At Heidi we are committed to protecting your privacy when visiting our site or communicating with us. We adhere to the requirements of the EU General Data Protection Regulation (GDPR) and the Data Protection Act 1998.
We do update this Policy from time to time so please do review this Policy regularly. Last updated: 16/07/2018
We will only collect personal information from you by specifically asking for it:
When you make a booking with us online or over the telephone.
When you write to us, telephone or email us; or complete a form on our website to make an enquiry or other communication.
When you register with us to receive newsletters or email updates; and when you enter competitions or take part in surveys and customer feedback.
We may collect all or some of the following information relating to you or other members of your holiday party:
Names, dates of birth and contact details (email address, telephone numbers and billing address).
Credit/ debit card or other payment details.
Special requirements such as those relating to any dietary requirements (which may disclose your religious beliefs), disability or medical condition which may affect your chosen holiday arrangements.
Travel insurance details.
When we make your booking, we must use your information in the following ways:
We will use the names of all people on your booking to pass on to the providers of the services making up your travel arrangements such as airlines, hotels, ski hire suppliers, transfer operators or lift operators (who could be located outside the UK/EEA). They need this information in order to arrange and secure your travel arrangements. When we are required to do so, and only ever to adequately manage your booking, your information may be passed to our suppliers located outside the UK/EEA.
We will use the email address you give us to send you confirmation documentation and, with your specific consent, we will use it to contact you with future offers and information about the services we provide.
We will use the details of your travel insurance policy to contact relevant individuals and insurance companies in the event of an emergency involving you.
Your credit/ debit card or other payment details will be used to take authorised payments for your travel arrangements.
We need to understand any special requirements you have (such as those relating to any dietary requirement, disability or medical condition) so that we can check that the travel arrangements you have selected are appropriate for you. Where appropriate and with your consent we will pass this information on to the suppliers of your travel arrangements so that they can plan your travel requirements effectively.
The passport details of all members of the travelling party will be used in order to book flights and to expedite immigration processes when possible. We may also pass on other information relating to you for immigration, security and anti-terrorism purposes; or for any other purposes which a government authority determines appropriate.
We may need to use your personal information to comply with a relevant legal or regulatory obligation that we have. For example, in some countries, we are required to provide API to border control, customs and law enforcement officers at ports of entry and exit on your itinerary.
If you fail to provide us with this information, we may not be able to plan or confirm your booking. And/or (after we have confirmed your booking) we may not be able to assist in you checking into your hotel or notify your insurers about any emergency situations involving you.
Where we rely on consent to use your information, you have the right to withdraw that consent at any time. Please refer to the ‘Your Rights’ section of this policy for further details. Please note the implications if you withdraw your consent to us using your information as described.
Where applicable, we may disclose your personal information to any member of our group. This includes, where applicable, our subsidiaries, our holding company and its other subsidiaries (if any).
We may also disclose your personal information to third parties:
1. Where we provide information to our suppliers as detailed in the section above so that they have everything they need to allow your holiday to run smoothly.
2. Where we provide information to certain third party technology providers for the purposes of email marketing and online live chat services, or for the purposes of reviewing your experience with us.
3. Where we sell any or all of our business and/or our assets to a third party.
4. Where we are legally required to disclose your information.
5. To assist fraud protection and minimise credit risk.
These third parties have agreed to confidentiality obligations and to use any personal information we share with them or which they collect on our behalf solely for the purposes of providing their service to us.
Sometimes we will need to transfer your information outside of the UK in which case we will make sure that we transfer your information in a way that complies with the GDPR (for example in some circumstances we may ask you for your explicit consent to make a transfer of your information).
We will never sell your information to any third parties.
Information is stored by us on secure servers located in the UK. We may transfer the information to other to other reputable third party organisations as required in order for us to fulfil our obligations to you – they may be situated inside or outside the European Economic Area.
Details relating to any transactions entered into on our website will be encrypted to ensure their safety.
The transmission of information via the internet is never completely secure and therefore we cannot guarantee the security of data sent to us electronically and transmission of such data is therefore entirely at your own risk.
We also store information in paper files that are stored securely.
We will keep your information for only as long as we need it for or until such time as you instruct us to delete it.
We will only send you direct marketing in accordance with your marketing preferences. When we collect your name, postal and email address as part of our booking process or when you make an enquiry, we will ask you for your permission to make use of those details for these purposes and if you give us that permission, you can change your mind and ask us not to stay in touch at any time by contacting us via telephone on 0203 026 2490 email at [email protected] or by post to Pithay Studios, All Saints Street, Bristol, BS1 2LZ. We will never share information about you with third parties for their own marketing purposes. Be aware that if you unsubscribe completely from our marketing communications we may be unable to notify you of tailored offers to meet your needs.
You might find links to third party websites on our website. These websites should have their own privacy policies which you should check. We do not accept any responsibility or liability for their policies whatsoever as we have no control over them.
Google Analytics Demographics and Interest Reporting. Heidi uses data from Google’s Interest-based advertising or 3rd-party audience data (such as age, gender and interests) with Google Analytics to inform our marketing strategy.
Visitors can opt out of Google Analytics for Display Advertising and customise Google Display Network ads using Google’s Ad Settings page. Visitors can opt out of Google Analytics using this browser add-on.
This website uses the Facebook remarketing service to advertise on the newsfeeds of users that have previously visited the website. Users can choose to opt-out of these adverts by going to adjusting their ad preferences in their Facebook account. More information about adjusting ad preferences on Facebook can be found here.
You always have the right to review the personal information we keep about you. Your rights include:
The right in certain circumstances to have inaccurate personal data rectified, blocked, erased or destroyed
The right to prevent your data being used for direct marketing
The right of access to a copy of the information we hold about you (known as a subject access request)
If you wish to exercise any of these rights please contact us in writing at 63 Queens Square, Bristol, England, BS1 4JZ or by emailing [email protected]. Please note it is our policy to charge the statutory maximum fee of £10 for a subject access request.
For more information about your rights under General Data Protection Regulation, or to lodge a complaint, go to the website of the Information Commissioner’s Office at ico.org.uk