This Privacy Notice sets out what information we collect, how we collect it and what we do with it. 

We have endeavoured to structure this notice in an easy to read and accessible way. We aim to be clear and transparent about the information we are collecting and what we do with that information.

It applies to you and is available on our website and through other channels. In all your dealings with us you must ensure that others you represent are aware of the content of our Privacy Notice and consent to your acting on their behalf.

The data controller is Velo Sierra Nevada.

In summary, we will:

1.    Only gather the essential information we need in order to provide you with your holiday you are looking for.

2.    Not share your information with anyone we don’t have to.

3.    Only send you relevant information and give you the option to unsubscribe.

4.    Only hold your information as long as we need to.

5.    Take all reasonable steps to store your information securely.

We will happily chat through our policy, feel free to call us if you have any questions. For the full details see below.

Information we hold about you

Your Personal Information

This refers to a combination of information such as your name, contact details including email phone number and address, travel preferences and arrangements, special needs/medical conditions/disabilities/dietary/height requirements, passport and emergency contacts that you supply to us or is supplied to us, your communication, enquiry and travel history with us, your use of our website including your social preferences, interests and activities and any information about other persons you represent (such as those on your booking).

Your information is collected when you contact us over the phone, by mail, by SMS, by email, or via our website; to make a booking; use our website to search for or request information about our holidays; make a general enquiry about our holidays; link to or from our website, connect with us via social media, and any other engagement we have with you.

We will update your information whenever we can to keep it current, accurate and complete.

The Personal Data we hold includes:
 

1. Identity Data including first name, last name and date of birth and passport details where relevant.
2. Contact Data including billing address, email address and telephone numbers.
3. Financial Data including bank account and payment card details.
4. Health Data including information relating to special needs, medical conditions and disabilities.
5. Dietary Data including allergies and dietary preferences.
6. Travel Data including details of travel arrangements, emergency contacts and travel insurance where relevant.
7. Usage Data including information about how you use our website. Transaction Data including details about payments to and from you and other details of bookings you have made in the past.
8. Marketing and Communications Data including your preferences in receiving marketing from us and our third parties and your communication preferences.

Please remember, most of the personal information, and all of the marketing preferences we hold on you can be accessed and updated by contacting Velo Sierra Nevada directly.

How we collect your data

We collect your data in a couple of ways:

1. You providing us with data directly, through forms on our website, WhatsApp, email or phone. This covers the majority of the data we list above. 
2. Automatically (with your consent) through your interactions with our website. This is primarily data on how you browse our website.

What we do with your information and who we share it with

(1) We use your information to carry out our obligations arising from your holiday booking and subsequent contracts entered into between you and us and to provide you with the information, products and services that you request from us; to communicate and notify you about changes to our service; and where relevant, to provide customer support and assistance services.

(2) To enable us to administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes as part of our efforts to keep our site safe and secure.

(3) For the purpose of providing you with our holidays, services, security, incident/accident management or insurance etc we will need to pass on your information to our suppliers (including but not exclusively accommodation, transfer companies, guides) and other bodies within the UK where the same data regulations apply. There may be instances where local authorities require certain information for security or anti-terrorism purposes or any other purposes which they determine appropriate. These requirements may differ depending on your destination and you are advised to check. Even if not mandatory, we may exercise our discretion to assist where appropriate.

(4) We collect and process your information for the purposes set out in this document and share the same with other companies for business purposes and our service providers who act as “data processors” on our behalf. These purposes include, administration, quality and improvement related activities, customer care, product development, business management, operation and efficiencies, health and safety and risk assessment/management, legal and security, fraud and crime prevention/detection, monitoring, research and analysis, social media, reviews, advertising and marketing, loyalty programmes, profiling customer purchasing preferences, activities and trends, dispute resolution/litigation, credit checking and debt collection. These specifically include but is not exclusively restricted to:

·         If we exchange email with you our email system is provided by Microsoft Corporation in the European Union. 

·         If you choose to pay online via our website, your details are processed by Stripe.

·         Business associates and other professional advisers.

·         Employees and agents of the data controller.

·         If you were to make a complaint, share information with trade and professional bodies.

·         Police forces and private investigators.

·         Ombudsmen and regulatory authorities. 

(5) We will disclose your personal information to other third parties: 

·         In the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets.

·         If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use or terms and conditions of supply and other agreements; or to protect the rights, property, or safety of Velo Sierra Nevada, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction. 

(6) Information (such as health) may be considered “special category data” under the General Data Protection Regulation. We collect it to provide you with our services, cater to your needs or act in your interest, and we are only prepared to accept sensitive personal data on the condition that we have your positive consent. By booking with us you also agree for your insurers, their agents and medical staff to exchange relevant information and sensitive personal data with us in circumstances where we/they need to act on your behalf or in the interest of passengers or in an emergency. 

If you do not agree to ‘What we do with Your Information and who we share it with’ above, we cannot engage/do business with you or accept your booking. If there is something you feel particularly concerned about do please contact us on info@velosierranevada.com

Your marketing material preferences

(1) Using your information, we may from time to time contact you with or make available to you (directly or indirectly) information on offers of goods and services, brochures, new products, forthcoming events or competitions from us.  You will have the choice to opt out of receiving such communications by indicating your choice at the booking or enquiry stage. You will also be given the opportunity on every e-communication that we send you to indicate that you no longer wish to receive our direct marketing material.

(2) We will try and tailor the information you receive or see; this will enable us to make available to you more personalised and relevant communications. You can inform this by checking certain boxes on the forms we use to collect your data. You can also ask us at any time by contacting us.

(3) We will assume you agree to other general email communication when you make an enquiry, an e-booking or provide us with your email in other situations such as, competitions, promotions, prize draws and social media.

(4) If you do not wish to receive such information or would like to change your preference, please refer to “Your Rights” below.

The basis on which we might use your personal data.

We will only use your personal data where one or more of the following apply:

(1) You have given your consent to the use (which you can withdraw at any time by notifying us), or

(2) It is necessary for the performance of a contract between us, or for the taking of steps at your request with a view to entering into a contract, or

(3) It is necessary for compliance with a legal obligation that we must comply with, or

(4) It is necessary in order to protect your interests.

(5) It is either the disclosure of personal data by us as a member of an anti-fraud organisation or otherwise in accordance with any arrangements made by such an organisation; or any other use by us of personal data, and it is necessary for the purposes of preventing fraud or a particular kind of fraud.

(6) It is necessary for us to pursue our legitimate interests such as marketing our services in the appropriate circumstances for example where you have used our services and have not objected to receiving information about further services of a similar nature.

How long will we hold your personal data for?

We will keep your data only for as long as it is necessary for the particular purpose or purposes for which we hold it unless there are any legal or operational reasons to hold it for a longer period.

To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the personal data, the purposes for which we process it, and whether we can achieve those purposes through other means.

We must also consider periods for which we might need to retain personal data in order to meet our legal obligations or to deal with complaints, queries and to protect our legal rights in the event of a claim being made.

When we no longer need your personal data, we will securely delete or destroy it.

Your rights

You have the following basic rights when it comes to your data and can:

1. Request access to your personal data.
2. Request correction of the personal data VSN hold.
3. Request erasure of your personal data.
4. Object to processing your personal data where VSN are relying on a legitimate interest.
5. Request restriction of processing your personal data.
6. Withdraw consent at any time where the processing of the data relies on consent. 

In addition; 

(1) On completing our Data Subject Access Request form. You can ask to see a copy of the information that we hold about you, and for corrections to be made to any incorrect information. We want to be as helpful as possible and, in most cases will provide the information within one month of your request. We do not have to provide information in all cases including where it would involve disclosing information about another person or where a request is excessive or manifestly unfounded.

(2) You have the right to receive the data concerning you in a structured, commonly used and machine readable format and you have the right to transmit the data to another controller.

(3) You can also ask us for the following information: 

·         the purposes of the processing. 

·         the categories of personal data concerned.

·         the recipients or categories of recipient to whom the personal data have been or will be disclosed. 

·         where it is possible for us to provide the information, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period.

·         where we have not collected the data from you, any available information as to their source. 

(4) You can ask us to erase any data that we hold about you where one of the following grounds applies: 

·         the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed. 

·         you withdraw your consent to the processing and there is no other legal ground for the processing.

·         you object to processing on grounds relating to your particular situation and our legitimate grounds for processing do not override your interests. 

·         you object to processing for direct marketing purposes. 

·         the personal data have been unlawfully processed. 

·         the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which we are subject. 

(5) We are not required to erase your data where we need to process your data: 

·         for exercising the right of freedom of expression and information. 

·         for compliance with a legal obligation which requires processing by Union or Member State law to which we are subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in us. 

·         for reasons of public interest in the area of public health. 

·         for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes so far as the erasure of data is likely to render impossible or seriously impair the achievement of the objectives of that processing, or for the establishment, exercise or defence of legal claims. 

(6) You can ask us to restrict our processing of your data where one of the following applies: 

·         you contest the accuracy of the personal data we hold about you for a period enabling us to verify the accuracy of the personal data.

·         the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead. 

·          we no longer need the personal data for the purposes of the processing, but the data are required by you for the establishment, exercise or defence of legal claims. 

·         you object to processing on grounds relating to your particular situation pending the verification of whether our legitimate grounds for processing override your interests. 

 (7) You have the right to ask in writing not to receive direct marketing material from us at any time. You can amend your previous preference on our website through use of the “unsubscribe” facility in our direct marketing, opt out of personalised emails or refer to our literature containing instructions. Once properly notified by you, we will take steps to stop using your information in this way.

There is no fee usually required when exercising any of your rights other than where the request is clearly unfounded, repetitive or excessive. VSN may charge a reasonable fee or alternatively may refuse to comply with the individual’s request in these circumstances.

Foreign Controls

Outside the UK, data protection controls may not be as strong as the legal requirements in this country. 

Use of tools/”cookies” and links to other websites

If our contact and dealing with you is via our website or other e-platforms where our advertising is displayed, cookies may be used. Other e-platforms may have different options and instructions. By using our website, you consent to our use of cookies.

Our website may contain links to third party websites or micro-sites not controlled or owned by us. For example, reference sites or ancillary products and services sites or websites. It is your responsibility to check the status of these sites before using them. Please read carefully their applicable terms and conditions.

Monitoring

To ensure that we carry out your instructions accurately, improve our service and for security and fraud, we may review, monitor and/or record: (1) telephone calls; (2) activities using CCTV in and around our premises; (3) transactions and activities at all points of contact; and (4) web, social media and app traffic, activities, etc. All recordings and derivative materials are and shall remain our sole property.

Security Statement

We have taken all reasonable steps and have in place appropriate security measures to protect your information in accordance with this privacy notice.

The data that we collect from you may be transferred to and stored at a destination outside the UK. It may also be processed by staff operating outside the UK who work for us or for one of our suppliers. This includes staff engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data and have contractual processes in place with our business partners to do this, we cannot guarantee the security of your data transmitted to our site. Once we have received your information, we will use relevant procedures and security features to try to prevent unauthorised access.

Advice and Assistance

Should you be dissatisfied with the way that we are handling your data and you are unsatisfied with our response, you also have the right to lodge a complaint with the UK Information Commissioner’s Office. You can call their helpline on +44 (0) 303 123 1113 or https://ico.org.uk/concerns/. Alternatively you may choose to speak to your own national data protection regulator if you are outside the UK.