ACE Travel Management is the trading name of KMG Travel Management Limited. The company registration number is 2722778.
ACE Travel Management act as both data controllers and data processors for purposes of the GDPR and Data Protection Act 2018 and are responsible for the manner the data you provide us with is processed.
We collect the following information about you:
date of birth;
credit card and payment information;
travel and accommodation details;
passport and visa information; and
special travel requests, such as dietary requirements or wheelchair access
Information gathered using cookies in your web browser
If you connect, comment or provide feedback on our social media channels including Twitter, LinkedIn and Facebook we will see your username
Lawful reasons for using your personal data
There are several reasons we may collect and use your personal data which the law on data protection allows us to, including:
In order for us to fulfil our contractual obligations to you we will need to use your personal data
For example, for us to book you onto a flight or into a hotel.
We will always request your consent when we collect and process your personal data
For example, if you tick the consent box to receive our travel updates or newsletters
Legal or regulatory obligation
For example, we will need to pass and process your personal data to law enforcement if there is any involvement in fraud or criminal activity
Under IATA resolution 830d passenger contact details must be entered into bookings.
Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience.
For example, we may send you promotional offers based on your past purchase history
We may need to protect the vital interests of you or another person
We use several methods to collect data from you and about you including:
New account customer forms
Product enquiries via the website, on email or by phone
Visiting us at an exhibition or show or exchanging business cards
Engaging with us on social media
When you have given a third party permission to share information with us
When you book or register with us, we will ask if you would like to receive marketing communications. If you have previously agreed to receive marketing communications, we may send you relevant offers and news about our products. You can change your marketing preferences by contacting us in any way or by using the ‘unsubscribe’ link in our marketing emails.
Protecting your personal data
Protecting the confidentiality and integrity of your personal data is a responsibility that we always take seriously. We use appropriate technical and organisational measures to keep personal data secure against unauthorised or unlawful processing, and against accidental loss, destruction or damage. For example
All ACE Travel Management employees have received training in GDPR and how to handle your personal data
Access to your personal data is restricted to the relevant employees/departments that are required to process your data
Where hard copies are created, these are securely kept.
According to each department’s process and procedure, your personal data will be periodically reviewed and securely deleted if required
Internal systems and networks are regularly tested
How long will we keep your personal data for?
We will only retain your personal data for as long as necessary to fulfil the purposes in which we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. For example, invoices will be kept for 6 years for legal obligations
We will sometimes need to share your personal data with our trusted third parties, these can include:
Suppliers such as airlines, hotels and car hire companies in order to fulfil your requirements
Payment processing companies to process your payment.
HM Revenue & Customs, regulators and other authorities acting as processors or joint controllers based in the United Kingdom who require reporting of processing activities in certain circumstances
Our out of hours phone response agents.
Some third parties may be based outside of the UK, EU or European Economic Area (“EEA”). Organisations that are based outside of the UK, EU or EEA may not be subject to the same level of controls regarding data protection as exist within the UK and the EEA. We aim only to transfer your data to third parties outside of the UK, EU or EEA where either:
a) your personal information will be subject to one or more appropriate safeguards set out in the current data protection laws
b) the transfer is necessary to enable your contract to be performed
You have the rights under the data protection laws in relation to your personal data including:
Request access to your personal data (commonly known as a ‘data subject access request’). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction of the personal data that we hold about you. This enables you to have any incomplete or out of date data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no Business or legal reason for us continuing to process it.
Object to processing of your personal data where we are relying on a Legitimate Interest (or those of a third party) and there is something about your situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms.
Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain services to you. We will advise you if this is the case at the time you withdraw your consent.
Please email us at firstname.lastname@example.org requesting for Data Subject Access Request if you wish to exercise any of these rights.
No fee in most cases – You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. There is the possibility that we will refuse to comply with your request in these circumstances.
What we may need from you – to protect your personal data we will ask you to verify your identity before proceeding with your request to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
If you have authorised a third party to submit a request on your behalf, we will request proof that they have your permission to do so.
Time limit to respond – We will respond to all legitimate requests within 1 month from the date of receipt of your request. Occasionally it may take us longer if your request is particularly complex or you have made several requests. In this case, we will notify you and keep you updated. Where you are sending us a request via post rather than email, we recommend you send it via recorded delivery to guarantee safe delivery.
We take any complaints about our collection and use of personal information very seriously.
If you think that our collection or use of personal information is unfair, misleading or inappropriate, or have any other concern about our data processing, please raise this with us in the first instance.
To make a complaint, please contact our Privacy Officer.
Alternatively, you can make a complaint to the Information Commissioner’s Office:
Report a concern online at https://ico.org.uk/concerns/
Call 0303 123 1113
Or write to: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
If you have any questions, concerns or would like more information about anything mentioned in this privacy notice, please contact our Privacy Officer:
Telephone: 0845 241 3406