Under the terms of the General Data Protection Regulation (GDPR), while you are using this website, Firefly Holidays is identified as the data controller of any information collected.
The policy sets out the different areas where user privacy is concerned and outlines the obligations & requirements of the users, the website and website owners. Furthermore the way the website processes, stores and protects user data and information is also detailed within this policy.
Above all, we are most concerned with the security of your information and that you feel comfortable how we use it. We welcome contact from you at any time, if you have any concerns at all.
By using the website, you indicate your agreement with this policy.
The website and its owners take a proactive approach to user privacy and ensure the necessary steps are taken to protect the privacy of its users. The website complies with all UK national laws and requirements for user privacy.
If you complete pages within the website’s online booking process, we will collect details from you related to that booking. Information held is likely to include your name, date of birth, contact details, information about people travelling with you, information about your booking and any additional information we may need to help meet your specific requirements.
We do not receive, store or have access to any payment details you provide to pay for a booking. These are received directly by our payment provider Global Payments and managed by them within their customer financial data processes.
We also use ‘cookies’ to collect website usage information. These “cookies” are anonymised and do not include any information which identifies individual users. Further information about cookies and how we use them is detailed later in this policy.
We may store information from telephone calls with our sales, customer service and management functions, in the form of call recordings. Any portion of a call relating to payment details is not recorded.
Storing and Using Information
We may store and use the information we collect in a number of ways, for example:
- to enable us to complete your booking
- for statistical purposes when we evaluate our range of services
- to provide more relevant content on our website
- to tell you about other products and services we think may be of interest to you, via the website, online advertising, email and other communications
- to manage customer service queries
- to help us to provide details or information you may have requested.
In all cases, we store and use this information only for reasons permitted by UK data protection laws. These legal bases include:
- Where we need to use the information for contractual purposes – for instance to complete your booking and secure accommodation, travel or other services.
- Where we have your consent to collect and use information for a specific purpose.
- Where the information supports a legitimate interest for Firefly Holidays, which also should benefit our customers. This includes using information from your bookings and customer feedback to improve our products and providing news and recommendations in direct contact and marketing communications.
- Where we are legally required to do so – for instance by sharing details of any fraudulent or criminal activity with law enforcement agencies.
We will keep the information we collect in the course of an enquiry or holiday booking for no more than 5 years after its last use in support of the legal reasons listed above. After this period your data will either be deleted completely or anonymised, for example by aggregation into other data and statistics in a non-identifiable way. Where our customer service phone calls have been recorded, these recordings are retained for no more than 18 months. After this period, all recordings are completely deleted, apart from any required to be kept for an ongoing issue.
In order to provide you with the products and services that we offer we may, and will only, share your information with:
- holiday accommodation providers
- our payment provider and your credit/debit card companies
- other third parties who we may need to work with to fulfil travel plans on your behalf, for example, resorts, holiday parks, management companies, airlines, ferry companies, rail companies and other suppliers
- third party customer review and feedback service providers who may contact you to ask for your comments on your booking
We only share information with these parties necessary to complete your booking and provide the accommodation and any other requested services for your booking. In most cases, this only includes the name and age details of a holiday party. We do also provide contact details to travel operators, such as ferry companies and Eurotunnel, for the sole purpose that they can inform you directly of any issues with their services. All our partners should be compliant with data protection laws and practises of the EU / EEA. We do not provide these partners with any postal address details or contact details to be used for marketing purposes. They may ask to collect more details from you in direct contact, for instance when checking in, and we suggest you make the appropriate choices at that time.
Your Rights Over Your Data
You have the right to request access and amendments to your data, within a month of making contact and usually with no charge. Requests should be sent to the business address at the foot of this policy, addressed to the Data Protection Officer. You have the right to request:
- Access to the personal data we hold about you
- The correction of your personal data when incorrect, out of date or incomplete.
- That we stop any consent-based processing of your personal data after you withdraw that consent.
- The removal of any data not required for ongoing contractual or legal reasons.
Cookies are small files saved to a website user’s computer hard drive which track, save and store information about the user’s interactions and usage of the website. This allows the website, through its server, to store analytics information and provide a tailored experience.
No cookies on the website capture a user’s name or other information that would identify the user personally. They merely relate to a computer or other device. All information collected by cookies on the website is aggregated and therefore anonymous.
The website uses different types of cookies for different purposes:
- “Strictly necessary” cookies which are essential in order to enable users to move around the website and use its features.
- “Performance” cookies which collect information about how users navigate the website, including which pages they access most, how frequently they interact with the website, which pages are not used often or take a long time to load, etc. All of this helps us to refine and develop our website to try and make them more usable when a user visits us again in future.
- “Functionality” cookies which allow the website to remember choices you make.
- “Targeting, marketing or advertising” cookies which can be used to deliver adverts relevant to an identified machine or other device. These cookies are also used to limit the number of times a user sees an advertisement as well as to help measure the effectiveness of the advertising campaign. They may also indicate that the website has been visited to other marketing and advertising platforms we use. The marketing cookies on the website are operated by third parties with our permission. These typically expire after 30 days, though some may take longer. No personal information is collected, stored or saved.
For more general information about cookies and how to block or disable them through your browser, visit www.allaboutcookies.org
Contact & Communication
Users contacting the website and/or its owners do so at their own discretion and provide any such personal details requested at their own risk. Every effort has been made to ensure a safe and secure process for email contact and email form submission, but users using this email process do so at their own risk.
The website and its owners use any information submitted to provide you with further information about the products / services they offer or to assist you in answering any questions or queries you may have submitted. This may include subscribing you to any email communication the website operates, but only if this was made clear to you and your express permission was granted when submitting any form to email process. Or whereby you have previously purchased or enquired about a product or service that the email communication relates to. This is by no means an exhaustive list of your user rights with regard to receiving email marketing material. Your details are not shared with any third parties.
The website operates an email newsletter program, used to inform subscribers about products and offers provided by the website’s owners. Users can subscribe through an online automated process should they wish to do so, at their own discretion. Some subscriptions may be manually processed through written or verbal agreement with the user.
Subscriptions are made and all related personal details are held securely in compliance with UK data protection laws. No personal details are passed on to third parties nor shared with companies / people outside of the company that operates the website.
Email marketing campaigns published by the website or its owners may contain tracking facilities within the actual email. Subscriber activity is tracked and stored in a database for future analysis and evaluation. Such tracked activity may include; the opening of emails, forwarding of emails, the clicking of links within the email content, times, dates and frequency of activity.
This information is used to refine future email contact and supply the user with more relevant content based around their activity.
In compliance with UK Spam Laws and the Privacy and Electronic Communications Regulations 2003, subscribers are given the opportunity to unsubscribe at any time through an automated system. This process is detailed in the footer of each email contact. If an automated unsubscribe system is unavailable clear instructions on how to unsubscribe will be detailed.
Although the website only looks to include quality, safe and relevant external links, users are advised to adopt a policy of caution before clicking any external web links featured throughout the website. External links include clickable text / banner / image links to other websites.
The owners of the website cannot guarantee or verify the contents of any externally linked website despite their best efforts. Users should therefore note they click on external links at their own risk and the website and its owners cannot be held liable for any damages or implications caused by visiting any external links mentioned.
Adverts and Sponsored Links
The website may contain sponsored links and adverts. These will typically be served through our advertising partners, to whom may have detailed privacy policies relating directly to the adverts they serve.
Social Media Platforms
Communication, engagement and actions taken through external social media platforms which the website and its owners participate on are custom to the terms and conditions as well as the privacy policies held with each social media platform respectively.
Users are advised to use social media platforms wisely and communicate / engage upon them with due care and caution in regard to their own privacy and personal details. Neither the website nor its owners will ever ask for personal or sensitive information through social media platforms and encourage users wishing to discuss sensitive details to contact them through primary communication channels such as by telephone or email.
The website may use social sharing buttons which help share web content directly from web pages to the social media platform in question. Users are advised before using such social sharing buttons that they do so at their own discretion and note that the social media platform may track and save your request to share a web page respectively through your social media platform account.
Shortened Links in Social Media
The website and its owners through their social media platform accounts may share web links to relevant web pages. By default some social media platforms shorten lengthy links, urls or website addresses – for example: http://bit.ly/zyVUBo.
Users are advised to use caution and good judgement before clicking any shortened urls published on social media platforms by the website and its owners. Despite the best efforts to ensure only genuine urls are published many social media platforms are prone to spam and hacking and therefore the website and its owners cannot be held liable for any damages or implications caused by visiting any shortened links.
Postal address for written enquiries: Firefly Holidays, Drake House, Gadbrook Park, Northwich, Cheshire, CW9 7RA
© Firefly Holidays (UK) Limited, v2.1 2018