Sporta Bike + is a sports tour operator.
As an essential part of our business, we collect and manage client and non-client data. In doing so, we observe the UK data protection legislation, and are committed to protecting and respecting clients’ and non-clients’ privacy and rights.
As such, we act as a “Data Controller” in respect of the information gathered and processed by us.
To ensure that you are informed about how we operate, we have developed this privacy notice, which details how we collect, manage, process, store and share information about you as a result of you visiting this site or as a previous or existing client of Sporta.
The privacy notice also provides you with information about how you can have control over the use of your data.
If you have any comments or queries regarding our use of your data, please contact us.
What information do we collect?
In general terms, we collect information about you to enable us to:
- Administer our relationship with you, provide services and respond to enquiries
- Enable business development including sending newsletters, information updates and details of our services
- Deliver requested information to you about our services and products
- Ensure the billing of any services and obtain payment
- Process and respond to complaints
- Enable us to meet our legal and other regulatory obligations imposed on us
The information we need for these purposes is known as “personal data.” This includes your name, address (work or home), email address, telephone and other contact numbers and financial information. We collect this in a number of different ways. For example, you may provide this data to us by email, via our website, over the telephone, or by letter.
We also process sensitive classes of information that includes:
- Physical or mental health details, and
- Racial or ethnic origin
We will seek your permission if we need to record any of your sensitive personal data on our systems.
How Do We Use The Information?
We use the data we collect from you for the specific purposes listed in the table below. Please note that this table also explains:
- The legal basis for processing your data, linked to each processing purpose; and
- In what circumstances your data will be shared with a third party organisation
Purpose for Processing Data
To administer our relationship with you, to provide services and respond to enquiries.
To ensure the billing of any procured services by you and obtain payment.
To communicate with you on Company news, newsletters and event invitations which are relevant to your interests and in line with your preferences.
To provide enquirers support by telephone.
To process and respond to complaints
Legal basis for processing data
To meet the requirements of a contract
To meet the requirements of a contract
To seek explicit consent prior to sending individuals the information and in line with preferences.
To fulfil contractual obligations this includes taking action before entering into a contract.
To meet a legal obligation.
Third party organisations with whom data is shared
CAA (for ATOL purposes), Airlines, Destination Management Companies and Hotels.
Government VAT and tax inspectors, external auditors, internal auditors.
Under the terms of data protection legislation, you have the following rights:
Right to be Informed: This privacy notice fulfils our obligation to tell you about the ways in which we use your information.
Right to Access: You have the right to ask us for a copy of any personal data that we hold about you. This is known as a “Subject Access Request”. Except in exceptional circumstances (which we would discuss and agree with you in advance), you can obtain this information at no cost. We will send you a copy of the information within 30 days of your request. To make Subject Access Request, please contact us.
Right to Rectification: If any of the information that we hold about you is inaccurate, you can contact us.
Right to be Forgotten: From 25 May 2018, you can ask that we erase all personal information that we hold about you. Where it is appropriate that we comply, your request will be fully actioned within 30 days.
Right to Object: You have the right to object to - The continued use of your data for any purpose listed above for which consent is identified as the lawful basis for processing i.e. you have the right to withdraw your consent at any time - The continued use of your data for any purpose listed above for which the lawful basis of processing is that it has been deemed legitimate.
Right to Restrict Processing: If you wish us to restrict the use of your data because - you think it is inaccurate, but this will take time to validate, - you believe our data processing is unlawful but you do not want your data erased, - you want us to retain your data in order to establish, exercise or defend a legal claim, or - you wish to object to the processing of your data, but we have yet to determine whether this is appropriate, please contact us.
Right to Data Portability: If you would like to move, copy or transfer the electronic personal data that we hold about you to another organisation, please contact us.
Rights Related to Automated Decision-Making: If you would like to object to automated decision making without any individual involvement, and to the profiling of your data, please contact us.
Is The Processing of Information Likely to Cause Individuals to Object or Complain?
Sporta Tours is not aware of any justifiable reasons that would constitute a legitimate reason for objecting or complaining about the way we process or control information.
How Long Will We Retain Information For?
Sporta Tours will typically retain information for a period of 7 years. This is due to regulatory reasons and to ensure our business records are adequate to maintain the requisite levels of insurance to protect our clients and non-clients.
Some of the information that we collect, process or store is transferred outside of the European Economic Area (EEA).
Data Privacy and Security
At Sporta Tours we maintain a comprehensive data management work programme, which includes processes for ensuring that data protection is a key consideration of all new and existing IT systems that hold personal data. Where any concerns, risks or issues are identified, we conduct relevant impact assessments in order to determine any actions that are necessary to ensure optimum privacy. We also maintain an active information security work programme which seeks to protect the availability, confidentiality and integrity of all physical and information assets. Specifically, this helps us to:
- Protect against potential breaches of confidentiality;
- Ensure all IT facilities are protected against damage, loss or misuse;
- Increase awareness and understanding of the requirements of information security, and the responsibility of our colleagues to protect the confidentiality and integrity of the information that they handle; and,
- Ensure the optimum security of this website.