KP World Travels Ltd understands Data Privacy and the Security of Personal Data is a sensitive area. This Policy has been updated to cover how KP World Travels Ltd collects, uses, discloses, transfers and stores personal information, informing our clients of their rights over their Personal Data in accordance with General Data Protection Regulation (GDPR) legislation. This policy applies when our clients use our online services, either by web or by using electronic means interacting with our websites, email or social media channels.
Use of Personal Data
- Personal Data we collect is limited to what is necessary to conduct travel bookings and includes name, date of birth, mailing address, contact telephone numbers, email address, contact preferences, credit card and passport details where necessary
- When you make a booking, depending on the arrangements you ask us to make we will send you a small questionnaire collecting your special requirements, such as dietary requirements, medical/health conditions so as to ensure that your particular needs in relation to a booking are met
- An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service Privacy Policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment
We use the Personal Data we collect and process it, either because it is necessary for us to do so as part of the services we provide to you due to having entered into a contract with us or because we have a legitimate business reason for doing so.
A) Activities carried out by KP World Travels Ltd in order to provide the services you have entered into a contract with us:
- Managing your booking internally, communicating your booking with external suppliers such as hotels to ensure that the services you requested are arranged
- Communicating with you regarding your requested booking, including sending booking & payment information and travel documents necessary for your travel
- Assisting you or arranging for assistance to be provided to you by third parties in the event of an incident or health emergency which is in your vital interests
B) Activities carried out by KP World Travels Ltd on the basis of our legitimate interests as a business which you employ to provide your travel arrangement services, are the following:
- Improvement of the customer experience using our online and offline services
- Protection of our business against financial loss for payment card and booking verification
- Promotion of our business, improving our products and services by:
- Sending marketing correspondence which you will only receive if you opt-in to and grant your permission for us to contact you about products and services similar to those that you have previously bought from us
- Contacting you if you make any enquiries on our website and/or feedback to improve our service
- The resolution of complaints, dealing with disputes and legal proceedings which may include contacting you if we need to resolve any issues you may be experiencing or have experienced with a booking or other purchased service provided by KP World Travels Ltd
Who will your Personal Data be sent to?
KP World Travels Ltd operates within the European Economic Area (EEA). However, your Personal Data is held on a combination of KP World Travels Ltd’s EEA-based data-centers, the systems of the suppliers we use to provide our services (e.g. hotels) and ultimately the providers of the services you select such as taxi transfer service, etc.
Some of these third parties which may be based outside the EEA may not be subject to the same level of controls in relation to data protection as we have in the UK and the EEA. Therefore as a first step, KP World Travels Ltd ensures safeguards are set within the contractual clauses in an approved legal form or by having our suppliers sign up to an independent privacy scheme approved by regulators (like the US “Privacy Shield”).
Choosing Service Providers for you
- We carefully select and source third party suppliers that are required to receive your Personal Data in order to deliver the travel services offered to you
- Our terms of contract state our suppliers must comply from an Information Security and GDPR perspective given their function as Data Processors
- We ensure that KP World Travels Ltd’s vendors are reputable suppliers, in particular:
- Without a known history of data protection breaches
- With credible data protection policies/practices to ensure the integrity and safety of the data
- With a policy of using the data only for the delivery of the contractually agreed service
Cookies
The website has Analytical and performance cookies in place. They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. If you leave a comment on our site you may opt in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
Legal and Governmental Authorities
When KP World Travels Ltd is requested to provide Personal Data by law, legal process, litigation and/or requests from governmental authorities (including tax purposes) within or outside the clients’ country of residence, it will be obliged to comply and proceed with providing your Personal Data.
Protection of Personal Information & Security
KP World Travels Ltd acknowledges that the Information Security and the protection of our clients’ Personal Data is an ongoing commitment and will continue to evolve in complexity, as do threats. As a result, KP World Travels Ltd has taken significant technical steps to ensure we are compliant with the DPA (Data Protection Act) and GDPR frameworks through an extensive GDPR-readiness program, continuous work and investment throughout the 3 Ps (People, Platform, Process).
Servers hosting the online booking services use SSL (Secure Sockets Layer) data encryption to help keep your data secure. Where possible, Personal Data entered is encoded before it is sent to KP World Travels Ltd and our suppliers, protecting it as it is transferred over the Internet. However, it must be noted that the transmission of information via the Internet is not completely secure and while KP World Travels Ltd will endeavour to ensure that any information entered into the Online Booking Services is secure, it does not guarantee the security of the data transmitted to or from such services.
Storing your Personal Data
KP World Travels Ltd retains your Personal Data for the period necessary to fulfil your booked travel arrangements except in cases when a longer retention period is required by law or other legal obligation. We will only hold the minimum necessary data to provide the services you have requested us to provide and we will do so for no longer than 12 months after the last booking has been completed.
Should we be operating with you through a client contract and that be terminated, your data will not be kept for longer than 12 months. A period of up to 12 months post-contract termination is acceptable to cater for bookings which are made for up to 12 months in advance.
Rights as to your Personal Data
Accessing it & requesting a copy
As entitled by the GDPR, as our clients, you have the right to request and receive a copy of your Personal Data in a user-friendly format.
Note that where we are legally permitted to do so, we may refuse your request. If we refuse your request, we will tell you the reason.
Asking for it to be deleted
You are also entitled to request to erase your personal data from our systems. It must be noted, however, that when travel is booked through an organisation with which KP World Travels Ltd has a contract, all such requests can be actioned only when approved by the client organisation which acts as the Data Controller.
Note that KP World Travels Ltd has the option to refuse such requests if they impact its ability to provide the contracted services to the organisation which the traveller belongs to or if there is a legal requirement to maintain the data.
In the event that either of these scenarios is enacted, KP World Travels Ltd will work with the Data Controller towards resolution.
Withdrawing your consent
At any given point in time, you have the right to withdraw your consent for us to use your Personal Data when providing our services to you. If travel is booked through an organisation with which KP World Travels Ltd has a contract, all such requests can be actioned only when approved by the client organisation which acts as the Data Controller.
If you are not satisfied with the way a complaint you make in relation to your data is handled by us, you may be able to refer your complaint to the relevant data protection authority. For the UK, this is the Information Commissioner’s Office (ICO).
Contact Us
Any communications relating to data access requests or the withdrawal of your consent can be made using our email address: [email protected].
Our Company is registered in the United Kingdom (Reg number: 15211801). Our registered address is:
KP World Travels Ltd
71-75 Shelton Street
London – WC2H 9JQ