DISABLED ACCESS HOLIDAYS - PRIVACY POLICY 25th May 2018

• We've added some clarifications in the Privacy Policy to make it more transparent how we handle and safeguard your personal information
• We've updated the policy to explain your privacy rights.
• We've provided you more information about how you can take control of what cookies are used on your computer.
• We completed a third-party privacy firm GDPR assessment, resulting in specific recommendations and GDPR readiness actions.

DAH acts as a data controller in the United Kingdom for the purposes of any relevant data protection laws. The data you provide is processed fairly and lawfully and used only for the purposes set out in this policy.

DAH will collect personal information data about you in accordance with our legitimate interests as a data controller. Personal information includes your name, contact details and any other data that can be used to identify you. DAH does not store any sensitive personal data.

DAH process personal information for certain legitimate business purposes which include some of the following:

• To book your holiday with suppliers (suppliers includes but are not restricted to The Global Travel Group(our franchise for ATOL Bonding), airlines, hotels, taxi suppliers and equipment suppliers)
• For customer service enquiries
• For the purpose of communication
• To improve user experience on the DAH website(e.g. website chat)
• To carry out our obligations arising from any contracts that DAH enters into with third parties in relation to providing your holiday
• Where you have consented to being contacted, send you promotions, offers and market information
• To facilitate DAH's payroll and invoicing processes

All personal data in digital format is stored on in-house computer systems. These computer systems are password protected. Some of this information will be stored in cloud and backup systems. (Including, but not limited to Dropbox and Norton)

All personal data in paper format is stored in locked cabinets. This includes chronologically ordered sets of manual records containing personal data.

DAH do not store customer credit card numbers or any other payment information other than invoices, statements and confirmation of payments. Credit card details taken by phone are shredded immediately.

Under GDPR Data Subjects have the right to access their personal data. If you wish to request a copy of the personal data we have stored on our system relating to you, please email your request to disabledholidays@rtctraveluk.com. Please Note: for security purposes your request must be made using the exact email address your request relates to. We will undertake your request within 30 days of submission.

Some personal data that you provide to us may be passed on to our suppliers and other third parties as specified above. Some of these are located outside of the European Economic Area. When we transfer your personal information outside this area, we will take steps to ensure that your privacy rights continue to be protected.

At DAH we hold personal data for "as long as is necessary" to adhere to our statutory and contractual obligations and in line with our legitimate interests as a data controller. "As long as necessary" considers data processing of holiday bookings as well as to comply with financial services regulations (e.g. accounting and tax).

The GDPR introduces a right for Data Subjects to have personal data erased. This is known as 'the right to be forgotten'. A request to delete personal data should be made by email. Please email your request to disabledholidays@rtctraveluk.com.

When we receive a delete request we may require further identity verification or to clarify your request. In order to fulfil our legitimate interests as data controller, we may refuse your delete request based on the "as long as necessary" obligation described above.

DAH will delete personal data after the "as long as necessary" period if we have not had any meaningful contact with the Data Subject or if we do not hold any records on you that are in our legitimate interests to keep. "Meaningful contact" means contact that adds to the information we already have about you.

We also keep all payroll records, holiday pay, sick pay and pension's auto-enrolment records for as long as is legally required by HMRC and associated national minimum wage, social security and tax legislation.

We use Mailchimp for all our marketing campaigns and there is always a link to unsubscribe at the bottom of the email. Our marketing campaigns include information about special offers and the latest products to be added to the website

If you wish to contact us about any of this or request that we delete you from our mailing list then please email disabledholidays@rtctraveluk.com

• Firewalls including anti-spyware software
• Anti-virus software (Norton)
• Anti-spam filters
• All data is backed up daily
• All files/data are stored on password protected systems
• Only employees who need the information to perform a specific job (for example, travel consultants, our accounts clerk or a marketing assistant) are granted access to your information.

DAH uses all reasonable efforts to safeguard your personal information. However, you should be aware that the use of email/the Internet is not entirely secure and for this reason DAH cannot guarantee the security or integrity of any personal information which is transferred from you or to you via email/the internet.

The following information is transmitted by us across the internet:

• Correspondence with suppliers to fulfil a holiday booking on behalf of the customer (usually but not limited to the lead passenger name, contact phone number, and flight information). This is usually done by email.
• API (advanced passenger information) directly to the relevant airline website. This includes passenger name, passenger nationality, passenger ID number (usually passport), and passenger date of birth. Please Note: All API information on paper is shredded once entered into airline website. API information received by email is permanently deleted.
• Information for ATOL bonding (The Global Travel Group). This include lead passenger name, address and contact number. This information is firstly stored on a local password protected database and subsequently transmitted to a Global server (The Global Travel Group) daily.
• DAH might occasionally share information with a 3rd party via Dropbox.

In the unlikely event of any data breach, we will notify the appropriate supervisory authority within 72 hours of discovering the breach.

In the unlikely event of such a data breach resulting in a high risk to the rights and freedoms of individuals, we will notify those individuals wherever feasible within 72 hours of discovering the breach.

Any queries or complaints relating to our data protection policy, should be directed to our Data Protection Officer via email: disabledholidays@rtctraveluk.com. We will aim to respond to any requests within 5 working days of receipt.

The DAH website monitors how visitors use its website to improve services. The information collected does not allow any individual to be identified, and is only be used to understand the website users better. We may also undertake marketing profiling to help us identify services that may be of interest to you.

This website uses cookies. A cookie is a small piece of information that is stored on your PC. Cookies help sites remember information about your visit, like your cart information and other settings. With this information, sites can make your next visit easier and the site more useful to you. When using the Disabled Access Holidays site for the first time you will be required to accept our cookie policy.

Any changes to this Privacy Statement will be updated on this website as and when it is required. If at any time we use personal data in a significantly different manner than from stated in this statement, we will notify you and you will be able to decide if we are able to use this information in the new manner.

If you do not agree with how we process your personal data as outlined in this policy, please do not submit any data to us.

If you have any questions, comments or requests regarding this policy, the Disabled Access Holidays Site or our products, please email us at: disabledholidays@rtctraveluk.com. Alternatively, you can call us on: 03333 355615 or 01924 283 803.