General Data Protection Regulation
Privacy Notice
Who we are
Snowstyle Travel Ltd is a Limited Company, registered in Gibraltar. We are classed as a Tour Operator whose business is the selling and facilitating of package holidays for schools and groups. At Snowstyle Travel Ltd, we are committed to safeguarding and protecting your personal data. This Privacy Notice meets the high standards of the new European data protection law, known as the General Data Protection Regulation (GDPR).
What this means
This privacy notice (the ‘Notice”) explains how personal information is collected, used, and disclosed by Snowstyle Travel Ltd (‘we’, ‘our’, or ‘us’).
The data controller is Snowstyle Travel Ltd and we are fully committed to looking after your personal data. We want you to be confident that your data is safe and secure with us. Please take the time to read this Notice and understand how we use it to offer you a better and more unique experience.
Brief overview
Our privacy notice explains:
What information do we collect?
During the course of the booking process, and in order to provide you with the products & services agreed, we may ask for some or all of the following pieces of personal data:
Other sources of data:
Personal data you provide about other individuals:
We use personal data to manage and improve our products, websites and other services. We monitor how our services are used to help protect your personal data, detect and prevent fraud and the misuse of services. This helps to ensure that you can safely use our services.
We may use personal data to respond to, and to manage security operations, accidents or other similar incidents, including for medical and insurance purposes.
To personalise your experience
We want to ensure that marketing communications relating to our products and services are relevant to your interests. To do this we may use your personal data to better understand your interests, so that we can tailor our communications to make them more relevant and interesting to you. If you do not want to receive a personalised service from us, you can change your preferences by telephone or writing to us (e.g. email) at any time. We will update our records as soon as we can.
To make contact and interact with you
We want to serve you better as a customer, so if you contact us, for example by email, post and telephone, we may use personal data to provide clarification or assistance to you. We do not sell your personal data to third parties.
Marketing communications
From time to time we may send you relevant offers about our products and services in a number of ways, including email. We will only do this if you previously agreed to receive these marketing communications. You can change these marketing preferences either by telephone or writing to us (e.g. email) at any time. You may still receive service related communications, e.g. confirming bookings you make with us.
How we will share your personal data
Sharing personal data with suppliers and retail partners
In order to provide products and services requested by you we may share personal data with suppliers of your travel arrangements, including airlines, ferry companies, hotels, ski equipment providers and other transport companies. We also work with carefully selected companies who carry out functions on our behalf. For example companies that help us with IT services, storing and combining data, marketing, processing payments and delivering products and services. We may need to share personal data to establish, exercise or defend our legal rights; this includes providing data to others for the purposes of preventing fraud and reducing credit risk. When we share personal information with other organisations, we require them to keep it safe, and they must not use your personal data for their own marketing purposes. We only share the minimum personal data that enable our suppliers and retail partners to provide their services to you and us.
Sharing personal data with regulatory authorities
So that you can travel, it may be mandatory (as required by government authorities at the point(s) of departure and/or destination) to disclose and process your personal data for immigration, border control, security and anti terrorism purposes, or any other purposes which they deem appropriate. Some countries will only permit travel if you provide your advance passenger data. These requirements may differ depending on your destination and we advise you to check. Even if not mandatory we may assist where appropriate. We may share the minimum personal data necessary with other public authorities, if the law says we must, or we are legally allowed to do so.
Protecting your personal data
We understand how important it is to protect and secure your personal data. We take appropriate security measures to help protect your personal data from accidental loss and from unauthorised access, use, alteration and disclosure. Security of your data also depends on you. For example, where you use a password to access certain services, you are responsible for keeping this password confidential. The personal data that we collect from you may be transferred to, and stored at, a destination either inside or outside of the European Economic Area (“EEA”). It may also be processed by organisations operating inside or outside the EEA, who work for us, for one of our suppliers. We put in place appropriate protections to make sure your data remains adequately protected and that it is treated in line with this notice. These protections include, but are not limited to, appropriate contract clauses, such as those approved by the European Commission, and appropriate security measures.
Data retention
We will retain your personal data for only as long as is necessary for the uses set out in this privacy notice and/or to meet legal and regulatory requirements. After this period we will securely erase personal data. If data is needed after this period for analytical, historical or other legitimate business purposes, we will take appropriate measures to anonymise this data.
Links to other websites
Our websites may contain links to other websites operated by other organisations that have their own privacy notices. Please ensure you read the terms and conditions and privacy notice carefully before providing personal data, as we do not accept any responsibility or liability for other websites or organisations.
Social media features
Our websites may contain social media features such as Facebook, Twitter, Instagram & Pinterest that have their own privacy notices. Please ensure you read their terms and conditions and privacy notice carefully before providing any personal data, as we do not accept any responsibility or liability for these features.
Accessing and updating your personal data
You have a right to ask for a copy of the personal data we hold about you. You can write to us asking for a copy of other personal data we hold about you. Please include any details to help us identify and locate your personal data. Where we can provide data access, we will do so free of charge except where further copies are requested in which case we may charge a reasonable fee based on administrative costs. We want to make sure that the personal data we hold about you is accurate and up to date. If any of the details we hold are incorrect, please let us know. You can also ask for your personal data to be rectified or erased, to object to the processing of your personal data and, where technically feasible, to ask for personal data you provided to be transmitted to another organisation. We will update or erase your data, unless we have to keep it for legitimate business or legal purposes.
Complaints
You can also contact us if you have a complaint about how we collect, store or use your personal data. We aim to resolve complaints but if you are dissatisfied with our response, you may complain to the Information Commissioner’s Office. Please submit your request or complaint in writing to us: By post: Snowstyle Travel Ltd, World Trade Center, Suite 263, GX11 1AA, Gibraltar. By email: [email protected]. Please note that we may ask you to verify your identity before we can act on your request or complaint. We may also ask you for more information to help ensure that you are authorised to make such a request or complaint when you contact us on behalf of someone else.
Legal basis for processing personal data
We will only collect and use your personal data if at least one of the following conditions applies:
Example: Customer Booking Form
You give us permission to process your personal data when you make a holiday booking through us.
Example: To provide the products and services you request
We need to process your personal data so that we can manage booking, provide you with the products and services you want to buy and help you with any orders and refunds you may ask for.
Example: Sharing personal data with regulatory authorities
So that you can travel, it may be mandatory (as required by government authorities at the point(s) of departure and/or destination) to disclose and process your personal data for immigration, border control, security and anti-terrorism purposes, or any other purposes which they determine appropriate.
Example: In an emergency
Your insurance company, their agents and medical staff may exchange relevant personal data and special categories of personal data with us in circumstances where we/they need to act on your behalf or in the interest of other customers or in an emergency.
Example: Security operations
We may use personal data to respond to and to manage security operations, accidents or other similar incidents, including medical and insurance purposes.
Example: To personalise your experience
We may use your personal data to better understand your interests so that we can try to predict what other products, services and information you might be most interested in. This enables us to tailor our communications to make them more relevant and interesting for you.
Where we need to process special categories of personal data, for example health data for medical reasons, we will only do so if one or more additional conditions apply. For example, we have your explicit consent; it is necessary to protect the vital interests of you or another individual and you are physically or legally incapable of giving consent; it is necessary to establish, exercise or defend legal claims; it is necessary for reasons of substantial public interest.
Data Protection Impact Assessments
At Snowstyle Travel Ltd, we are aware of the need, in some cases under the GDPR, to conduct a DPIA or appoint a DPO (Data Protection Officer), in the case that a company’s activities require the large scale processing of special categories of data. Whilst we are responsible for processing special categories of data, e.g. details of a person’s medical history, we do not conduct large scale processing of this data. It is for this reason that we do not require a data protection officer, or a data protection impact assessment in this case. Our processing of this particular data is not likely to result in a high risk to individuals’ interests and we will keep our decision on this policy under constant review.
Children
We are aware that children need particular protection when we are collecting and processing their personal data because they may be less aware of the risks involved. If we process children’s personal data then we always think about the need to protect them from the outset, and design our systems and processes with this in mind. We always ensure we have an appropriate lawful basis for processing children’s data that provides the best protection for the child. Children’s data is never used for marketing purposes or to create user profiles. Children have the same rights as adults over their personal data. These include the rights to access their personal data; request rectification; object to processing and have their personal data erased. If individuals who you are providing information for are children, then you must ensure that you have the permission of the parent or guardian and that you are allowed to provide it, also that they understand how we will use the child’s personal data.
Changes to our Notice
This Notice replaces all previous versions. We may change the Notice at any time so please check it regularly on our website(s) for any updates. If the changes are significant, we will provide a prominent notice on our website(s) including, if we believe it is appropriate, electronic notification of Privacy Notice changes.
Last update: January 2021
Key terms:
Data controller: The data controller determines the purpose and manner in which personal data is used.
European Economic Area (EEA): EU Member States plus Norway, Iceland and Lichtenstein.
Special categories of personal data: This are categories of personal data revealing racial or ethnic origin; political opinions; religious or philosophical beliefs; trade union membership; genetic data, biometric data for the purpose of uniquely identifying a natural person; health data; and data concerning a natural person’s sex life or sexual orientation.