Last updated: 21/05/18
This Privacy Notice covers all platforms through which we offer travel-related services, this includes our Website, our app and where you interact with us on social media such as Facebook (in which case you should also refer to those social media sites' privacy notices).
The data controller of the personal data referred to in this Privacy Notice is Sunshine.co.uk Limited, a limited liability company registered at Park Square, Bird Hall Lane, Stockport, Cheshire SK3 0XN and with registered company number 5954656.
What kind of personal information do we collect?
Personal Information you give to us
When you book a holiday with us, you will be required to provide us with certain information, including your name, address, e-mail address and phone number and payment information.
If you fill in a booking form but don’t actually complete the booking, we will use your information (which we will have collected using cookies) to check in with you as to whether you need any assistance and whether you would like to complete your booking. For more information about how we do this (and how to prevent this if you wish to do so), please see our Cookie Statement at www.sunshine.co.uk/cookie-information.html.
If you get in touch with our customer service team, whether by phone, e-mail or otherwise, you will be asked to provide us with information. This is likely to include your name, address, e-mail address and phone number.
There are also other instances when you’ll provide us with information, for example if you register to use our website, enter one of our competitions or complete a survey.
Personal Information you give to us about others
If you are travelling with others or booking a holiday for someone else, you will need to give us personal information about them when making the booking, for example their name and age. It is your responsibility to ensure that anyone who you have provided personal information about is aware that you have done so and accept how we use and process their information.
Personal Information we collect automatically
When you visit our Website, even if you don’t make a booking, we will automatically collect certain information such as your IP address, the date and time you accessed the Website, the hardware, software or internet browser you use and information about your visit, including pages you viewed and interaction information.
If you are using a mobile device, we may collect data that identifies your mobile device, location details and any specific settings.
For more information, please see our Cookie Statement www.sunshine.co.uk/cookie-information.html.
Personal Information that we receive from others
We may also receive information about you from your travel agent for the purpose of carrying out a booking you have made with that agent. In that circumstance, we will only use your personal data to carry out that booking unless we have your permission to do otherwise.
What do we do with your personal data?
Once we have collected the information about you, it will be used for the following purposes:
- Bookings. Put simply, we will use your personal data to provide to you the services that we sell, which may include flights, hotels, transport, insurance and other ancillary products. We need certain information about you, so we can fulfil our obligations contained in the contract that you enter into with us when you make a booking.
- User Accounts: The information that you provide when you set up an account on our website or app allows us to provide you with services including the ability to manage your bookings, personal settings and access to special offers.
- To communicate with you in relation to your holiday: We will use the contact information you have previously shared with us to communicate with you in relation to your holiday and to provide you with information relevant to your holiday. For example, helpful information about the destination to which you are travelling, security alerts, administrative messages about your holiday and emails to remind you to fill in your Holiday Checklist.
- Customer Services: You are free to contact us about our services at any time, whether this is a general query, a question about your booking or to report a problem on our website. This can be done through the Manage Your Booking system on our Website or app, by telephone or via social media. We will use the information that you have provided to help us answer any questions and respond to your query (along with any future queries that you may have). If you contact us by telephone, your call may be recorded for quality control and training purposes but we will always ask for your consent before recording communications for these purposes.
- Personalisation: We will use information we hold about you, such as the products and services you have purchased from us in the past, to enable us to show you the products and services we think you will like on our website and app and communicate these with you, such as the recommended deals and special offers we put to you. For example, we will save your searches in order to tailor future searches you make to your needs. If you would like to turn off this functionality you can do so via your account.
- Marketing: Where you place an order with us and you have not opted out (or in any other case, if you have opted in to receive marketing by e-mail or text message), we may contact you by e-mail or text message with information about other goods and services that we offer that are similar to those that you have already purchased or enquired about and we think may interest you based on the information we hold about you. We may also use your contact details to contact you by phone or post with details of products and services that we think may be of interest to you (unless you have told us you don't want to receive these communications or you are registered with the Telephone Preference Service).
- Promotional Activities: If you participate in our promotions (such as surveys or competitions) we will use the information you provide to administer these activities
- Improving our services: Sometimes we will use your data to help us improve the
quality and functionality of the services that we offer. This includes:
- analysing your recent visits to our website and app and how you move around different sections of our website and app for analytics purposes to understand how people use our website so that we can make it more intuitive.
- troubleshooting, data analysis, testing, research and for statistical and survey purposes by us, all of which helps us to provide the best service that we can.
- in some circumstances we may send data about our website and app users in aggregate, anonymised or pseudonymised form to third parties for them to provide these services to us – this is explained in more detail under "When do we share your data with third parties?" below.
Legal basis for processing personal data
Our legal basis for collecting and using the personal data described above will depend on the personal data concerned and the specific context in which we collect it.
However, we will normally collect personal data from you under the following legal bases:
- Performance of a contract: If we have obligations under a contract with you, we will use your information to perform our obligations to you. For example, if you make an online booking on our Website or app, we will use the information that you provide us with when making the booking to complete and administer the reservations with the relevant third party suppliers.
- Consent: You will be asked to consent to us providing you with marketing information and if you give us this consent, we will rely on this when contacting you with marketing information by e-mail and text message (although please note that in limited circumstances we are allowed to send marketing information to you without your consent). You can opt-out of receiving marketing communications from us at anytime by contacting us using the details at the end of this policy, by using the link at the bottom of each email that we send to you or by logging in to your account and changing your contact preferences.
- Legitimate interests: We will use your information for our own legitimate interests, for example, to provide you with the best suitable content on our Website or app, to improve and promote our services and for our own administrative purposes including creating and maintaining business records of our relationship with you.
- Legal requirement/vital interests: In some cases, we will have a legal obligation to collect personal data from you (for example, for us to comply with tax laws which require us to collect and retain records of products and services that we sell) or where we need the personal data to protect your vital interests or those of another person (for example, if you are involved in an emergency and we need to provide the details which we hold about you to the emergency services).
How and where will your data be processed?
Any information that we hold about you is stored on our secure servers and all payment transactions are encrypted. Only authorised personnel are permitted to access personal data in the course of their work. Whilst we do our best to protect your personal data, no information transferred over the internet can be guaranteed to be completely secure and you provide your information at your own risk.
When your credit card details are required as part of the booking process we store the last 4 digits and an authorisation token. In the case of some low cost airlines, we will use the payment details you provide to purchase the flight seats on your behalf and will use the payment details you provide to do so.
The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area ("EEA"), including (in some instances) where we transfer your data to our suppliers so that they can assist us with providing our services to you. Where your information is transferred outside of the EEA, we will take steps to ensure that the information receives the same level of protection as if it remained within the EEA, including by entering into data transfer agreements, using the EU Commission approved Standard Contractual Clauses, or by relying on certification schemes such as the EU-US Privacy Shield. You have the right to details of the mechanism under which your data is transferred outside of the EEA – for this information, please contact us using the details set out under "How can you contact us?" below.
When do we share your data with third parties?
In certain circumstances we do share your personal data with parties outside of Sunshine.co.uk. The third parties who we share your personal data with include:
- Our suppliers: If you make a booking with us, it is necessary for us to share your reservation data with relevant third parties, such as hoteliers, airlines, insurers and ground-handling agents, to complete your booking. This may include your name, contact details, payment details, the names and ages of any guests travelling with you, along with any preferences or special circumstances you told us about when you made your booking. If you contact us with a query about your booking we may pass this on to our suppliers if they are better placed to help you.
- Our group companies: Your details may be shared with other companies in our corporate group who process information for purposes that are described in this Privacy Notice for analytical purposes or to support the services that we provide to you. To find out more about our corporate group please visit http://www.onthebeachgroupplc.com.
- Third party service providers: This includes anyone who provides services or functions on our behalf, including credit card processing, business analytics, advertising, administration of competitions and promotions, collection of customer feedback and customer service. We use these service providers to process your data on our behalf, this may be to send our marketing material or to collate information that can be analysed to improve our service. They have access to and may collect information only as needed to perform their functions and are not permitted to share or use information for any other purpose. Where we provide data to third party service providers for them to provide data analysis or statistical services for us, we will only ever send them aggregated, anonymised or pseudonymised data.
- Payment Providers and other financial institutions: If you request a chargeback for your booking, it may be necessary for us to share certain reservation details with the payment service provider and the relevant financial institution so they can handle the chargeback. This may include a copy of your booking confirmation or the IP address that was used to make your reservation.
- Any competent law enforcement body, regulator, government agency, court or other third party: where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights (including to investigate any suspected fraudulent or other criminal activity), or (iii) to protect your vital interests or those of any other person.
- Potential Buyer: (and its agents and advisers) in connection with any proposed purchase, merger or acquisition of any part of our business, provided that we inform the buyer it must use your personal data only for the purposes disclosed in this Privacy Notice.
- Any other person with your consent to the disclosure.
Any information that is collected from you directly by hotels or other suppliers or which you share through social media platforms such as Facebook is not covered under this Privacy Notice and we would urge to check their own privacy policies before handing over any of your personal data.
Retention of your personal data
When we have no ongoing legitimate business need to process your personal data (for example, to provide products or services to you or to retain records to manage any claims which you or we may have in respect of the products and services we provide to you), we will either delete or anonymise it or, if this is not possible (for example, because your personal data has been stored in backup archives), then we will securely store your personal data and isolate it from any further processing until deletion is possible.
What rights do you have in relation to your personal data?
You have the following rights in relation to the personal data that we hold about you:
- If you wish to access, correct, update or request deletion of your personal data, you can do so at any time.
- You can object to processing of your personal data, ask us to restrict processing of your personal data or request portability of your personal data.
- You have the right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails we send you. To opt-out of other forms of marketing (such as postal marketing or telemarketing), then please contact us.
- Similarly, if we have collected and process your personal data with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal data conducted in reliance on lawful processing grounds other than consent.
- You have the right to complain to a data protection authority about our collection and use of your personal data. For more information, please contact your local data protection authority. The Information Commissioner's Office is the data protection authority for the UK.
If you would like to exercise any of your above rights please contact us using the contact details provided under the “How can you contact us” heading below personal data. We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.
What about data that is collected through a mobile device?
We offer a free app for a variety of mobile devices which can be used to access our services as well as versions of our regular website that have been optimised for mobile and tablet browsing. These mobile sites work in a similar way to our website. We use cross-device tracking, which allows us to track user behaviour across multiple devices. We use this to optimise marketing activities and the service that we provide to you, so advertisements shown to you on other websites may be offered based on your activities on linked devices (please see our Cookie Statement www.sunshine.co.uk/cookie-information.html for further information on this).
How do we treat personal data of children?
You are only allowed to book through our Website if you are over 18 years of age. We only process information about children with the consent of the parents or legal guardians.
Changes to our Privacy Notice
We may update this Privacy Notice from time to time in response to changing legal, technical or business developments. When we update our Privacy Notice, we will take appropriate measures to inform you, consistent with the significance of the changes we make. We will obtain your consent to any material Privacy Notice changes if and where this is required by applicable data protection laws.
You can see when this Privacy Notice was last updated by checking the “last updated” date displayed at the top of this Privacy Notice.
How can you contact us?
If you have any questions about this Privacy Notice or wish to exercise any of your data protection rights, please contact our Data Protection Officer at:
Email: [email protected]
Post: Should be sent for the attention of the Data Protection Officer to Sunshine.co.uk Limited, 5 Adair Street, Manchester, England, M1 2NQ.