We ask that you read this privacy notice carefully as it contains important information on who we are, how and why we collect, store, use and share personal information, your rights in relation to your personal information and on how to contact us and supervisory authorities in the event you have a complaint.
Michael Paul Holidays Limited is a company incorporated and registered in England and Wales under company number 04829605 and whose registered office is at Rise Two Harris Lane, Abbots Leigh, Bristol BS8 3QX.
Michael Paul Holidays Limited owns and controls the following websites:
Michael Paul Holidays Limited collects, uses and is responsible for certain personal information about you. When we do so we are regulated under the Data Protection Act 2018 (Data Legislation) and we are responsible as ‘controller’ of that personal information for the purposes of the Data Legislation.
We collect the following personal information when you provide it to us:
If we have your consent, we may use your personal data to make suggestions and recommendations to you about goods or services that may be of interest to you. If you would like to unsubscribe from any emails from us, you can also click on the ‘unsubscribe’ button at the bottom of the email.
The types of data we collect are as follows:
We do not seek to collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
We also obtain personal information from other sources as follows:
(a) credit checking: to enable us to make credit decisions about you, we may search the files of credit reference agencies (who will record the search). Your information may be linked to records relating to other people living at the same address with whom you are financially linked;
(b) identity and contact data from publicly availably sources such as the Electoral Register based inside the EU.
We may share your Identity Information and Contact Details with the parties set out below:
[Some of those third party recipients may be based outside the European Economic Area — for further information including on how we safeguard your personal data when this occurs, see ‘Transfer of your information out of the EEA’].
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
We will share personal information with law enforcement or other authorities if required by applicable law.
We will not share your personal information with any other third party.
Unless you have consented to us using your details for marketing purposes (in which case we will keep your personal information until you unsubscribe from our mailing list), we will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
Unless and until you terminate your user account on any of our websites, we will keep your personal data to enable you to have access to that user account. In addition, we keep a record of your booking (which will include any personal data we have collected from you (save for payment details which are deleted immediately after use)) for 6 years after the holiday which you booked via us has taken place.
To deliver services to you, it is sometimes necessary for us to share your personal information outside the European Economic Area (EEA), e.g.:
with our suppliers located outside the EEA – for example, we may provide your personal details to a supplier based in the USA in order to supply marketing tools to you for the delivery of marketing communications and online services; and
if you are based outside the EEA.
We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. We will, however, ensure the transfer complies with data protection law and all personal information will be secure.
Under the Data Legislation you have a number of important rights free of charge. In summary, those include rights to:
If you would like to exercise any of those rights, please:
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
We hope that we can resolve any query or concern you raise about our use of your information.
The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or telephone: 0303 123 1113.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
Please contact us if you have any questions about this privacy notice or the information we hold about you.