UNIQUE TRAVEL CORP CUSTOMER PRIVACY POLICY
Updated: June 1, 2022
Unique Travel Corp (“Unique”, “we”, “us”, “our”, or the “Company”), the worldwide representative for Sandals and Beaches Resorts operates this website (the “Site”) and maintains this information privacy policy (this “Privacy Policy”).
This Privacy Policy is part of Unique’s website terms and conditions https://www.sandals.com/terms-conditions/, and your use of the site, clicking to agree to such terms and/or this Privacy Policy and/or submission of information or personal data to the site constitutes your acceptance of and agreement with the terms of this Privacy Policy and your consent to the collection, use or disclosure of your personal data as described herein.
This Privacy Policy describes our practices with respect to “personal data”. As the term suggests, “personal data” is information about an identified or identifiable individual, including, for example, an individual’s name, address, or telephone number, e-mail address, information about an individual’s holiday arrangements or booking history, and information about online activities that are directly linked to them. Personal data does not include data where you can no longer be identified from it such as anonymised aggregate data.
It is common practice and often a necessity for companies or other organizations to collect personal data in order to conduct business and offer services. Unique is committed to protecting your privacy and this Privacy Policy sets out what personal data we collect, how we collect it, what we use it for and who we share it with.
For the purposes of data protection legislation, Unique is considered the “data controller” of personal data processed in connection with this Privacy Policy. This means that we are responsible for deciding how we hold and use personal data about you and who we share it with. We have appointed a data protection team to oversee our data privacy matters. Should you have any questions about this Privacy Policy or how we handle your personal data, you can our data protection privacy team at [email protected].
This Privacy Policy applies to personal data about you that we collect, use and otherwise process in connection with your relationship with us as a customer or potential customer, including when you book holidays with us, use our websites or call centres, book our services through third parties such as travel agents and tour operators, or engage with us at a trade fair or event we are attending. If you are booking a wedding with us then we will also need to collect further personal data from you which is explained in the ‘Wedding Customers Privacy Policy Supplemental Terms’ provided below. We may provide other supplemental privacy notices on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your personal data. Those supplemental notices should be read together with this Privacy Policy.
Where you also provide us with personal data of others, for instance, guests accompanying you on your holiday, please provide those persons with a copy of this Privacy Policy. Their personal data is also subject to the terms hereof.
What information do we collect about you and what do we use it for?
The types of personal data about you we may collect, store and use are set out in the table below and in each case we have specified what we use it for and our ‘lawful basis’ for processing it. The law specifies certain ‘lawful bases’ under which we are allowed to use your personal data. Most commonly, we will rely on one or more of the following lawful bases for processing your personal data:
- Where we need to perform the contract we have entered into with you (i.e. we need to provide the services you have booked);
- Where we need to comply with a legal obligation;
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests;
- Where you have consented to us doing so.
Special categories of personal data
Certain categories of personal data, such as race, religion or health, are considered to be “special categories” of personal data as they are more sensitive types of data. We try to limit the circumstances where we process special categories of personal data as much as possible, however, we may also occasionally collect, store and use the special categories of personal data set out in the table below.
“Special categories” of more sensitive personal data require higher levels of protection whereby we need to have further justification for collecting, storing and using this type of personal data. We may process special categories of personal data with your explicit consent. Less commonly, we may process this type of information where it is needed in relation to legal claims.
Special categories may also encompass other requests in relation to your travel arrangements that may contain or suggest some details about you that could be categories as more sensitive personal data. For instance, you may request that special meals are available to you in resort which could imply or suggest that you hold particular religious beliefs or have a particular medical condition.
By providing us with special categories of personal data you explicitly consent to our collecting, using and sharing this information with third parties and transferring such data outside of the EU as described in this Privacy Policy. We do not require you to provide us with special categories of personal data, however, if you do not do so we are unlikely to be able to accommodate your needs. Similarly, if you withdraw your consent (see Right to withdraw consent below) we are unlikely to be able to accommodate your needs.
Please note that we may use your personal data without your knowledge or consent, in compliance with the above rules, if we are required by law to do so or if we reasonably believe that it is necessary to protect our rights and/or to comply with judicial or regulatory proceedings, a court order or other legal process.
What if you do not provide the personal data we request?
If you do not provide us with certain information when requested, we will not be able to perform all or part of the contract we have entered into with you (such as booking your flights or hotel).
Change of purpose
We will only use your personal data for the purposes for which we collected it (as identified above in the What we use this data for column), unless we reasonably consider that we need to use it for another reason which is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
How do we collect this information?
We typically collect personal data about you when you use our services, when you book holidays with us, and when you use our website or call centres, either directly from you or from tour operators or travel agents. For example:
- When you book a holiday or other product or service on our websites
- When you book a holiday or other product or service of ours via a tour operator or travel agent
- When you contact our call centres or customer care agents
- When you complete a customer survey or provide us with feedback
- If you enter a competition or register for a promotion
- If you choose to interact with us via social media
- When you visit our website you may directly give us some personal data and we may also automatically collect certain data such as technical data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. Please see the below Cookies section for further details.
In addition, we may receive personal information about you from third parties, such as:
- Companies contracted by us to provide services to you
- Companies involved in your travel plans
- Customer programmes
- Companies running a competition where one of our holidays is the prize
Cookies
A cookie is an element of data that is stored on a user's computer. It may be used to identify the device you use to access the website to help us improve and deliver a more personalised service based on browsing style. We use both session ID cookies and persistent cookies. For the session ID cookie, once users close the browser, the cookie simply terminates. A persistent cookie is a small text file stored on the user's hard drive for an extended period of time. Persistent cookies can be removed by following Internet browser help file instructions.
Types of Cookies:
Category 1 - Strictly Necessary Cookies: These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.
Category 2 - Performance Cookies: These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.
Category 3 - Functionality Cookies: These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.
Category 4 - Targeting Cookies or Marketing Cookies: These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.
Category 5 - Social Media Cookies: These cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.
To remove or block the cookies from our websites you can access our Cookie Preference Center text link located at the footer of our websites or you can activate the setting on your browser that allows you to customize your cookies.
Who will it be shared with?
We may share your personal data with third parties, including third-party service providers, and other entities within our group where this is required by law, where it is necessary to perform our contract with you, or where we have another legitimate interest in doing so.
We will need to share your personal data with others including:
- The resort at which you are staying;
- The airline providing your flights;
- Other entities within our group who participate in the booking process for the services provided to you;
- Our booking system providers;
- Our tour provider if you choose to book a tour;
- The Sandals Foundation if you choose to make a donation;
- Third party service providers we are using to provide services that involve data processing such as IT and system administration services;
- Third parties we have engaged to run customer surveys on our behalf;
- Professional advisers including our legal teams (both internal and also external law firms), bankers, auditors and insurers to the extent such information is relevant to the performance of their services;
We will share your personal data with other entities in our group who participate in the booking process for the services provided to you, as part of our regular reporting activities in company performance, in the context of a business reorganisation or group restructuring exercise, for system maintenance support and hosting of data.
In the event of our insolvency we, or any appointed insolvency practitioner, may disclose your personal data to the Civil Aviation Authority (“CAA”) and/or ABTA so that they can assess the status of your booking and advice you on the appropriate course of action under any scheme of financial protection. You can find the CAA’s general privacy notice at https://www.caa.co.uk/Our-work/About-us/General-privacy-notice/ and ABTA’s privacy notice at https://www.abta.com/privacy-notice (links correct at the time of the last update to this privacy notice). We do not control these third party websites and are not responsible for their privacy notices.
We may share your personal data with third parties, for example in the context of the possible sale or restructuring of the business. We may also need to share your personal data with a regulator or to otherwise comply with the law or a judicial process. We may disclose your personal data if we are required by law to do so or if we reasonably believe that disclosure is necessary to protect our rights and/or to comply with judicial or regulatory proceedings, a court order or other legal process.
We may transfer the personal data we collect about you to Canada where our servers are located for our legitimate interests in hosting all data on our central servers there. There is an adequacy decision by the European Commission in respect of Canada which means it is deemed to provide an adequate level of protection for your personal data.
We may also transfer the personal data we collect about you to countries where the third parties listed above are located including the United States, Panama, Jamaica, Bahamas, St. Lucia, Antigua, Grenada, Barbados and Turks & Caicos in order to perform our contract with you by booking your requested holiday. Your personal data may also be transferred to Honduras and India where our database maintenance teams are located for our legitimate interests in maintaining such database. These countries may not have the same standard of data protection laws as the EU.
However, to ensure that your personal data does receive an adequate level of protection we will put in place appropriate safeguards such as the EU-approved standard contractual clauses to ensure that your personal data is treated in a way that is consistent with and which respects the EU and UK laws on data protection. If you require further information about this protective measure you can request it from [email protected].
How long will we retain your information?
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Generally, we will keep information relevant to our dealings with you for up to 7 years once you have ceased being a customer. Exceptional circumstances will or may apply to customer service data where we will keep information for up to 10 years.
In some circumstances we may anonymise your personal data so that it can no longer be associated with you, in which case we may use such information without further notice to you as it is no longer personal data.
Once we no longer require your personal data for the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements. We will securely destroy your personal data in accordance with applicable laws and regulations.
Your rights in relation to your information
It is important that the personal data we hold about you is accurate and current. Please let us know if your personal data changes during your relationship with us, for example, if you move house.
You have rights as an individual which you can exercise in relation to the information we hold about you under certain circumstances. These rights are to:
- Request access to your personal data (commonly known as a “data subject access request”) and request certain information in relation to its processing;
- Request rectification of your personal data;
- Request the erasure of your personal data;
- Request the restriction of processing of your personal data;
- Object to the processing of your personal data;
- Request the transfer of your personal data to another party.
If you want to exercise one of these rights please contact us at [email protected].
You also have the right to make a complaint at any time to a supervisory authority for data protection issues.
Fees
You will not usually have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
Right to withdraw consent
In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact [email protected]. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose(s) you originally agreed to unless we now have an alternative legal basis for doing so.
Changes to this privacy notice
We reserve the right to update this Privacy Policy at any time, and we will make an updated copy of such Privacy Policy available on our website and notify you when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal data.
UNIQUE TRAVEL CORP WEDDING CUSTOMERS PRIVACY POLICY SUPPLEMENTAL TERMS
This Wedding Customers Privacy Policy is supplemental to Unique’s general Privacy Policy. Please refer to the general Privacy Policy for further information on how we collect, use and otherwise process the personal data we collect from you in connection with your relationship with us as a customer or potential customer.
In addition to the information provided in the general Privacy Policy, we also wanted to explain what we collect, how we collect and how we use personal data you give us when you book a wedding with us. For all other information about us, our data practices in respect of other personal data you give us as a customer or potential customer or your rights in relation to your data please refer to our general Privacy Policy.
What information do we collect about you and what do we use it for?
The types of personal data about you we may collect, store and use are set out in the table below and in each case we have specified what we use it for and our ‘lawful basis’ for processing it. The law specifies certain ‘lawful bases’ under which we are allowed to use your personal data. Most commonly, we will rely on one or more of the following lawful bases for processing your personal data:
- 1. Where we need to perform the contract we have entered into with you (i.e. we need to provide the wedding you have booked);
- 2. Where we need to comply with a legal obligation;
- 3. Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests;
- 4. Where you have consented to us doing so.
Special categories of personal data
Certain categories of personal data, such as race, religion or health, are considered to be “special categories” of personal data as they are more sensitive types of data. We try to limit the circumstances where we process special categories of personal data as much as possible, however, we may also occasionally collect, store and use special categories of data that you provide us with.
“Special categories” of more sensitive personal data require higher levels of protection whereby we need to have further justification for collecting, storing and using this type of personal data. We may process special categories of personal data with your explicit consent. Less commonly, we may process this type of information where it is needed in relation to legal claims.
You may have made requests in relation to your wedding that may imply or suggest something about you that could be this more sensitive personal data. For instance, you may request that particular arrangements at your wedding ceremony which could imply or suggest that you hold particular religious beliefs.
By providing us with special categories of personal data you explicitly consent to our collecting, using and sharing this information with third parties and transferring such data outside of the EU as described in this Privacy Policy. We do not require you to provide us with special categories of personal data, however, if you do not do so we are unlikely to be able to accommodate your needs. Similarly, if you withdraw your consent (see Right to withdraw consent below) we are unlikely to be able to accommodate your needs.
Please note that we may use your personal data without your knowledge or consent, in compliance with the above rules, if we are required by law to do so or if we reasonably believe that it is necessary to protect our rights and/or to comply with judicial or regulatory proceedings, a court order or other legal process.
What if you do not provide the personal data we request?
If you do not provide us with certain information when requested, we will not be able to perform all or part of the contract we have entered into with you (such as delivering your wedding ceremony).
How do we collect this information?
We collect this information from you:
- When you complete our wedding information and marriage license form
- When you send us the supporting documents required for your marriage license such as passport and birth certificate
Who will it be shared with?
We may share your personal data with third parties, including third party service providers, or with other entities within our group where this is required by law, where it is necessary to perform our contract with you, or where we have another legitimate interest in doing so.
We will need to share your personal data with others including:
- Other entities within our group who participate in the booking process for weddings;
- The relevant governmental authority for the jurisdiction in which you are having your ceremony.
We will share your personal data with other entities in our group who participate in the booking process for weddings, as part of our regular reporting activities in company performance, in the context of a business reorganisation or group restructuring exercise, for system maintenance support and hosting of data.
We may share your personal data with third parties, for example in the context of the possible sale or restructuring of the business. We may also need to share your personal data with a regulator or to otherwise comply with the law or a judicial process. We may disclose your personal data if we are required by law to do so or if we reasonably believe that disclosure is necessary to protect our rights and/or to comply with judicial or regulatory proceedings, a court order or other legal process.
We may transfer the personal data we collect about you to Canada [where our servers are located] for our legitimate interests in hosting all data on our central servers there. There is an adequacy decision by the European Commission in respect of Canada which means it is deemed to provide an adequate level of protection for your personal data.
We may also transfer the personal data we collect about you to countries where the third parties listed above are located including the United States, Panama, Jamaica, Bahamas, St. Lucia, Antigua, Grenada, Barbados, Curacao and Turks & Caicos in order to perform our contract with you (i.e. to provide you with your wedding). These countries may not have the same standard of data protection laws as the EU.
However, to ensure that your personal data does receive an adequate level of protection we will put in place appropriate safeguards such as the EU/UK-approved standard contractual clauses to ensure that your personal data is treated in a way that is consistent with and which respects the EU and UK laws on data protection. If you require further information about these protective measures you can request it from [email protected].