PRIVACY
POLICY

1. Introduction

EscapesByU ("we", "us", or "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our travel planning services or visit our website.

We are an independent travel agent operating in the United Kingdom. This policy complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Who We Are

Data Controller: Ursula Browne, trading as EscapesByU

Contact Details:

Email: ursula@escapesbyu.co.uk

3. What Personal Data We Collect

We collect the following types of personal data:

• → Contact Information: Name, email address, phone number, postal address
• → Travel Information: Destination preferences, travel dates, number of travellers, budget, special requirements, dietary needs, accessibility requirements
• → Booking Information: Passport details, date of birth, emergency contact details, travel insurance information
• → Payment Information: Payment card details (processed securely through third-party payment processors - we do not store full card details)
• → Communication Records: Emails, messages, notes from consultations, and other correspondence
• → Website Usage: IP address, browser type, device information, pages visited (collected through cookies and similar technologies)

4. How We Collect Your Data

We collect personal data through:

• → Directly from you when you complete our contact form, request a consultation, or book travel services
• → During telephone, email, or in-person consultations
• → When you visit our website (through cookies and analytics tools)
• → From third parties such as InteleTravel (our authorised travel agent network), airlines, hotels, and other travel suppliers when making bookings on your behalf

5. Legal Basis for Processing

We process your personal data under the following legal bases:

• → Contract: To perform our travel planning and booking services as agreed with you
• → Legitimate Interest: To provide customer service, send booking confirmations, and communicate about your travel arrangements
• → Legal Obligation: To comply with legal requirements, including financial record-keeping and travel industry regulations
• → Consent: For marketing communications (you can withdraw consent at any time)

6. How We Use Your Data

We use your personal data to:

• → Provide travel planning, consultation, and booking services
• → Make bookings with airlines, hotels, tour operators, and other travel suppliers
• → Process payments and manage financial transactions
• → Communicate with you about your bookings, travel arrangements, and any changes
• → Provide customer support and respond to your enquiries
• → Comply with legal obligations and industry regulations (including ABTA and ATOL requirements)
• → Send you marketing communications (only with your consent)
• → Improve our website and services

7. Who We Share Your Data With

We may share your personal data with:

• → InteleTravel: Our authorised travel agent network, which provides booking systems and supplier access
• → Travel Suppliers: Airlines, hotels, tour operators, cruise lines, car rental companies, and other service providers necessary to fulfil your bookings
• → Payment Processors: Secure third-party payment providers to process your payments
• → Professional Advisors: Accountants, legal advisors, and other professional service providers (only as necessary)
• → Regulatory Bodies: ABTA, ATOL, IATA, and other regulatory authorities as required by law
• → Legal Requirements: When required by law, court order, or government authority

We do not sell your personal data to third parties. All data sharing is limited to what is necessary to provide our services or comply with legal obligations.

8. How Long We Keep Your Data

We retain your personal data for as long as necessary to:

• → Fulfil our contractual obligations and provide ongoing customer support
• → Comply with legal obligations (financial records are typically kept for 7 years as required by UK law)
• → Resolve disputes and enforce agreements

When your data is no longer needed, we will securely delete or anonymise it in accordance with our data retention policy.

9. Your Rights Under GDPR

Under UK GDPR, you have the following rights:

• → Right of Access: You can request a copy of the personal data we hold about you
• → Right to Rectification: You can ask us to correct inaccurate or incomplete data
• → Right to Erasure: You can request deletion of your data in certain circumstances
• → Right to Restrict Processing: You can request that we limit how we use your data
• → Right to Data Portability: You can request your data in a structured, machine-readable format
• → Right to Object: You can object to processing based on legitimate interests or for marketing purposes
• → Rights Related to Automated Decision-Making: You have rights regarding automated processing and profiling

To exercise any of these rights, please contact us using the details provided in Section 2. We will respond to your request within one month.

10. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

• → Secure storage of physical and digital records
• → Encryption of sensitive data in transit and at rest
• → Regular security assessments and updates
• → Access controls and staff training on data protection
• → Secure payment processing through certified providers

11. International Data Transfers

Your personal data may be transferred to and processed in countries outside the UK/EEA when making international travel bookings. This includes transfers to:

• → Travel suppliers located outside the UK/EEA (airlines, hotels, tour operators)
• → InteleTravel's systems and partners (where appropriate safeguards are in place)

We ensure that appropriate safeguards are in place for such transfers, including standard contractual clauses approved by the UK Information Commissioner's Office (ICO) or adequacy decisions.

12. Cookies and Website Analytics

Our website uses cookies and similar technologies to improve your browsing experience and analyse website usage. Cookies are small text files stored on your device.

We use cookies for:

• → Essential website functionality
• → Analytics to understand how visitors use our website

You can control cookies through your browser settings. However, disabling certain cookies may affect website functionality.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any significant changes by posting the updated policy on our website and updating the "Last updated" date. We encourage you to review this policy periodically.

14. Your Right to Complain

If you have concerns about how we handle your personal data, please contact us first using the details in Section 2. We will do our best to resolve any issues.

You also have the right to lodge a complaint with the UK's supervisory authority:

Website: www.ico.org.uk
Phone: 0303 123 1113

15. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us:

Email: ursula@escapesbyu.co.uk