ASC Travel ltd - Privacy Policy

ASC Travel Ltd

Privacy Policy

 

Introduction

ASC Travel Ltd known as ASC Travel is committed to protecting and respecting your privacy. This Privacy Policy outlines how we collect, use, disclose and safeguard your personal information when you interact with us where you are a customer, supplier of services or a visitor on our website. This privacy policy also tells you about your privacy rights pursuant to Data Protection Laws such as the UK Data Protection Act 2018, the General Data Protection Regulation (UK GDPR) and the EU GDPR. 

This policy relates to the following websites

https://www.long-travel.co.uk/

https://www.completelycroatia.co.uk/

Controller for personal data 

A “controller” is a person or organisation who alone or jointly determines the purposes for which and the way any personal data is or is likely to be processed. Unless we notify you otherwise ASC Travel is the controller of your personal data for the purpose of this website. 

Scope 

This privacy policy applies to the processing of personal data by us in connection with: 

  • Customers: where we provide our services to you. 
  • Suppliers: For the provision of products and services to us by suppliers or service providers.
  • Website visitors: Where you are a visitor on our website. 

 

Types of personal data 

Personal data or personal information means any information about an individual from which that person can be identified. It does not include data where the identity has been removed. This is known as anonymised data. Anonymised data falls outside the scope of Data Protection Laws. 

Information We Collect

We may collect and process the following data about you, not all types of personal data will be processed and does depend on your relationship with us. 

  • Personal Information: Your name, address, email address, phone number, passport details and other relevant information necessary to complete travel bookings.
  • Payment Information: Credit card details and payment information, invoice information, payment type which is collected through secure payment processing systems.
  • Travel Preferences: Preferences regarding destinations, accommodations and special requirements.
  • Transaction Data includes details about payments to and from you and other transaction details for the provision of services.
  • Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website or platform.
  • Profile Data includes your username and password, searches made by you, your ratings and comments, preferences, feedback and survey responses.  
  • Usage Data includes information about how you use our website and services. 
  • Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.

Depending on your relationship with us we may process the categories of data above and categories of personal data specific to you. Please see below in the Processing Table on how we may process your personal data depending on our relationship with you and our lawful basis for doing so. 

Lawful bases: How we use your personal data 

ASC Travel will only use your personal data when the law allows us to. We will use your personal data in the following circumstances:

 

  • Performance of a contract: Where we need to perform the contract, we are about to enter into or have entered into with you. For example, when you sign up to our services. 
  • Legal obligation: Where we need to comply with a legal obligation. For example, for accounting or legal purposes. 
  • Legitimate interests: Where it is necessary for our legitimate interests or those of a third party and your interests and fundamental rights do not override those interests.
  • Consent: We do not generally rely on consent as a legal basis for processing your personal data. Where we do rely on consent you have the right to withdraw consent at any time. Please contact us at hello@asc-Travel.com to withdraw consent. Please also see Marketing communications
  • Vital interests: Where is it necessary to protect your vital interests in case of emergencies. 
  • Public obligation: Where we need to comply with a public obligation, for example in the matters of public health or public interests. 

Customer: Processing Information

This is where we directly transact with you to provide you with our services/products where you are customer.

Processing Bookings: To process and manage your travel bookings, confirmations, and any changes.

 

Personal Information, Travel Preferences

Performance of a contract 

Payment Processing: To securely process payments for your bookings and services.

 

Personal Information, Payment Information, Transaction Data 

Performance of a contract 

To respond to any enquires such as to provide assistance with bookings, queries and other customer support needs.

Personal Information

Performance of a contract with you

Necessary for our legitimate interests so that we can get in touch with you

Register you for our newsletters and marketing communications 

Personal Information 

Consent (Opt-in) or Soft Opt-in depending on which country you are located

To post testimonials on our website that may contain personal information. 

 

Personal Information 

Consent - Prior to posting a testimonial we will obtain your consent to use your name and the content of the testimonial. 

 

If you wish to update or delete your testimonial, please contact us and include your name, testimonial location and contact information

To administer and protect our business and our platform including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data 

Personal Information, 

Technical Data

Necessary for our legitimate interests for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise

 

Necessary to comply with a legal obligation

 

Supplier: Processing Information

This is where you are a supplier of products and services to us. 

Processing activities 

Categories of personal data 


Lawful basis 

 

For you to provide services and products to us 

 

Personal Information (limited to contact details) 

Performance of a contract 

Manage payments, fees and charges we owe you

Payment Information (limited to information for payment purposes only), Transaction Data 

Performance of a contract with you 

To engage with you as a customer for product/service support 

Personal Information (limited to contact information) 

Performance of a contract 

Necessary for our legitimate interests so that we are able to get in touch with our queries, issues and concerns. 

 

Website visitor: Processing Information 

This is where you are a website visitor on our website regardless as to whether you will be taking up our products or services. 

Processing activities 

Categories of personal data 


Lawful basis 

 

When you contact us via our website, forms and other links on our website including AI- chat features. 

 

 

Personal Information 

Necessary for our legitimate interests where we need to be able to respond to you

 

To manage our relationship with you which will include notifying you about changes to our terms or privacy policy

Personal Information 

 (where you have provided that data to us) 

Necessary for our legitimate interests i.e., to keep our records updated and to study how visitors use our products/services

 

 

To administer and protect our business and our website including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data 

Personal Information (where you have provided data to us) 

Technical Data

Necessary for our legitimate interests for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise

 

Necessary to comply with a legal obligation

 

To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you

Personal Information, Profile Data, Usage Data, Marketing and Communications Data, Technical Data

Necessary for our legitimate interests i.e., to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy

 

 

To use data analytics to improve our website, products/services, marketing, customer relationships and experiences

Technical Data, Usage Data 

Necessary for our legitimate interests to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy

 

Note: Where applicable consent will be used for data analytics obtained through cookies or similar technologies. See our cookies notice 

 

Use of non-essential cookies - where the jurisdiction applies and consent is required

Technical Data 

Consent 

 

Cookies and similar technologies 

We gather information and statistics collectively about visitors to our website. Analysis of this information demonstrates the most frequently used sections of the website and assists us in continually improving the online service. Please also refer to our cookies notice for more information on how we set cookies. 

Providing personal data 

Where we need to collect personal data by law or under the terms of a contract and you do not provide that information when requested we may not be able to perform the contract we have or are trying to enter into with you for example to provide you with our services. In this case we may have to cancel our service, but we will notify you if this is the case at the time. 

Marketing communications 

We may send you marketing communication. You have the right to object to processing of your personal data for direct marketing purposes. You can unsubscribe from receiving marketing communications from us by using the unsubscribe methods contained in communications we send to you or by contacting us. See Contact us

Where you opt out of receiving marketing communications this will not apply to personal data provided to us as a result of registering for or using our service, your service experience or other interactions with this website.

Data Sharing

We do not sell or rent your personal data. However, we may share your personal information in the following circumstances:

  • Internally: Your personal data will be used by our employees and contractors who are working on providing your services to you on a need-to-know basis.
  • Within our Group: Your personal data can be shared within our Group of companies so that we can carry out our services to you.
  • Suppliers: This would include service providers who support our business including IT and communication suppliers and outsourced business support to ensure our service runs smoothly. 
  • Professional advisers: This would include lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.
  • Payment Service Intermediaries: These providers help facilitate payment to us. 
  • Law enforcement bodies, regulators and other authorities: This is to comply with our legal requirements or adhere to good practices.
  • Advertising networks and analytics service providers: This is to support and display ads on our website and other social media tools.
  • Third parties: This is in the context of the acquisition or transfer of any part of our business or in connection with the business reorganisation. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.

 

International transfers for UK/EU

We may transfer and process your personal data outside of the United Kingdom (UK) /European Union (EU) to countries where data protection laws are less stringent than those in the UK/EU. When we transfer your personal data outside of the UK/ EU we only do so to entities that offer our users the same level of data protection as that afforded by the UK Data Protection Act 2018 (including the UK GDPR) and the EU GDPR/ Data Protection Laws. 

  1. We will only transfer your personal information to countries that have been deemed to provide an adequate level of protection for personal information; or 
  2. We will use specific contracts approved for use in the UK or EU which give personal information the same protection it has in the UK/EU. For example, the use of Article 46 UK and EU GDPR safeguard mechanisms to transfer personal data endorsed by the UK Government or European Commission. 

For other countries we will use local law guidance to ensure personal data is transferred securely where there is a requirement in law to do so. 

To find out more about the transfer mechanism used please contact us at hello@asc-Travel.com

Data Security

We implement appropriate technical and organizational measures to safeguard your personal data from unauthorized access, alteration, disclosure, or destruction. We use secure servers, encryption, and other safeguards to protect sensitive information such as payment details.

 Data Retention

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

 

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

 

Your Rights

Under certain circumstances, you have rights under Data Protection Laws. Not all rights are absolute and depending on where you are located, not all rights are given to you. You can:

Request access to your personal data: This is known as a "subject access request" and enables you to receive a copy of the personal data we hold about you.

Request correction of your personal data: This enables you to have any incomplete or inaccurate information we hold about you corrected.

Request erasure of your personal data: This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. We may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you at the time of your request.

Object to processing of your personal data: This is where we are processing your personal data based on a legitimate interest or those of a third party and you may challenge this.  However, we may be entitled to continue processing your information based on our legitimate interests or where this is relevant to any legal claims.  See also Marketing communications. 

Request restriction of processing your personal information: This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the information's accuracy (b) where our use of the information is unlawful but you do not want us to erase it (c) where you need us to hold the information even if we no longer require it as you need it to establish, exercise or defend legal claims or (d) you have objected to our use of your information but we need to verify whether we have overriding legitimate grounds to use it.

Request transfer of your personal information (“data portability”): This is where in some circumstances we will provide to you or a third party you have chosen your personal data in a structured, commonly used, machine-readable format.

Right to withdraw consent: This is where we are relying on consent to process your personal data. This will not affect the lawfulness of any processing carried out before you withdraw your consent. Depending on the processing activity, we may not be able to provide certain services to you if you withdraw your consent. We will advise you if this is the case at the time you withdraw your consent.

Automated decision making:  This is where decisions are made about you by automated means. We do not carry out automated decision making. 

Carrying out your data subject rights 

You will not have to pay a fee to access your personal data or to exercise any of the other rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information or to exercise any of your other rights. This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

If you wish to exercise any of the rights set out above, please contact us at  hello@asc-Travel.com

 

Third-Party Links

Our website may contain links to third-party websites. Please note that we are not responsible for the privacy practices of other sites. We encourage you to review their privacy policies before submitting any personal data.

Keeping personal information accurate and current 

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us. Please contact us if you wish to update your personal data.

Concerns and complaints 

We would appreciate the chance to deal with your concerns in the first instance. Please see Contact us section. If you have unresolved issues, you have the right to complain at any time to a data protection supervisory authority for data protection issues such as the UK data protection regulator – the Information Commissioner’s Office (ICO).  

You may lodge a complaint with a supervisory authority if you live or work outside the UK or you have a complaint concerning our personal data processing activities. 

 

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page, and the updated policy will be effective immediately upon posting. Please check back regularly to stay informed of any updates.

Contact Us

If you have any questions or concerns regarding this Privacy Policy or your personal data, please contact us at:

ASC Travel Ltd, 86-90 Paul Street, London. EC2A 4NE

Email: hello @asc-travel.com 

Phone: 0333 880 5655

 

Version control

This Privacy Policy was last updated in April 2025.