Limosa Holidays is the trading name of an unincorporated travel partnership owned and operated by partners Chris & Barbara Kightley, with offices at Stalham (Norfolk) in the UK. For simplicity throughout this notice, 'we', 'our' and 'us' means the Limosa Holidays partnership.
This Privacy Notice details the types of personal data we may collect from you when you interact with us. It also explains how we'll store and handle that data, and keep it safe.
We hope the following sections will answer any questions you have, but if not please do get in touch with us.
What data do we collect from you?
Our main aim in gathering your personal information is to provide you with a customised service and fulfill our obligations to you when you book a holiday with us.
When you contact us by phone, email, online or in person at events such as a trade fair - for example, to request a brochure, newsletter or to join a guided BirdWalk - we may collect the following information:
- your name, contact information including postal address, telephone number(s) and/or email address.
Where you have booked or are in the process of booking a holiday with us, we may additionally keep a record of:
- your gender, rooming preferences, passport details (including your date and country of birth, nationality, passport number, place of issue, and dates of passport issue and expiry), any dietary preferences, health and insurance information, additional travel or transfer arrangements or special needs you wish to make us aware of, your next of kin and contact details in event of emergency.
We may also keep a record of:
- the date that you contacted us and how you first found us, booking-related emails and correspondence, tour feedback forms, and details of any previous bookings with us for the purposes of administering our Loyalty Scheme (Frequent Traveller Discount).
Please be assured that we will never:
- share, sell or distribute your personal data to any third parties except where a booking has been made with us and we have your consent (see following), or we are required by law to do so.
- collect or store any financial information such as your bank account or payment card details on our database.
What we do with the data we collect from you
Provided you have given your consent, we may from time to time mail you with our annual brochure and occasional printed newsletters, or send you our email newsletters, including tour news, new tours, special offers or other information which we think may be of interest to you.
Where you have booked on a tour with us, we may need to share personal data such as passport details, dietary and health details with trusted third parties to enable us to supply and fulfill the goods or services you’ve requested.
By dealing with us, you are giving your consent to this use, which may include the transfer and disclosure of your personal data both within the UK and/or overseas for our ordinary business purposes.
Examples of the kind of trusted third parties we work with include:
- airlines, local service providers (e.g hotels), our local agents and our tour guide(s) in order to fulfill your holiday booking.
- IT companies who support our website, electronic mailings and other business systems. These companies may have access to personal information if needed to perform functions necessary to maintain our business, but will only be permitted by us to use such personal information for the purpose of performing that function (which may include one to which you have expressly given your consent) and not for any other purpose.
- mailing houses for the distribution of our brochures and newsletters
We’ll ensure that reasonable steps are taken to prevent third parties outside your country of residence using your personal data in any way that’s not set out in this Privacy Notice. We’ll also make sure we adequately protect the confidentiality and privacy of your personal data.
Prior to tour departure, we supply all tour participants with a Final Letter. This includes a list of the names of all participants on the tour, together with their home county and/or country. We will never disclose your personal contact details (such as postal address, email address or telephone numbers) to fellow travellers unless you have expressly asked us to do this.
How long do we keep your data?
Whenever we collect or process your personal data, we’ll only keep it for as long as is necessary for the purpose for which it was collected or the law requires.
We usually keep any general email correspondence with you for a period of five years, then delete it. We conduct periodic reviews of the personal data we hold online for both email and website and delete data that is no longer needed.
At the end of the retention period - which may be up to 7 years in accordance with HMRC requirements - all personal data associated with your booking will either be deleted completely or anonymised. For example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning.
We treat all personal data with the utmost care and take all appropriate steps to protect it.
Note that the internet is not a secure medium and we cannot absolutely guarantee the security of your personal information provided over the internet. However we have put in place various security measures as set out below:
Our website and associated databases are secured by 'https' technology and protected by certified firewalls in order to protect your personal information from access by unauthorised persons and against unlawful processing. Our website uses the latest technology with full backups. Access to your personal data is password protected. All outgoing and incoming email is scanned for viruses. Our system is regularly monitored for possible vulnerabilities and attacks.
If you are booking a tour via our website, your personal information can be safely and securely provided by using our online Booking Form. We are not privy to your payment card information when you book online. All online payments are handled via our secure server and payment service providers, SagePay. SagePay is fully approved as a Level 1 compliant provider under the Payment Card Industry Data Security Standard (PCI DSS). This is the highest level of compliance.
Working in partnership with the major credit card companies, SecurityMetrics Inc. is a leading provider of PCI DSS security solutions. Our website has met and complies fully with the PCI DSS requirements by passing a SecurityMetrics® Site Certification vulnerability scan, and is tested quarterly by them to ensure that the highest security standards are maintained.
A cookie is an alphanumeric identifier which asks permission to be placed on your hard drive through your web browser when you visit a website. Once you agree, it enables that website to recognise you and track the pages you looked at while visiting the site.
We only use this information for statistical analysis purposes and then the data is removed from the system. A cookie in no way gives us access to your computer or any information about you other than the data you choose to share with us.
Our site may place and access certain 'first party' cookies on your computer or device. First party cookies are those placed directly by us and are used only by us. We use these cookies to facilitate and improve your experience of our site, and to provide and improve our products and services. We have carefully chosen these cookies and have taken steps to ensure that your privacy and personal data is protected and respected at all times.
All cookies used by and on our site are used in accordance with current cookie law.
Before cookies are placed on your computer or device, you will be shown a cookie notification message requesting your consent to set those cookies. By giving your consent to the placing of cookies you are enabling us to provide the best possible experience and service to you.
You may, if you wish, deny consent to the placing of cookies; however certain features of our site may not function fully or as intended.
Certain features of our site depend on cookies to function. Cookie law deems these cookies to be “strictly necessary”. These are shown below. Your consent will not be sought to place these cookies, but it is still important that you are aware of them. You may still elect to block these cookies by changing your internet browser’s settings, but please note that our site may not work properly if you do so. We have taken great care to ensure that your privacy is not at risk by allowing them:
CSRFTOKEN (Strictly Necessary)
Required to protect the website from cross site request forgery
This cookie is strictly necessary for Cloudflare's security features and cannot be turned off.
In addition to the controls that we provide, you can choose to enable or disable cookies in your internet browser. Most internet browsers also enable you to choose whether you wish to disable all cookies or only third party cookies. By default, most internet browsers accept cookies but this can be changed. For further details, please consult the help menu in your internet browser or the documentation that came with your device.
You can choose to delete cookies on your computer or device at any time. However you may lose any information that enables you to access our site more quickly and efficiently (including, but not limited to, login and personalisation settings).
It is recommended that you keep your internet browser and operating system up-to-date. Consult the help and guidance provided by your internet browser or the manufacturer of your computer or device if you are unsure about adjusting your privacy settings.
Controlling your personal information
If you have previously consented to us using your personal data for direct marketing purposes, you may change your mind at any time and ask to be removed from our mailing list. Please phone, email or write to us to let us know.
If you no longer wish to receive our eshots you may click the 'Unsubscribe' link at the foot of every enewsletter we send you.
You are entitled to see the personal information held about you under the Data Protection Act 1998 and the General Data Protection Regulation (GDPR). If you wish to do this, please contact us.
If at any time you would like to correct or update the personal information we hold about you, please contact us.
By email: email@example.com
By telephone: 01692 580623
Or in writing: Data Protection Officer, Limosa Holidays, West End Farmhouse, Chapelfield, Stalham, Norfolk NR12 9EJ (United Kingdom)
Please ensure that the nature of your enquiry is clear, particularly if it is a request for information about the data we may hold about you.
last updated 26th March 2020