Privacy Policy

Trip Tailors Travel Ltd
 Effective Date: 2nd July 2025 | Version 1.0

Trip Tailors Travel Ltd (company registration 16542016) is committed to protecting your privacy and complying with all applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy explains how we collect, use, and protect your personal information when you use our services, and sets out the specific legal basis we rely on for each type of processing activity.

Our details:

  • Company: Trip Tailors Travel Ltd
  • Address: Suite RA01, 195-197 Wood Street, London, E17 3NU
  • Email: [email protected]
  • Phone: 02081503212
  • Privacy contact: William Stokes

We act as the data controller for all personal information we collect about you, meaning we determine how and why your personal data is processed.

Definitions

In these terms and conditions the words “us”, “we”, “our” and “our website” refer to Trip Tailors Travel Ltd. The words “you”, “your”, “passenger”, “passengers”, “persons” and “guest” refers to the lead traveller and every person included on, added to, or substituted on the booking.

Under UK GDPR, a data controller is defined in Article 4(7) as:

“The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.”

Under UK GDPR, special categories of personal data are defined in Article 9(1) as:

“Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.”

What information we collect

Basic information

When you enquire about or book travel with us, we collect:

• Your name, email address, and phone number

• Your residential address (and separate billing address if different)

• Location details (e.g., country of residence) and travel preferences

• Holiday interests and specific requirements

Booking information

For confirmed bookings, we also collect:

  • Passport details and travel documentation
  • Payment information 

Special categories of personal data

Under Article 9 of UK GDPR, certain types of personal data receive enhanced protection. We may collect and process the following special categories of personal data:

  • Health information: Details about medical conditions, disabilities, or mobility requirements that may affect your travel.
  • Dietary information: Requirements that may reveal religious beliefs or philosophical convictions (such as halal, kosher, or vegan preferences).
  • Accessibility needs: Information about physical or mental health conditions requiring special assistance.
  • Nationality: Information about nationality may be shared when information is asked for from suppliers.

We only process special categories of personal data where we have obtained your explicit consent in accordance with Article 9(2)(a) UK GDPR, and only where strictly necessary to provide your travel services.

How we collect this information

We collect personal data through our website enquiry forms (powered by Fillout), traveller detail forms (powered by jotforms), during phone consultations, via email communications, and through personal consultations.

Legal basis for processing and why we use your information

Under UK GDPR, we must have a lawful basis for processing your personal data. The following sets out our specific lawful bases for each type of processing activity:

Booking Travel Services

Legal basis: Article 6(1)(b) UK GDPR – Processing necessary for the performance of a contract.

We process your personal data to create, manage, and fulfill your travel booking contracts. This includes arranging flights, accommodation, transfers, and other travel services you have requested. Without this processing, we cannot provide the travel services you have contracted for.

Customer Service & Support

Legal basis:

  • Article 6(1)(b) UK GDPR – Contract performance: Fulfilling our contractual obligations to provide ongoing support for your travel services.
  • Article 6(1)(f) UK GDPR – Legitimate interests: Providing customer support and assistance, where our legitimate business interests are balanced against your fundamental rights and freedoms.

We process your data to respond to enquiries, resolve issues, provide assistance during travel, and ensure you receive the level of service you expect from us.

Travel Documentation Assistance

Legal basis:

  • Article 6(1)(b) UK GDPR – Contract performance: Processing necessary for delivering the travel services you have booked.
  • Article 6(1)(c) UK GDPR – Legal obligation: Compliance with travel industry regulations, immigration requirements, and security obligations.

We process passport information and other travel documents to ensure compliance with airline requirements, border control regulations, and destination country entry requirements. This processing is essential for international travel and often legally mandated.

Marketing Communications

To Existing Customers: Legal basis: Article 6(1)(f) UK GDPR – Legitimate interests

We may contact existing customers about similar travel services based on our legitimate business interests in maintaining customer relationships and promoting relevant services. You always have the right to opt out of such communications.

To New Prospects: Legal basis: Article 6(1)(a) UK GDPR – Consent

We only send marketing communications to new prospects where we have obtained your explicit, freely given consent. You can withdraw this consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

Affiliate Commission Processing

Legal basis:

  • Article 6(1)(b) UK GDPR – Contract performance: Fulfilling affiliate partnership agreements and commission arrangements.
  • Article 6(1)(f) UK GDPR – Legitimate interests: Managing business relationships and tracking referrals for commission purposes.

We process data necessary to manage our affiliate program, track referrals, and ensure appropriate commission payments to our partners.

Legal and Tax Record Keeping

Legal basis: Article 6(1)(c) UK GDPR – Legal obligation

We are required by law to maintain certain records for tax purposes, financial reporting, and regulatory compliance. This includes keeping booking records, invoices, and transaction details for the periods specified by UK tax law and business regulations.

Special Categories Data Processing

Legal basis: Article 9(2)(a) UK GDPR – Explicit consent

We only process special categories of personal data (health information, dietary requirements indicating religious beliefs) where you have provided consent for us to share this with suppliers by telling us to. This process is necessary to arrange appropriate meals, accommodations, and assistance during your travel. You have the right to withdraw this consent at any time, though this may affect our ability to provide certain services.

Payment Card Processing 

Legal basis: Article 6(1)(b) UK GDPR – Contract performance 

Enhanced security measures applied due to the high risk nature of financial data. Processing limited to transaction completion only, with secure deletion once holidays are completed.

Government Data Sharing

Legal basis: Article 6(1)(c) UK GDPR – Legal obligation

We may be required to share personal data with government authorities, border control agencies, and security services to comply with legal obligations related to passenger manifests, security screening, and immigration requirements.

Who we share information with

Travel service providers

In order to deliver your travel services, we share necessary personal data with:

  • Airlines for flight bookings and passenger manifest requirements
  • Hotels and accommodation providers for reservation and check-in purposes
  • Third-party airline and hotel booking suppliers
  • Tour operators and activity providers for excursions and experiences
  • Travel insurance providers
  • Ground transport providers for transfers and car rentals
  • Other vetted third-party providers necessary to fulfil your specific travel arrangements

These providers act as separate data controllers for the information we share with them and are responsible for their own compliance with data protection laws.

Data processors

We work with the following trusted service providers who process personal data on our behalf under strict contractual terms:

Fillout: Processes and stores enquiry form submissions using secure cloud infrastructure. Data is encrypted in transit and at rest in EU-compliant data centers.

Stripe: Processes payment transactions securely. Payment card details are tokenized and encrypted by Stripe’s secure systems.

Jotforms: Used to collect passport information and submit other travel documents for us to coordinate bookings, selected based on their ability to provide appropriate technical and organizational security measures.

Legal disclosures

We may disclose personal data where required by law, including:

  • In response to court orders or legal process
  • To comply with regulatory investigations
  • For national security or law enforcement purposes
  • To protect our legal rights or defend against legal claims

Data security and breach procedures

Security measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

Technical measures:

  • Role-based access controls limiting access to passport and address data to authorised personnel only
  • All data transmitted using 256-bit TLS encryption
  • Data stored using AES-256 encryption in EU-based data centers
  • Regular security vulnerability assessments and penetration testing
  • Secure backup and disaster recovery procedures
  • Network firewalls and intrusion detection systems
  • Anti bot software 

Organizational measures:

  • Role-based access controls limiting data access to authorized personnel only
  • Mandatory annual data protection training for all staff
  • Clear data handling policies and procedures
  • Regular compliance audits and reviews
  • Incident response and breach notification procedures
  • Secure disposal of data

Data breach response

In accordance with Article 33 and 34 of UK GDPR, we have established procedures to:

  • Detect and respond to personal data breaches promptly
  • Assess the risk to individuals’ rights and freedoms
  • Notify the Information Commissioner’s Office within 72 hours where required
  • Inform affected individuals without undue delay where the breach is likely to result in high risk
  • Document all breaches and remedial actions taken
  • Implement measures to prevent similar incidents

Data retention and deletion

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, and protect our legitimate interests. Our specific retention periods are:

Data TypeRetention PeriodLegal Basis
Enquiry forms without bookings36 months from last contactLegitimate interests in maintaining customer records
Addresses (billing & residential)6 years from transaction dateLegal obligation under UK tax law / Contract performance
Booking records and invoices6 years from transaction dateLegal obligation under UK tax law
Passport information3 weeks after holiday completionDeleted when no longer needed – Data minimization 
Cancelled booking passport dataDeleted immediately upon cancellationData minimization
Travel preferences and history6 years from transaction dateLegitimate interests in service improvement and customer interests/ preferences 
Marketing consent recordsUntil consent withdrawn plus 3 yearsLegal obligation to maintain consent records
Affiliate commission recordsDuration of partnership agreement plus 7 yearsLegal and contractual obligations
Complaint records6 years from resolutionLegitimate interests in defending potential claims
Payment InformationUntil Holiday completionBook travel components, data minimisation

When determining retention periods, we consider:

  • The amount, nature, and sensitivity of personal data
  • The potential risk of harm from unauthorized use or disclosure
  • The purposes for which we process the data
  • Whether we can achieve those purposes through other means
  • Applicable legal, regulatory, tax, and accounting requirements

Upon expiry of retention periods, we securely delete or anonymize personal data. Our service provider Fillout maintains encrypted backups which are automatically purged within 45 days of deletion from live systems.

Your rights under UK GDPR

As a data subject, you have the following rights under UK GDPR:

Right of access (Article 15)

You have the right to obtain confirmation of whether we process your personal data and, if so, to receive a copy of that data along with information about our processing activities.

Right to rectification (Article 16)

You have the right to have inaccurate personal data corrected and incomplete data completed.

Right to erasure (Article 17)

You have the right to request deletion of your personal data in certain circumstances, including where:

  • The data is no longer necessary for the original purpose
  • You withdraw consent (where processing is based on consent)
  • You object to processing based on legitimate interests
  • The data has been unlawfully processed

Right to restrict processing (Article 18)

You have the right to request restriction of processing in certain circumstances, such as where you contest the accuracy of the data or object to processing.

Right to data portability (Article 20)

Where processing is based on consent or contract performance and carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.

Right to object (Article 21)

You have the right to object to processing based on legitimate interests or for direct marketing purposes. Where you object to direct marketing, we will cease such processing immediately.

Rights related to automated decision-making (Article 22)

You have the right not to be subject to decisions based solely on automated processing that produce legal effects or similarly significantly affect you. We do not engage in such automated decision-making.

How to exercise your rights

To exercise any of these rights, contact us at [email protected]. We will:

  • Respond to your request within one month as per ICO guidelines 
  • Verify your identity using passport, address, or other appropriate documentation when necessary
  • Provide requested information / changes free of charge (unless requests are manifestly unfounded or excessive)
  • Explain any refusal to act on a request

Children’s data

We sell travel services only to adults (persons aged 18 or over). However, parents or guardians may book travel that includes children under 18. Where we process personal data of children, we:

  • Require and verify parental or guardian consent in accordance with Article 8 UK GDPR
  • Use passport information to verify ages and family relationships
  • Limit processing to what is necessary for travel service provision
  • Allow parents/guardians to exercise rights on behalf of their children

Marketing and communication preferences

Consent and legitimate interests

We distinguish between different types of marketing communications:

Service-related communications: We may send essential communications about your bookings, travel updates, and safety information based on contract performance and legitimate interests.

Marketing to existing customers: We may contact customers about similar travel services based on legitimate interests, with clear opt-out options in every communication.

Marketing to prospects: We only send marketing to new prospects with explicit consent obtained through clear, positive action.

Managing preferences:

You can manage your communication preferences by:

  • Using unsubscribe links in our emails
  • Contacting us directly at [email protected]
  • Specifying preferences during phone conversations

We maintain preference centers and suppression lists to ensure we respect your choices across all communication channels.

Cookies and online tracking

Trip Tailors Travel LTD does not use cookies, web beacons, or similar tracking technologies on our website. We do not engage in behavioral advertising, cross-site tracking, or automated profiling of website visitors.

Limited technical data (such as IP addresses) may be collected by our hosting provider for security and performance purposes, but this is not used for tracking or marketing purposes.

Data Protection Impact Assessments

In accordance with Article 35 UK GDPR, we conduct Data Protection Impact Assessments (DPIAs) for processing activities that are likely to result in high risk to individuals’ rights and freedoms. We have completed DPIAs for:

  • Processing of passport and identity documents
  • Collection and processing of special category data (health and dietary information)
  • Retention and profiling of customer travel preferences

These assessments help us identify and mitigate privacy risks, implement appropriate safeguards, and ensure our processing activities comply with data protection principles.

Complaints and supervisory authority

Internal complaints

If you have concerns about our processing of your personal data, please contact us first:

William Stokes
 Trip Tailors Travel Ltd
Suite RA01, 195-197 Wood Street
London, E17 3NU
Email: [email protected]
Phone: 0208 150 3212

We will investigate your complaint promptly and work to resolve any issues.

Information Commissioner’s Office

You have the right to lodge a complaint with the UK’s supervisory authority:

Information Commissioner’s Office (ICO)
 Wycliffe House, Water Lane
Wilmslow, Cheshire, SK9 5AF
Phone: 0303 123 1113
Website: ico.org.uk
Email: [email protected]

Other supervisory authorities

If you are located in the European Economic Area, you may also complain to the data protection authority in your country of residence, place of work, where an alleged infringement occurred or to any protection authority in the area where the incident has happened.

Changes to this policy

We may update this privacy policy from time to time to reflect changes in our processing activities, legal requirements, or business practices. When we make material changes, we will:

  • Update the version number and effective date
  • Notify affected individuals by email or prominent website notice
  • Maintain previous versions for reference
  • Ensure continued compliance with applicable data protection laws

Contact information

For all privacy-related enquiries, please contact:

Data Protection Contact: William Stokes
Company: Trip Tailors Travel Ltd
Address: Suite RA01, 195-197 Wood Street, London, E17 3NU
Email: [email protected]
Phone:  0208 150 3212

This privacy policy complies with the UK General Data Protection Regulation, Data Protection Act 2018, and other applicable data protection laws. Last reviewed: 2nd July 2025.

Privacy Policy

Trip Tailors Travel Ltd
 Effective Date: 2nd July 2025 | Version 1.0

Trip Tailors Travel Ltd (company registration 16542016) is committed to protecting your privacy and complying with all applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy explains how we collect, use, and protect your personal information when you use our services, and sets out the specific legal basis we rely on for each type of processing activity.

Our details:

  • Company: Trip Tailors Travel Ltd
  • Address: Suite RA01, 195-197 Wood Street, London, E17 3NU
  • Email: [email protected]
  • Phone: 02081503212
  • Privacy contact: William Stokes

We act as the data controller for all personal information we collect about you, meaning we determine how and why your personal data is processed.

Definitions

In these terms and conditions the words “us”, “we”, “our” and “our website” refer to Trip Tailors Travel Ltd. The words “you”, “your”, “passenger”, “passengers”, “persons” and “guest” refers to the lead traveller and every person included on, added to, or substituted on the booking.

Under UK GDPR, a data controller is defined in Article 4(7) as:

“The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.”

Under UK GDPR, special categories of personal data are defined in Article 9(1) as:

“Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.”

What information we collect

Basic information

When you enquire about or book travel with us, we collect:

• Your name, email address, and phone number

• Your residential address (and separate billing address if different)

• Location details (e.g., country of residence) and travel preferences

• Holiday interests and specific requirements

Booking information

For confirmed bookings, we also collect:

  • Passport details and travel documentation
  • Payment information 

Special categories of personal data

Under Article 9 of UK GDPR, certain types of personal data receive enhanced protection. We may collect and process the following special categories of personal data:

  • Health information: Details about medical conditions, disabilities, or mobility requirements that may affect your travel.
  • Dietary information: Requirements that may reveal religious beliefs or philosophical convictions (such as halal, kosher, or vegan preferences).
  • Accessibility needs: Information about physical or mental health conditions requiring special assistance.
  • Nationality: Information about nationality may be shared when information is asked for from suppliers.

We only process special categories of personal data where we have obtained your explicit consent in accordance with Article 9(2)(a) UK GDPR, and only where strictly necessary to provide your travel services.

How we collect this information

We collect personal data through our website enquiry forms (powered by Fillout), traveller detail forms (powered by jotforms), during phone consultations, via email communications, and through personal consultations.

Legal basis for processing and why we use your information

Under UK GDPR, we must have a lawful basis for processing your personal data. The following sets out our specific lawful bases for each type of processing activity:

Booking Travel Services

Legal basis: Article 6(1)(b) UK GDPR – Processing necessary for the performance of a contract.

We process your personal data to create, manage, and fulfill your travel booking contracts. This includes arranging flights, accommodation, transfers, and other travel services you have requested. Without this processing, we cannot provide the travel services you have contracted for.

Customer Service & Support

Legal basis:

  • Article 6(1)(b) UK GDPR – Contract performance: Fulfilling our contractual obligations to provide ongoing support for your travel services.
  • Article 6(1)(f) UK GDPR – Legitimate interests: Providing customer support and assistance, where our legitimate business interests are balanced against your fundamental rights and freedoms.

We process your data to respond to enquiries, resolve issues, provide assistance during travel, and ensure you receive the level of service you expect from us.

Travel Documentation Assistance

Legal basis:

  • Article 6(1)(b) UK GDPR – Contract performance: Processing necessary for delivering the travel services you have booked.
  • Article 6(1)(c) UK GDPR – Legal obligation: Compliance with travel industry regulations, immigration requirements, and security obligations.

We process passport information and other travel documents to ensure compliance with airline requirements, border control regulations, and destination country entry requirements. This processing is essential for international travel and often legally mandated.

Marketing Communications

To Existing Customers: Legal basis: Article 6(1)(f) UK GDPR – Legitimate interests

We may contact existing customers about similar travel services based on our legitimate business interests in maintaining customer relationships and promoting relevant services. You always have the right to opt out of such communications.

To New Prospects: Legal basis: Article 6(1)(a) UK GDPR – Consent

We only send marketing communications to new prospects where we have obtained your explicit, freely given consent. You can withdraw this consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

Affiliate Commission Processing

Legal basis:

  • Article 6(1)(b) UK GDPR – Contract performance: Fulfilling affiliate partnership agreements and commission arrangements.
  • Article 6(1)(f) UK GDPR – Legitimate interests: Managing business relationships and tracking referrals for commission purposes.

We process data necessary to manage our affiliate program, track referrals, and ensure appropriate commission payments to our partners.

Legal and Tax Record Keeping

Legal basis: Article 6(1)(c) UK GDPR – Legal obligation

We are required by law to maintain certain records for tax purposes, financial reporting, and regulatory compliance. This includes keeping booking records, invoices, and transaction details for the periods specified by UK tax law and business regulations.

Special Categories Data Processing

Legal basis: Article 9(2)(a) UK GDPR – Explicit consent

We only process special categories of personal data (health information, dietary requirements indicating religious beliefs) where you have provided consent for us to share this with suppliers by telling us to. This process is necessary to arrange appropriate meals, accommodations, and assistance during your travel. You have the right to withdraw this consent at any time, though this may affect our ability to provide certain services.

Payment Card Processing 

Legal basis: Article 6(1)(b) UK GDPR – Contract performance 

Enhanced security measures applied due to the high risk nature of financial data. Processing limited to transaction completion only, with secure deletion once holidays are completed.

Government Data Sharing

Legal basis: Article 6(1)(c) UK GDPR – Legal obligation

We may be required to share personal data with government authorities, border control agencies, and security services to comply with legal obligations related to passenger manifests, security screening, and immigration requirements.

Who we share information with

Travel service providers

In order to deliver your travel services, we share necessary personal data with:

  • Airlines for flight bookings and passenger manifest requirements
  • Hotels and accommodation providers for reservation and check-in purposes
  • Third-party airline and hotel booking suppliers
  • Tour operators and activity providers for excursions and experiences
  • Travel insurance providers
  • Ground transport providers for transfers and car rentals
  • Other vetted third-party providers necessary to fulfil your specific travel arrangements

These providers act as separate data controllers for the information we share with them and are responsible for their own compliance with data protection laws.

Data processors

We work with the following trusted service providers who process personal data on our behalf under strict contractual terms:

Fillout: Processes and stores enquiry form submissions using secure cloud infrastructure. Data is encrypted in transit and at rest in EU-compliant data centers.

Stripe: Processes payment transactions securely. Payment card details are tokenized and encrypted by Stripe’s secure systems.

Jotforms: Used to collect passport information and submit other travel documents for us to coordinate bookings, selected based on their ability to provide appropriate technical and organizational security measures.

Legal disclosures

We may disclose personal data where required by law, including:

  • In response to court orders or legal process
  • To comply with regulatory investigations
  • For national security or law enforcement purposes
  • To protect our legal rights or defend against legal claims

Data security and breach procedures

Security measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

Technical measures:

  • Role-based access controls limiting access to passport and address data to authorised personnel only
  • All data transmitted using 256-bit TLS encryption
  • Data stored using AES-256 encryption in EU-based data centers
  • Regular security vulnerability assessments and penetration testing
  • Secure backup and disaster recovery procedures
  • Network firewalls and intrusion detection systems
  • Anti bot software 

Organizational measures:

  • Role-based access controls limiting data access to authorized personnel only
  • Mandatory annual data protection training for all staff
  • Clear data handling policies and procedures
  • Regular compliance audits and reviews
  • Incident response and breach notification procedures
  • Secure disposal of data

Data breach response

In accordance with Article 33 and 34 of UK GDPR, we have established procedures to:

  • Detect and respond to personal data breaches promptly
  • Assess the risk to individuals’ rights and freedoms
  • Notify the Information Commissioner’s Office within 72 hours where required
  • Inform affected individuals without undue delay where the breach is likely to result in high risk
  • Document all breaches and remedial actions taken
  • Implement measures to prevent similar incidents

Data retention and deletion

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, and protect our legitimate interests. Our specific retention periods are:

Data TypeRetention PeriodLegal Basis
Enquiry forms without bookings36 months from last contactLegitimate interests in maintaining customer records
Addresses (billing & residential)6 years from transaction dateLegal obligation under UK tax law / Contract performance
Booking records and invoices6 years from transaction dateLegal obligation under UK tax law
Passport information3 weeks after holiday completionDeleted when no longer needed – Data minimization 
Cancelled booking passport dataDeleted immediately upon cancellationData minimization
Travel preferences and history6 years from transaction dateLegitimate interests in service improvement and customer interests/ preferences 
Marketing consent recordsUntil consent withdrawn plus 3 yearsLegal obligation to maintain consent records
Affiliate commission recordsDuration of partnership agreement plus 7 yearsLegal and contractual obligations
Complaint records6 years from resolutionLegitimate interests in defending potential claims
Payment InformationUntil Holiday completionBook travel components, data minimisation

When determining retention periods, we consider:

  • The amount, nature, and sensitivity of personal data
  • The potential risk of harm from unauthorized use or disclosure
  • The purposes for which we process the data
  • Whether we can achieve those purposes through other means
  • Applicable legal, regulatory, tax, and accounting requirements

Upon expiry of retention periods, we securely delete or anonymize personal data. Our service provider Fillout maintains encrypted backups which are automatically purged within 45 days of deletion from live systems.

Your rights under UK GDPR

As a data subject, you have the following rights under UK GDPR:

Right of access (Article 15)

You have the right to obtain confirmation of whether we process your personal data and, if so, to receive a copy of that data along with information about our processing activities.

Right to rectification (Article 16)

You have the right to have inaccurate personal data corrected and incomplete data completed.

Right to erasure (Article 17)

You have the right to request deletion of your personal data in certain circumstances, including where:

  • The data is no longer necessary for the original purpose
  • You withdraw consent (where processing is based on consent)
  • You object to processing based on legitimate interests
  • The data has been unlawfully processed

Right to restrict processing (Article 18)

You have the right to request restriction of processing in certain circumstances, such as where you contest the accuracy of the data or object to processing.

Right to data portability (Article 20)

Where processing is based on consent or contract performance and carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.

Right to object (Article 21)

You have the right to object to processing based on legitimate interests or for direct marketing purposes. Where you object to direct marketing, we will cease such processing immediately.

Rights related to automated decision-making (Article 22)

You have the right not to be subject to decisions based solely on automated processing that produce legal effects or similarly significantly affect you. We do not engage in such automated decision-making.

How to exercise your rights

To exercise any of these rights, contact us at [email protected]. We will:

  • Respond to your request within one month as per ICO guidelines 
  • Verify your identity using passport, address, or other appropriate documentation when necessary
  • Provide requested information / changes free of charge (unless requests are manifestly unfounded or excessive)
  • Explain any refusal to act on a request

Children’s data

We sell travel services only to adults (persons aged 18 or over). However, parents or guardians may book travel that includes children under 18. Where we process personal data of children, we:

  • Require and verify parental or guardian consent in accordance with Article 8 UK GDPR
  • Use passport information to verify ages and family relationships
  • Limit processing to what is necessary for travel service provision
  • Allow parents/guardians to exercise rights on behalf of their children

Marketing and communication preferences

Consent and legitimate interests

We distinguish between different types of marketing communications:

Service-related communications: We may send essential communications about your bookings, travel updates, and safety information based on contract performance and legitimate interests.

Marketing to existing customers: We may contact customers about similar travel services based on legitimate interests, with clear opt-out options in every communication.

Marketing to prospects: We only send marketing to new prospects with explicit consent obtained through clear, positive action.

Managing preferences:

You can manage your communication preferences by:

  • Using unsubscribe links in our emails
  • Contacting us directly at [email protected]
  • Specifying preferences during phone conversations

We maintain preference centers and suppression lists to ensure we respect your choices across all communication channels.

Cookies and online tracking

Trip Tailors Travel LTD does not use cookies, web beacons, or similar tracking technologies on our website. We do not engage in behavioral advertising, cross-site tracking, or automated profiling of website visitors.

Limited technical data (such as IP addresses) may be collected by our hosting provider for security and performance purposes, but this is not used for tracking or marketing purposes.

Data Protection Impact Assessments

In accordance with Article 35 UK GDPR, we conduct Data Protection Impact Assessments (DPIAs) for processing activities that are likely to result in high risk to individuals’ rights and freedoms. We have completed DPIAs for:

  • Processing of passport and identity documents
  • Collection and processing of special category data (health and dietary information)
  • Retention and profiling of customer travel preferences

These assessments help us identify and mitigate privacy risks, implement appropriate safeguards, and ensure our processing activities comply with data protection principles.

Complaints and supervisory authority

Internal complaints

If you have concerns about our processing of your personal data, please contact us first:

William Stokes
 Trip Tailors Travel Ltd
Suite RA01, 195-197 Wood Street
London, E17 3NU
Email: [email protected]
Phone: 0208 150 3212

We will investigate your complaint promptly and work to resolve any issues.

Information Commissioner’s Office

You have the right to lodge a complaint with the UK’s supervisory authority:

Information Commissioner’s Office (ICO)
 Wycliffe House, Water Lane
Wilmslow, Cheshire, SK9 5AF
Phone: 0303 123 1113
Website: ico.org.uk
Email: [email protected]

Other supervisory authorities

If you are located in the European Economic Area, you may also complain to the data protection authority in your country of residence, place of work, where an alleged infringement occurred or to any protection authority in the area where the incident has happened.

Changes to this policy

We may update this privacy policy from time to time to reflect changes in our processing activities, legal requirements, or business practices. When we make material changes, we will:

  • Update the version number and effective date
  • Notify affected individuals by email or prominent website notice
  • Maintain previous versions for reference
  • Ensure continued compliance with applicable data protection laws

Contact information

For all privacy-related enquiries, please contact:

Data Protection Contact: William Stokes
Company: Trip Tailors Travel Ltd
Address: Suite RA01, 195-197 Wood Street, London, E17 3NU
Email: [email protected]
Phone:  0208 150 3212

This privacy policy complies with the UK General Data Protection Regulation, Data Protection Act 2018, and other applicable data protection laws. Last reviewed: 2nd July 2025.

Shopping Basket