Travel & Leisure Group Ltd is committed to respecting and protecting your privacy as a visitor to our website. We take the issue of privacy very seriously and value the trust you place in us each time you use our services and access this website. This Privacy Notice describes the practices and policies we have put into place to safeguard your personal information that may be gathered and used as you visit our website.
This notice describes how information about you may be used and disclosed, and how you can get access to this information. Please review it carefully.
The statement may change from time to time so please check back periodically. If you have any questions about our privacy policies, we encourage you to contact us using any of the methods outlined at the end of our Privacy Statement.
Whenever you provide personal information, we are legally obliged to use it in accordance with the laws concerning the protection of personal information.
Who we are
TRAVEL & LEISURE GROUP LIMITED, a company incorporated and registered in England and Wales with company number 02719776 whose registered office is at Talas House, 100 East Street, Sudbury, Suffolk, England, CO10 2TP (“Travel & Leisure Group”)
For the purposes of the Data Protection Act 1998, the General Data Protection Regulations and any other applicable data protection and privacy laws and regulations (“Data Protection Legislation”), Travel & Leisure Group will be the ‘data controller’ for all personal information that we determine the means and purpose of processing. We are registered with the Information Commissioners Office under registration number Z2051680.
By “Personal Data” we refer to information collected or held by Travel & Leisure Group, that identifies and relates to you as an individual.
What information do we collect?
We may collect Personal Data about you when you request our services, or contact us via our website, email or telephone. Such information may include:
- your name;
- postal address;
- invoicing details/address;
- information regarding the services you request;
- supplementary information you provide us about yourself when contacting us;
- email address;
- telephone numbers (including mobile);
- payment card details;
- escrow account details for our Escrow Trustees FNTC; and
- bank details for bank transfer when property is sold.
If you do nothing during your visit but browse through the website or download information, our system will automatically gather and store certain information about your visit. This information does not identify you personally and is used in an aggregate way to help us improve our website and tell us the number of visitors to our site each day. Our web server automatically collects and records the following information:
- the visitor’s domain name, but not the e-mail address;
- the visitor’s IP address;
- the name and release number of web browser software used;
- the operating system used;
- date and time you access our site; and
- the address of the website that linked to us (referrer URL).
The collected information is used to provide an overview of how people are accessing and using the Website. It is not used for any additional purpose, such as to profile those who access the Website.
What do we do with the information we collect?
The information we gather is used in the following ways:
- to enable us to advertise holiday ownership and contact our clients once an offer is made in order to negotiate on their behalf and then do the necessary legal transfer of ownership;
- monitor, review, measure, and analyse website utilisation;
- modify and enhance the website;
- improve the content and design of our website;
- respond to your requests;
- monitor and improve our customer service efforts;
- internal record keeping;
- to carry out any obligations owed to you through the use of our Website and in respect of any contracts entered into between you and us;
- to give you information that you request from us and to improve our services;
- to notify you about changes to our services;
- any relevant troubleshooting, testing or statistical analysis as appropriate; and
- to keep the Website secure.
Where we have your permission to do so, we may also use the information collected to:
- provide you with information about our services that we offer via promotional communications; and
- keep you up to date with features on the Website,
however, you can opt-out of any of these data uses at any time by emailing firstname.lastname@example.org.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Legal basis of processing
We will only process your information for as long as we have a relevant legal basis to do so. This is usually in order to provide you with the contractual services you have requested from Travel & Leisure Group or if you have provided us with adequate consent to process your information for other purposes.
If we choose to process your information under the legal basis of legitimate interests, we will always inform you of our legitimate business interest and your right to object.
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us at email@example.com.
Telephone calls may be monitored and/or recorded for training purposes and for maintaining the quality of our business.
We use a number of mechanisms to protect the security and integrity of your Personal Data. Unfortunately, no data transmission over the Internet can be guaranteed to be completely secure. So while we strive to protect such information, we cannot ensure or warrant the security of any information you transmit to us and you do so at your own risk. Once any Personal Data comes into our possession, we will take reasonable steps and all other precautions required by law to protect that information from misuse and loss and from unauthorised access, modification or disclosure.
All the Personal Data collected by us and stored electronically is held on a secure server in the EEA only. We use computer safeguards such as firewalls and data encryption, we enforce physical access controls to our buildings and files, and we authorise access to Personal Data only for those employees who require it to fulfil their job responsibilities.
Transfer of data outside of the EU
We shall not transfer any personal data to any country outside of the European Economic Area unless we ensure that such personal data is subject to an adequate level of protection and appropriate legal safeguards in accordance with Data Protection Legislation. We may need to transfer Personal data in this manner where a resort is located outside of the EEA.
Sharing your information with others
Please be assured that we will not share your information for any other reason unless we are required by law or permitted to do so under this Privacy Notice. The main circumstances in which we will be permitted or required to disclose this is by law will be by court order, to government bodies and law enforcement agencies. However, sometimes we may share your information with third parties in the following ways:
- we may need to converse with the resorts where the client owns at or the purchaser is buying at;
- we may use carefully selected sub-processors to help us collect, store or manage your information. This will always be managed under the terms of a written data processing agreement;
- analytics and search engine providers that assist us in the improvement and optimisation of the Website; and
- if Travel & Leisure Group is acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets. We process your Personal Data for this purpose because we have a legitimate interest to ensure our business can be continued by the buyer. If you object to our use of your Personal Data in this way, the relevant seller or buyer of our business may not be able to provide services to you.
Access to your Personal Data
You have rights in relation to any Personal Data that we hold about you. If you wish to access your Personal Data you may make a formal subject access request by contacting Travel & Leisure Group.
The information you request must relate to you or another person that you have authority to act on their behalf. Travel & Leisure Group will require a confirmation of your ID prior to providing any information about the data we hold. If you are unable to provide sufficient information to prove your ID, Travel & Leisure Group reserves the right to refuse your request for access to Personal Data. The rights you have in relation to the Personal Data we hold regarding you are:
- the right to rectify any inaccuracies in the information we hold;
- the right to erasure of information in specific circumstances;
- the right to request transfer of your information to another controller; and
- the right to object to processing in certain circumstances.
If you have provided us with consent to process your information, you always reserve the right to withdraw this consent via the method detailed in the paragraph below. We are committed to ensuring that your wishes are respected and upon notification that you wish to withdraw your consent, Travel & Leisure Group will immediately cease processing the information in question.
Please send your request to Travel & Leisure Group by emailing firstname.lastname@example.org. We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Changes to this Privacy Notice
We may change this Privacy Notice at any time to ensure it always accurately reflects the way we collect, use and safeguard your Personal Information.
Please check this notice from time to time to ensure you are aware of any updates we may have made to our Personal Data handling practices. The date of the changes will be listed in the ‘Last updated’ section below. We will endeavour to notify all of our current clients of any updates to this notice via email and we will post the relevant announcement on our website homepage.
We recommend that you print a copy of this page for your reference.
How can you make a complaint?
Please note that if you are not satisfied with the processing of your personal data as set out in this Privacy Notice, please contact us at email@example.com.
You have the right to issue a complaint directly with the Information Commissioner’s Office, the data protection supervisory authority for England and Wales (https://ico.org.uk/concerns/).
Please contact us at firstname.lastname@example.org if you have any questions, comments or requests regarding this Privacy Notice.
Last updated May 2018