For over 30 years, IBT Travel Ltd (‘IBT’) has been specialising in the provision of Educational Tours, School Ski Trips and Golfing Tours in the UK and Europe. Trust and respect sit at the heart of the relationships we have with schools, pupils, tour organisers and golfers. Applying high standards of privacy and security to the personal data shared with us, helps us to maintain these principles and deliver the outstanding service our clients expect of us.
This privacy statement explains how and why we collect and process personal data. This relates to personal data you share directly with us – as a trip or tour participant, as one of our third party service suppliers and as one of our activity or excursion providers. It also relates to personal data collected and shared with us by third parties – such as a school representatives, group leaders and tour organisers – which they then share with us on your behalf. Where a third party has shared your personal data with us, we trust that they have informed you about the processing and sharing of your data. If you are applying for employment with IBT, please access our Recruitment Privacy Notice.
For the purpose of the Data Protection Legislation and this notice, IBT is the ‘data controller’. This means that we are responsible for deciding how we collect and process personal data about you. Personal data is defined as any information relating to an identified or identifiable natural living person – a ‘data subject’. This privacy notice also provides information about your rights as a ‘data subject’.
IBT will always be open, honest and transparent with you regarding the collection and processing of your personal data. We will make sure this privacy notice is available on our website or in paper format where required. Our staff who interact with you as a data subject or when you ask us to process data for associated data subjects, are responsible for ensuring that this notice is drawn to your attention prior to any personal data being processed.
When we say ‘we’ or ‘us’ or ‘our’, we are generally referring to ‘IBT’ which is the trading name of IBT Travel Ltd.
IBT Travel Ltd is a company registered in Scotland. Company No SC299214.
Our Registered Office is IBT Travel Ltd, Cairn House, 15 Skye Road, Prestwick, KA9 2TA.
We collect your personal data through a number of sources, such as:
- When you communicate with us by phone, email, our website ‘contact us’ facility, via Facebook or LinkedIn
- When you complete or your data is included on booking forms, supplementary information documents, passengers lists, ski hire documents and registration forms, excursion and tour forms
- When group representatives or group leaders share your data with us in order to book travel, accommodation and any other facilities on your behalf
- Where you request to take part in any additional outdoor activities or excursions we provide
- When you make any complaints regarding the service you have received
- Where you have been involved in any accidents or incidents during your tour or trip
- When we call or visit you to progress, update or review any agreements or contracts to supply us with goods or services
- When we arrange a contract with you or when we agree to purchase products or services from you
- In the administration of our relationship with you
- Through the fulfilment of our contractual obligations
We are committed to ensuring the data we collect and process is accurate, up to date, appropriate, not excessive, not retained for longer than required and does not constitute an invasion of your privacy.
We may process your personal data when you contact us through our website, when you make any enquiries to us, for the performance of any booking, contract or agreement we have in place with you or with a third party acting on your behalf and for our own legitimate interests, provided that those interests do not override any of your own interests, rights and freedoms which require the protection of personal data. This includes processing for marketing, provision of future services, business development, statistical and management purposes.
In circumstances where we request your consent for the processing of personal data, you also have the right to withdraw your consent to processing your personal data. We will record the withdrawal of your consent and no further marketing will be sent to you.
The data we hold and process for you will depend on the relationship you have with us, the enquiries you have made and the bookings and services you have requested from us. Additionally, we will hold personal data in relation to the provision of products or services we may request from you.
Typically, we may hold:
- Names, Addresses – personal, school or business
- Email address and telephone contact numbers – personal, school or business
- The name of your school and your position within the school
- Your company or organisation name and nature of your business or organisation
- Details of the trips, excursions and any additional services you may have enquired about
- Details of any previous, current and future booking(s) you may have made with us
- Details of the excursions and any additional activities you took part in during your trip
- Information required for the provision of travel, accommodation, specialist tuition and equipment, including – Passport identifier, date of birth, gender, height, weight, shoe size and head size
- Records of any special requirements you have informed us of
- Details of any relevant dietary, medical and disability information you disclosed to us
- Emergency contact information
- Details of the services and products you currently provide or have previously provided to us
- Records of correspondence and communications with you
- Records and detail regarding any complaints or enquiries you make to us
- Your requests and preferences regarding marketing information and how you would wish to receive this information
- Information from other sources, such as publically available information, local authority information, specialist directories, google searches and existing records
We may collect and store personal data for a number of reasons:
- To understand your needs and how we can meet them
- To provide you with information about the tours and services you have requested from us
- To provide you with information about tours, trips and services we feel may be of interest to you now or in the future
- To fulfil our booking or contractual obligations and to meet agreements we have put in place with you
- To manage our relationship with you
- To maintain administration records for you
- To respond to your feedback and ideas
- To notify you of any changes to our services
- To verify identification where required
- To communicate with you by post, email or phone
- To analyse the suitability and relevance of the tours, trips and services we provide
- To plan and manage third party travel, hotel and activity relationships we have with you
- To investigate and respond to any complaints you may make
- To investigate and respond to any complaints made about you as a service provider
- To process financial transactions, invoicing and maintain group arrangements
- To prevent and detect crime, fraud or corruption
- To meet legal, regulatory, statutory and ethical responsibilities
IBT will keep your personal data for as long as is necessary to fulfil the purposes for which it was collected.
Where we process personal data in relation to Travel Insurance we have provided, we will normally retain this for 7 years.
Where we process personal data relating to minors, we will typically retain this information until they reach the age of 21.
We may keep data for longer in order to establish, exercise or defend our legal rights.
When we assess the appropriate retention period for your personal data, we will consideration the following:
- The requirements of our business, the services we provide to you and the products and services you provide to us
- Any legal or statutory obligations
- The purposes for which we originally collected the personal data
- The lawful grounds on which we based our processing
- The types of personal data we have collected
- The amount and categories of your personal data
- If the purpose of processing your personal data could be reasonably fulfilled by any other means
We may share your personal data within IBT and with third party services providers, organisations or individuals where:
- It is required to fulfil and deliver the services you have contracted us to provide
- There is a legal obligation to do so
- Where we have a contract or agreement in place with you to provide us with services
- Where it is requested by a public or regulatory authority – such as police or HMRC
- Where we are bound by any code of practice
- In the event of a complaint from you, your group leader or school representative regarding one of our third party service providers
- Where it is a requirement in administrating our relationship with you
- Where we have a legitimate interest to doing so
Where we may require the services of third party service providers – such as specialist instructors, ski representatives, tour guides, coach operators, ferry operators, airlines, hoteliers, activity providers, consultants, auditors and accountants, banking services, administration or HR services, I.T systems maintenance. – we may be required to share your data with them in order for them to fulfil the contracts we have in place with them and where it is in our legitimate interests to do so.
We do not share your information with third parties for the purpose of marketing products and services offered by them.
If we intend to transfer your personal data to a third country or share with an international organisation, we will put measures in place to do so securely. Some countries which meet a minimum standard of data protection have been approved by the EU for sending personal data to. We will also protect the transfer of your data through alternative safeguards, such as, Binding Corporate Rules, Model Contracts and Clauses approved by the EU.
Although we take all necessary steps to provide the best security available and do our best to protect your personal data, the transmission of data on the internet can never be completely secure. We cannot guarantee the security of data collected electronically and transmitted to our site and need to make you aware that any transmission is at your own risk. Where a password may be needed to access areas of our site, it is your responsibility to keep these passwords secure and confidential.
Once we have received your data, we use strict procedures and security features to try to prevent unauthorised access to your data. Our staff are all trained on confidentiality, data protection and security when they join IBT and on a regular basis whilst employed by us.
We limit access to our offices to those who require access and have a right to be there – using passes, keys and other technology. We also have a risk framework in place including the appropriate policies and procedures required to keep your data secure. IBT uses secured servers to hold all information and data provided by you and any payment transactions are encrypted for safety measures. We apply controls and access restrictions across all of our technology platforms and review and test these at regular intervals.
Through the contracts and security measures we put in place, any third parties that we may share your data with are obliged to keep your details secure and to use this data only to fulfil the service they provide to you on our behalf. When they no longer need your data to fulfil this service, they will dispose of the details in line with our procedures. If we wish to pass your sensitive personal data onto a third party we will only do so once we have obtained your explicit consent or for the fulfilment of a contract we hold with you, unless we are legally required to do otherwise.
Whilst we are processing your personal data at IBT, as a ‘data subject’, you have the following rights:
- Right to be informed: Before we start to collect and process your personal data, you have the right to be informed about our Privacy Notice and Data Protection Policy
- Right of Access: By submitting a ‘Subject Access Request’, you have the right to request access to the personal data held by us as a Data Controller
- Right of Rectification: Where you feel that the information we hold about you is inaccurate or incomplete, you have the right to request that we correct your personal data
- Right to be forgotten: When you feel we no longer need your personal data for the purpose it was obtained for or where you have withdrawn your consent to us processing your data, you have the right to ask us to delete and erase your personal data
- Right to restrict processing: Where you feel the personal data we are processing is inaccurate or where you feel your personal data is no longer needed but you want us to retain it for any possible future reference, you have the right to restrict our processing of your personal data
- Right to data portability: Where we hold data electronically about you, in certain circumstances, you have the right to ask us to transfer this data to another organisation
- Right to object: You have the right to object to certain types of processing of personal data, such as direct marketing
- Rights related to automated decision making and profiling: When we use your personal data to make decisions on an automated basis and where this has a legal or significant impact on you, you have the right to have access to an individual who can review and reconsider the decision. This right applies where you have given us your explicit consent and where it is necessary for the entry into or performance of a contract with you.
If you submit a Subject Access Request, IBT can confirm the data and information held about you and how we process it. If we process your personal data, you can request the following information from us:
- Who is the person or organisation that decided how and why to process your data
- Where applicable, the contact details of their Data Protection Officer or Controller
- The contact details of our Data Protection Co-ordinator
- The legal basis for processing data and the purpose of the data processing
- Where personal data is being processed based on our legitimate interests or the legitimate interests of a third party, we need to be able to confirm what these interests are
- Which categories of personal data are collected and processed
- Who we share your data with or disclose your data to
- If we intend to transfer your personal data to a third country or share it with an international organisation
- How long we will store your data
- Confirmation of your Data Subject Rights to ask us to correct, erase, restrict, transfer or object to processing your personal data
- Details regarding your right to withdraw your consent at any time
- The process to lodge a complaint with the ICO as the UK’s data protection supervisory authority
- We will clarify if the provision of your personal data is due to a statutory or a contractual requirement
- Where it is required to enter into a contract between us, if you are obliged to provide the personal data and any consequences possible if you fail to provide the personal data required
- Where your data was not collected directly from you, confirmation of where your personal data was sourced from
- If your personal data has been used in any automated profiling or decision making, confirmation of the processing and logic which was used, along with any outcome or consequences of the processing
We will normally respond to your request to access your data within one month from the date it is received. However, in some cases, we may need to extend this to three months. We will always write to you within one month of receiving your original request to tell you if this is the case.
A copy of your personal data is usually provided free of charge. However, we can charge a ‘reasonable fee’ where we find that the data requested is excessive or unfounded and in particular if the request is a repetitive one.
If you wish to speak to us or question anything in this notice relating to how we collect, store or process your personal data, please email us at email@example.com or write to our Data Protection Co-ordinator at:
IBT Travel Ltd
15 Skye Road
We hope you don’t need to make a complaint about how we process your personal data or how a complaint has been handled. If you feel you do wish to complain, you have the right to complain through our Data Protection Co-ordinator as detailed above and the supervisory authority at the contact details below:
UK Data Protection Regulator
The Information Commissioner’s Office (‘ICO’)
or email ico.org.uk/concerns/
This policy was last updated on 23rd May 2018
Cookies are used to collect general online usage by using a cookie file. If used, a cookie file is downloaded without prompting. It will be placed on your hard drive with information transferred to the hard drive allowing the cookies to be used for data collection. The data gathered is solely statistical data, which may be shared with advertisers. No personal details will ever be shared. A cookie is used to help to provide the appropriate services and products to you and to improve the overall website characteristics we offer you.
Any computer has the option to decline cookies. Your web browser options include an “enable” button to decline cookies. It is imperative that you understand by declining cookies you may be limiting your access to sections of our website.
Links may be discovered on our site that belongs to third parties. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.