OUR PROMISE TO YOU IS TO
HOLD YOUR DATA SECURELY;
SHARE ONLY WHERE YOU AGREE;
USE YOUR DATA TO TAILOR THE INFORMATION WE PROVIDE YOU, ARRANGE
YOUR TRAVEL ARRANGEMENTS AND IMPROVE OUR SERVICES;
PUT YOU IN CONTROL BY ALLOWING YOU TO UPDATE, DELETE AND ACCESS YOUR DATA.
This policy covers how Icon Villas collects, uses, discloses, transfers and stores your data. We are Icon Villas of Cape Town. Our website www.iconvillas.travel is the official website for our company.
THE PERSONAL INFORMATION WE COLLECT AS WELL AS WHEN AND WHY WE USE IT
The sort of personal data we collect will be information such as name, address, email address, telephone number, date of birth, and personal travel arrangements. In addition, we may also be required to obtain your passport details for travel arrangements, check-in and security reasons.
We will need to collect this information to arrange the travel and other services you are requesting. In some cases, we may also need to collect more sensitive personal data such as information concerning medical conditions, disabilities and special requirements such as dietary requests which may disclose your religious beliefs, so as to be able to consider your particular needs in relation to a booking.
WE USE THIS PERSONAL INFORMATION TO
Fulfil our contract with you and/or deal with your booking or intended booking, including processing your booking, sending you your itinerary or other details relating to your booking.
Update you on changes to your travel itinerary (for example, if there is a change to your booking pre-travel; if a flight is delayed or cancelled)
Manage your wider travel or services requirements (for example, liaising with and transferring your data to airlines, service providers and/or travel facilitators so that they can facilitate your booking and/or your travel arrangements so any disruption can be minimised), this includes when you book a service which may be provided by us or third parties with us.
Process payments for your booking, fulfil requests for refunds and for accounting or audit purposes.
Personalise the service and offers you receive (for example, by being aware of previous travel experiences, transactions or preferences, and tailoring the way we provide our products or services to you based on your preferences and profile).
Communicate and interact with you at different times throughout your journey.
Communicate with airlines, accommodation providers and other parties that are part of your journey regarding your experience, preferences, compliments or complaints.
Improve the products and services we offer or help us to create new ones.
Conduct customer satisfaction surveys so that we can obtain a better understanding of how we can continue to improve the products and services we offer or help us to create new ones. During these surveys we may collect personal information from you relating to your thoughts/comments about your experience with us.
Market our products and services to you.
We do not generally collect special categories of personal information from you, but where we do, we seek to minimise the collection and use of it and handle it with extra care. We also share this information with third parties (who help manage our business and other companies (who help manage your booking or journey), and we transfer it globally. Where you (or any passenger travelling) provide us with special categories of personal information you agree that you have voluntarily provided such information, and you consent (and the passenger travelling consents) for us to use that information for the purposes for which it was collected.
If you have any queries about any of our products or services, compliments or complaints, we will need to collect information from you, including your contact details, in order for us to respond to your query or provide you with assistance. We will collect this information when you send us an email, call our customer service centre, visit a local office or contact us via another form of communication such as through social media or an online chat tool.
PERSONAL INFORMATION WE COLLECT AND USE FOR LEGAL, COMPLIANCE, REGULATORY AND CRIME DETECTION AND PREVENTION PURPOSES
We process your personal information so that we can meet our legal, compliance and regulatory obligations, for legal purposes, such as to respond to a valid legal claim, summons or regulatory order, and to protect our property, rights and interests as well as the property, rights and interest of other persons.
We also process your personal information for crime prevention and detection purposes, including the prevention of fraud for online payments, for identity verification, for credit checking and credit scoring purposes and accounting or audit purposes. In each case, we do so in compliance with applicable laws.
PERSONAL INFORMATION WE COLLECT AND USE FROM THIRD PARTIES
We collect personal information from third parties who you have authorised to provide your personal information to us (for example, this may be your travel agent or another person making a booking on your behalf, your travel companion, your travel coordinator, our promotion partners, social media and other digital website). We also collect personal information from individuals who may refer you as a friend to our products or services. We ask these individuals to confirm that you are happy to hear from us.
PERSONAL INFORMATION WE COLLECT AND USE WHEN YOU ARE MAKING A PAYMENT
We collect different personal information depending on your payment method (such as credit card, bank transfer, cash). For example: for credit card payments, we may collect the card holder name, address, card number, expiry date and CVC code.
LEGAL BASIS FOR USING YOUR PERSONAL INFORMATION
We will only collect, process use, share and store your personal information where we are satisfied that we have an appropriate legal basis to do this. This may be because:
We need to use your personal information to perform a contract or take steps to enter into a contract with you. For example, to manage your booking with us, to take payment for your booking, or to complete your travel arrangements.
We need to use your personal information for our legitimate interest as a commercial organisation. We may also capture your interactions with our website and booking journey via tools on our website in order to identify errors or issues and ensure your customer experience meets expectations. In all such cases, we will look after your information at all times in a way that is proportionate and that respects your privacy rights.
We need to use your personal information to comply with a relevant legal or regulatory obligation that we have. For example, in some countries, we are required to provide API to border control, customs and law enforcement officers at ports of entry and exit on your itinerary.
We have your consent to using your personal information for a particular activity. For example, where you consent to us sharing special offers with you which we think may be of interest.
SHARING YOUR PERSONAL INFORMATION WITH OTHERS
We share your personal information in the manner and for the purposes described below:
To improve the products and services we offer or help us to create new ones and for marketing, profiling and analytics as detailed below; and for the purposes described in this Privacy Notice.
With third parties who help us manage our business and deliver our products and services. These third parties have agreed to confidentiality obligations and use any personal information we share with them or which they collect on our behalf solely for the purposes of providing the contracted service to us. These third parties include service providers who help manage our IT and back office systems, detect fraudulent transactions and security incidents, provide customer support, manage communications and tailor marketing; verify payments such as banks and payment card companies; provide internet services; host our facilities and conduct research that assists with understanding consumer interests.
Bank and payment providers to authorise and complete payments.
With governments, government organisations and agencies, border control agencies, regulators, law enforcement and others as permitted or required by law, in relation to API or such other legal requirements as apply from time to time when travelling to or from a particular country, and to generally comply with all applicable laws, regulations and rules, and requests of law enforcement, regulatory and other governmental agencies.
With third parties whose products or services you are purchasing through our website or offices, or otherwise such as transfers and activities, tour and excursion providers, including if there is a problem with your booking so that your travel agent can resolve it with you.
PERSONAL INFORMATION WE COLLECT AND USE FOR MARKETING PURPOSES, PROFILING AND ANALYTICS
HOW WE USE PERSONAL INFORMATION TO KEEP YOU UP TO DATE WITH OUR PRODUCTS AND SERVICES
We may use personal information to let you know about our products and services that we think may be of interest to you. This may be based on your preferences, derived from Cookies, inferred from your interactions with us including on our social media accounts or market research. We may also let you know about our corporate services which we believe may be relevant to you in a professional capacity if applicable.
We also work with social media and other digital websites to provide you with advertisements within those websites. We provide them with your name and contact details (such as your email address or phone numbers). If these social media and digital websites match profile information provided by us with your profile.
information held by them then they will serve you our advertisements. The social media websites will not identify you or share other personal information in your social media account to us.
We will only send you marketing communications in accordance with your marketing preferences. We may contact you by email, social media, or through other communication channels that we think you may find helpful. If at any time you would like us to stop sending you marketing material, please contact us or choose the relevant “unsubscribe” option set out below.
HOW YOU CAN MANAGE YOUR MARKETING PREFERENCES
To protect your privacy and to ensure you have control over how we manage marketing with you and provided that you have indicated that you would like to receive it:
We will take steps to limit direct marketing to a reasonable level.
Only send you communications which we believe may be of interest or relevance to you and at all times in line with your permissions, which, as appropriate, may include:
o Telling you about developments in the products and services available through us and those of our carefully selected partners (provided that we will communicate these to you in conjunction with our own marketing);
o Allowing third parties to send you marketing or updates relating to their products or services.
You can click the “unsubscribe” link that you will find at the bottom of our emails which you receive from us, or you can unsubscribe by contacting us or changing your account settings which will remove you from the relevant marketing list.
If you do not want to be served with our advertisements within social media or other digital website, you can manage your preferences within these websites.
If you unsubscribe completely from our marketing communications, we may be unable to notify you of tailored offers to meet your needs. If you do unsubscribe from marketing communications, you will still receive operational and service messages from us regarding your booking including where you may not have completed a booking and responses to your enquiries made to us.
WHEN AND HOW WE UNDERTAKE ANALYTICS AND PROFILING
We aggregate personal information and remove any identifying elements in order to analyse patterns and improve our marketing and promotional efforts, to analyse website use, to improve our content and products and services, to customize our website’ content, layout, products and services, and to support our business operations and we may appoint third parties to do this on our behalf. We gather certain usage information like the number and frequency of visitors to our website. This information includes which webpage you just came from, which webpage you next go to, what browser you are using, your device ID and your IP address. This collective data helps us to determine how much our customers use parts of our website, and do research on our users’ demographics, interests, and behaviour to better understand and serve you. One of the ways we do this is by installing and using Cookies on your browser or device.
If you use buttons on our website linked to social media or similar sites (for example, “Like” and/or “Share” buttons), content from our Website may be sent back to those sites and, depending on your privacy settings, may be privately or publicly visible (for example, to friends, followers or generally to anyone who has access to your profile page).
We use personal information such as your date of birth, gender, country of residence, transactions (for example, payments made with us and flights taken), information derived from Cookies and your preferences and behaviours for profiling. Some of the legitimate purposes we profile personal information include:
To better understand what you would like to see from us and how we can continue to improve our services for you.
To personalise the service and offers you receive from us, including with invitations to special events.
To provide you with tailored content online and optimise your experience of our Website.
To share marketing material we believe may be of interest to you, including from our third party partners.
To help us operate our services more efficiently.
We will take steps to ensure that prior to profiling your personal information for a legitimate interest that our legitimate interest is not overridden by your own interests or fundamental rights and freedoms.
TRANSFERRING PERSONAL INFORMATION GLOBALLY
Our offices and service providers are located around the world, which means your personal information may be transferred and stored in other countries which may be outside your country of residence. Some of these countries are subject to different standards of data protection than your country of residence.
We will take appropriate steps to ensure that transfers of personal information are in accordance with applicable law, and we only transfer personal information to another country where:
We are satisfied that adequate levels of protection are in place to protect your information; and
The transfers are fully managed to protect your privacy rights and interests and are limited to countries which are recognized as providing an adequate level of legal protection or where we can be satisfied that alternative arrangement are in place to protect your privacy rights.
TO THIS END
Where we transfer your personal information outside our company or to third parties (who help us to provide our products and services), we obtain contractual commitments from them to protect your personal information; or
Where we receive requests for information from law enforcement or regulators, we carefully review and validate these requests before any personal information is disclosed.
In the event your personal information is transferred to a foreign jurisdiction, it may be subject to the laws of that jurisdiction and we may be required to disclose it to the courts, law enforcement or governmental authorities in those jurisdictions.
You have a right to contact us for more information about the safeguards we have put in place to ensure the adequate protection of your personal information when this is transferred as mentioned above.
HOW WE PROTECT AND STORE YOUR PERSONAL INFORMATION
PROTECTION OF YOUR PERSONAL INFORMATION
We have implemented and maintain appropriate technical and organisational security measures, policies and procedures designed to protect the personal information that you share with us and safeguard the privacy of such information. For example, the measures we take include:
Placing confidentiality requirements on our staff members and service providers.
Destroying/permanently anonymising personal information no longer needed for the purposes for which it was collected.
Following security procedures in the storage/disclosure of your personal information to prevent unauthorised access to it.
STORAGE OF YOUR PERSONAL INFORMATION
We keep your personal information for as long as is reasonably necessary for the purposes for which it was collected. For example, to manage bookings and provide you with any relevant products or services, as explained in this Privacy Notice. We will ensure that it is disposed of in a secure manner. In most cases we will destroy your data 7 years after collection in order to comply with UK HMRC rules. Where no booking is made, data will be removed not more than 12 months after collection
In some circumstances we may store your personal information for longer periods of time, for example, where we are required to do so in accordance with legal, regulatory, tax, or accounting requirements. In specific circumstances, we may store your personal information for a longer time so that we have an accurate record of your dealings with us in the event of complaints or if we reasonably believe there is a prospect of litigation relating to your personal information or dealings.
A “cookie” is a small computer file which is downloaded to your device. It collects information as to how you navigate our Website and the internet and helps us provide better website services to you.
Cookies may collect personal information about you. Cookies help us remember information about your visit to our website, like your departure point, and other settings and searches. Cookies enable us to understand who has seen which webpages and how frequently, and to determine which are the most popular areas of our website. They can also help us to operate our website more efficiently and make your next visit easier and customise your view of the website to reflect your preferences and activities.
LEGAL RIGHTS AVAILABLE TO HELP MANAGE YOUR PRIVACY
YOU HAVE CERTAIN RIGHTS IN RELATION TO YOUR PERSONAL INFORMATION
In order to exercise your rights, we may ask you for additional information to confirm your identity and for security purposes, in particular before disclosing personal information to you.
You can exercise your rights by emailing us at [email protected] or by sending us a communication at [email protected] Subject to legal and other permissible considerations, we will make every reasonable effort to honour your request within 30 days or inform you if we require further information in order to fulfil your request.
We may not always be able to fully address your request, for example, if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.
RIGHT TO ACCESS PERSONAL INFORMATION
You have a right to request a copy of your personal information that we hold, and you have the right to be informed of: the source of your personal information; the purposes, legal basis and methods of processing; the data controller’s contact details; and the businesses or categories of businesses to whom your personal information may be transferred.
RIGHT TO RECTIFY OR ERASE PERSONAL INFORMATION
You have a right to request that we rectify inaccurate personal information. We may seek to verify the accuracy of the personal information before rectifying it. You can also request that we erase your personal information where:
It is no longer needed for the purposes for which it was collected; or
You have withdrawn your consent (where the data processing was based on consent); or
Following a successful right to object; or
It has been processed unlawfully; or
The personal information must be erased for compliance with a legal obligation under European Union or Member State law to which the we are subject.
We are not required to comply with requests to erase personal information if the processing of the information is necessary:
For compliance with a legal obligation; or
For the establishment, exercise or defence of legal claims.
RIGHT TO OBJECT TO THE PROCESSING (INCLUDING DIRECT MARKETING) OF YOUR PERSONAL INFORMATION
You can object to any processing of your personal information which has our legitimate interests as its legal basis, if you believe your fundamental rights and freedoms outweigh our legitimate interests.
You can request that we stop contacting you for marketing purposes.
You can request that we not transfer your personal information to unaffiliated third parties for the purposes of direct marketing or any other purposes.
If you have joined our mailing list, you can manage your marketing preferences automatically by clicking the “unsubscribe” link that you will find at the bottom of our emails which you receive from us, or you can unsubscribe by contacting is at [email protected]
Right to obtain a copy of personal information safeguards used for transfers outside your jurisdiction.
You can ask to obtain a copy of, or reference to, the safeguards under which your personal information is transferred outside of the European Union. We may redact data transfer agreements to protect commercial terms.
RIGHT TO RESTRICT THE PROCESSING OF YOUR PERSONAL INFORMATION
You can ask us to restrict the processing of your personal information, but only where:
Its accuracy is contested, to allow us to verify its accuracy; or
The processing is unlawful, but you do not want it erased; or
It is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; or
You have exercised the right to object, and verification of overriding grounds is pending.
We can continue to use your personal information following a request for restriction, where:
We have your consent; or
To establish, exercise or defend legal claims; or
To protect the rights of another natural or legal person.
You have a right to lodge a complaint with the Information Commissioners Office if you have concerns about how we are processing your personal information.
If you have any concerns regarding data that we hold, please contact the Data Controller: [email protected]