This Website collects some Personal Data from its Users.
This document can be printed for reference by using the print command in the settings of any browser.
Blue Bay Travel Ltd, Unit A4 Bellringer Road, Trentham Business Quarter, Stoke on Trent, ST4 8GB
Owner contact email: gdpr@bluebaytravel.co.uk
Among the types of Personal Data that this Website collects, by itself or through third parties, there are: Cookies; Usage Data; email address; Data communicated while using the service; first name; last name; phone number.
Complete details on each type of Personal Data collected are provided in the dedicated sections of this privacy policy or by specific explanation texts displayed prior to the Data collection.
Personal Data may be freely provided by the User, or, in case of Usage Data, collected automatically when using this Website.
Unless specified otherwise, all Data requested by this Website is mandatory and failure to provide this Data may make it impossible for this Website to provide its services. In cases where this Website specifically states that some Data is not mandatory, Users are free not to communicate this Data without consequences to the availability or the functioning of the Service.
Users who are uncertain about which Personal Data is mandatory are welcome to contact the Owner.
Any use of Cookies – or of other tracking tools — by this Website or by the owners of third-party services used by this Website serves the purpose of providing the Service required by the User, in addition to any other purposes described in the present document and in the Cookie Policy.
Users are responsible for any third-party Personal Data obtained, published or shared through this Website.
The Owner takes appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of the Data.
The Data processing is carried out using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the purposes indicated. In addition to the Owner, in some cases, the Data may be accessible to certain types of persons in charge, involved with the operation of this Website (administration, sales, marketing, legal, system administration) or external parties (such as third-party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed, if necessary, as Data Processors by the Owner. The updated list of these parties may be requested from the Owner at any time.
The Data is processed at the Owner's operating offices and in any other places where the parties involved in the processing are located.
Depending on the User's location, data transfers may involve transferring the User's Data to a country other than their own. To find out more about the place of processing of such transferred Data, Users can check the section containing details about the processing of Personal Data.
Unless specified otherwise in this document, Personal Data shall be processed and stored for as long as required by the purpose they have been collected for and may be retained for longer due to applicable legal obligation or based on the Users’ consent.
The Data concerning the User is collected to allow the Owner to provide its Service, comply with its legal obligations, respond to enforcement requests, protect its rights and interests (or those of its Users or third parties), detect any malicious or fraudulent activity, as well as the following: Interaction with external social networks and platforms, Content commenting, Platform services and hosting, Displaying content from external platforms, Analytics, Traffic optimization and distribution, Hosting and backend infrastructure, Managing contacts and sending messages, Heat mapping and session recording, Remarketing and behavioral targeting, Interaction with live chat platforms, Tag Management, Interaction with support and feedback platforms, Advertising, Infrastructure monitoring, Content performance and features testing (A/B testing) and Managing data collection and online surveys.
For specific information about the Personal Data used for each purpose, the User may refer to the section “Detailed information on the processing of Personal Data”.
Personal Data is collected for the following purposes and using the following services:
This type of service allows User Data to be utilized for advertising communication purposes. These communications are displayed in the form of banners and other advertisements on this Website, possibly based on User interests.
This does not mean that all Personal Data are used for this purpose. Information and conditions of use are shown below.
Some of the services listed below may use Trackers to identify Users or they may use the behavioral retargeting technique, i.e. displaying ads tailored to the User’s interests and behavior, including those detected outside this Website. For more information, please check the privacy policies of the relevant services.
Services of this kind usually offer the possibility to opt out of such tracking. In addition to any opt-out feature offered by any of the services below, Users may learn more on how to generally opt out of interest-based advertising within the dedicated section "How to opt-out of interest-based advertising" in this document.
Microsoft Advertising is an advertising service provided by Microsoft Corporation.
Personal Data processed: Tracker; Usage Data.
Place of processing: United States – Privacy Policy – Opt Out.
The services contained in this section enable the Owner to monitor and analyze web traffic and can be used to keep track of User behavior.
Google Analytics is a web analysis service provided by Google Inc. (“Google”). Google utilizes the Data collected to track and examine the use of this Website, to prepare reports on its activities and share them with other Google services.
Google may use the Data collected to contextualize and personalize the ads of its own advertising network.
This integration of Google Analytics anonymizes your IP address. It works by shortening Users' IP addresses within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the complete IP address be sent to a Google server and shortened within the US.
Personal Data processed: Cookies; Usage Data.
Place of processing: United States – Privacy Policy – Opt Out.
Facebook Ads conversion tracking (Facebook pixel) is an analytics service provided by Facebook, Inc. that connects data from the Facebook advertising network with actions performed on this Website. The Facebook pixel tracks conversions that can be attributed to ads on Facebook, Instagram and Audience Network.
Personal Data processed: Cookies; Usage Data.
Place of processing: United States – Privacy Policy.
Google Analytics is a web analysis service provided by Google LLC (“Google”). Google utilizes the Data collected to track and examine the use of this Website, to prepare reports on its activities and share them with other Google services.
Google may use the Data collected to contextualize and personalize the ads of its own advertising network.
Personal Data processed: Tracker; Usage Data.
Place of processing: United States – Privacy Policy – Opt Out.
Quantcast Measure is an analytics service provided by Quantcast Corporation.
Personal Data processed: Tracker; Usage Data.
Place of processing: United States – Privacy Policy – Opt Out.
Content commenting services allow Users to make and publish their comments on the contents of this Website.
Depending on the settings chosen by the Owner, Users may also leave anonymous comments. If there is an email address among the Personal Data provided by the User, it may be used to send notifications of comments on the same content. Users are responsible for the content of their own comments.
If a content commenting service provided by third parties is installed, it may still collect web traffic data for the pages where the comment service is installed, even when Users do not use the content commenting service.
Facebook Comments is a content commenting service provided by Facebook, Inc. enabling the User to leave comments and share them on the Facebook platform.
Personal Data processed: Cookies; Usage Data.
Place of processing: United States – Privacy Policy.
Disqus is a content commenting service provided by Big Heads Labs Inc.
Personal Data processed: Cookies; Usage Data; various types of Data as specified in the privacy policy of the service.
Place of processing: United States – Privacy Policy – Opt out.
The services contained in this section allow the Owner to track and analyze the User response concerning web traffic or behavior regarding changes to the structure, text or any other component of this Website.
Google Optimize is an A/B testing service provided by Google LLC ("Google").
Google may use Personal Data to contextualize and personalize the ads of its own advertising network.
Personal Data processed: Tracker; Usage Data.
Place of processing: United States – Privacy Policy.
This type of service allows you to view content hosted on external platforms directly from the pages of this Website and interact with them.
This type of service might still collect web traffic data for the pages where the service is installed, even when Users do not use it.
Google Fonts is a typeface visualization service provided by Google Inc. that allows this Website to incorporate content of this kind on its pages.
Personal Data processed: Usage Data; various types of Data as specified in the privacy policy of the service.
Place of processing: United States – Privacy Policy.
Adobe Fonts is a typeface visualization service provided by Adobe Systems Incorporated that allows this Website to incorporate content of this kind on its pages.
Personal Data processed: Usage Data; various types of Data as specified in the privacy policy of the service.
Place of processing: United States – Privacy Policy.
Heat mapping services are used to display the areas of a page where Users most frequently move the mouse or click. This shows where the points of interest are. These services make it possible to monitor and analyze web traffic and keep track of User behavior.
Some of these services may record sessions and make them available for later visual playback.
Hotjar is a session recording and heat mapping service provided by Hotjar Ltd.
Hotjar honors generic „Do Not Track” headers. This means the browser can tell its script not to collect any of the User's data. This is a setting that is available in all major browsers. Find Hotjar’s opt-out information here.
Personal Data processed: Cookies; Usage Data; various types of Data as specified in the privacy policy of the service.
Place of processing: Malta – Privacy Policy – Opt Out.
This type of service has the purpose of hosting Data and files that enable this Website to run and be distributed as well as to provide a ready-made infrastructure to run specific features or parts of this Website. Some of these services work through geographically distributed servers, making it difficult to determine the actual location where the Personal Data are stored.
Cloudinary is a hosting service provided by Cloudinary Ltd.
Personal Data processed: various types of Data as specified in the privacy policy of the service.
Place of processing: Israel – Privacy Policy.
DigitalOcean is a hosting service provided by DigitalOcean Inc.
Personal Data processed: various types of Data as specified in the privacy policy of the service.
Place of processing: United States – Privacy Policy; United Kingdom – Privacy Policy.
Google BigQuery is a hosting and backend service provided by Google LLC or by Google Ireland Limited, depending on how the Owner manages the Data processing.
Personal Data processed: various types of Data as specified in the privacy policy of the service.
Place of processing: United States – Privacy Policy; Ireland – Privacy Policy.
Google App Engine is a hosting service provided by Google LLC.
Personal Data processed: various types of Data as specified in the privacy policy of the service.
Place of processing: United Kingdom – Privacy Policy.
This type of service allows this Website to monitor the use and behavior of its components so its performance, operation, maintenance and troubleshooting can be improved.
Which Personal Data are processed depends on the characteristics and mode of implementation of these services, whose function is to filter the activities of this Website.
Sentry is a monitoring service provided by Functional Software, Inc. .
Personal Data processed: various types of Data as specified in the privacy policy of the service.
Place of processing: United States – Privacy Policy.
This type of service allows interaction with social networks or other external platforms directly from the pages of this Website.
The interaction and information obtained through this Website are always subject to the User’s privacy settings for each social network.
This type of service might still collect traffic data for the pages where the service is installed, even when Users do not use it.
It is recommended to log out from the respective services in order to make sure that the processed data on this Website isn’t being connected back to the User’s profile.
The Twitter Tweet button and social widgets are services allowing interaction with the Twitter social network provided by Twitter, Inc.
Personal Data processed: Cookies; Usage Data.
Place of processing: United States – Privacy Policy.
The Facebook Like button and social widgets are services allowing interaction with the Facebook social network provided by Facebook, Inc.
Personal Data processed: Cookies; Usage Data.
Place of processing: United States – Privacy Policy.
The Google+ +1 button and social widgets are services allowing interaction with the Google+ social network provided by Google Inc.
Personal Data processed: Cookies; Usage Data.
Place of processing: United States – Privacy Policy.
This type of service allows Users to interact with third-party live chat platforms directly from the pages of this Website, for contacting and being contacted by this Website support service.
If one of these services is installed, it may collect browsing and Usage Data in the pages where it is installed, even if the Users do not actively use the service. Moreover, live chat conversations may be logged.
The Crisp Widget is a service for interacting with the Crisp live chat platform provided by Crisp IM SARL.
Personal Data processed: Cookies; Data communicated while using the service; Usage Data; various types of Data as specified in the privacy policy of the service.
Place of processing: France – Privacy Policy.
This type of service allows Users to interact with third-party support and feedback platforms directly from the pages of this Website.
If one of these services is installed, it may collect browsing and Usage Data in the pages where it is installed, even if the Users do not actively use the service.
https://uk.legal.trustpilot.com/for-reviewers/end-user-privacy-terms
---
When you write a review on Trustpilot or otherwise use our Website, we collect and process personal data about you. This document helps you understand what personal data we collect about you, how we collect it, what we use it for, and what rights you have regarding your personal data.
When we talk about “Trustpilot,” “we,” “us” or “our,” we mean Trustpilot A/S and our affiliates. We also use “Policy” to refer to this Privacy Policy and “Website” to refer to our applications and all of Trustpilot’s websites, like uk.trustpilot.com, dk.trustpilot.com, de.trustpilot.com etc.
Trustpilot A/S is the entity responsible for processing your personal data.
---
1. Personal data - what we collect and what we use it for
1.1 Master data
When you create a profile or write your first review on the Website, we will automatically generate a personal account for you on Trustpilot (“Account”) and collect the following personal data about you (the “Master Data”):
Your username (this will be public),
Your securely encrypted password,
Your email address, and
Your location and country.
This information is mandatory, which means that it will not be possible to write a review on the Website without it.
You can choose to add further personal data to your profile. The additional data you can add is your name, a profile description, photo, gender, city, and language. This additional information will be part of your public profile and will also be part of the Master Data.
Trustpilot is an open review platform and when we display your review we will connect it to your profile so that people can see who wrote the review. Therefore, please be aware that depending on the information you add to your profile and the username you choose, you may or may not be anonymous.
1.2 Information in reviews and ratings
When you write a review about a company, we collect the information you put in your review. This includes:
Which company you review
The type of buying or service experience your review concerns (see the definition of “Service Experience” and “Product” in our User Guidelines
The headline and content of your review
The location of your Service Experience
Your rating of your Service Experience with the company (1-5 stars)
Your rating of the Product (1-5 stars)
The date of your review and, if you update your review, the date on which it is edited
A reference number or order ID (if you or the company provides one)
If we ask you to provide information or documentation verifying your Service Experience and you send us such documentation, we will collect and process the documentation for the purpose(s) stated in the request.
Please don’t share any sensitive personal documents or information with us, either concerning yourself or others.
1.3 Information about views, likes and how useful your review is for others
When you write a review on our Website, people can show that they find your review useful, for example by “liking it”, and we collect this information. We also collect information about how many people read your review. We don’t track the identities of people who aren’t logged in and read the reviews, but we do collect data on the number of consumers who read your review. If you “like” another person’s review we will also collect that information.
1.4 Notifications
If you notify us about a review that you believe violates our User Guidelines, then we collect the information you provide in your notification to us. This can include which review you notified us about, the reason for your notification, the date of your notification, etc.
1.5 Information from other services, including social networks like Facebook
You can connect your Trustpilot profile with your profile on social networks, e.g. Facebook, and Google+ (“Social Network(s)”). When you use this option we automatically collect selected information about you from your Social Networks. The information we collect depends on what information you have made available on those Social Networks and your privacy settings for sharing such information on the Social Networks. Depending on your settings and selection, we will collect the following information:
Name and/or username
Email address
Profile photo
Who your social connections are
When you make a request to connect your Trustpilot profile with a Social Network profile, you will be informed about which information we will collect from the Social Network in question. You will receive this information before your request is carried out.
You can choose to disconnect your Social Network profile from your Trustpilot profile via your Account. At this point, Trustpilot will remove your Social Network unique ID, and disconnect/revoke Trustpilot from your Social Network. Your profile picture from your Social Network profile will remain on your Trustpilot profile.
1.6 Cookies
Our Website uses cookies. Cookies identify your computer or device rather than you as an individual user, and are used for different purposes.
Read more about which cookies the Website uses and for which purposes below (in 8).
1.7 Your IP address, browser settings and location
When you visit the Website, we register your computer’s IP address and browser settings. The IP address is the numerical address of the computer used to visit the Website. Browser settings can include the type of browser you use, browser language, and time zone. We collect this information so that we can trace the computer used in cases of misuse or unlawful actions in connection with visits to or use of the Website. We also use the IP address to approximate your location (at city level) and so that we know which sets of our Terms & Conditions apply to your use of our Website.
1.8 Newsletters and digest emails
We collect the information you provide us with when you subscribe to receive our newsletters, digest emails or similar (we collect your name, email address and newsletter preferences). If you no longer wish to receive our newsletters, digest emails or similar, you can unsubscribe by logging into your Account and changing your email settings or you can contact us at privacy@trustpilot.com.
1.9 For what purposes do we use your personal data?
We will use the information you provide to us to:
Provide our services to you, including displaying your reviews, and providing you with access to your profile and our Website
Identify you as a registered user when you log in to the Website and re-visit the Website
Verify the legitimacy of your reviews
Improve the Website and our services
Invite you to leave more reviews
Respond to your questions and provide related customer service
Pass on a message from the company you reviewed or the company that has invited you to review a Product via the Website
Contact you if your review is flagged by other users or companies and, if necessary, ask you to provide documentation to verify your review or experience
Send you our newsletters
Inform you when other users find your review helpful or otherwise provide feedback concerning your review
Facilitate the social sharing function, including giving you the option to connect with members of your network who are both users of Trustpilot and users of one or more Social Networks
Display which members of your Social Networks are users of Trustpilot in order to increase confidence in reviews and to create a better user experience on our Website
Engage in various internal business purposes, i.e data analysis, audits, fraud monitoring and prevention, developing new products and services, improving or modifying the Website, or our services including our TrustBoxes, identifying usage trends, determining the effectiveness of our promotional campaigns and operating and expanding our business activities
Comply with legal requirements and legal process, requests from public and governmental authorities, relevant industry standards and our internal policies
Enforce our Terms & Conditions
Protect our operations or those of any of our affiliates
Protect our rights, privacy, safety or property and/or that of our affiliates, you or others
Allow us to pursue available remedies or limit any damages that we sustain
We will also use the information in other ways for which we provide specific notice at the time of collection.
1.10 On what legal basis do we process your personal data?
We need to process your personal data in order to:
Perform our contract with you (see Article 6.1.b of the GDPR)
Comply with our legal obligations (see Article 6.1.c of the GDPR) and operate an online review platform in compliance with, for example, the Unfair Commercial Practices Directive, ICPEN’s guidelines on online reviews and endorsements, The Consumer Protection from Unfair Trading Regulations 2008, The Competition and Markets Authority’s guidance on online reviews and endorsements, the Danish Consumer Ombudsman’s Guidelines on publication of user reviews, the Danish Marketing Practices Act etc.
Pursue legitimate business interests of our own related to operating the Website and providing our services to you, or to pursue the legitimate interests of third parties as long as your interests and fundamental rights do not override those interests (see Article 6.1.f of the GDPR).
For the establishment, exercise or defence of legal claims, where necessary (see Article 9.2.f of the GDPR)
Some of these grounds for processing your personal data overlap, so there may be several reasons which justify us processing your personal data.
In those limited circumstances where you have expressly given your consent to us to process your personal data (see Article 6.1.a of the GDPR), for example, when subscribing to our newsletters, you are free to revoke your consent at any time. However, please be aware that we may have the right to continue to process your information if it can be justified on one of the other legal bases mentioned above.
You have the right to object to how we process your personal data, or ask us to restrict the processing. Please see below, at 13, for more details.
If you would like more information about our legal basis for processing your personal data, please contact our Data Protection Officer (DPO) - see 14, below.
2. Disclosure of personal data
2.1 Disclosure of personal data on the Website
We are an open review platform and we share your review on our Website so that others can read about your experience with a specific company. When you write a review, we will disclose your review, your username, your location and country and other information you have chosen to connect with your public profile. Remember that if you have selected to use your name as your username, this can reveal your identity in full or in part - unless you use a pseudonym.
We recommend that you exercise care in deciding which information to make available for disclosing on the Website and be aware that depending on the level of information provided, you may or may not be anonymous.
Master Data and other information
When you write a review on our Website and create an Account, your username, review, photo, location and the number of reviews you have written will be visible on the Website. The companies you review can also receive information about your review.
Geo-location
When you write a review on the Website, we use your computer’s IP address (see 1.7 of this Policy, above) to approximate your location to the nearest city. This information is made available to other users of the Website.
Reviews you found useful
When you find other reviews useful (by “liking” them), other users of our Website can see the review(s) you “liked”.
Social Networks
If you connect to a Social Network, information such as your profile photo, your name, birth year and approximate location will be collected from your Social Network profile and used to identify you on the Website. Subject to your privacy settings and the level of information available from the Social Network, users of the Website can use this information to identify which reviews you have written.
If you have chosen to preserve anonymity by using a pseudonym for your Trustpilot username, be aware that information from Social Network(s) can reveal your identity in part or in full and make it possible to identify which reviews you have written.
If your contacts or friends (referred to as “Connections”) on the Social Network have also connected with Trustpilot, we display on the Website how you are connected to these Connections through the Social Network. This is only visible to you. Other people on Trustpilot cannot see your Connections from Social Networks.
2.2 Disclosure on services to which you connect your profile
If you choose to connect your Trustpilot profile with your profile on a Social Network, information and reviews provided by you on the Website or data compiled by us about your use of the service on the Website (e.g. the number of reviews you have written) will be shared with and displayed in connection with your profile on the Social Network and will be subject to the privacy policy of the Social Network.
2.3 Disclosure to other services, websites and companies
One of Trustpilot's main goals is to increase the exposure and availability of reviews on the Website. We therefore permit other services to show reviews created on the Website. This increases the potential audience for your reviews.
The categories of third party services and companies who can show your review(s) together with your public user profile are:
Search engines, including Google and Bing
Companies reviewed on Trustpilot
Companies that have invited you to review a Product
Consumer portals and business portals, including price comparison websites, shopping guides, etc.
Application partners and platforms, such as Prestashop, Magento, Shopify, WooCommerce
Other similar websites where, in Trustpilot’s assessment, it will be relevant for users to search for reviews.
Facebook “If your review has been shared on the Social Network”
Once you submit your review, it is published on the Website. This means that the following information is disclosed:
Your review(s), (see 1.2, above)
Your username and the additional data you choose to add to your profile, such as your name, a profile description, photo, gender, city, location, country, and language.
If you write a review on Trustpilot in response to an invitation sent by a company via our review invitation services, the company who sent you the invite will be able to link your review with the invitation.
If we need to verify your review, we will contact you and ask for documentation that shows that you have had a buying or service experience with the company you reviewed. We therefore recommend that you keep such documentation for 12 months from the date of your review. We explain the type of documentation you should send us here.
We do not share the documentation you send to us with the reviewed company. However, if you have a reference number or order ID, we may pass that on to the company, unless you ask us not to.
2.4 Other disclosures
In addition to the above, we disclose your personal data to the following parties and in the following circumstances:
To allow third party vendors, consultants and other service providers to perform services on our behalf
To Trustpilot subsidiaries and other companies within the Trustpilot group of companies
To comply with laws or to respond to claims, legal process (including but not limited to subpoenas and court orders) and requests from public and government authorities
To cooperate with regulatory bodies and government authorities, including but not limited to Trading Standards, the Competition and Markets Authority, relevant data protection authorities and the Danish Consumer Ombudsman, in connection with investigations or case referrals
To third parties in connection with enforcement of our Terms & Conditions and Guidelines
To third parties in order for us to protect our operations or those of our affiliates
To third parties in order for us to pursue available remedies, or limit damages that we may sustain
To third parties in order for us to investigate, prevent or take action regarding suspected or actual prohibited activities, including but not limited to fraud and misuse of our Website
To a third party in the event of any reorganization, merger, acquisition, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business or assets (including in connection with any bankruptcy or similar proceedings).
3. Data controller
3.1 Information for which we are the data controller
We are the data controller of the Master Data you enter to create and maintain your profile, which includes but is not limited to your name, password, email address and location, as well as the registration of your IP address.
We are also the data controller of the information which is disclosed to other services (see 2.3). Denmark’s data protection laws govern our collection of your data.
3.2 Information for which you are the data controller
You are the data controller for the content you choose to disclose on the Website, and for the personal data disclosed when you connect your Social Network profile(s) with your profile on the Website.
4. Links to websites
Our Website contains links to other websites. Our inclusion of such links does not imply that we endorse those websites. We do not control the content of those third party websites, and assume no responsibility for the third party or their policies or practices.
We encourage you to review the privacy policies for these third party websites because their procedures for collecting, handling and processing personal data will be different from ours.
5. Data processors and transfer of personal data outside the EU
We use external companies to maintain the technical operation of the Website and our services. These companies are data processors for the personal data for which we are the data controller. By accepting this Policy, you agree that we may also allow the data for which you are the data controller to be processed by these data processors.
We have data processing agreements in place with the data processors and it follows from these agreements that they must act solely in accordance with our instructions. By accepting this Policy, you authorize us to instruct the data processors to process data in accordance with the Policy and for the purposes of using the Website.
The data processors have taken reasonable technical and organizational measures to protect against the information being accidentally or illegally destroyed, becoming lost or deteriorating, and to protect against the information being disclosed to unauthorized persons, being misused, or in other ways being processed in violation of data protection laws.
On your request – and possibly in return for remuneration at the data processors' applicable hourly rates at any time for such work – the data processors must supply you with sufficient information to demonstrate that the above-mentioned technical and organizational safety measures have been taken.
Some of these data processors and third party services are located outside of the European Union, such as in the US. You consent to us using data processors in unsecure third countries provided that there is a legal framework governing the transfer of your personal data and ensuring adequate protection of it, for example if the data processor is part of the EU-US Privacy Shield framework.
6. Data retention
We keep the Master Data and other personal data you provide, including your reviews, for as long as you have an Account or as needed to provide you with our services. If you choose to delete your Account please note that all your reviews will also be deleted. We will delete this information upon your request and we will only save a log with the following information: your name, email address and the date of the deletion of your Account. We will keep the log for 3 years. All other information will be deleted.
If you only use our Website for searching for reviewed companies, we will retain your information and keep your Account open until you decide to close your Account. In some cases, even if you close your account, we then choose to retain certain information (e.g. visits to our Website) in an anonymized or aggregated form.
7. Security measures
We use reasonable organizational, technical and administrative measures to protect your personal data within our organization and we regularly audit our system for vulnerabilities. However, since the internet is not a 100% secure environment, we cannot ensure or warrant the security of the information you transmit to us. Emails sent via the Website may not be encrypted, and we therefore advise you not to include any confidential information in your emails to us.
To learn more about our current practices and policies regarding security and other information, please see our security practices. We are always working to improve our security practices and we will update this information as these practices evolve over time.
8. Cookies
The Website uses cookies and similar technologies (“Cookies”). By using our Website, you accept that we use Cookies as described below.
8.1 What types of Cookies do we use?
Cookies are small pieces of information that the Website places on your computer's hard disk, on your tablet or on your smartphone. Note that HTML5 introduced Web Storage that has a similar nature to Cookies, and that we therefore consider that as a Cookie in the following.
Cookies contain information that the Website uses to make the communication between you and your web browser more efficient. Cookies identify your computer or device rather than you as an individual user.
We use session cookies, persistent cookies, HTML5 sessionStorage and HTML5 localStorage session cookies and HTML5 sessionStorage objects are temporary in nature and are deleted when you exit your web browser. Persistent cookies are permanent in nature and are stored and remain on your computer until they are deleted. Persistent cookies expire or auto delete after a certain period of time, which is set per cookie, but are renewed each time you visit the Website. HTML5 localStorage objects are permanent in nature and remain on your computer until they are deleted.
8.2 What do we use Cookies for?
We use Cookies for:
Generating statistics
Measuring Website traffic such as the number of visits to the Website, which domains the visitors come from, which pages they visit on the Website and in which overall geographical areas the visitors are located.
Monitoring Website performance and your use of our Website
Monitoring the performance of the Website, our applications and TrustBoxes and how you use our Website, applications and TrustBoxes.
Authentication and improving the functionality of our Website
Optimizing your experience with the Website, which includes remembering your username and password when you return to the Website and remembering information about your browser and preferences (e.g. which language you prefer).
Connecting you to Social Networks
We give you the option of connecting with Social Networks, such as Facebook.
Quality assurance
Ensuring the quality of reviews and to prevent misuse or irregularities in connection with writing reviews and using the Website.
Targeted advertisements
Displaying relevant advertisements on the Website, including interest-based advertisements, which we believe are of interest to you. We use third parties to provide these advertisements when you visit the Website and other websites. These third parties may use Cookies alone or in conjunction with web beacons or other tracking technologies to collect information about your use of our Website and other websites.
8.3 Third party Cookies
Third party Cookies are set by third party websites – not our Website. When you visit our Website, the following third party Cookies may be set:
Facebook cookies, set when you log in to our Website with Facebook
Google cookies, set when you log in to our Website with Google
Google AdSense cookies, set when displaying relevant targeted advertisements on our Website. Some cookies may be set as DoubleClick, which is part of Google
Hotjar localStorage, set for managing how and when surveys are displayed. Read more here.
8.4 Deletion of cookies
You can delete the cookies already on your device. You can typically delete cookies from the Privacy or History area, available from the Settings or Options menu in the browser. In most browsers, the same menu can be reached through the Ctrl+Shift+Del keyboard shortcut or Command+Shift+Del if you're on a Mac.
If you do not accept Cookies from our Website, you may experience inconvenience in your use of the Website, and you may be prevented from accessing some of its features.
9. Access and insights into the personal data we have about you
If you have an Account on Trustpilot, you can log in to your Account and see what information we have about you, including your reviews, and why we have that information. You can read more about how to here.
If you don’t have an Account, you can email privacy@trustpilot.com and request information about your personal data. Upon receiving your request, we will let you know what personal data we have about you, how we collect the information, the purpose for which we process your personal data, and who we share your personal data with.
10. Download your personal data (data portability)
If you have a user profile on Trustpilot, you can download the personal data that you have provided to us, including your reviews. You can read more about how to download your personal data here.
11. Correction and deletion of your personal data
If any of the Master Data or other personal data that we have about you in our capacity as a data controller is incorrect or misleading, you can correct most of the information yourself via your Account. We recommend that you make any the correction(s) yourself. Otherwise, you are welcome to ask us to assist with correcting your information.
You may at any time correct or delete any content and personal data on the Website for which you are the data controller (see 3.2). If your personal data changes, or if you no longer wish to appear on the Website, you can update or delete the information by logging in to your Account.
If your Account is deleted, all the data associated with your Account will be deleted, including your Master Data and reviews on the Website.
We reserve the right to block access to your Account and/or delete it if the Account or the content associated with your Account or your review(s) on the Website is, in our assessment, discriminating, racist, sexually oriented, unethical, threatening, offensive, harassing or otherwise violates applicable laws, third party rights or our User Guidelines, or is inconsistent with the purpose of the Website. If we block access to or delete your Account, we will inform you of the reason for blocking or deleting your Account by sending an email to the address you provided when you created your Account.
12. Other rights
In addition to the rights set out above concerning your personal data, you also have the following rights:
You also have the right to object to the processing of your personal data and have the processing of your personal data restricted.
In particular, you have an unconditional right to object to the processing of your personal data for direct marketing purposes.
If our processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. Your withdrawal will not affect the lawfulness of the processing of data carried out before you withdrew your consent. You may withdraw your consent by emailing us at privacy@trustpilot.com.
In some circumstances, these rights may be limited or conditional. For example, whether or not you have the right to data portability in a particular case depends on the specific circumstances of the processing activity.
13. Children’s information
Our Website is not intended for children. If you become aware that a child under the age of 18 has provided us with their personal data, please contact us.
14. Our Data Protection Officer
We have a Data Protection Officer (DPO). If you have any questions about the data processing activities performed by us, you are welcome to contact our DPO by email at: privacy@trustpilot.com.
15. Changes to this Policy
We reserve the right to make changes to this Policy. The date shown at the start of this Policy indicates when it was last revised. If we make material changes to it, we will provide notice through our Website, or by other means, to give you the opportunity to review the changes before they come into effect. If you object to our changes, you can close your Account. Your continued use of our Website after we publish or send a notice about the changes to the Policy will mean that you accept and agree to the updated Policy.
16. Contact information and where to send questions or complaints
If you have questions or concerns about our Policy, how we process your personal data, or would like us to correct your personal data, feel free to contact us at: privacy@trustpilot.com.
You can also reach us by post.
If contacting us does not resolve your complaint, you have further options, for example you may always lodge a complaint with a data protection supervisory authority, e.g. The Danish Data Protection Agency. You can read more about it here.
Our contact details are:
Trustpilot A/S,
Pilestraede 58, 5th floor, 1112 Copenhagen, Denmark
CVR no.: 30276582
This type of service makes it possible to manage a database of email contacts, phone contacts or any other contact information to communicate with the User.
These services may also collect data concerning the date and time when the message was viewed by the User, as well as when the User interacted with it, such as by clicking on links included in the message.
SparkPost is an email address management and message sending service provided by Message Systems, Inc.
Personal Data processed: email address; various types of Data as specified in the privacy policy of the service.
Place of processing: United States – Privacy Policy.
This type of service allows this Website to manage the creation, deployment, administration, distribution and analysis of online forms and surveys in order to collect, save and reuse Data from any responding Users.
The Personal Data collected depend on the information asked and provided by the Users in the corresponding online form.
These services may be integrated with a wide range of third-party services to enable the Owner to take subsequent steps with the Data processed - e.g. managing contacts, sending messages, analytics, advertising and payment processing.
Typeform is a form builder and data collection platform provided by TYPEFORM S.L.
Personal Data processed: email address; first name; last name; phone number.
Place of processing: Spain – Privacy Policy.
These services have the purpose of hosting and running key components of this Website, therefore allowing the provision of this Website from within a unified platform. Such platforms provide a wide range of tools to the Owner – e.g. analytics, user registration, commenting, database management, e-commerce, payment processing – that imply the collection and handling of Personal Data. Some of these services work through geographically distributed servers, making it difficult to determine the actual location where the Personal Data are stored.
WordPress.com is a platform provided by Automattic Inc. that allows the Owner to build, run and host this Website.
Personal Data processed: various types of Data as specified in the privacy policy of the service.
Place of processing: United States – Privacy Policy.
This type of service allows this Website and its partners to inform, optimize and serve advertising based on past use of this Website by the User.
This activity is facilitated by tracking Usage Data and by using Trackers to collect information which is then transferred to the partners that manage the remarketing and behavioral targeting activity.
Some services offer a remarketing option based on email address lists.
In addition to any opt-out feature provided by any of the services below, Users may opt out by visiting the Network Advertising Initiative opt-out page.
Users may also opt-out of certain advertising features through applicable device settings, such as the device advertising settings for mobile phones or ads settings in general.
Google Ads Remarketing is a remarketing and behavioral targeting service provided by Google LLC that connects the activity of this Website with the Google Ads advertising network and the DoubleClick Cookie.
Users can opt out of Google's use of cookies for ads personalization by visiting Google's Ads Settings.
Personal Data processed: Cookies; Usage Data.
Place of processing: United States – Privacy Policy – Opt Out.
Facebook Remarketing is a remarketing and behavioral targeting service provided by Facebook, Inc. that connects the activity of this Website with the Facebook advertising network.
Personal Data processed: Cookies; Usage Data.
Place of processing: United States – Privacy Policy – Opt Out.
This type of service helps the Owner to manage the tags or scripts needed on this Website in a centralized fashion.
This results in the Users' Data flowing through these services, potentially resulting in the retention of this Data.
Google Tag Manager is a tag management service provided by Google LLC.
Personal Data processed: Usage Data.
Place of processing: United States – Privacy Policy.
This type of service allows this Website to distribute their content using servers located across different countries and to optimize their performance.
Which Personal Data are processed depends on the characteristics and the way these services are implemented. Their function is to filter communications between this Website and the User's browser.
Considering the widespread distribution of this system, it is difficult to determine the locations to which the contents that may contain Personal Information of the User are transferred.
Cloudflare is a traffic optimization and distribution service provided by Cloudflare Inc.
The way Cloudflare is integrated means that it filters all the traffic through this Website, i.e., communication between this Website and the User's browser, while also allowing analytical data from this Website to be collected.
Personal Data processed: Cookies; various types of Data as specified in the privacy policy of the service.
Place of processing: United States – Privacy Policy.
jsDelivr is a traffic optimization and distribution service provided by Prospect One Sp. z o.o. sp. k.
Personal Data processed: Usage Data.
Place of processing: Poland – Privacy Policy.
In addition to any opt-out feature provided by any of the services listed in this document, Users may learn more on how to generally opt out of interest-based advertising within the dedicated section of the Cookie Policy.
Response IQ Ltd Privacy Policy
Last updated: April 24, 2018
The https://responseiq.com/ website (the “Website”) is operated by Response IQ Ltd, company registration number 09951115 and the registered office of which is at Rocketspace, 40 Islington High St, London, United Kingdom, N1 8XB (“We”, “Us” or “ResponseIQ”).
We take your privacy very seriously and we ask that you read this Privacy Policy carefully as it contains important information on:
- the personal information we collect about you,
- what we do with your information, and
- who your information might be shared with.
Who we are
ResponseIQ are a “data controller” for the purposes of the General Data Protection Regulation EU 2016/679 (the “GDPR”), (i.e. we are responsible for, and control the processing of, your personal information).
What information we collect?
Personal information provided by you
We may collect personal information about you (such as your name, address, telephone number, payment card details etc.) when you use our Website, register with us or purchase services from us. We may also collect personal information when you contact us, send us feedback or post material to the Website.
We may also collect information that your browser sends us whenever you visit our Website. This data may include information such as your computer’s IP address, browser type, browser version, the pages of our Website that you visit and other statistics relating to your use of the Website. This information may be collected in conjunction with third party services such as Google Analytics.
Personal information provided by third parties
The nature of the Services we offer means that we may receive information about you from a third-party source, such as one of our clients. We will only accept that information if we have evidence that you have consented for the personal information to be passed to us or it is passed pursuant to another legal basis under the GDPR.
Personal information about other individuals
If you give us information on behalf of someone else, you confirm that the other person has appointed you to act on his/her behalf and has agreed that you can:
- give consent on his/her behalf to the processing of his/her personal data;
- receive on his/her behalf any data protection notices; and
- give consent to the transfer of his/her personal data abroad.
Sensitive personal information
It is very unlikely that we will ask you to provide sensitive personal information. If we request such information, we will explain why we are requesting it and how we intend to use it.
Sensitive personal information includes information relating to your ethnic origin, your political opinions, your religious beliefs, whether you belong to a trade union, your physical or mental health or condition, your sexual life, and whether you have committed a criminal offence.
We will only collect your sensitive personal information with your explicit consent.
Monitoring and recording communications
We may monitor and record communications with you (such as telephone conversations and emails) for the purpose of performing the Services we offer to our clients, quality assurance, training, fraud prevention and regulatory compliance.
Use of cookies
A cookie is a small text file which is placed onto your computer (or other electronic device) when you access our Website. We use cookies on this Website to:
- keep track of any services you may wish to purchase;
- recognise you whenever you visit this Website (this speeds up your access to the Website as you do not have to log in each time);
- obtain information about your preferences, online movements and use of the internet;
- carry out research and statistical analysis to help improve our content and services and to help us better understand our visitor and customer requirements and interests;
- target our marketing and advertising campaigns more effectively by providing interest-based advertisements that are personalised to your interests; and
- make your online experience more efficient and enjoyable.
The information we obtain from our use of cookies will not usually contain your personal data. Although we may obtain information about your computer or other electronic device such as your IP address, your browser and/or other internet log information, this will not usually identify you personally. In certain circumstances we may collect personal information about you—but only where you voluntarily provide it (e.g. by completing an online form) or where you purchase services from us.
In most cases we will need your consent in order to use cookies on this Website. The exception is where the cookie is essential in order for us to provide you with a service you have requested (e.g. to enable you to purchase services from us).
There is a notice on our home page which describes how we use cookies and which also provides a link to this Privacy Policy. If you use our Website after this notification has been displayed to you, we will assume that you consent to our use of cookies for the purposes described in this Privacy Policy.
We may work with third party suppliers who may also set cookies on our Website. These third-party suppliers are responsible for the cookies they set on our Website. If you want further information, please go to the website of the relevant third party.
If you do not want to accept cookies, you can change your browser settings so that cookies are not accepted. If you do this, please be aware that you may lose some of the functionality of this Website. For further information about cookies and how to disable them please go to the Information Commissioner’s webpage on cookies: https://ico.org.uk/for-the-public/online/cookies/.
How will we use the information about you?
We collect information about you so that we can:
- identify you and manage any accounts you hold with us;
- process your order or carry out obligations arising from any contract(s) entered into between you and us;
- conduct research, statistical analysis and behavioural analysis;
- carry out customer profiling and analyse your purchasing preferences;
- if you agree, let you know about other products or services that may be of interest to you—see ‘Marketing’ section below;
- detect and prevent fraud;
- customise our Website and its content to your particular preferences;
- notify you of any changes to our Website or to our services that may affect you;
- carry out security vetting; and
- improve our services and notify you about changes to these services.
Marketing
Only where you have provided us with specific, informed and unambiguous consent shall we provide you with marketing materials by the mechanism(s) you have consented to (e.g. email). We will only provide you with marketing materials relating to features that you have explicitly consented to.
If you have consented to such receive marketing from us, you can opt out at any time. See ‘What rights do you have?’ below for further information.
Who your information might be shared with
We may disclose your personal data to:
- our clients as part of the service offered, but only with your explicit consent or pursuant to another legal basis under the GDPR;
- our service providers pursuant to strict data processing agreements that protect your personal data to the same or higher standards than we treat it;
- law enforcement agencies in connection with any investigation to help prevent unlawful activity; and
- a court of law or regulator where we are under a duty to disclose or share your personal data in order to comply with a legal or regulatory obligation.
Rest assured that we will never pass your information to a third party outside of the categories above without your explicit consent.
Keeping your data secure
We will use technical and organisational measures to safeguard your personal data, for example:
- access to your account is controlled by a password and username that are unique to you;
- we store your personal data on secure servers; and
- payment details are encrypted using SSL technology (typically you will see a lock icon or green address bar (or both) in your browser when we use this technology).
While we will use all reasonable efforts to safeguard your personal data, you acknowledge that the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal data that are transferred from you or to you via the internet. If you have any particular concerns about your information, please contact us (see ‘How can you contact us?’ below).
Our Website may contain links to other websites of our partners, suppliers, advertisers or other approved third parties. If you follow a link to any of these websites, please note that these websites have (or should have) their own privacy policies. We do not accept any responsibility or liability for these policies or the way in which your personal data may be treated by these third parties. We recommend you check the privacy policy of any third party before you submit any personal data to their website.
Transfers of your information out of the EEA
We may need to transfer your personal data to countries which are located outside the European Economic Area (“EEA”), for the purpose of providing the services to you. You may be located in a country outside of the EEA and therefore we may have no choice but to transfer your data outside of the EEA. Rest assured that any transfer of your personal data outside of the EEA will be subject to a GDPR-compliant guarantee (such as the EU-US Privacy Shield or a Model Contract Clause approved by the European Commission) that will safeguard your privacy rights and give you remedies in the unlikely event of a security breach.
How long do we hold your data for?
We only keep your personal data as long as necessary for the purpose for which it was obtained. After that period, we either: (1) anonymise the data if we still wish to use it for analytical purposes, or (2) pseudonymise the data if believe in good faith that we may need to process the data in the future for a legitimate purpose, or in all other cases (3) delete it completely from our servers.
What rights do you have?
Right to request a copy of your information
You can request a copy of your information which we hold (this is known as a subject access request). If you would like a copy of some or it, please:
- email, call or write to us (see ‘How can you contact us?’ below),
- let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill will suffice), and
- let us know the information you want a copy of, including any account or reference numbers, if you have them.
We will acknowledge receipt of your request and will respond within thirty (30) days. We will not charge you for providing the information.
Right to correct any mistakes in your information
You can require us to correct any mistakes in your information which we hold free of charge. If you would like to do this, please:
- email, call or write to us (see ‘How can you contact us?’ below),
- let us have enough information to identify you (e.g. account number, user name, registration details), and
- let us know the information that is incorrect and what it should be replaced with.
We will acknowledge receipt of your request and will respond within thirty (30) days.
Right to ask us to stop contacting you with direct marketing
You can ask us to stop contacting you for direct marketing purposes. If you would like to do this, please:
- email, call or write to us (see ‘How can you contact us?’ below). You can also click on the ‘unsubscribe’ button at the bottom of marketing emails from us,
- let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill will suffice), and
- let us know what method of contact you are not happy with if you are unhappy with certain ways of contacting you only (for example, you may be happy for us to contact you by email but not by telephone).
We will acknowledge receipt of your request and will respond within thirty (30) days.
Right to erasure
You can request that we delete all personal data relating to you free of charge. If you would like to do this, please:
- email, call or write to us (see ‘How can you contact us?’ below), and
- let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill will suffice), and
- provide us with the justification for the erasure request (e.g. you are withdrawing your consent, you no longer believe that we should be processing the personal data for the original purpose for which it was obtained, the personal data is being unlawfully processed, there is a legal reason for erasure etc.).
We will acknowledge receipt of your request and will respond within thirty (30) days.
Right to Restrict Processing
You can request that we restrict processing of some of your personal data. If you would like to do this, please:
- email, call or write to us (see ‘How can you contact us?’ below), and
- let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill will suffice), and
- provide us with details of what personal data you would like us to restrict the processing of (e.g. where you contest the accuracy of some personal data, we shall restrict the processing of it whilst its accuracy is verified).
We will acknowledge receipt of your request and will respond within thirty (30) days. If we agree to restrict the processing of the personal data before the thirty (30) day period, we will inform you as soon as we have put in place the restriction.
Right to Object
You can object to us processing any of your personal data. If you would like to do this, please:
- email, call or write to us (see ‘How can you contact us?’ below), and
- let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill will suffice), and
- provide us with details of what personal data you object to us processing.
We will acknowledge receipt of your request and will respond within thirty (30) days.
Right to Data Portability
You can request that be provide some or all of your personal data we hold to a third party free of charge. If you would like to do this, please:
- email, call or write to us (see ‘How can you contact us?’ below),
- let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill will suffice), and
- provide us with sufficient details of the third-party entity to which you would like your data transferred.
We will acknowledge receipt of your request and will provide your personal to the third-party entity in a commonly used machine-readable format within thirty (30) days providing you have provided us with sufficient information to do so. We will not charge you for this service.
Rights relating to automated decision making and profiling
We use software that automatically processes personal data for us. We ensure that processing using this software is fair and we implement all appropriate technical and organisational measures to ensure inaccuracies are minimised. If you are concerned about the use of such software, you have the right to ask for more details about the processing and request that we stop using the software to process your data. If you would like to do this, please:
- email, call or write to us (see ‘How can you contact us?’ below),
- let us have enough information to identify you (e.g. account number, user name, registration details), and
- provide us with details of your concerns and the categories of personal data you believe are being processed by automated software.
We will acknowledge receipt of your request and will respond within thirty (30) days. Please note that if the automated processing is necessary for the performance of a contract between you and us, if you request that the software is no longer used to process your data, we may not be able to provide you with services anymore.
Right to complain to the supervisory authority
If you are unhappy with the way in which we have dealt with a request you have made or you feel that we are not complying with this Privacy Policy in any way, you have the right to complain to the supervisory authority in the country in which you live. The supervisory authority in England and Wales is the Information Commissioners Office and details of how to contact them are available on their website: www.ico.org.uk.
Time Extensions and Refusals
We reserve the right to extend the time period to respond to any of the requests listed above by up to sixty (60) days where a request is complex or a large number of requests are made. If we fail to respond to you by the deadline we set, you have a right to complain to the supervisory authority or seek a judicial remedy (see – ‘Right to complain to the supervisory authority’ above).
We may also refuse a request where there are legitimate reasons to do so. These include, but are not limited to:
- where a request is manifestly unfounded, excessive or repetitive; or
- where personal data is being processed:
• in order to comply with a legal obligation;
the public interest;
• in the exercise or defence of a legal claim;
• in the exercise of the right to freedom of expression and information.
How to contact us
Please contact us via help@responseiq.com or call +44 208 629 5280. Our Data Protection Officer is Scott Lee. If you have any questions about this Privacy Policy or the information we hold about you, we will be delighted to assist.
Changes to this Privacy Policy
We may change this Privacy Policy from time to time. You should check this policy occasionally to ensure you are aware of the most recent version that will apply each time you access this Website.
1. Preamble
As part of a separate contract and/or on the basis of separate individual assignments (hereinafter collectively referred to as the “Main Contract”), Emarsys shall provide Blue Bay Travel with various marketing services, with particular emphasis on planning, implementing, and analysing email communication (hereinafter collectively referred to as “Services”). The Services are described in more detail in the Main Contract and in the descriptions of each respective Service.
2. Subject Matter
2.1. Processing of Personal Data
This agreement (“Contract”) shall provide regulations for processing personal data which Emarsys processes on behalf of Client whilst the Services are being delivered (“Data”). Personal data means any information relating to an identified or identifiable natural person. The Data particularly include the names, e-mail addresses, and areas of interest of the recipients of Blue Bay Travel’s e-mail newsletters.
3. Duties of Blue Bay Travel
3.1. Client as controller
Emarsys shall exclusively process the Data as part of, and for the purpose of, delivering Services for Blue Bay Travel and in accordance with Blue Bay Travel’s documented instructions. Emarsys shall process the personal data in no other way, and for no other purpose, unless required to do so by EU or EU Member State law to which Emarsys is subject; in such a case, Emarsys shall inform Blue Bay Travel of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest.
3.2. Obligation to notify
If in Blue Bay Travel’s area of accountability, Data which has been processed by Emarsys in accordance with this Contract becomes inadvertently known to unauthorized third parties, Blue Bay Travel shall inform Emarsys about this in due time to enable Emarsys to take necessary technical and organizational measures on its side.
3.3. Obligation to indemnify
If a third party (inclusive of public authorities) makes claim(s) against Emarsys and/or accuses Emarsys to be in breach of contract which is/are based on Blue Bay Travel’s breach of its duties, the following shall apply: Blue Bay Travel shall grant Emarsys indemnity against these claims, provide Emarsys with appropriate support for their legal defence, and indemnify Emarsys for the reasonable cost of the legal defence. The obligation to indemnify shall only be valid if Emarsys informs Blue Bay Travel of any asserted claims in writing and without undue delay, does not make a confession or any other similar statement to that effect, and allows Blue Bay Travel, at Blue Bay Travel’s own expense and as far as is procedurally possible, to conduct all legal and out of court proceedings regarding the claims.
4. Duties of Emarsys
4.1. Obligation to inform
Emarsys shall immediately inform Blue Bay Travel if, in its opinion, an instruction given by Blue Bay Travel violates applicable provisions in relation to data protection. Emarsys shall be entitled to suspend the performance of said instruction until it is confirmed or modified by Blue Bay Travel. Emarsys is not under any obligation to carry out a legal review of the instructions. Blue Bay Travel remains the sole controller regarding the Data, and is responsible for the legality of the Data processing and protecting the rights of the data subjects. Blue Bay Travel shall inform the data subjects or obtain their consent with regards to the processing of Data where required.
4.2. Obligation to Provide Support
Emarsys shall, upon Blue Bay Travel’s request, adequately assist Blue Bay Travel in the event that Blue Bay Travel is only able to fulfil its obligations towards the data subjects (particularly the obligation to provide a data subject with details regarding the processing of his/her personal data) with Emarsys’s assistance. Emarsys shall forward to Blue Bay Travel data subject requests directed to Emarsys. Emarsys shall also, upon Blue Bay Travel’s request, assist Blue Bay Travel in ensuring its compliance regarding the security of personal data (security of processing, notification of a personal data breach to the supervisory authority, communication of a personal data breach to the data subject) as well as a potentially necessary data protection impact assessment and prior consultations, in each case taking into account the nature of processing and the information available to Emarsys.
4.3. Rectifying, deleting, and blocking
Should personal data need to be rectified, deleted, or blocked, Blue Bay Travel shall undertake this themselves by using the corresponding functions available in the software provided. If this is not possible, Emarsys shall take on the tasks of rectifying, deleting, and blocking, following the instructions from Blue Bay Travel. Item 7.2 applies to the deletion of the Data at the end of the contract term.
4.4. Location of Data processing
The Data shall be processed solely in the European Union (EU) and/or in the member states which are included in the agreement covering the European Economic Area (EEA), provided that Blue Bay Travel has not permitted Emarsys to process the Data in a country outside of the EU and the EEA in this Contract or in any other manner.
4.5. Data protection officer
Emarsys shall have a designated data protection officer. Emarsys shall provide its data protection officer’s contact details to Blue Bay Travel upon request.
4.6. Confidentiality of the Data
Emarsys shall familiarize its employees who are assigned with the task of processing personal data with the regulatory provisions of data protection, and shall commit them in writing to maintaining confidentiality and data secrecy. This obligation of secrecy especially applies to persons assigned with the task of processing data, and for data relating to legal bodies or an association, and shall continue to apply for Emarsys even after the employment is terminated.
4.7. Obligation to notify
If Client Data becomes known to unauthorized third parties in an unlawful manner, i.e. in breach of applicable data protection laws, this Contract, or instructions given by Blue Bay Travel, Emarsys must immediately inform Blue Bay Travel of this.
4.8. Technical and organizational measures
Taking into account the state of the technology, the costs of implementation, and the nature, scope, context, and purposes of processing, as well as the risk of varying likelihood and severity for the rights and freedoms of persons, Emarsys shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk. Furthermore, Emarsys shall take steps to ensure that any person acting under its authority who has access to the personal Data does not process it except on instructions from Blue Bay Travel, unless he or she is required to do so by EU or EU Member State law.
4.8.1. Pseudonymisation And Encryption Of Personal Data
Measures implemented my Emarsys which generally prevent unauthorized processing of personal data: data cannot be read, copied, altered, or removed without authorization during processing or utilization and after being saved (including encryption processes):
4.8.1. Personal data are encrypted when transmitted.
To the extent reasonably possible (without preventing the rendering of the agreed services) personal data are anonymized and/or pseudonymized by hashing or reference to a database whether personal data are stored.
4.9. Obligation to indemnify
If a third party (inclusive of public authorities) makes claim(s) against Blue Bay Travel and/or accuses Blue Bay Travel to be in breach of contract which is/are based on Emarsys’s breach of its duties, the following shall apply: Emarsys shall grant Blue Bay Travel indemnity against these claims, provide Blue Bay Travel with appropriate support for their legal defense, and indemnify Blue Bay Travel for the reasonable cost of the legal defence. The obligation to indemnify shall only be valid if Blue Bay Travel informs Emarsys of any asserted claims in writing and without undue delay, does not make a confession or any other similar statement to that effect, and allows Emarsys, at Emarsys’s own expense and as far as is procedurally possible, to conduct all legal and out of court proceedings regarding the claims.
5. Blue Bay Travel’s right to carry out audits
5.1. Certification
Emarsys must use an information security management system that is certified according to ISO 27001 during the term of this Contract, and shall provide proof of same upon request.
5.2. Audits
To the extent required, Blue Bay Travel is permitted to audit (or to have another auditor, mandated by Blue Bay Travel, audit) Emarsys’s compliance with: a) the legal regulations in relation to data protection, b) the contractual agreements made by the parties and c) Blue Bay Travel’s instructions. Emarsys shall contribute to such audits and make available to Blue Bay Travel all information necessary to demonstrate its compliance. Blue Bay Travel must give at least two weeks written notice prior to carrying out audits at Emarsys’s business
premises. The audits shall be carried out by Blue Bay Travel during the normal business hours, and without causing a significant disruption to business operations. Each party shall cover its own costs of, or in connection with, audits.
5.3. Legitimate interests of Emarsys
If by carrying out the audits Emarsys’s trade and business secrets may be revealed, or intellectual property belonging to Emarsys could be compromised, Blue Bay Travel must have the audits carried out by an independent specialist third party which is under the obligation to maintain confidentiality with respect to Emarsys.
6. Subcontracting
6.1. Engaging subcontractors
Emarsys shall be authorized to engage subcontractors to process the Data if Emarsys enters into a written or electronic contract with the subcontractor regarding the processing of the Data, and the level of protection provided by said contract is equal or greater than that of this Contract, and Blue Bay Travel gives its prior written or electronic consent to engage the subcontractor. Emarsys shall inform Blue Bay Travel in writing or electronic form of any intended changes concerning the addition or replacement of subcontractors, thereby giving Blue Bay Travel the opportunity to object to such changes. Blue Bay Travel’s consent shall be deemed given if Blue Bay Travel does not object in writing or electronic form within one month after receipt of this information.
6.2. Liability for subcontractors
Where a subcontractor fails to fulfil its data protection obligations, Emarsys shall remain fully liable to Blue Bay Travel for the performance of that subcontractor's obligations.
7. Terms of termination
7.1. Data at the point of contract termination
Emarsys shall delete Blue Bay Travel’s Data from its data storage media and destroy any relevant documentation it holds, 30 days after the Main Contract has ended, provided that Emarsys is not legally obliged to continue storing it. Blue Bay Travel shall be responsible for exporting the Data in a timely manner before the end of this period, and to save it for its own continued use. Blue Bay Travel shall separately commission and remunerate Emarsys for Data that is published or exported in such a way that is not covered by the services included in the standard functions (e.g. downloading files).
7.2. Backup copies
The above obligation to delete shall not apply to copies of the Data which are included in regularly created back-up copies of Emarsys’s comprehensive data sets, which would require Emarsys to invest significant resources to achieve an isolated deletion, and which will be automatically deleted or replaced after a maximum of 14 days as part of the back-up cycle that Emarsys applies. Until the automatic deletion or replacement occurs, any recovery or other use of such copies is prohibited after the termination of this Contract. Blue Bay Travel may request Emarsys delete such backup copies immediately if Blue Bay Travel reimburses Emarsys for the reasonable costs which are incurred by this; this also includes compensation for the incurred working hours of Emarsys’s personnel.
This Website uses Trackers. To learn more, Users may consult the Cookie Policy.
The Owner may process Personal Data relating to Users if one of the following applies:
In any case, the Owner will gladly help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of Personal Data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.
Unless specified otherwise in this document, Personal Data shall be processed and stored for as long as required by the purpose they have been collected for and may be retained for longer due to applicable legal obligation or based on the Users’ consent.
Therefore:
The Owner may be allowed to retain Personal Data for a longer period whenever the User has given consent to such processing, as long as such consent is not withdrawn. Furthermore, the Owner may be obliged to retain Personal Data for a longer period whenever required to fulfil a legal obligation or upon order of an authority.
Once the retention period expires, Personal Data shall be deleted. Therefore, the right of access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after expiration of the retention period.
Users may exercise certain rights regarding their Data processed by the Owner.
In particular, Users have the right to do the following, to the extent permitted by law:
Users are also entitled to learn about the legal basis for Data transfers abroad including to any international organization governed by public international law or set up by two or more countries, such as the UN, and about the security measures taken by the Owner to safeguard their Data.
Where Personal Data is processed for a public interest, in the exercise of an official authority vested in the Owner or for the purposes of the legitimate interests pursued by the Owner, Users may object to such processing by providing a ground related to their particular situation to justify the objection.
Users must know that, however, should their Personal Data be processed for direct marketing purposes, they can object to that processing at any time, free of charge and without providing any justification. Where the User objects to processing for direct marketing purposes, the Personal Data will no longer be processed for such purposes. To learn whether the Owner is processing Personal Data for direct marketing purposes, Users may refer to the relevant sections of this document.
Any requests to exercise User rights can be directed to the Owner through the contact details provided in this document. Such requests are free of charge and will be answered by the Owner as early as possible and always within one month, providing Users with the information required by law. Any rectification or erasure of Personal Data or restriction of processing will be communicated by the Owner to each recipient, if any, to whom the Personal Data has been disclosed unless this proves impossible or involves disproportionate effort. At the Users’ request, the Owner will inform them about those recipients.
The User's Personal Data may be used for legal purposes by the Owner in Court or in the stages leading to possible legal action arising from improper use of this Website or the related Services.
The User declares to be aware that the Owner may be required to reveal personal data upon request of public authorities.
In addition to the information contained in this privacy policy, this Website may provide the User with additional and contextual information concerning particular Services or the collection and processing of Personal Data upon request.
For operation and maintenance purposes, this Website and any third-party services may collect files that record interaction with this Website (System logs) or use other Personal Data (such as the IP Address) for this purpose.
More details concerning the collection or processing of Personal Data may be requested from the Owner at any time. Please see the contact information at the beginning of this document.
The Owner reserves the right to make changes to this privacy policy at any time by notifying its Users on this page and possibly within this Website and/or - as far as technically and legally feasible - sending a notice to Users via any contact information available to the Owner. It is strongly recommended to check this page often, referring to the date of the last modification listed at the bottom.
Should the changes affect processing activities performed on the basis of the User’s consent, the Owner shall collect new consent from the User, where required.
Any information that directly, indirectly, or in connection with other information — including a personal identification number — allows for the identification or identifiability of a natural person.
Information collected automatically through this Website (or third-party services employed in this Website), which can include: the IP addresses or domain names of the computers utilized by the Users who use this Website, the URI addresses (Uniform Resource Identifier), the time of the request, the method utilized to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server's answer (successful outcome, error, etc.), the country of origin, the features of the browser and the operating system utilized by the User, the various time details per visit (e.g., the time spent on each page within the Application) and the details about the path followed within the Application with special reference to the sequence of pages visited, and other parameters about the device operating system and/or the User's IT environment.
The individual using this Website who, unless otherwise specified, coincides with the Data Subject.
The natural person to whom the Personal Data refers.
The natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Controller, as described in this privacy policy.
The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data, including the security measures concerning the operation and use of this Website. The Data Controller, unless otherwise specified, is the Owner of this Website.
The means by which the Personal Data of the User is collected and processed.
The service provided by this Website as described in the relative terms (if available) and on this site/application.
Unless otherwise specified, all references made within this document to the European Union include all current member states to the European Union and the European Economic Area.
Cookies are Trackers consisting of small sets of data stored in the User's browser.
Tracker indicates any technology - e.g Cookies, unique identifiers, web beacons, embedded scripts, e-tags and fingerprinting - that enables the tracking of Users, for example by accessing or storing information on the User’s device.
This privacy policy relates solely to this Website, if not stated otherwise within this document.
Latest update: November 04, 2021
iubenda hosts this content and only collects the Personal Data strictly necessary for it to be provided.