PRIVACY & DATA POLICY STATEMENT
1st Tickets Limited is a small organisation that specialises in providing travel and accommodation services for Motorsport Events, especially the Le Mans 24 hrs Race and the bi-annual Le Mans Classic.
In the course of our operations we need to gather certain data – From the 25th May, 2018 that data will be covered by the new GDPR (General Data Protection Regulation). The Regulation requires us to tell you what data we will collect, why we need your data, what we will do with it and who will process it. This is described below in the language of the GDPR.
What will we collect?
From an Enquiry: We will request your email, address and phone number if you enquire about any of our events via our websites (both the main 1st Tickets site and the soon to be launched Le Mans Guide site) so that we can reply to you.
For a Booking: In order to process your booking, we need to collect certain personal details from you. These details will include, where applicable, the names and contact details (telephone, email and postal address) of the party leader and the names of party members, special requirements such as those relating to any disability or medical condition which may affect your chosen holiday arrangements and any dietary restrictions. For bookings that include a channel crossing, we also require your vehicle’s make, model and registration and for some crossing routes the date of birth and nationality of all passengers.
We will also collect your credit/debit card or other payment details to pay for the service – these will only be used for your booking and are destroyed immediately after their use (the paper on which the card/bank details are on will be shredded.)
Why will we collect it?
From an Enquiry: so that we can reply to you about your requirements.
From a Booking: so that we can process your booking, reserve your required crossings and/or accommodation and any required additional services.
How will we process it?
1st Tickets is a small organisation so we have no complex computer systems. We have our Database in our office for recording enquiries and bookings, plus our online marketing datastore with Mailchimp. Other than these places we do not store the data anywhere else. We do nothing else with the data.
In order to process your booking, we are contractually obliged to provide the specific information required to fulfil your channel crossing, accommodation and event ticket requirements.
The ACO (Automobile Club de L’Ouest) require your details to be added to their ticket system for procession and for Security reasons – they are also covered by the GDPR – WE DO NOT GIVE YOUR DATA TO ANYONE ELSE.
We need to pass on your personal details to the companies and organisations who need to know them so that your holiday can be provided (for example your airline, hotel, other supplier, credit/debit card company or bank). Such companies and organisations may be outside the European Union, Norway, Iceland or Liechtenstein if your holiday is to take place or involves suppliers outside these countries.
Who Processes it?
Our data is not on line and our staff use that data via their terminals to meet your requests.
We may send you offers and news about our services in a number of ways, including by email. We will only do this if you previously agreed to receive these marketing communications.
When you book or enquire with us we will ask if you would like to receive marketing communications. You can change your marketing preferences online, over the phone, or if you decide that you no longer to receive communications from us using the ‘unsubscribe’ link in our marketing emails, or send us an email.
We will retain all details you give us in connection with your booking but we will use only names and contact details for marketing purposes.
Occasionally we hire other companies to provide services on our behalf, for example emailing or mailing information to our customers. We only provide those companies with the personal details relating to our clients which they require in order to carry out such mailings.
Occasionally, we may sell or pass our customers’ names and contact details to other organisations who offer goods or services which we feel may interest you.
We may need to disclose our customer database, including any personal data relating to you contained therein, to a third party who acquires or attempts to acquire all or substantially all of the assets or stocks in our company or our website service whether by merger, acquisition, reorganisation or otherwise.
We have appropriate security measures in place to protect this information.
Unless you agree otherwise and except where expressly permitted by the Data Protection Act, we will only deal with the personal details you give us as set out above. If you do not want us to do any or all of these things, please let us know. We are entitled to assume you do not object to our doing any of the things mentioned in this statement unless you tell us otherwise in writing.
Social Media Features
Our websites or mobile apps may contain social media features such as Facebook, Twitter, Google+ and Pinterest that have their own privacy notices. Please make sure you read their terms and conditions and privacy notice carefully before providing any personal data as we do not accept any responsibility or liability for these features.
If you log-in using your social network credentials to connect to our platforms and online services e.g. Facebook, Google+ and Twitter, you will agree to share your user details with us. For example, your name, email address, date of birth, location and any other information you choose to share with us.
Links to other websites
Our websites or mobile apps may contain links to websites operated by other organisations that have their own privacy notices. Please make sure you read the terms and conditions and privacy notice carefully before providing any personal data on another organisation’s website as we do not accept any responsibility or liability for websites of other organisations.
Sharing Personal Data with Regulatory Authorities
As we have already mentioned under Bookings – it may be mandatory (as required by government authorities at the point(s) of departure and/or destination) to disclose and process your personal data for immigration, border control, security and anti-terrorism purposes, or any other purposes which they determine appropriate.
Sharing Personal Data with Credit Reference and Fraud Prevention Agencies
When you order or buy services from us we may share your personal data, on very rare occasions, with credit reference and fraud prevention agencies. That means looking into any records we hold about you and your records with credit reference agencies (CRAs) or fraud prevention agencies (FPAs). When they get a search from us, a ‘footprint’ goes on your file which other organisations might see.
We may also, very rarely, do checks to confirm your identity. That is to help protect you from identity theft and other types of fraud, and to prevent and detect crime or money laundering. It might be necessary to run more checks with CRAs and FPAs to keep your information and your account up to date. If false or inaccurate information is provided and identified as fraud, the details will be passed to FPAs. This information may also be shared with law enforcement agencies.
Protecting your Personal Data
We know how important it is to protect and manage your personal data. We will take appropriate security measures to help protect your personal data from accidental loss and from unauthorised access, use, alteration and disclosure.
We will retain your personal data for only as long as it is necessary for the uses set out in this Policy Notice and/or to meet legal and regulatory requirements. After this period, we will securely erase personal data. If data is needed after this period for analytical, historical or other legitimate business purposes, we will take appropriate measures to anonymise this data.
Accessing and Updating your Personal Data
You have a right to ask for a copy of the personal data we hold about you, although you should be able to access online the personal data associated with your account or booking. You can write to us asking for a copy of other personal data we hold about you.
Please include any details to help us identify and locate your personal data. Where we can provide data access, we will do so free of charge except where further copies are requested in which case we may charge a reasonable fee based on administrative costs.
We want to make sure that the personal data we hold about you is accurate and up to date. If any of the details we hold are incorrect, please let us know.
You can also ask for your personal data to be rectified or erased, to object to the processing of your personal data and, where technically feasible, to ask for personal data you provided to be transmitted to another organisation.
We will update or erase your data, unless we have to keep it for legitimate business or legal purposes.
Data Accuracy & Complaints
You are generally entitled to ask us (by letter or e-mail) what details of yours are being held or processed, for what purpose and to whom they may be or have been disclosed. We will charge a fee to respond to such a request. We promise to respond to your request within 40 days of receiving your written request and fee. In certain limited circumstances we are entitled to refuse your request.
If you believe that any of your personal details which we are processing are inaccurate or incorrect please contact us immediately.
You can also contact us if you have a complaint about how we collect, store or use your personal data. We aim to resolve complaints but if you are dissatisfied with our response, you may complain to the Information Commissioner’s Office.
Please submit your request or complaint in writing or email to:
The Data Protection Officer
1st Tickets Limited
Priory Business Park
By email: firstname.lastname@example.org
Please note that we may ask you to verify your identity before we can act on your request or complaint. We may also ask you for more information to help ensure that you are authorised to make such a request or complaint should you contact us on behalf of someone else.
This privacy statement covers websites owned and controlled by us only. Links to other websites and any information collected by these sites are not covered by this privacy statement.