Privacy Policy

Scope and Applicability

This Privacy Policy governs the manner in which sophiacatravel.com (hereinafter referred to as “the Website”) collects, uses, maintains, and discloses information collected from users (hereinafter “you”, “your”, or “users”) of the Website. As a visitor or registered user residing within the United Kingdom and applicable international jurisdictions, you are hereby informed that this policy applies to all products, services, and activities conducted by sophiacatravel.com. This includes both online and offline collection of personal data through the Website, associated platforms, and any communications or transactions with us. The Privacy Policy is intended to comply with UK Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR), establishing our responsibilities as a data controller. By accessing any service or feature of the Website, you accept the terms outlined herein. We reserve the right to update or modify this Privacy Policy at any time, with such changes notified through this page. Continued use of the Website after such modifications constitutes your acceptance. Should you disagree with any portion of this policy or subsequent updates, you must discontinue usage immediately. This Policy does not extend to third-party websites linked to from our Website, for which users should refer to the respective privacy notices.

Data Collection and Sources

We collect and process several types of information from our users to provide a secure and personalised service experience on sophiacatravel.com. This includes information directly provided by you, automatically collected data obtained through cookies and analytics, and information received from third-party sources strictly for the purposes outlined below. Personally identifiable information may include, but is not limited to, name, email address, telephone number, and postal address, specifically when you fill out our contact forms, subscribe for updates, or engage with interactive features. Non-personally identifiable information is collected through browser cookies, log files, IP addresses, device identifiers, and usage statistics, typically for website enhancement, statistical analysis, and security improvement. We may occasionally supplement this data with information lawfully obtained from reputable partners or public sources. The collection of data is limited to what is necessary for specified purposes, and we do not intentionally solicit or store special categories of personal data such as race, ethnicity, political opinions, health, or biometric information unless explicitly required and consented to by you.

Purpose and Lawful Basis for Processing

Your information is processed strictly according to the lawful bases stipulated by the UK GDPR and the Data Protection Act 2018. We process your data for the following primary purposes: providing access to website features, responding to enquiries, personalising your travel experience, facilitating communication and support, fulfilling legal obligations, maintaining website security, analysing website use and engagement, and sending service-related notifications or marketing communications where permitted. Our processing is founded on one or more of the following lawful bases: your explicit consent, necessity for the performance of a contract, compliance with legal obligations, and legitimate interests pursued by sophiacatravel.com that do not override your rights and freedoms. Any optional data processing, especially direct marketing, is strictly based upon your specific, informed consent, which may be withdrawn at any time.

Data Sharing and Disclosure

Your personal information is not sold, traded, or rented to unaffiliated third parties. However, we may share your information with carefully selected partners, service providers, and affiliates who assist us in website operation, business administration, analytics, or provision of services, strictly on a need-to-know and contractual basis. Such parties are obligated to observe the same standards of data protection, confidentiality, and security as set forth herein. We may disclose user data if required by law, regulation, legal proceeding, governmental request, or when it is necessary to protect our rights, the safety of users, or the general public. In the unlikely event of a change in ownership or business reorganisation, your information may be transferred as part of business assets, subject to the same Privacy Policy commitments. Aggregate, de-identified, or statistical data that cannot reasonably be linked back to an individual may also be disclosed for analytical or promotional purposes.

Retention and Security of Personal Data

We retain personal data only for as long as is necessary to fulfil the collection purposes, comply with legal and regulatory requirements, resolve disputes, enforce our agreements, or otherwise as required by law. Information that is no longer needed is disposed of in a secure manner, including permanent erasure from electronic systems and shredding of printed material. To protect your data against loss, unauthorised access, misuse, alteration, or disclosure, sophiacatravel.com employs a variety of robust administrative, technical, and physical security measures, including encrypted communications, secure servers, restricted access protocols, and periodic security assessments. Despite these efforts, no security method is infallible. Users are advised to use strong passwords, be cautious about sharing personal information online, and promptly notify us of any security concerns or suspected data breaches.

Cookies and Tracking Technologies

Our Website uses cookies and other similar tracking technologies to enhance your browsing experience, analyse site usage, and tailor content and ads. Cookies may be classified as essential (necessary for website functionality), performance (analytics and improvements), or targeting (personalisation and marketing). You are given notice of our cookie use upon visiting the Website, with the option to manage cookie preferences via your browser or through provided controls. Disabling selected cookies may affect your ability to use some features or services. Information obtained via cookies may be combined with other data you provide to us solely for the enhancement of your user experience. Comprehensive cookie management instructions can be found within your browser’s help documentation.

International Data Transfers

As an organisation based in the United Kingdom, sophiacatravel.com primarily stores and processes personal information within the UK or the European Economic Area (EEA). However, in certain circumstances, service providers or partners located outside these jurisdictions may handle your data. Where such international data transfers occur, we ensure adequate protection in compliance with the UK GDPR, including the use of appropriate safeguards such as Standard Contractual Clauses, data processing agreements, and risk assessments. You may request further information regarding these safeguards by contacting our Data Protection Officer.

User Rights and Choices

You possess substantial rights as a data subject under UK law, including the right to access your personal data, rectify inaccuracies, erase certain information (right to be forgotten), restrict processing, object to processing, and request data portability. Where processing occurs on the basis of your consent, you may withdraw this consent at any time without affecting the lawfulness of processing prior to withdrawal. Requests to exercise these rights are free of charge and can be submitted via email at [email protected] or in writing to the postal address listed below. We will respond to your legitimate requests as soon as possible, and not later than one month, unless there are lawful grounds to extend this period. In cases where your rights are restricted by law or contractual obligations, we will communicate the reasons accordingly. You have the additional right to lodge a complaint with the Information Commissioner’s Office (ICO) if you believe your personal data is being processed in violation of applicable law.

Children’s Privacy

Our Website and services are not directed toward individuals under the age of 18. We do not knowingly collect, store, or process any personal information from children under this age threshold. If we become aware that we have inadvertently received such data, it will be promptly deleted from our records. We encourage parents and legal guardians to monitor their children’s internet usage and inform them not to provide personal information through our Website. Should you believe that we have unintentionally collected information from a minor, please contact us immediately at [email protected] so that appropriate measures can be taken.

Contacting Us

If you have any questions, concerns, or requests about this Privacy Policy or our data protection practices, you may contact Jasper Whitfield, the Data Controller and Owner, at The Design Museum, 224-238 Kensington High St, London W8 6AG, United Kingdom. Alternatively, you may email [email protected] at any time. We are committed to protecting your privacy and will address your enquiries promptly and in accordance with applicable law.