This statement describes how we collect and use personal data about you, in accordance with the General Data Protection Regulation (GDPR), the Data Protection Act and any other national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in the UK (Data Protection Legislation).
Please read the following carefully to understand our practices regarding your personal data and how we will treat it.
Magic Carpet Travel is a Travel and Tour company. We are registered in England and Wales as a limited liability company under number 3045408. Our registered office is at 11 The Poplars, Ascot SL5 9HZ, U.K.
For the purpose of the Data Protection Legislation and this notice, we are the ‘data controller’. This means that we are responsible for deciding how we hold and use personal data about you. We are required under the Data Protection Legislation to make available to you the information contained in this statement.
Should you wish to contact us about data protection, you can do so using the contact details noted below.
How we may collect your personal data
We obtain personal data about you, for example, when:
- You book a tour with us
- You provide personal information prior to booking a tour
- You request us to book flights or any other travel arrangements
- You request information or prices about a proposed tour or other travel plan
- Your request us to obtain visas or other travel documents on your behalf
- You engage us to provide services and during the provision of those services
- You apply to become a volunteer or member of staff
- You contact us by email, telephone, post or social media
- From third parties and/or publicly available sources
The kind of information we hold about you
The information we hold about you may include some or all of the following:
- Your personal details (such as your name and address)
- Details of contacts or transactions we have had with you
- Details of any services we may have provided to you, or you to us
- Details of correspondence and communications with you
- Information about any enquiries you make to us
- Information we receive from other sources, such as those publicly available
How we use personal data we hold about you
We may process your personal data for purposes necessary for the performance of the company and to comply with our legal obligations. This may include processing your personal data where you are a travel agency, embassy, employee, customer, contractor or supplier.
We may process your personal data for the purposes of the company’s legitimate interests provided that those interests do not override any of your own interests, rights and freedoms which require the protection of personal data.
We may process your personal data for certain additional purposes in the interests of the company with your consent, and in these exceptional circumstances where your consent is required for the processing of your personal data then you have the right to withdraw with immediate effect your consent to processing for such specific purposes.
Situations in which we will use your personal data
We may use your personal data in order to:
- Carry out our obligations arising from tours, bookings or other arrangements requested by you and contracted by us
- Provide you with marketing and other information relating to the company’s products and services
- Provide you with other travel information which we feel may interest you, provided you have consented to be contacted for such purposes
- Seek your thoughts and opinions on the company
- Notify you about any changes to our current arrangements or processes
We may also process your personal data without your knowledge or consent, in accordance with this notice, where we are legally required to do so.
We will only retain your personal data for as long as is necessary to fulfil the purposes for which it is collected.
Change of purpose
We will only use your data for the purpose for which we collected it.
Data security, storage and sharing
We are committed to keeping the personal information you provide to us secure and we will take reasonable precautions to protect your personal information from loss, misuse or alteration.
The data that we hold will not be shared with any third parties (for example for marketing purposes) however for the avoidance of doubt we will share your personal information as appropriate with travel agencies and other service providers only in connection with products and services that we are contracted to provide you.
We will not sell the data we hold to any other organisation.
Your information is held in the strictest confidence. We use paper based documentation and mainstream software packages which are kept up to date with all the latest updates and patches. Access to the documentation and software is by restricted access and we use the most secure login options available to us.
We will only share your personal data with third parties where we are required by law.
Any third-party service providers are required to take commercially reasonable and appropriate security measures to protect your personal data. We only permit our third-party service providers to process your personal data for specified purposes and in accordance with our instructions.
We reserve the right to update this Policy from time to time to reflect changes in applicable law or other requirements or to reflect changes to our use of your personal information.
How to contact us
You have the right to know what personal data of yours we hold from you at any time and for it to be deleted from our records if you wish.
If you want to know what information we have about you (if any) or to delete any personal data we hold (if any), this must be in writing by post or email.
We will not accept verbal requests by phone.
Please ensure you provide your name, home or business address & email, and we will happily do a search and provide details of your data we hold and/or delete such personal data within four weeks.
All enquiries about personal data we hold for you should be addressed to:
Attention : Ms Zohreh Majidian
E-mail : [email protected]
You have the right to make a complaint to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues, at any time. Their website is ico.org.uk.