Kosmar understands and respects the importance of protecting your personal data. This Privacy Policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us, in respect of your relationship with us as a customer or a potential customer. This information may be collected via our websites (Sites), our contact centres, our retail stores, our mobile applications (Apps), our questionnaires/surveys, our representatives or appointed agents in overseas destinations, or our social media channels (collectively, our Services).
Please read the following information carefully. You are responsible for ensuring that the other people that you are acting on behalf of (such as those included with you on a booking or an insurance policy), are aware of the content of this Privacy Policy and you have checked with them that they agree to their personal data being given to us to make a booking or other purchase on their behalf.
By making a booking or other purchase or otherwise giving your personal data to us, we will transfer, store or process it as set out below. We will take all reasonably necessary steps to ensure that your data is treated securely and in accordance with this Privacy Policy.
This Privacy Policy applies to Kosmar Holidays Limited whose Company Registration Number is 11367550 and Registered Address is 32 Eyre Street, Sheffield S1 4QZ.
We collect certain personal data about you and about any other person you include on your booking/product. The sort of personal data we collect is information that you provide to us, that we collect from you or observe about you, or that we obtain from other sources.
To help us keep your information current, accurate and complete, please ensure you tell us if anything needs to be changed.
Based on how you have used our Services in the past and your activity on our website, social media channels, or with our contact centre and stores, we collect the following personal data about you:
We might also receive your personal data from third party sources who collect information about you on our behalf. This includes:
Your personal data is held on a combination of our own systems and systems of the suppliers we use to provide our services.
When you give your personal data to us, some of the personal data you provide will need to be given to and processed and stored by relevant third parties. These third parties include:
Some of these third parties may be based outside of the UK, EU or European Economic Area (EEA). Organisations that are based outside of the UK, EU or EEA may not be subject to the same level of controls in regard to data protection as exist within the UK and the EEA. We aim only to transfer your data to third parties outside of the UK, EU or EEA where either:
(a) your personal information will be subject to one or more appropriate safeguards set out in the law, if you’d like more information about our safeguards, please contact us. These safeguards might be the use of standard contractual clauses in a form approved by regulators, or having our suppliers sign up to an independent privacy scheme approved by regulators (like the US Privacy Shield scheme); or
(b) the transfer is necessary to enable your contract to be performed.
Due to the decision of the UK leaving the EU, the way your data is transferred from the UK to other countries may change to ensure continuing compliance with data protection regulations but it will not change the security of your data. This will depend on the data protection rules in place for the international transfers of data outside of the UK once the UK has left the EU.
In order for you to travel overseas, we may be required to disclose certain of your personal data to government bodies or other authorities in the UK and in other countries, such as those responsible for immigration, border control, law enforcement, security and anti-terrorism.
Even if it is not mandatory for us to provide information to such authorities, we may exercise our discretion to assist them where appropriate in the interests of detecting and preventing criminal activity.
We may disclose your personal information to any member of our Group for business purposes, (those business purposes include holding your data on central/shared systems for administering bookings and supporting customers in destination countries). Our Group means our subsidiaries and our ultimate holding company and its subsidiaries. We may share your data with members of our Group who are in the UK or outside the UK. To support any potential company sale or acquisition or corporate reorganisation we may disclose your personal data to the prospective seller or buyer of such business or assets or professional advisors helping with any sale, acquisition or corporate reorganisation (e.g. lawyers, auditors).
In order to provide our services to you, we use the information we hold in a number of different ways. We process your information where we have legal basis to do so, such as, because it is necessary when you enter into a contract for travel services or because we have a legitimate business reasons for doing so.
The following activities are carried out by us using your personal data because it is necessary in relation to a contract which you have entered into or because you have asked for something to be done so you can enter into a contract;
We may use and process your personal information as set out below where it is necessary for us to carry out activities for which it is in our legitimate interests as a business to do so:
We use this information in two ways:
To support any potential company sale or acquisition:
We may use and process your personal information as set out below where we consider that it is in your vital interests that we do:
We may use and process your personal information as set out below where we have your consent to do so:
We may use and process your personal information and may pass it to third parties where there is a legal requirement for us to do so:
Processing subject to national laws: We may also use and process your personal information (including special category data such as information on your health specifically for insurance purposes) where we have a specific legal basis to do so under applicable national law. In the UK and Ireland, we rely on local Data Protection Laws that allows us to use health data in connection with your insurance policy, we may need to use health data for the purposes of providing quotes, processing claims, fraud investigation and handling complaints you may have.
If you have made an enquiry or purchase on one of our Sites, through our stores or contact centres, your personal data may be used by us in the ways the law allows, to contact you by post, electronic means (e-mail or text message) and/or by phone with information and offers relating to products or services that you can book/purchase from Kosmar companies. We will only do this if you did not opt out of such marketing at the point where we collected your contact details.
If you have not made an enquiry or purchase, we will only send you information and offers by e-mail or text message if you sign up (opt in) to receive such marketing, either directly through us or by telling a third party that you would like to receive marketing from us. We will only send you information and offers by App push notifications if the permissions that are set in the Settings section of your device allow for this to happen. If you do not wish to receive App push notifications, you can change your settings and opt-out at any time.
We will not pass your contact details to a third party that is not one of our business partners involved in providing Kosmar services or products for them to contact you or send you marketing communications unless you have expressly agreed that we may do so.
To try and ensure that our marketing communications and advertising are relevant to you, we work with third parties to offer a better experience to customers and potential customers
Using new technologies and with the help of our advertising agencies and marketing activation platforms, we may use your personal information in the following ways:
Our business partners and advertising networks may serve you with non-personalised adverts on our Sites via advertising technology Google Double Click for Publishers. Non-personalised adverts are targeted using contextual information regarding the pages visited on our site, rather than the past behaviour of a user. We allow third parties to collect information about your online activities using cookies and other technologies. The third parties may include other Kosmar companies, our suppliers/business partners who collect information when you view or interact with an advert on one of our Sites, and advertising networks. We also collect information about your online activities using cookies and other technologies when you use websites other than our Sites to provide advertising services on behalf of our business partners. This technology allows us to display an advert to you relating to a business partner on other websites based on your page visits and other behaviours whilst on our Sites.
You have the right at any time to ask us not to process your personal data for marketing purposes. You can exercise your right to prevent such processing by selecting the no marketing option on the forms we use to collect your data. You can also exercise this right at any later time by using the unsubscribe link on any marketing e-mail you receive.
You can choose to opt-out by following the opt-out instructions on any direct marketing communication sent by post or by sending an unsubscribe request to:
Database Manager, Marketing, Kosmar Holidays Limited, 32 Eyre Street, Sheffield S1 4QZ.
You can opt out of App push notifications in the Settings section of your device.
You have a number of rights in relation to your personal information under data protection law.
You have the right to make a Data Subject Access Request in many circumstances. That is a request for access to the personal information that we hold about you. If we agree that we have to provide personal information to you (or someone else on your behalf), we’ll provide it to you or them free of charge.
We may ask for proof of identity and sufficient information about your interactions with us that we can locate your personal information. That may include information about your previous booking(s) or other purchases. If someone is acting on your behalf they will need to provide written and signed confirmation from you that you have given your authority to that person/company for them to make the request. We will ask for this to be provided before we give you (or another person acting on your behalf) a copy of any of your personal information we may be holding. We may not provide you with a copy of your personal information if it includes the personal information of other individuals or we have another lawful reason to withhold that information.
Please see the section below titled, How to Contact Us if you need to make a Data Subject Access Request.
The accuracy of your information is important to us and we are working on ways to make it easier for you to review and correct the information that we hold about you.
In the meantime, if you change your name or address/e-mail address, or you discover that any of the other information we hold is inaccurate or out of date, please let us know by contacting our customer service team.
Where we rely on your consent as the legal basis for processing your personal information, as set out in section above titled, How do we use your information when providing our services to you, you may withdraw your consent at any time. If you would like to withdraw your consent to receiving any direct marketing to which you previously opted-in, please see the section titled, What you need to do if you don’t want our marketing communications for further details. Please note if you ask us to stop processing this information, it may mean we won’t be able to provide all or parts of the services you have requested. If we have to cancel your booking or other purchase as a result, you may incur a cancellation charge.
If you withdraw your consent, our use of your personal information before you withdraw is still lawful.
Where we rely on our legitimate business interests as the legal basis for processing your personal information for any purpose(s), you may object to us using your personal information for these purposes by e-mailing or writing to us at the address provided at the end of this policy. Except for the purposes for which we are sure we can continue to process your personal information, we will temporarily stop processing your personal information in line with your objection until we have investigated the matter. If we agree that your objection is justified in accordance with your rights under data protection law, we will permanently stop using your data for those purposes. Otherwise we will provide you with our justification as to why we need to continue using your data.
In certain circumstances, you may ask for your personal information to be removed from our systems by e-mailing or writing to us at the address at the end of this policy. Provided we do not have any continuing lawful reason to continue processing or holding your personal information, we will make reasonable efforts to comply with your request.
You may also ask us to restrict processing your personal information where you believe it is unlawful for us to do so, you have objected to its use and our investigation is pending or you require us to keep it in connection with legal proceedings. We may only process your personal information whilst its processing is restricted if we have your consent or are legally permitted to do so, for example for storage purposes, to protect the rights of another individual or company or in connection with legal proceedings.
Where we rely on your consent as the legal basis for processing your personal information or need to process it in connection with your contract, as set out in section titled, How do we use your information when providing our services to you, you may ask us to provide you with a copy of that information in a structured data file.
You can ask us to send your personal information directly to another service provider, and we will do so if this is technically possible. We may not provide you with a copy of your personal information if it contains the personal information of other individuals or we have another lawful reason to withhold that information.
We encourage you to contact us if you have a complaint and we will seek to resolve any issues or concerns you may have.
You have the right to lodge a complaint with the data protection regulator where you believe your legal rights have been infringed, or where you have reason to believe your personal information is being or has been used in a way that doesn’t comply with the law. The contact details for the Information Commissioner’s Office (ICO), the data protection regulator in the UK, are available on the ICO website.
If you wish to contact us about this Privacy Policy, you can e-mail or write to the Kosmar Group Data Protection Officer using the contact details above.
How to contact us
To contact us about this Privacy Policy, to make a Data Subject Access Request, or a data protection related complaint.
Any subject access request can be made in the following ways:
By post: Legal & Compliance Department, Kosmar Holidays Limited, 32 Eyre Street, Sheffield S1 4QZ
Once you have made your request and provided us with the information we need to begin a search for the data we hold on you (including proof of identity), we will have 30 days to respond.
Keeping hold of your personal data
Where you’ve made an enquiry, booking or other purchase from us, or agreed to receive marketing communications, your personal information will be retained to ensure we provide the best possible customer service to you. We retain your personal data for as long as is necessary for us to use your data as set out in this Privacy Policy. This will generally be for up to 2 years unless you have made a booking/purchase, in which case your personal data will be retained for 7 years from the date of your most recent booking/purchase, or such other time that may be required for our legal and audit purposes or that is required by law.
What is our approach to data security
The transmission of information via the internet is not completely secure, and although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Sites, therefore any transmission is at your own risk. Once we have received your information, we will take all reasonable steps to keep your personal data secure and to try to prevent any unauthorised access, use or loss of your data, by putting in place appropriate security measures and limiting access to those who have a business need to know. All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted using TLS technology. We do not store customer card data on our internal systems. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Sites, you are responsible for keeping that password confidential. We ask you not to share a password with anyone.
We have a process to deal with any suspected personal data breach and will notify you and the ICO of a breach where legally required to do so.
What happens when you follow a link from our website to a third party website
Our Sites contains links to and frames of websites of our principals, suppliers, advertisers and other third parties. You can tell when a third party is involved in supplying a product or service you have requested because their name will appear with ours. If you follow a link or otherwise use any of these other websites, please note that these websites have their own privacy policies and cookie policies and that we do not accept any responsibility or liability for these policies or for these third party websites. Please check these policies before you submit any personal data to these websites.
We reserve the right to update or alter this Privacy Policy from time to time. You can request a copy of a previous version of our Privacy Policy.
July 2020, Version 7
Established in 2018, we're lucky to have some of the most experience and well travelled experts working for us.
Book with confidence knowing that we're members of the Travel Trust Association (TTA) and all our flight-inclusive holidays are ATOL protected.
We pride ourselves on leading with the lowest prices while delivering the highest levels of service.
We're on hand throughout your holiday with our complimentary resort support services,
All our flight-inclusive holidays are ATOL Protected assuring you that if the unexpected happens, you'll be looked after.
TRAVEL AWARE – STAYING SAFE AND HEALTHY ABROAD
The Foreign, Commonwealth & Development Office and National Travel Health Network and Centre have up to date advice on staying safe and healthy abroad. For the latest travel advice from the Foreign, Commonwealth & Development Office including security and local laws, plus passport and visa information please visit www.gov.uk/foreign-travel-advice and follow @FCDOtravelGovUK and facebook.com/FCDOtravel. More information is available here. Keep informed of current travel health news by visiting www.travelhealthpro.org.uk
Book with confidence. We are a Member of the TTA which means you have the benefit of TTA’s assistance and Code of Conduct. All the package and Flight-Plus holidays we sell are covered by the ATOL scheme protecting your money if the supplier fails. Other services such as hotels or flight on their own may not be protected and you should ask us what protection is available.
All the flight-inclusive holidays on this website are financially protected by the ATOL scheme. When you pay you will be supplied with an ATOL Certificate. Please ask for it and check to ensure that everything you booked (flights, hotels and other services) is listed on it. If you do receive an ATOL Certificate but all the parts of your trip are not listed on it, those parts will not be ATOL protected. Some of the flights on this website are also financially protected by the ATOL scheme, but ATOL protection does not apply to all flights. This website will provide you with information on the protection that applies in the case of each flight before you make your booking. If you do not receive an ATOL Certificate then the booking will not be ATOL protected. Please see our booking conditions for information, or for more information about financial protection and the ATOL Certificate go to: www.caa.co.uk. ATOL protection does not apply to the other holiday and travel services listed on this website
© Kosmar Holidays Limited. Registered Office: 32 Eyre Street, Sheffield S1 4QZ. Company Registration Number: 11367550. VAT Registration Number: GB324950404. “Kosmar” is a registered trademark (UK00003341600) and does not allow any unauthorised use.