This Privacy Policy explains how The Holiday Creators Ltd. ("we," "us," or "our"), a travel agency registered in the United Kingdom and a member of Protected Trust Services (PTS), collects, uses, and protects your personal information when you use our website and services to make travel bookings.

We're committed to protecting your privacy and handling your personal data in a transparent and secure manner, in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are

The Holiday Creators Ltd. 23 Ridgeway Drive, Newport NP20 5AR

Email: hello@theholidaycreators.co.uk

Phone: 01633 981373

We're a proud member of Protected Trust Services (PTS), ensuring your financial protection for monies paid to us. You can find more information about PTS at https://www.protectedtrustservices.com/for-travellers/.

2. What Information We Collect

To facilitate your travel bookings and provide you with our services, we collect various types of personal information, which may include:

Personal Identification Information:

• Full name (including title)

• Date of birth

• Gender

• Nationality

• Passport details (passport number, issue and expiry dates, place of issue)

• Contact details (email address, phone number, postal address)

Payment Information:

• Credit/debit card details (card number, expiry date, CVC/CVV – though we don't store CVC/CVV after processing)

• Bank account details (for refunds or specific payment methods)

Travel-Related Information:

• Travel preferences (e.g., airline, seating, dietary requirements, special assistance needs)

• Details of travel companions (names, dates of birth, passport details – you confirm you have their consent to provide this information)

• Booking history and itinerary details

Technical Data:

• IP address

• Browser type and version

• Operating system

• Referral source

• Pages viewed on our website

• Website navigation paths

• Timestamps and frequency of your visits

3. How We Collect Your Information

We collect information from you in the following ways:

• Directly from you: When you fill out forms on our website, communicate with us via email or phone, or provide information in person.

• Automatically: As you navigate our website, through the use of cookies and similar technologies (see Section 5 for more details).

• From Third Parties: In some cases, we may receive information from third-party partners (e.g., airlines, hotels, tour operators) if it's necessary to fulfil your booking or resolve an issue.

4. How We Use Your Information

We use the information we collect for the following purposes and on the following legal bases:

To Fulfil Your Travel Bookings (Contractual Necessity):

• Processing your travel arrangements (flights, accommodation, transfers, activities).

• Communicating with you regarding your booking.

• Passing relevant details to airlines, hotels, tour operators, and other suppliers.

• Processing payments and managing refunds.

To Provide Customer Service (Legitimate Interests/Contractual Necessity):

• Responding to your enquiries and requests.

• Providing support and assistance before, during, and after your trip.

• Handling complaints or disputes.

For Marketing Communications (Consent/Legitimate Interests where applicable):

• Sending you information about offers, promotions, and new travel destinations that may be of interest to you, if you've opted in to our mailing list.

• You can opt-out of marketing communications at any time by clicking the "unsubscribe" link in our emails or by contacting us directly.

To Improve Our Website and Services (Legitimate Interests):

• Analysing website usage to understand user behaviour and identify areas for improvement.

• Personalising your experience on our website.

• Troubleshooting, data analysis, testing, and research.

For Security and Fraud Prevention (Legal Obligation/Legitimate Interests):

• Protecting our website and systems from unauthorised access and cyber threats.

• Detecting and preventing fraudulent activities.

• Complying with legal obligations and regulatory requirements.

5. Cookies and Similar Technologies

Our website uses "cookies" and similar technologies to enhance your browse experience. Cookies are small text files placed on your device. We use them for:

• Essential Cookies: Necessary for the website to function correctly (e.g., remembering items in your basket).

• Analytical/Performance Cookies: To understand how visitors use our website, helping us improve its performance and design.

• Functionality Cookies: To remember your preferences and choices, providing a more personalised experience.

• Marketing/Targeting Cookies: To deliver relevant advertisements to you based on your interests (if applicable and with your consent).

You can manage your cookie preferences through your browser settings. Please note that disabling certain cookies may affect the functionality of our website.

6. Who We Share Your Information With

We may share your personal information with the following categories of recipients, solely for the purposes outlined in this Privacy Policy:

• Travel Suppliers: Airlines, hotels, car rental companies, tour operators, and other service providers necessary to fulfil your travel booking. These suppliers may be located outside the UK or European Economic Area (EEA), and we will ensure appropriate safeguards are in place for international transfers (see Section 8).

• Payment Processors: Secure third-party payment gateways to process your payments. We do not store your full credit card details on our servers.

• Protected Trust Services (PTS): As a condition of our membership, we may be required to share certain booking information with PTS for the purpose of financial protection and compliance.

• Service Providers: Third-party companies that provide services to us, such as IT support, website hosting, analytics, and marketing platforms. These providers are contractually obligated to protect your data and only use it for the purposes we specify.

• Legal and Regulatory Bodies: If required by law, court order, or governmental regulation, or to protect our legal rights, property, or safety, or the rights, property, or safety of others.

7. Data Security

We're committed to ensuring the security of your personal information. We implement appropriate technical and organisational measures to protect your data from unauthorised access, disclosure, alteration, and destruction. These measures include:

• Secure Socket Layer (SSL) technology for data transmission.

• Firewalls and intrusion detection systems.

• Regular security assessments and updates.

• Restricted access to personal data for authorised personnel only.

While we strive to protect your personal information, no method of transmission over the internet or method of electronic storage is 100% secure.

8. International Data Transfers

As a travel agency, it's often necessary to transfer your personal data to travel suppliers and service providers located outside the UK and European Economic Area (EEA) to facilitate your bookings (e.g., a hotel in a non-EEA country).

When we transfer your data internationally, we ensure that appropriate safeguards are in place to protect your privacy rights, such as:

• Adequacy Decisions: Transfers to countries deemed to provide an adequate level of data protection by the UK government.

• Standard Contractual Clauses (SCCs): Implemented in contracts with recipients to ensure data is protected to UK GDPR standards.

• Binding Corporate Rules (BCRs): For transfers within multinational organisations.

By using our services, you acknowledge that your personal information may be transferred to and processed in countries outside the UK/EEA where data protection laws may differ.

9. How Long We Keep Your Information

We'll retain your personal information for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

Typically, we retain booking-related information for a period of 7 years after your travel is completed to comply with tax and accounting obligations. Marketing consent will be retained until you withdraw your consent or opt-out.

10. Your Data Protection Rights

Under UK GDPR, you have the following rights regarding your personal data:

• The Right to Be Informed: To be informed about how your personal data is collected and used (this Privacy Policy serves this purpose).

• The Right of Access: To request a copy of the personal data we hold about you.

• The Right to Rectification: To request that we correct any inaccurate or incomplete personal data we hold about you.

• The Right to Erasure (the "Right to be Forgotten"): To request that we delete your personal data in certain circumstances.

• The Right to Restrict Processing: To request that we restrict the processing of your personal data in certain circumstances.

• The Right to Data Portability: To receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller.

• The Right to Object: To object to the processing of your personal data for direct marketing purposes or on grounds relating to your particular situation.

• Rights in Relation to Automated Decision Making and Profiling: To not be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

To exercise any of these rights, please contact us using the details provided in Section 1. We may require proof of identity before responding to your request.

11. Marketing Opt-Out

If you've subscribed to our mailing list, you can opt-out of receiving marketing communications from us at any time by:

• Clicking the "unsubscribe" link at the bottom of our marketing emails.

• Contacting us directly via email or phone.

12. Complaints

If you have any concerns about how we handle your personal data, please contact us in the first instance. We'll do our best to resolve your query.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's independent authority for upholding information rights:

Information Commissioner's Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF Helpline number: 0303 123 1113 ICO website: www.ico.org.uk

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We'll post the updated policy on our website with a revised "Last Updated" date. We encourage you to review this Privacy Policy periodically.