This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. Macs Adventure Ltd ‘Macs Adventure Holidays’ ("We") are committed to protecting and respecting your privacy. For the purpose of the Act, the data controller is Macs Adventure Ltd of Unit 500, 103 Byres Road, Glasgow, G11 5HW, UK.
Information we may collect from you:
We may collect and process the following data about you:
- Information that you provide by filling in forms on our website www.macsadventure.com. This includes information provided at the time of registering to use our site, subscribing to our service, posting material or requesting further services or information from us. We may also ask you for information when you enter a competition or promotion operated by Macs Adventure Ltd or when you report a problem with our site.
- Information that you provide at the time of booking, or subsequently, that may include some or all of the following information relating to you or your group: names, addresses, contact details, passport details, credit/debit card details, payment details, information relating to medical conditions and dietary requirements, emergency contact details, height, clothing and shoe sizes.
- If you contact us, we may keep a record of that correspondence but always in compliance with the Act.
- We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them.
- Details of transactions you carry out through our site and of the fulfillment of your orders.
- Details of your visits to our site including, but not limited to, traffic data, location data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise and the resources that you access.
IP Addresses and Cookies
We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to report aggregate information to our advertisers. This is statistical data about our users' browsing actions and patterns only. For the same reason, we may obtain information about your general internet usage by using a cookie file which is stored on the hard drive of your computer. Cookies contain information that is transferred to your computer's hard drive. They help us to improve our site and to deliver a better and more personalized service. They enable us:
- To store information about your preferences, and so allow us to customize our site according to your individual interests.
- To speed up your searches.
- To recognize you when you return to our site.
- To estimate our audience size and usage pattern.
Where we store your personal data:
Any personal data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area ("EEA"). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff maybe engaged in, among other things, the fulfillment of your order, the processing of your payment details and the provision of support services.
By submitting your personal data, you agree to this transfer, storing or processing. We will take appropriate steps to safeguard your data in accordance with the requirements of the Act. All information you provide to us will be stored on our secure servers. Any payment transactions will be encrypted. Where we have given you (or where you have chosen) a password that enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone. Unfortunately, the transmission of information via the internet is not completely secure. Subject to our compliance with the requirements of the Act, although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your personal data, we will adopt appropriate procedures and security features to prevent unauthorized access.
Uses made of the information:
We may use your personal data in the following ways:
- To ensure that content from our site is presented in the most effective manner for you and for your computer. This may include us using your personal data in order to tailor the website to your preferences.
- To provide you with information, products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes via a form on our website or direct correspondence with one of our representatives.
- To carry out our obligations arising from any contracts entered into between you and us including to communicate with you regarding your booking or other purchase.
- To respond to queries you may direct to us from time to time.
- To allow you to participate in interactive features of our service, when you choose to do so.
- To notify you about changes to our service.
Disclosure of your information:
When you make a travel booking with us, certain of the personal data you provide will require to be passed to and processed and stored by relevant third parties, so that they can provide you with the arrangements you require.
We may disclose your personal information to third parties if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or to protect the rights, property, safety of Macs Adventure Ltd, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
We may disclose our customer list and personal information to a third party who acquires or attempts to acquire all or a substantial part of our company or website.
We may pass personal data to third party organisations that provide us IT or administrative services to us. We may use third parties to support us in providing our services and to help provide, run and manage our IT systems and website. For example, providers of information technology, cloud based software as a service providers, identity management, website hosting and management, data analysis, data back-up, security and storage services. The servers powering and facilitating that cloud infrastructure are located in secure data centers around the world, and personal data may be stored in any one of them.
When we share data with others, we will implement appropriate technical and organisations to protect the data and to comply with our obligations under the Act.
How long will we hold on to your information:
We will retain your information only for as long as is necessary for the purposes set out in this policy. We will retain and use your information to the extent necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
You have certain rights over your personal data. These rights include:-
Access to your personal data
You have a right of access to personal data held by us as a data controller. This right may be exercised by emailing us at email@example.com. We will aim to respond to any requests for information promptly, and in any event within 30 days.
To update, correct or rectify any personal data held to us, you may email us at firstname.lastname@example.org with details of the required changes and we will make the necessary amendments.
Withdrawal of consent
You are entitled to request us to delete your personal data and withdraw your consent to us processing any personal data we hold about you. We will delete your data, unless we have a requirement to keep it under legitimate business or legal obligations. To make such a request, please email us at email@example.com.
Right of Data Portability
You have the right to receive any personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit that data to another controller without hindrance from us. In exercising this right, you shall have the right to have the personal data transmitted directly us to another data controller where technically feasible.
If you have any questions about this privacy statement, how and why we process personal data or wish to exercise any of the rights contained herein, please contact us at firstname.lastname@example.org
Changes to this policy
This policy will be kept under regular review and therefore may change from time to time in order to ensure our continued compliance with data protection legislation.
Privacy Shield Policy Supplement:
Macs Adventure Limited recognizes that the EEA has established strict protections regarding the handling of EEA Personal Data, including requirements to provide adequate protection for EEA Personal Data transferred outside of the EEA. To provide adequate protection for certain EEA Personal Data about customers, clients, suppliers, and business partners received in the US, Macs Adventure Limited has elected to self-certify to the EU-US Privacy Shield Framework administered by the US Department of Commerce ("Privacy Shield"). Macs Adventure Limited adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement, and Liability.
For purposes of enforcing compliance with the Privacy Shield, Macs Adventure Limited is subject to the investigatory and enforcement authority of the US Federal Trade Commission. For more information about the Privacy Shield, see the US Department of Commerce's Privacy Shield website located at: https://www.privacyshield.gov. To review Macs Adventure Limited's representation on the Privacy Shield list, see the US Department of Commerce's Privacy Shield self-certification list located at: https://www.privacyshield.gov/list.
Personal Data Collection and Use
We may receive EEA Personal Data that is provided by you in the process of booking a trip with us in the US. We process EEA Personal Data for the following purposes: to complete and manage your booking internally and with our suppliers and partners, and to otherwise operate your US tour on behalf of Macs Adventure Limited. Macs Adventure Limited will only process EEA Personal Data in ways that are compatible with the purpose that Macs Adventure Limited collected it for, or for purposes the individual later authorizes. Before we use your EEA Personal Data for a purpose that is materially different than the purpose we collected it for or that you later authorized, we will provide you with the opportunity to opt out. Macs Adventure Limited maintains reasonable procedures to help ensure that EEA Personal Data is reliable for its intended use, accurate, complete, and current.
Third-Party Agents or Service Providers.
We may transfer EEA Personal Data to our third- party agents or service providers who perform functions on our behalf in order to complete and manage your booking for a US tour (e.g. to our partner hotels). Where required by the Privacy Shield, we enter into written agreements with those third-party agents and service providers requiring them to provide the same level of protection the Privacy Shield requires and limiting their use of the data to the specified services provided on our behalf. We take reasonable and appropriate steps to ensure that third-party agents and service providers process EEA Personal Data in accordance with our Privacy Shield obligations and to stop and remediate any unauthorized processing. Under certain circumstances, we may remain liable for the acts of our third-party agents or service providers who perform services on our behalf for their handling of EEA Personal Data that we transfer to them.
Disclosures for National Security or Law Enforcement. Under certain circumstances, we may be required to disclose your EEA Personal Data in response to valid requests by public authorities, including to meet national security or law enforcement requirements.
Macs Adventure Limited maintains reasonable and appropriate security measures to protect EEA Personal Data from loss, misuse, unauthorized access, disclosure, alteration, or destruction in accordance with the Privacy Shield.
You may have the right to access the EEA Personal Data that we hold about you and to request that we correct, amend, or delete it if it is inaccurate or processed in violation of the Privacy Shield. These access rights may not apply in some cases, including where providing access is unreasonably burdensome or expensive under the circumstances or where it would violate the rights of someone other than the individual requesting access. If you would like to request access to, correction, amendment, or deletion of your EEA Personal Data, you can submit a written request to the contact information provided below. We may request specific information from you to confirm your identity. In some circumstances we may charge a reasonable fee for access to your information.
Questions or Complaints
You can direct any questions or complaints about the use or disclosure of your EEA Personal Data to us at email@example.com . You may also contact our EEA affiliate Macs Adventure Limited at firstname.lastname@example.org with any questions or concerns. We will investigate and attempt to resolve any complaints or disputes regarding the use or disclosure of your EEA Personal Data within 45 days of receiving your complaint. For any unresolved complaints, we have agreed to cooperate with JAMS. If you are unsatisfied with the resolution of your complaint, you may contact JAMS at https://www.jamsadr.com/eu-us-privacy-shield for further information and assistance.
You may have the option to select binding arbitration for the resolution of your complaint under certain circumstances, provided you have taken the following steps: (1) raised your compliant directly with Macs Adventure Limited and provided us the opportunity to resolve the issue; (2) made use of the independent dispute resolution mechanism identified above; and (3) raised the issue through the relevant data protection authority and allowed the US Department of Commerce an opportunity to resolve the complaint at no cost to you. For more information on binding arbitration, see US Department of Commerce's Privacy Shield Framework: Annex I (Binding Arbitration). If you invoke binding arbitration, each party shall be responsible for its own attorney’s fees. Please be advised that, pursuant to the Privacy Shield, the arbitrator(s) may only impose individual-specific, non-monetary, equitable relief necessary to remedy any violation of the Privacy Shield Principles with respect to you.
If you have any questions about this Policy or would like to request access to your EEA Personal Data, please contact us as follows: email@example.com.
Changes To This Policy
We reserve the right to amend this Policy from time to time consistent with the Privacy Shield's requirements.
Effective Date: May 25, 2018 Last modified: August 17, 2018
Entity with whom you are contracting
Different Macs Adventure entities provide the products and services in different parts of the world. Your use of the products and services is subject to you entering into the Booking Agreement with the Macs Adventure entity specified below based on where you are located and/or where your tour will be. Choice of law and the location for resolving disputes with such Macs Adventure entity for your region/country is also specified below. The validity, interpretation, and performance of this Agreement shall be controlled by and construed under those applicable laws.
For United States residents booking a tour, the Macs Adventure entity is Macs Adventure Ltd, a Colorado limited liability company (“Macs US”). For residents outside the United States who have booked a tour in the United States, Macs US will be the operator of your tour and will be the applicable entity related to the operation of your tour in the United States. Governing law for contracts with Macs US is the laws of the State of Colorado, United States of America, as if performed wholly within the state and without giving effect to the principles of conflicts of law. The State and Federal courts of Colorado shall have exclusive jurisdiction over any claim arising under this Agreement.
For European and other non-United States residents booking a tour, the Macs Adventure entity is Macs Adventure Limited, located in the United Kingdom (“Macs UK”). Subject to contracting the operation of your tour to Macs US, Macs UK will be the applicable entity for all tours in this region. Governing law for contracts with Macs UK is the laws of England.