At Surgeons Quarter Travel looking after the personal data you share with us very important. We want you to be confident that your data is safe and secure with us and understand how we use it, in order to process your booking and to ensure that your travel arrangements run smoothly and meet your requirements.
We are committed to doing the right thing when it comes to how we collect, use and protect your data. We take full responsibility for ensuring that proper security measures are in place to protect your information. We must pass the information on to the relevant suppliers of your travel arrangements such as your tour operator, airlines, hotels, transport companies, public authorities such as customs/immigration if required by them, or as required by law.
When you buy our products in our shops or online, we may collect:
• Passenger information, passport details, other ID document details.
• Insurance details - Your insurance company, their agents and medical staff may exchange relevant personal data and special categories of personal data with us in circumstances where we/they need to act on your behalf or in the interest of other customers or in an emergency.
• Relevant medical data including any religious, special dietary, or disability requests.
• Information about your purchases, including when and where you bought it, what you bought, how you paid for it and credit or other payment information.
• Information about the way you access our digital services, including IP address, online identifiers, operating system, and browser details.
• Social preferences, interests and activities.
• We use personal data about other individuals provided by you, such as those people on your reservation. By providing other passengers personal data, you must be sure that they agree to this and you are allowed to provide it. It is your responsibility to ensure that, where appropriate, they understand how their personal data may be used by us.
Using your personal data
We use your personal data in a variety of ways, see below.
To deliver the products and services you request
We need to process your personal data so that we can manage your booking, provide you with the products and services you want to buy and help you with any orders and refunds you may ask for.
To manage and improve our products, services and day-to-day operations
We regularly monitor how our services are used to help protect your personal data, detect and prevent fraud, other crimes and the misuse of services. This helps us to make sure that you can safely use our services.
We may use personal data to respond to and to manage security operations, accidents or other similar incidents, including medical and insurance purposes.
We use personal data to carry out internal research and development, and to develop and improve our product range, services, shops, IT systems, security, know-how and the way we communicate with you. We may use CCTV images to help maintain the safety of anyone working in or visiting our shops, premises and other buildings, and for the prevention, detection and prosecution of criminal offences. We may also rely on the images to establish, exercise or defend our legal rights.
To make contact and interact with you
We want to serve you better as a customer so if you contact us, for example by email, post, and phone or via social media, we may use personal data to provide clarification or assistance to you.
We need to process your personal data so that we can manage any promotions and competitions you choose to enter, including those we run with our suppliers. For example, if you win a competition.
We may invite you to take part in customer surveys, questionnaires and other market research activities carried out by Surgeons Quarter Travel.
To help us to better understand you as a customer, and to be able to provide you with services and marketing communications (including online advertising relevant to your interests), we may combine the personal data we collect when you make purchases in-shop with personal data collected from our websites, mobile apps and other sources.
We will never sell your personal data to third parties.
From time to time we may send you relevant offers and news about our products and services in a number of ways, including by email. When you book or register with us we will ask if you would like to receive marketing communications. You can change your marketing preferences over the phone or by using the ‘unsubscribe’ link in our emails, at any time. The choice is completely yours, but if you say you do not want to receive marketing information from us this will prevent you from receiving great offers or promotions that may be of interest to you.
You may still receive service-related communications from us. For example, confirming bookings you make with us and providing important information about the use of our products or services.
We like to hear your views to help us to improve our products and services, so we may contact you for market research purposes. You always have the choice about whether to reply to our requests for market research.
Sharing personal data with suppliers and retail partners
In order to provide products or services requested by you we may share personal data with suppliers of your travel arrangements, including airlines, hotels and transport companies.
We also work with carefully selected suppliers that carry out certain functions for us. For example, companies that help us with our IT services, storing and combining data, marketing, advertising campaign, market research, processing payments and delivering products and services.
We may need to share personal data to establish, exercise or defend our legal rights; this includes providing personal data to others for the purposes of preventing fraud and reducing credit risk.
When we share personal data with other organisations we require them to keep it safe, and they must not use your personal data for their own marketing purposes.
We only share the minimum personal data that enable our suppliers and retail partners to provide their services to you and us.
Sharing personal data with regulatory authorities
So that you can travel, it may be mandatory (as required by government authorities at the point(s) of departure and/or destination) to disclose and process your personal data for immigration, border control, security and anti-terrorism purposes, or any other purposes which they determine appropriate.
Some countries will only permit travel if you provide your advance passenger data (for example API Data and US Secure Flight Data). These requirements may differ depending on your destination and you are advised to check. Even if not mandatory, we may assist where appropriate.
We may share the minimum personal data necessary with other public authorities if the law says we must, or we are legally allowed to do so.
Sharing personal data with fraud prevention agencies
When you order or buy products or services from us we may share your personal data with fraud prevention agencies. That means looking into any records we hold about you and your records with fraud prevention agencies (FPAs). When they get a search from us, a 'footprint' goes on your file which other organisations might see.
We may also do checks to confirm your identity. That is to help protect you from identity theft and other types of fraud, and to prevent and detect crime or money laundering. Once in a while we might run more checks with FPAs to keep your information and your account up to date. If false or inaccurate information is provided and identified as fraud, the details will be passed to FPAs. This information may also be shared with law enforcement agencies.
If you tell us you have got a spouse or financial associate, we will link your records together – so you must make sure you have their agreement to disclose information about them.
Sharing personal data within Surgeons Quarter Travel
Our Privacy Notice applies to all of the services offered by Surgeons Quarter Travel but excludes services that have separate privacy notices that do not incorporate this Privacy Notice. We may share the minimum personal data necessary with other companies in the Hays Travel Group, for example, to provide the products and services you request; to manage and improve our products, services and day-to-day operations; to help to personalise your experience; where appropriate, to make contact and interact with you; and, if allowed and appropriate, for marketing or market research purposes.
We may also share personal data with an organisation we sell or transfer (or enter into negotiations to sell or transfer) any of our businesses or any of our rights or obligations under any agreement we may have with you. If the transfer or sale goes ahead, the organisation receiving your personal data can use your data in the same way as us.
Protecting your personal data
We know how important it is to protect and manage your personal data. We take appropriate security measures to help protect your personal data from accidental loss and from unauthorised access, use, alteration and disclosure.
The security of your data also depends on you. For example, where we have given you or where you have chosen a password for access to certain services, you are responsible for keeping this password confidential.
Additionally, where your holiday is outside the European Economic Area (EEA), controls on data protection in your destination may not be as strong as the legal requirements in this country. We will not however, pass any information onto any person not responsible for part of your travel arrangements. This applies to any sensitive information that you give to us such as details of any disabilities, or dietary/religious requirements. (If we cannot add this information to the relevant suppliers, whether in the EEA or not, we cannot provide your booking. In making this booking, you consent to this information being passed on to the relevant persons.) Usually your tour operator or other principal will pass this information onto their suppliers once we have provided it to them. The tour operator or other principal’s use of your information is subject to their policy, both in respect of your booking and any future marketing, and is their responsibility. Please ask either us or them for a copy of this if you would like to see it. Email us at email@example.com You are entitled to a copy of your information held by us. If you would like to see this please ask us. (We may make a small charge for providing this to you.)
We will retain your personal data for only as long as it is necessary for the uses set out in this Privacy Notice and/or to meet legal and regulatory requirements. After this period, we will securely erase personal data. If data is needed after this period for analytical, historical or other legitimate business purposes, we will take appropriate measures to anonymise this data.
Links to other websites
Our websites or mobile apps may contain links to websites operated by other organisations that have their own privacy notices. Please make sure you read the terms and conditions and privacy notice carefully before providing any personal data on another organisation’s website as we do not accept any responsibility or liability for websites of other organisations.
Accessing and updating your personal data; and complaints
You have a right to ask for a copy of the personal data we hold about you, although you may be able to access online the personal data associated with your account or booking. You can write to us asking for a copy of other personal data we hold about you.
Please include any details to help us identify and locate your personal data. Where we can provide data access, we will do so free of charge except where further copies are requested in which case we may charge a reasonable fee based on administrative costs.
We want to make sure that the personal data we hold about you is accurate and up to date. If any of the details we hold are incorrect, please let us know.
You can also ask for your personal data to be rectified or erased. We will update or erase your data, unless we have to keep it for legitimate business or legal purposes.
You can also contact us if you have a complaint about how we collect, store or use your personal data. We aim to resolve complaints but if you are dissatisfied with our response, you may complain to the Information
Please submit your request or complaint in writing to the Data Protection
By post: Surgeons Quarter Travel, Nicolson St, Edinburgh, EH8 9DR
By email: firstname.lastname@example.org
Please note that we may ask you to verify your identity before we can act on your request or complaint. We may also ask you for more information to help ensure that you are authorised to make such a request or complaint when you contact us on behalf of someone else.
Legal basis for processing personal data
We will only collect and use your personal data if at least one of the following conditions applies:
• We have your consent; you give us permission to process your personal data when you make a booking reservation or enquiry with us.
• It is necessary for a contract with you or to take steps at your request prior to entering into a contract; To provide the products and services you request we need to process your personal data so that we can manage your account or booking, provide you with the products and services you want to buy and help you with any orders and refunds you may ask for.
• It is necessary for us to comply with a legal obligation; Sharing personal data with regulatory authorities. So that you can travel, it may be mandatory (as required by government authorities at the point(s) of departure and/or destination) to disclose and process your personal data for immigration, border control, security and anti-terrorism purposes, or any other purposes which they determine appropriate.
• It is necessary to protect your vital interests or those of another individual. In an emergency -Your insurance company, their agents and medical staff may exchange relevant personal data and special categories of personal data with us in circumstances where we/they need to act on your behalf or in the interest of other customers or in an emergency.
• It is in the public interest or we have official authority; Security operations We may use personal data to respond to and to manage security operations, accidents or other similar incidents, including medical and insurance purposes.
• It is in our or a third party’s legitimate interests and these are not overridden by your interests or rights. To personalise your experience - We may use your personal data to better understand your interests so that we can try to predict what other products, services and information you might be most interested in. This enables us to tailor our communications to make them more relevant and interesting for you.
Where we need to process special categories of personal data, for example health data for medical reasons, we will only do so if one or more additional conditions apply. For example, we have your explicit consent; it is necessary to protect the vital interests of you or another individual and you are physically or legally incapable of giving consent; it is necessary to establish, exercise or defend legal claims; it is necessary for reasons of substantial public interest.
Changes to our Notice
Last update: May 2018
European Economic Area (EEA): EU Member States plus Norway, Iceland and Lichtenstein.
Online advertising: Marketing messages that you may see on the internet.
We will hold your information, where collected by us, and may use it to inform you of offers in the future. If you do not wish to receive such approaches in the future, please contact email@example.com