Discover the World Education Privacy Policy

At Discover the World, We are committed to protecting your personal data. This privacy policy sets out how We collect and use the personal information (“personal data”) you provide Us with directly or through use of Our website (www.discover-the-world.com – www.discover-the-world.com/study-trips/ – www.discover-education.co.uk) (“Website”) and tells you about your privacy rights and how the law protects you.

Important information and who We are

For the purposes of the General Data Protection Regulations (EU)(2016/679) and any updating legislation from time to time. We are the Data Controller of information provided by customers. Our address is Discover the World, 2nd Floor, One Dorking Office Park, Station Road, Dorking, Surrey RH4 1HJ (“Discover the World”,”We”,”Our”, “Us”). We have appointed a data protection officer (DPO) who is responsible for overseeing questions in relation to this privacy policy. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact the DPO using the details set out below.

How to contact Us

If you have any questions regarding your personal data and how We may use it, including any queries relating to this policy, please contact Us at datacontroller@discover-education.co.uk.

It is important that the personal data We hold about you is accurate and current. Please keep Us informed if your personal data changes.

What is personal data and what is the basis for collecting it?

Personal data means any data or information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may collect, use, store and transfer different kinds of personal data about you which We have grouped together as follows:

  • Identity Data includes first name, last name, username or similar identifier, title, date of birth, gender, and passport or national identity card information, including copies of these documents;
  • Contact Data includes postal address, email address and telephone numbers;
  • Financial Data includes credit / debit card details or other payment information;
  • Transaction Data includes details about the method of payment, the amount and date;
  • Technical Data includes internet protocol address, your login data, browser type and versions, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this Website;
  • Profile Data includes purchases or orders made by you, your interests, preferences, feedback and survey responses
  • Usage Data includes information about how you use Our services or submit an enquiry or query through Our Website;
  • Marketing and Communications Data includes your preferences in receiving marketing from us and your communication preferences;
  • Individual Data additional information collected from you in relation to the services We provide, including telephone calls which We record; and
  • Special Categories of Data includes information relating to disabilities or medical conditions which may affect your holiday arrangements and any dietary restrictions which may disclose your religious beliefs.
  • Events, conferences and CPD training days includes information collected from you in relation to the services We provide, including school name and address, first name, last name, email.
  • Teaching resources includes information collected from you in relation to the services and products We provide, including school name and address, first name, last name, email.

If you fail to provide personal data

Where We need to collect personal data by law, or under the terms of a contract We have with you and you fail to provide that data when requested, We may not be able to perform the contract you have or are trying to enter. In this case, We may have to cancel the services, but We will notify you if this is the case at the time.

How do We collect personal data?

We use different methods to collect personal data from and about you through:

  • Direct interactions. You may give Us your Identity, Contact and Financial Data by filling in forms or by corresponding with Us by post, phone, email or otherwise. This includes, but is not limited to personal data you provide when you:
  • contact Us by telephone, email to make an enquiry;
  • use a form on Our Website to request a brochure or sign up for Our e-newsletter;
  • register for an event or request marketing to be sent to you;
  • purchase services from Us;
  • give Us some feedback;
  • enter a competition on our website or via social media channels, at an exhibition or event or by post;
  • request teaching resources from Us.
  • Automated technologies or interactions. As you interact with Our Website, We may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies. Please see Our cookie policy for further details.

What do We do with your personal data?

We will only use your personal data when the law allows Us to, i.e., if We have a legal basis for doing so, as outlined in this Policy or as notified to you at the time We collect your personal data, and for the purposes for which it was collected, unless We reasonably consider that We need to use it for another reason and that reason is compatible with the original purpose. If We need to use your personal data for an unrelated purpose, We will notify you and We will explain the legal basis which allows Us to do this. Please note that We may process your personal data without your knowledge or consent, where this is required or permitted by law.

We have set out in the table below a description of all the ways We plan to use your personal data, and which of the legal basis We rely on to do so. We have also identified what Our legitimate interests are, where appropriate.

Note that We may process your personal data for more than one lawful ground depending on the specific purpose for which We are using your data. Please contact Us if you need details about the specific legal ground We are relying on to process your personal data where more than one ground has been set out in the table below.

Purpose/Activity Type of data Lawful basis for processing including basis of legitimate interest
To register you as a new customer (a) Identity
(b) Contact
Performance of a contract with you
To process and deliver the services including:

(a) taking payment
(b) contacting you and corresponding with you about the services
(a) Identity
(b) Contact
(c) Financial
(d) Transaction
(e) Marketing and Communications
(f) Sensitive Personal Data
Performance of a contract with you

Consent (for use of sensitive personal data, and marketing and communications)
To respond to queries and enquiries (a) Identity
(b) Contact
Necessary for Our legitimate interests (to study how customers use Our services)
To manage Our relationship with you which will include:

(a) notifying you about changes to Our terms or privacy policy
(b) asking you to leave a review or take a survey
(a) Identity
(b) Contact
(c) Profile
(d) Marketing and Communications
Performance of a contract with you

Necessary to comply with a legal obligation

Necessary for Our legitimate interests (to keep Our records updated and to study how customers use Our services)
To undertake marketing to you (a) Identity
(b) Contact
Consent

Legitimate interest
To administer and protect Our business and this Website (including troubleshooting data analysis, testing, system maintenance, support, reporting and hosting of data) (a) Identity
(b) Contact
(c) Technical
Necessary for Our legitimate interests (for running Our business, provision of administration and IT services, network security and to prevent fraud)

Necessary to comply with a legal obligation

How your personal data may be shared

To fulfil your booking appropriate personal data will be passed on to the relevant suppliers of your arrangements / any third party supplier / any other third party (including banks and/or credit card issuers) who need to process your personal data so that your holiday can be provided. The information may also be provided to government / public authorities such as customs or immigration if required by them, or as required by law.

We will share your information with our worldwide suppliers only to affect your travel arrangements. The categories of suppliers who We will need to share your information with include but are not limited to: Hoteliers and Accommodations providers, Train operators, Coach and Transport providers, Car Rental companies, Excursion providers, Airlines, Ground Handlers and Agents, Vessel operators, Payment providers, Tour Guides and Escorts, Restaurants, Travel Insurance companies (Campbell Irvine Insurance Brokers and AXA Insurance), Car Hire Insurance Excess Providers (Insurance4CarHire), Liability Insurance Providers (Clear Insurance Management Ltd and Catlin Insurance Company UK) Ltd). On request we can provide details of the organisations that are involved in your specific travel arrangements.

If We cannot pass your personal data to the relevant suppliers, third party supplier or other third party, We will be unable to fulfil your booking.

On occasions, We may use other companies to provide services on Our behalf, such as mailing brochures and marketing material. We only provide third parties with the personal data they require in order to deliver their services and their use is limited to the services they provide.

We may also share your personal data with Our social media, advertising and analytics partners based in the UK and USA who provide IT and system administration services and/or marketing services.

How your personal data may be stored

Many of Our external third parties are based outside the European Economic Area (EEA) so their processing of your personal data will involve a transfer of data outside the EEA.

Whenever We transfer your personal data to countries outside of the EEA to other people or companies it will be for one of the legal bases for processing your personal data as indicated above.

Marketing

We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising.

Promotional offers from Us

We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what We think you may want or need, or what may be of interest to you. This is how We decide which products, services and offers may be relevant for you (We call this marketing).

You will receive marketing communications from Us if you have requested information from Us or purchased services from Us and, in each case, you have not opted out of receiving that marketing.

Third party marketing

We will get your express opt-in consent before We share your personal data with any company outside of Discover the World for marketing purposes.

Opting out

You can opt-out of receiving marketing communications from Us at any time by contacting Us via the following methods.

1. Email Us at datacontroller@discover-education.co.uk providing your full name, address and postcode and the email address which you would have originally used.

2 .Write to Discover the World, 2nd Floor, One Dorking Office Park, Station Road, Dorking, Surrey RH4 1HJ, UK

3. Call Our office on +44 (0)1737 214 214 or fax +44 (0)1737 362341.

4. You can also be removed from Our email database by clicking the Unsubscribe link located in the footer of all marketing email communications from Us.

How do We keep your data secure?

Discover the World is committed to the security of customer information and We have security procedures in place to protect personal data from the accidental loss, misuse, unauthorised access, alteration or disclosure of information under Discover the World’s control. All the information you provide to Us is protected by a secure server, this is shown as HTTPS:\ before Our Website address in your browser. The secure server software SSL (Secure Socket Layers) encrypts all information you enter before it is sent to Us. The information is only de-encrypted when it reaches Our server. We are PCI compliant and have a Firewall and additional security measures in place to protect Our internal information from the Internet.

Other than in relation to government / public authorities (over whom We have no control), We take appropriate steps to ensure that anyone to whom We pass your personal data for any reason agrees to keep it secure, only uses it for the purposes of providing their services and does not collect any personal data from you in the course performing their services.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where We are legally required to do so.

How long do We keep personal data?

We will keep your information for as long as We need it for the purpose it is being processed for. For example, where you book a holiday with Us We will keep the information related to your booking, so We can fulfil the specific travel arrangements you have made and after that, We will keep the information for a period which enables Us to handle or respond to any complaints, queries or concerns relating to the booking. The information may also be retained so that We can continue to improve your experience with Us and send you marketing materials, this will usually be no longer than 6 years after you have travelled with Us.

We will actively review the information We hold and delete it securely, or in some cases anonymise it, when there is no longer a legal, business or customer need for it to be retained.

Your rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data. These include the right to:

  • The right to be informed – this is information on for what purpose We are processing it and what personal data We are processing.
  • The right of access – you have the right to be provided with copies of the personal data of you that We are processing as well as confirmation of the processing We are doing. You can do this by sending a “subject access request” to the contact details noted above for Our consideration.
  • The right to rectification – if you think the personal data that We hold on you is wrong you can tell Us and We will fix it.
  • The right to erasure (also known as the right to be forgotten) – if you want Us to permanently delete the personal data We hold for you then you can ask Us to do so.
  • The right to restrict processing – if you do not like how We are using your personal data then you can let Us know and We will stop processing it in that way.
  • The right to data portability – if you want Us to pass on your personal data to someone else then please let Us know. This transfer should not affect the integrity or otherwise damage your personal data.
  • The right to withdraw your consent – you can withdraw your consent for Us to process your personal data (if We have relied on your consent to process your personal data) at any time by contacting Us. If We have relied only on your consent as the basis to process your personal data then We will stop processing your personal data at the point you withdraw your consent. Please note that if We can also rely on other bases to process your personal data aside from consent then We may do so even if you have withdrawn your consent.
  • Rights in relation to automated decision making and profiling – if We use either automated decision making or profiling then you have a right to know. Also, We need your consent if either of these are used to make a decision that affects you. As with all consent, you can withdraw it at any time.

To exercise any of the above rights please email your request to: datacontroller@discover-education.co.uk.

Where you exercise your right to erasure (and We do not have another legal basis to hold on to that personal data) or where information is deleted in accordance with Our retention policy, please note that after the deletion of your personal data, it cannot be recovered, so if you require a copy of this personal data please request this during the period We retain the data.

Where you exercise your right to request access to the information We process about you, We may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, We may refuse to comply with your request in these circumstances. We will try to respond to all legitimate access requests within one month.

If you believe that any of your personal data which We are processing is inaccurate or incorrect please contact Us immediately by calling Our office on +44 (0)1737 218 800, by emailing datacontroller@discover-education.co.uk, or by writing to Discover the World, 2nd Floor, One Dorking Office Park, Station Road, Dorking, Surrey RH4 1HJ.

Children

The Website is not intended for children and We will not knowingly collect any personal data from such persons and will immediately delete any such data identified as being that of a child.

As part of the services We provide, We may collect information about children from you to perform such services and We will treat such information securely.

Complaints

You have the right to lodge a complaint with a supervisory authority in relation to processing of your personal data. In the UK the supervisory authority is the Information Commissioners Office (ICO). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact Us in the first instance.

Cookies

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this Website may become inaccessible or not function properly. For more information about the cookies We use, please see our cookie policy

Remember the risks whenever you use the internet

Discover the World is committed to ensuring that your information is secure and has in place reasonable and proportionate safeguards and procedures to protect your personal data. While We do Our best to protect your personal data, We cannot guarantee the security of any information that you transmit to Us and you are solely responsible for maintaining the secrecy of any passwords or other account information.

Changes to this Privacy Policy

As and when necessary, changes to this Privacy Policy will be posted here. Where changes are significant, We may also email all Our registered users with the new details, and where required by law, We will obtain your consent to these changes.

This Privacy Policy was last updated on 23rd May 2018