Privacy policy

Introduction

For the purposes of this Privacy Policy, references to “we,” “our,” and “us” mean Whalley & Ross Ltd, a luxury, membership-based travel company. Our registered address is 16 Berkeley Street, Mayfair, London, W1J 8DZ, and our contact details for any privacy-related enquiries are info@whalleyross.com and +44 (0) 204 603 5888.

This policy outlines how we collect, use, share, transfer, and store personal data when you interact with us through our website, email, over the phone, in person, or via third-party travel agents. We also ensure that all personal data is handled in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Scope of the Policy

This Privacy Policy applies to information processed by Whalley & Ross Ltd through its websites, communications, and services. It does not apply to any external websites you may access via links on our site, and we encourage you to review the privacy policies of those third-party sites. Additionally, if you provide information to us through third parties or travel agents, their privacy policies also apply, and we recommend you review them.

How We Collect Your Information

We collect personal data through the following methods:

(a) Active Information Collection

  • Website Forms: When you fill out forms on our website (e.g., to sign up for our newsletter, request a quote, or enquire about travel services).

  • Direct Communication: When you provide information via email, phone calls, or in person.

  • Social Media: Through interactions with us on platforms like Instagram, LinkedIn, or Facebook.

  • Travel Agents: When a travel agent contacts us on your behalf with your travel preferences and information.

The information we collect may include personally identifiable details such as your name, email address, contact number, travel preferences, and any special requirements you provide (e.g., dietary or health-related). It may also include information about others in your party, such as names and details of travelling companions.

(b) Passive Information Collection

We use cookies and similar technologies to collect non-personally identifiable information automatically when you visit our website. This may include details like your IP address, browser type, operating system, and the pages you viewed. These technologies help us optimise our website and improve your user experience.

  • Cookies: Small text files stored on your device that allow us to remember your preferences.

  • IP Addresses: Used to track your location and device information.

You can manage your cookie preferences via your browser settings. Please note that disabling cookies may affect your browsing experience on our website.

How We Use Your Information

We process personal information to:

  • Respond to Enquiries: Provide quotes and respond to your requests.

  • Process Bookings: Collect necessary details to facilitate your travel arrangements, including flight and accommodation bookings, and any specific requests you’ve made (e.g., accessibility needs).

  • Tailor Travel Services: Personalise your travel experiences based on preferences you’ve shared with us.

  • Marketing and Communication: Send newsletters, promotional offers, and updates about our services. You can opt out of these communications at any time.

  • Compliance with Legal Obligations: For purposes such as anti-money laundering checks or fulfilling visa requirements.

We may also use your data for research and development, including statistical analysis, to improve our services and customer experience.

Legal Basis for Processing Your Information

We process personal data based on the following lawful grounds:

  • Contractual Necessity: To fulfil travel services and bookings you’ve requested.

  • Legitimate Interests: For the operation of our business, such as improving our services and marketing to customers.

  • Consent: Where you have explicitly agreed to receive marketing communications.

  • Legal Obligation: To comply with applicable laws and regulations.

Sharing Your Information

We share your information with trusted third parties only when necessary to:

  • Fulfil Travel Services: Share data with service providers such as airlines, hotels, and local operators.

  • Process Payments: Share payment details with financial institutions.

  • Compliance: Meet legal obligations, such as providing data for regulatory or law enforcement purposes.

We ensure that third-party providers adhere to strict privacy and security standards. When transferring data internationally, we take steps to ensure that your data is adequately protected in accordance with the GDPR.

Data Storage and Security

We take your privacy seriously and have implemented appropriate technical and organisational measures to safeguard your data. Your information is stored on secure cloud platforms that are ISO/IEC 27001 certified, and access is restricted to authorised personnel only.

For additional protection, data stored in hard copy format is securely filed in locked offices with controlled access. Data is only retained for as long as necessary to fulfil the purposes for which it was collected, including complying with legal and accounting obligations. We typically retain booking-related data for up to 7 years.

Sensitive Personal Data

Where necessary, we may process sensitive personal data such as health information, dietary restrictions, or accessibility needs. This data is only collected with your explicit consent and handled with heightened security measures. If you provide sensitive data about others (e.g., travel companions), you must ensure that they have given you permission to share it with us.

Your Rights

You have the following rights concerning your personal data:

  • Access: Request a copy of the personal data we hold about you.

  • Rectification: Correct any inaccuracies in your data.

  • Erasure: Request that we delete your personal data when it is no longer needed.

  • Restriction: Request that we limit how your data is processed.

  • Objection: Object to how we process your personal data for certain purposes.

  • Data Portability: Request a copy of your data in a machine-readable format.

To exercise your rights, contact us at info@whalleyross.com. We aim to respond to all requests within one month.

Unsubscribing from Marketing

If you wish to unsubscribe from our marketing communications, you can do so by clicking the “unsubscribe” link in our emails or by contacting us directly at info@whalleyross.com.

Data Security

While we take appropriate measures to protect your data, no system can be 100% secure. We recommend safeguarding your personal details, including passwords, and notifying us immediately if you suspect any unauthorised use of your data.

Children’s Privacy

Our services are not directed to children under 13, and we do not knowingly collect personal data from them. If you believe we have collected information from a child under 13, please contact us, and we will take appropriate steps to delete that data.

Use of and with Google

We use Google Analytics and other third-party services to help us analyse website traffic and serve relevant ads. These services use cookies and other tracking technologies to collect data about your browsing activity. You can opt out of Google Analytics by adjusting your ad preferences via Google’s Ads Settings.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Any updates will be posted on this page, and we encourage you to review it periodically.

Contact Information

For any privacy-related enquiries or to exercise your rights, please contact us at:

Whalley & Ross Ltd
16 Berkeley Street, Mayfair, London, W1J 8DZ
Email: info@whalleyross.com
Phone: +44 (0) 204 603 5888
Office Hours: Monday – Friday, 09:00 – 18:00 (UK GMT)