Privacy Policy


The General Data Protection Regulation (GDPR) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU).

The GDPR will apply in all EU member states from 25 May 2018. Because GDPR is a regulation, not a directive, the UK does not need to draw up new legislation – instead, it will apply automatically. GDPR will replace all data protection legislation in EU member states.

The EU wants to give people more control over how their personal information is used. In strengthening the laws, alongside introducing stricter penalties for non-compliance, it hopes to improve trust in the emerging digital economy we live in.

The EU wants to ensure that businesses have a clear, legal environment in which to operate. By making laws around data protection identical throughout the single market there is more accountability, trust and visibility. From the 25 May 2018, any companies non-compliant with GDPR can be fined 4% of annual turnover or €20 million (whichever is greater).

GDPR will not be affected by Brexit. It is designed to harmonise laws and standardise compliance for businesses operating in the EU and single market. This in turn will affect all businesses who use and store EU data, including companies in the UK.

Key principals of GDPR:

CONSENT - If a business stores and uses data, they must ask for consent and explain what it will be used for.

RIGHT TO ACCESS – Individuals can submit a ‘Subject Access Request’ (SAR) to ask a company what information a company holds on that person. Companies must be able to provide and electronic copy of the data and explain where it is stored and what it is used for.

DATA PORTABILITY – Similar to SAR, individuals can request their personal data and pass it on to different services and businesses.

RIGHT TO BE FORGOTTEN – Individuals can request that a business not only deletes any data they have about them, but also demand that this information cannot be passed on to third parties.

BREACH NOTIFICATION – If an organisation experiences a data breach, it will have to notify the supervisory authority (in the UK this is the ICO) within 72 hours. If needed, the company may need to alert the affected subjects of the breach as well.


To achieve GDPR readiness and to comply with the new regulations effective 25th May 2018, TRAVELTALK are working with industry associations to create a pragmatic, risk-based approach to GDPR compliancy. This involves the creation, refreshing and distribution of policies, processes and standards to create a culture of awareness and continuous improvement around data privacy and protection.



1.            Who we are and our commitment to data protection.

We are TRAVELTALK a Leisure Travel Agent based at 63 Leeds Road, Harrogate. North Yorkshire, HG2 8BE.

We need to collect, use and disclose personal information in order to perform our business functions and activities, including making and managing travel bookings on behalf of our customers. We are firmly committed to protecting the privacy and confidentiality of personal information and to maintaining various physical, electronic and procedural safeguards to protect personal information in our care. We are committed to protecting and respecting your privacy and take this very seriously.

By providing personal information to us, you agree that this Privacy Notice will apply to how we handle your personal information and you consent to us collecting, using and disclosing your personal information as detailed in this Privacy Notice. If you do not agree with any part of this Privacy Notice, you must not provide your personal information to us. If you do not provide us with your personal information, or if you withdraw a consent that you have given under this Privacy Notice, this may affect our ability to provide services to you or negatively impact the services we can provide to you.


2.            What information do we collect?

Personal information generally means information which relates to a living individual who can be identified from that information.

The type of personal information we collect about you is the information that is needed to facilitate your travel arrangements and bookings and to arrange travel related services and/or products on your behalf.

We therefore typically process the following types of personal information about you:

contact information (such as name, residential/mailing address, telephone number, email address);

payment account information (credit/debit card details, including card type, card number, security number and expiry date);

passport details;

loyalty program / frequent flyer details;

information about your dietary requirements and health issues (if any); and

other details relevant to your travel arrangements or required by the relevant travel service provider(s) (e.g. airlines and accommodation or tour providers).


3.            How do we collect personal information?

We will only collect personal information in compliance with GDPR regulations. We usually collect your personal information from the information you submit during the course of your relationship with us. We will collect this information directly from you unless it is unreasonable or impractical to do so.

Generally, this collection will occur:

when you deal with us either in person, by telephone, letter, email;

when you visit any of our websites or online booking tool; or

when you connect with us via social media.

We may collect personal information about you:

when you purchase or make enquiries about travel arrangements or other products and services;

when you enter competitions or register for promotions;

when you subscribe to receive marketing from us (e.g. e-newsletters);

when you request brochures or other information from us; or

when you provide information, or use our services, on social media.

In some circumstances, it may be necessary for us to collect personal information about you from a third party. This includes where a person makes a travel booking on your behalf which includes travel arrangements to be used by you (e.g. a family or group booking or a travel booking made for you by your employer). Where this occurs, we will rely on the authority of the person making the travel booking to act on behalf of any other traveler on the booking.

Where you make a travel booking on behalf of another person (e.g. a family or group booking or a travel booking made for an employee), you agree you have obtained the consent of the other person for Traveltalk to collect, use and disclose the other person's personal information in accordance with this Privacy Notice and that you have otherwise made the other person aware of this Privacy Notice. 

You should let us know immediately if you become aware that your personal information has been provided to us by another person without your consent or if you did not obtain consent before providing another person's personal information to us.

We make every effort to maintain the accuracy and completeness of your personal information which we store and to ensure all your personal information is up to date. However, you can assist us with this considerably by promptly contacting us if there are any changes to your personal information or if you become aware that we have inaccurate personal information relating to you. We will not be responsible for any losses arising from any inaccurate, inauthentic, deficient or incomplete personal information that you, or a person acting on your behalf, provide to us.


4.            How do we use your personal information?

Where you contact us in relation to a travel booking or query, the purpose for which we collect your personal information is generally to provide you with travel advice and/or to assist you with booking travel and/or travel related products and services.

We will only process your information, where:

you have given your consent to such processing (which you may withdraw at any time);

the processing is necessary to provide our services to you;

the processing is necessary for compliance with our legal obligations; and/or

the processing is necessary for our legitimate interests.

By disclosing your personal information to us in person, on our website(s), by email, by post or over the telephone, you consent to the collection, storage, processing and other use of your personal information by us in the manner set out in this Privacy Notice. Some information and emails sent to us may be used as testimonials or case studies but no email address or contact details will be displayed.

When you book or otherwise arrange travel related products and services through us, we usually act as an agent for the relevant travel service providers (e.g. for a hotel). In this case, we process your personal information as necessary to provide the services you requested from us. This usually includes collecting personal information about you both for our internal purposes as described in this Privacy Notice and for the travel service provider for whom we act as agent (e.g. to provide you with the booked services). For example, if you book a flight through us, then we use your personal information to enable your flight to be booked and disclose it to the airline to enable the airline to provide the flight service to you.

We may, therefore, share your information with our travel service providers such as hotel, airline, car rental, or other providers, who fulfill your travel bookings. Please note that these travel service providers also may use your personal information as described in their respective privacy policy and may contact you as necessary to obtain additional information about you, facilitate your travel reservation, or provide you with your requested services.

We encourage you to review the privacy policies of any third-party travel service providers whose products you purchase through us. We will provide you with copies of all relevant travel service provider terms, conditions and privacy policies on request.

We may send your details outside the European Economic Area (EEA), e.g. if your holiday is outside the EEA and the hotel needs to be advised of your details. Due to the global nature of the infrastructure of the internet please be aware that controls on data protection outside the EEA may not be as strict as in the UK.


5.            How long do we hold your data?

We will keep personal information only for as long as is required to continue to fulfil the services requested by our Clients. If you do not wish us to continue holding your data, please contact us by email or in writing at the details set out in Section 9 below requesting your personal information to be deleted.


6.            Marketing.

The personal information you provide us with will only be used in the administration of the products and services you have requested from us and your details will not be added to any marketing lists unless you have given us clear consent to do so.

Your information will be held for our internal use to allow us to improve the services and products we offer, your customer experience, and to enable us to comply with our contractual obligations. If you telephone us, calls may be recorded for training and quality purposes.

If a previous subscriber or customer of Traveltalk that has received marketing material from us before 24 May 2018, you will continue to receive information from us under the basis of legitimate interest.

If you have given us permission to use your data for marketing communications or have been receiving marketing material from us since before 24 May 2018, you can unsubscribe at any time if you change your mind by clicking on the unsubscribe link within the marketing emails you receive, by using the contact information provided on postal marketing or by contacting us at the address provided in Section 9 below.


7.            Your rights in relation to the personal information we collect.

If you wish to:

update, modify, delete or obtain a copy of the personal information that we hold on you; or

restrict or stop us from using any of the personal information which we hold on you, including by withdrawing any consent you have previously given to the processing of such information; or

where any personal information has been processed on the basis of your consent or as necessary to perform a contract to which you are a party, request a copy of such personal information in a suitable format

you can request this by contacting us by email or in writing at the details set out in section 9 below. You will receive acknowledgement of your request and we will advise you of the timeframe within which you will receive your information pack.

We endeavour to respond to such requests within a month or less, although we reserve the right to extend this period for complex requests.

We reserve the right to deny you access for any reason permitted under applicable regulations. Such exemptions may include national security, corporate finance and confidential references. If we deny access or correction, we will provide you with written reasons for such denial unless it is unreasonable to do so and, where required by local data protection regulations, will note your request and the denial of same in our records.

Further correspondence regarding your request should only be made in writing to the Data Protection Officer at the address set out in section 9 below.

Please note that, if you request that we restrict or stop using personal information we hold on you or withdraw a consent you have previously given to the processing of such information, this may affect our ability to provide services to you or negatively impact the services we can provide to you. For example, most travel bookings must be made under the traveler’s full name and must include contact details and appropriate identification (e.g. passport details). We cannot make bookings for you without that information.

You must always provide accurate information and you agree to update it whenever necessary. You also agree that, in the absence of any update, we can assume that the information submitted to us is correct, unless we subsequently become aware that it is not correct.

In any of the situations listed above, we may request that you prove your identity by providing us with a copy of a valid means of identification for us to comply with our security obligations and to prevent unauthorised disclosure of personal information.

We reserve the right to charge you a reasonable administrative fee for any manifestly unfounded or excessive requests concerning your access to your personal information, and for any additional copies of the personal information you request from us.


8.            How we protect your information.

By submitting your personal data you agree to the storing and processing of this data. We will take all reasonable steps to ensure that your data is treated securely and in accordance with this Privacy Policy.

We do not and will not sell, rent out or trade your personal information. We will only disclose your personal information to third parties in the ways set out in Section 4 of this Privacy Notice and in accordance with UK data protection laws. Note that, in this Privacy Notice, where we say “disclose”, this includes to transfer, share (including verbally and in writing), send, or otherwise make available or accessible your personal information to another person or entity.

We are firmly committed to protecting the privacy and confidentiality of personal information and to maintaining various physical, electronic and procedural safeguards to protect personal information in our care. We are committed to protecting and respecting your privacy and take this very seriously.


9.            Feedback / Complaints / Contact.

If you have any enquiries, comments or complaints about this Privacy Notice or our handling of your personal information, or wish to inform us of a change or correction to your personal information, would like a copy of the information we collect on you or would like to raise a complaint or comment, please contact your consultant or our Data Protection Officer using the details set out below:


Telephone:  01423 872516

Post:              Traveltalk, 63 Leeds Road, Harrogate, North Yorkshire, HG2 8BE

We will endeavor to respond to any enquiries or complaints received within a month or less, although we reserve the right to extend this period for complex requests

If you think there is a problem with the way in which we are handling your personal information, then you have the right to complain to the ICO by visiting their website


10.         Changes to our Privacy Notice.

We may amend this Privacy Notice from time to time. If we make a change to the Privacy Notice, the revised version will be posted on our website. We will post a prominent notice on our website to notify you of any significant changes to our Privacy Notice and indicate at the end of the Privacy Notice when it was most recently updated. It is your responsibility, and we encourage you, to check the website from time to time to determine whether there have been any changes. If we update our Privacy Notice, in certain circumstances, we may seek your consent.

This Privacy Notice was last updated on 24 May 2018. 


Website Terms & Conditions: -

Use of the website

By accessing or using the Website, you are accepting the terms and conditions of use. However, if you do not or cannot accept the Website terms and conditions and/or the Booking Terms and Conditions you must stop using the Website immediately. The conditions may change from time to time but by browsing the Website you are accepting the terms and conditions which are in use at that time.

The Website is designed for use within the UK and by accessing this Website you are agreeing that English law will be applicable to any disputes which may arise.

The Website is for your personal use only and shall only be used in connection with the purchase of a holiday and/or products connected with that holiday. You shall not copy, use, alter or tamper any content of the Website except for printing off pages for your own personal reference.

Any communication or material which you transmit to us through this Website or otherwise via the Internet will be treated as non-confidential unless such communication or material includes personal information, which we will use in accordance with our Privacy Policy. Any communications and other material which you send to us are shall remain our property and by sending the same to us you agree that we may use the same for any purpose whatsoever, without any compensation being payable by us to you.

Materials on the website

All material on this Website including any advertising and/or promotional items, images, text and/or audio is our property or has been licensed to us. All trademarks, names, logos and other intellectual property rights existing in this Website are also owned or licensed by us. You may use this Website for your personal entertainment and information and you may make a copy of the pages of this Website but only for your personal non-commercial use, provided that you keep all copyright and other proprietary notices intact. Any modification, transmission, hiring, copying (other than for non-commercial personal use), reusing or otherwise using the content of this Website for public or commercial purposes is prohibited.


Information on the website

Whilst we have worked diligently to provide accurate and complete information, we cannot be liable to any person for any loss or damage which may arise directly or indirectly from the use of this Website (or any inability to use it) or any of the information contained on this Website. This Website and the information and material which it contains are subject to change without notice. All warranties, whether express or implied as to the accuracy or completeness of the information contained on this Website or in respect of any materials or products referred to on this Website are hereby excluded to the fullest extent permitted by law.

Links to third-party websites

Links on this Website and other websites that we operate may lead to third party websites. The content, accuracy and function of such websites is outside of our control and we cannot accept any responsibility for same and nor do we endorse the contents of such third party websites. In particular, any dealings that you have with such third party website operators shall be on the terms and conditions (if any) of that website operator, as this privacy policy is limited to the Website.

Privacy Policy 

We take the privacy of our Website users seriously. This Privacy Statement explains what personally identifiable information (“Personal Information”) is collected about you via this Website and what we do with that information. We are committed to protecting the privacy of your personal information.

By registering as a user of the Website or otherwise submitting your Personal Information via the Website, you are consenting to the processing of your Personal Information for the purposes and by the means set out in the Privacy Statement. You should read this Privacy Statement together with the Website Terms and Conditions, of which this Privacy Statement forms part.


Website Security Statement

We take security very seriously, and we have implemented a bank approved encryption system to protect your ‘on-line’ transactions with us. Credit/debit card payments will automatically be encrypted using Secure Sockets Layer (SSL). SSL is an industry standard protocol for encryption over the internet. This technology prevents your personal information from unauthorized access and malicious attack. Any credit/debit card numbers are securely processed within our “on-line payment partners” system. For noting, our payment partner is “Worldpay”

Furthermore, as required by the UK Data Protection Act 1998, we follow strict security procedures in the storage and disclosure of information that you have given us, to prevent unauthorised access. Our security procedures mean that we may occasionally request proof of identity before we are able to disclose sensitive information to you. We absolutely retain the right to refuse any booking made via our site.

How we use your personal details

In order to process your request for information, we need to collect certain personal details from you. These details will include, where applicable, the names and contact details of yourself and other interested parties.

We would also like to store and use your personal details for future marketing purposes (for example, to send you a brochure or details of a promotion (including by email).

We will ensure that anyone to whom we pass your details for these reasons agrees to treat them with the same level of protection we are obliged to provide.

We may need to disclose our customer database, including any personal data relating to you contained therein, to a third party who acquires or attempts to acquire all or substantially all of the assets or stocks in our company or our website service whether by merger, acquisition, re-organisation or otherwise.

We have appropriate security measures in place to protect this information.

Unless you agree otherwise and except where expressly permitted by the Data Protection Act, we will only deal with the personal details you give us as set out above. If you do not want us to do any or all of these things, please let us know. We are entitled to assume you do not object to our doing any of the things mentioned in this statement unless you tell us otherwise in writing.

You are generally entitled to ask us (by letter or e-mail) what details of yours are being held or processed, for what purpose and to whom they may be or have been disclosed. We will charge a fee to respond to such a request. We promise to respond to your request within 40 days of receiving your written request and fee. In certain limited circumstances we are entitled to refuse your request.

If you believe that any of your personal details which we are processing are inaccurate or incorrect please contact us immediately.

Other important points to note

We may use visitor information to measure the entry and exit points of visitors to the site and respective numbers of visitors to various pages and sections of the site and details of searches performed. We may also use this information in the future to measure the usage of advertising banners, and other “click throughs” to and from the site. We have security processes in place to ensure that our customers’ data that is held on a central database and is not accessible by any unauthorised persons. However, persons such as IT systems suppliers may need to have access to the system from time to time. We will provide a summary of any personal information held upon request. This information will only be sent to the e-mail address on file for the subscriber name associated with it *

This privacy statement covers websites owned and controlled by us only. Links to other websites and any information collected by these sites are not covered by this privacy statement.


Use of Cookies

In order to enable you to keep browsing efficiently, we may use “session” cookies on this Website.

A cookie is a text-only string of information that a website transfers to the cookie file of the browser on your computer’s hard disk so that the website can remember who you are. A cookie will typically contain the name of the domain from which the cookie has come, the “lifetime” of the cookie, and a value, usually a randomly generated unique number.

Click here to find out more about cookies.

“Session” cookies are temporary and are erased when you close your browser.

We may use “session” cookies for the following purposes:

1.  to help us to recognise you when you move between pages on the Website;

2.  to note the pages that you visit on this Website;

3.  to allow us to enhance your experience of this Website;

4.  to compile anonymous statistics about your browsing patterns and to build up a demographic profile (should we use cookies in this way, you will not be personally identified and any information collected will only be used in aggregate form for reporting purposes).

Advertisers on this Website may also use cookies.

You have the ability to accept or decline cookies by modifying the settings in your browser. However, you may not be able to use all the interactive features of our Website if cookies are disabled. Please click here to find out how to disable/enable cookies (