Consensio Holidays Limited (referred to as Consensio or we or our or us) is a company registered in England under number 07008912 whose registered office address is located at 9 Reece Mews, South Kensington, London SW7 3HE.
Privacy is extremely important to Consensio. We will never misuse or sell your data to anyone and will always ensure any data we hold is stored securely.
Consensio is the data controller for the purposes of the European General Data Protection Regulation (GDPR) and data protection legislation from time to time in force and is responsible for your personal data.
Types of personal information collected by Consensio
We will collect personal information that you provide to us when contacting us via our website, booking a holiday using our website, paying for a holiday, completing a booking form, filling out response cards, subscribing to mailing lists, entering competitions, participating in market research, when applying for jobs with us and when contacting us both on and offline.
The type of information we might collect from you includes:
- Name, address, contact information including phone and email, bank account or credit card details.
- Where you paying for your holiday by credit card we may utilise third-party payment providers to facilitate the process. They will be the data controller with respect to the information you provide and their privacy statement and security practices will apply to your information. Please read these carefully.
- If you apply for a job with us (for example sending us your CV or application form or completing an application via a job board) the personal data contained in your application will be collected by Consensio and will be processed for the purposes of managing Consensio’s recruitment related activities, which include setting up and conducting interviews and tests for applicants, evaluating and assessing the results, and as is otherwise needed in the recruitment and hiring processes. We may also keep records of references received from third parties and of any other communication or correspondence between you and us.
We will automatically collect some information when you use our website, access our marketing information or contact us by email or phone including:
- Browsing, purchase and search history.
- We may also use software tools such as Google Analytics to measure and collect session information, length of visits to certain pages, repeat visits and page interaction information (such as clicks and mouse movements).
- The domain and IP address that your computer uses to connect to the internet; your computer, browser, operating system, internet connection, referral information, search terms and other standard information collected by default by tools such as Google Analytics.
- Telephone information including phone numbers, call duration and on occasional call recordings that we use for training and quality control.
We may collect information from third-party sources which we may add to our account information – for example, we update address information using data from the Royal Mail “Change of Address” File, which we may use to correct our records.
In addition, if you ‘like’ our page on Facebook or ‘follow’ us on Twitter we will receive your personal information from those sites. If you were referred to us by a third party such as an agent or another supplier – they may share personal information about you with us.
How do we use your personal information?
We will only use your personal data when the law allows us to. Our legal basis for the processing of personal data is our legitimate business interests, described in more detail below, although we will also rely on contract, legal obligation and consent for specific uses of data.
We will rely on contract if we are negotiating or have entered into an agreement with you or your organisation or any other contract to provide services to you or receive services from you or your organisation. We will rely on legal obligation if we are legally required to hold information about you to fulfil our legal obligations – for example, we are legally required to hold passport information of all individuals staying in Consensio chalets and to confirm your right to work where you are offered employment with Consensio. We will in some circumstances rely on consent for particular uses of your data and you will be asked for your express consent if legally required.
With respect to marketing, if you have previously engaged with us for the provision of services and we are marketing other related services we will take your consent as given unless or until you opt-out. For other types of e-marketing if you have previously registered with us to receive Consensio marketing then we will continue to send marketing materials to you. You have the right to opt-out of receiving marketing materials from us in any circumstances and at any time by contacting us at firstname.lastname@example.org
Please note that where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to cancel a product or service you have with us.
Our Legitimate Business Interests
As a luxury chalet operator and organiser of luxury holidays, we are exercising a legitimate interest in collecting and retaining the personal data of our clients and suppliers so that we can organise your holiday and provide you with the services promised. We also have a legitimate business interest in sending relevant and useful information about our chalet offering and services to clients and potential clients in order to develop our products and services and grow our business.
With respect to managing our recruitment process, we have a legitimate business interest in solicitation, evaluation, and selection of applicants for employment.
Cookies on our website
A cookie is a small text file that is stored on your computer or another device when you visit a website. They are very widely used in order to make websites function properly, or more efficiently, as well as provide information to the owners of the site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences. Overall, cookies help us provide you with a better website, by enabling us to monitor which pages people find useful. A cookie in no way gives us access to your computer or any personal information about you, other than the data you choose to share with us.
Making sure your personal data is secure
It is important to be aware that unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to us over the internet and any transmission is at your own risk.
Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. All information you provide to us is stored on secure servers in the UK. We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We may disclose your personal information to any member of our group, which means our subsidiary companies and operational office in France. Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
- We may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
- We will ask for your consent.
Please contact our Data Protection Representative (DPR) (contact details below) if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
Service Providers: We may disclose your personal data to third party companies and individuals we engage including to:
- Delivery companies such as the couriers, Royal Mail, City Link and their affiliates – we will only pass on information that is required in order to fulfil the booking or enquiry, such as name and address to delivery companies and name and passport information to airlines.
- Ski guides/schools, private jet/helicopter companies, nannies and transfer companies.
- Our professional advisers including lawyers, bankers, accountants, auditors and our insurers.
- Third party payment platforms and financial institutions to facilitate your purchases (including for chargeback, fraud detection and prevention purposes).
- Facilitate our site and services.
- Provide certain functions on our behalf in connection with the operation of our business.
- Perform site-related services
When we share personal data with other organisations supplying services to Consensio we require them to keep it safe and they must not use your personal data for their own marketing purposes.
Establishing or defending legal claims: sometimes it may be necessary for us to process personal data and, where appropriate and in accordance with local laws and requirements, special category personal data in connection with exercising or defending legal claims. This may arise for example where we need to take legal advice in relation to legal proceedings or are required by law to preserve or disclose certain information as part of the legal process.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
Compatible with the GDPR we will endeavour to keep your information accurate and up to date, and not keep it for longer than is necessary. Consensio is required to retain information in accordance with the law, such as information needed for income tax and audit purposes. How long certain kinds of personal data should be kept may also be governed by specific business-sector requirements and agreed practices. Personal data may be held in addition to these periods depending on individual business needs. For details please contact the Data Protection Representative.
Under the GDPR you have the right to:
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes. To stop receiving marketing communications from us or change your preferences please contact us on email@example.com.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example, if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your personal information to another party in certain formats, if practicable.
- Withdraw consent to processing at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
- Make a complaint to a supervisory body which in the United Kingdom is the Information Commissioner’s Office. The ICO can be contacted through this link: https://ico.org.uk/concerns/
If you wish to exercise any of the rights set out above, please contact the DPR at firstname.lastname@example.org
- You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
- We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
- We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
Consensio Holidays DPR :
Name: Ceri Tinley
Phone: +44 (0) 20 3393 0833
Consensio Holidays EU representative:
North Point House
North Point Business Park
New Mallow Road