Cruise search

Privacy Statement & Cookie Policy

Introduction

Bolsover Cruise Club Limited is a limited company incorporated in England & Wales with registration number 05729112 and whose registered office address is at 35 Sherwood Street, Warsop, Mansfield, Nottinghamshire, NG20 0JR (“Bolsover”).

Bolsover takes data protection very seriously, we are aware of our obligations under the General Data Protection Regulation and will look at minimisation opportunities and ways to limit the processing of your data where feasible. Confidentiality is very important and at the very core of our business.

What information do we obtain from you?

Essentially, we will require such information as is necessary to enable us to provide you with the booking service you and your family seek from us.  The information we process will include personal data and although unlikely to include special category personal data (also known as sensitive personal data), such data may be necessary given the nature of the booking service you seek for your party and yourself and it may be held by us in a paper and/or electronic format.

The information we process that is provided by you direct may include the following as well as any other information type that we expressly ask you to enter and submit to us:

  • Contact information, such as your name, email address, mailing address and telephone number (including mobile telephone numbers and emergency contact information and passport/visas/immigration details);
  • Usernames and passwords;
  • Payment information, such as a credit or debit card number;
  • Employment information;
  • Comments and feedback;
  • Interests and communication preferences.

The information collected automatically from you when you visit our websites or mobile applications includes:

  • Internet Protocol ("IP") address used to connect your computer to the Internet;
  • Computer, device and connection information, such as browser type and version, operating system, mobile platform and unique device identifier ("UDID") and other technical identifiers;
  • Uniform Resource Locator ("URL") click stream data, including date and time, and content you viewed or searched for on a Service;
  • Location information for location-aware Services to provide you with more relevant content for where you are in the world.

We may use and disclose automatically collected information for any purpose, except where we are restricted by applicable law. If we combine any automatically collected information with personal information, the combined information will be treated by us as personal data.

We may also use aggregated information for any purpose, however, this information does not identify specific individuals and so is not personal data.

Processing (handling/holding) your personal data

The legal basis for processing your personal data depends on the circumstances.  The basis may be:

  • you have given your consent to the processing of your personal data; or
  • the processing is necessary to perform a contract you have entered into.  For instance, where you have entered into a contract for a holiday service or wish us as your agent to do so on your behalf, we and/or the service provider will invariably require your and your party’s personal data;
  • the processing may be necessary for the purposes of the legitimate interests pursued by us.  In these circumstances the legitimate interests could be the interest a travel company has in providing travel and related services to consumers. 

What do we do with your information?

Our use of your personal data is subject to your instructions, the Data Protection Act, 1998, whilst applicable, the General Data Protection Regulation (GDPR) after 25 May 2018, any replacement legislation in force in the United Kingdom (data protection legislation) and our duty of confidentiality owed to you as our customer.  

We use the information you provide primarily to provide travel and related services to you including:

  • to complete and fulfil a booking;
  • to modify and improve our services; and
  • to facilitate your travel abroad;

However, we may also use it for other purposes including:

  • for data analysis, audits, developing new products and services, identify usage trends and assess the effectiveness of our promotional campaigns;
  • to prevent and detect security threats, criminal activity or other malicious activity;
  • obtaining satisfaction of our invoices using a third party service provider;
  • updating and enhancing client records;
  • analysis to help us manage our Firm;
  • the development and/or maintenance of a database to be used as a service to those customers who have indicated that they want us to include them on our database for newsletters and e-mail communications relating to our services. No sensitive personal data will be used or retained during this exercise.
  • call recording – your information will be kept confidential, at all times, but may be used in the monitoring of telephone conversations to ensure service level standards are maintained and to aid dispute resolution in the event of a complaint. Your information may also be used for training purposes.  We will ensure that you cannot be identified from the training material which is used;
  • external auditing, the management of complaints and training; these aspects may be undertaken by a third party, but it will be on a strictly confidential basis and we will ensure that access to your data is controlled;
  • to comply with our legal and regulatory obligations;
  • contacting you for the purpose of investigating opportunities for further processing or consent.

If you no longer want to receive information from us

If you no longer wish us to communicate with you please write to our Data Protection Officer with the subject heading "No more contact" at Bolsover Cruise Club, 6 Lindrick Way, Chesterfield S43 4XE or by emailing our Data Protection Officer at datachanges@BolsoverCruiseClub.co.uk.

Transfer and sharing of your information

Under no circumstances will we sell your personal data to a third party. We will, however, share certain personal data with other service providers as part of the booking service being provided to you, e.g. cruise operators, associated providers and agents.

We will not transfer your personal data abroad without your explicit prior consent unless the booking you make, or require us to make for you, is based outside the UK. However, please be aware that countries outside the EEA will have different laws relating to the protection of personal data to that provided in the UK under the GDPR.

We will always ensure that we have appropriate contractual terms in place with all our Suppliers that comply with the General Data Protection Regulation.

Security

We have robust information security management systems in place to ensure the safety, security, integrity and confidentiality of your personal data; we use a variety of data security measures intended to ensure the safety, security, integrity and confidentiality of your personal data. We are familiar with and shall at all times comply with the GDPR and other applicable data protection legislation.

Our IT systems, containing customer data, have rigorously audited technical controls to ensure the confidentiality and integrity of all information is maintained at all times. As a requisite of our Plastic Card Industry (PCI) Compliance, Vulnerability Testing and Penetration Testing is performed regularly by independent Third Parties. We are Cyber Essentials accredited.

A multiple firewall configuration is maintained in order to protect the network.  The outer firewall protects the network from internet attack and the inner firewall segments the network for all devices within PCI scope.

Our website is hosted off site and therefore is not connected to our Network.

Direct client access to our database is not permitted. Client booking information and customer data recall is via an external web server using strict security control.

We maintain full security against virus and Malware attack using the latest Intel McAfee Virus scan Enterprise plus Antispyware Enterprise software deployed across our network.

GFI Plus software is similarly network-wide deployed to monitor PC and server events to detect any malicious activity and is monitored regularly.

CCTV

We have CCTV cameras in operation monitoring the exterior of our Head Office building.  We also have a static camera to enable us to view, but not record, the activity inside our Meadowhall store.  We display notices to make it clear that these areas are subject to surveillance.

We will only release footage where there is a legal obligation, to protect the vital interests of a data subject or another person.  Processing is necessary for the purposes of our legitimate interests and may be overridden by the interests or fundamental rights and freedoms of data subjects especially where the data subject is a child.

We use this information as necessary for our legitimate interests in administering your visit, ensuring site security and the safety of visitors and staff.

CCTV recordings are kept for a period of 28 days before they are recorded over.

Cookies

Cookies are text files placed on your computer to collect standard internet and visitor behaviour information.  The information is used to track visitor use of our website and for statistics compiled on website activity.  For more information visit: www.allaboutcookies.org .

Telephone calls

We do record our telephone calls to ensure service levels, for training and to aid resolving complaints/disputes.  Credit card details are not recorded for PCI compliancy.

Data Protection Officer

Our Data Protection Officer is Claire Rogers, and she can be contacted by email at datachanges@BolsoverCruiseClub.co.uk or you can write to her at Bolsover Cruise Club, 6 Lindrick Way, Chesterfield, S43 4XE

Retention of Personal Data

We have a Data Retention & Destruction Policy and in terms of that policy we destroy personal data after 7 years of booking inactivity, but reserve the right to do so earlier if we deem it appropriate.  However, we also reserve the right in certain circumstances to hold your data for longer than 7 years, but in such event, it will not be accessible except in a secure retrieval process prescribed in our policies and procedures.  In the event of us retaining your personal data for in excess of 7 years, we also reserve the right to securely delete some of your personal data that we do not regard as necessary to retain (minimisation) in the circumstances.

Data Protection Regulator, Complaints Handling and Modern Slavery Statement

You may complain about our conduct in relation to data protection matters to the regulator of data protection in the UK, The Information Commissioner, by writing to them at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF or telephoning them on 0303  123 1113.

Contacts, Subject Access Requests, Correction or Deletion of Data

If you have any questions about our Privacy Statement or want to exercise your rights under the data protection legislation to see a copy of the information that we hold about you, or think that information we hold about you may need to be corrected, want to delete all or any part of it or object to the processing on legitimate grounds, please contact us with the subject heading “Data Privacy” to datachanges@BolsoverCruiseClub.co.uk or send a signed letter addressed to Claire Rogers, Data Protection Officer, Bolsover Cruise Club, 6 Lindrick Way, Chesterfield S43 4XE.

Revisions to this Statement

We may change this Statement from time-to-time.

Date: May 2018

We recommend


01246 819 819     Request a Callback     Sign up to our Newsletter