before we are able to provide you with access to your personal information.
These steps are necessary to verify your identity in order to reduce the risk of identity fraud or identity theft by persons other than yourself asking for access to your personal information. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Your right to object to the processing of your personal information for certain purposes
You have the following rights in relation to your personal information, which you may exercise in the same way as you may exercise the rights in the preceding section (Your rights in relation to your personal information):
- to object to us using or processing your personal information where we use or process it in order to carry out a task in the public interest or for our legitimate interests, including ‘profiling’ (i.e. predicting your behaviour based on your personal information) based on any of these purposes; and
- to object to us using or processing your personal information for direct marketing purposes (including any automated evaluation we make about you or any of your characteristics as a person, to the extent that it is related to such direct marketing).
You may also exercise your right to object to us using or processing your personal information for direct marketing purposes by:
- clicking the unsubscribe link contained at the bottom of any marketing email we send to you and following the instructions which appear in your browser following your clicking on that link;
- sending an SMS message containing only the words “OPT OUT” in reply to any marketing communication we send by text message; or
- sending an email to hello@coraltreetravel.com, asking that we stop sending you marketing communications or by including the words “OPT OUT”.
Whenever you object to direct marketing from us by a different communication method to that of the marketing communications you have received from us, you must provide us with your name and sufficient information to enable us to identify you in relation to the communications you have received (for example, if you have received text messages from us and you wish to unsubscribe by email, we may need you to provide us with your phone number in that email).
Consequences of not providing your personal information to us
Where you wish to purchase products or services from us, we require your personal information in order to enter into a contract with you. We may also require your personal information pursuant to a statutory obligation (in order to be able to send you an invoice for products and services you wish to order from us, for example).
If you do not provide your personal information, we will not be able to enter into a contract with you or to provide you with those products or services.
Changes to our Privacy Policy
We may change our Privacy Policy from time to time without providing prior notice to you. If required by law, we will make such changes to our Privacy Policy known to you by posting a notice on the website and/or by us posting an updated version of our Privacy Policy on our website with a new effective date stated at the beginning of it. Our processing of your personal information will be governed by the practices set out in that new version of the Privacy Policy from its effective date onwards.
Where we intend to use your personal information for a new purpose other than the purpose(s) for which we originally collected it, we will provide you with information about that purpose and any other relevant information before we use your personal information for that new purpose and obtain your consent if required.
Changes to your information
Please inform us of any changes to any information (including personal information) which we hold about you so we can keep the information we hold about you accurate and up-to-date.
Children’s Privacy
Because we care about the safety and privacy of children online, we comply with the Children’s Online Privacy Protection Act of 1998 (COPPA). COPPA and its accompanying regulations protect the privacy of children using the internet. This website is not intended for children and the only circumstances in which we collect data relating to children, is where you make a booking of travel services and you have children in your party.
It is possible that we may receive information pertaining to children under the age of 13 by fraud or deception. If we are notified of this, as soon as we verify the information, we will immediately obtain the appropriate parental consent to use that information or, if we are unable to obtain such parental consent, we will delete the information from our servers. If you would like to notify us of our receipt of information about children under the age of 13 other than In connection with a holiday booking, please do so by sending an email to hello@coraltreetravel.com.
California Do Not Track Disclosures
“Do Not Track” is a privacy preference that users can set in their web browsers. When a user turns on a Do Not Track signal in their browser, the browser sends a message to websites requesting that they do not track the user. For information about Do Not Track, please visit www.allaboutdnt.org
At this time, we do not respond to Do Not Track browser settings or signals. In addition, we may use other technology that is standard to the internet, such as pixel tags, web beacons, and other similar technologies, to track visitors to the website, or one of the affiliated pages. Those tools may be used by us and by third parties to collect information about you and your internet activity, even if you have turned on the Do Not Track signal.
Copyright, credit and logo
This Privacy Policy is based on a General Data Protection Regulation (Regulation (EU) 2016/769) (GDPR) compliant template provided by GDPR Privacy Policy. For further information, please visit https://gdprprivacypolicy.org
The copyright in this Privacy Policy is either owned by, or licensed to, us and is protected by copyright laws around the world and copyright protection software. All intellectual property rights in this document are reserved.
Where we display the GDPR Privacy Policy logo on our website, this is used to indicate that we have adopted a privacy policy template provided by GDPR Privacy Policy as the basis for this Privacy Policy.