GDPR Compliance

Jan, 10 2025

Data Controller and Contact Information

At Affordable Luxury Travel – Nightlife & Romantic Getaways, accessible at sophiacatravel.com, the data controller responsible for your personal data is Jasper Whitfield. The registered postal address is The Design Museum, 224-238 Kensington High St, London W8 6AG, United Kingdom. Should you have any questions regarding the manner in which your personal data is processed or if you wish to exercise your rights under the General Data Protection Regulation (GDPR), you may contact the data controller at [email protected].

Categories and Types of Personal Data Collected

We collect and process a diverse range of personal data through our website, including, but not limited to, your name, email address, phone number, postal address, IP address, and any information voluntarily submitted through contact forms. Technical details such as browser type, device identifiers, and referring URLs are also collected for security and optimisation purposes. We may gather data about your travel interests, preferences, and past inquiries to provide tailored services. The collection of personal data is strictly for the legitimate interests associated with the provision of curated travel guidance, administration of user accounts, and to ensure the security and functionality of our website.

Lawful Basis for Processing

Your personal data are processed only where there is a lawful basis under the GDPR and the United Kingdom’s Data Protection Act 2018. These lawful bases include the necessity of processing for the performance of a contract, compliance with a legal obligation, and where processing is necessary for the legitimate interests pursued by Affordable Luxury Travel – Nightlife & Romantic Getaways, unless overridden by your data protection interests or fundamental rights and freedoms. Where required, consent will be expressly sought before the collection and processing of any personal data, and you have the right to withdraw consent at any time without affecting the lawfulness of processing before its withdrawal.

Purposes for Data Processing

Your personal data are primarily processed for the facilitation of curated guide services, communication with you regarding bookings or inquiries, improvement of website functionality, and to send marketing materials (if you have opted in). Further purposes include ensuring the security of our network, optimizing user experience, and complying with applicable legal requirements. Non-essential data processing for analytics, marketing, or external communication will only be conducted with your explicit consent, unless otherwise required by law.

Data Sharing and Transfer

Affordable Luxury Travel – Nightlife & Romantic Getaways does not sell or rent personal data to third parties. Personal data may be shared with trusted third-party service providers acting as data processors where necessary for website maintenance, communications, and service delivery. Where data is transferred outside of the United Kingdom or the European Economic Area (EEA), adequate safeguards, such as Standard Contractual Clauses or an adequacy decision by the UK Government, are implemented to ensure the secure and lawful transfer of data. All data processors and partners are required to process your data in accordance with this GDPR policy and the applicable data protection laws.

Your Rights Under GDPR

As a data subject, you have various rights with respect to your personal data, which include the right to access, rectify, or erase your personal information. You also have the right to restrict or object to certain types of processing, request the portability of your data, and withdraw consent where processing is based on consent. Requests relating to these rights can be sent to [email protected]. Each request will be handled within one month of receipt, subject to any extension as permitted by law. If you are dissatisfied with the response, you are entitled to lodge a complaint with the Information Commissioner’s Office (ICO) in the United Kingdom.

Data Retention and Security

We implement robust administrative, technical, and physical safeguards to preserve the integrity, confidentiality, and security of your personal data from unauthorised access, alteration, disclosure, or destruction. Personal data is retained strictly in line with the purposes outlined above or as required by applicable law. Data retention periods are established based on the necessity for service delivery, ongoing customer relationship management, legal obligations, and the limitation periods for potential legal claims. Once data is no longer required, it is securely deleted or anonymised in accordance with industry best practices and legal requirements.

Children's Data

This website is not intended for individuals under the age of 18 and does not knowingly collect personal data from children. Should we become aware that such data has been inadvertently collected without parental consent, it will be immediately deleted from our systems. Parents or guardians who become aware of data collection concerning a minor are encouraged to contact us at [email protected] to facilitate prompt removal and resolution in compliance with GDPR.

Cookies and Tracking Technologies

Our website utilises cookies and similar tracking technologies to enhance your browsing experience, provide analytical insights, and to deliver customised content. Before placing non-essential cookies on your device, your informed consent will be sought through a clear and accessible cookie banner. You have full control over your cookie preferences and may withdraw consent or modify settings at any time. Comprehensive information regarding the types of cookies used, their purpose, and retention period is available within our dedicated Cookie Policy section, which forms an integral part of this GDPR compliance statement.

Updates to This GDPR Statement

This GDPR compliance notice may be updated from time to time to reflect changes in legislative or regulatory requirements, business practices, or technological advancements. All such updates will be promptly communicated via our website and, where feasible, directly to you if significant changes arise. We encourage users to review this section regularly to remain informed about how personal data is protected and processed. Continued use of the website and its services constitutes acceptance of the most current version of this GDPR policy.