Hidden Travel Group - Privacy Policy

Hidden Travel Group

Completely Croatia is a trading name of Hidden Travel Group Limited.

Privacy and Cookie Policy

Your privacy is very important to us.  We are committed to safeguarding the privacy of our customers and our website visitors and will never misuse or sell your data to anyone. In this policy we explain how we will treat your personal information.

What information do we collect?

We may collect, store and use the following kinds of personal information:

  • Information about your computer and about your visits to and use of this website (including your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths);
  • Information that you provide to us when registering with our website or enquiring about any of the holidays on our website including your name, address, email, telephone number, preferences, mobility restrictions, interests, age and family information;
  • Information that you provide to us for the purpose of subscribing to our email notifications and/or newsletters (including your name and email address);
  • Information contained in or relating to any communication that you send to us or send through our website (including the communication content and metadata associated with the communication);
  • Telephone information including phone numbers, call duration and call recordings that we use for training and quality control;
  • Payment information; and
  • Any other personal information that you choose to send to us, including information regarding family and travel companion(s) such as names, emergency contacts, passport information, dates of birth, insurance information, visa information, nationality and country of residence; and holiday reviews, feedback and customer surveys.

Why do we collect this personal information?

When you book a holiday and enter into a contract with us, or if you enquire about a holiday with us, you will be required to provide certain personal information to allow us to fulfil our contract and/or enter into a contract. This information will include personal data such as passenger names, contact details, emergency contacts, passport information, dates of birth, insurance information, visa information, nationality, country of residence and payment details. It may also contain certain sensitive personal data relating to your personal circumstances, health and mobility.

Of course, providing your information to us is voluntary, but if you don’t provide the information we request, we will not be able to provide you with the best service possible and we may not be able to enter into a contract with you at all, and/or fulfil our contractual requirements.

We do not store financially sensitive information such as credit card numbers, bank details or security numbers.

Using the information we collect

We collect your personal information to make sure that we can manage and administer your trip for you so that you have the best experience possible; to provide great customer service (so that you can communicate with us and we can communicate with you); to recommend and keep you informed of deals and special offers which we believe may be of interest to you; and, to improve the quality of services which we provide to you and our customers generally.

In particular we may use your personal information for the following reasons:

  • To respond to your holiday enquiry or fulfil your booking;
  • Administer our website and business; personalise our website for you; improve our products and services; and enable your use of the services available on our website;
  • Supply to you services purchased or enquired about through our website;
  • Ensure that you are provided with any appropriate special assistance such as special diet, mobility or wheel chair services.
  • Send statements, invoices and payment reminders to you, and collect payments from you for holidays purchased;
  • Send you email notifications that you have specifically requested, including our email newsletter and non-marketing commercial communications (you can inform us at any time if you no longer require the newsletter or these communications – just click on the “unsubscribe” link included in the e-mail);
  • Send you marketing communications which we think will be of interest to you by post, Email or SMS (you can inform us at any time if you no longer require marketing communications – just click on the “unsubscribe” link included in the e-mail);
  • To display adverts on our or other websites based upon your prior visits to our website, preferences and contact with us.
  • Provide third parties with statistical information about our users (but those third parties will not be able to identify any individual user from that information);
  • Deal with enquiries and complaints made by or about you relating to our website;
  • Internal record keeping, auditing and regulation purposes; and
  • To keep our website secure and prevent fraud.

We will not, without your express consent, supply your personal information to any third party for the purpose of their or any other third party's direct marketing.

Disclosing the information we collect

We may disclose your personal information to any of our employees, officers, insurers, professional advisers, partners, agents, suppliers or subcontractors insofar as reasonably necessary for the purposes set out in this policy. 

In order to respond to your holiday enquiry or fulfil your booking we may need to disclose some of your information to our partners including delivery companies such as Royal Mail; and travel partner companies such as hotels, airlines, ground handlers and car hire companies. We only pass on information that is required in order to fulfil the booking or enquiry, such as name and address to delivery companies and name and passport information to airlines. Advanced Passenger Information (API) is required by many countries prior to arrival (or departure) and includes personal identity information such as name, passport details, visa information, nationality, transit and destination data. Airlines and transport companies are required to transmit this information by law and data entry is requested at the time of ticket issue. To comply with these regulations we pass the relevant information to the transport companies who transmit the information to the relevant authorities. 

We may disclose your personal information to any member of our group of companies (this means our subsidiaries, our ultimate holding company and all its subsidiaries) insofar as reasonably necessary for the purposes set out in this policy.  Information that we collect may be stored and processed in and transferred between any of the countries in which we operate in order to enable us to use the information in accordance with this policy.

We may disclose your personal information: (a) to the extent that we are required to do so by law; (b) in connection with any ongoing or prospective legal proceedings; (c) in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk); (d) to the purchaser (or prospective purchaser) of any business or asset that we are (or are contemplating) selling; and (e) to any person who we reasonably believe may apply to a court or other competent authority for disclosure of that personal information where, in our reasonable opinion, such court or authority would be reasonably likely to order disclosure of that personal information.

We may disclose your personal data to our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining and maintaining insurance coverage, managing risks, obtaining professional advice and managing legal disputes.

We will not provide your personal information to third parties except as provided in this policy.

Where we provide your personal data to any third party.

Where we share your personal data with any third party, we will ensure this processing is protected by appropriate safeguards including a suitable data processing agreement with that third party.

Lawful basis for processing personal information

For holiday enquiries and bookings,  our lawful basis for processing your personal data is for the purpose of performing our contract with you, or in taking steps at your request prior to entering into a contract with you.

Where we process your personal information other than in the course of specifically providing services to you under contract or in anticipation of entering into a contract with you, the lawful basis for our processing is our legitimate interest, namely our general day to day business administration and improving the quality of services which we provide. 

Marketing to you – Consent: In order to comply with data protection law, we will usually obtain your consent prior to processing your personal data for direct marketing purposes, for example, if you have signed up to receive our newsletter or brochure.  You can inform us at any time if you wish to withdraw such consent at any time just click on the “unsubscribe” link included in the e-mail. 

Marketing to you – Legitimate Interest: If you have recently enquired about our services or recently booked a trip or travel with us, we will keep you informed of our current offers and promotions by e-mail and may from time to time suggest inspirational holiday ideas which we believe may be of interest to you. We do not want to be intrusive - where we process your personal data in this way, we will always make sure that we balance your rights and interests and your reasonable expectations about how we use your personal data. You can inform us at any time if you do not want to receive our marketing communications just click on the “unsubscribe” link included in our e-mail.

From time to time, we may process any of your personal data where such processing is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.

Retaining personal information

Personal information that we process for any purpose or purposes (including legitimate interests) shall not be kept for longer than is necessary for that purpose or those purposes.

Notwithstanding the other provisions of this policy, we will retain documents (including electronic documents) containing personal data: (a) to the extent that we are required to do so by law; (b) if we believe that the documents may be relevant to any ongoing or prospective legal proceedings; and (c) in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk).

Please let us know if the personal information that we hold about you needs to be corrected or updated.

Security

Data security is of the utmost importance to us. We will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information. We will store all the personal information you provide on our secure servers. You acknowledge that the transmission of information over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet.

Your rights

You may instruct us to provide you with any personal information we hold about you. We shall require the supply of appropriate evidence of your identity (we will usually accept a photocopy of your passport certified by a solicitor plus an original copy of a utility bill showing your current address). Requests will take up to 30 days to process. We may withhold personal information that you request to the extent permitted by law.

You may instruct us at any time not to process your personal information for marketing purposes. In practice, you will usually either expressly agree in advance to our use of your personal information for marketing purposes, or we will provide you with an opportunity to opt out of the use of your personal information for marketing purposes.

The rights you have under data protection law are:

Your right to access your data. You have the right to ask us to confirm whether or not we process your personal data and, to have access to the personal data, and any additional information. That additional information includes the purposes for which we process your data, the categories of personal data we hold and the recipients of that personal data. You may request a copy of your personal data. The first copy will be provided free of charge, but we may charge a reasonable fee for additional copies.

Your right to rectification. If we hold any inaccurate personal data about you, you have the right to have these inaccuracies rectified. Where necessary for the purposes of the processing, you also have the right to have any incomplete personal data about you completed.

Your right to erasure. In certain circumstances you have the right to have personal data that we hold about you erased. This will be done without undue delay. These circumstances include the following: it is no longer necessary for us to hold those personal data in relation to the purposes for which they were originally collected or otherwise processed; you withdraw your consent to any processing which requires consent; the processing is for direct marketing purposes; and the personal data have been unlawfully processed. However, there are certain general exclusions of the right to erasure, including where processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation; or for establishing, exercising or defending legal claims.

Your right to restrict processing. In certain circumstances you have the right for the processing of your personal data to be restricted. This is the case where: you do not think that the personal data we hold about you is accurate; your data is being processed unlawfully, but you do not want your data to be erased; it is no longer necessary for us to hold your personal data for the purposes of our processing, but you still require that personal data in relation to a legal claim; and you have objected to processing, and are waiting for that objection to be verified. Where processing has been restricted for one of these reasons, we may continue to store your personal data. However, we will only process it for other reasons: with your consent; in relation to a legal claim; for the protection of the rights of another natural or legal person; or for reasons of important public interest.

Your right to object to processing. You can object to us processing your personal data on grounds relating to your particular situation, but only as far as our legal basis for the processing is that it is necessary for: the performance of a task carried out in the public interest, or in the exercise of any official authority vested in us; or the purposes of our legitimate interests or those of a third party. If you make an objection, we will stop processing your personal information unless we are able to: demonstrate compelling legitimate grounds for the processing, and that these legitimate grounds override your interests, rights and freedoms; or the processing is in relation to a legal claim.

Your right to object to direct marketing. You can object to us processing your personal data for direct marketing purposes. If you make an objection, we will stop processing your personal data for this purpose.

Your right to object for statistical purposes. You can object to us processing your personal data for statistical purposes on grounds relating to your particular situation, unless the processing is necessary for performing a task carried out for reasons of public interest.

Automated data processing. To the extent that the legal basis we are relying on for processing your personal data is consent, and where the processing is automated, you are entitled to receive your personal data from us in a structured, commonly used and machine-readable format. However, you may not have this right if it would adversely affect the rights and freedoms of others.

Complaining to a supervisory authority. If you think that our processing of your personal data infringes data protection laws, you can lodge a complaint with a supervisory authority responsible for data protection. You may do this in the EU member state of your habitual residence, your place of work or the place of the alleged infringement.

Right to withdraw consent. To the extent that the legal basis we are relying on for processing your personal data is consent, you are entitled to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.

Exercising your rights. You may exercise any of your rights in relation to your personal data by written notice to us in addition to the other methods specified above.

Cookies

We use cookies to enhance your experience using our website, as almost all websites do today. Cookies are small text files that store information on your computer for a variety of functions. 

We use cookies to:

  • Keep the website running as you’d expect (for example keeping you logged in as you browse different webpages).
  • Remember which pages or items you like the best, so we can show you personalised content.
  • Let you share things you like on your social networks.
  • Store some of your details, such as your log in details (but only if you want us to).
  • Cookies also help us evaluate our website. Knowing visitor levels, what device our visitors are using, which products people like the best and buy the most, social networks shares and how people have found us (search engines and links for example) helps us to make the website better for us and for you.

We will never use cookies to:

  • Store your personal information (unless you want us to, for example if you select Remember Me on the login page).
  • Pass on your information to third parties.

Types of cookies and what we use each one for:

  • First Party: These are cookies set by us and only usable by us. They are the ones that keep you logged in during a browsing session.
  • Third Party: These are cookies set by third parties that we use. The only third party cookies we use are for evaluating our website (we use Google Analytics for this), and those that allow you to share things on your social media sites.
  • Session Cookies: These are temporary cookies that are deleted when you close your browser. These are the ones that keep you logged in as you browse from page to page.

If you do not consent to the use of cookies, please ensure that your browser or computer/device is set to reject or prompt before accepting third party cookies. This may prevent you from taking full advantage of the website. Here’s some information on how to disable them:

  • Mozilla Firefox: Click on Tools, then Options; Select Privacy; Select Cookies and choose your preferred settings.
  • Safari: Go to the Safari pull down menu; Select Preferences and then the “Security” tab; Under “Accept Cookies”, set it to accept, reject, or selectively reject cookies.
  • Internet Explorer: Choose Tools and then Internet Options; Click on Privacy tab; Move the slider to choose your preferred settings.
  • Google Chrome: Click on the Tools menu and select Settings; Click "Show advanced settings" and locate the "Privacy" section, and choose the "Content settings" button; In the "Cookies" section you can choose your preferred settings.

If you continue to use our website, you imply consent to the use of cookies and we’ll assume you’re happy with the cookies that we set.

Our details

This website is owned and operated by Hidden Travel Group. We are registered in England and Wales under registration number 4687483, and our registered office is at Whittington Hall, Whittington, Worcester, WR5 2ZX. 

We are registered as a data controller with the UK Information Commissioner's Office. Our data protection registration number is ZA135177.

Our principal place of business is 63 Church Street, Birmingham, B3 2DP.  If you have a query or complaint about this privacy policy or about the site, please contact us. You can contact us by post, using our website contact form; by telephone on 01694 722193, or by email using the email address published on our website from time to time. If we are unable to satisfactory resolve any complaint you may have, you have a right to lodge a complaint with the Information Commissioner’s Office.

General and other information

Our website includes hyperlinks to, and details of, third party websites. We have no control over, and are not responsible for, the privacy policies and practices of third parties.

We may change this policy from time to time by updating this page and you should check this page to ensure that you are happy with any changes.

By using this website, you accept this privacy policy. By providing your personal data, you consent to the use, processing, storing, transferring and disclosing of your information and data referred to in this policy statement for the purposes set out in this privacy policy statement.