Data Protection & Privacy Policy

Welcome to Wellbeing Escapes’ privacy notice.

Wellbeing Escapes respects your privacy and is committed to protecting your personal data. This privacy notice will inform you as to how we look after your personal data when you visit our website (regardless of where you visit it from) or when you otherwise provide personal data to us via other means (such as via e-mail, over the telephone etc.) and tell you about your privacy rights and how the law protects you.
We have always respected our customer’s privacy by using both technological safeguards as well best practice processes by our employees. We have never provided your personal data for marketing or any other purpose to third parties without your express consent.
The General Data Protection Regulations reinforces much of what we already do. We hope this reinforces your trust in engaging with us for purchases or simply receiving some of the best wellbeing travel information available.

Controller

This privacy notice is issued on behalf of Wellbeing Escapes Limited so when we mention “Wellbeing Escapes”, “we”, “us” or “our” in this privacy notice, we are referring to the relevant company, i.e. Wellbeing Escapes Limited that is responsible for processing your data. Wellbeing Escapes Limited is the controllers and responsible for this website.
Our full details are:
Full name of legal entities: Wellbeing Escapes Limited
Name of DPO: Peter Stearn
Email address: info@wellbeingescapes.com
Postal address: Studio 318, Screenworks, 22 Highbury Grove, London, N5 2EF, United Kingdom
Telephone number: +44 (0)20 3735 7555
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
Wellbeing Escapes Limited (“We” or “WBE”) are committed to protecting and respecting your privacy.
This privacy statement (together with our terms and conditions and any other policies referred to in it), explains what information we gather about you, what and how we use that information, the lawful basis on which that information is used and who we give that information to. It also sets out your rights and our obligations in relation to your information and who you can contact for more information or queries.

Who this privacy statement applies to and what it covers

This privacy statement sets out how we will collect, handle, store and protect information about you when providing services to you.
This privacy statement also contains information about when we share your personal information with other third parties (for example, third parties carrying out due diligence activities on our behalf).
In this privacy statement, your information is sometimes called “personal data” or “personal information”. We may also sometimes collectively refer to handling, collecting, protecting and storing your personal information as “processing” such personal information.

Children

We understand the importance of protecting children’s privacy. Our website is not designed for, or intentionally targeted at, children. It is not our policy to intentionally collect or store information about children.

What information we collect

We may collect and process personal data about you because you give it to us. You are free to decide what information you give to us, however some of our services will be unavailable if you do not supply the mandatory information requested.
The personal data that we collect or obtain may include: your name; age; date of birth; gender; e-mail address; home address; country of residence; lifestyle and social circumstances (for example, your pastimes); details of how you use our products and services; details of how you like to interact with us and other similar information.
We may collect and process personal data about you that you give to us, as follows:
  • If you provide information to us by filling in forms on our website. This may include information provided at the time of registering, subscribing to any of our services, posting material, sending messages, giving reviews, making or receiving payments through or requesting further services.
  • Details of transactions you carry out via our website.
  • We may ask you for information when you report an issue or concern or we have or receive a complaint or query about you (whether or not a formal dispute is raised).
  • We may keep a record of correspondence between you and us.
  • We may ask you to complete surveys that we use for research purposes, although you do not have to respond to them.
  • We may collect or obtain personal data from you because we observe or infer that data about you from the searches you undertake, or the way you interact with us or others. For example, to improve your experience when you use our website and ensure that it is functioning effectively, we (or our service providers) may use cookies (small text files stored in a user’s browser) and Web beacons which may collect personal data. Additional information on how we use cookies and other tracking technologies and how you can control these can be found in our Cookie Notice.
In some cases, the personal data we collect may also include so called ‘sensitive’ or ‘special categories’ of personal data, such as details about your: dietary requirements, health (for example, so that we can make reasonable accommodations for you in our hotel partners, products and services) and sexual orientation (for example if you provide us with details of your spouse or partner).
The types of personal data and special categories of personal data that we collect may vary depending on the nature of the services that we provide to you. In some rare circumstances, we might also gather other special categories of personal data about you because you volunteer that data to us or we are required to gather that data as a result of legal requirements imposed on us.
Where we are provided with personal data about you by any third party such as a service provider, we take steps to ensure that that third party has complied with the privacy laws and regulations relevant to that information; this may include, for example, that the third party has provided you with notice of the collection (and other matters) and has obtained any necessary consent (if applicable) for us to process that information as described in this privacy statement.

Employee Data

We collect personal data about our prospective, current and former employees (including contingent workers, providers and interns) as follows: basic identification information, such as your name, title, position, professional history, experience, and contract details.
For current employees, we usually collect in addition to the above:
  • Detailed identification information including passport numbers, right to work documentation, private email and/or postal address and country of residence.
  • Electronic identification data (e.g. email address, login information, badge number, online identifiers/cookies, log files, connection time).
  • Education and employment information (e.g. remuneration, bonuses, insurance and other benefits information, employment dates, position information such as title, attendance information including, where relevant, illness or leaves of absence for medical or other reasons, language skills and education details , pensions information including entitlements and recruitment information including job applications, CVs, job history and references.
  • Financial information (e.g. bank account details, and tax-related information).
  • National registry number, social security number or local equivalent.

Use of personal data

We will use your personal data to fulfil your requests and we will ask only for data that is adequate, relevant and not excessive for those purposes for which you have provided consent where pertains to marketing. Where we send you information for any purpose, it may be sent by e-mail or post. When we ask you for personal data it may include the following purposes:
  • We may contact you occasionally to inform you of new products and services we will be providing;
  • We may send you regular updates on issues we think will be of interest to you;
  • We may send you requested information on our products and services;
  • We may use your personal data for marketing purposes and market research;
  • We may use your personal data internally to provide you with the services offered by us via this website, to administer this website and to help us improve our services.
  • We may use your personal data to notify you about changes to our services, terms and conditions, policies or website.
  • We may use your personal data to manage risk, or to investigate, detect, prevent, and/or remediate fraud, suspected fraud or other potentially illegal or prohibited activities.
  • We may use your personal data pursuant to applicable legal or regulatory requirements or to respond to requests and communications from competent authorities (including courts and tribunals).
  • We may use your personal data for protecting our rights, those of our clients, or protecting those of our affiliates.
None of the information that we request from you is mandatory. However, where such information is not provided to us, WBE may be unable to identify, protect, or return your money.

The legal grounds we use for processing personal information

We are not allowed to process personal information if we do not have a valid legal ground. Therefore, we will only process your personal information for the purposes outlined above because:
  • of our legitimate interests in the performance of activities that form part of the operation of our business;
  • of our legitimate interests in the effective and lawful operation of our business so long as such interests are not outweighed by your interests or fundamental rights and freedoms;
  • of the legal and regulatory obligations that we are subject to, such as keeping records for tax purposes or providing information to a public body or law enforcement agency; or
  • the information is required in order to carry out the activities that form part of the operation of our business (e.g. the processing is necessary to perform our contractual obligations towards you).
Examples of the ‘legitimate interests’ referred to above are:
  • to verify the accuracy of information provided by a third party;
  • to prevent fraud or criminal activity;
  • to safeguard the security of our IT systems, architecture and networks, and of our physical premises; and
  • to the extent that we process any sensitive personal data relating to you for any of the purposes outlined above, we will do so because either:
    1. we are required by law to process that data in order to ensure we meet our ‘know your client’ and ‘anti money laundering’ obligations (or other legal obligations imposed on us);
    2. the processing is necessary to carry out our obligations under employment, or social protection law;
    3. the processing is necessary for the establishment, exercise or defence of legal claims; or
    4. (iv) you have made the data manifestly public.

Unsubscribe

We may, from time to time, e-mail or post you information to make you aware of our other similar products and services which may be of interest to you. If you do not wish to receive emails or post from us for these purposes, or if you want to be removed from our electronic mailing list you can either select “unsubscribe” from any of the marketing emails that we send or alternatively contact us.

Anonymous data collected through this website

In addition to the information we collect as described above, we use technology to collect anonymous information about the use of our website. For example, our web server automatically logs which pages of our website our visitors view, their IP addresses and which web browsers our visitors use. This technology does not identify you personally, it simply enables us to compile statistics about our visitors and their use of our website.
Our website contains hyperlinks to other pages on our website. We may use technology to track how often these links are used and which pages on our website our visitors choose to view. Again this technology does not identify you personally - it simply enables us to compile statistics about the use of these hyperlinks.

Links to other websites

This website may contain hyperlinks to websites that are not operated by us. These hyperlinks are provided for your reference and convenience only and do not imply any endorsement of the activities of these third-party websites or any association with their operators. We do not control these websites and are not responsible for their data or privacy practices. We urge you to review any privacy policy posted on any site you visit before using the site or providing any personal data about yourself.

Cookies

In order to collect the anonymous data described in the preceding paragraph, we may use temporary “cookies” that remain in the cookies file of your browser until the browser is closed. Cookies by themselves cannot be used to discover the identity of the user. A cookie is a small piece of information which is sent to your browser and stored on your computer’s hard drive. Cookies do not damage your computer. You can set your browser to notify you when you receive a cookie.
This enables you to decide if you want to accept it or not. We also use your IP address to help diagnose problems with our server and to administer our website. An IP address is a numeric code that identifies your computer on a network, or in this case, the internet. Your IP address is also used to gather broad demographic information. We may also perform IP lookups to determine which domain you are coming from (i.e.: aol.com, yourcompany.com) to more accurately gauge our users’ demographics.

Disclosure of your personal data

In connection with one or more of the purposes outlined in the “Use of personal data” section above, we may disclose details about you to: third parties that provide services to us and, such as our lawyers; competent authorities (including courts and supervisory or other authorities); your advisers or where applicable, your employer; credit reference agencies or other organisations that help us make decisions and reduce the incidence of fraud; and other third parties that reasonably require access to personal data relating to you for one or more of the purposes outlined in the “Use of personal data” section above.

Protection of your personal data

All WBE personnel accessing personal information must comply with the internal rules and processes in relation to the processing of personal data to protect them and ensure the confidentiality of such information.
We have also implemented adequate technical and organisational measures to protect personal data against unauthorised, accidental or unlawful destruction, loss, alteration, misuse, disclosure or access and against all other unlawful forms of processing. These security measures have been implemented taking into account the state of the art of the technology, their cost of implementation, the risks presented by the processing and the nature of the personal information, with particular care for sensitive information.
Although we use appropriate security measures once we have received your personal data, the transmission of data over the internet (including by e-mail) is never completely secure. We endeavour to protect personal data, but we cannot guarantee the security of data transmitted to us or by us.

How long we keep your information

We will hold your personal data on our systems for the longest of the following periods:
  1. as long as is necessary for the relevant activity (which is typically 7 years);
  2. any retention period that is required by law or regulation; or
  3. the end of the period in which litigation or investigations might arise in respect of our activities.

Your rights

You have various rights in relation to your personal data. In particular, you have a right to:
  • request a copy of personal data we hold about you
  • ask that we update the personal data we hold about you, or correct such personal data that you think is incorrect or incomplete
  • ask that we delete personal data that we hold about you, or restrict the way in which we use such personal data
  • object to our processing of your personal data
  • ask that we restrict our processing of your personal data; and
  • ask for the portability of personal data - receive the Personal Data you have provided to us in a structured, commonly used and machine-readable form and transmit it to another data controller
To exercise any of your rights, or if you have any other questions about our use of your personal data, please contact us at info@wellbeingescapes.com

Right to complain

If you are unhappy with the way we handled your personal information or any privacy query or request you have raised with us, you also have a right to complain to a data protection authority in the place where you live or work, or in the place where you think an issue in relation to your data has arisen.

Changes to our privacy statement

We may modify or amend this privacy statement from time to time.
To let you know when we make changes to this privacy statement, we will amend the revision date at the end of this page. The new modified or amended privacy statement will apply from that revision date. Therefore, we encourage you to periodically review this statement to be informed about how we are protecting your information.

Contact

If you have any questions, comments or requests regarding this privacy statement contact us.
Last updated: 23 May 2018