What is GDPR?
The General Data Protection Regulation is a European data standard intended to strengthen and unify data protection for all individuals in the European Union. GDPR gives individuals greater control over their personal data. The new regulation came into effect on 25th May 2018 and has replaced the old 1995 Data Protection Regulations. The governments of Guernsey, Jersey and Isle of Man have implemented their own laws to bring their jurisdictions’ adequacy status in line with the GDPR.
What does this mean for our customers?
Under GDPR individuals have:
The right to access – you can request your personal data and ask how that data is used by us. We can provide copies of this data, free of charge, in electronic format.
The right to erasure (‘right to be forgotten’) – if you are no longer a customer, or if you withdraw consent from us to use your personal data, you have the right to request to have your data deleted, where there is no compelling reason for its continued processing.
The right to data portability – you can transfer your data from one service provider (e.g. our company) to another in an electronic, readable format.
The right to be informed –our company must inform you before any personal data is gathered. Typically this will be by way of a Privacy Policy. You are required to actively and freely opt- in before any data is gathered.
The right to have information corrected – you can have your data updated if it is out of date, incomplete or incorrect.
The right to restrict processing –you can request that your data is not used for processing, however processing is required for any active travel bookings you may have. Your data record can remain in place, but not be used.
The right to object – you have the right to stop the processing of data for direct marketing. We ensure all our customers are given the option to opt-out of any email or direct marketing campaigns. Please contact data@ortg.co.uk if you wish to opt-out of all direct marketing.
The right to be notified – if there has been a data breach which compromises an individual’s personal data, we will inform the relevant data commissioner within 72 hours of becoming aware. We will inform individuals if the data breach poses a high risk to their rights and freedoms.
Types of personal data we may process:
- Name
- Passport details
- Date of birth (adults and children)
- Postal address
- Email address
- Telephone numbers
- Personal preferences / travel choices
- Financial and payment information
- Sensitive data:
- Medical conditions
- HR Records
- Current and former employee details
Our Approach
Mann Link Travel Ltd comprises a number of entities:
- Bellingham Travel
- Flybelfast.co.uk
- Island Business Travel
- Justtheflight.co.uk
- Mann Link Travel
- ManxFlights.com
- ManxFerries.com
- Visitiom.co.uk
- Wayfarers World Travel
Together we are working with GDPR specialists in the travel sector and industry associations to create a practical, risk-based approach to GDPR compliance. This involves the development and distribution of new policies, procedures and standards in our business. We aim to create a culture of awareness amongst our internal stakeholders and employees with continuous improvement around data privacy and protection for our customers.
We work on the principle of being the “temporary and trusted custodian of our customers’ data”. We are creating a privacy framework and developing new working practices to ensure responsible compliance. These foundation elements are currently being integrated into our management systems and mapped to our customers’ requirements.
We undertake the necessary and ongoing responsibility for personal data held on behalf of our customers, suppliers, partners, employees and any other data subjects that come under our care.
Our commitment to GDPR
Protecting our customers’ data is a core part of our business strategy and procedures.
We know what data is being held, where, when and why. This is continuously reviewed.
We acknowledge and proactively manage the risks and responsibilities when transferring data to third parties.
We only use the data for the purposes that we have consent for.
We do not collect any data which is not necessary to fulfil its legal obligations. We do not collect data for general or unspecified use.
We only retain data for as long as it is necessary.
For any further information or if you have any questions about how your data is managed by us, please contact our Head Office at data@ortg.co.uk .