Safari Deal Limited operates as an online aggregator and a branded online marketing platform which enables third parties to market and sell their safaris and their associated services (the “Safari Deal Platform“). The Safari Deal Platform therefore has dual-functionality: (i) a travel portal/comparison website for customers looking to find worldwide adventure safari tours and (ii) an online shop window for safari operators and related service providers.
- IMPORTANT INFORMATION AND WHO WE ARE
- THE DATA WE COLLECT ABOUT YOU
- HOW IS YOUR PERSONAL DATA COLLECTED
- HOW WE USE YOUR PERSONAL DATA
- DISCLOSURES OF PERSONAL DATA
- INTERNATIONAL TRANSFERS
- DATA SECURITY
- DATA RETENTION
- YOUR LEGAL RIGHTS
1. IMPORTANT INFORMATION AND WHO WE ARE
All references to ‘our’, ‘us’ or ‘we’ within this policy are deemed to refer to Safari Deal Limited our subsidiaries or affiliates. Safari Deal Limited is the data controller with responsibility for the proper functioning of the Safari Deal Platform and is responsible for this website.
However for the purpose of all the travel and itinerary solutions uploaded and/or maintained by Travel Partners, Safari Deal is processing and displaying their data for them only as a data processor (and this is completed pursuant to a written instruction contained in collaboration agreements we have in place with them).
It also describes the choices available to you regarding our use of your personal information and how you can access and update this information. Safari Deal operates in accordance with the latest data protection principles enshrined in Article 5 of the General Data Protection Regulation (EU) 2016/679 GDPR as these are applied in the UK – including the principles of purpose-limitation, storage-limitation, data accuracy, data security and integrity and data minimisation.
2. THE DATA WE COLLECT ABOUT YOU
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
- Identity Data includes first name, last name, username or similar identifier and title.
- Contact Data includes address, delivery address if different, email address, social media handles (twitter / linkedin) and telephone numbers.
- Financial Data may from time to time include data which enables us to run an e-commerce proposition for you (in which case we may collect a mix of data such as bank account, transaction data and payment card details).
- Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
- Profile Data includes log-on credentials, password, your interests, preferences, feedback and survey responses (to the extent we utilise these from time to time).
- Usage Data includes information about how you use our website, itineraries and travel-partners you browse and when you make a formal enquiry on our platform.
- Marketing and Communications Data includes your preferences in receiving marketing from us (via a service providers such as sendinblue) and your communication preferences.
As an online aggregator, we also collect, use and share Aggregated Data such as statistical or demographic data for any purpose which assists our business or helpfully informs our travel partners (to help source better tailored solutions for you or extend our reach to a wider span of safari locations in future).
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
3. HOW IS YOUR PERSONAL DATA COLLECTED?
By accessing or browsing our website, logging in with authorised credentials, registering for an account, contacting us on social media or via email, working with or for us, offering your goods or services to us, using any of the goods and services that we provide to you or otherwise providing your data to us (including when entering competitions or when attending travel or trade events), we inevitably collect your personal data. We collect your data in two main ways:
I. User Provided Information
Safari Deal obtains the information you provide when you register on Safari Deal. Registration with us is a requirement for the best possible experience.
When you register with us and use Safari Deal, you generally provide
- your name
- email address
- user name
- other registration information
- information you provide us when you contact us for help
- credit/debit card information for purchase and use of the additional Application features
- information you enter into our system when using Safari Deal, such as contact information
We may use the information you provided us to contact your from time to time to provide you with important information, required notices and marketing promotions.
II. Automatically Collected Information
Through our technology, the use of Google Analytics, our website and cookies we are able to receive the automatically collected information referenced above. One good example is the collection of precise information about the location of your IP address.
In addition, Safari Deal may collect other information automatically, including, but not limited to, the type of mobile device you use, your mobile devices unique device ID, your mobile operating system, the type of mobile internet browsers you use, and information about the way you use Safari Deal.
4. HOW WE USE YOUR PERSONAL DATA
We will only use your personal data when the law allows us to. We have set out below a visual depiction of all the ways we are allowed to process your personal data under the GDPR, followed by a summary of the key “lawful bases” which apply most to Safari Deal.
Processing Personal Data under Data Protection Law: The 6 Lawful Bases
Most commonly, we will use your personal data in the following circumstances:
II. Where it is necessary for our legitimate business interests (or those of a third party) when providing and improving the Safari Deal Platform which sits at the core of our proposition (providing your interests and fundamental rights do not override our interests).
III. Generally, we do not rely on consent as a legal basis for processing your personal data although we will endeavour to obtain your (opt-in) consent before sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.
5. DISCLOSURES OF YOUR PERSONAL DATA
With respect to non-personal data, aggregated and anonymized datais periodically transmitted to external service providers to help us improve the Safari Deal Platform and our service. We may work with analytics companies to help us understand how Safari Deal is being used, such as the frequency and duration of usage.
We work with advertisers and third-party advertising networks, who need to know how you interact with advertising provided in Safari Deal which helps us keep the cost of Safari Deal low. Advertisers and advertising networks use some of the information collected by Safari Deal, including, but not limited to, the unique identification ID of your mobile device and your mobile telephone number. To protect the anonymity of this information, we use an encryption technology to help ensure that these third parties can’t identify you personally.
These third parties may also obtain anonymous information about other applications you’ve downloaded to your mobile device, the mobile websites you visit, your non-precise location information (e.g., your post code), and other non- precise location information in order to help analyse and serve anonymous targeted advertising on Safari Deal and elsewhere. We may also share encrypted versions of information you have provided in order to enable our partners to append other available information about you for analysis or advertising related use.
With respect to personal data, we will share your information internally as you would expect – this is so we can run our business and the service to you smoothly and efficiently. We shall share your information with third parties only in the limited ways that are described in this privacy statement:
- When we believe in good faith that disclosure is necessary to protect our rights, protect your vital interests, your safety or the vital interests and safety of others;
- Where we need to comply with a legal obligation (such as a regulatory request from the Information Commissioner, help investigate a fraud, or respond to a government or judicial request);
- When we grow as a business and may need in future to expose certain data sets to purchasers or investors in the event of future corporate activity of different kinds.Subject to confidentiality restrictions and other rules which apply in such tightly guarded circumstances, we will do our best to notify you– especially in the event of a change in ownership or a change to the uses and purposes of the personal information.
6. INTERNATIONAL TRANSFERS
We comply with applicable requirements attaching to what are known as “restricted transfers” of personal data (i.e. transfers of data internationally outside of those permitted territories which are part of the European Economic Area (EEA) or are otherwise deemed to benefit from an “adequacy decision” in its favour).
We will take the necessary precautions such as entering into data sharing agreements as and when required. As a UK domiciled business, we will keep the situation under review when the transitional arrangements governing the UK’s withdrawal from the EU (and removal from the EEA) cease to apply after 31 December 2020 and shall follow all relevant government guidance such as that found here: https://www.gov.uk/guidance/using-personal-data-after-brexit
7. DATA SECURITY
We are vigilant about safeguarding the confidentiality of your information and this is why confidentiality is a key component of our contractual relationships with travel partners and itinerary providers. We deploy provide a range of “technical and organisational” measures (as required by article 32 of the GDPR including physical, electronic, and procedural safeguards to protect information we process and maintain. For example, we limit access to this information to authorised employees and contractors who need to know that information in order to operate, develop or improve the Safari Deal Platform.
Please be aware that, although we endeavour provide reasonable security for information we process and maintain, no security system can prevent all potential security breaches. This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. One example of a relevant third party is Wetu.com.
SAFARI DEAL BEARS NO RESPONSIBILITY FOR INFORMATION SHARED OR PAYMENT TRANSACTIONS MADE ON ANOTHER PARTY’S WEBSITE OR DOMAIN – EVEN IF WE HAVE FACILITATED YOUR REFERRAL TO THAT OTHER PARTY.
In the event there is an occasion in future where there is an unauthorised use or breach with respect to personal data (such as a mis-sent email or a cyber hack), Safari Deal has a best practice “data breach response protocol” which will immediately kick-in to mitigate the risk to individual’s rights and freedoms arising from the breach.
The protection of children also forms a part of our consideration. We do not use Safari Deal to knowingly solicit data from or market to children under the age of 13. If a parent or guardian becomes aware that his or her child has provided us with information without their consent, he or she should contact us at robin@SafariDeal.com. We will delete such information from our files as soon as is reasonably practicable.
8. DATA RETENTION
We will retain User Provided data for as long as you use Safari Deal and for a reasonable time thereafter. We will retain Automatically Collected information for up to 24 months and thereafter may store it in aggregate for the purpose of analytics and our legitimate business interests. If you’d like us to delete User Provided Data that you have provided via Safari Deal, please contact us at robin@SafariDeal.com and we will respond in a reasonable time.
Please note that some or all of the User Provided Data may be required in order for Safari Deal to function properly. As a corporately responsible business, mindful of the data protection principle of storage-limitation and data-minimisation, Safari Deal will also perform a disposals and archiving exercise at least once per annum, at which all data sets will be reviewed and obsolete data will be deleted from our systems (including our back up facilities).
9. YOUR LEGAL RIGHTS
It is important to remember you have rights when it comes to your personal data and your rights under this and other privacy policies. You can opt out of marketing at any time by letting us know. You can stop all collection of information by Safari Deal easily by deleting your Safari Deal account. You may use the standard processes from the admin section of your profile page. You may also contact us directly at firstname.lastname@example.org and will remove your user profile from our master database.
In a large number of cases, it will be appropriate to contact the relevant travel partner as the first port of call so that any information relating to your safari enquiry can be answered by the best placed party. Safari Deal does not hold transactional or booking data relating to your chosen or enquired safari.
For the limited amounts of information we hold as data controller (rather than having data processor functions where we display and showcase information on behalf of a travel or itinerary partner) you nevertheless have enshrined rights under the GDPR as applicable in the UK which are summarised below:
- The right to be informed about our use of your data. This is met by this Policy.
- The right to access information we hold about you and to obtain information about how we process it (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it. Please note that we may ask you to specify what you wish to see in order to focus our search, and we may have to verify your identity/authority.
- In some circumstances, the right to withdraw your consent to our processing of your information, which you can do at any time. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
- In some circumstances, the right to receive certain information you have provided to us in an electronic format and/or request that we transmit it to a third party;
- The right to request that we rectify your information if it’s inaccurate or incomplete though we may need to verify the accuracy of the new data you provide to us.
- In some circumstances, the right to request that we erase your information where there is no good reason for us continuing to process it. We may continue to retain your information if we’re entitled or required to retain it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
- The right to object to, and to request that we restrict, our processing of your information in some circumstances for example where we are relying on our legitimate interests or using it for direct marketing. Again, there may be situations where you object to, or ask us to restrict, our processing of your information but we’re entitled to continue processing it and/or to refuse your request.
All references to the GDPR’s application in the UK shall refer to its application through the Data Protection Act 2018 or any other successor instrument or equivalent national rule which applies during and beyond the transitional arrangements governing the UK’s withdrawal from the EU.