1. Home
  2. Privacy Policy

Exclusive Destination Management Company Ltd is registered in England & Wales. Company number: 9676653. Registered office: Third Floor 207 Regent Street London W1B 3HH United Kingdom

Exclusive Destination Management Company Ltd herein referred as “Exclusive DMC”

This document sets out Exclusive DMC policy on the protection of information you disclose to us. Protecting the confidentiality and integrity of personal data is a critical responsibility that we take seriously at all times. Exclusive DMC will ensure that data is processed in accordance with the provisions of the General Data Protection Regulation (EU) 2016/679 (GDPR).

Exclusive DMC requires you to provide contact details of the people you wish to be authorized users of our services in order for us to fulfil our contract with you. In addition, it may be necessary for you to disclose personal data (including Child data or ‘special category’ data, eg. allergies, disabilities) about your clients/customers as part of our delivery of travel services.

WHAT DATA DO WE COLLECT ABOUT YOU

Personal data means any information capable of identifying an individual. It does not include anonymised data.

We may process certain types of personal data about you as follows:

  • Identity Data may include your first name, maiden name, last name, username, marital status, title, date of birth and gender.
  • Contact Data may include your billing address, delivery address, email address and telephone numbers.
  • Financial Data may include your bank account and payment card details.
  • Transaction Data may include details about payments between us and other details of purchases made by you.
  • Technical Data may include your login data, internet protocol addresses, browser type and version, browser plug-in types and versions, time zone setting and location, operating system and platform and other technology on the devices you use to access this site.
  • Profile Data may include your username and password, purchases or orders, your interests, preferences, feedback and survey responses.
  • Usage Data may include information about how you use our website, products and services.
  • Marketing and Communications Data may include your preferences in receiving marketing communications from us and our third parties and your communication preferences.

We may also process Aggregated Data from your personal data but this data does not reveal your identity and as such in itself is not personal data. An example of this is where we review your Usage Data to work out the percentage of website users using a specific feature of our site. If we link the Aggregated Data with your personal data so that you can be identified from it, then it is treated as personal data.Sensitive Data

We do not collect any Sensitive Data about you. Sensitive data refers to data that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. We do not collect any information about criminal convictions and offences.

We require your explicit consent for processing sensitive data, so when you submit your details, we will send you a further communication asking for you to confirm your consent to this processing.

Where we are required to collect personal data by law, or under the terms of the contract between us and you do not provide us with that data when requested, we may not be able to perform the contract (for example, to deliver goods or services to you). If you don’t provide us with the requested data, we may have to cancel a product or service you have ordered but if we do, we will notify you at the time.

HOW WE COLLECT YOUR PERSONAL DATA

We collect data about you through a variety of different methods including:

Direct interactions: You may provide data by filling in forms on our site (or otherwise) or by communicating with us by post, phone, email or otherwise, including when you:

  • Order our products or services
  • Subscribe to our service or publications;
  • Request resources or marketing be sent to you;
  • Enter a competition, prize draw, promotion or survey; orgive us feedback.
  • Visit our trade show stand

Automated technologies or interactions: As you use our site, we may automatically collect Technical Data about your equipment, browsing actions and usage patterns. We collect this data by using cookies, server logs and similar technologies. We may also receive Technical Data about you if you visit other websites that use our cookies.

Third parties or publicly available sources: We may receive personal data about you from various third parties and public sources as set out below:

analytics providers such as Google based outside the EU;

Identity and Contact Data from publicly available sources such as Companies House and the Electoral Register based inside the EU.

FAIR PROCESSING OF DATA

In processing the personal data, the following principles will be adhered to. Personal data will be:

  • Used lawfully, fairly and in a transparent way
  • Collected only for valid purposes that are clearly explained and not used in any way that is incompatible with those purposes
  • Relevant to specific purposes and limited only to those purposes
  • Accurate and kept up to date
  • Kept only as long as necessary for the specified purposes
  • Kept securely

Personal information (including special category data) will only be processed when there is a lawful basis for doing so and only on your instructions.

No personal data provided to us will be the subject of automated decision making.

The specific lawful basis on which we process information you give us is for the performance of contract to deliver travel services to your client.

LAWFUL PROCESSING OF DATA

It is your responsibility as Data Controller to advise your clients/customers that their data may be transferred to third party processors such as Exclusive DMC and seek any necessary consent in respect of that processing.

Please be aware that we will add the personal data of authorised users to our mailing list so we can send updates on the services provided, newsletters and invitations to events by phone, letter or email. This is part of our contractual commitment to ensure that your authorised users are kept up to date with the services we provide for your clients. We also believe we have a legitimate interest in contacting you for this purpose.

If any authorised user wishes to stop receiving such information from us they can ‘opt out’ of the newsletter or ask us to remove their details from our mailing list by contacting us on Gdpr@exclusive-dmc.com

COLLECTION AND RETENTION OF DATA

Exclusive DMC will collect personal information about authorised users at the beginning of our relationship and information about your clients as and when you transmit this information to us for booking travel services.

We will retain that data when it is necessary to do so and only for as long as required to fulfil the purpose/s it was collected for, including the purposes of satisfying any legal, accounting, or reporting requirements.

When determining the retention period for personal data, Exclusive DMC will consider various factors such as the nature, sensitivity of the personal data, potential risk from harm of unauthorised use or disclosure and the purposes for which the personal data is processed.

On termination of our contract with you, you may request that we delete personal data or return it to you. We will do so without delay unless there is a lawful basis for us to continue to process it. In this instance, we will securely destroy personal data after the relevant data retention period has expired.

DATA SECURITY AND SHARING

Excusive DMC has in place appropriate security measures to prevent personal information from being accidentally lost, use or accessed in an unauthorised way.

  • Software based firewalls provide additional security on local servers.
  • All user and administrative passwords are subject to a policy which require complexity and frequent changing.
  • Anti-Virus software is updated daily.
  • Software and Operating Systems are updated regularly.
  • Physical access to the hardware is restricted and requires pre-approved authorization.

Access to personal data of your authorised users and clients/customers is limited to those employees and contractors who have a business need to know. They will only process information on our instructions and are subject to a duty of confidentiality.

We will share personal data with third parties where it is necessary to deliver our travel services and where we have your general or express authority to do so, unless we are required by law to share the data without your authority.

Where we share data with a third party sub-processor we will contractually require the sub-processor to respect the security of the data subject (your client) and to treat it in accordance with the law.

Contact details of your authorised users (not clients/customers) may also be sent to a digital marketing company for the limited purpose of administering our mailing lists and no other purpose.

Where there is a significant change to a sub-processor, we will inform you and allow you to object before we share personal data.

INTERNATIONAL TRANSFERS

Countries outside of the European Economic Area (EEA) do not always offer the same levels of protection to your personal data, so European law has prohibited transfers of personal data outside of the EEA unless the transfer meets certain criteria.

Many of our third parties service providers are based outside the European Economic Area (EEA) so their processing of your personal data will involve a transfer of data outside the EEA.

Whenever we transfer your personal data out of the EEA, we do our best to ensure a similar degree of security of data by ensuring at least one of the following safeguards is implemented:

We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission; or

Where we use certain service providers, we may use specific contracts or codes of conduct or certification mechanisms approved by the European Commission which give personal data the same protection it has in Europe; or

Where we use providers based in the United States, we may transfer data to them if they are part of the EU-US Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US.

If none of the above safeguards is available, we may request your explicit consent to the specific transfer. You will have the right to withdraw this consent at any time.Please email us at Gdpr@exclusive-dmc.com. if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.


YOUR RIGHTS AND OBLIGATIONS

Exclusive DMC will conduct regular reviews of the information we hold to ensure its relevancy. You are under a duty to inform us of any changes to lists of authorised users. If you have concerns about the accuracy of personal data we hold please contact us immediately on Gdpr@exclusive-dmc.com

You should also contact us if any data subject (authorised users, clients, customers) indicates that they want to exercise their rights in respect of personal data we hold, including the rights to:

  • Request access to personal information
  • Request erasure to personal information
  • Object to processing of personal information
  • Request the restriction of processing of personal information
  • Request the transfer of personal information to another party

Depending on the nature of the request, Exclusive DMC may have grounds for refusing to comply with a request. In this case, we will provide an explanation promptly.

If we receive any direct request to exercise rights in respect of personal data we process on your behalf, we will notify you as Data Controller before responding.

THIRD-PARTY LINKS

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

COOKIES

You can set your browser to refuse all or some browser cookies or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly. View our full Cookie Policy here

OUR RIGHTS AND OBLIGATIONS

Exlcusive DMC undertakes to assist you in meeting your obligations under GDPR in relation to the security of processing, notification of data breaches and data impact assessments. We have procedures in place to deal with any data security breach and will notify you as soon as reasonably practicable. Where legally required to do so, we will notify the applicable data regulator, in the UK, this is the Information Commissioners Office (ICO).

We will assist you in providing data subject access requests and allowing data subjects to exercise their rights in respect of the personal date we hold. Where necessary, this assistance extends to submitting to audits and inspections and providing information you require to satisfy your obligations. We undertake to tell you if we are asked to do anything which would infringe data protection legislation.

Exclusive DMC will adhere to the principles of this policy and relevant legislation when designing or implementing new systems or processes.

If you have any further questions please contact us on Gdpr@exclusive-dmc.com